CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-31031 – Potential stack buffer overflow when parsing message as a STUN client
https://notcve.org/view.php?id=CVE-2022-31031
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions prior to and including 2.12.1 a stack buffer overflow vulnerability affects PJSIP users that use STUN in their applications, either by: setting a STUN server in their account/media config in PJSUA/PJSUA2 level, or directly using `pjlib-util/stun_simple` API. A patch is available in commit 450baca which should be included in the next release. There are no known workarounds for this issue. PJSIP es una librería de comunicación multimedia gratuita y de código abierto escrita en lenguaje C que implementa protocolos basados en estándares como SIP, SDP, RTP, STUN, TURN e ICE. • https://github.com/pjsip/pjproject/commit/450baca94f475345542c6953832650c390889202 https://github.com/pjsip/pjproject/security/advisories/GHSA-26j7-ww69-c4qj https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html https://security.gentoo.org/glsa/202210-37 https://www.debian.org/security/2023/dsa-5358 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 22EXPL: 6CVE-2022-32250 – Linux Kernel nf_tables_expr_destroy Use-After-Free Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-32250
net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free. El archivo net/netfilter/nf_tables_api.c en el kernel de Linux versiones hasta 5.18.1, permite a un usuario local (capaz de crear espacios de nombres de usuario/red) escalar privilegios a root porque una comprobación incorrecta de NFT_STATEFUL_EXPR conlleva a un uso de memoria previamente liberada A use-after-free vulnerability was found in the Linux kernel's Netfilter subsystem in net/netfilter/nf_tables_api.c. This flaw allows a local attacker with user access to cause a privilege escalation issue. This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the nf_tables_expr_destroy method. • https://github.com/theori-io/CVE-2022-32250-exploit https://github.com/ysanatomic/CVE-2022-32250-LPE https://github.com/Kristal-g/CVE-2022-32250 http://www.openwall.com/lists/oss-security/2022/06/03/1 http://www.openwall.com/lists/oss-security/2022/06/04/1 http://www.openwall.com/lists/oss-security/2022/06/20/1 http://www.openwall.com/lists/oss-security/2022/07/03/5 http://www.openwall.com/lists/oss-security/2022/07/03/6 http://www.openwall&# • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2022-1968 – Use After Free in vim/vim
https://notcve.org/view.php?id=CVE-2022-1968
Use After Free in GitHub repository vim/vim prior to 8.2. Un Uso de Memoria Previamente Liberada en el repositorio GitHub vim/vim versiones anteriores a 8.2 • http://seclists.org/fulldisclosure/2022/Oct/28 http://seclists.org/fulldisclosure/2022/Oct/41 https://github.com/vim/vim/commit/409510c588b1eec1ae33511ae97a21eb8e110895 https://huntr.dev/bounties/949090e5-f4ea-4edf-bd79-cd98f0498a5b https://lists.debian.org/debian-lts-announce/2022/06/msg00014.html https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html https://security.gentoo.org/glsa/202208-32 https://security.gentoo.org/glsa/202305-16 https://support.apple.com/kb/HT213488 • CWE-416: Use After Free •
CVSS: 5.7EPSS: 0%CPEs: 20EXPL: 1CVE-2022-27774 – curl: credential leak on redirect
https://notcve.org/view.php?id=CVE-2022-27774
An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers. Una vulnerabilidad de credenciales insuficientemente protegidas se presenta en curl versión 4.9 a e incluyen curl versión 7.82.0 están afectados que podría permitir a un atacante para extraer credenciales cuando sigue redireccionamientos HTTP(S) es usado con la autenticación podría filtrar credenciales a otros servicios que se presentan en diferentes protocolos o números de puerto A vulnerability was found in curl. This security flaw allows leaking credentials to other servers when it follows redirects from auth-protected HTTP(S) URLs to other protocols and port numbers. • https://hackerone.com/reports/1543773 https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html https://security.gentoo.org/glsa/202212-01 https://security.netapp.com/advisory/ntap-20220609-0008 https://www.debian.org/security/2022/dsa-5197 https://access.redhat.com/security/cve/CVE-2022-27774 https://bugzilla.redhat.com/show_bug.cgi?id=2077547 • CWE-522: Insufficiently Protected Credentials •
CVSS: 6.5EPSS: 0%CPEs: 22EXPL: 1CVE-2022-27776 – curl: auth/cookie leak on redirect
https://notcve.org/view.php?id=CVE-2022-27776
A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number. Una vulnerabilidad de credenciales insuficientemente protegidas fijada en curl versión 7.83.0, podría filtrar datos de autenticación o de encabezados de cookies en redireccionamientos HTTP al mismo host pero con otro número de puerto A vulnerability was found in curl. This security flaw allows leak authentication or cookie header data on HTTP redirects to the same host but another port number. Sending the same set of headers to a server on a different port number is a problem for applications that pass on custom `Authorization:` or `Cookie:`headers. Those headers often contain privacy-sensitive information or data. • https://hackerone.com/reports/1547048 https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7N5ZBWLNNPZKFK7Q4KEHGCJ2YELQEUJP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKKOQXPYLMBSEVDHFS32BPBR3ZQJKY5B https://security.gentoo.org/glsa/202212-01 https://security.netapp.com/advisory/ntap-20220609-0008 https://www.debian.org/security/2022/dsa-5197 https://access.redh • CWE-522: Insufficiently Protected Credentials •