CVSS: 8.4EPSS: 0%CPEs: 5EXPL: 1CVE-2022-0443 – Use After Free in vim/vim
https://notcve.org/view.php?id=CVE-2022-0443
02 Feb 2022 — Use After Free in GitHub repository vim/vim prior to 8.2. Un Uso de Memoria Previamente Liberada en el repositorio de GitHub vim/vim de versiones anteriores a 8.2 It was discovered that Vim was incorrectly processing Vim buffers. An attacker could possibly use this issue to perform illegal memory access and expose sensitive information. This issue only affected Ubuntu 20.04 LTS. It was discovered that Vim was using freed memory when dealing with regular expressions inside a visual selection. • https://github.com/vim/vim/commit/9b4a80a66544f2782040b641498754bcb5b8d461 • CWE-416: Use After Free •
CVSS: 8.4EPSS: 0%CPEs: 5EXPL: 1CVE-2022-0417 – Heap-based Buffer Overflow in vim/vim
https://notcve.org/view.php?id=CVE-2022-0417
01 Feb 2022 — Heap-based Buffer Overflow GitHub repository vim/vim prior to 8.2. Un desbordamiento de búfer basado en Heap Repositorio de GitHub vim/vim anterior a 8.2 It was discovered that Vim makes illegal memory calls when pasting brackets in Ex mode. An attacker could possibly use this to crash Vim, access or modify memory, or execute arbitrary commands. This issue affected only Ubuntu 20.04 and 22.04 It was discovered that Vim makes illegal memory calls when making certain retab calls. An attacker could possibly us... • https://github.com/vim/vim/commit/652dee448618589de5528a9e9a36995803f5557a • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 8.4EPSS: 0%CPEs: 5EXPL: 1CVE-2022-0408 – Stack-based Buffer Overflow in vim/vim
https://notcve.org/view.php?id=CVE-2022-0408
30 Jan 2022 — Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. Desbordamiento de búfer basado en la pila en el repositorio de GitHub vim/vim anterior a la versión 8.2. It was discovered that Vim was incorrectly processing Vim buffers. An attacker could possibly use this issue to perform illegal memory access and expose sensitive information. This issue only affected Ubuntu 20.04 LTS. • https://github.com/vim/vim/commit/06f15416bb8d5636200a10776f1752c4d6e49f31 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 8.4EPSS: 0%CPEs: 5EXPL: 1CVE-2022-0413 – Use After Free in vim/vim
https://notcve.org/view.php?id=CVE-2022-0413
30 Jan 2022 — Use After Free in GitHub repository vim/vim prior to 8.2. Un Uso de Memoria Previamente Liberada en el repositorio GitHub vim/vim anterior a la versión 8.2. A flaw was found in vim. The vulnerability occurs due to using freed memory when the substitute uses a recursive function call, resulting in a use-after-free vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. • https://github.com/vim/vim/commit/37f47958b8a2a44abc60614271d9537e7f14e51a • CWE-416: Use After Free •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 1CVE-2022-23096 – Gentoo Linux Security Advisory 202310-21
https://notcve.org/view.php?id=CVE-2022-23096
28 Jan 2022 — An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation lacks a check for the presence of sufficient Header Data, leading to an out-of-bounds read. Se ha detectado un problema en el proxy DNS en Connman versiones hasta 1.40. La implementación de la respuesta del servidor TCP carece de una comprobación de la presencia de suficientes datos de encabezado, conllevando a una lectura fuera de límites Multiple vulnerabilities have been discovered in ConnMan, the worst ... • https://git.kernel.org/pub/scm/network/connman/connman.git/log • CWE-125: Out-of-bounds Read •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 1CVE-2022-23097 – Gentoo Linux Security Advisory 202310-21
https://notcve.org/view.php?id=CVE-2022-23097
28 Jan 2022 — An issue was discovered in the DNS proxy in Connman through 1.40. forward_dns_reply mishandles a strnlen call, leading to an out-of-bounds read. Se ha detectado un problema en el proxy DNS en Connman versiones hasta 1.40. La función forward_dns_reply maneja inapropiadamente una llamada a strnlen, conllevando a una lectura fuera de límites It was discovered that ConnMan could be made to write out of bounds. A remote attacker could possibly use this issue to cause ConnMan to crash, resulting in a denial of se... • https://git.kernel.org/pub/scm/network/connman/connman.git/log • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2022-23098 – Gentoo Linux Security Advisory 202310-21
https://notcve.org/view.php?id=CVE-2022-23098
28 Jan 2022 — An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation has an infinite loop if no data is received. Se ha detectado un problema en el proxy DNS en Connman versiones hasta 1.40. La implementación de la respuesta del servidor TCP presenta un bucle infinito si no son recibidos datos It was discovered that ConnMan could be made to write out of bounds. A remote attacker could possibly use this issue to cause ConnMan to crash, resulting in a denial of service, or pos... • https://git.kernel.org/pub/scm/network/connman/connman.git/log • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 5.9EPSS: 0%CPEs: 35EXPL: 0CVE-2021-4160 – BN_mod_exp may produce incorrect results on MIPS
https://notcve.org/view.php?id=CVE-2021-4160
28 Jan 2022 — There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because the pre-requisites for attack are considered unlikely and include reusing private keys. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because ... • https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-21722 – Potential out-of-bound read during RTP/RTCP parsing in PJSIP
https://notcve.org/view.php?id=CVE-2022-21722
27 Jan 2022 — PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In version 2.11.1 and prior, there are various cases where it is possible that certain incoming RTP/RTCP packets can potentially cause out-of-bound read access. This issue affects all users that use PJMEDIA and accept incoming RTP/RTCP. A patch is available as a commit in the `master` branch. There are no known workarounds. • https://github.com/pjsip/pjproject/commit/22af44e68a0c7d190ac1e25075e1382f77e9397a • CWE-125: Out-of-bounds Read •
CVSS: 9.1EPSS: 0%CPEs: 19EXPL: 0CVE-2022-21723 – Out-of-bounds read in multipart parsing in PJSIP
https://notcve.org/view.php?id=CVE-2022-21723
27 Jan 2022 — PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions 2.11.1 and prior, parsing an incoming SIP message that contains a malformed multipart can potentially cause out-of-bound read access. This issue affects all PJSIP users that accept SIP multipart. The patch is available as commit in the `master` branch. There are no known workarounds. • http://packetstormsecurity.com/files/166227/Asterisk-Project-Security-Advisory-AST-2022-006.html • CWE-125: Out-of-bounds Read •