Page 130 of 3224 results (0.024 seconds)

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1

CVE-2022-1785 – Out-of-bounds Write in vim/vim

https://notcve.org/view.php?id=CVE-2022-1785

Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977. Una Escritura Fuera de Límites en el repositorio GitHub vim/vim versiones anteriores a 8.2.4977 A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to an out-of-bounds write vulnerability in the ex_cmds function. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. • https://github.com/vim/vim/commit/e2bd8600b873d2cd1f9d667c28cba8b1dba18839 https://huntr.dev/bounties/8c969cba-eef2-4943-b44a-4e3089599109 https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html https://security.gentoo.org/glsa/202208-32 https://security.gentoo.org/glsa/202305-16 https://access.redhat.com/security/cve/CVE-2022-1785 https://bugzilla.redhat.com/show_bug.cgi?id=2088689 • CWE-787: Out-of-bounds Write •

CVSS: 7.0EPSS: 0%CPEs: 24EXPL: 2

CVE-2022-1734

https://notcve.org/view.php?id=CVE-2022-1734

A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine. Un fallo en el Kernel de Linux encontrado en nfcmrvl_nci_unregister_dev() en el archivo drivers/nfc/nfcmrvl/main.c puede conllevar a un uso de memoria previamente liberada de lectura o escritura cuando no está sincronizado entre la rutina de limpieza y la rutina de descarga del firmware • http://www.openwall.com/lists/oss-security/2022/06/05/4 http://www.openwall.com/lists/oss-security/2022/06/09/1 https://github.com/torvalds/linux/commit/d270453a0d9ec10bb8a802a142fb1b3601a83098 https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html https://security.netapp.com/advisory/ntap-20220707-0007 https://www.debian.org/security/2022/dsa-5173 • CWE-416: Use After Free •

CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0

CVE-2022-30688

https://notcve.org/view.php?id=CVE-2022-30688

needrestart 0.8 through 3.5 before 3.6 is prone to local privilege escalation. Regexes to detect the Perl, Python, and Ruby interpreters are not anchored, allowing a local user to escalate privileges when needrestart tries to detect if interpreters are using old source files. needrestart versiones 0.8 hasta 3.5 anteriores a 3.6, es propenso a una escalada de privilegios local. Las remezclas para detectar los intérpretes de Perl, Python y Ruby no están ancladas, lo que permite a un usuario local escalar privilegios cuando needrestart intenta detectar si los intérpretes están usando archivos fuente antiguos • http://www.openwall.com/lists/oss-security/2022/05/17/9 https://github.com/liske/needrestart/commit/e6e58136e1e3c92296e2e810cb8372a5fe0dbd30 https://github.com/liske/needrestart/releases/tag/v3.6 https://lists.debian.org/debian-lts-announce/2022/05/msg00024.html https://lists.debian.org/debian-security-announce/2022/msg00105.html https://www.debian.org/security/2022/dsa-5137 https://www.openwall.com/lists/oss-security/2022/05/17/9 •

CVSS: 7.8EPSS: 0%CPEs: 28EXPL: 1

CVE-2022-29581 – kernel: use-after-free due to improper update of reference count in net/sched/cls_u32.c

https://notcve.org/view.php?id=CVE-2022-29581

Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions. Una vulnerabilidad de actualización inapropiada del recuento de referencias en net/sched del Kernel de Linux permite a un atacante local causar una escalada de privilegios a root. Este problema afecta a: Las versiones del Kernel de Linux anteriores a 5.18; la versión 4.14 y posteriores A use-after-free flaw was found in u32_change in net/sched/cls_u32.c in the network subcomponent of the Linux kernel. This flaw allows a local attacker to crash the system, cause a privilege escalation, and leak kernel information. • http://packetstormsecurity.com/files/167386/Kernel-Live-Patch-Security-Notice-LSN-0086-1.html http://packetstormsecurity.com/files/168191/Kernel-Live-Patch-Security-Notice-LSN-0089-1.html http://www.openwall.com/lists/oss-security/2022/05/18/2 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3db09e762dc79584a69c10d74a6b98f89a9979f8 https://kernel.dance/#3db09e762dc79584a69c10d74a6b98f89a9979f8 https://security.netapp.com/advisory/ntap-20220629-0005 https://www.debian.org/security • CWE-416: Use After Free CWE-911: Improper Update of Reference Count •

CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 1

CVE-2022-1720 – Buffer Over-read in function grab_file_name in vim/vim

https://notcve.org/view.php?id=CVE-2022-1720

Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. This vulnerability is capable of crashing the software, memory modification, and possible remote execution. Una Lectura Excesiva del Búfer en la función grab_file_name en el repositorio de GitHub vim/vim versiones anteriores a 8.2.4956. Esta vulnerabilidad es capaz de bloquear el software, modificación de la memoria y una posible ejecución remota • http://seclists.org/fulldisclosure/2022/Oct/28 http://seclists.org/fulldisclosure/2022/Oct/41 http://seclists.org/fulldisclosure/2022/Oct/43 http://seclists.org/fulldisclosure/2022/Oct/45 https://github.com/vim/vim/commit/395bd1f6d3edc9f7edb5d1f2d7deaf5a9e3ab93c https://huntr.dev/bounties/5ccfb386-7eb9-46e5-98e5-243ea4b358a8 https://lists.debian.org/debian-lts-announce/2022/06/msg00014.html https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html https://lists.fedoraproject.org/archiv • CWE-125: Out-of-bounds Read CWE-126: Buffer Over-read •