Page 134 of 8866 results (0.009 seconds)

CVSS: 8.8EPSS: 0%CPEs: 11EXPL: 1

CVE-2022-3640 – Linux Kernel Bluetooth l2cap_core.c l2cap_conn_del use after free

https://notcve.org/view.php?id=CVE-2022-3640

A vulnerability, which was classified as critical, was found in Linux Kernel. Affected is the function l2cap_conn_del of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211944. • https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=42cf46dea905a80f6de218e837ba4d4cc33d6979 https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DGOIRR72OAFE53XZRUDZDP7INGLIC3E3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OD7VWUT7YAU4CJ247IF44NGVOAODAJGC https://lists.fedorapr • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-416: Use After Free •

CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0

CVE-2022-3629 – Linux Kernel af_vsock.c vsock_connect memory leak

https://notcve.org/view.php?id=CVE-2022-3629

A vulnerability was found in Linux Kernel. It has been declared as problematic. This vulnerability affects the function vsock_connect of the file net/vmw_vsock/af_vsock.c. The manipulation leads to memory leak. The complexity of an attack is rather high. • https://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next.git/commit/?id=7e97cfed9929eaabc41829c395eb0d1350fccb9d https://vuldb.com/?ctiid.211930 https://vuldb.com/?id.211930 • CWE-401: Missing Release of Memory after Effective Lifetime •

CVSS: 7.7EPSS: 0%CPEs: 3EXPL: 2

CVE-2022-3570 – libtiff: heap Buffer overflows in tiffcrop.c

https://notcve.org/view.php?id=CVE-2022-3570

Multiple heap buffer overflows in tiffcrop.c utility in libtiff library Version 4.4.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact Múltiples desbordamientos del búfer de la pila en la utilidad tiffcrop.c de libtiff library versión 4.4.0, permiten a un atacante desencadenar un acceso a la memoria no seguro o fuera de límites por medio de un archivo de imagen TIFF diseñado, lo que podría resultar en un bloqueo de la aplicación, una posible divulgación de información o cualquier otro impacto dependiente del contexto A heap-based buffer overflow flaw was found in Libtiff's tiffcrop utility. This issue occurs during the conversion of a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes an out-of-bound access resulting an application crash, eventually leading to a denial of service. • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3570.json https://gitlab.com/libtiff/libtiff/-/commit/bd94a9b383d8755a27b5a1bc27660b8ad10b094c https://gitlab.com/libtiff/libtiff/-/issues/381 https://gitlab.com/libtiff/libtiff/-/issues/386 https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html https://security.netapp.com/advisory/ntap-20230203-0002 https://www.debian.org/security/2023/dsa-5333 https://access.redhat.com/security/cve/CVE-2022-3570 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0

CVE-2022-3625 – Linux Kernel IPsec devlink.c devlink_param_get use after free

https://notcve.org/view.php?id=CVE-2022-3625

A vulnerability was found in Linux Kernel. It has been classified as critical. This affects the function devlink_param_set/devlink_param_get of the file net/core/devlink.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. • https://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next.git/commit/?id=6b4db2e528f650c7fb712961aac36455468d5902 https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html https://vuldb.com/?id.211929 https://access.redhat.com/security/cve/CVE-2022-3625 https://bugzilla.redhat.com/show_bug.cgi?id=2144720 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-416: Use After Free •

CVSS: 7.0EPSS: 0%CPEs: 8EXPL: 1

CVE-2022-3635 – Linux Kernel IPsec idt77252.c tst_timer use after free

https://notcve.org/view.php?id=CVE-2022-3635

A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function tst_timer of the file drivers/atm/idt77252.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. VDB-211934 is the identifier assigned to this vulnerability. • https://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next.git/commit/?id=3f4093e2bf4673f218c0bf17d8362337c400e77b https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html https://vuldb.com/?id.211934 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •