CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2022-39028 – Ubuntu Security Notice USN-6304-1
https://notcve.org/view.php?id=CVE-2022-39028
30 Aug 2022 — telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and derivative works has a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8. In a typical installation, the telnetd application would crash but the telnet service would remain available through inetd. However, if the telnetd application has many crashes within a short time interval, the telnet service would become unavailable after inetd logs a "telnet/tcp server failing (looping), service terminated" error. NOTE: MIT krb5-appl is not sup... • https://git.hadrons.org/cgit/debian/pkgs/inetutils.git/commit/?id=113da8021710d871c7dd72d2a4d5615d42d64289 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-38533 – Ubuntu Security Notice USN-5762-1
https://notcve.org/view.php?id=CVE-2022-38533
25 Aug 2022 — In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error function bfd_getl32 when called from the strip_main function in strip-new via a crafted file. En GNU Binutils versiones anteriores a 2.4.0, se presenta un desbordamiento del búfer de la pila en la función de error bfd_getl32 cuando es llamada desde la función strip_main en strip-new por medio de un archivo diseñado. It was discovered that GNU binutils incorrectly handled certain COFF files. An attacker could possibly use this issue to... • https://github.com/bminor/binutils-gdb/commit/45d92439aebd0386ef8af76e1796d08cfe457e1d • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-35164
https://notcve.org/view.php?id=CVE-2022-35164
18 Aug 2022 — LibreDWG v0.12.4.4608 & commit f2dea29 was discovered to contain a heap use-after-free via bit_copy_chain. Se ha detectado que LibreDWG versión v0.12.4.4608 y el commit f2dea29 contienen un uso de memoria previamente liberada de la pila por medio de la función bit_copy_chain. • https://github.com/LibreDWG/libredwg/issues/497 • CWE-416: Use After Free •
CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-4209 – Ubuntu Security Notice USN-5750-1
https://notcve.org/view.php?id=CVE-2021-4209
05 Aug 2022 — A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances. Se ha encontrado un fallo de desreferencia de puntero NULL en GnuTLS. Como las funciones de actualización de hash de Nettle llaman internamente a memcpy, proporcionar una entrada de longitud cero puede causar un comportamiento indefinido. • https://access.redhat.com/security/cve/CVE-2021-4209 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-2509 – gnutls: Double free during gnutls_pkcs7_verify
https://notcve.org/view.php?id=CVE-2022-2509
01 Aug 2022 — A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function. Una vulnerabilidad encontrada en gnutls. Este fallo de seguridad es producida por un error de doble liberación durante la verificación de firmas pkcs7 en la función gnutls_pkcs7_verify A vulnerability was found in gnutls. This issue is due to a double-free error that occurs during the verification of pkcs7 signatures in the gnutls_pkcs7_ve... • https://access.redhat.com/security/cve/CVE-2022-2509 • CWE-415: Double Free •
CVSS: 8.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-2469 – Ubuntu Security Notice USN-6169-1
https://notcve.org/view.php?id=CVE-2022-2469
19 Jul 2022 — GNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API client GNU SASL libgsasl lectura fuera de límites del lado del servidor con cliente GSS-API autenticado malicioso It was discovered that GNU SASL's GSSAPI server could make an out-of-bounds reads if given specially crafted GSS-API authentication data. A remote attacker could possibly use this issue to cause a denial of service or to expose sensitive information. • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2469.json • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-33034
https://notcve.org/view.php?id=CVE-2022-33034
22 Jun 2022 — LibreDWG v0.12.4.4608 was discovered to contain a stack overflow via the function copy_bytes at decode_r2007.c. Se ha detectado que LibreDWG versión v0.12.4.4608, contiene un desbordamiento de pila por medio de la función copy_bytes en el archivo decode_r2007.c • https://github.com/LibreDWG/libredwg/issues/494 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-33033
https://notcve.org/view.php?id=CVE-2022-33033
22 Jun 2022 — LibreDWG v0.12.4.4608 was discovered to contain a double-free via the function dwg_read_file at dwg.c. Se ha detectado que LibreDWG versión v0.12.4.4608, contiene una doble liberación por medio de la función dwg_read_file en el archivo dwg.c • https://github.com/LibreDWG/libredwg/issues/493 • CWE-415: Double Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-33032
https://notcve.org/view.php?id=CVE-2022-33032
22 Jun 2022 — LibreDWG v0.12.4.4608 was discovered to contain a heap-buffer-overflow via the function decode_preR13_section_hdr at decode_r11.c. Se ha detectado que LibreDWG v0.12.4.4608, contenía un desbordamiento del búfer de la pila por medio de la función decode_preR13_section_hdr en el archivo decode_r11.c • https://github.com/LibreDWG/libredwg/issues/488 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-33025
https://notcve.org/view.php?id=CVE-2022-33025
22 Jun 2022 — LibreDWG v0.12.4.4608 was discovered to contain a heap-use-after-free via the function decode_preR13_section at decode_r11.c. Se ha detectado que LibreDWG versión v0.12.4.4608, contiene un uso de memoria previamente liberada de la pila por medio de la función decode_preR13_section en el archivo decode_r11.c • https://github.com/LibreDWG/libredwg/issues/487 • CWE-416: Use After Free •