CVSS: 3.3EPSS: 0%CPEs: 3EXPL: 1CVE-2022-33981 – Ubuntu Security Notice USN-5518-1
https://notcve.org/view.php?id=CVE-2022-33981
18 Jun 2022 — drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function. El archivo drivers/block/floppy.c en el kernel de Linux versiones anteriores a 5.17.6, es vulnerable a una denegación de servicio, debido a un fallo de uso de concurrencia después de la asignación de raw_cmd en la función raw_cmd_ioctl Zhenpeng Lin discovered that the network packet scheduler implementation in th... • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.6 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 21%CPEs: 5EXPL: 2CVE-2022-31626 – mysqlnd/pdo password buffer overflow
https://notcve.org/view.php?id=CVE-2022-31626
16 Jun 2022 — In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password of excessive length can trigger a buffer overflow in PHP, which can lead to a remote code execution vulnerability. En PHP versiones 7.4.x anteriores a 7.4.30, 8.0.x anteriores a 8.0.20 y 8.1.x anteriores a 8.1.7, cuando la extensión pdo_mysql con el controlador mysqlnd, si es permi... • https://github.com/amitlttwo/CVE-2022-31626 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.1EPSS: 0%CPEs: 5EXPL: 1CVE-2022-31625 – Freeing unallocated memory in php_pgsql_free_params()
https://notcve.org/view.php?id=CVE-2022-31625
16 Jun 2022 — In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service. En PHP versiones 7.4.x anteriores a 7.4.30, 8.0.x anteriores a 8.0.20 y 8.1.x anteriores a 8.1.7, cuando es usada la extensión de la base de datos Postgres, el suministro de parámetros no válidos a l... • https://bugs.php.net/bug.php?id=81720 • CWE-590: Free of Memory not on the Heap CWE-763: Release of Invalid Pointer or Reference CWE-824: Access of Uninitialized Pointer •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-31291
https://notcve.org/view.php?id=CVE-2022-31291
16 Jun 2022 — An issue in dlt_config_file_parser.c of dlt-daemon v2.18.8 allows attackers to cause a double free via crafted TCP packets. Un problema en el archivo dlt_config_file_parser.c de dlt-daemon versión v2.18.8, permite a atacantes causar una doble liberación por medio de paquetes TCP diseñados • https://github.com/COVESA/dlt-daemon/pull/376/commits • CWE-415: Double Free •
CVSS: 5.5EPSS: 0%CPEs: 22EXPL: 0CVE-2022-1184 – kernel: use-after-free and memory errors in ext4 when mounting and operating on a corrupted image
https://notcve.org/view.php?id=CVE-2022-1184
14 Jun 2022 — A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service. Se ha detectado un fallo de uso de memoria previamente liberada en el archivo fs/ext4/namei.c:dx_insert_block() en el subcomponente del sistema de archivos del kernel de Linux. Este fallo permite a un atacante local con privilegios de usuario causar una denegación de servicio It was discovered that the netli... • https://access.redhat.com/security/cve/CVE-2022-1184 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 25EXPL: 0CVE-2022-21125 – hw: cpu: incomplete clean-up of microarchitectural fill buffers (aka SBDS)
https://notcve.org/view.php?id=CVE-2022-21125
14 Jun 2022 — Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Una limpieza incompleta de los búferes de relleno de la microarquitectura en algunos procesadores Intel(R) puede permitir que un usuario autenticado permita potencialmente la divulgación de información por medio del acceso local A flaw was found in hw. Incomplete cleanup of microarchitectural fill buffers on some Intel® Processors ma... • http://www.openwall.com/lists/oss-security/2022/06/16/1 • CWE-459: Incomplete Cleanup •
CVSS: 5.5EPSS: 0%CPEs: 25EXPL: 0CVE-2022-21166 – hw: cpu: incomplete clean-up in specific special register write operations (aka DRPW)
https://notcve.org/view.php?id=CVE-2022-21166
14 Jun 2022 — Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Una limpieza incompleta en operaciones específicas de escritura en registros especiales para algunos procesadores Intel(R) puede permitir que un usuario autenticado permita potencialmente la divulgación de información por medio de acceso local A flaw was found in hw. Incomplete cleanup in specific special register write o... • http://www.openwall.com/lists/oss-security/2022/06/16/1 • CWE-459: Incomplete Cleanup •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-21127 – Debian Security Advisory 5178-1
https://notcve.org/view.php?id=CVE-2022-21127
14 Jun 2022 — Incomplete cleanup in specific special register read operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Una limpieza incompleta en operaciones específicas de lectura de registros especiales para algunos procesadores Intel(R) puede permitir que un usuario autenticado permita potencialmente la divulgación de información por medio de acceso local It was discovered that some Intel processors did not implement sufficient control ... • http://www.openwall.com/lists/oss-security/2022/06/16/1 • CWE-459: Incomplete Cleanup •
CVSS: 6.1EPSS: 0%CPEs: 25EXPL: 0CVE-2022-21123 – hw: cpu: incomplete clean-up of multi-core shared buffers (aka SBDR)
https://notcve.org/view.php?id=CVE-2022-21123
14 Jun 2022 — Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Una limpieza incompleta de los búferes compartidos multinúcleo en algunos procesadores Intel(R) puede permitir que un usuario autenticado permita potencialmente la divulgación de información por medio del acceso local A flaw was found in hw. Incomplete cleanup of multi-core shared buffers for some Intel® Processors may allow an authentica... • http://www.openwall.com/lists/oss-security/2022/06/16/1 • CWE-459: Incomplete Cleanup •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-32278 – Ubuntu Security Notice USN-6008-1
https://notcve.org/view.php?id=CVE-2022-32278
13 Jun 2022 — XFCE 4.16 allows attackers to execute arbitrary code because xdg-open can execute a .desktop file on an attacker-controlled FTP server. XFCE versión 4.16, permite a atacantes ejecutar código arbitrario porque xdg-open puede ejecutar un archivo .desktop en un servidor FTP controlado por el atacante It was discovered that exo, a support library for the Xfce desktop environment, would allow executing remote .desktop files. In some scenario, an attacker could use this vulnerability to trick an user an execute a... • https://gitlab.xfce.org/xfce/exo/-/commit/c71c04ff5882b2866a0d8506fb460d4ef796de9f •