Page 146 of 8866 results (0.017 seconds)

CVSS: 4.7EPSS: 0%CPEs: 7EXPL: 1

CVE-2022-3303

https://notcve.org/view.php?id=CVE-2022-3303

A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition Se ha encontrado un fallo de condición de carrera en el subsistema de sonido del kernel de Linux debido a un bloqueo inapropiado. Podría conllevar a una desreferencia de puntero NULL mientras es manejado el ioctl SNDCTL_DSP_SYNC. Un usuario local privilegiado (root o miembro del grupo de audio) podría usar este fallo para bloquear el sistema, resultando en una situación de denegación de servicio • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8423f0b6d513b259fdab9c9bf4aaa6188d054c2d https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html https://lore.kernel.org/all/CAFcO6XN7JDM4xSXGhtusQfS2mSBcx50VJKwQpCq=WeLt57aaZA%40mail.gmail.com https://www.debian.org/security/2022/dsa-5257 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-667: Improper Locking •

CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1

CVE-2022-3324 – Stack-based Buffer Overflow in vim/vim

https://notcve.org/view.php?id=CVE-2022-3324

Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0598. Un Desbordamiento del Búfer en la Región Stack de la Memoria en el repositorio de GitHub vim/vim versiones anteriores a 9.0.0598 • https://github.com/vim/vim/commit/8279af514ca7e5fd3c31cf13b0864163d1a0bfeb https://huntr.dev/bounties/e414e55b-f332-491f-863b-c18dca97403c https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/messa • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 2

CVE-2022-21797 – Arbitrary Code Execution

https://notcve.org/view.php?id=CVE-2022-21797

The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the pre_dispatch flag in Parallel() class due to the eval() statement. El paquete joblib versiones a partir de 0 anteriores a 1.2.0, son vulnerables a una Ejecución de Código Arbitraria por medio del flag pre_dispatch en la clase Parallel() debido a la sentencia eval(). • https://github.com/joblib/joblib/commit/b90f10efeb670a2cc877fb88ebb3f2019189e059 https://github.com/joblib/joblib/issues/1128 https://github.com/joblib/joblib/pull/1321 https://lists.debian.org/debian-lts-announce/2022/11/msg00020.html https://lists.debian.org/debian-lts-announce/2023/03/msg00027.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BVOMMW37OXZWU2EV5ONAAS462IQEHZOF https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0

CVE-2022-3201

https://notcve.org/view.php?id=CVE-2022-3201

Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to 105.0.5195.125 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: High) La validación insuficiente de las entradas no fiables en DevTools en Google Chrome en el sistema operativo Chrome anterior a la versión 105.0.5195.125 permitía a un atacante que convenciera a un usuario de instalar una extensión maliciosa saltarse las restricciones de navegación a través de una página HTML manipulada. (Gravedad de seguridad de Chromium: Alta) • https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_14.html https://crbug.com/1343104 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4NMJURTG5RO3TGD7ZMIQ6Z4ZZ3SAVYE https://security.gentoo.org/glsa/202209-23 https://security.gentoo.org/glsa/202210-16 https://security.gentoo.org/glsa/202311-11 https://www.debian.org/security/2022/dsa-5244 • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0

CVE-2022-40188

https://notcve.org/view.php?id=CVE-2022-40188

Knot Resolver before 5.5.3 allows remote attackers to cause a denial of service (CPU consumption) because of algorithmic complexity. During an attack, an authoritative server must return large NS sets or address sets. Knot Resolver versiones anteriores a 5.5.3, permite a atacantes remotos causar una denegación de servicio (consumo de CPU) debido a una complejidad del algoritmo. Durante un ataque, un servidor autoritativo debe devolver grandes conjuntos de NS o conjuntos de direcciones. • https://gitlab.nic.cz/knot/knot-resolver/-/merge_requests/1343#note_262558 https://lists.debian.org/debian-lts-announce/2022/10/msg00008.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HIMDNIUI7GTUEKIBBYYW7OCTJQFPDNXL https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S2VE5K3VDUHJOIA2IGT3G5R76IBADMNE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XO6LIVQS62MI5GG4OVYB5RHVZMYNHAHG • CWE-407: Inefficient Algorithmic Complexity •