CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 1CVE-2022-29458
https://notcve.org/view.php?id=CVE-2022-29458
ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library. ncurses versiones 6.3 anteriores al parche 20220416, presentan una lectura fuera de límites y una violación de segmentación en el archivo convert_strings en tinfo/read_entry.c en la biblioteca terminfo • http://seclists.org/fulldisclosure/2022/Oct/28 http://seclists.org/fulldisclosure/2022/Oct/41 https://lists.debian.org/debian-lts-announce/2022/10/msg00037.html https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00014.html https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00016.html https://support.apple.com/kb/HT213488 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 1CVE-2022-28044
https://notcve.org/view.php?id=CVE-2022-28044
Irzip v0.640 was discovered to contain a heap memory corruption via the component lrzip.c:initialise_control. Se ha detectado que Irzip versión v0.640, contenía una corrupción de memoria de la pila por medio del componente lrzip.c:initialise_control • https://github.com/ckolivas/lrzip/commit/5faf80cd53ecfd16b636d653483144cd12004f46 https://github.com/ckolivas/lrzip/issues/216 https://lists.debian.org/debian-lts-announce/2022/05/msg00016.html https://www.debian.org/security/2022/dsa-5145 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 6%CPEs: 5EXPL: 0CVE-2022-26498 – Shannon Baseband chatroom SDP Attribute Memory Corruption
https://notcve.org/view.php?id=CVE-2022-26498
An issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it is possible to download files that are not certificates. These files could be much larger than what one would expect to download, leading to Resource Exhaustion. This is fixed in 16.25.2, 18.11.2, and 19.3.2. Se ha detectado un problema en Asterisk versiones hasta 19.x. • http://packetstormsecurity.com/files/166744/Asterisk-Project-Security-Advisory-AST-2022-001.html http://packetstormsecurity.com/files/172139/Shannon-Baseband-chatroom-SDP-Attribute-Memory-Corruption.html https://downloads.asterisk.org/pub/security https://downloads.asterisk.org/pub/security/AST-2022-001.html https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html https://www.debian.org/security/2022/dsa-5285 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.1EPSS: 1%CPEs: 5EXPL: 0CVE-2022-26499
https://notcve.org/view.php?id=CVE-2022-26499
An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it's possible to send arbitrary requests (such as GET) to interfaces such as localhost by using the Identity header. This is fixed in 16.25.2, 18.11.2, and 19.3.2. Se ha detectado un problema de tipo SSRF en Asterisk versiones hasta 19.x. Cuando es usado STIR/SHAKEN, es posible enviar peticiones arbitrarias (como GET) a interfaces como localhost usando el encabezado Identity. • http://packetstormsecurity.com/files/166745/Asterisk-Project-Security-Advisory-AST-2022-002.html https://downloads.asterisk.org/pub/security https://downloads.asterisk.org/pub/security/AST-2022-002.html https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html https://www.debian.org/security/2022/dsa-5285 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.8EPSS: 1%CPEs: 26EXPL: 0CVE-2022-26651
https://notcve.org/view.php?id=CVE-2022-26651
An issue was discovered in Asterisk through 19.x and Certified Asterisk through 16.8-cert13. The func_odbc module provides possibly inadequate escaping functionality for backslash characters in SQL queries, resulting in user-provided data creating a broken SQL query or possibly a SQL injection. This is fixed in 16.25.2, 18.11.2, and 19.3.2, and 16.8-cert14. Se ha detectado un problema en Asterisk versiones hast 19.x y Certified Asterisk versiones hasta 16.8-cert13. El módulo func_odbc proporciona una funcionalidad de escape posiblemente inapropiada para los caracteres de barra invertida en las consultas SQL, resultando en que los datos proporcionados por el usuario creen una consulta SQL rota o posiblemente una inyección SQL. • http://packetstormsecurity.com/files/166746/Asterisk-Project-Security-Advisory-AST-2022-003.html https://downloads.asterisk.org/pub/security https://downloads.asterisk.org/pub/security/AST-2022-003.html https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html https://www.debian.org/security/2022/dsa-5285 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •