CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2022-38791 – mariadb: compress_write() fails to release mutex on failure
https://notcve.org/view.php?id=CVE-2022-38791
27 Aug 2022 — In MariaDB before 10.9.2, compress_write in extra/mariabackup/ds_compress.cc does not release data_mutex upon a stream write failure, which allows local users to trigger a deadlock. En MariaDB versiones anteriores a 10.9.2, la función compress_write en el archivo extra/mariabackup/ds_compress.cc no libera data_mutex tras un fallo de escritura en el flujo, lo que permite a usuarios locales desencadenar un bloqueo. Multiple vulnerabilities have been discovered in MariaDB, the worst fo which can lead to arbitr... • https://jira.mariadb.org/browse/MDEV-28719 • CWE-667: Improper Locking •
CVSS: 3.3EPSS: 0%CPEs: 4EXPL: 1CVE-2021-3574 – Ubuntu Security Notice USN-5736-1
https://notcve.org/view.php?id=CVE-2021-3574
26 Aug 2022 — A vulnerability was found in ImageMagick-7.0.11-5, where executing a crafted file with the convert command, ASAN detects memory leaks. Se encontró una vulnerabilidad en ImageMagick versión 7.0.11-5, donde al ejecutar un archivo diseñado con el comando convert, ASAN detecta pérdidas de memoria. It was discovered that ImageMagick incorrectly handled certain values when processing PDF files. If a user or automated system using ImageMagick were tricked into opening a specially crafted PDF file, an attacker coul... • https://github.com/ImageMagick/ImageMagick/commit/c6ad94fbb7b280f39c2fbbdc1c140e51b1b466e9 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.8EPSS: 1%CPEs: 5EXPL: 0CVE-2022-22728 – libapreq2 multipart form parse memory corruption
https://notcve.org/view.php?id=CVE-2022-22728
25 Aug 2022 — A flaw in Apache libapreq2 versions 2.16 and earlier could cause a buffer overflow while processing multipart form uploads. A remote attacker could send a request causing a process crash which could lead to a denial of service attack. Un fallo en Apache libapreq2 versiones 2.16 y anteriores, podría causar un desbordamiento de búfer mientras son procesadas cargas de formularios multiparte. Un atacante remoto podría enviar una solicitud que causara un bloqueo del proceso, lo que podría conllevar a un ataque d... • http://www.openwall.com/lists/oss-security/2022/08/25/3 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 3.3EPSS: 0%CPEs: 6EXPL: 2CVE-2021-4217 – Ubuntu Security Notice USN-7054-1
https://notcve.org/view.php?id=CVE-2021-4217
24 Aug 2022 — A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution. Se ha encontrado un fallo en unzip. La vulnerabilidad es producida debido a un manejo inapropiado de las cadenas Unicode, que puede conllevar a una desreferencia de puntero null. • https://access.redhat.com/security/cve/CVE-2021-4217 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 0CVE-2022-2938 – kernel: use-after-free when psi trigger is destroyed while being polled
https://notcve.org/view.php?id=CVE-2022-2938
23 Aug 2022 — A flaw was found in the Linux kernel's implementation of Pressure Stall Information. While the feature is disabled by default, it could allow an attacker to crash the system or have other memory-corruption side effects. Se ha encontrado un fallo en la implementación del kernel de Linux de la Información de Bloqueo de Presión. Aunque la función está deshabilitada por defecto, podría permitir a un atacante bloquear el sistema o tener otros efectos secundarios de corrupción de memoria. A flaw was found in the ... • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a06247c6804f1a7c86a2e5398a4c1f1db1471848 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-2946 – Use After Free in vim/vim
https://notcve.org/view.php?id=CVE-2022-2946
23 Aug 2022 — Use After Free in GitHub repository vim/vim prior to 9.0.0246. Un Uso de Memoria Previamente Liberada en el repositorio GitHub vim/vim versiones anteriores a 9.0.0246. It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possible execute arbitrary code. This issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. • https://github.com/vim/vim/commit/adce965162dd89bf29ee0e5baf53652e7515762c • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 0CVE-2021-28861 – python: open redirection vulnerability in lib/http/server.py may lead to information disclosure
https://notcve.org/view.php?id=CVE-2021-28861
23 Aug 2022 — Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states "Warning: http.server is not recommended for production. It only implements basic security checks." ** EN DISPUTA ** Python versiones 3.x hasta la versión 3.10, presenta una vulnerabilidad de redireccionamiento abierto ... • https://bugs.python.org/issue43223 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.6EPSS: 0%CPEs: 2EXPL: 1CVE-2022-2923 – NULL Pointer Dereference in vim/vim
https://notcve.org/view.php?id=CVE-2022-2923
22 Aug 2022 — NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0240. Una Desreferencia de Puntero NULL en el repositorio de GitHub vim/vim versiones anteriores a 9.0.0240. It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possible execute arbitrary code. This issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. • https://github.com/vim/vim/commit/6669de1b235843968e88844ca6d3c8dec4b01a9e • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-2889 – Use After Free in vim/vim
https://notcve.org/view.php?id=CVE-2022-2889
19 Aug 2022 — Use After Free in GitHub repository vim/vim prior to 9.0.0225. Un Uso de Memoria Previamente Liberada en el repositorio GitHub vim/vim versiones anteriores a 9.0.0225. It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possibly execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. • https://github.com/vim/vim/commit/91c7cbfe31bbef57d5fcf7d76989fc159f73ef15 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 10EXPL: 0CVE-2022-32893 – Apple iOS and macOS Out-of-Bounds Write Vulnerability
https://notcve.org/view.php?id=CVE-2022-32893
19 Aug 2022 — An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1, Safari 15.6.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Se abordó un problema de escritura fuera de límites con una comprobación de límites mejorada. • http://seclists.org/fulldisclosure/2022/Aug/16 • CWE-787: Out-of-bounds Write •