CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 1CVE-2022-0583 – Gentoo Linux Security Advisory 202210-04
https://notcve.org/view.php?id=CVE-2022-0583
14 Feb 2022 — Crash in the PVFS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file Un bloqueo en el disector del protocolo PVFS en Wireshark versiones 3.6.0 a 3.6.1 y versiones 3.4.0 a 3.4.11, permite una denegación de servicio por medio de una inyección de paquetes o de un archivo de captura diseñado Multiple vulnerabilities have been discovered in Wireshark, the worst of which could result in denial of service. Versions less than 3.6.... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0583.json • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2022-0586 – Gentoo Linux Security Advisory 202210-04
https://notcve.org/view.php?id=CVE-2022-0586
14 Feb 2022 — Infinite loop in RTMPT protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file Un bucle infinito en el disector de protocolo RTMPT en Wireshark versiones 3.6.0 a 3.6.1 y versiones 3.4.0 a 3.4.11, permite una denegación de servicio por medio de una inyección de paquetes o de un archivo de captura diseñado Multiple vulnerabilities have been discovered in Wireshark, the worst of which could result in denial of service. Versions le... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0586.json • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 0CVE-2021-45444 – zsh: Prompt expansion vulnerability
https://notcve.org/view.php?id=CVE-2021-45444
13 Feb 2022 — In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPT_SUBST expansion. En zsh versiones anteriores a 5.8.1, un atacante puede lograr una ejecución de código si controla la salida de un comando dentro del prompt, como lo demuestra un argumento %F. Esto ocurre debido a la expansión recursiva PROMPT_SUBST A vulnerability was found in zsh in the parsecolorchar() function of prompt.... • http://seclists.org/fulldisclosure/2022/May/33 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.4EPSS: 1%CPEs: 6EXPL: 1CVE-2022-0572 – Heap-based Buffer Overflow in vim/vim
https://notcve.org/view.php?id=CVE-2022-0572
13 Feb 2022 — Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. Un Desbordamiento del Búfer en la región Heap de la Memoria en el repositorio de GitHub vim/vim versiones anteriores a 8.2 It was discovered that Vim was incorrectly processing Vim buffers. An attacker could possibly use this issue to perform illegal memory access and expose sensitive information. This issue only affected Ubuntu 20.04 LTS. It was discovered that Vim was using freed memory when dealing with regular expressions inside a vis... • http://seclists.org/fulldisclosure/2022/Oct/28 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 8.0EPSS: 0%CPEs: 12EXPL: 0CVE-2022-23634 – Information Exposure when using Puma with Rails
https://notcve.org/view.php?id=CVE-2022-23634
11 Feb 2022 — Puma is a Ruby/Rack web server built for parallelism. Prior to `puma` version `5.6.2`, `puma` may not always call `close` on the response body. Rails, prior to version `7.0.2.2`, depended on the response body being closed in order for its `CurrentAttributes` implementation to work correctly. The combination of these two behaviors (Puma not closing the body + Rails' Executor implementation) causes information leakage. This problem is fixed in Puma versions 5.6.2 and 4.3.11. • https://github.com/advisories/GHSA-rmj8-8hhh-gv5h • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-359: Exposure of Private Personal Information to an Unauthorized Actor CWE-404: Improper Resource Shutdown or Release •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-20001 – Debian Security Advisory 5072-1
https://notcve.org/view.php?id=CVE-2021-20001
11 Feb 2022 — It was discovered, that debian-edu-config, a set of configuration files used for the Debian Edu blend, before 2.12.16 configured insecure permissions for the user web shares (~/public_html), which could result in privilege escalation. Se ha detectado que debian-edu-config, un conjunto de archivos de configuración usados para la mezcla de Debian Edu, versiones anteriores a 2.12.16, configuraba permisos no seguros para los recursos compartidos de la web del usuario (~/public_html), lo que podría resultar en u... • https://lists.debian.org/debian-lts-announce/2022/02/msg00012.html • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 0CVE-2022-24958 – Ubuntu Security Notice USN-5468-1
https://notcve.org/view.php?id=CVE-2022-24958
11 Feb 2022 — drivers/usb/gadget/legacy/inode.c in the Linux kernel through 5.16.8 mishandles dev->buf release. el archivo drivers/usb/gadget/legacy/inode.c en el kernel de Linux versiones hasta 5.16.8 maneja inapropiadamente la liberación dev-) buf Ke Sun, Alyssa Milburn, Henrique Kawakami, Emma Benoit, Igor Chervatyuk, Lisa Aichele, and Thais Moreira Hamasaki discovered that the Spectre Variant 2 mitigations for AMD processors on Linux were insufficient in some situations. A local attacker could possibly use this to ex... • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=89f3594d0de58e8a57d92d497dea9fee3d4b9cda • CWE-763: Release of Invalid Pointer or Reference •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-24959 – Ubuntu Security Notice USN-5383-1
https://notcve.org/view.php?id=CVE-2022-24959
11 Feb 2022 — An issue was discovered in the Linux kernel before 5.16.5. There is a memory leak in yam_siocdevprivate in drivers/net/hamradio/yam.c. Se ha detectado un problema en el kernel de Linux versiones anteriores a 5.16.5. Se presenta una pérdida de memoria en la función yam_siocdevprivate en el archivo drivers/net/hamradio/yam.c Brendan Dolan-Gavitt discovered that the aQuantia AQtion Ethernet device driver in the Linux kernel did not properly validate meta-data coming from the device. A local attacker who can co... • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.5 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-23772 – golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString
https://notcve.org/view.php?id=CVE-2022-23772
11 Feb 2022 — Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption. Rat.SetString en el archivo math/big en Go versiones anteriores a 1.16.14 y versiones 1.17.x anteriores a 1.17.7, presenta un desbordamiento que puede conllevar a un Consumo de Memoria no Controlado A flaw was found in the big package of the math library in golang. The Rat.SetString could cause an overflow, and if left unhandled, it could lead to excessive memory use. Thi... • https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 1CVE-2022-0561 – libtiff: Denial of Service via crafted TIFF file
https://notcve.org/view.php?id=CVE-2022-0561
11 Feb 2022 — Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, the fix is available with commit eecb0712. Un puntero fuente null pasado como argumento a la función memcpy() dentro de TIFFFetchStripThing() en el archivo tif_dirread.c en libtiff versiones 3.9.0 a 4.3.0, podía conllevar a una denegación de servicio por medio de... • https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff/-/commit/eecb0712f4c3a5b449f70c57988260a667ddbdef • CWE-476: NULL Pointer Dereference •