CVSS: 6.8EPSS: 1%CPEs: 5EXPL: 1CVE-2023-34969 – dbus: dbus-daemon: assertion failure when a monitor is active and a message from the driver cannot be delivered
https://notcve.org/view.php?id=CVE-2023-34969
08 Jun 2023 — D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15... • https://gitlab.freedesktop.org/dbus/dbus/-/issues/457 • CWE-617: Reachable Assertion •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4055
https://notcve.org/view.php?id=CVE-2022-4055
18 Nov 2022 — When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead to additional headers being passed to thunderbird that should not be included per RFC 2368. An attacker can use this method to create a mailto URL that looks safe to users, but will actually attach files when clicked. Cuando xdg-mail está configurado para usar Thunderbird para URL de correo, el análisis incorrecto de la URL puede provocar que se pasen encabezados adicionales a Thunderbird que no deberían inc... • https://gitlab.freedesktop.org/xdg/xdg-utils/-/issues/205#note_1494267 • CWE-146: Improper Neutralization of Expression/Command Delimiters •
CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 1CVE-2022-42010 – dbus: dbus-daemon crashes when receiving message with incorrectly nested parentheses and curly brackets
https://notcve.org/view.php?id=CVE-2022-42010
09 Oct 2022 — An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures. Se ha detectado un problema en D-Bus versiones anteriores a 1.12.24, versiones 1.13.x y 1.14.x anteriores a 1.14.4, y versiones 1.15.x anteriores a 1.15.2. Un atacante autenticado puede causar que dbus-daemon y otros programas que usan libdbus sean... • https://gitlab.freedesktop.org/dbus/dbus/-/issues/418 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 1CVE-2022-42011 – dbus: dbus-daemon can be crashed by messages with array length inconsistent with element type
https://notcve.org/view.php?id=CVE-2022-42011
09 Oct 2022 — An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of the element type. Se ha detectado un problema en D-Bus versiones anteriores a 1.12.24, versiones 1.13.x y 1.14.x anteriores a 1.14.4, y versiones 1.15.x anteriores a 1.15.2. Un atacante autenticado puede causar que dbus-daemon y ot... • https://gitlab.freedesktop.org/dbus/dbus/-/issues/413 • CWE-129: Improper Validation of Array Index CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 1CVE-2022-42012 – dbus: `_dbus_marshal_byteswap` doesn't process fds in messages with "foreign" endianness correctly
https://notcve.org/view.php?id=CVE-2022-42012
09 Oct 2022 — An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format. Se ha detectado un problema en D-Bus versiones anteriores a 1.12.24, versiones 1.13.x y 1.14.x anteriores a 1.14.4, y versiones 1.15.x anteriores a 1.15.2. Un atacante autenticado puede causar que dbus-daemon y otros programas que usa... • https://gitlab.freedesktop.org/dbus/dbus/-/issues/417 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1CVE-2022-38784 – poppler: integer overflow in JBIG2 decoder using malformed files
https://notcve.org/view.php?id=CVE-2022-38784
30 Aug 2022 — Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2022-38171 in Xpdf. Poppler versiones anteriores a 22.08.0 incluyéndola, contiene un desbordamiento de enteros en el descodificador JBIG2 (la función JBIG2Stream::readTextRegionSeg() en el archivo JBIGSt... • http://www.openwall.com/lists/oss-security/2022/09/02/11 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-38171 – Gentoo Linux Security Advisory 202405-18
https://notcve.org/view.php?id=CVE-2022-38171
22 Aug 2022 — Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIG2Stream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2021-30860 (Apple CoreGraphics). Xpdf versiones anteriores a 4.04, contiene un desbordamiento de enteros en el decodificador JBIG2 (la función JBIG2Stream::readSymbolDictSeg() en el archivo JBIG2Stream.cc). El proc... • http://www.openwall.com/lists/oss-security/2022/09/02/11 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-31782
https://notcve.org/view.php?id=CVE-2022-31782
27 May 2022 — ftbench.c in FreeType Demo Programs through 2.12.1 has a heap-based buffer overflow. El archivo ftbench.c en los programas de demostración de FreeType versiones hasta 2.12.1, presenta un desbordamiento de búfer en la región heap de la memoria • https://gitlab.freedesktop.org/freetype/freetype-demos/-/issues/8 • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 2CVE-2022-27337 – poppler: A logic error in the Hints::Hints function can cause denial of service
https://notcve.org/view.php?id=CVE-2022-27337
05 May 2022 — A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. Un error lógico en la función Hints::Hints de Poppler versión v22.03.0, permite a atacantes causar una denegación de servicio (DoS) por medio de un archivo PDF diseñado A logic error was found in Popplers' Hints::Hints function in the Hints.cc file. This flaw allows an attacker to trick a user into opening a crafted PDf file into the pdftops utility, which causes the pro... • https://gitlab.freedesktop.org/poppler/poppler/-/issues/1230 • CWE-1173: Improper Use of Validation Framework •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-1215 – libinput: format string vulnerability may lead to privilege escalation
https://notcve.org/view.php?id=CVE-2022-1215
21 Apr 2022 — A format string vulnerability was found in libinput Se ha encontrado una vulnerabilidad de cadena de formato en libinput Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.0. Issues addressed include code execution, cross site scripting, denial of service, information leakage, and traversal vulnerabilities. • https://seclists.org/oss-sec/2022/q2/47 • CWE-134: Use of Externally-Controlled Format String •