CVSS: 8.4EPSS: 0%CPEs: 6EXPL: 1CVE-2022-0943 – Heap-based Buffer Overflow occurs in vim in vim/vim
https://notcve.org/view.php?id=CVE-2022-0943
Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim prior to 8.2.4563. Se produce un desbordamiento del búfer basado en Heap en vim en el repositorio de GitHub vim/vim anterior a 8.2.4563 A heap buffer overflow flaw was found in vim's suggest_try_change() function of the spellsuggest.c file. This flaw allows an attacker to trick a user into opening a crafted file, triggering a heap-overflow and causing an application to crash, which leads to a denial of service. • http://seclists.org/fulldisclosure/2022/Oct/28 http://seclists.org/fulldisclosure/2022/Oct/41 https://github.com/vim/vim/commit/5c68617d395f9d7b824f68475b24ce3e38d653a3 https://huntr.dev/bounties/9e4de32f-ad5f-4830-b3ae-9467b5ab90a1 https://lists.debian.org/debian-lts-announce/2022/06/msg00014.html https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3R36VSLO4TRX72SWB6IDJOD24BQXPX2 https://lists.fedoraproject& • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 1CVE-2022-0860 – Improper Authorization in cobbler/cobbler
https://notcve.org/view.php?id=CVE-2022-0860
Improper Authorization in GitHub repository cobbler/cobbler prior to 3.3.2. Una Autorización Inapropiada en el repositorio GitHub cobbler/cobbler versiones anteriores a 3.3.2 • https://github.com/cobbler/cobbler/commit/9044aa990a94752fa5bd5a24051adde099280bfa https://huntr.dev/bounties/c458b868-63df-414e-af10-47e3745caa1d https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D4KCNZYBQC2FM5SEEDRQZO4LRZ4ZECMG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DYWYHWVVRUSPCV5SWBOSAMQJQLTSBTKY https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IYSHMF6MEIITFAG7EJ3IQKVUN7MDV2XM • CWE-285: Improper Authorization CWE-863: Incorrect Authorization •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2021-44269 – wavpack: Heap out-of-bounds read in WavpackPackSamples()
https://notcve.org/view.php?id=CVE-2021-44269
An out of bounds read was found in Wavpack 5.4.0 in processing *.WAV files. This issue triggered in function WavpackPackSamples of file src/pack_utils.c, tainted variable cnt is too large, that makes pointer sptr read beyond heap bound. Se encontró una lectura fuera de límites en Wavpack versión 5.4.0, al procesar archivos *.WAV. Este problema es desencadenado en la función WavpackPackSamples del archivo src/pack_utils.c, la variable tainted cnt es demasiado grande, lo que hace que el puntero sptr sea leído más allá del límite de la pila A heap out-of-bounds read flaw was found in WavPacks' WavpackPackSamples() function of src/pack_utils.c and only affects the command-line program of WavPack (not libwavpack). This flaw allows an attacker to exploit this flaw for a website that uses the WavPack command-line program on user-provided files, causing a denial of service. • https://github.com/dbry/WavPack/issues/110 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2CZUFTX3J4Y4OSRITG4PXCI7NRVFDYVQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A5B7L26LA6KGX7YH6SWD5CSBNWKV5MBO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CRZWZKEEABCLVXZEXQZBIT3ZKLIXVFF5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I54NXQZELBF42OL4KQZJJRAYZX7IPZXP https://lists • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 1%CPEs: 5EXPL: 1CVE-2021-32436
https://notcve.org/view.php?id=CVE-2021-32436
An out-of-bounds read in the function write_title() in subs.c of abcm2ps v8.14.11 allows remote attackers to cause a Denial of Service (DoS) via unspecified vectors. Una lectura fuera de límites en la función write_title() en el archivo subs.c de abcm2ps versión v8.14.11, permite a atacantes remotos causar una denegación de servicio (DoS) por medio de vectores no especificados • https://github.com/leesavide/abcm2ps/commit/2f56e1179cab6affeb8afa9d6c324008fe40d8e3 https://github.com/leesavide/abcm2ps/issues/85 https://lists.debian.org/debian-lts-announce/2022/04/msg00015.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6333SXWMES3K22DBAOAW34G6EU6WIJEY https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EVGJH4HMXI3TWMHQJQCG3M7KSXJWJM7R https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTF4F • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1CVE-2021-32435
https://notcve.org/view.php?id=CVE-2021-32435
Stack-based buffer overflow in the function get_key in parse.c of abcm2ps v8.14.11 allows remote attackers to cause a Denial of Service (DoS) via unspecified vectors. Un desbordamiento del búfer en la región Stack de la memoria en la función get_key en el archivo parse.c de abcm2ps versión v8.14.11, permite a atacantes remotos causar una denegación de servicio (DoS) por medio de vectores no especificados • https://github.com/leesavide/abcm2ps/commit/3169ace6d63f6f517a64e8df0298f44a490c4a15 https://github.com/leesavide/abcm2ps/issues/84 https://lists.debian.org/debian-lts-announce/2022/04/msg00015.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6333SXWMES3K22DBAOAW34G6EU6WIJEY https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EVGJH4HMXI3TWMHQJQCG3M7KSXJWJM7R https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTF4F • CWE-787: Out-of-bounds Write •