Page 25 of 703 results (0.013 seconds)

CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 1

CVE-2022-45188 – Synology DiskStation Manager Serv.php Authentication Bypass Vulnerability

https://notcve.org/view.php?id=CVE-2022-45188

Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl file. This provides remote root access on some platforms such as FreeBSD (used for TrueNAS). Netatalk hasta 3.1.13 tiene un Desbordamiento del Búfer en afp_getappl que genera la ejecución de código a través de un archivo .appl manipulado. Esto proporciona acceso raíz remoto en algunas plataformas como FreeBSD (utilizado para TrueNAS). This vulnerability allows remote attackers to bypass authentication on affected installations of Synology DiskStation Manager. • https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZYWSGVA6WXREMB6PV56HAHKU7R6KPOP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GEAFLA5L2SHOUFBAGUXIF2TZLGBXGJKT https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SG6WZW5LXFVH3P7ZVZRGHUVJEMEFKQLI https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html https://netatalk.sourceforge.io/3.1/ • CWE-787: Out-of-bounds Write •

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1

CVE-2022-41854 – Stack Overflow in Snakeyaml

https://notcve.org/view.php?id=CVE-2022-41854

Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack. Aquellos que usan Snakeyaml para analizar archivos YAML que no son de confianza pueden ser vulnerables a ataques de Denegación de Servicio (DoS). Si el analizador se ejecuta con la entrada proporcionada por el usuario, un atacante puede proporcionar contenido que provoque que el analizador falle por desbordamiento de la pila. • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50355 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3DDXEXXWAZGF5AVHIPGFPXIWL6TSMKJE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MKE4XWRXTH32757H7QJU4ACS67DYDCR https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSPAJ5Y45A4ZDION2KN5RDWLHK4XKY2J https://security.netapp.com/advisory/ntap-20240315-0009 https://security.netapp.com/advisory/ntap-20240621- • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 1

CVE-2022-45063

https://notcve.org/view.php?id=CVE-2022-45063

xterm before 375 allows code execution via font ops, e.g., because an OSC 50 response may have Ctrl-g and therefore lead to command execution within the vi line-editing mode of Zsh. NOTE: font ops are not allowed in the xterm default configurations of some Linux distributions. xterm anterior a 375 permite la ejecución de código mediante operaciones de fuentes, por ejemplo, porque una respuesta OSC 50 puede tener Ctrl-g y, por lo tanto, conducir a la ejecución de comandos dentro del modo de edición de línea vi de Zsh. NOTA: las operaciones de fuentes no están permitidas en las configuraciones predeterminadas de xterm de algunas distribuciones de Linux. • http://www.openwall.com/lists/oss-security/2022/11/10/1 http://www.openwall.com/lists/oss-security/2022/11/10/5 http://www.openwall.com/lists/oss-security/2024/06/15/1 http://www.openwall.com/lists/oss-security/2024/06/17/1 https://invisible-island.net/xterm/xterm.log.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4TPVNTYFFWNTGZJJQAA4MGGFSTXA4XEA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 5.5EPSS: 0%CPEs: 504EXPL: 0

CVE-2022-23824

https://notcve.org/view.php?id=CVE-2022-23824

IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure. IBPB no puede evitar que las predicciones de sucursales de retorno sean especificadas por objetivos de sucursales anteriores a IBPB, lo que lleva a una posible divulgación de información. • http://www.openwall.com/lists/oss-security/2022/11/10/2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NTQMPJC5N6XJYQ232OZFLK47HVZNRBY3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ https://security.gentoo.org/glsa/202402-07 https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1040 https://www.debian.org/security/2023/dsa-5378 •

CVSS: 8.1EPSS: 2%CPEs: 14EXPL: 0

CVE-2022-37966 – Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability

https://notcve.org/view.php?id=CVE-2022-37966

Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios en Kerberos RC4-HMAC de Windows • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37966 https://security.gentoo.org/glsa/202309-06 •