CVSS: 5.9EPSS: 0%CPEs: 8EXPL: 1CVE-2022-48566
https://notcve.org/view.php?id=CVE-2022-48566
An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest. • https://bugs.python.org/issue40791 https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html https://lists.debian.org/debian-lts-announce/2023/10/msg00017.html https://security.netapp.com/advisory/ntap-20231006-0013 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1CVE-2022-48560 – python: use after free in heappushpop() of heapq module
https://notcve.org/view.php?id=CVE-2022-48560
A use-after-free exists in Python through 3.9 via heappushpop in heapq. A use-after-free vulnerability was found in Python via the heappushpop function in the heapq module. This flaw allows an attacker to submit a specially crafted request, causing a service disruption that leads to a denial of service attack. • https://bugs.python.org/issue39421 https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html https://lists.debian.org/debian-lts-announce/2023/10/msg00017.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZ5OOBWNYWXFTZDMCGHJVGDLDTHLWITJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VO7Y2YZSDK3UYJD2KBGLXRTGNG6T326J https://security.netapp.com/advisory/ntap-20230929-0008 https://access.redhat.com/security/cve/CVE-2022&# • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2022-37050
https://notcve.org/view.php?id=CVE-2022-37050
In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (application crashes with SIGABRT) by crafting a PDF file in which the xref data structure is mishandled in getCatalog processing. Note that this vulnerability is caused by the incomplete patch of CVE-2018-20662. En Poppler 22.07.0, PDFDoc::savePageAs en PDFDoc.c permite a los atacantes provocar una denegación de servicio (la aplicación se bloquea con SIGABRT) mediante la creación de un archivo PDF en el que la estructura de datos xref se maneja incorrectamente en el procesamiento getCatalog. Tenga en cuenta que esta vulnerabilidad está causada por el parche incompleto de CVE-2018-20662. • https://gitlab.freedesktop.org/poppler/poppler/-/commit/dcd5bd8238ea448addd102ff045badd0aca1b990 https://gitlab.freedesktop.org/poppler/poppler/-/issues/1274 https://lists.debian.org/debian-lts-announce/2023/10/msg00022.html •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2020-19189
https://notcve.org/view.php?id=CVE-2020-19189
Buffer Overflow vulnerability in postprocess_terminfo function in tinfo/parse_entry.c:997 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. Vulnerabilidad de Buffer Overflow en la función "postprocess_terminfo" en tinfo/parse_entry.c:997 en ncurses v6.1 que permite a atacantes remotos causar una denegación de servicios a través de un comando manipulado. • http://seclists.org/fulldisclosure/2023/Dec/10 http://seclists.org/fulldisclosure/2023/Dec/11 http://seclists.org/fulldisclosure/2023/Dec/9 https://github.com/zjuchenyuan/fuzzpoc/blob/master/infotocap_poc5.md https://lists.debian.org/debian-lts-announce/2023/09/msg00033.html https://security.netapp.com/advisory/ntap-20231006-0005 https://support.apple.com/kb/HT214036 https://support.apple.com/kb/HT214037 https://support.apple.com/kb/HT214038 • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2022-37051
https://notcve.org/view.php?id=CVE-2022-37051
An issue was discovered in Poppler 22.07.0. There is a reachable abort which leads to denial of service because the main function in pdfunite.cc lacks a stream check before saving an embedded file. Se ha descubierto un problema en Poppler 22.07.0. Hay un aborto alcanzable que conduce a la denegación de servicio debido a que la función principal en pdfunite.cc carece de una comprobación de flujo antes de guardar un archivo incrustado. • https://gitlab.freedesktop.org/poppler/poppler/-/commit/4631115647c1e4f0482ffe0491c2f38d2231337b https://gitlab.freedesktop.org/poppler/poppler/-/issues/1276 https://lists.debian.org/debian-lts-announce/2023/10/msg00022.html • CWE-617: Reachable Assertion •