Page 26 of 765 results (0.011 seconds)

CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 2

CVE-2022-34903 – gpg: Signature spoofing via status line injection

https://notcve.org/view.php?id=CVE-2022-34903

GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line. GnuPG versiones hasta 2.3.6, en situaciones inusuales en las que un atacante posee cualquier información de clave secreta del llavero de la víctima y son cumplidos en otras restricciones (por ejemplo, el uso de GPGME), permite una falsificación de firmas por medio de la inyección en la línea de estado A vulnerability was found in GnuPG. This issue occurs due to an escape detection loop at the write_status_text_and_buffer() function in g10/cpr.c. This flaw allows a malicious actor to bypass access control. • http://www.openwall.com/lists/oss-security/2022/07/02/1 https://bugs.debian.org/1014157 https://dev.gnupg.org/T6027 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRLWJQ76A4UKHI3Q36BKSJKS4LFLQO33 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NPTAR76EIZY7NQFENSOZO7U473257OVZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VN63GBTMRWO36Y7BKA2WQHROAKCXKCBL https://lists.fedoraproject.org/archives • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-347: Improper Verification of Cryptographic Signature •

CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 1

CVE-2022-2058 – libtiff: division by zero issues in tiffcrop

https://notcve.org/view.php?id=CVE-2022-2058

Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010. Un error de División Por Cero en tiffcrop en libtiff versión 4.4.0, permite a atacantes causar una denegación de servicio por medio de un archivo tiff diseñado. Para usuarios que compilan libtiff a partir de las fuentes, la corrección está disponible con el commit f3a5e010 A divide-by-zero vulnerability was found in libtiff. This flaw allows an attacker to cause a denial of service via a crafted tiff file. • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2058.json https://gitlab.com/libtiff/libtiff/-/issues/428 https://gitlab.com/libtiff/libtiff/-/merge_requests/346 https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4TSS7MJ7OO7JO5BNKCRYSFU7UAYOKLA2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OXUMJXVEAYFWRO3U3YHKSULHIVDOLEQS https:// • CWE-369: Divide By Zero •

CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 1

CVE-2022-2057 – libtiff: division by zero issues in tiffcrop

https://notcve.org/view.php?id=CVE-2022-2057

Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010. Un error de División Por Cero en tiffcrop en libtiff versión 4.4.0 permite a atacantes causar una denegación de servicio por medio de un archivo tiff diseñado. Para usuarios que compilan libtiff a partir de las fuentes, la corrección está disponible con el commit f3a5e010 A divide-by-zero vulnerability was found in libtiff. This flaw allows an attacker to cause a denial of service via a crafted tiff file. • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2057.json https://gitlab.com/libtiff/libtiff/-/issues/427 https://gitlab.com/libtiff/libtiff/-/merge_requests/346 https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4TSS7MJ7OO7JO5BNKCRYSFU7UAYOKLA2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OXUMJXVEAYFWRO3U3YHKSULHIVDOLEQS https:// • CWE-369: Divide By Zero •

CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 1

CVE-2022-2056 – libtiff: division by zero issues in tiffcrop

https://notcve.org/view.php?id=CVE-2022-2056

Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010. Un error de División Por Cero en tiffcrop en libtiff versión 4.4.0, permite a atacantes causar una denegación de servicio por medio de un archivo tiff diseñado. Para usuarios que compilan libtiff a partir de las fuentes, la corrección está disponible con el commit f3a5e010 A divide-by-zero vulnerability was found in libtiff. This flaw allows an attacker to cause a denial of service via a crafted tiff file. • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2056.json https://gitlab.com/libtiff/libtiff/-/issues/415 https://gitlab.com/libtiff/libtiff/-/merge_requests/346 https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4TSS7MJ7OO7JO5BNKCRYSFU7UAYOKLA2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OXUMJXVEAYFWRO3U3YHKSULHIVDOLEQS https:// • CWE-369: Divide By Zero •

CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0

CVE-2022-28734 – Out-of-bounds write when handling split HTTP headers

https://notcve.org/view.php?id=CVE-2022-28734

Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position. This can lead to a out-of-bound write further when parsing the HTTP request, writing a NULL byte past the buffer. It's conceivable that an attacker controlled set of packets can lead to corruption of the GRUB2's internal memory metadata. A flaw was found in grub2 when handling split HTTP headers. While processing a split HTTP header, grub2 wrongly advances its control pointer to the internal buffer by one position, which can lead to an out-of-bounds write. • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28734 https://security.netapp.com/advisory/ntap-20230825-0002 https://www.openwall.com/lists/oss-security/2022/06/07/5 https://access.redhat.com/security/cve/CVE-2022-28734 https://bugzilla.redhat.com/show_bug.cgi?id=2090463 • CWE-787: Out-of-bounds Write •