CVSS: 6.7EPSS: 0%CPEs: 6EXPL: 0CVE-2022-30783 – Gentoo Linux Security Advisory 202301-01
https://notcve.org/view.php?id=CVE-2022-30783
26 May 2022 — An invalid return code in fuse_kern_mount enables intercepting of libfuse-lite protocol traffic between NTFS-3G and the kernel in NTFS-3G through 2021.8.22 when using libfuse-lite. Un código de retorno no válido en fuse_kern_mount permite interceptar el tráfico del protocolo libfuse-lite entre NTFS-3G y el kernel en NTFS-3G versiones hasta 2021.8.22 cuando es usado libfuse-lite It was discovered that NTFS-3G incorrectly handled the ntfsck tool. If a user or automated system were tricked into using ntfsck on... • http://www.openwall.com/lists/oss-security/2022/06/07/4 • CWE-252: Unchecked Return Value •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-30784 – ntfs-3g: crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value
https://notcve.org/view.php?id=CVE-2022-30784
26 May 2022 — A crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value in NTFS-3G through 2021.8.22. Una imagen NTFS diseñada puede causar el agotamiento de la pila en ntfs_get_attribute_value en NTFS-3G versiones hasta 2021.8.22 A vulnerability was found in NTFS-3G. Incorrect validation of NTFS metadata can result in a heap exhaustion when processing a crafted NTFS image file or partition. Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The v... • https://github.com/tuxera/ntfs-3g/releases • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2022-30785 – Gentoo Linux Security Advisory 202301-01
https://notcve.org/view.php?id=CVE-2022-30785
26 May 2022 — A file handle created in fuse_lib_opendir, and later used in fuse_lib_readdir, enables arbitrary memory read and write operations in NTFS-3G through 2021.8.22 when using libfuse-lite. Un manejador de archivos creado en fuse_lib_opendir, y posteriormente usado en fuse_lib_readdir, permite realizar operaciones de lectura y escritura en memoria arbitrarias en NTFS-3G versiones hasta 2021.8.22 cuando es usado libfuse-lite Several vulnerabilities were discovered in NTFS-3G, a read-write NTFS driver for FUSE. A l... • http://www.openwall.com/lists/oss-security/2022/06/07/4 •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-30786 – ntfs-3g: crafted NTFS image can cause a heap-based buffer overflow in ntfs_names_full_collate
https://notcve.org/view.php?id=CVE-2022-30786
26 May 2022 — A crafted NTFS image can cause a heap-based buffer overflow in ntfs_names_full_collate in NTFS-3G through 2021.8.22. Una imagen NTFS diseñada puede causar un desbordamiento del búfer en la región heap de la memoria en ntfs_names_full_collate en NTFS-3G versiones hasta 2021.8.22 A vulnerability was found in NTFS-3G. Incorrect validation of NTFS metadata can result in a heap-based buffer overflow when processing a crafted NTFS image file or partition. It was discovered that NTFS-3G incorrectly handled the ntf... • https://github.com/tuxera/ntfs-3g/releases • CWE-787: Out-of-bounds Write •
CVSS: 6.7EPSS: 0%CPEs: 6EXPL: 0CVE-2022-30787 – Gentoo Linux Security Advisory 202301-01
https://notcve.org/view.php?id=CVE-2022-30787
26 May 2022 — An integer underflow in fuse_lib_readdir enables arbitrary memory read operations in NTFS-3G through 2021.8.22 when using libfuse-lite. Un desbordamiento de enteros en fuse_lib_readdir permite realizar operaciones de lectura de memoria arbitrarias en NTFS-3G versiones hasta 2021.8.22 cuando se usa libfuse-lite USN-5463-1 fixed vulnerabilities in NTFS-3G. This update provides the corresponding updates for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Roman Fiedler discovered that NTFS-3G incorrectly handled certain... • http://www.openwall.com/lists/oss-security/2022/06/07/4 • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-30788 – ntfs-3g: crafted NTFS image can cause a heap-based buffer overflow in ntfs_mft_rec_alloc
https://notcve.org/view.php?id=CVE-2022-30788
26 May 2022 — A crafted NTFS image can cause a heap-based buffer overflow in ntfs_mft_rec_alloc in NTFS-3G through 2021.8.22. Una imagen NTFS diseñada puede causar un desbordamiento del búfer en la región heap de la memoria en ntfs_mft_rec_alloc en NTFS-3G versiones hasta 2021.8.22 A vulnerability was found in NTFS-3G. Incorrect validation of NTFS metadata can result in a heap-based buffer overflow when processing a crafted NTFS image file or partition. Kernel-based Virtual Machine offers a full virtualization solution f... • https://github.com/tuxera/ntfs-3g/releases • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-30789 – ntfs-3g: crafted NTFS image can cause a heap-based buffer overflow in ntfs_check_log_client_array
https://notcve.org/view.php?id=CVE-2022-30789
26 May 2022 — A crafted NTFS image can cause a heap-based buffer overflow in ntfs_check_log_client_array in NTFS-3G through 2021.8.22. Una imagen NTFS diseñada puede causar un desbordamiento del búfer en la región heap de la memoria en ntfs_check_log_client_array en NTFS-3G versiones hasta 2021.8.22 A vulnerability was found in NTFS-3G. Incorrect validation of NTFS metadata can result in a heap-based buffer overflow when processing a crafted NTFS image file or partition. Kernel-based Virtual Machine offers a full virtual... • https://github.com/tuxera/ntfs-3g/releases • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 1CVE-2022-1851 – Out-of-bounds Read in vim/vim
https://notcve.org/view.php?id=CVE-2022-1851
25 May 2022 — Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. Una Lectura Fuera de Límites en el repositorio GitHub vim/vim versiones anteriores a 8.2 It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possible execute arbitrary code. This issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. • http://seclists.org/fulldisclosure/2022/Oct/28 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 16%CPEs: 7EXPL: 1CVE-2022-29221 – PHP Code Injection by malicious block or filename in Smarty
https://notcve.org/view.php?id=CVE-2022-29221
24 May 2022 — Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.45 and 4.1.1, template authors could inject php code by choosing a malicious {block} name or {include} file name. Sites that cannot fully trust template authors should upgrade to versions 3.1.45 or 4.1.1 to receive a patch for this issue. There are currently no known workarounds. Smarty es un motor de plantillas para PHP, que facilita la separación de la presentación (HTM... • https://github.com/sbani/CVE-2022-29221-PoC • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.0EPSS: 0%CPEs: 24EXPL: 2CVE-2022-1734 – Ubuntu Security Notice USN-5582-1
https://notcve.org/view.php?id=CVE-2022-1734
18 May 2022 — A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine. Un fallo en el Kernel de Linux encontrado en nfcmrvl_nci_unregister_dev() en el archivo drivers/nfc/nfcmrvl/main.c puede conllevar a un uso de memoria previamente liberada de lectura o escritura cuando no está sincronizado entre la rutina de limpieza y la rutina de descarga del firmware Zhenpeng L... • http://www.openwall.com/lists/oss-security/2022/06/05/4 • CWE-416: Use After Free •