CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 3CVE-2022-44638 – pixman: Integer overflow in pixman_sample_floor_y leading to heap out-of-bounds write
https://notcve.org/view.php?id=CVE-2022-44638
03 Nov 2022 — In libpixman in Pixman before 0.42.2, there is an out-of-bounds write (aka heap-based buffer overflow) in rasterize_edges_8 due to an integer overflow in pixman_sample_floor_y. En libpixman en Pixman anterior a 0.42.2, hay una escritura fuera de límites (también conocida como desbordamiento de búfer basado en montón) en rasterize_edges_8 debido a un desbordamiento de enteros en pixman_sample_floor_y. A flaw was found in pixman. This issue causes an out-of-bounds write in rasterize_edges_8 due to an integer ... • https://packetstorm.news/files/id/170121 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-40284 – NTFS-3G: buffer overflow issue in NTFS-3G can cause code execution via crafted metadata in an NTFS image
https://notcve.org/view.php?id=CVE-2022-40284
02 Nov 2022 — A buffer overflow was discovered in NTFS-3G before 2022.10.3. Crafted metadata in an NTFS image can cause code execution. A local attacker can exploit this if the ntfs-3g binary is setuid root. A physically proximate attacker can exploit this if NTFS-3G software is configured to execute upon attachment of an external storage device. Se descubrió un desbordamiento del búfer en NTFS-3G antes de 2022.10.3. • http://www.openwall.com/lists/oss-security/2022/10/31/2 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0CVE-2022-39369 – Service Hostname Discovery Exploitation in phpCAS
https://notcve.org/view.php?id=CVE-2022-39369
01 Nov 2022 — phpCAS is an authentication library that allows PHP applications to easily authenticate users via a Central Authentication Service (CAS) server. The phpCAS library uses HTTP headers to determine the service URL used to validate tickets. This allows an attacker to control the host header and use a valid ticket granted for any authorized service in the same SSO realm (CAS server) to authenticate to the service protected by phpCAS. Depending on the settings of the CAS server service registry in worst case this... • https://github.com/apereo/phpCAS/security/advisories/GHSA-8q72-6qq8-xv64 • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') CWE-1287: Improper Validation of Specified Type of Input •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-42309 – Gentoo Linux Security Advisory 202402-07
https://notcve.org/view.php?id=CVE-2022-42309
01 Nov 2022 — Xenstore: Guests can crash xenstored Due to a bug in the fix of XSA-115 a malicious guest can cause xenstored to use a wrong pointer during node creation in an error path, resulting in a crash of xenstored or a memory corruption in xenstored causing further damage. Entering the error path can be controlled by the guest e.g. by exceeding the quota value of maximum nodes per domain. Xenstore: Los invitados pueden bloquear xenstored Debido a un error en la solución de XSA-115, un invitado malintencionado puede... • http://www.openwall.com/lists/oss-security/2022/11/01/4 • CWE-763: Release of Invalid Pointer or Reference •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-42310 – Gentoo Linux Security Advisory 202402-07
https://notcve.org/view.php?id=CVE-2022-42310
01 Nov 2022 — Xenstore: Guests can create orphaned Xenstore nodes By creating multiple nodes inside a transaction resulting in an error, a malicious guest can create orphaned nodes in the Xenstore data base, as the cleanup after the error will not remove all nodes already created. When the transaction is committed after this situation, nodes without a valid parent can be made permanent in the data base. Xenstore: los invitados pueden crear nodos huérfanos de Xenstore al crear varios nodos dentro de una transacción que ge... • http://www.openwall.com/lists/oss-security/2022/11/01/5 • CWE-459: Incomplete Cleanup •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-42311 – Debian Security Advisory 5272-1
https://notcve.org/view.php?id=CVE-2022-42311
01 Nov 2022 — Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service (DoS) of xenstored. There are multiple ways how guests can cause large memory allocations in xenstored: - - by issuing new requests to xenstored without reading the responses, causing the responses to be buffered ... • http://xenbits.xen.org/xsa/advisory-326.html • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-42312 – Debian Security Advisory 5272-1
https://notcve.org/view.php?id=CVE-2022-42312
01 Nov 2022 — Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service (DoS) of xenstored. There are multiple ways how guests can cause large memory allocations in xenstored: - - by issuing new requests to xenstored without reading the responses, causing the responses to be buffered ... • http://xenbits.xen.org/xsa/advisory-326.html • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-42313 – Debian Security Advisory 5272-1
https://notcve.org/view.php?id=CVE-2022-42313
01 Nov 2022 — Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service (DoS) of xenstored. There are multiple ways how guests can cause large memory allocations in xenstored: - - by issuing new requests to xenstored without reading the responses, causing the responses to be buffered ... • http://xenbits.xen.org/xsa/advisory-326.html • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-42314 – Debian Security Advisory 5272-1
https://notcve.org/view.php?id=CVE-2022-42314
01 Nov 2022 — Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service (DoS) of xenstored. There are multiple ways how guests can cause large memory allocations in xenstored: - - by issuing new requests to xenstored without reading the responses, causing the responses to be buffered ... • http://xenbits.xen.org/xsa/advisory-326.html • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-42315 – Debian Security Advisory 5272-1
https://notcve.org/view.php?id=CVE-2022-42315
01 Nov 2022 — Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service (DoS) of xenstored. There are multiple ways how guests can cause large memory allocations in xenstored: - - by issuing new requests to xenstored without reading the responses, causing the responses to be buffered ... • http://xenbits.xen.org/xsa/advisory-326.html • CWE-770: Allocation of Resources Without Limits or Throttling •