CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 1CVE-2022-0583
https://notcve.org/view.php?id=CVE-2022-0583
Crash in the PVFS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file Un bloqueo en el disector del protocolo PVFS en Wireshark versiones 3.6.0 a 3.6.1 y versiones 3.4.0 a 3.4.11, permite una denegación de servicio por medio de una inyección de paquetes o de un archivo de captura diseñado • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0583.json https://gitlab.com/wireshark/wireshark/-/issues/17840 https://lists.debian.org/debian-lts-announce/2022/03/msg00041.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HRJ24JRKLA6XMDKLGVTOPM5KBBU4UHLN https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V3DZD2JU56ZI4XV2B3HGVGA5PXQDNA5T https://security.gentoo.org/glsa/202210-04 https://www.wireshark. • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2022-0586
https://notcve.org/view.php?id=CVE-2022-0586
Infinite loop in RTMPT protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file Un bucle infinito en el disector de protocolo RTMPT en Wireshark versiones 3.6.0 a 3.6.1 y versiones 3.4.0 a 3.4.11, permite una denegación de servicio por medio de una inyección de paquetes o de un archivo de captura diseñado • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0586.json https://gitlab.com/wireshark/wireshark/-/issues/17813 https://lists.debian.org/debian-lts-announce/2022/03/msg00041.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HRJ24JRKLA6XMDKLGVTOPM5KBBU4UHLN https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V3DZD2JU56ZI4XV2B3HGVGA5PXQDNA5T https://security.gentoo.org/glsa/202210-04 https://www.wireshark. • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.8EPSS: 0%CPEs: 7EXPL: 1CVE-2022-0571 – Cross-site Scripting (XSS) - Reflected in phoronix-test-suite/phoronix-test-suite
https://notcve.org/view.php?id=CVE-2022-0571
Cross-site Scripting (XSS) - Reflected in GitHub repository phoronix-test-suite/phoronix-test-suite prior to 10.8.2. Una vulnerabilidad de tipo Cross-site Scripting (XSS) - Reflejado en el repositorio de GitHub phoronix-test-suite/phoronix-test-suite versiones anteriores a 10.8.2 • https://github.com/phoronix-test-suite/phoronix-test-suite/commit/1eac9260c8313f0cfc77837ec676f4e6d68bd833 https://huntr.dev/bounties/a5039485-6e48-4313-98ad-915506c19ae8 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSQH5OWXAMWSM7H6VSBRDGTOE7UIOZHZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PQ2PBBODEOE3BUCYHL5CV47M72ST4I7S https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QO32MBF3FS65K5YIC6CHXAJTLLPAXJED • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 0CVE-2021-45444 – zsh: Prompt expansion vulnerability
https://notcve.org/view.php?id=CVE-2021-45444
In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPT_SUBST expansion. En zsh versiones anteriores a 5.8.1, un atacante puede lograr una ejecución de código si controla la salida de un comando dentro del prompt, como lo demuestra un argumento %F. Esto ocurre debido a la expansión recursiva PROMPT_SUBST A vulnerability was found in zsh in the parsecolorchar() function of prompt.c file. This flaw allows an attacker to perform code execution if they control a command output inside the prompt, as stated by a %F%K argument. • http://seclists.org/fulldisclosure/2022/May/33 http://seclists.org/fulldisclosure/2022/May/35 http://seclists.org/fulldisclosure/2022/May/38 https://lists.debian.org/debian-lts-announce/2022/02/msg00020.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2P3LPMGENEHKDWFO4MWMZSZL6G7Y4CV7 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BWF3EXNBX5SVFDBL4ZFOD4GJBWFUKWN4 https://support.apple.com/kb/HT213255 https://support.apple& • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.4EPSS: 0%CPEs: 6EXPL: 1CVE-2022-0572 – Heap-based Buffer Overflow in vim/vim
https://notcve.org/view.php?id=CVE-2022-0572
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. Un Desbordamiento del Búfer en la región Heap de la Memoria en el repositorio de GitHub vim/vim versiones anteriores a 8.2 • http://seclists.org/fulldisclosure/2022/Oct/28 http://seclists.org/fulldisclosure/2022/Oct/41 https://github.com/vim/vim/commit/6e28703a8e41f775f64e442c5d11ce1ff599aa3f https://huntr.dev/bounties/bf3e0643-03e9-4436-a1c8-74e7111c32bf https://lists.debian.org/debian-lts-announce/2022/05/msg00022.html https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4GOY5YWTP5QUY2EFLCL7AUWA2CV57C37 https://lists.fedoraproject& • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •