CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-0544
https://notcve.org/view.php?id=CVE-2022-0544
An integer underflow in the DDS loader of Blender leads to an out-of-bounds read, possibly allowing an attacker to read sensitive data using a crafted DDS image file. This flaw affects Blender versions prior to 2.83.19, 2.93.8 and 3.1. Un desbordamiento de enteros en el cargador DDS de Blender conlleva a una lectura fuera de límites, permitiendo posiblemente a un atacante leer datos confidenciales usando un archivo de imagen DDS diseñado. Este fallo afecta a Blender versiones anteriores a 2.83.19, 2.93.8 y 3.1 • https://developer.blender.org/T94661 https://lists.debian.org/debian-lts-announce/2022/06/msg00021.html https://www.debian.org/security/2022/dsa-5176 • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2019-25058 – usbguard: Fix unauthorized access via D-Bus
https://notcve.org/view.php?id=CVE-2019-25058
An issue was discovered in USBGuard before 1.1.0. On systems with the usbguard-dbus daemon running, an unprivileged user could make USBGuard allow all USB devices to be connected in the future. Se ha detectado un problema en USBGuard versiones anteriores a 1.1.0. En sistemas con el demonio usbguard-dbus en ejecución, un usuario no privilegiado podía hacer que USBGuard permitiera la conexión de todos los dispositivos USB en el futuro A flaw was found in usbguard. The vulnerability occurs due to the No default access control list(ACL) on some D-Bus methods and leads to unauthorized access. • https://github.com/USBGuard/usbguard/issues/273 https://github.com/USBGuard/usbguard/issues/403 https://github.com/USBGuard/usbguard/pull/531 https://lists.debian.org/debian-lts-announce/2022/04/msg00010.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B2ET6DU4IA64M6TMQ4X3SG2L6TRPLDN6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B3HQVTHHJFQLSWSXA7W3ZHRF72YMPI46 https://lists.fedoraproject.org/archives/list/package-announce%40lis • CWE-863: Incorrect Authorization CWE-1220: Insufficient Granularity of Access Control •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 1CVE-2021-3596
https://notcve.org/view.php?id=CVE-2021-3596
A NULL pointer dereference flaw was found in ImageMagick in versions prior to 7.0.10-31 in ReadSVGImage() in coders/svg.c. This issue is due to not checking the return value from libxml2's xmlCreatePushParserCtxt() and uses the value directly, which leads to a crash and segmentation fault. Se ha encontrado un fallo de desreferencia de puntero NULL en ImageMagick en versiones anteriores a 7.0.10-31 en la función ReadSVGImage() en el archivo coders/svg.c. Este problema es debido a que no es comprobado el valor de retorno de xmlCreatePushParserCtxt() de libxml2 y es usado el valor directamente, conllevando a un fallo de bloqueo y segmentación • https://bugzilla.redhat.com/show_bug.cgi?id=1970569 https://github.com/ImageMagick/ImageMagick/issues/2624 https://lists.debian.org/debian-lts-announce/2022/05/msg00018.html https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 9%CPEs: 50EXPL: 5CVE-2022-0492 – kernel: cgroups v1 release_agent feature may allow privilege escalation
https://notcve.org/view.php?id=CVE-2022-0492
A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly. Se ha encontrado una vulnerabilidad en la función cgroup_release_agent_write en el archivo kernel/cgroup/cgroup-v1.c del kernel de Linux. Este fallo, bajo determinadas circunstancias, permite el uso de la función cgroups v1 release_agent para escalar privilegios y saltarse el aislamiento del espacio de nombres de forma no esperada • https://github.com/chenaotian/CVE-2022-0492 https://github.com/SofianeHamlaoui/CVE-2022-0492-Checker https://github.com/yoeelingBin/CVE-2022-0492-Container-Escape https://github.com/T1erno/CVE-2022-0492-Docker-Breakout-Checker-and-PoC https://github.com/bb33bb/CVE-2022-0492 http://packetstormsecurity.com/files/166444/Kernel-Live-Patch-Security-Notice-LSN-0085-1.html http://packetstormsecurity.com/files/167386/Kernel-Live-Patch-Security-Notice-LSN-0086-1.html http://packetstormsecurity.com/files/17 • CWE-287: Improper Authentication CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 1CVE-2022-0729 – Use of Out-of-range Pointer Offset in vim/vim
https://notcve.org/view.php?id=CVE-2022-0729
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440. Un Uso de un Desplazamiento de Puntero Fuera de Rango en el repositorio de GitHub vim/vim versiones anteriores a 8.2.4440 • http://seclists.org/fulldisclosure/2022/Oct/28 http://seclists.org/fulldisclosure/2022/Oct/41 https://github.com/vim/vim/commit/6456fae9ba8e72c74b2c0c499eaf09974604ff30 https://huntr.dev/bounties/f3f3d992-7bd6-4ee5-a502-ae0e5f8016ea https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF https://lists.fedoraproject& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-823: Use of Out-of-range Pointer Offset •