CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 1CVE-2022-0583
https://notcve.org/view.php?id=CVE-2022-0583
Crash in the PVFS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file Un bloqueo en el disector del protocolo PVFS en Wireshark versiones 3.6.0 a 3.6.1 y versiones 3.4.0 a 3.4.11, permite una denegación de servicio por medio de una inyección de paquetes o de un archivo de captura diseñado • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0583.json https://gitlab.com/wireshark/wireshark/-/issues/17840 https://lists.debian.org/debian-lts-announce/2022/03/msg00041.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HRJ24JRKLA6XMDKLGVTOPM5KBBU4UHLN https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V3DZD2JU56ZI4XV2B3HGVGA5PXQDNA5T https://security.gentoo.org/glsa/202210-04 https://www.wireshark. • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2022-0586
https://notcve.org/view.php?id=CVE-2022-0586
Infinite loop in RTMPT protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file Un bucle infinito en el disector de protocolo RTMPT en Wireshark versiones 3.6.0 a 3.6.1 y versiones 3.4.0 a 3.4.11, permite una denegación de servicio por medio de una inyección de paquetes o de un archivo de captura diseñado • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0586.json https://gitlab.com/wireshark/wireshark/-/issues/17813 https://lists.debian.org/debian-lts-announce/2022/03/msg00041.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HRJ24JRKLA6XMDKLGVTOPM5KBBU4UHLN https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V3DZD2JU56ZI4XV2B3HGVGA5PXQDNA5T https://security.gentoo.org/glsa/202210-04 https://www.wireshark. • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 0CVE-2021-45444 – zsh: Prompt expansion vulnerability
https://notcve.org/view.php?id=CVE-2021-45444
In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPT_SUBST expansion. En zsh versiones anteriores a 5.8.1, un atacante puede lograr una ejecución de código si controla la salida de un comando dentro del prompt, como lo demuestra un argumento %F. Esto ocurre debido a la expansión recursiva PROMPT_SUBST A vulnerability was found in zsh in the parsecolorchar() function of prompt.c file. This flaw allows an attacker to perform code execution if they control a command output inside the prompt, as stated by a %F%K argument. • http://seclists.org/fulldisclosure/2022/May/33 http://seclists.org/fulldisclosure/2022/May/35 http://seclists.org/fulldisclosure/2022/May/38 https://lists.debian.org/debian-lts-announce/2022/02/msg00020.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2P3LPMGENEHKDWFO4MWMZSZL6G7Y4CV7 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BWF3EXNBX5SVFDBL4ZFOD4GJBWFUKWN4 https://support.apple.com/kb/HT213255 https://support.apple& • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.4EPSS: 0%CPEs: 6EXPL: 1CVE-2022-0572 – Heap-based Buffer Overflow in vim/vim
https://notcve.org/view.php?id=CVE-2022-0572
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. Un Desbordamiento del Búfer en la región Heap de la Memoria en el repositorio de GitHub vim/vim versiones anteriores a 8.2 • http://seclists.org/fulldisclosure/2022/Oct/28 http://seclists.org/fulldisclosure/2022/Oct/41 https://github.com/vim/vim/commit/6e28703a8e41f775f64e442c5d11ce1ff599aa3f https://huntr.dev/bounties/bf3e0643-03e9-4436-a1c8-74e7111c32bf https://lists.debian.org/debian-lts-announce/2022/05/msg00022.html https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4GOY5YWTP5QUY2EFLCL7AUWA2CV57C37 https://lists.fedoraproject& • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 8.0EPSS: 0%CPEs: 12EXPL: 0CVE-2022-23634 – Information Exposure when using Puma with Rails
https://notcve.org/view.php?id=CVE-2022-23634
Puma is a Ruby/Rack web server built for parallelism. Prior to `puma` version `5.6.2`, `puma` may not always call `close` on the response body. Rails, prior to version `7.0.2.2`, depended on the response body being closed in order for its `CurrentAttributes` implementation to work correctly. The combination of these two behaviors (Puma not closing the body + Rails' Executor implementation) causes information leakage. This problem is fixed in Puma versions 5.6.2 and 4.3.11. • https://github.com/advisories/GHSA-rmj8-8hhh-gv5h https://github.com/advisories/GHSA-wh98-p28r-vrc9 https://github.com/puma/puma/commit/b70f451fe8abc0cff192c065d549778452e155bb https://github.com/puma/puma/security/advisories/GHSA-rmj8-8hhh-gv5h https://groups.google.com/g/ruby-security-ann/c/FkTM-_7zSNA/m/K2RiMJBlBAAJ?utm_medium=email&utm_source=footer&pli=1 https://lists.debian.org/debian-lts-announce/2022/05/msg00034.html https://lists.debian.org/debian-lts-announce/2022/08/msg00015.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-359: Exposure of Private Personal Information to an Unauthorized Actor CWE-404: Improper Resource Shutdown or Release •