CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2022-3297 – Use After Free in vim/vim
https://notcve.org/view.php?id=CVE-2022-3297
Use After Free in GitHub repository vim/vim prior to 9.0.0579. Un Uso de Memoria Previamente liberada en el repositorio de GitHub vim/vim versiones anteriores a 9.0.0579. • https://github.com/vim/vim/commit/0ff01835a40f549c5c4a550502f62a2ac9ac447c https://huntr.dev/bounties/1aa9ec92-0355-4710-bf85-5bce9effa01c https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI https://security.gentoo.org/glsa/202305-16 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-41322
https://notcve.org/view.php?id=CVE-2022-41322
In Kitty before 0.26.2, insufficient validation in the desktop notification escape sequence can lead to arbitrary code execution. The user must display attacker-controlled content in the terminal, then click on a notification popup. En Kitty versiones anteriores a 0.26.2, una comprobación insuficiente en la secuencia de escape de la notificación de escritorio puede conllevar a una ejecución de código arbitrario. El usuario debe mostrar contenido controlado por el atacante en el terminal y luego hacer clic en una ventana emergente de notificación. • https://bugs.gentoo.org/868543 https://github.com/kovidgoyal/kitty/commit/f05783e64d5fa62e1aed603e8d69aced5e49824f https://github.com/kovidgoyal/kitty/compare/v0.26.1...v0.26.2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/47RK7MBSVY5BWDUTYMJUFPBAYFSWMTOI https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6RRNAPU33PHEH64P77YL3AJO6CTZGHTX https://security.gentoo.org/glsa/202209-22 https://sw.kovidgoyal.net/kitty/changelog/#detailed-list&# • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 1CVE-2022-3278 – NULL Pointer Dereference in vim/vim
https://notcve.org/view.php?id=CVE-2022-3278
NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0552. Una Desreferencia de Puntero NULL en el repositorio de GitHub vim/vim versiones anteriores a 9.0.0552. • https://github.com/vim/vim/commit/69082916c8b5d321545d60b9f5facad0a2dd5a4e https://huntr.dev/bounties/a9fad77e-f245-4ce9-ba15-c7d4c86c4612 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI https://security.gentoo.org/glsa/202305-16 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-40188
https://notcve.org/view.php?id=CVE-2022-40188
Knot Resolver before 5.5.3 allows remote attackers to cause a denial of service (CPU consumption) because of algorithmic complexity. During an attack, an authoritative server must return large NS sets or address sets. Knot Resolver versiones anteriores a 5.5.3, permite a atacantes remotos causar una denegación de servicio (consumo de CPU) debido a una complejidad del algoritmo. Durante un ataque, un servidor autoritativo debe devolver grandes conjuntos de NS o conjuntos de direcciones. • https://gitlab.nic.cz/knot/knot-resolver/-/merge_requests/1343#note_262558 https://lists.debian.org/debian-lts-announce/2022/10/msg00008.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HIMDNIUI7GTUEKIBBYYW7OCTJQFPDNXL https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S2VE5K3VDUHJOIA2IGT3G5R76IBADMNE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XO6LIVQS62MI5GG4OVYB5RHVZMYNHAHG • CWE-407: Inefficient Algorithmic Complexity •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 1CVE-2022-36944 – scala: deserialization gadget chain
https://notcve.org/view.php?id=CVE-2022-36944
Scala 2.13.x before 2.13.9 has a Java deserialization chain in its JAR file. On its own, it cannot be exploited. There is only a risk in conjunction with Java object deserialization within an application. In such situations, it allows attackers to erase contents of arbitrary files, make network connections, or possibly run arbitrary code (specifically, Function0 functions) via a gadget chain. Scala versiones 2.13.x anteriores a 2.13.9 tiene una cadena de deserialización de Java en su archivo JAR. • https://discuss.lightbend.com/t/impact-of-cve-2022-36944-on-akka-cluster-akka-actor-akka-remote/10007/2 https://github.com/scala/scala-collection-compat/releases/tag/v2.9.0 https://github.com/scala/scala/pull/10118 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6ZOZVWY3X72FZZCCRAKRJYTQOJ6LUD6Z https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3WMKPFAMFQE3HJVRQ5KOJUTWG264SXI https://www.scala-lang.org/download https://acc • CWE-502: Deserialization of Untrusted Data •