CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2022-39377 – sysstat Incorrect Buffer Size calculation on 32-bit systems results in RCE via buffer overflow
https://notcve.org/view.php?id=CVE-2022-39377
The vulnerability can be triggered when displaying activity data files and may lead to memory corruption or possibly arbitrary code execution due to an incorrectly sized buffer. • https://github.com/sysstat/sysstat/security/advisories/GHSA-q8r6-g56f-9w7x https://lists.debian.org/debian-lts-announce/2022/11/msg00014.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6F26ALXWYHT4LN2AHPZM34OQEXTJE3JZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7X6WKTODOUDV6M3HZMASYNZP6EM4N7W4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PHUVUDIVDJZ7AVXD3XX3NBXXXKPOKN3N https://security.gentoo.org& • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-131: Incorrect Calculation of Buffer Size •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-41211 – SAP 3D Visual Enterprise Viewer DST File Parsing Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-41211
Due to lack of proper memory management, when a victim opens manipulated file received from untrusted sources in SAP 3D Visual Enterprise Author and SAP 3D Visual Enterprise Viewer, Arbitrary Code Execution can be triggered when payload forces:Re-use of dangling pointer which refers to overwritten space in memory. • https://launchpad.support.sap.com/#/notes/3263436 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 1%CPEs: 1EXPL: 1CVE-2022-3869 – Code Injection in froxlor/froxlor
https://notcve.org/view.php?id=CVE-2022-3869
Code Injection in GitHub repository froxlor/froxlor prior to 0.10.38.2. • https://github.com/froxlor/froxlor/commit/3f10a4adede9df83408d60ded78b51b812a763a8 https://huntr.dev/bounties/7de20f21-4a9b-445d-ae2b-15ade648900b • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-43572 – Indexing blockage via malformed data sent through S2S or HEC protocols in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2022-43572
In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, sending a malformed file through the Splunk-to-Splunk (S2S) or HTTP Event Collector (HEC) protocols to an indexer results in a blockage or denial-of-service preventing further indexing. En las versiones de Splunk Enterprise inferiores a 8.2.9, 8.1.12 y 9.0.2, el envío de un archivo con formato incorrecto a través de los protocolos Splunk-to-Splunk (S2S) o HTTP Event Collector (HEC) a un indexador provoca un bloqueo o denegación fuera de servicio evitando una mayor indexación. • https://www.splunk.com/en_us/product-security/announcements/svd-2022-1111.html • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3721 – Code Injection in froxlor/froxlor
https://notcve.org/view.php?id=CVE-2022-3721
Code Injection in GitHub repository froxlor/froxlor prior to 0.10.39. • https://github.com/froxlor/froxlor/commit/1182453c18a83309a3470b2775c148ede740806c https://huntr.dev/bounties/a3c506f0-5f8a-4eaa-b8cc-46fb9e35cf7a • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •