CVSS: 6.7EPSS: 0%CPEs: 22EXPL: 0CVE-2022-21772
https://notcve.org/view.php?id=CVE-2022-21772
In TEEI driver, there is a possible type confusion due to a race condition. ... En TEEI driver, Se presenta una posible confusión de tipos debido a una condición de carrera. • https://corp.mediatek.com/product-security-bulletin/July-2022 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 9CVE-2022-34918 – kernel: heap overflow in nft_set_elem_init()
https://notcve.org/view.php?id=CVE-2022-34918
A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. ... Un error de confusión de tipos en la función nft_set_elem_init (conllevando a un desbordamiento del búfer) podría ser usado por un atacante local para escalar privilegios, una vulnerabilidad diferente a la de CVE-2022-32250. ... Esto puede corregirse en la función nft_setelem_parse_data en el archivo net/netfilter/nf_tables_api.c A heap buffer overflow flaw was found in the Linux kernel’s Netfilter subsystem in the way a user provides incorrect input of the NFT_DATA_VERDICT type. ... A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges. • https://github.com/veritas501/CVE-2022-34918 https://github.com/randorisec/CVE-2022-34918-LPE-PoC https://github.com/merlinepedra25/CVE-2022-34918-LPE-PoC https://github.com/merlinepedra/CVE-2022-34918-LPE-PoC https://github.com/linulinu/CVE-2022-34918 http://packetstormsecurity.com/files/168191/Kernel-Live-Patch-Security-Notice-LSN-0089-1.html http://packetstormsecurity.com/files/168543/Netfilter-nft_set_elem_init-Heap-Overflow-Privilege-Escalation.html http://www.openwall.com/lists/oss-secur • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') CWE-1025: Comparison Using Wrong Factors •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-2158
https://notcve.org/view.php?id=CVE-2022-2158
Type confusion in V8 in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Una confusión de tipo en V8 en Google Chrome versiones anteriores a 103.0.5060.53, permitía a un atacante remoto explotar potencialmente la corrupción de la pila por medio de una página HTML diseñada • https://chromereleases.googleblog.com/2022/06/stable-channel-update-for-desktop_21.html https://crbug.com/1321078 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5BQRTR4SIUNIHLLPWTGYSDNQK7DYCRSB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H2C4XOJVIILDXTOSMWJXHSQNEXFWSOD7 https://security.gentoo.org/glsa/202208-25 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-26635 – Bandisoft ARK Library buffer overflow vulnerability
https://notcve.org/view.php?id=CVE-2021-26635
In the code that verifies the file size in the ark library, it is possible to manipulate the offset read from the target file due to the wrong use of the data type. • https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66747 • CWE-121: Stack-based Buffer Overflow CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0CVE-2022-1786
https://notcve.org/view.php?id=CVE-2022-1786
A use-after-free flaw was found in the Linux kernel’s io_uring subsystem in the way a user sets up a ring with IORING_SETUP_IOPOLL with more than one task completing submissions on this ring. This flaw allows a local user to crash or escalate their privileges on the system. Se encontró un fallo de uso de memoria previamente liberada en el subsistema io_uring del kernel de Linux en la forma en que un usuario configura un anillo con IORING_SETUP_IOPOLL con más de una tarea completando envíos en este anillo. Este fallo permite a un usuario local colapsar o escalar sus privilegios en el sistema • https://bugzilla.redhat.com/show_bug.cgi?id=2087760 https://security.netapp.com/advisory/ntap-20220722-0001 https://www.debian.org/security/2022/dsa-5161 • CWE-416: Use After Free CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •