CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 0CVE-2022-38013 – .NET Core and Visual Studio Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2022-38013
.NET Core and Visual Studio Denial of Service Vulnerability Una vulnerabilidad de Denegación de Servicio en .NET Core and Visual Studio • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2CUL3Z7MEED7RFQZVGQL2MTKSFFZKAAY https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7HCV4TQGOTOFHO5ETRKGFKAGYV2YAUVE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JA6F4CDKLI3MALV6UK3P2DR5AGCLTT7Y https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K4K5YL7USOKIR3O2DUKBZMYPWXYPDKXG https://lists.fedoraproject.org/archives/list/package-announce%40li • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.3EPSS: 0%CPEs: 4EXPL: 2CVE-2022-3190 – wireshark: f5ethtrailer Infinite loop in legacy style dissector
https://notcve.org/view.php?id=CVE-2022-3190
Infinite loop in the F5 Ethernet Trailer protocol dissector in Wireshark 3.6.0 to 3.6.7 and 3.4.0 to 3.4.15 allows denial of service via packet injection or crafted capture file Un bucle infinito en el disector del protocolo F5 Ethernet Trailer en Wireshark versiones 3.6.0 a 3.6.7 y 3.4.0 a 3.4.15, permite la denegación de servicio por medio de la inyección de paquetes o un archivo de captura diseñado A vulnerability was found in Wireshark. This issue occurs due to an Infinite loop in the F5 Ethernet Trailer protocol dissector in Wireshark, leading to a denial of service via packet injection or crafted capture file. • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3190.json https://gitlab.com/wireshark/wireshark/-/issues/18307 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CH4NUKZKPY4MFQHFBTONJK2AWES4DFDA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YR5LIOF5VKS4DC2NQWXTMPPXOYJC46XC https://www.wireshark.org/security/wnpa-sec-2022-06.html https://access.redhat.com/security/cve/CVE-2022-3190 https://bugzilla.redha • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 1CVE-2022-40320
https://notcve.org/view.php?id=CVE-2022-40320
cfg_tilde_expand in confuse.c in libConfuse 3.3 has a heap-based buffer over-read. La función cfg_tilde_expand en el archivo confuse.c en libConfuse 3.3 presenta una lectura excesiva del búfer en la región heap de la memoria • https://github.com/libconfuse/libconfuse/issues/163 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BSAZK4KAWRWNAFUBBXOYU3PVNH3X7226 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EDUT2V62V2XF2IT5TJFPB6P3EQ6X5VLL https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FJKHAPJ6AUWVP4HDGKH4M5A2XXWQI73O • CWE-125: Out-of-bounds Read •
CVSS: 6.3EPSS: 0%CPEs: 3EXPL: 0CVE-2022-36109 – Moby vulnerability relating to supplementary group permissions
https://notcve.org/view.php?id=CVE-2022-36109
Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where supplementary groups are not set up properly. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive information or gaining the ability to execute code in that container. This bug is fixed in Moby (Docker Engine) 20.10.18. Running containers should be stopped and restarted for the permissions to be fixed. • https://github.com/moby/moby/commit/de7af816e76a7fd3fbf06bffa6832959289fba32 https://github.com/moby/moby/releases/tag/v20.10.18 https://github.com/moby/moby/security/advisories/GHSA-rc4r-wh2q-q6c4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O7JL2QA3RB732MLJ3RMUXB3IB7AA22YU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQQ4E3JBXVR3VK5FIZVJ3QS2TAOOXXTQ • CWE-863: Incorrect Authorization •
CVSS: 9.8EPSS: 34%CPEs: 4EXPL: 6CVE-2022-25765 – Command Injection
https://notcve.org/view.php?id=CVE-2022-25765
The package pdfkit from 0.0.0 are vulnerable to Command Injection where the URL is not properly sanitized. El paquete pdfkit a partir de la versión 0.0.0, es vulnerable a una inyección de comandos cuando la URL no está saneada apropiadamente pdfkit version 08.7.2 suffers from a command injection vulnerability. • https://github.com/PurpleWaveIO/CVE-2022-25765-pdfkit-Exploit-Reverse-Shell https://github.com/UNICORDev/exploit-CVE-2022-25765 https://github.com/nikn0laty/PDFkit-CMD-Injection-CVE-2022-25765 https://github.com/LordRNA/CVE-2022-25765 https://github.com/lowercasenumbers/CVE-2022-25765 http://packetstormsecurity.com/files/171746/pdfkit-0.8.7.2-Command-Injection.html https://github.com/pdfkit/pdfkit/blob/46cdf53ec540da1a1a2e4da979e3e5fe2f92a257/lib/pdfkit/pdfkit.rb%23L55-L58 https://github.com/pdfkit/pd •