CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-39832
https://notcve.org/view.php?id=CVE-2022-39832
An issue was discovered in PSPP 1.6.2. There is a heap-based buffer overflow at the function read_string in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact. Se ha detectado un problema en PSPP versión 1.6.2. Se presenta un desbordamiento de búfer en la región heap de la memoria en la función read_string en el archivo utilities/pspp-dump-sav.c, que permite a atacantes causar una denegación de servicio (caída de la aplicación) o posiblemente tener otro impacto no especificado • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OECANCPD4WSSBJLSC3EE472M5DXRTIS4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VQKWIVW5WJ5ZQNNQFRKTRKD7J3LRLUYW https://savannah.gnu.org/bugs/index.php?63000 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2022-3099 – Use After Free in vim/vim
https://notcve.org/view.php?id=CVE-2022-3099
Use After Free in GitHub repository vim/vim prior to 9.0.0360. Un Uso de Memoria Previamente Liberada en el repositorio GitHub vim/vim versiones anteriores a 9.0.0360 • https://github.com/vim/vim/commit/35d21c6830fc2d68aca838424a0e786821c5891c https://huntr.dev/bounties/403210c7-6cc7-4874-8934-b57f88bd4f5e https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DVWBI4BVTBUMNW4NMB3WZZDQJBKIGXI3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LLK2RMZEECKKWUQK7J46D2FQZOXFQLTC https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/messa • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-3826 – libiberty: Heap/stack buffer overflow in the dlang_lname function in d-demangle.c
https://notcve.org/view.php?id=CVE-2021-3826
Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol. Un desbordamiento del búfer de la pila en la función dlang_lname en el archivo d-demangle.c en libiberty permite a atacantes causar potencialmente una denegación de servicio (fallo de segmentación y caída) por medio de un símbolo mangled diseñado A vulnerability was found in Libiberty. A heap and stack buffer overflow found in the dlang_lname function in d-demangle.c leads to a denial of service. • https://gcc.gnu.org/git/?p=gcc.git%3Ba=commit%3Bh=5481040197402be6dfee265bd2ff5a4c88e30505 https://gcc.gnu.org/pipermail/gcc-patches/2021-September/579987 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4MYLS3VR4OPL5ECRWOR4ZHMGXUSCJFZY https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AKZ2DTS3ATVN5PANNVLKLE5OP4OF25Q https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MTEHT3G6YKJ7F7MSGWYSI4UM3XBAYXZ https://lists.fedo • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.0EPSS: 0%CPEs: 3EXPL: 2CVE-2022-1247
https://notcve.org/view.php?id=CVE-2022-1247
An issue found in linux-kernel that leads to a race condition in rose_connect(). The rose driver uses rose_neigh->use to represent how many objects are using the rose_neigh. When a user wants to delete a rose_route via rose_ioctl(), the rose driver calls rose_del_node() and removes neighbours only if their “count” and “use” are zero. Se ha encontrado un problema en linux-kernel que conlleva a una condición de carrera en la función rose_connect(). El controlador de rose usa rose_neigh-)use para representar cuántos objetos están usando el rose_neigh. • https://access.redhat.com/security/cve/CVE-2022-1247 https://bugzilla.redhat.com/show_bug.cgi?id=2066799 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 1CVE-2022-2153 – kernel: KVM: NULL pointer dereference in kvm_irq_delivery_to_apic_fast()
https://notcve.org/view.php?id=CVE-2022-2153
A flaw was found in the Linux kernel’s KVM when attempting to set a SynIC IRQ. This issue makes it possible for a misbehaving VMM to write to SYNIC/STIMER MSRs, causing a NULL pointer dereference. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service. Se ha encontrado un fallo en el KVM del kernel de Linux cuando es intentado establecer una IRQ SynIC. Este problema hace posible a un VMM que sea comportado inapropiadamente escribir en las MSR de SYNIC/STIMER, causando una desreferencia de puntero NULL. • https://bugzilla.redhat.com/show_bug.cgi?id=2069736 https://github.com/torvalds/linux/commit/00b5f37189d24ac3ed46cb7f11742094778c46ce https://github.com/torvalds/linux/commit/7ec37d1cbe17d8189d9562178d8b29167fe1c31a https://github.com/torvalds/linux/commit/b1e34d325397a33d97d845e312d7cf2a8b646b44 https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html https://www.openwall.com/lists/oss-security/2022/06/22/1 https://access.redhat.com/security& • CWE-476: NULL Pointer Dereference •