CVSS: 10.0EPSS: 0%CPEs: 10EXPL: 0CVE-2022-32893 – Apple iOS and macOS Out-of-Bounds Write Vulnerability
https://notcve.org/view.php?id=CVE-2022-32893
19 Aug 2022 — An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1, Safari 15.6.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Se abordó un problema de escritura fuera de límites con una comprobación de límites mejorada. • http://seclists.org/fulldisclosure/2022/Aug/16 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2021-32862 – nbconvert vulnerable to cross-site scripting (XSS) via multiple exploit paths
https://notcve.org/view.php?id=CVE-2021-32862
18 Aug 2022 — The GitHub Security Lab discovered sixteen ways to exploit a cross-site scripting vulnerability in nbconvert. When using nbconvert to generate an HTML version of a user-controllable notebook, it is possible to inject arbitrary HTML which may lead to cross-site scripting (XSS) vulnerabilities if these HTML notebooks are served by a web server (eg: nbviewer). GitHub Security Lab detectó dieciséis formas de explotar una vulnerabilidad de tipo cross-site scripting en nbconvert. Cuando es usado nbconvert para ge... • https://github.com/jupyter/nbconvert/security/advisories/GHSA-9jmq-rx5f-8jwq • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-2867 – libtiff: uint32_t underflow leads to out of bounds read and write in tiffcrop.c
https://notcve.org/view.php?id=CVE-2022-2867
17 Aug 2022 — libtiff's tiffcrop utility has a uint32_t underflow that can lead to out of bounds read and write. An attacker who supplies a crafted file to tiffcrop (likely via tricking a user to run tiffcrop on it with certain parameters) could cause a crash or in some cases, further exploitation. La utilidad tiffcrop de libtiff presenta un desbordamiento de uint32_t que puede conllevar a una lectura y escritura fuera de límites. Un atacante que suministre un archivo diseñado a tiffcrop (probablemente por medio de engañ... • https://bugzilla.redhat.com/show_bug.cgi?id=2118847 • CWE-125: Out-of-bounds Read CWE-191: Integer Underflow (Wrap or Wraparound) CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-2868 – libtiff: Invalid crop_width and/or crop_length could cause an out-of-bounds read in reverseSamples16bits()
https://notcve.org/view.php?id=CVE-2022-2868
17 Aug 2022 — libtiff's tiffcrop utility has a improper input validation flaw that can lead to out of bounds read and ultimately cause a crash if an attacker is able to supply a crafted file to tiffcrop. La utilidad tiffcrop de libtiff presenta un fallo de comprobación de entrada inapropiada que puede conllevar a una lectura fuera de límites y, en última instancia, causar un fallo si un atacante es capaz de suministrar un archivo diseñado a tiffcrop. An improper input validation flaw was found in libtiff's tiffcrop utili... • https://bugzilla.redhat.com/show_bug.cgi?id=2118863 • CWE-20: Improper Input Validation CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-2869 – libtiff: tiffcrop.c has uint32_t underflow which leads to out of bounds read and write in extractContigSamples8bits()
https://notcve.org/view.php?id=CVE-2022-2869
17 Aug 2022 — libtiff's tiffcrop tool has a uint32_t underflow which leads to out of bounds read and write in the extractContigSamples8bits routine. An attacker who supplies a crafted file to tiffcrop could trigger this flaw, most likely by tricking a user into opening the crafted file with tiffcrop. Triggering this flaw could cause a crash or potentially further exploitation. La herramienta tiffcrop de libtiff presenta un desbordamiento de uint32_t que conlleva a una lectura y escritura fuera de límites en la rutina ext... • https://bugzilla.redhat.com/show_bug.cgi?id=2118869 • CWE-125: Out-of-bounds Read CWE-191: Integer Underflow (Wrap or Wraparound) CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 3CVE-2020-21365 – Ubuntu Security Notice USN-6232-1
https://notcve.org/view.php?id=CVE-2020-21365
15 Aug 2022 — Directory traversal vulnerability in wkhtmltopdf through 0.12.5 allows remote attackers to read local files and disclose sensitive information via a crafted html file running with the default configurations. Una vulnerabilidad de salto de directorio en wkhtmltopdf versiones hasta 0.12.5, permite a atacantes remotos leer archivos locales y divulgar información confidencial por medio de un archivo html diseñado que es ejecutado con las configuraciones predeterminadas. It was discovered that wkhtmltopdf was no... • https://github.com/andrei2308/CVE-2020-21365 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.5EPSS: 0%CPEs: 983EXPL: 0CVE-2022-26373 – hw: cpu: Intel: Post-barrier Return Stack Buffer Predictions
https://notcve.org/view.php?id=CVE-2022-26373
12 Aug 2022 — Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. Una compartición no transparente de objetivos de predicción de retorno entre contextos en algunos procesadores Intel(R) puede permitir que un usuario autorizado permita potencialmente la divulgación de información por medio de acceso local. A flaw was found in hw. In certain processors with Intel's Enhanced Indirect Branc... • https://lists.debian.org/debian-lts-announce/2022/09/msg00011.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 0CVE-2022-20369 – Ubuntu Security Notice USN-5924-1
https://notcve.org/view.php?id=CVE-2022-20369
11 Aug 2022 — In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-223375145References: Upstream kernel En la función v4l2_m2m_querybuf del archivo v4l2-mem2mem.c, se presenta una posible escritura fuera de límites debido a una comprobación de entrada inapropiada. Esto pod... • https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-37150 – Protocol vs scheme mismatch
https://notcve.org/view.php?id=CVE-2021-37150
10 Aug 2022 — Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to request secure resources. This issue affects Apache Traffic Server 8.0.0 to 9.1.2. Una vulnerabilidad de Comprobación de Entrada Inapropiada en el análisis de encabezados de Apache Traffic Server permite a un atacante solicitar recursos seguros. Este problema afecta a Apache Traffic Server versiones 8.0.0 a 9.1.2 Several vulnerabilities were discovered in Apache Traffic Server, a reverse and forward prox... • https://lists.apache.org/thread/rc64lwbdgrkv674koc3zl1sljr9vwg21 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-31780 – HTTP/2 framing vulnerabilities
https://notcve.org/view.php?id=CVE-2022-31780
10 Aug 2022 — Improper Input Validation vulnerability in HTTP/2 frame handling of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 9.1.2. Una vulnerabilidad de Comprobación de Entrada Inapropiada en el manejo de tramas HTTP/2 de Apache Traffic Server permite a un atacante contrabandear peticiones. Este problema afecta a Apache Traffic Server versiones 8.0.0 a 9.1.2 Several vulnerabilities were discovered in Apache Traffic Server, a reverse and forward proxy s... • https://lists.apache.org/thread/rc64lwbdgrkv674koc3zl1sljr9vwg21 • CWE-20: Improper Input Validation •