CVSS: 5.5EPSS: 0%CPEs: 19EXPL: 0CVE-2022-32838 – Apple Security Advisory 2022-07-20-1
https://notcve.org/view.php?id=CVE-2022-32838
22 Jul 2022 — A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina, iOS 15.6 and iPadOS 15.6. An app may be able to read arbitrary files. Se abordó un problema de lógica con un administración de estados mejorada. Este problema es corregido en macOS Monterey versión 12.5, macOS Big Sur versión 11.6.8, Security Update 2022-005 Catalina, iOS versión 15.6 y iPadOS versión 15.6. • https://support.apple.com/en-us/HT213343 •
CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 0CVE-2022-32842 – Apple Security Advisory 2022-07-20-4
https://notcve.org/view.php?id=CVE-2022-32842
22 Jul 2022 — An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-005 Catalina, macOS Monterey 12.5. An app may be able to gain elevated privileges. Se abordó un problema de lectura fuera de límites con una comprobación de entrada mejorada. Este problema ha sido corregido en Security Update 2022-005 Catalina, macOS Monterey versión 12.5. • https://support.apple.com/en-us/HT213343 • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 16%CPEs: 31EXPL: 0CVE-2022-2294 – WebRTC Heap Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2022-2294
22 Jul 2022 — Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un desbordamiento del búfer de la pila en WebRTC en Google Chrome versiones anteriores a 103.0.5060.114, permitía a un atacante remoto explotar potencialmente la corrupción de la pila por medio de una página HTML diseñada Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malic... • http://www.openwall.com/lists/oss-security/2022/07/28/2 • CWE-787: Out-of-bounds Write •
CVSS: 4.3EPSS: 0%CPEs: 31EXPL: 1CVE-2022-32205 – Gentoo Linux Security Advisory 202212-01
https://notcve.org/view.php?id=CVE-2022-32205
28 Jun 2022 — A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger than the threshold that curl uses internally to avoid sending crazy large requests (1048576 bytes) and instead returns an error.This denial state might remain for as long as the same cookies are kept, match and ... • http://seclists.org/fulldisclosure/2022/Oct/28 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.9EPSS: 0%CPEs: 22EXPL: 1CVE-2022-32208 – curl: FTP-KRB bad message verification
https://notcve.org/view.php?id=CVE-2022-32208
28 Jun 2022 — When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client. Cuando curl versiones anteriores a 7.84.0, hace transferencias FTP aseguradas por krb5, maneja inapropiadamente los fallos de verificación de mensajes. Este fallo hace posible que un ataque de tipo Man-In-The-Middle pase desapercibido e incluso permite inyectar datos al cliente A vu... • http://seclists.org/fulldisclosure/2022/Oct/28 • CWE-787: Out-of-bounds Write CWE-840: Business Logic Errors CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel •
CVSS: 9.8EPSS: 1%CPEs: 21EXPL: 1CVE-2022-32207 – curl: Unpreserved file permissions
https://notcve.org/view.php?id=CVE-2022-32207
28 Jun 2022 — When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended. Cuando curl versiones anteriores a 7.84.0, guarda datos de cookies, alt-svc y hsts en archivos locales, hace que la operación sea atómica al finalizar la oper... • http://seclists.org/fulldisclosure/2022/Oct/28 • CWE-276: Incorrect Default Permissions CWE-281: Improper Preservation of Permissions CWE-840: Business Logic Errors •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1CVE-2022-2126 – Out-of-bounds Read in vim/vim
https://notcve.org/view.php?id=CVE-2022-2126
19 Jun 2022 — Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. Una Lectura Fuera de Límites en el repositorio de GitHub vim/vim versiones anteriores a 8.2 It was discovered that Vim could be made to crash when searching specially crafted patterns. An attacker could possibly use this to crash Vim and cause denial of service. It was discovered that there existed a NULL pointer dereference in Vim. An attacker could possibly use this to crash Vim and cause denial of service. • http://seclists.org/fulldisclosure/2022/Oct/28 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2022-2125 – Heap-based Buffer Overflow in vim/vim
https://notcve.org/view.php?id=CVE-2022-2125
19 Jun 2022 — Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. Un Desbordamiento de Búfer en la Región Heap de la Memoria en el repositorio de GitHub vim/vim versiones anteriores a 8.2 It was discovered that Vim could be made to crash when searching specially crafted patterns. An attacker could possibly use this to crash Vim and cause denial of service. It was discovered that there existed a NULL pointer dereference in Vim. An attacker could possibly use this to crash Vim and cause denial of service.... • http://seclists.org/fulldisclosure/2022/Oct/28 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1CVE-2022-2124 – Buffer Over-read in vim/vim
https://notcve.org/view.php?id=CVE-2022-2124
19 Jun 2022 — Buffer Over-read in GitHub repository vim/vim prior to 8.2. Una Lectura Excesiva del Búfer en el repositorio GitHub vim/vim versiones anteriores a 8.2 It was discovered that Vim could be made to crash when searching specially crafted patterns. An attacker could possibly use this to crash Vim and cause denial of service. It was discovered that there existed a NULL pointer dereference in Vim. An attacker could possibly use this to crash Vim and cause denial of service. • http://seclists.org/fulldisclosure/2022/Oct/28 • CWE-125: Out-of-bounds Read CWE-126: Buffer Over-read •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-2042 – Use After Free in vim/vim
https://notcve.org/view.php?id=CVE-2022-2042
10 Jun 2022 — Use After Free in GitHub repository vim/vim prior to 8.2. Un Uso de Memoria Previamente Liberada en el repositorio GitHub vim/vim versiones anteriores a 8.2 It was discovered that Vim could be made to dereference invalid memory. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. It was discovered that Vim could be made to recurse infinitely. • http://seclists.org/fulldisclosure/2022/Oct/28 • CWE-416: Use After Free •