CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-1923 – gstreamer-plugins-good: Potential heap overwrite in mkv demuxing using bz2 decompression
https://notcve.org/view.php?id=CVE-2022-1923
19 Jul 2022 — DOS / potential heap overwrite in mkv demuxing using bzip decompression. Integer overflow in matroskademux element in bzip decompression function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite. If the libc uses mmap for large chunks, and the OS supports mmap, then it is just a segfault (because the realloc before the integer overflow will use mremap to reduce t... • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1225 • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-2122 – gstreamer-plugins-good: Potential heap overwrite in mp4 demuxing using zlib decompression
https://notcve.org/view.php?id=CVE-2022-2122
19 Jul 2022 — DOS / potential heap overwrite in qtdemux using zlib decompression. Integer overflow in qtdemux element in qtdemux_inflate function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite. DOS / potencial escritura excesiva de la pila en qtdemux usando descompresión zlib. Desbordamiento de enteros en un elemento de qtdemux en la función qtdemux_inflate que causa un segf... • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1225 • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-1925 – gstreamer-plugins-good: Potential heap overwrite in mkv demuxing using HEADERSTRIP decompression
https://notcve.org/view.php?id=CVE-2022-1925
19 Jul 2022 — DOS / potential heap overwrite in mkv demuxing using HEADERSTRIP decompression. Integer overflow in matroskaparse element in gst_matroska_decompress_data function which causes a heap overflow. Due to restrictions on chunk sizes in the matroskademux element, the overflow can't be triggered, however the matroskaparse element has no size checks. DOS / potencial escritura excesiva de la pila en la demuxación de mkv usando la descompresión HEADERSTRIP. Desbordamiento de enteros en el elemento matroskaparse en la... • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1225 • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-1922 – gstreamer-plugins-good: Potential heap overwrite in mkv demuxing using zlib decompression
https://notcve.org/view.php?id=CVE-2022-1922
19 Jul 2022 — DOS / potential heap overwrite in mkv demuxing using zlib decompression. Integer overflow in matroskademux element in gst_matroska_decompress_data function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite. If the libc uses mmap for large chunks, and the OS supports mmap, then it is just a segfault (because the realloc before the integer overflow will use mremap t... • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1225 • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-1920 – gstreamer-plugins-good: Potential heap overwrite in gst_matroska_demux_add_wvpk_header()
https://notcve.org/view.php?id=CVE-2022-1920
19 Jul 2022 — Integer overflow in matroskademux element in gst_matroska_demux_add_wvpk_header function which allows a heap overwrite while parsing matroska files. Potential for arbitrary code execution through heap overwrite. Desbordamiento de enteros en el elemento matroskademux en la función gst_matroska_demux_add_wvpk_header que permite una sobreescritura en el montón mientras se analizan los archivos matroska. Potencial para la ejecución de código arbitrario a través de la sobreescritura de la pila. A flaw was found ... • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1226 • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 8.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-2469 – Ubuntu Security Notice USN-6169-1
https://notcve.org/view.php?id=CVE-2022-2469
19 Jul 2022 — GNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API client GNU SASL libgsasl lectura fuera de límites del lado del servidor con cliente GSS-API autenticado malicioso It was discovered that GNU SASL's GSSAPI server could make an out-of-bounds reads if given specially crafted GSS-API authentication data. A remote attacker could possibly use this issue to cause a denial of service or to expose sensitive information. • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2469.json • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-1921 – gstreamer-plugins-good: Heap-based buffer overflow in the avi demuxer when handling certain AVI files
https://notcve.org/view.php?id=CVE-2022-1921
19 Jul 2022 — Integer overflow in avidemux element in gst_avi_demux_invert function which allows a heap overwrite while parsing avi files. Potential for arbitrary code execution through heap overwrite. Desbordamiento de enteros en el elemento avidemux en la función gst_avi_demux_invert que permite una escritura excesiva de la pila mientras se analizan archivos avi. Potencial para la ejecución de código arbitrario a través de la sobreescritura de la pila. A flaw was found in GStreamer. • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1224 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.3EPSS: 0%CPEs: 157EXPL: 0CVE-2022-21540 – OpenJDK: class compilation issue (Hotspot, 8281859)
https://notcve.org/view.php?id=CVE-2022-21540
19 Jul 2022 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in u... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L • CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak') •
CVSS: 5.9EPSS: 0%CPEs: 156EXPL: 0CVE-2022-21541 – OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866)
https://notcve.org/view.php?id=CVE-2022-21541
19 Jul 2022 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 10%CPEs: 159EXPL: 4CVE-2022-34169 – Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets
https://notcve.org/view.php?id=CVE-2022-34169
19 Jul 2022 — The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan. La biblioteca Apache Xalan Java XSLT es vulnerable a un problema de truncamiento de enteros cuando procesa hojas de estilo XSLT mali... • https://packetstorm.news/files/id/168186 • CWE-192: Integer Coercion Error CWE-681: Incorrect Conversion between Numeric Types •