CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1CVE-2022-2126 – Out-of-bounds Read in vim/vim
https://notcve.org/view.php?id=CVE-2022-2126
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. Una Lectura Fuera de Límites en el repositorio de GitHub vim/vim versiones anteriores a 8.2 • http://seclists.org/fulldisclosure/2022/Oct/28 http://seclists.org/fulldisclosure/2022/Oct/41 http://seclists.org/fulldisclosure/2022/Oct/43 http://seclists.org/fulldisclosure/2022/Oct/45 https://github.com/vim/vim/commit/156d3911952d73b03d7420dc3540215247db0fe8 https://huntr.dev/bounties/8d196d9b-3d10-41d2-9f70-8ef0d08c946e https://lists.debian.org/debian-lts-announce/2022/06/msg00014.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2022-2085
https://notcve.org/view.php?id=CVE-2022-2085
A NULL pointer dereference vulnerability was found in Ghostscript, which occurs when it tries to render a large number of bits in memory. When allocating a buffer device, it relies on an init_device_procs defined for the device that uses it as a prototype that depends upon the number of bits per pixel. For bpp > 64, mem_x_device is used and does not have an init_device_procs defined. This flaw allows an attacker to parse a large number of bits (more than 64 bits per pixel), which triggers a NULL pointer dereference flaw, causing an application to crash. Se ha encontrado una vulnerabilidad de desreferencia de puntero NULL en Ghostscript, que es producida cuando trata de representar un gran número de bits en la memoria. • http://git.ghostscript.com/?p=ghostpdl.git%3Bh=ae1061d948d88667bdf51d47d918c4684d0f67df https://bugs.ghostscript.com/show_bug.cgi?id=704945 https://bugzilla.redhat.com/show_bug.cgi?id=2095261 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ERSZX5LKDWAHZWJYBMP2E2UHOPUCDEGV https://security.gentoo.org/glsa/202211-11 https://security.gentoo.org/glsa/202309-03 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 0CVE-2022-30184 – .NET and Visual Studio Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-30184
.NET and Visual Studio Information Disclosure Vulnerability Una Vulnerabilidad de Divulgación de Información en .NET y Visual Studio • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DMP34G53EA2DBTBLFOAQCDZRRENE2EA2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWNH4AC3LFVX35MDRX5OBZDGD2AMH66K https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30184 https://access.redhat.com/security/cve/CVE-2022-30184 https://bugzilla.redhat.com/show_bug.cgi?id=2096963 • CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer •
CVSS: 5.5EPSS: 0%CPEs: 25EXPL: 0CVE-2022-21166 – hw: cpu: incomplete clean-up in specific special register write operations (aka DRPW)
https://notcve.org/view.php?id=CVE-2022-21166
Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Una limpieza incompleta en operaciones específicas de escritura en registros especiales para algunos procesadores Intel(R) puede permitir que un usuario autenticado permita potencialmente la divulgación de información por medio de acceso local A flaw was found in hw. Incomplete cleanup in specific special register write operations for some Intel® Processors may allow an authenticated user to enable information disclosure via local access. • http://www.openwall.com/lists/oss-security/2022/06/16/1 https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FHTEW3RXU2GW6S3RCPQG4VNCZGI3TOSV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MCVOMHBQRH4KP7IN6U24CW7F2D2L5KBS https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RKRXZ4LHGCGMOG24ZCEJNY6R2BTS4S2Q https://lists.fedoraproject.org/archives& • CWE-459: Incomplete Cleanup •
CVSS: 5.5EPSS: 0%CPEs: 25EXPL: 0CVE-2022-21125 – hw: cpu: incomplete clean-up of microarchitectural fill buffers (aka SBDS)
https://notcve.org/view.php?id=CVE-2022-21125
Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Una limpieza incompleta de los búferes de relleno de la microarquitectura en algunos procesadores Intel(R) puede permitir que un usuario autenticado permita potencialmente la divulgación de información por medio del acceso local A flaw was found in hw. Incomplete cleanup of microarchitectural fill buffers on some Intel® Processors may allow an authenticated user to enable information disclosure via local access. • http://www.openwall.com/lists/oss-security/2022/06/16/1 http://xenbits.xen.org/xsa/advisory-404.html https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FHTEW3RXU2GW6S3RCPQG4VNCZGI3TOSV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MCVOMHBQRH4KP7IN6U24CW7F2D2L5KBS https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RKRXZ4LHGCGMOG24 • CWE-459: Incomplete Cleanup •