Page 58 of 703 results (0.005 seconds)

CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1

The component tcprewrite in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in get_l2len_protocol at common/get.c:344. NOTE: this is different from CVE-2022-27941. Se ha detectado que el componente tcprewrite de Tcpreplay versión v4.4.1, contiene un desbordamiento de búfer en la región heap de la memoria en la función get_l2len_protocolo en el archivo common/get.c:344. NOTA: esto es diferente de CVE-2022-27941. • https://github.com/appneta/tcpreplay/issues/735 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5B75AFRJUGOYHCFG2ZV2JKSUPA6MSCT5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ECRCFJ6X3IVB7BT4KS6AHQMSL532YXYD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWRZO7BG6DHA5NAC3COB45WFXLYRIERC https://security.gentoo.org/glsa/202210-08 • CWE-787: Out-of-bounds Write •

CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1

The component tcpprep in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in parse_mpls at common/get.c:150. NOTE: this is different from CVE-2022-27942. Se ha detectado que el componente tcpprep de Tcpreplay versión v4.4.1, contiene un desbordamiento de búfer en la región heap de la memoria en la función parse_mpls en el archivo common/get.c:150. NOTA: esto es diferente de CVE-2022-27942. • https://github.com/appneta/tcpreplay/issues/736 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5B75AFRJUGOYHCFG2ZV2JKSUPA6MSCT5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ECRCFJ6X3IVB7BT4KS6AHQMSL532YXYD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWRZO7BG6DHA5NAC3COB45WFXLYRIERC https://security.gentoo.org/glsa/202210-08 • CWE-787: Out-of-bounds Write •

CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0

libtiff's tiffcrop tool has a uint32_t underflow which leads to out of bounds read and write in the extractContigSamples8bits routine. An attacker who supplies a crafted file to tiffcrop could trigger this flaw, most likely by tricking a user into opening the crafted file with tiffcrop. Triggering this flaw could cause a crash or potentially further exploitation. La herramienta tiffcrop de libtiff presenta un desbordamiento de uint32_t que conlleva a una lectura y escritura fuera de límites en la rutina extractContigSamples8bits. Un atacante que suministre un archivo diseñado a tiffcrop podría desencadenar este fallo, probablemente engañando a un usuario para que abra el archivo diseñado con tiffcrop. • https://bugzilla.redhat.com/show_bug.cgi?id=2118869 https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html https://www.debian.org/security/2023/dsa-5333 https://access.redhat.com/security/cve/CVE-2022-2869 • CWE-125: Out-of-bounds Read CWE-191: Integer Underflow (Wrap or Wraparound) CWE-787: Out-of-bounds Write •

CVSS: 3.2EPSS: 0%CPEs: 11EXPL: 2

An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block (TRB) Ring. This flaw allows a privileged guest user to hang the QEMU process on the host, resulting in a denial of service. Se ha encontrado un fallo de bucle infinito en la emulación del controlador USB xHCI de QEMU mientras es calculada la longitud del anillo de petición de transferencia (TRB). Este fallo permite a un usuario invitado privilegiado colgar el proceso de QEMU en el host, resultando en una denegación de servicio. • https://bugzilla.redhat.com/show_bug.cgi?id=1908004 https://gitlab.com/qemu-project/qemu/-/issues/646 https://lists.debian.org/debian-lts-announce/2023/03/msg00013.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I7J5IRXJYLELW7D43A75LOWRUE5EU54O • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1

Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218. Una lectura excesiva del búfer en el repositorio de GitHub vim/vim versiones anteriores a 9.0.0218. • https://github.com/vim/vim/commit/e98c88c44c308edaea5994b8ad4363e65030968c https://huntr.dev/bounties/3e1d31ac-1cfd-4a9f-bc5c-213376b69445 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C72HDIMR3KTTAO7QGTXWUMPBNFUFIBRD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWOJOA7PZZAMBI5GFTL6PWHXMWSDLUXL https://security.gentoo.org/glsa/202305-16 • CWE-1284: Improper Validation of Specified Quantity in Input •