Page 59 of 4121 results (0.009 seconds)

CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 1

CVE-2022-0213 – Heap-based Buffer Overflow in vim/vim

https://notcve.org/view.php?id=CVE-2022-0213

vim is vulnerable to Heap-based Buffer Overflow vim es vulnerable al desbordamiento del búfer en la región Heap de la memoria • http://www.openwall.com/lists/oss-security/2022/01/15/1 https://github.com/vim/vim/commit/de05bb25733c3319e18dca44e9b59c6ee389eb26 https://huntr.dev/bounties/f3afe1a5-e6f8-4579-b68a-6e5c7e39afed https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html https://security.gentoo.org/glsa/202208-32 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 1

CVE-2022-20698 – Clam AntiVirus (ClamAV) Denial of Service Vulnerability

https://notcve.org/view.php?id=CVE-2022-20698

A vulnerability in the OOXML parsing module in Clam AntiVirus (ClamAV) Software version 0.104.1 and LTS version 0.103.4 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper checks that may result in an invalid pointer read. An attacker could exploit this vulnerability by sending a crafted OOXML file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition. Una vulnerabilidad en el módulo de análisis de OOXML en el software Clam AntiVirus (ClamAV) versión 0.104.1 y LTS versiones 0.103.4 y anteriores, podría permitir a un atacante remoto no autenticado causar una condición de denegación de servicio en un dispositivo afectado. • https://blog.clamav.net/2022/01/clamav-01035-and-01042-security-patch.html https://security.gentoo.org/glsa/202310-01 • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read •

CVSS: 5.3EPSS: 61%CPEs: 12EXPL: 0

CVE-2022-23134 – Zabbix Frontend Improper Access Control Vulnerability

https://notcve.org/view.php?id=CVE-2022-23134

After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend. Después del proceso de configuración inicial, algunos pasos del archivo setup.php son accesibles no sólo para los superadministradores, sino también para los usuarios no autenticados. Un actor malicioso puede pasar las comprobaciones de los pasos y potencialmente cambiar la configuración de Zabbix Frontend Malicious actors can pass step checks and potentially change the configuration of Zabbix Frontend. • https://lists.debian.org/debian-lts-announce/2022/02/msg00008.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6SZYHXINBKCY42ITFSNCYE7KCSF33VRA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VB6W556GVXOKUYTASTDGL3AI7S3SJHX7 https://support.zabbix.com/browse/ZBX-20384 • CWE-284: Improper Access Control CWE-287: Improper Authentication •

CVSS: 7.7EPSS: 0%CPEs: 8EXPL: 0

CVE-2022-21682 – flatpak-builder can access files outside the build directory.

https://notcve.org/view.php?id=CVE-2022-21682

Flatpak is a Linux application sandboxing and distribution framework. A path traversal vulnerability affects versions of Flatpak prior to 1.12.3 and 1.10.6. flatpak-builder applies `finish-args` last in the build. At this point the build directory will have the full access that is specified in the manifest, so running `flatpak build` against it will gain those permissions. Normally this will not be done, so this is not problem. However, if `--mirror-screenshots-url` is specified, then flatpak-builder will launch `flatpak build --nofilesystem=host appstream-utils mirror-screenshots` after finalization, which can lead to issues even with the `--nofilesystem=host` protection. • https://github.com/flatpak/flatpak/commit/445bddeee657fdc8d2a0a1f0de12975400d4fc1a https://github.com/flatpak/flatpak/commit/4d11f77aa7fd3e64cfa80af89d92567ab9e8e6fa https://github.com/flatpak/flatpak/security/advisories/GHSA-8ch7-5j3h-g4fx https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APFTBYGJJVJPFVHRXUW5PII5XOAFI4KH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IXKBERLJRYV7KXKGXOLI6IOXVBQNN4DP https://security.gentoo.org/glsa/202312-12 https://www.debian • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1

CVE-2021-37530

https://notcve.org/view.php?id=CVE-2021-37530

A denial of service vulnerabiity exists in fig2dev through 3.28a due to a segfault in the open_stream function in readpics.c. Se presenta una vulnerabilidad de denegación de servicio en fig2dev versiones hasta 3.28a, debido a un fallo de seguridad en la función open_stream del archivo readpics.c • https://sourceforge.net/p/mcj/tickets/126 • CWE-787: Out-of-bounds Write •