CVE-2022-1674 – NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in vim/vim
https://notcve.org/view.php?id=CVE-2022-1674
NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim prior to 8.2.4938. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 allows attackers to cause a denial of service (application crash) via a crafted input. Una Desreferencia de Puntero NULL en la función vim_regexec_string en el archivo regexp.c:2733 en el repositorio de GitHub vim/vim versiones anteriores a 8.2.4938. Una Desreferencia de Puntero NULL en la función vim_regexec_string en regexp.c:2733 permite a atacantes causar una denegación de servicio (bloqueo de la aplicación) por medio de una entrada diseñada • http://seclists.org/fulldisclosure/2022/Oct/28 http://seclists.org/fulldisclosure/2022/Oct/41 https://github.com/vim/vim/commit/a59f2dfd0cf9ee1a584d3de5b7c2d47648e79060 https://huntr.dev/bounties/a74ba4a4-7a39-4a22-bde3-d2f8ee07b385 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFAZTAT5CZC2R6KYDYA2HBAVEDSIX6MW https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUPOLEX5GXC733HL4EFYMHFU7NISJJZG https://lists.fedoraproject.org/archives/list/package-anno • CWE-476: NULL Pointer Dereference •
CVE-2021-3669 – kernel: reading /proc/sysvipc/shm does not scale with large shared memory segment counts
https://notcve.org/view.php?id=CVE-2021-3669
A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS. Se ha encontrado un fallo en el kernel de Linux. La medición del uso de la memoria compartida no escala con grandes recuentos de segmentos de memoria compartida, lo que podría conllevar a el agotamiento de recursos y el DoS. • https://access.redhat.com/security/cve/CVE-2021-3669 https://bugzilla.redhat.com/show_bug.cgi?id=1980619 https://bugzilla.redhat.com/show_bug.cgi?id=1986473 https://security-tracker.debian.org/tracker/CVE-2021-3669 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2022-29145 – .NET and Visual Studio Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2022-29145
.NET and Visual Studio Denial of Service Vulnerability Una vulnerabilidad de Denegación de Servicio en .NET y Visual Studio. Este ID de CVE es diferente de CVE-2022-23267, CVE-2022-29117 A flaw was found in dotnet. The Microsoft Security Advisory describes the issue of the ASP.NET FormFeature.cs causing a denial of service when HTML forms are parsed. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29145 https://access.redhat.com/security/cve/CVE-2022-29145 https://bugzilla.redhat.com/sho • CWE-551: Incorrect Behavior Order: Authorization Before Parsing and Canonicalization •
CVE-2022-29117 – .NET and Visual Studio Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2022-29117
.NET and Visual Studio Denial of Service Vulnerability Una vulnerabilidad de Denegación de Servicio en .NET y Visual Studio. Este ID de CVE es diferente de CVE-2022-23267, CVE-2022-29145 A flaw was found in dotnet. The Microsoft Security Advisory describes the issue of a malicious client that can send MyCookie=chunks-2147483647 without the actual cookie chunks, causing large allocations, exceptions, and excess CPU utilization on the server when it tries to read or delete that many chunks. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29117 https://access.redhat.com/security/cve/CVE-2022-29117 https://bugzilla.redhat.com/sho • CWE-565: Reliance on Cookies without Validation and Integrity Checking •
CVE-2022-23267 – .NET and Visual Studio Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2022-23267
.NET and Visual Studio Denial of Service Vulnerability Una vulnerabilidad de Denegación de Servicio en .NET y Visual Studio. Este ID de CVE es diferente de CVE-2022-29117, CVE-2022-29145 A flaw was found in dotnet. The Microsoft Security Advisory describes the issue of the Apply MaxResponseHeadersLength limit for trailing headers to address a denial of service via excess memory allocations through the HttpClient. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23267 https://access.redhat.com/security/cve/CVE-2022-23267 https://bugzilla.redhat.com/sho • CWE-770: Allocation of Resources Without Limits or Throttling •