CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2022-1942 – Heap-based Buffer Overflow in vim/vim
https://notcve.org/view.php?id=CVE-2022-1942
31 May 2022 — Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. Un Desbordamiento de Búfer en la Región Heap de la Memoria en el repositorio de GitHub vim/vim versiones anteriores a 8.2 It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possible execute arbitrary code. This issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. • http://seclists.org/fulldisclosure/2022/Oct/28 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 6.3EPSS: 0%CPEs: 4EXPL: 1CVE-2022-1462 – kernel: possible race condition in drivers/tty/tty_buffers.c
https://notcve.org/view.php?id=CVE-2022-1462
31 May 2022 — An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory. Se ha encontrado un fallo de lectura fuera de límites en el subsistema TeleTYpe del kernel de Linux. El problema es producido en la forma en que un usuario desenc... • https://bugzilla.redhat.com/show_bug.cgi?id=2078466 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-366: Race Condition within a Thread •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-31799 – Debian Security Advisory 5159-1
https://notcve.org/view.php?id=CVE-2022-31799
29 May 2022 — Bottle before 0.12.20 mishandles errors during early request binding. Bottle versiones anteriores a 0.12.20, maneja inapropiadamente los errores durante la vinculación temprana de peticiones An update that fixes one vulnerability is now available. This update for python-bottle fixes the following issues. Fixed an error mishandling issue that could lead to remote denial of service. • https://github.com/bottlepy/bottle/commit/a2b0ee6bb4ce88895429ec4aca856616244c4c4c • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1CVE-2022-1204 – Ubuntu Security Notice USN-5469-1
https://notcve.org/view.php?id=CVE-2022-1204
28 May 2022 — A use-after-free flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system. Se ha encontrado un fallo de uso de memoria previamente liberada en la funcionalidad del protocolo AX.25 de radioaficionados del kernel de Linux en la forma en que un usuario es conectado con el protocolo. Este fallo permite a un usuario local bloquear el sistema It was discovered that the implementation of the 6pack... • https://access.redhat.com/security/cve/CVE-2022-1204 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1CVE-2022-1897 – Out-of-bounds Write in vim/vim
https://notcve.org/view.php?id=CVE-2022-1897
27 May 2022 — Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. Una Escritura Fuera de Límites en el repositorio de GitHub vim/vim versiones anteriores a 8.2 A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to an out-of-bounds write vulnerability in the vim_regsub_both function. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. Red Hat Advanced Cluster Management for Kubernetes 2.6.0 images Red Hat Advanced Cluster Ma... • http://seclists.org/fulldisclosure/2022/Oct/28 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 1CVE-2022-1898 – Use After Free in vim/vim
https://notcve.org/view.php?id=CVE-2022-1898
27 May 2022 — Use After Free in GitHub repository vim/vim prior to 8.2. Un Uso de Memoria Previamente Liberada en el repositorio de GitHub vim/vim versiones anteriores a 8.2 It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possible execute arbitrary code. This issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. • http://seclists.org/fulldisclosure/2022/Oct/28 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-1664 – directory traversal for in-place extracts with untrusted v2 and v3 source packages with debian.tar
https://notcve.org/view.php?id=CVE-2022-1664
26 May 2022 — Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs. La función Dpkg::Source::Archive en dpkg, el sistema de administración de paquetes de Debian, versiones anteriores a 1.... • https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=1f23dddc17f69c9598477098c7fb9936e15fa495 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.2EPSS: 0%CPEs: 24EXPL: 0CVE-2022-26691 – cups: authorization bypass when using "local" authorization
https://notcve.org/view.php?id=CVE-2022-26691
26 May 2022 — A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to gain elevated privileges. Se abordó un problema de lógica con una administración de estados mejorada. Este problema es corregido en Security Update 2022-003 Catalina, macOS Monterey versión 12.3, macOS Big Sur versión 11.6.5. • https://github.com/OpenPrinting/cups/commit/de4f8c196106033e4c372dce3e91b9d42b0b9444 • CWE-288: Authentication Bypass Using an Alternate Path or Channel CWE-697: Incorrect Comparison •
CVSS: 6.7EPSS: 0%CPEs: 6EXPL: 0CVE-2022-30783 – Gentoo Linux Security Advisory 202301-01
https://notcve.org/view.php?id=CVE-2022-30783
26 May 2022 — An invalid return code in fuse_kern_mount enables intercepting of libfuse-lite protocol traffic between NTFS-3G and the kernel in NTFS-3G through 2021.8.22 when using libfuse-lite. Un código de retorno no válido en fuse_kern_mount permite interceptar el tráfico del protocolo libfuse-lite entre NTFS-3G y el kernel en NTFS-3G versiones hasta 2021.8.22 cuando es usado libfuse-lite An update that fixes 8 vulnerabilities is now available. This update for ntfs-3g_ntfsprogs fixes the following issues. Updated to v... • http://www.openwall.com/lists/oss-security/2022/06/07/4 • CWE-252: Unchecked Return Value •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-30784 – ntfs-3g: crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value
https://notcve.org/view.php?id=CVE-2022-30784
26 May 2022 — A crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value in NTFS-3G through 2021.8.22. Una imagen NTFS diseñada puede causar el agotamiento de la pila en ntfs_get_attribute_value en NTFS-3G versiones hasta 2021.8.22 A vulnerability was found in NTFS-3G. Incorrect validation of NTFS metadata can result in a heap exhaustion when processing a crafted NTFS image file or partition. An update that fixes 8 vulnerabilities is now available. This update for ntfs-3g_ntfsprogs fixes the following iss... • https://github.com/tuxera/ntfs-3g/releases • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •