CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1CVE-2022-1204
https://notcve.org/view.php?id=CVE-2022-1204
A use-after-free flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system. Se ha encontrado un fallo de uso de memoria previamente liberada en la funcionalidad del protocolo AX.25 de radioaficionados del kernel de Linux en la forma en que un usuario es conectado con el protocolo. Este fallo permite a un usuario local bloquear el sistema • https://access.redhat.com/security/cve/CVE-2022-1204 https://bugzilla.redhat.com/show_bug.cgi?id=2071051 https://security-tracker.debian.org/tracker/CVE-2022-1204 https://www.openwall.com/lists/oss-security/2022/04/02/2 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 1CVE-2022-1898 – Use After Free in vim/vim
https://notcve.org/view.php?id=CVE-2022-1898
Use After Free in GitHub repository vim/vim prior to 8.2. Un Uso de Memoria Previamente Liberada en el repositorio de GitHub vim/vim versiones anteriores a 8.2 • http://seclists.org/fulldisclosure/2022/Oct/28 http://seclists.org/fulldisclosure/2022/Oct/41 https://github.com/vim/vim/commit/e2fa213cf571041dbd04ab0329303ffdc980678a https://huntr.dev/bounties/45aad635-c2f1-47ca-a4f9-db5b25979cea https://lists.debian.org/debian-lts-announce/2022/06/msg00014.html https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OZSLFIKFYU5Y2KM5EJKQNYHWRUBDQ4GJ https://lists.fedoraproject& • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1CVE-2022-1897 – Out-of-bounds Write in vim/vim
https://notcve.org/view.php?id=CVE-2022-1897
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. Una Escritura Fuera de Límites en el repositorio de GitHub vim/vim versiones anteriores a 8.2 A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to an out-of-bounds write vulnerability in the vim_regsub_both function. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. • http://seclists.org/fulldisclosure/2022/Oct/28 http://seclists.org/fulldisclosure/2022/Oct/41 https://github.com/vim/vim/commit/338f1fc0ee3ca929387448fe464579d6113fa76a https://huntr.dev/bounties/82c12151-c283-40cf-aa05-2e39efa89118 https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OZSLFIKFYU5Y2KM5EJKQNYHWRUBDQ4GJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QMFHBC5OQXD • CWE-787: Out-of-bounds Write •
CVSS: 7.2EPSS: 0%CPEs: 24EXPL: 0CVE-2022-26691 – cups: authorization bypass when using "local" authorization
https://notcve.org/view.php?id=CVE-2022-26691
A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to gain elevated privileges. Se abordó un problema de lógica con una administración de estados mejorada. Este problema es corregido en Security Update 2022-003 Catalina, macOS Monterey versión 12.3, macOS Big Sur versión 11.6.5. • https://github.com/OpenPrinting/cups/commit/de4f8c196106033e4c372dce3e91b9d42b0b9444 https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0026/MNDT-2022-0026.md https://lists.debian.org/debian-lts-announce/2022/05/msg00039.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQ6TD7F3VRITPEHFDHZHK7MU6FEBMZ5U https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YQRIT4H75XV6M42K7ZTARWZ7YLLYQHPO https://support.apple.com/en-us/H • CWE-288: Authentication Bypass Using an Alternate Path or Channel CWE-697: Incorrect Comparison •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-30786 – ntfs-3g: crafted NTFS image can cause a heap-based buffer overflow in ntfs_names_full_collate
https://notcve.org/view.php?id=CVE-2022-30786
A crafted NTFS image can cause a heap-based buffer overflow in ntfs_names_full_collate in NTFS-3G through 2021.8.22. Una imagen NTFS diseñada puede causar un desbordamiento del búfer en la región heap de la memoria en ntfs_names_full_collate en NTFS-3G versiones hasta 2021.8.22 A vulnerability was found in NTFS-3G. Incorrect validation of NTFS metadata can result in a heap-based buffer overflow when processing a crafted NTFS image file or partition. • https://github.com/tuxera/ntfs-3g/releases https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-xchm-ph5h-hw4x https://lists.debian.org/debian-lts-announce/2022/06/msg00017.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7JPX6OUCQKZX4PN5DQPVDUFZCOOZUX7Z https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ECDCISL24TYH4CTDFCUVF24WAKRSYF7F https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ • CWE-787: Out-of-bounds Write •