CVSS: 8.8EPSS: 1%CPEs: 31EXPL: 0CVE-2022-2294 – WebRTC Heap Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2022-2294
Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un desbordamiento del búfer de la pila en WebRTC en Google Chrome versiones anteriores a 103.0.5060.114, permitía a un atacante remoto explotar potencialmente la corrupción de la pila por medio de una página HTML diseñada WebRTC, an open-source project providing web browsers with real-time communication, contains a heap buffer overflow vulnerability that allows an attacker to perform shellcode execution. This vulnerability impacts web browsers using WebRTC including but not limited to Google Chrome. • http://www.openwall.com/lists/oss-security/2022/07/28/2 https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html https://crbug.com/1341043 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5BQRTR4SIUNIHLLPWTGYSDNQK7DYCRSB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H2C4XOJVIILDXTOSMWJXHSQNEXFWSOD7 https://security.gentoo.org/glsa/202208-35 https://security.gentoo.org/glsa/202208-39 https://sec • CWE-787: Out-of-bounds Write •
CVSS: 7.1EPSS: 0%CPEs: 15EXPL: 0CVE-2022-1973
https://notcve.org/view.php?id=CVE-2022-1973
A use-after-free flaw was found in the Linux kernel in log_replay in fs/ntfs3/fslog.c in the NTFS journal. This flaw allows a local attacker to crash the system and leads to a kernel information leak problem. Se encontró un defecto de uso de memoria previamente liberada en el kernel de Linux en la función log_replay en el archivo fs/ntfs3/fslog.c en el diario NTFS. Este fallo permite a un atacante local bloquear el sistema y conlleva a un problema de filtrado de información del kernel • https://bugzilla.redhat.com/show_bug.cgi?id=2092542 https://security.netapp.com/advisory/ntap-20230120-0001 • CWE-416: Use After Free •
CVSS: 6.1EPSS: 0%CPEs: 20EXPL: 1CVE-2022-31160 – jQuery UI contains potential XSS vulnerability when refreshing a checkboxradio with an HTML-like initial text label
https://notcve.org/view.php?id=CVE-2022-31160
jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Versions prior to 1.13.2 are potentially vulnerable to cross-site scripting. Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents considered as the input label. Calling `.checkboxradio( "refresh" )` on such a widget and the initial HTML contained encoded HTML entities will make them erroneously get decoded. This can lead to potentially executing JavaScript code. • https://blog.jqueryui.com/2022/07/jquery-ui-1-13-2-released https://github.com/jquery/jquery-ui/commit/8cc5bae1caa1fcf96bf5862c5646c787020ba3f9 https://github.com/jquery/jquery-ui/security/advisories/GHSA-h6gj-6jjq-h8g9 https://lists.debian.org/debian-lts-announce/2022/12/msg00015.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XBR3G3JR5ZIOJDO4224M3INXDS2VFDD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J5LGNTICB5BRFAG3DHVVELS6H3CZ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.9EPSS: 0%CPEs: 8EXPL: 0CVE-2022-21537 – mysql: InnoDB unspecified vulnerability (CPU Jul 2022)
https://notcve.org/view.php?id=CVE-2022-21537
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CESCYUGY6H6O2R2GPUJLBTYSMY2PHCD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZI4Q7XW5QLUTOACRHBIEYZ6SZB6TIEMT https://security.netapp.com/advisory/ntap-20220729-0004 https://www.oracle.com/security-alerts/cpujul2022.html https://access.redhat.com/security/cve/CVE-2022-21537 https://bugzilla.redhat.com/show_bug.cgi?id=2115295 •
CVSS: 4.9EPSS: 0%CPEs: 8EXPL: 0CVE-2022-21531 – mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2022)
https://notcve.org/view.php?id=CVE-2022-21531
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CESCYUGY6H6O2R2GPUJLBTYSMY2PHCD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZI4Q7XW5QLUTOACRHBIEYZ6SZB6TIEMT https://security.netapp.com/advisory/ntap-20220729-0004 https://www.oracle.com/security-alerts/cpujul2022.html https://access.redhat.com/security/cve/CVE-2022-21531 https://bugzilla.redhat.com/show_bug.cgi?id=2115293 •