CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-42334
https://notcve.org/view.php?id=CVE-2022-42334
x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] To allow cachability control for HVM guests with passed through devices, an interface exists to explicitly override defaults which would otherwise be put in place. While not exposed to the affected guests themselves, the interface specifically exists for domains controlling such guests. This interface may therefore be used by not fully privileged entities, e.g. qemu running deprivileged in Dom0 or qemu running in a so called stub-domain. With this exposure it is an issue that - the number of the such controlled regions was unbounded (CVE-2022-42333), - installation and removal of such regions was not properly serialized (CVE-2022-42334). • http://www.openwall.com/lists/oss-security/2023/03/21/2 http://xenbits.xen.org/xsa/advisory-428.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5L6PM4RE7MUE6OWA32ZVOXCP235RM2TM https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APBMS2Q6746AXAFAITNJMGBNFGNMVLWR https://security.gentoo.org/glsa/202402-07 https://www.debian.org/security/2023/dsa-5378 https://xenbits.xenproject.org/xsa/advisory-428.txt • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.6EPSS: 0%CPEs: 4EXPL: 0CVE-2022-42333
https://notcve.org/view.php?id=CVE-2022-42333
x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] To allow cachability control for HVM guests with passed through devices, an interface exists to explicitly override defaults which would otherwise be put in place. While not exposed to the affected guests themselves, the interface specifically exists for domains controlling such guests. This interface may therefore be used by not fully privileged entities, e.g. qemu running deprivileged in Dom0 or qemu running in a so called stub-domain. With this exposure it is an issue that - the number of the such controlled regions was unbounded (CVE-2022-42333), - installation and removal of such regions was not properly serialized (CVE-2022-42334). • http://www.openwall.com/lists/oss-security/2023/03/21/2 http://xenbits.xen.org/xsa/advisory-428.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5L6PM4RE7MUE6OWA32ZVOXCP235RM2TM https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APBMS2Q6746AXAFAITNJMGBNFGNMVLWR https://security.gentoo.org/glsa/202402-07 https://www.debian.org/security/2023/dsa-5378 https://xenbits.xenproject.org/xsa/advisory-428.txt • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.6EPSS: 0%CPEs: 3EXPL: 1CVE-2023-1264 – NULL Pointer Dereference in vim/vim
https://notcve.org/view.php?id=CVE-2023-1264
NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1392. • https://github.com/vim/vim/commit/7ac5023a5f1a37baafbe1043645f97ba3443d9f6 https://huntr.dev/bounties/b2989095-88f3-413a-9a39-c1c58a6e6815 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DIAKPMKJ4OZ6NYRZJO7YWMNQL2BICLYV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IE44W6WMMREYCW3GJHPSYP7NK2VT5NY6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X4KDAU76Z7QNSPKZX2JAJ6O7KIEOXWTL • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-1127 – Divide By Zero in vim/vim
https://notcve.org/view.php?id=CVE-2023-1127
Divide By Zero in GitHub repository vim/vim prior to 9.0.1367. • https://github.com/vim/vim/commit/e0f869196930ef5f25a0ac41c9215b09c9ce2d3c https://huntr.dev/bounties/2d4d309e-4c96-415f-9070-36d0815f1beb https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IE44W6WMMREYCW3GJHPSYP7NK2VT5NY6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PDVN5HSWPNVP4QXBPCEGZDLZKURLJWTE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WJ6TMKKBXHGVUHWFGM4X46VIJO7ZAG2W • CWE-369: Divide By Zero •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-41727 – Denial of service via crafted TIFF image in golang.org/x/image/tiff
https://notcve.org/view.php?id=CVE-2022-41727
An attacker can craft a malformed TIFF image which will consume a significant amount of memory when passed to DecodeConfig. This could lead to a denial of service. • https://go.dev/cl/468195 https://go.dev/issue/58003 https://groups.google.com/g/golang-announce/c/ag-FiyjlD5o https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KO54NBDUJXKAZNGCFOEYL2LKK2RQP6K6 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWH6Q7NVM4MV3GWFEU4PA67AWZHVFJQ2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XZTEP6JYILRBNDTNWTEQ5D4QUUVQBESK https://pkg.go.dev/vuln/GO-2023-1572 • CWE-770: Allocation of Resources Without Limits or Throttling •