CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-41916 – Read one byte past a buffer when normalizing Unicode
https://notcve.org/view.php?id=CVE-2022-41916
Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Versions prior to 7.7.1 are vulnerable to a denial of service vulnerability in Heimdal's PKI certificate validation library, affecting the KDC (via PKINIT) and kinit (via PKINIT), as well as any third-party applications using Heimdal's libhx509. Users should upgrade to Heimdal 7.7.1 or 7.8. There are no known workarounds for this issue. Heimdal es una implementación de ASN.1/DER, PKIX y Kerberos. • https://github.com/heimdal/heimdal/security/advisories/GHSA-mgqr-gvh6-23cx https://lists.debian.org/debian-lts-announce/2022/11/msg00034.html https://security.gentoo.org/glsa/202310-06 https://security.netapp.com/advisory/ntap-20230216-0008 https://www.debian.org/security/2022/dsa-5287 • CWE-193: Off-by-one Error •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 1CVE-2022-3970 – LibTIFF tif_getimage.c TIFFReadRGBATileExt integer overflow
https://notcve.org/view.php?id=CVE-2022-3970
A vulnerability was found in LibTIFF. It has been classified as critical. This affects the function TIFFReadRGBATileExt of the file libtiff/tif_getimage.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53137 https://gitlab.com/libtiff/libtiff/-/commit/227500897dfb07fb7d27f7aa570050e62617e3be https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html https://oss-fuzz.com/download?testcase_id=5738253143900160 https://security.netapp.com/advisory/ntap-20221215-0009 https://support.apple.com/kb/HT213841 https://support.apple.com/kb/HT213843 https://vuldb.com/?id.213549 https://access.redhat.com/security/cve/CVE-2022-3970 https • CWE-189: Numeric Errors CWE-680: Integer Overflow to Buffer Overflow •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 1CVE-2022-45188 – Synology DiskStation Manager Serv.php Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2022-45188
Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl file. This provides remote root access on some platforms such as FreeBSD (used for TrueNAS). Netatalk hasta 3.1.13 tiene un Desbordamiento del Búfer en afp_getappl que genera la ejecución de código a través de un archivo .appl manipulado. Esto proporciona acceso raíz remoto en algunas plataformas como FreeBSD (utilizado para TrueNAS). This vulnerability allows remote attackers to bypass authentication on affected installations of Synology DiskStation Manager. • https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZYWSGVA6WXREMB6PV56HAHKU7R6KPOP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GEAFLA5L2SHOUFBAGUXIF2TZLGBXGJKT https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SG6WZW5LXFVH3P7ZVZRGHUVJEMEFKQLI https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html https://netatalk.sourceforge.io/3.1/ • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 63EXPL: 0CVE-2022-45060 – varnish: Request Forgery Vulnerability
https://notcve.org/view.php?id=CVE-2022-45060
An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. An attacker may introduce characters through HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to produce invalid HTTP/1 requests to the backend. This could, in turn, be used to exploit vulnerabilities in a server behind the Varnish server. Note: the 6.0.x LTS series (before 6.0.11) is affected. Se descubrió un problema de HTTP Request Forgery en Varnish Cache 5.x y 6.x anteriores a 6.0.11, 7.x anteriores a 7.1.2 y 7.2.x anteriores a 7.2.1. • https://docs.varnish-software.com/security/VSV00011 https://lists.debian.org/debian-lts-announce/2022/11/msg00036.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G6ZMOZVBLZXHEV5VRW4I4SOWLQEK5OF5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M4KVVCIQVINQQ2D7ORNARSYALMJUMP3I https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XGF6LFTHXCSYMYUX5HLMVXQH3WHCSFLU https://varnish-cache.org/security/VSV00011.html htt • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2022-39377 – sysstat Incorrect Buffer Size calculation on 32-bit systems results in RCE via buffer overflow
https://notcve.org/view.php?id=CVE-2022-39377
sysstat is a set of system performance tools for the Linux operating system. On 32 bit systems, in versions 9.1.16 and newer but prior to 12.7.1, allocate_structures contains a size_t overflow in sa_common.c. The allocate_structures function insufficiently checks bounds before arithmetic multiplication, allowing for an overflow in the size allocated for the buffer representing system activities. This issue may lead to Remote Code Execution (RCE). This issue has been patched in version 12.7.1. sysstat es un conjunto de herramientas de rendimiento del System para el sistema operativo Linux. • https://github.com/sysstat/sysstat/security/advisories/GHSA-q8r6-g56f-9w7x https://lists.debian.org/debian-lts-announce/2022/11/msg00014.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6F26ALXWYHT4LN2AHPZM34OQEXTJE3JZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7X6WKTODOUDV6M3HZMASYNZP6EM4N7W4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PHUVUDIVDJZ7AVXD3XX3NBXXXKPOKN3N https://security.gentoo.org& • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-131: Incorrect Calculation of Buffer Size •