CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-24763 – Infinite Loop in PJSIP
https://notcve.org/view.php?id=CVE-2022-24763
30 Mar 2022 — PJSIP is a free and open source multimedia communication library written in the C language. Versions 2.12 and prior contain a denial-of-service vulnerability that affects PJSIP users that consume PJSIP's XML parsing in their apps. Users are advised to update. There are no known workarounds. PJSIP es una biblioteca de comunicación multimedia gratuita y de código abierto escrita en lenguaje C. • https://github.com/pjsip/pjproject/commit/856f87c2e97a27b256482dbe0d748b1194355a21 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2022-26291 – Ubuntu Security Notice USN-5840-1
https://notcve.org/view.php?id=CVE-2022-26291
28 Mar 2022 — lrzip v0.641 was discovered to contain a multiple concurrency use-after-free between the functions zpaq_decompress_buf() and clear_rulist(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted Irz file. Se ha detectado que lrzip versión v0.641, contiene una concurrencia múltiple de uso de memoria previamente liberada entre las funciones zpaq_decompress_buf() y clear_rulist(). Esta vulnerabilidad permite a atacantes causar una Denegación de Servicio (DoS) por medio de un arch... • https://github.com/ckolivas/lrzip/issues/206 • CWE-416: Use After Free •
CVSS: 4.9EPSS: 0%CPEs: 9EXPL: 0CVE-2022-0494 – kernel: information leak in scsi_ioctl()
https://notcve.org/view.php?id=CVE-2022-0494
25 Mar 2022 — A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality. Se ha identificado un fallo de filtrado de información del kernel en la función scsi_ioctl en el archivo drivers/scsi/scsi_ioctl.c en el kernel de Linux. este fallo permite a un atacante local con un privilegio de usuario especial (CAP_SYS_ADMIN o CAP_S... • https://bugzilla.redhat.com/show_bug.cgi?id=2039448 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-908: Use of Uninitialized Resource •
CVSS: 8.2EPSS: 0%CPEs: 71EXPL: 4CVE-2018-25032 – zlib: A flaw found in zlib when compressing (not decompressing) certain inputs
https://notcve.org/view.php?id=CVE-2018-25032
25 Mar 2022 — zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. zlib versiones anteriores a 1.2.12 permite la corrupción de memoria al desinflar (es decir, al comprimir) si la entrada tiene muchas coincidencias distantes An out-of-bounds access flaw was found in zlib, which allows memory corruption when deflating (ex: when compressing) if the input has many distant matches. For some rare inputs with a large number of distant matches (crafted payload... • https://github.com/Trinadh465/external_zlib_4.4_CVE-2018-25032 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 1CVE-2022-0854 – kernel: swiotlb information leak with DMA_FROM_DEVICE
https://notcve.org/view.php?id=CVE-2022-0854
23 Mar 2022 — A memory leak flaw was found in the Linux kernel’s DMA subsystem, in the way a user calls DMA_FROM_DEVICE. This flaw allows a local user to read random memory from the kernel space. Se ha encontrado un fallo de pérdida de memoria en el subsistema DMA del kernel de Linux, en la forma en que un usuario llama a DMA_FROM_DEVICE. Este fallo permite a un usuario local leer memoria aleatoria del espacio del kernel David Bouman discovered that the netfilter subsystem in the Linux kernel did not properly validate pa... • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/kernel/dma/swiotlb.c?h=v5.17-rc8&id=aa6f8dcbab473f3a3c7454b74caa46d36cdc5d13 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 32EXPL: 2CVE-2022-27666 – kernel: buffer overflow in IPsec ESP transformation code
https://notcve.org/view.php?id=CVE-2022-27666
23 Mar 2022 — A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat. Se ha encontrado un fallo de desbordamiento del búfer de la pila en el código de transformación de IPsec ESP en net/ipv4/esp4.c y net/ipv6/esp6.c. Este fallo permite a un atacante local con un privilegio de usuario normal sobrescribir los objetos de la p... • https://github.com/plummm/CVE-2022-27666 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 2CVE-2021-4156 – libsndfile: heap out-of-bounds read in src/flac.c in flac_buffer_copy
https://notcve.org/view.php?id=CVE-2021-4156
23 Mar 2022 — An out-of-bounds read flaw was found in libsndfile's FLAC codec functionality. An attacker who is able to submit a specially crafted file (via tricking a user to open or otherwise) to an application linked with libsndfile and using the FLAC codec, could trigger an out-of-bounds read that would most likely cause a crash but could potentially leak memory information that could be used in further exploitation of other flaws. Se ha encontrado un fallo de lectura fuera de límites en la funcionalidad del códec FL... • https://bugzilla.redhat.com/show_bug.cgi?id=2027690 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-24764 – Stack buffer overflow in pjproject
https://notcve.org/view.php?id=CVE-2022-24764
22 Mar 2022 — PJSIP is a free and open source multimedia communication library written in C. Versions 2.12 and prior contain a stack buffer overflow vulnerability that affects PJSUA2 users or users that call the API `pjmedia_sdp_print(), pjmedia_sdp_media_print()`. Applications that do not use PJSUA2 and do not directly call `pjmedia_sdp_print()` or `pjmedia_sdp_media_print()` should not be affected. A patch is available on the `master` branch of the `pjsip/pjproject` GitHub repository. There are currently no known worka... • https://github.com/pjsip/pjproject/commit/560a1346f87aabe126509bb24930106dea292b00 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 54EXPL: 3CVE-2022-1011 – kernel: FUSE allows UAF reads of write() buffers, allowing theft of (partial) /etc/shadow hashes
https://notcve.org/view.php?id=CVE-2022-1011
18 Mar 2022 — A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation. Se ha encontrado un fallo de uso después de libre en el sistema de archivos FUSE del kernel de Linux en la forma en que un usuario activa write(). Este defecto permite a un usuario local obtener acceso no autorizado a los datos del sistema de archivos FUSE, lo que resulta en una... • https://packetstorm.news/files/id/166772 • CWE-416: Use After Free •
CVSS: 5.9EPSS: 0%CPEs: 6EXPL: 1CVE-2022-24302 – python-paramiko: Race condition in the write_private_key_file function
https://notcve.org/view.php?id=CVE-2022-24302
17 Mar 2022 — In Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_file function could allow unauthorized information disclosure. En Paramiko versiones anteriores a 2.10.1, una condición de carrera (entre creation y chmod) en la función write_private_key_file podría permitir una divulgación de información no autorizada A race condition was found in Paramiko. This flaw allows unauthorized information disclosure from an attacker with access to the write_private_key_file. The ovi... • https://github.com/paramiko/paramiko/blob/363a28d94cada17f012c1604a3c99c71a2bda003/paramiko/pkey.py#L546 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •