CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1CVE-2022-42721 – kernel: BSS list corruption in cfg80211_add_nontrans_list in net/wireless/scan.c
https://notcve.org/view.php?id=CVE-2022-42721
13 Oct 2022 — A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code. Un error de administración de listas en el manejo de BSS en la pila mac80211 en el kernel de Linux versiones 5.1 hasta 5.19.14, podría ser usado por atacantes locales (capaces de inyectar tramas WLAN) para corromper una lista enlazada y, a su vez, ejecutar potencialmente... • http://packetstormsecurity.com/files/169951/Kernel-Live-Patch-Security-Notice-LSN-0090-1.html • CWE-20: Improper Input Validation CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1CVE-2022-42722 – kernel: Denial of service in beacon protection for P2P-device
https://notcve.org/view.php?id=CVE-2022-42722
13 Oct 2022 — In the Linux kernel 5.8 through 5.19.x before 5.19.16, local attackers able to inject WLAN frames into the mac80211 stack could cause a NULL pointer dereference denial-of-service attack against the beacon protection of P2P devices. En el kernel de Linux versiones 5.8 hasta 5.19.14, los atacantes locales capaces de inyectar tramas WLAN en la pila mac80211 podían causar un ataque de denegación de servicio por desreferencia de puntero NULL contra la protección de balizas de los dispositivos P2P A flaw was foun... • http://packetstormsecurity.com/files/169951/Kernel-Live-Patch-Security-Notice-LSN-0090-1.html • CWE-476: NULL Pointer Dereference CWE-705: Incorrect Control Flow Scoping •
CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 1CVE-2022-42719 – Ubuntu Security Notice USN-5728-3
https://notcve.org/view.php?id=CVE-2022-42719
13 Oct 2022 — A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code. Un uso de memoria previamente liberada en la pila mac80211 cuando ea analizado un elemento multi-BSSID en el kernel de Linux versiones 5.2 hasta 5.19.14, podría ser usado por atacantes (capaces de inyectar tramas WLAN) para bloquear el kernel y potencialmente ejecutar código Ja... • http://packetstormsecurity.com/files/171005/Kernel-Live-Patch-Security-Notice-LNS-0091-1.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-39282 – RDP client: Read of uninitialized memory with parallel port redirection
https://notcve.org/view.php?id=CVE-2022-39282
12 Oct 2022 — FreeRDP is a free remote desktop protocol library and clients. FreeRDP based clients on unix systems using `/parallel` command line switch might read uninitialized data and send it to the server the client is currently connected to. FreeRDP based server implementations are not affected. Please upgrade to 2.8.1 where this issue is patched. If unable to upgrade, do not use parallel port redirection (`/parallel` command line switch) as a workaround. • https://github.com/FreeRDP/FreeRDP/releases/tag/2.8.1 • CWE-908: Use of Uninitialized Resource •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-39283 – FreeRDP may read and display out of bounds data
https://notcve.org/view.php?id=CVE-2022-39283
12 Oct 2022 — FreeRDP is a free remote desktop protocol library and clients. All FreeRDP based clients when using the `/video` command line switch might read uninitialized data, decode it as audio/video and display the result. FreeRDP based server implementations are not affected. This issue has been patched in version 2.8.1. If you cannot upgrade do not use the `/video` switch. • https://github.com/FreeRDP/FreeRDP/releases/tag/2.8.1 • CWE-125: Out-of-bounds Read CWE-908: Use of Uninitialized Resource •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-33746 – Gentoo Linux Security Advisory 202402-07
https://notcve.org/view.php?id=CVE-2022-33746
11 Oct 2022 — P2M pool freeing may take excessively long The P2M pool backing second level address translation for guests may be of significant size. Therefore its freeing may take more time than is reasonable without intermediate preemption checks. Such checking for the need to preempt was so far missing. La liberación del pool P2M puede tardar demasiado El pool P2M que respalda la traducción de direcciones de segundo nivel para huéspedes puede tener un tamaño considerable. Por lo tanto, su liberación puede tomar más ti... • http://www.openwall.com/lists/oss-security/2022/10/11/3 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 3.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-33747 – Gentoo Linux Security Advisory 202402-07
https://notcve.org/view.php?id=CVE-2022-33747
11 Oct 2022 — Arm: unbounded memory consumption for 2nd-level page tables Certain actions require e.g. removing pages from a guest's P2M (Physical-to-Machine) mapping. When large pages are in use to map guest pages in the 2nd-stage page tables, such a removal operation may incur a memory allocation (to replace a large mapping with individual smaller ones). These memory allocations are taken from the global memory pool. A malicious guest might be able to cause the global memory pool to be exhausted by manipulating its own... • http://www.openwall.com/lists/oss-security/2022/10/11/5 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 5.6EPSS: 0%CPEs: 5EXPL: 0CVE-2022-33748 – Gentoo Linux Security Advisory 202402-07
https://notcve.org/view.php?id=CVE-2022-33748
11 Oct 2022 — lock order inversion in transitive grant copy handling As part of XSA-226 a missing cleanup call was inserted on an error handling path. While doing so, locking requirements were not paid attention to. As a result two cooperating guests granting each other transitive grants can cause locks to be acquired nested within one another, but in respectively opposite order. With suitable timing between the involved grant copy operations this may result in the locking up of a CPU. Inversión del orden de bloqueo en e... • http://www.openwall.com/lists/oss-security/2022/10/11/2 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.8EPSS: 14%CPEs: 11EXPL: 1CVE-2022-41032 – NuGet Client Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2022-41032
11 Oct 2022 — NuGet Client Elevation of Privilege Vulnerability Una Vulnerabilidad de Elevación de Privilegios en el cliente NuGet A vulnerability was found in dotnet. This flaw allows an attacker to triage a NuGet cache poisoning on Linux via a world-writable cache directory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions a... • https://github.com/ethomson/cve-2022-41032 • CWE-269: Improper Privilege Management CWE-524: Use of Cache Containing Sensitive Information •
CVSS: 7.8EPSS: 1%CPEs: 4EXPL: 0CVE-2022-3140 – Macro URL arbitrary script execution
https://notcve.org/view.php?id=CVE-2022-3140
11 Oct 2022 — LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice links using that scheme could be constructed to call internal macros with arbitrary arguments. Which when clicked on, or activated by document events, could result in arbitrary script execution without warning. This issue affects: The Document Foundation LibreOffice 7.4 version... • https://lists.debian.org/debian-lts-announce/2023/03/msg00022.html • CWE-20: Improper Input Validation CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •