Page 88 of 3085 results (0.014 seconds)

CVSS: 3.7EPSS: 0%CPEs: 17EXPL: 0

CVE-2021-43980 – Apache Tomcat: Information disclosure

https://notcve.org/view.php?id=CVE-2021-43980

The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 that could cause client connections to share an Http11Processor instance resulting in responses, or part responses, to be received by the wrong client. Una implementación simplificada de lecturas y escrituras de bloqueo introducida en Tomcat versión 10 y retrocedida a Tomcat versión 9.0.47 en adelante expuso un error de concurrencia de larga data (pero extremadamente difícil de activar) en Apache Tomcat versiones 10.1.0 a 10. 1.0-M12, 10.0.0-M1 a 10.0.18, 9.0.0-M1 a 9.0.60 y 8.5.0 a 8.5.77, que podía causar que las conexiones de los clientes compartieran una instancia de Http11Processor resultando en que las respuestas, o parte de ellas, fueran recibidas por el cliente equivocado • http://www.openwall.com/lists/oss-security/2022/09/28/1 https://lists.apache.org/thread/3jjqbsp6j88b198x5rmg99b1qr8ht3g3 https://lists.debian.org/debian-lts-announce/2022/10/msg00029.html https://www.debian.org/security/2022/dsa-5265 https://access.redhat.com/security/cve/CVE-2021-43980 https://bugzilla.redhat.com/show_bug.cgi?id=2130599 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 4.7EPSS: 0%CPEs: 7EXPL: 1

CVE-2022-3303

https://notcve.org/view.php?id=CVE-2022-3303

A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition Se ha encontrado un fallo de condición de carrera en el subsistema de sonido del kernel de Linux debido a un bloqueo inapropiado. Podría conllevar a una desreferencia de puntero NULL mientras es manejado el ioctl SNDCTL_DSP_SYNC. Un usuario local privilegiado (root o miembro del grupo de audio) podría usar este fallo para bloquear el sistema, resultando en una situación de denegación de servicio • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8423f0b6d513b259fdab9c9bf4aaa6188d054c2d https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html https://lore.kernel.org/all/CAFcO6XN7JDM4xSXGhtusQfS2mSBcx50VJKwQpCq=WeLt57aaZA%40mail.gmail.com https://www.debian.org/security/2022/dsa-5257 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-667: Improper Locking •

CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1

CVE-2022-3324 – Stack-based Buffer Overflow in vim/vim

https://notcve.org/view.php?id=CVE-2022-3324

Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0598. Un Desbordamiento del Búfer en la Región Stack de la Memoria en el repositorio de GitHub vim/vim versiones anteriores a 9.0.0598 • https://github.com/vim/vim/commit/8279af514ca7e5fd3c31cf13b0864163d1a0bfeb https://huntr.dev/bounties/e414e55b-f332-491f-863b-c18dca97403c https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/messa • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 2

CVE-2022-21797 – Arbitrary Code Execution

https://notcve.org/view.php?id=CVE-2022-21797

The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the pre_dispatch flag in Parallel() class due to the eval() statement. El paquete joblib versiones a partir de 0 anteriores a 1.2.0, son vulnerables a una Ejecución de Código Arbitraria por medio del flag pre_dispatch en la clase Parallel() debido a la sentencia eval(). • https://github.com/joblib/joblib/commit/b90f10efeb670a2cc877fb88ebb3f2019189e059 https://github.com/joblib/joblib/issues/1128 https://github.com/joblib/joblib/pull/1321 https://lists.debian.org/debian-lts-announce/2022/11/msg00020.html https://lists.debian.org/debian-lts-announce/2023/03/msg00027.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BVOMMW37OXZWU2EV5ONAAS462IQEHZOF https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0

CVE-2022-40188

https://notcve.org/view.php?id=CVE-2022-40188

Knot Resolver before 5.5.3 allows remote attackers to cause a denial of service (CPU consumption) because of algorithmic complexity. During an attack, an authoritative server must return large NS sets or address sets. Knot Resolver versiones anteriores a 5.5.3, permite a atacantes remotos causar una denegación de servicio (consumo de CPU) debido a una complejidad del algoritmo. Durante un ataque, un servidor autoritativo debe devolver grandes conjuntos de NS o conjuntos de direcciones. • https://gitlab.nic.cz/knot/knot-resolver/-/merge_requests/1343#note_262558 https://lists.debian.org/debian-lts-announce/2022/10/msg00008.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HIMDNIUI7GTUEKIBBYYW7OCTJQFPDNXL https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S2VE5K3VDUHJOIA2IGT3G5R76IBADMNE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XO6LIVQS62MI5GG4OVYB5RHVZMYNHAHG • CWE-407: Inefficient Algorithmic Complexity •