CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 1CVE-2022-42010 – dbus: dbus-daemon crashes when receiving message with incorrectly nested parentheses and curly brackets
https://notcve.org/view.php?id=CVE-2022-42010
09 Oct 2022 — An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures. Se ha detectado un problema en D-Bus versiones anteriores a 1.12.24, versiones 1.13.x y 1.14.x anteriores a 1.14.4, y versiones 1.15.x anteriores a 1.15.2. Un atacante autenticado puede causar que dbus-daemon y otros programas que usan libdbus sean... • https://gitlab.freedesktop.org/dbus/dbus/-/issues/418 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 1CVE-2022-42011 – dbus: dbus-daemon can be crashed by messages with array length inconsistent with element type
https://notcve.org/view.php?id=CVE-2022-42011
09 Oct 2022 — An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of the element type. Se ha detectado un problema en D-Bus versiones anteriores a 1.12.24, versiones 1.13.x y 1.14.x anteriores a 1.14.4, y versiones 1.15.x anteriores a 1.15.2. Un atacante autenticado puede causar que dbus-daemon y ot... • https://gitlab.freedesktop.org/dbus/dbus/-/issues/413 • CWE-129: Improper Validation of Array Index CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 1CVE-2022-42012 – dbus: `_dbus_marshal_byteswap` doesn't process fds in messages with "foreign" endianness correctly
https://notcve.org/view.php?id=CVE-2022-42012
09 Oct 2022 — An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format. Se ha detectado un problema en D-Bus versiones anteriores a 1.12.24, versiones 1.13.x y 1.14.x anteriores a 1.14.4, y versiones 1.15.x anteriores a 1.15.2. Un atacante autenticado puede causar que dbus-daemon y otros programas que usa... • https://gitlab.freedesktop.org/dbus/dbus/-/issues/417 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-3435 – Linux Kernel IPv4 fib_semantics.c fib_nh_match out-of-bounds
https://notcve.org/view.php?id=CVE-2022-3435
08 Oct 2022 — A vulnerability classified as problematic has been found in Linux Kernel. This affects the function fib_nh_match of the file net/ipv4/fib_semantics.c of the component IPv4 Handler. The manipulation leads to out-of-bounds read. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue. • https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 34EXPL: 0CVE-2022-2928 – An option refcount overflow exists in dhcpd
https://notcve.org/view.php?id=CVE-2022-2928
06 Oct 2022 — In ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1, when the function option_code_hash_lookup() is called from add_option(), it increases the option's refcount field. However, there is not a corresponding call to option_dereference() to decrement the refcount field. The function add_option() is only used in server responses to lease query packets. Each lease query response calls this function for several options, so eventually, the reference counters could overflow and cause the server to abo... • https://kb.isc.org/docs/cve-2022-2928 • CWE-190: Integer Overflow or Wraparound CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 35EXPL: 0CVE-2022-2929 – DHCP memory leak
https://notcve.org/view.php?id=CVE-2022-2929
06 Oct 2022 — In ISC DHCP 1.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1 a system with access to a DHCP server, sending DHCP packets crafted to include fqdn labels longer than 63 bytes, could eventually cause the server to run out of memory. En ISC DHCP versiones 1.0 anteriores a 4.4.3, ISC DHCP versiones 4.1-ESV-R1 anteriores a 4.1-ESV-R16-P1, un sistema con acceso a un servidor DHCP, enviando paquetes DHCP diseñados para incluir etiquetas fqdn de más de 63 bytes, podría llegar a causar a el servidor quedarse sin m... • https://kb.isc.org/docs/cve-2022-2929 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2022-40316
https://notcve.org/view.php?id=CVE-2022-40316
30 Sep 2022 — The H5P activity attempts report did not filter by groups, which in separate groups mode could reveal information to non-editing teachers about attempts/users in groups they should not have access to. El informe de intentos de actividad de H5P no filtró por grupos, lo que en el modo de grupos separados podría revelar información a profesores no editores sobre intentos/usuarios en grupos a los que no deberían tener acceso • https://bugzilla.redhat.com/show_bug.cgi?id=2128151 • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2022-40315
https://notcve.org/view.php?id=CVE-2022-40315
30 Sep 2022 — A limited SQL injection risk was identified in the "browse list of users" site administration page. Se ha identificado un riesgo limitado de inyección SQL en la página de administración del sitio "browse list of users" • https://bugzilla.redhat.com/show_bug.cgi?id=2128150 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-40313
https://notcve.org/view.php?id=CVE-2022-40313
30 Sep 2022 — Recursive rendering of Mustache template helpers containing user input could, in some cases, result in an XSS risk or a page failing to load. Una renderización recursiva de los helpers de las plantillas de Mustache que contienen entradas de usuario podría, en algunos casos, resultar en un riesgo de tipo XSS o a un fallo en la carga de la página • https://bugzilla.redhat.com/show_bug.cgi?id=2128146 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2022-3352 – Use After Free in vim/vim
https://notcve.org/view.php?id=CVE-2022-3352
29 Sep 2022 — Use After Free in GitHub repository vim/vim prior to 9.0.0614. Un Uso de Memoria Previamente Liberada en el repositorio GitHub vim/vim versiones anteriores a 9.0.0614 Multiple vulnerabilities have been found in Vim, the worst of which could result in denial of service. Versions less than 9.0.1157 are affected. • https://github.com/vim/vim/commit/ef976323e770315b5fca544efb6b2faa25674d15 • CWE-416: Use After Free •