CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-39190 – kernel: nf_tables disallow binding to already bound chain
https://notcve.org/view.php?id=CVE-2022-39190
An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel before 5.19.6. A denial of service can occur upon binding to an already bound chain. Se ha detectado un problema en el archivo net/netfilter/nf_tables_api.c en el kernel de Linux versiones anteriores a 5.19.6. Puede producirse una denegación de servicio al vincularse a una cadena ya vinculada A flaw was found in net/netfilter/nf_tables_api.c in the Linux kernel. A denial of service can occur upon binding to an already bound chain. • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19.6 https://github.com/torvalds/linux/commit/e02f0d3970404bfea385b6edb86f2d936db0ea2b https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html https://lore.kernel.org/all/20220824220330.64283-12-pablo%40netfilter.org https://twitter.com/pr0Ln https://access.redhat.com/security/cve/CVE-2022-39190 https://bugzilla.redhat.com/show_bug.cgi?id=2129152 • CWE-392: Missing Report of Error Condition •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-39176
https://notcve.org/view.php?id=CVE-2022-39176
BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate params_len. BlueZ versiones anteriores a 5.59, permite a atacantes físicamente próximos obtener información confidencial porque el archivo profiles/audio/avrcp.c no comprueba params_len • https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1977968 https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html https://security.netapp.com/advisory/ntap-20221020-0002 https://ubuntu.com/security/notices/USN-5481-1 •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-39177
https://notcve.org/view.php?id=CVE-2022-39177
BlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c. BlueZ versiones anteriores a 5.59, permite a atacantes físicamente próximos causar una denegación de servicio porque pueden procesarse capacidades malformadas e inválidas en el archivo profiles/audio/avdtp.c • https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1977968 https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html https://security.netapp.com/advisory/ntap-20221020-0002 https://ubuntu.com/security/notices/USN-5481-1 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2020-35533
https://notcve.org/view.php?id=CVE-2020-35533
In LibRaw, an out-of-bounds read vulnerability exists within the "LibRaw::adobe_copy_pixel()" function (libraw\src\decoders\dng.cpp) when reading data from the image file. En LibRaw, se presenta una vulnerabilidad de lectura fuera de límites dentro de la función "LibRaw::adobe_copy_pixel()" (libraw\src\decoders\dng.cpp) cuando son leídos datos del archivo de imagen • https://github.com/LibRaw/LibRaw/commit/a6937d4046a7c4742b683a04c8564605fd9be4fb https://github.com/LibRaw/LibRaw/issues/273 https://lists.debian.org/debian-lts-announce/2022/09/msg00024.html • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1CVE-2020-35530
https://notcve.org/view.php?id=CVE-2020-35530
In LibRaw, there is an out-of-bounds write vulnerability within the "new_node()" function (libraw\src\x3f\x3f_utils_patched.cpp) that can be triggered via a crafted X3F file. En LibRaw, se presenta una vulnerabilidad de escritura fuera de límites en la función "new_node()" (libraw\src\x3f\x3f_utils_patched.cpp) que puede desencadenarse por medio de un archivo X3F diseñado • https://github.com/LibRaw/LibRaw/commit/11c4db253ef2c9bb44247b578f5caa57c66a1eeb https://github.com/LibRaw/LibRaw/issues/272 https://lists.debian.org/debian-lts-announce/2022/09/msg00024.html • CWE-787: Out-of-bounds Write •