CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2022-27470
https://notcve.org/view.php?id=CVE-2022-27470
SDL_ttf v2.0.18 and below was discovered to contain an arbitrary memory write via the function TTF_RenderText_Solid(). This vulnerability is triggered via a crafted TTF file. Se ha detectado que SDL_ttf versiones v2.0.18 y anteriores, contienen una escritura arbitraria en memoria por medio de la función TTF_RenderText_Solid(). Esta vulnerabilidad es desencadenada por medio de un archivo TTF diseñado • https://github.com/libsdl-org/SDL_ttf/commit/db1b41ab8bde6723c24b866e466cad78c2fa0448 https://github.com/libsdl-org/SDL_ttf/issues/187 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EAGMQMRQDTZFQW64JEW3O6HY3JYLAAHT https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RXI3MDPR24W5557G34YHWOP2MOK6BTGB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XPYTEBBNHCDGPVFACC5RC5K2FZUCYTPZ • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2022-28487
https://notcve.org/view.php?id=CVE-2022-28487
Tcpreplay version 4.4.1 contains a memory leakage flaw in fix_ipv6_checksums() function. The highest threat from this vulnerability is to data confidentiality. Tcpreplay versión 4.4.1, contiene un fallo de pérdida de memoria en la función fix_ipv6_checksums(). La mayor amenaza de esta vulnerabilidad es para la confidencialidad de los datos • https://github.com/appneta/tcpreplay/issues/723 https://github.com/appneta/tcpreplay/pull/720 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5B75AFRJUGOYHCFG2ZV2JKSUPA6MSCT5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ECRCFJ6X3IVB7BT4KS6AHQMSL532YXYD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWRZO7BG6DHA5NAC3COB45WFXLYRIERC https://security.gentoo.org/glsa/202210-08 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 10.0EPSS: 10%CPEs: 59EXPL: 5CVE-2022-1292 – The c_rehash script allows command injection
https://notcve.org/view.php?id=CVE-2022-1292
The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). • https://github.com/alcaparra/CVE-2022-1292 https://github.com/li8u99/CVE-2022-1292 https://github.com/greek0x0/CVE-2022-1292 https://github.com/rama291041610/CVE-2022-1292 https://github.com/und3sc0n0c1d0/CVE-2022-1292 https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2 https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=548d3f280a6e737673f5b61fce24bb100108dfeb https://git • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.4EPSS: 0%CPEs: 28EXPL: 2CVE-2022-29824 – libxml2: integer overflows in xmlBuf and xmlBuffer lead to out-of-bounds write
https://notcve.org/view.php?id=CVE-2022-29824
In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well. En libxml2 versiones anteriores a 2.9.14, varias funciones de manejo de búferes en buf.c (xmlBuf*) y tree.c (xmlBuffer*) no comprueban los desbordamientos de enteros. • http://packetstormsecurity.com/files/167345/libxml2-xmlBufAdd-Heap-Buffer-Overflow.html http://packetstormsecurity.com/files/169825/libxml2-xmlParseNameComplex-Integer-Overflow.html https://gitlab.gnome.org/GNOME/libxml2/-/commit/2554a2408e09f13652049e5ffb0d26196b02ebab https://gitlab.gnome.org/GNOME/libxml2/-/commit/6c283d83eccd940bcde15634ac8c7f100e3caefd https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.9.14 https://gitlab.gnome.org/GNOME/libxslt/-/tags https://lists.debian.org/debian-lts-announce/2022/05/msg0 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2021-46790 – ntfs-3g: heap-based buffer overflow in ntfsck
https://notcve.org/view.php?id=CVE-2021-46790
ntfsck in NTFS-3G through 2021.8.22 has a heap-based buffer overflow involving buffer+512*3-2. NOTE: the upstream position is that ntfsck is deprecated; however, it is shipped by some Linux distributions. ntfsck en NTFS-3G versiones hasta 2021.8.22, presenta un desbordamiento del búfer en la región heap de la memoria que afecta al búfer+512*3-2. NOTA: la posición de la corriente principal es que ntfsck está obsoleto; sin embargo, es incluido en algunas distribuciones de Linux A vulnerability was found in NTFS-3G, specifically in the ntfsck utility. Incorrect validation of NTFS metadata can result in a heap-based buffer overflow when processing a crafted NTFS image file or partition. • http://www.openwall.com/lists/oss-security/2022/05/26/1 https://github.com/tuxera/ntfs-3g/issues/16 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7JPX6OUCQKZX4PN5DQPVDUFZCOOZUX7Z https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ECDCISL24TYH4CTDFCUVF24WAKRSYF7F https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FAXFYIJWT5SHHRNPOJETM77EIMJ6ZP6I https://lists.fedoraproject.org/archives/list/package-announce • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •