Total
4367 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-28042 | 3 Debian, Fedoraproject, Nothings | 3 Debian Linux, Fedora, Stb Image.h | 2023-02-23 | 6.8 MEDIUM | 8.8 HIGH |
stb_image.h v2.27 was discovered to contain an heap-based use-after-free via the function stbi__jpeg_huff_decode. | |||||
CVE-2022-28041 | 3 Debian, Fedoraproject, Nothings | 3 Debian Linux, Fedora, Stb Image.h | 2023-02-23 | 4.3 MEDIUM | 6.5 MEDIUM |
stb_image.h v2.27 was discovered to contain an integer overflow via the function stbi__jpeg_decode_block_prog_dc. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors. | |||||
CVE-2022-31783 | 2 Fedoraproject, Liblouis | 2 Fedora, Liblouis | 2023-02-23 | 4.3 MEDIUM | 5.5 MEDIUM |
Liblouis 3.21.0 has an out-of-bounds write in compileRule in compileTranslationTable.c, as demonstrated by lou_trace. | |||||
CVE-2022-32325 | 2 Fedoraproject, Jpegoptim Project | 2 Fedora, Jpegoptim | 2023-02-23 | 4.3 MEDIUM | 6.5 MEDIUM |
JPEGOPTIM v1.4.7 was discovered to contain a segmentation violation which is caused by a READ memory access at jpegoptim.c. | |||||
CVE-2022-31129 | 3 Debian, Fedoraproject, Momentjs | 3 Debian Linux, Fedora, Moment | 2023-02-23 | 5.0 MEDIUM | 7.5 HIGH |
moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment (more specifically rfc2822 parsing, which is tried by default) has quadratic (N^2) complexity on specific inputs. Users may notice a noticeable slowdown is observed with inputs above 10k characters. Users who pass user-provided strings without sanity length checks to moment constructor are vulnerable to (Re)DoS attacks. The problem is patched in 2.29.4, the patch can be applied to all affected versions with minimal tweaking. Users are advised to upgrade. Users unable to upgrade should consider limiting date lengths accepted from user input. | |||||
CVE-2022-32213 | 5 Debian, Fedoraproject, Llhttp and 2 more | 5 Debian Linux, Fedora, Llhttp and 2 more | 2023-02-23 | N/A | 6.5 MEDIUM |
The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling (HRS). | |||||
CVE-2022-32215 | 5 Debian, Fedoraproject, Llhttp and 2 more | 5 Debian Linux, Fedora, Llhttp and 2 more | 2023-02-23 | N/A | 6.5 MEDIUM |
The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS). | |||||
CVE-2020-7677 | 3 Debian, Fedoraproject, Thenify Project | 3 Debian Linux, Fedora, Thenify | 2023-02-23 | N/A | 9.8 CRITICAL |
This affects the package thenify before 3.3.1. The name argument provided to the package can be controlled by users without any sanitization, and this is provided to the eval function without any sanitization. | |||||
CVE-2021-33643 | 3 Fedoraproject, Feep, Huawei | 3 Fedora, Libtar, Openeuler | 2023-02-23 | N/A | 9.1 CRITICAL |
An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink, causing an out-of-bounds read. | |||||
CVE-2022-2097 | 5 Debian, Fedoraproject, Netapp and 2 more | 15 Debian Linux, Fedora, Active Iq Unified Manager and 12 more | 2023-02-23 | 5.0 MEDIUM | 5.3 MEDIUM |
AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p). | |||||
CVE-2022-2058 | 4 Debian, Fedoraproject, Libtiff and 1 more | 4 Debian Linux, Fedora, Libtiff and 1 more | 2023-02-23 | 4.3 MEDIUM | 6.5 MEDIUM |
Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010. | |||||
CVE-2022-2057 | 4 Debian, Fedoraproject, Libtiff and 1 more | 4 Debian Linux, Fedora, Libtiff and 1 more | 2023-02-23 | 4.3 MEDIUM | 6.5 MEDIUM |
Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010. | |||||
CVE-2022-2056 | 4 Debian, Fedoraproject, Libtiff and 1 more | 4 Debian Linux, Fedora, Libtiff and 1 more | 2023-02-23 | 4.3 MEDIUM | 6.5 MEDIUM |
Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010. | |||||
CVE-2022-1623 | 4 Debian, Fedoraproject, Libtiff and 1 more | 4 Debian Linux, Fedora, Libtiff and 1 more | 2023-02-23 | 4.3 MEDIUM | 5.5 MEDIUM |
LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:624, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa. | |||||
CVE-2022-1355 | 5 Debian, Fedoraproject, Libtiff and 2 more | 5 Debian Linux, Fedora, Libtiff and 2 more | 2023-02-23 | N/A | 6.1 MEDIUM |
A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffcp tool, triggering a stack buffer overflow issue, possibly corrupting the memory, and causing a crash that leads to a denial of service. | |||||
CVE-2022-1354 | 5 Debian, Fedoraproject, Libtiff and 2 more | 5 Debian Linux, Fedora, Libtiff and 2 more | 2023-02-23 | N/A | 5.5 MEDIUM |
A heap buffer overflow flaw was found in Libtiffs' tiffinfo.c in TIFFReadRawDataStriped() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffinfo tool, triggering a heap buffer overflow issue and causing a crash that leads to a denial of service. | |||||
CVE-2022-2868 | 3 Debian, Fedoraproject, Libtiff | 3 Debian Linux, Fedora, Libtiff | 2023-02-23 | N/A | 5.5 MEDIUM |
libtiff's tiffcrop utility has a improper input validation flaw that can lead to out of bounds read and ultimately cause a crash if an attacker is able to supply a crafted file to tiffcrop. | |||||
CVE-2022-2869 | 3 Debian, Fedoraproject, Libtiff | 3 Debian Linux, Fedora, Libtiff | 2023-02-23 | N/A | 5.5 MEDIUM |
libtiff's tiffcrop tool has a uint32_t underflow which leads to out of bounds read and write in the extractContigSamples8bits routine. An attacker who supplies a crafted file to tiffcrop could trigger this flaw, most likely by tricking a user into opening the crafted file with tiffcrop. Triggering this flaw could cause a crash or potentially further exploitation. | |||||
CVE-2022-2867 | 3 Debian, Fedoraproject, Libtiff | 3 Debian Linux, Fedora, Libtiff | 2023-02-23 | N/A | 5.5 MEDIUM |
libtiff's tiffcrop utility has a uint32_t underflow that can lead to out of bounds read and write. An attacker who supplies a crafted file to tiffcrop (likely via tricking a user to run tiffcrop on it with certain parameters) could cause a crash or in some cases, further exploitation. | |||||
CVE-2022-40768 | 3 Debian, Fedoraproject, Linux | 3 Debian Linux, Fedora, Linux Kernel | 2023-02-23 | N/A | 5.5 MEDIUM |
drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case. |