Carlos López

#8457of 53,633
32.5Total CVSS
Vulnerabilities · 4
High
3
Critical
1
PT-2023-22671
7.5
2023-06-14
Unknown · Lua-Resty-Json · CVE-2023-3040
**Name of the Vulnerable Software and Affected Versions** lua-resty-json versions up to commit id 3ef9492bd3a44d9e51301d6adc3cd1789c8f534a **Description** A debug function in the lua-resty-json package contained an out of bounds access bug that could have allowed an attacker to launch a Denial of Service (DoS) if the function was used to parse untrusted input data. The debug function was only used in tests and demos, making it not exploitable in a normal environment. **Recommendations** For versions up to commit id 3ef9492bd3a44d9e51301d6adc3cd1789c8f534a, consider disabling the debug function to prevent potential exploitation until a patch is available.
PT-2023-1714
7.8
2023-02-19
Linux · Linux Kernel · CVE-2023-26242
**Name of the Vulnerable Software and Affected Versions** Linux kernel versions through 6.1.12 **Description** The issue is related to an integer overflow in the `afu mmio region get by offset` function in the Linux kernel. This function is located in the `drivers/fpga/dfl-afu-region.c` file. The integer overflow could potentially allow an attacker to execute arbitrary code. **Recommendations** For Linux kernel versions through 6.1.12, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2022-7370
9.4
2022-09-12
Unknown · Frrouting Frr · CVE-2022-37032
**Name of the Vulnerable Software and Affected Versions** FRRouting FRR versions prior to 8.4 **Description** The issue is related to an out-of-bounds read in the BGP daemon of FRRouting FRR. This can lead to a segmentation fault and denial of service. The problem occurs in the `bgp capability msg parse` function in `bgpd/bgp packet.c`. **Recommendations** For versions prior to 8.4, update to version 8.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the BGP daemon to minimize the risk of exploitation.
PT-2022-17033
7.8
2022-02-26
Kde · Kde Kcron · CVE-2022-24986
**Name of the Vulnerable Software and Affected Versions** KDE KCron versions prior to 21.12.3 **Description** The issue allows an attacker to potentially intercept a temporary file and run unauthorized commands. This is due to the reuse of a filename in the /tmp directory during an editing session. **Recommendations** For versions prior to 21.12.3, update to version 21.12.3 or later to resolve the issue.