CVSS: 3.3EPSS: 0%CPEs: 13EXPL: 0CVE-2022-4123
https://notcve.org/view.php?id=CVE-2022-4123
A flaw was found in Buildah. The local path and the lowest subdirectory may be disclosed due to incorrect absolute path traversal, resulting in an impact to confidentiality. • https://bugzilla.redhat.com/show_bug.cgi?id=2144989 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •
CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0CVE-2022-4122 – podman: Symlink error leads to information disclosure
https://notcve.org/view.php?id=CVE-2022-4122
A vulnerability was found in buildah. Incorrect following of symlinks while reading .containerignore and .dockerignore results in information disclosure. Se encontró una vulnerabilidad en buildah. El seguimiento incorrecto de enlaces simbólicos al leer .containerignore y .dockerignore da como resultado la divulgación de información. A vulnerability was found in buildah and podman. • https://bugzilla.redhat.com/show_bug.cgi?id=2144983 https://github.com/containers/podman/pull/16315 https://access.redhat.com/security/cve/CVE-2022-4122 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-4129 – kernel: l2tp: missing lock when clearing sk_user_data can lead to NULL pointer dereference
https://notcve.org/view.php?id=CVE-2022-4129
A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service. Se encontró una falla en Layer 2 Tunneling Protocol (L2TP) del kernel de Linux. Un bloqueo faltante al borrar sk_user_data puede provocar una condición de ejecución y una desreferencia del puntero NULL. • https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7X5SPXMXXFANDASPCKER2JIQO2F3UHCP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AM5KFIE6JNZXHBA5A2KYDZAT3MEX2B67 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JOKXNIM2R4FQCDRQV67UMAY6EBC72QFG https://lore.kernel.org/all/20221114191619.124659-1-jakub%40cloudflare.com/t https://lore.kernel.org& • CWE-476: NULL Pointer Dereference CWE-667: Improper Locking •
CVSS: 9.1EPSS: 0%CPEs: 7EXPL: 0CVE-2022-45152
https://notcve.org/view.php?id=CVE-2022-45152
A blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle. This flaw exists due to insufficient validation of user-supplied input in LTI provider library. The library does not utilise Moodle's inbuilt cURL helper, which resulted in a blind SSRF risk. An attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems. This vulnerability allows a remote attacker to perform SSRF attacks. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-71920 https://bugzilla.redhat.com/show_bug.cgi?id=2142775 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DHYIIAUXUBHMBEDYU7TYNZXEN2W2SA2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/74SXNGA5RIWM7QNX7H3G7SYIQLP4UUGV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NLRJB5JNKK3VVBLV3NH3RI7COEDAXSAB https://moodle.org/mod/foru • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-39346 – Missing length validation of user displayname in nextcloud server
https://notcve.org/view.php?id=CVE-2022-39346
Nextcloud server is an open source personal cloud server. Affected versions of nextcloud server did not properly limit user display names which could allow a malicious users to overload the backing database and cause a denial of service. It is recommended that the Nextcloud Server is upgraded to 22.2.10, 23.0.7 or 24.0.3. There are no known workarounds for this issue. El servidor Nextcloud es un servidor en la nube personal de código abierto. • https://github.com/nextcloud/security-advisories/security/advisories/GHSA-6w9f-jgjx-4vj6 https://github.com/nextcloud/server/pull/33052 https://hackerone.com/reports/1588562 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42TARDPRPBTI5TJRBYRVVQGTL6KWRCV5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R32L3P53AQKQQC652LA5U3AWFTZKPDK3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TRAER4DCCHHSUDFHQ6LTIH4JEJFF73IU • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •