Page 10 of 1223 results (0.007 seconds)

CVSS: 7.4EPSS: 0%CPEs: 28EXPL: 2

CVE-2022-29824 – libxml2: integer overflows in xmlBuf and xmlBuffer lead to out-of-bounds write

https://notcve.org/view.php?id=CVE-2022-29824

In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well. En libxml2 versiones anteriores a 2.9.14, varias funciones de manejo de búferes en buf.c (xmlBuf*) y tree.c (xmlBuffer*) no comprueban los desbordamientos de enteros. • http://packetstormsecurity.com/files/167345/libxml2-xmlBufAdd-Heap-Buffer-Overflow.html http://packetstormsecurity.com/files/169825/libxml2-xmlParseNameComplex-Integer-Overflow.html https://gitlab.gnome.org/GNOME/libxml2/-/commit/2554a2408e09f13652049e5ffb0d26196b02ebab https://gitlab.gnome.org/GNOME/libxml2/-/commit/6c283d83eccd940bcde15634ac8c7f100e3caefd https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.9.14 https://gitlab.gnome.org/GNOME/libxslt/-/tags https://lists.debian.org/debian-lts-announce/2022/05/msg0 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •

CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 1

CVE-2022-29968

https://notcve.org/view.php?id=CVE-2022-29968

An issue was discovered in the Linux kernel through 5.17.5. io_rw_init_file in fs/io_uring.c lacks initialization of kiocb->private. Se ha detectado un problema en el kernel de Linux versiones hasta 5.17.5. La función io_rw_init_file en el archivo fs/io_uring.c carece de la inicialización de kiocb-)private • https://github.com/jprx/CVE-2022-29968 https://github.com/torvalds/linux/commit/32452a3eb8b64e01e2be717f518c0be046975b9d https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU7MT7BPTA2NG24BTLZF5ZWYTLSO7BU3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TLWTG3TWIMLNQEVTA3ZQYVLLU2AJM3DY https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XA7UZ3HS73KXVYCIKN5ZDH7LLLGPUMOZ https://security.netapp.com/advisory/ntap-20220715-0009 • CWE-909: Missing Initialization of Resource •

CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0

CVE-2022-0984

https://notcve.org/view.php?id=CVE-2022-0984

Users with the capability to configure badge criteria (teachers and managers by default) were able to configure course badges with profile field criteria, which should only be available for site badges. Los usuarios con capacidad para configurar los criterios de las insignias (profesores y administradores por defecto) podían configurar las insignias del curso con los criterios del campo de perfil, que sólo deberían estar disponibles para las insignias del sitio • https://bugzilla.redhat.com/show_bug.cgi?id=2064118 • CWE-863: Incorrect Authorization •

CVSS: 8.8EPSS: 0%CPEs: 20EXPL: 1

CVE-2022-1227 – psgo: Privilege escalation in 'podman top'

https://notcve.org/view.php?id=CVE-2022-1227

A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service. Se ha encontrado un fallo de escalada de privilegios en Podman. • https://bugzilla.redhat.com/show_bug.cgi?id=2070368 https://github.com/containers/podman/issues/10941 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ https://security.netapp.com/advisory/ntap-20240628-0001 https://access.redhat.com/security/cve/CVE-2022-1227 • CWE-269: Improper Privilege Management CWE-281: Improper Preservation of Permissions •

CVSS: 5.3EPSS: 1%CPEs: 7EXPL: 0

CVE-2022-29869

https://notcve.org/view.php?id=CVE-2022-29869

cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials file. cifs-utils versiones hasta 6.14, con registro detallado, puede causar un filtrado de información cuando un archivo contiene caracteres = (signo de igualdad) pero no es un archivo de credenciales válido • https://github.com/piastry/cifs-utils/commit/8acc963a2e7e9d63fe1f2e7f73f5a03f83d9c379 https://github.com/piastry/cifs-utils/pull/7 https://lists.debian.org/debian-lts-announce/2022/05/msg00020.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5WBOLMANBYJILXQKRRK7OCR774PXJAYY https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HXKZLJYJJEC3TIBFLXUORRMZUKG5W676 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message • CWE-532: Insertion of Sensitive Information into Log File •