CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-2509 – gnutls: Double free during gnutls_pkcs7_verify
https://notcve.org/view.php?id=CVE-2022-2509
A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function. Una vulnerabilidad encontrada en gnutls. Este fallo de seguridad es producida por un error de doble liberación durante la verificación de firmas pkcs7 en la función gnutls_pkcs7_verify A vulnerability was found in gnutls. This issue is due to a double-free error that occurs during the verification of pkcs7 signatures in the gnutls_pkcs7_verify function. • https://access.redhat.com/security/cve/CVE-2022-2509 https://lists.debian.org/debian-lts-announce/2022/08/msg00002.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FL27JS3VM74YEQU7PGB62USO3KSBYZX https://lists.gnupg.org/pipermail/gnutls-help/2022-July/004746.html https://www.debian.org/security/2022/dsa-5203 https://bugzilla.redhat.com/show_bug.cgi?id=2108977 • CWE-415: Double Free •
CVSS: 5.5EPSS: 0%CPEs: 22EXPL: 0CVE-2022-1184 – kernel: use-after-free and memory errors in ext4 when mounting and operating on a corrupted image
https://notcve.org/view.php?id=CVE-2022-1184
A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service. Se ha detectado un fallo de uso de memoria previamente liberada en el archivo fs/ext4/namei.c:dx_insert_block() en el subcomponente del sistema de archivos del kernel de Linux. Este fallo permite a un atacante local con privilegios de usuario causar una denegación de servicio • https://access.redhat.com/security/cve/CVE-2022-1184 https://bugzilla.redhat.com/show_bug.cgi?id=2070205 https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html https://ubuntu.com/security/CVE-2022-1184 https://www.debian.org/security/2022/dsa-5257 • CWE-416: Use After Free •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2403 – openshift: oauth-serving-cert configmap contains cluster certificate private key
https://notcve.org/view.php?id=CVE-2022-2403
A credentials leak was found in the OpenShift Container Platform. The private key for the external cluster certificate was stored incorrectly in the oauth-serving-cert ConfigMaps, and accessible to any authenticated OpenShift user or service-account. A malicious user could exploit this flaw by reading the oauth-serving-cert ConfigMap in the openshift-config-managed namespace, compromising any web traffic secured using that certificate. Se ha encontrado un filtrado de credenciales en OpenShift Container Platform. La clave privada del certificado del clúster externo es almacenada de forma incorrecta en el ConfigMaps oauth-serving-cert, y era accesible para cualquier usuario o cuenta de servicio autenticada de OpenShift. • https://access.redhat.com/security/cve/CVE-2022-2403 https://bugzilla.redhat.com/show_bug.cgi?id=2101959 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 6.1EPSS: 1%CPEs: 12EXPL: 0CVE-2022-35653
https://notcve.org/view.php?id=CVE-2022-35653
A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website to steal potentially sensitive information, change appearance of the web page, can perform phishing and drive-by-download attacks. This vulnerability does not impact authenticated users. Se ha identificado un problema de tipo XSS reflejado en el módulo LTI de Moodle. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-72299 https://bugzilla.redhat.com/show_bug.cgi?id=2106277 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6MOKYVRNFNAODP2XSMGJ5CRDUZCZKAR3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTKUSFPSYFINSQFSOHDQIDVE6FWBEU6V https://moodle.org/mod/forum/discuss.php?d=436460 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 12EXPL: 0CVE-2022-35651
https://notcve.org/view.php?id=CVE-2022-35651
A stored XSS and blind SSRF vulnerability was found in Moodle, occurs due to insufficient sanitization of user-supplied data in the SCORM track details. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website to steal potentially sensitive information, change appearance of the web page, can perform phishing and drive-by-download attacks. Se encontró una vulnerabilidad de tipo XSS almacenado y SSRF ciego en Moodle, es producido debido a un saneamiento insuficiente de los datos suministrados por el usuario en los detalles de la pista SCORM. Un atacante remoto puede engañar a la víctima para que siga un enlace especialmente diseñado y ejecutar código HTML y script arbitrario en el navegador del usuario en el contexto del sitio web vulnerable para robar información potencialmente confidencial, cambiar la apariencia de la página web, puede llevar a cabo ataques de phishing y drive-by-download • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-71921 https://bugzilla.redhat.com/show_bug.cgi?id=2106275 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6MOKYVRNFNAODP2XSMGJ5CRDUZCZKAR3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTKUSFPSYFINSQFSOHDQIDVE6FWBEU6V https://moodle.org/mod/forum/discuss.php?d=436458 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •