CVSS: 3.7EPSS: 0%CPEs: 4EXPL: 0CVE-2021-36368
https://notcve.org/view.php?id=CVE-2021-36368
12 Mar 2022 — An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without -oLogLevel=verbose, and an attacker has silently modified the server to support the None authentication option, then the user cannot determine whether FIDO authentication is going to confirm that the user wishes to connect to that server, or that the user wishes to allow that server to connect to a different server on the user's behalf. NOTE: the vendor's position is "this is not a... • https://bugzilla.mindrot.org/show_bug.cgi?id=3316 • CWE-287: Improper Authentication •
CVSS: 5.5EPSS: 0%CPEs: 17EXPL: 0CVE-2022-26966 – Ubuntu Security Notice USN-5417-1
https://notcve.org/view.php?id=CVE-2022-26966
12 Mar 2022 — An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to obtain sensitive information from heap memory via crafted frame lengths from a device. Se ha detectado un problema en el kernel de Linux versiones anteriores a 5.16.12. El archivo drivers/net/usb/sr9700.c permite a atacantes obtener información confidencial de la memoria de la pila por medio de tramas diseñadas desde un dispositivo Ke Sun, Alyssa Milburn, Henrique Kawakami, Emma Benoit, Igor Chervatyuk, ... • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.10 •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 1CVE-2022-26874
https://notcve.org/view.php?id=CVE-2022-26874
11 Mar 2022 — lib/Horde/Mime/Viewer/Ooo.php in Horde Mime_Viewer before 2.2.4 allows XSS via an OpenOffice document, leading to account takeover in Horde Groupware Webmail Edition. This occurs after XSLT rendering. el archivo lib/Horde/Mime/Viewer/Ooo.php en Horde Mime_Viewer versiones anteriores a 2.2.4, permite un ataque de tipo XSS por medio de un documento de OpenOffice, conllevando a la toma de posesión de la cuenta en Horde Groupware Webmail Edition. Esto ocurre después de la renderización de XSLT • https://blog.sonarsource.com/horde-webmail-account-takeover-via-email • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-24754 – Buffer overflow in pjsip
https://notcve.org/view.php?id=CVE-2022-24754
11 Mar 2022 — PJSIP is a free and open source multimedia communication library written in C language. In versions prior to and including 2.12 PJSIP there is a stack-buffer overflow vulnerability which only impacts PJSIP users who accept hashed digest credentials (credentials with data_type `PJSIP_CRED_DATA_DIGEST`). This issue has been patched in the master branch of the PJSIP repository and will be included with the next release. Users unable to upgrade need to check that the hashed digest data length must be equal to `... • https://github.com/pjsip/pjproject/commit/d27f79da11df7bc8bb56c2f291d71e54df8d2c47 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 7.5EPSS: 0%CPEs: 77EXPL: 2CVE-2020-36518 – jackson-databind: denial of service via a large depth of nested objects
https://notcve.org/view.php?id=CVE-2020-36518
11 Mar 2022 — jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects. jackson-databind versiones anteriores a 2.13.0, permite una excepción Java StackOverflow y una denegación de servicio por medio de una gran profundidad de objetos anidados A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects. Red Hat JBoss Enterprise Appli... • https://github.com/ghillert/boot-jackson-cve • CWE-400: Uncontrolled Resource Consumption CWE-787: Out-of-bounds Write •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-23042
https://notcve.org/view.php?id=CVE-2022-23042
10 Mar 2022 — Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the ... • https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-23041 – Ubuntu Security Notice USN-7428-2
https://notcve.org/view.php?id=CVE-2022-23041
10 Mar 2022 — Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the ... • https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-23040 – Ubuntu Security Notice USN-5467-1
https://notcve.org/view.php?id=CVE-2022-23040
10 Mar 2022 — Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the ... • https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-23039 – Ubuntu Security Notice USN-5467-1
https://notcve.org/view.php?id=CVE-2022-23039
10 Mar 2022 — Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the ... • https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-23038
https://notcve.org/view.php?id=CVE-2022-23038
10 Mar 2022 — Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the ... • https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •