CVSS: 7.8EPSS: 31%CPEs: 22EXPL: 10CVE-2022-34918 – kernel: heap overflow in nft_set_elem_init()
https://notcve.org/view.php?id=CVE-2022-34918
04 Jul 2022 — An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c. Se ha detectado un problema en el kernel de Linux versiones hasta 5.18.9. • https://packetstorm.news/files/id/168543 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') CWE-1025: Comparison Using Wrong Factors •
CVSS: 10.0EPSS: 58%CPEs: 12EXPL: 4CVE-2022-2274 – RSA implementation bug in AVX512IFMA instructions
https://notcve.org/view.php?id=CVE-2022-2274
01 Jul 2022 — The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computation. As a consequence of the memory corruption an attacker may be able to trigger a remote code execution on the machine performing the computation. SSL/TLS servers or other servers using 2048 bit RSA private keys running on machine... • https://github.com/Malwareman007/CVE-2022-2274 • CWE-787: Out-of-bounds Write •
CVSS: 4.3EPSS: 0%CPEs: 31EXPL: 1CVE-2022-32205 – Gentoo Linux Security Advisory 202212-01
https://notcve.org/view.php?id=CVE-2022-32205
28 Jun 2022 — A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger than the threshold that curl uses internally to avoid sending crazy large requests (1048576 bytes) and instead returns an error.This denial state might remain for as long as the same cookies are kept, match and ... • http://seclists.org/fulldisclosure/2022/Oct/28 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.5EPSS: 0%CPEs: 33EXPL: 2CVE-2022-32206 – curl: HTTP compression denial of service
https://notcve.org/view.php?id=CVE-2022-32206
28 Jun 2022 — curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memo... • https://github.com/HimanshuS67/external_curl_AOSP10_CVE-2022-32206 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 9.8EPSS: 0%CPEs: 21EXPL: 1CVE-2022-32207 – curl: Unpreserved file permissions
https://notcve.org/view.php?id=CVE-2022-32207
28 Jun 2022 — When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended. Cuando curl versiones anteriores a 7.84.0, guarda datos de cookies, alt-svc y hsts en archivos locales, hace que la operación sea atómica al finalizar la oper... • http://seclists.org/fulldisclosure/2022/Oct/28 • CWE-276: Incorrect Default Permissions CWE-281: Improper Preservation of Permissions CWE-840: Business Logic Errors •
CVSS: 5.9EPSS: 0%CPEs: 22EXPL: 1CVE-2022-32208 – curl: FTP-KRB bad message verification
https://notcve.org/view.php?id=CVE-2022-32208
28 Jun 2022 — When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client. Cuando curl versiones anteriores a 7.84.0, hace transferencias FTP aseguradas por krb5, maneja inapropiadamente los fallos de verificación de mensajes. Este fallo hace posible que un ataque de tipo Man-In-The-Middle pase desapercibido e incluso permite inyectar datos al cliente A vu... • http://seclists.org/fulldisclosure/2022/Oct/28 • CWE-787: Out-of-bounds Write CWE-840: Business Logic Errors CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel •
CVSS: 10.0EPSS: 71%CPEs: 50EXPL: 1CVE-2022-2068 – The c_rehash script allows command injection
https://notcve.org/view.php?id=CVE-2022-2068
21 Jun 2022 — In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where... • https://packetstorm.news/files/id/182466 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 0CVE-2022-1998 – kernel: fanotify misuses fd_install() which could lead to use-after-free
https://notcve.org/view.php?id=CVE-2022-1998
09 Jun 2022 — A use after free in the Linux kernel File System notify functionality was found in the way user triggers copy_info_records_to_user() call to fail in copy_event_to_user(). A local user could use this flaw to crash the system or potentially escalate their privileges on the system. Se ha encontrado un uso de memoria previamente liberada en la funcionalidad de notificación del sistema de archivos del kernel de Linux en la forma en que el usuario activa la llamada copy_info_records_to_user() para fallar en copy_... • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/fs/notify/fanotify/fanotify_user.c?h=v5.17&id=ee12595147ac1fbfb5bcb23837e26dd58d94b15d • CWE-416: Use After Free •
CVSS: 7.1EPSS: 0%CPEs: 13EXPL: 0CVE-2022-1671 – Ubuntu Security Notice USN-5469-1
https://notcve.org/view.php?id=CVE-2022-1671
08 Jun 2022 — A NULL pointer dereference flaw was found in rxrpc_preparse_s in net/rxrpc/server_key.c in the Linux kernel. This flaw allows a local attacker to crash the system or leak internal kernel information. Se ha encontrado un fallo de desreferencia de puntero NULL en la función rxrpc_preparse_s en el archivo net/rxrpc/server_key.c en el kernel de Linux. Este fallo permite a un atacante local bloquear el sistema o filtrar información interna del kernel. It was discovered that the Linux kernel did not properly rest... • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ff8376ade4f668130385839cef586a0990f8ef87 • CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 2%CPEs: 22EXPL: 8CVE-2022-32250 – Linux Kernel nf_tables_expr_destroy Use-After-Free Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-32250
02 Jun 2022 — net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free. El archivo net/netfilter/nf_tables_api.c en el kernel de Linux versiones hasta 5.18.1, permite a un usuario local (capaz de crear espacios de nombres de usuario/red) escalar privilegios a root porque una comprobación incorrecta de NFT_STATEFUL_EXPR conlleva a un uso de memoria previamen... • https://github.com/theori-io/CVE-2022-32250-exploit • CWE-416: Use After Free •