CVSS: 5.4EPSS: 0%CPEs: 8EXPL: 0CVE-2022-30596
https://notcve.org/view.php?id=CVE-2022-30596
A flaw was found in moodle where ID numbers displayed when bulk allocating markers to assignments required additional sanitizing to prevent a stored XSS risk. Se ha encontrado un fallo en moodle donde los números de identificación mostrados cuando son asignan marcadores de forma masiva a las asignaciones requerían un saneo adicional para prevenir un riesgo de ataque de tipo XSS almacenado • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-74204 https://bugzilla.redhat.com/show_bug.cgi?id=2083583 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OGF35EN5K2R6X3NTY3XPZSJ3UDASMXI6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PIMSIRKCFLIC646K4GMUSZU7THOUVPAJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QCTWSE3JDMSYL7DPCMXMMJEXZSS6VIA5 https://moodle.org/mod/foru • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-1706 – ignition: configs are accessible from unprivileged containers in VMs running on VMware products
https://notcve.org/view.php?id=CVE-2022-1706
A vulnerability was found in Ignition where ignition configs are accessible from unprivileged containers in VMs running on VMware products. This issue is only relevant in user environments where the Ignition config contains secrets. The highest threat from this vulnerability is to data confidentiality. Possible workaround is to not put secrets in the Ignition config. Se ha encontrado una vulnerabilidad en Ignition en la que las configuraciones de encendido son accesibles desde contenedores no privilegiados en máquinas virtuales que son ejecutados en productos VMware. • https://bugzilla.redhat.com/show_bug.cgi?id=2082274 https://github.com/coreos/ignition/commit/4b70b44b430ecf8377a276e89b5acd3a6957d4ea https://github.com/coreos/ignition/issues/1300 https://github.com/coreos/ignition/issues/1315 https://github.com/coreos/ignition/pull/1350 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LY7LKGMQMXV6DGD263YQHNSLOJJ5VLV5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NP765L7TJI7CD4XVOHUWZVRYRH3FYBOR https:/& • CWE-863: Incorrect Authorization •
CVSS: 9.1EPSS: 0%CPEs: 18EXPL: 0CVE-2022-1587 – pcre2: Out-of-bounds read in get_recurse_data_length in pcre2_jit_compile.c
https://notcve.org/view.php?id=CVE-2022-1587
An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers. Se ha detectado una vulnerabilidad de lectura fuera de límites en la biblioteca PCRE2 en la función get_recurse_data_length() del archivo pcre2_jit_compile.c. Este problema afecta a las recursiones en expresiones regulares compiladas en JIT causadas por transferencias de datos duplicadas • https://bugzilla.redhat.com/show_bug.cgi?id=2077983%2C https://github.com/PCRE2Project/pcre2/commit/03654e751e7f0700693526b67dfcadda6b42c9d0 https://lists.debian.org/debian-lts-announce/2023/03/msg00014.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DWNG2NS3GINO6LQYUVC4BZLUQPJ3DYHA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXINO3KKI5DICQ45E2FKD6MKVMGJLEKJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/ • CWE-125: Out-of-bounds Read •
CVSS: 9.1EPSS: 0%CPEs: 19EXPL: 0CVE-2022-1586 – pcre2: Out-of-bounds read in compile_xclass_matchingpath in pcre2_jit_compile.c
https://notcve.org/view.php?id=CVE-2022-1586
An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT. Se ha detectado una vulnerabilidad de lectura fuera de límites en la biblioteca PCRE2 en la función compile_xclass_matchingpath() del archivo pcre2_jit_compile.c. Esto implica un problema de coincidencia de propiedades unicode en expresiones regulares compiladas en JIT. • https://bugzilla.redhat.com/show_bug.cgi?id=2077976%2C https://github.com/PCRE2Project/pcre2/commit/50a51cb7e67268e6ad417eb07c9de9bfea5cc55a%2C https://github.com/PCRE2Project/pcre2/commit/d4fa336fbcc388f89095b184ba6d99422cfc676c https://lists.debian.org/debian-lts-announce/2023/03/msg00014.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DWNG2NS3GINO6LQYUVC4BZLUQPJ3DYHA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXINO3KKI5DICQ45E2FKD6MKVMGJLEKJ https:&# • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-0084 – xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr
https://notcve.org/view.php?id=CVE-2022-0084
A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up. Se ha encontrado un fallo en XNIO, concretamente en el método notifyReadClosed. El problema reveló que este método estaba registrando un mensaje a otro extremo esperado. • https://access.redhat.com/security/cve/CVE-2022-0084 https://bugzilla.redhat.com/show_bug.cgi?id=2064226 https://github.com/xnio/xnio/commit/fdefb3b8b715d33387cadc4d48991fb1989b0c12 https://github.com/xnio/xnio/pull/291 • CWE-770: Allocation of Resources Without Limits or Throttling •