CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-3643
https://notcve.org/view.php?id=CVE-2022-3643
Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It appears to be an (unwritten?) assumption in the rest of the Linux network stack that packet protocol headers are all contained within the linear section of the SKB and some NICs behave badly if this is not the case. This has been reported to occur with Cisco (enic) and Broadcom NetXtrem II BCM5780 (bnx2x) though it may be an issue with other NICs/drivers as well. In case the frontend is sending requests with split headers, netback will forward those violating above mentioned assumption to the networking core, resulting in said misbehavior. • http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html http://www.openwall.com/lists/oss-security/2022/12/07/2 https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html https://xenbits.xenproject.org/xsa/advisory-423.txt • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-42329
https://notcve.org/view.php?id=CVE-2022-42329
Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock could occur in case of netpoll being active for the interface the xen-netback driver is connected to (CVE-2022-42329). Los invitados pueden provocar un punto muerto en Linux netback driver T. Este registro de información CNA se relaciona con múltiples CVE; el texto explica qué aspectos/vulnerabilidades corresponden a cada CVE.] • http://www.openwall.com/lists/oss-security/2022/12/08/2 http://www.openwall.com/lists/oss-security/2022/12/08/3 http://www.openwall.com/lists/oss-security/2022/12/09/2 https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html https://xenbits.xenproject.org/xsa/advisory-424.txt • CWE-667: Improper Locking •
CVSS: 9.8EPSS: 1%CPEs: 5EXPL: 1CVE-2022-24439 – Remote Code Execution (RCE)
https://notcve.org/view.php?id=CVE-2022-24439
All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments. Todas las versiones del paquete gitpython son vulnerables a la ejecución remota de código (RCE) debido a una validación incorrecta de la entrada del usuario, lo que hace posible inyectar una URL remota creada con fines malintencionados en el comando de clonación. Es posible explotar esta vulnerabilidad porque la librería realiza llamadas externas a git sin una sanitización suficiente de los argumentos de entrada. A remote code execution vulnerability exists in Git-python. • https://github.com/gitpython-developers/GitPython/blob/bec61576ae75803bc4e60d8de7a629c194313d1c/git/repo/base.py%23L1249 https://lists.debian.org/debian-lts-announce/2023/07/msg00024.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AV5DV7GBLMOZT7U3Q4TDOJO5R6G3V6GH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IKMVYKLWX62UEYKAN64RUZMOIAMZM5JN https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PF6AXUTC5BO7L2SBJMCVKJSPKWY52I5 • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-41325
https://notcve.org/view.php?id=CVE-2022-41325
An integer overflow in the VNC module in VideoLAN VLC Media Player through 3.0.17.4 allows attackers, by tricking a user into opening a crafted playlist or connecting to a rogue VNC server, to crash VLC or execute code under some conditions. Un desbordamiento de enteros en el módulo VNC en VideoLAN VLC Media Player hasta la versión 3.0.17.4 permite a los atacantes, al engañar a un usuario para que abra una lista de reproducción manipulada se conecte a un servidor VNC fraudulento, bloquear VLC o ejecutar código bajo algunas condiciones. • https://twitter.com/0xMitsurugi https://www.debian.org/security/2022/dsa-5297 https://www.synacktiv.com/sites/default/files/2022-11/vlc_vnc_int_overflow-CVE-2022-41325.pdf https://www.videolan.org/security/sb-vlc3018.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.1EPSS: 0%CPEs: 9EXPL: 0CVE-2022-43548 – nodejs: DNS rebinding in inspect via invalid octal IP address
https://notcve.org/view.php?id=CVE-2022-43548
A OS Command Injection vulnerability exists in Node.js versions <14.21.1, <16.18.1, <18.12.1, <19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.The fix for this issue in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212 was incomplete and this new CVE is to complete the fix. Existe una vulnerabilidad de inyección de comandos del Sistema Operativo en las versiones de Node.js <14.21.1, <16.18.1, <18.12.1, <19.0.1 debido a una verificación insuficiente de IsAllowedHost que se puede omitir fácilmente porque IsIPAddress no lo hace correctamente. verifique si una dirección IP no es válida antes de realizar solicitudes de DBS que permitan volver a vincular ataques. La solución para este problema en https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212 estaba incompleta y esto El nuevo CVE es para completar la solución. • https://lists.debian.org/debian-lts-announce/2023/02/msg00038.html https://nodejs.org/en/blog/vulnerability/november-2022-security-releases https://security.netapp.com/advisory/ntap-20230120-0004 https://security.netapp.com/advisory/ntap-20230427-0007 https://www.debian.org/security/2023/dsa-5326 https://access.redhat.com/security/cve/CVE-2022-43548 https://bugzilla.redhat.com/show_bug.cgi?id=2140911 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-350: Reliance on Reverse DNS Resolution for a Security-Critical Action •