CVSS: 7.8EPSS: 0%CPEs: 152EXPL: 0CVE-2022-3088
https://notcve.org/view.php?id=CVE-2022-3088
UC-8100A-ME-T System Image: Versions v1.0 to v1.6, UC-2100 System Image: Versions v1.0 to v1.12, UC-2100-W System Image: Versions v1.0 to v 1.12, UC-3100 System Image: Versions v1.0 to v1.6, UC-5100 System Image: Versions v1.0 to v1.4, UC-8100 System Image: Versions v3.0 to v3.5, UC-8100-ME-T System Image: Versions v3.0 and v3.1, UC-8200 System Image: v1.0 to v1.5, AIG-300 System Image: v1.0 to v1.4, UC-8410A with Debian 9 System Image: Versions v4.0.2 and v4.1.2, UC-8580 with Debian 9 System Image: Versions v2.0 and v2.1, UC-8540 with Debian 9 System Image: Versions v2.0 and v2.1, and DA-662C-16-LX (GLB) System Image: Versions v1.0.2 to v1.1.2 of Moxa's ARM-based computers have an execution with unnecessary privileges vulnerability, which could allow an attacker with user-level privileges to gain root privileges. System Image UC-8100A-ME-T: Versiones v1.0 a v1.6, System Image UC-2100: Versiones v1.0 a v1.12, System Image UC-2100-W: Versiones v1.0 a v 1.12, System Image UC-3100: versiones v1.0 a v1.6, System Image UC-5100: versiones v1.0 a v1.4, System Image UC-8100: versiones v3.0 a v3.5, System Image UC-8100-ME-T: Versiones v3.0 y v3.1, System Image UC-8200: v1.0 a v1.5, System Image AIG-300: v1.0 a v1.4, System Image UC-8410A con Debian 9: Versiones v4.0.2 y v4.1.2, System Image UC-8580 con Debian 9: Versiones v2.0 y v2.1, System Image UC-8540 con Debian 9: Versiones v2.0 y v2.1, y System Image DA -662C-16-LX (GLB): Las versiones v1.0.2 a v1.1.2 Las máquinas basadas en ARM de Moxa tienen una vulnerabilidad de ejecución con privilegios innecesarios, lo que podría permitir que un atacante con privilegios de nivel de usuario obtenga privilegios de root. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-05 • CWE-250: Execution with Unnecessary Privileges CWE-269: Improper Privilege Management •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-44641
https://notcve.org/view.php?id=CVE-2022-44641
In Linaro Automated Validation Architecture (LAVA) before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive use of memory on the server and a Denial of Service. En Linaro Automated Validation Architecture (LAVA) anterior a 2022.11, los usuarios con credenciales válidas pueden enviar solicitudes XMLRPC manipuladas que provocan una expansión recursiva de la entidad XML, lo que provoca un uso excesivo de la memoria en el servidor y una Denegación de Servicio (DoS). • https://lists.debian.org/debian-lts-announce/2023/01/msg00016.html https://lists.lavasoftware.org/archives/list/lava-announce%40lists.lavasoftware.org/thread/WHXGQMIZAPW3GCQEXYHC32N2ZAAAIYCY https://www.debian.org/security/2023/dsa-5318 • CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-41916 – Read one byte past a buffer when normalizing Unicode
https://notcve.org/view.php?id=CVE-2022-41916
Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Versions prior to 7.7.1 are vulnerable to a denial of service vulnerability in Heimdal's PKI certificate validation library, affecting the KDC (via PKINIT) and kinit (via PKINIT), as well as any third-party applications using Heimdal's libhx509. Users should upgrade to Heimdal 7.7.1 or 7.8. There are no known workarounds for this issue. Heimdal es una implementación de ASN.1/DER, PKIX y Kerberos. • https://github.com/heimdal/heimdal/security/advisories/GHSA-mgqr-gvh6-23cx https://lists.debian.org/debian-lts-announce/2022/11/msg00034.html https://security.gentoo.org/glsa/202310-06 https://security.netapp.com/advisory/ntap-20230216-0008 https://www.debian.org/security/2022/dsa-5287 • CWE-193: Off-by-one Error •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 1CVE-2022-3970 – LibTIFF tif_getimage.c TIFFReadRGBATileExt integer overflow
https://notcve.org/view.php?id=CVE-2022-3970
A vulnerability was found in LibTIFF. It has been classified as critical. This affects the function TIFFReadRGBATileExt of the file libtiff/tif_getimage.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53137 https://gitlab.com/libtiff/libtiff/-/commit/227500897dfb07fb7d27f7aa570050e62617e3be https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html https://oss-fuzz.com/download?testcase_id=5738253143900160 https://security.netapp.com/advisory/ntap-20221215-0009 https://support.apple.com/kb/HT213841 https://support.apple.com/kb/HT213843 https://vuldb.com/?id.213549 https://access.redhat.com/security/cve/CVE-2022-3970 https • CWE-189: Numeric Errors CWE-680: Integer Overflow to Buffer Overflow •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 1CVE-2022-45188 – Synology DiskStation Manager Serv.php Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2022-45188
Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl file. This provides remote root access on some platforms such as FreeBSD (used for TrueNAS). Netatalk hasta 3.1.13 tiene un Desbordamiento del Búfer en afp_getappl que genera la ejecución de código a través de un archivo .appl manipulado. Esto proporciona acceso raíz remoto en algunas plataformas como FreeBSD (utilizado para TrueNAS). This vulnerability allows remote attackers to bypass authentication on affected installations of Synology DiskStation Manager. • https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZYWSGVA6WXREMB6PV56HAHKU7R6KPOP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GEAFLA5L2SHOUFBAGUXIF2TZLGBXGJKT https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SG6WZW5LXFVH3P7ZVZRGHUVJEMEFKQLI https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html https://netatalk.sourceforge.io/3.1/ • CWE-787: Out-of-bounds Write •