CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 2CVE-2022-23648 – Insecure handling of image volumes in containerd CRI plugin
https://notcve.org/view.php?id=CVE-2022-23648
containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd’s CRI implementation on Linux with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy) and expose potentially sensitive information. Kubernetes and crictl can both be configured to use containerd’s CRI implementation. This bug has been fixed in containerd 1.6.1, 1.5.10, and 1.4.12. • https://github.com/raesene/CVE-2022-23648-POC http://packetstormsecurity.com/files/166421/containerd-Image-Volume-Insecure-Handling.html https://github.com/containerd/containerd/commit/10f428dac7cec44c864e1b830a4623af27a9fc70 https://github.com/containerd/containerd/releases/tag/v1.4.13 https://github.com/containerd/containerd/releases/tag/v1.5.10 https://github.com/containerd/containerd/releases/tag/v1.6.1 https://github.com/containerd/containerd/security/advisories/GHSA-crp2-qrr5-8pq7 https://lists.fedorapro • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2022-26126
https://notcve.org/view.php?id=CVE-2022-26126
Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to the use of strdup with a non-zero-terminated binary string in isis_nb_notifications.c. Se presentan vulnerabilidades de desbordamiento del búfer en FRRouting versiones hasta 8.1.0, debido al uso de strdup con una cadena binaria que no termina en cero en el archivo isis_nb_notifications.c • https://github.com/FRRouting/frr/issues/10505 https://lists.debian.org/debian-lts-announce/2024/04/msg00019.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MIEQNIWUSBQTFR65HM2LLIB7PH27CZUZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VTYSAL4QCE4XWMMBKUB7LSLPAFLWUML4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XUCZR6RYQVZ35BFUV7OLIUEHZW2433I2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2022-25601 – WordPress Contact Form X plugin <= 2.4 - Reflected Cross-Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2022-25601
Reflected Cross-Site Scripting (XSS) vulnerability affecting parameter &tab discovered in Contact Form X WordPress plugin (versions <= 2.4). Se ha detectado vulnerabilidad de tipo Cross-Site Scripting (XSS) Reflejado que afecta al parámetro &tab en el plugin Contact Form X de WordPress (versiones anteriores a 2.4 incluyéndola) • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7CR6VGITIB2TXXZ6B5QRRWPU5S4BXQPD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IJX6NVXSRN3RX3YUVEJQ4WUTQSDL3DSR https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PZQCIZQI267YHVYSFB3CRKNK3F4ASPLK https://patchstack.com/database/vulnerability/contact-form-x/wordpress-contact-form-x-plugin-2-4-authenticated-reflected-cross-site-scripting-xss-vulnerability https://wordpress.org/pl • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-0695 – Denial of Service in radareorg/radare2
https://notcve.org/view.php?id=CVE-2022-0695
Denial of Service in GitHub repository radareorg/radare2 prior to 5.6.4. Una Denegación de Servicio en el repositorio de GitHub radareorg/radare2 versiones anteriores a 5.6.4 • https://github.com/radareorg/radare2/commit/634b886e84a5c568d243e744becc6b3223e089cf https://huntr.dev/bounties/bdbddc0e-fb06-4211-a90b-7cbedcee2bea https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZTIMAS53YT66FUS4QHQAFRJOBMUFG6D https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E6YBRQ3UCFWJVSOYIKPVUDASZ544TFND • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2019-25058 – usbguard: Fix unauthorized access via D-Bus
https://notcve.org/view.php?id=CVE-2019-25058
An issue was discovered in USBGuard before 1.1.0. On systems with the usbguard-dbus daemon running, an unprivileged user could make USBGuard allow all USB devices to be connected in the future. Se ha detectado un problema en USBGuard versiones anteriores a 1.1.0. En sistemas con el demonio usbguard-dbus en ejecución, un usuario no privilegiado podía hacer que USBGuard permitiera la conexión de todos los dispositivos USB en el futuro A flaw was found in usbguard. The vulnerability occurs due to the No default access control list(ACL) on some D-Bus methods and leads to unauthorized access. • https://github.com/USBGuard/usbguard/issues/273 https://github.com/USBGuard/usbguard/issues/403 https://github.com/USBGuard/usbguard/pull/531 https://lists.debian.org/debian-lts-announce/2022/04/msg00010.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B2ET6DU4IA64M6TMQ4X3SG2L6TRPLDN6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B3HQVTHHJFQLSWSXA7W3ZHRF72YMPI46 https://lists.fedoraproject.org/archives/list/package-announce%40lis • CWE-863: Incorrect Authorization CWE-1220: Insufficient Granularity of Access Control •