CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-42902 – Debian Security Advisory 5260-1
https://notcve.org/view.php?id=CVE-2022-42902
13 Oct 2022 — In Linaro Automated Validation Architecture (LAVA) before 2022.10, there is dynamic code execution in lava_server/lavatable.py. Due to improper input sanitization, an anonymous user can force the lava-server-gunicorn service to execute user-provided code on the server. Linaro Automated Validation Architecture (LAVA) versiones anteriores a 2022.10, se presenta una ejecución de código dinámico en el archivo lava_server/lavatable.py. Debido a un saneo inapropiado de la entrada, un usuario anónimo puede forzar ... • https://git.lavasoftware.org/lava/lava/-/commit/e66b74cd6c175ff8826b8f3431740963be228b52?merge_request_iid=1834 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-36369 – Ubuntu Security Notice USN-7292-1
https://notcve.org/view.php?id=CVE-2021-36369
12 Oct 2022 — An issue was discovered in Dropbear through 2020.81. Due to a non-RFC-compliant check of the available authentication methods in the client-side SSH code, it is possible for an SSH server to change the login process in its favor. This attack can bypass additional security measures such as FIDO2 tokens or SSH-Askpass. Thus, it allows an attacker to abuse a forwarded agent for logging on to another server unnoticed. Se ha detectado un problema en Dropbear versiones hasta 2020.81. • https://github.com/mkj/dropbear/pull/128 • CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 15%CPEs: 3EXPL: 2CVE-2022-37601 – loader-utils (JS package) < 2.0.3 - Prototype Pollution
https://notcve.org/view.php?id=CVE-2022-37601
12 Oct 2022 — Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils via the name variable in parseQuery.js. This affects all versions prior to 1.4.1 and 2.0.3. Una vulnerabilidad de contaminación de prototipos en la función parseQuery en el archivo parseQuery.js en webpack loader-utils 2.0.0 por medio de la variable name en parseQuery.js A prototype pollution vulnerability was found in the parseQuery function in parseQuery.js in the webpack loader-utils via the name variable in... • http://users.encs.concordia.ca/~mmannan/publications/JS-vulnerability-aisaccs2022.pdf • CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 10.0EPSS: 1%CPEs: 5EXPL: 0CVE-2022-37616
https://notcve.org/view.php?id=CVE-2022-37616
11 Oct 2022 — A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom (published as @xmldom/xmldom) package before 0.8.3 for Node.js via the p variable. NOTE: the vendor states "we are in the process of marking this report as invalid"; however, some third parties takes the position that "A prototype injection/Prototype pollution is not just when global objects are polluted with recursive merge or deep cloning but also when a target object is polluted." Se presenta una vulnerabilidad de con... • http://users.encs.concordia.ca/~mmannan/publications/JS-vulnerability-aisaccs2022.pdf • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-41404
https://notcve.org/view.php?id=CVE-2022-41404
11 Oct 2022 — An issue in the fetch() method in the BasicProfile class of org.ini4j before v0.5.4 allows attackers to cause a Denial of Service (DoS) via unspecified vectors. Un problema en el método fetch() de la clase BasicProfile de org.ini4j versiones anteriores a v0.5.4, permite a atacantes causar una denegación de servicio (DoS) por medio de vectores no especificados An issue in the fetch() method in the BasicProfile class of org.ini4j through version v0.5.4 allows attackers to cause a Denial of Service (DoS) via u... • https://lists.debian.org/debian-lts-announce/2022/11/msg00037.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 4%CPEs: 3EXPL: 1CVE-2022-20421 – Ubuntu Security Notice USN-5791-3
https://notcve.org/view.php?id=CVE-2022-20421
11 Oct 2022 — In binder_inc_ref_for_node of binder.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239630375References: Upstream kernel En la función binder_inc_ref_for_node del archivo binder.c, se presenta una posible forma de corromper la memoria debido a un uso de memoria previamente liberada. Esto p... • https://github.com/0xkol/badspin • CWE-416: Use After Free •
CVSS: 7.8EPSS: 1%CPEs: 4EXPL: 0CVE-2022-3140 – Macro URL arbitrary script execution
https://notcve.org/view.php?id=CVE-2022-3140
11 Oct 2022 — LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice links using that scheme could be constructed to call internal macros with arbitrary arguments. Which when clicked on, or activated by document events, could result in arbitrary script execution without warning. This issue affects: The Document Foundation LibreOffice 7.4 version... • https://lists.debian.org/debian-lts-announce/2023/03/msg00022.html • CWE-20: Improper Input Validation CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-33746 – Gentoo Linux Security Advisory 202402-07
https://notcve.org/view.php?id=CVE-2022-33746
11 Oct 2022 — P2M pool freeing may take excessively long The P2M pool backing second level address translation for guests may be of significant size. Therefore its freeing may take more time than is reasonable without intermediate preemption checks. Such checking for the need to preempt was so far missing. La liberación del pool P2M puede tardar demasiado El pool P2M que respalda la traducción de direcciones de segundo nivel para huéspedes puede tener un tamaño considerable. Por lo tanto, su liberación puede tomar más ti... • http://www.openwall.com/lists/oss-security/2022/10/11/3 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 3.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-33747 – Gentoo Linux Security Advisory 202402-07
https://notcve.org/view.php?id=CVE-2022-33747
11 Oct 2022 — Arm: unbounded memory consumption for 2nd-level page tables Certain actions require e.g. removing pages from a guest's P2M (Physical-to-Machine) mapping. When large pages are in use to map guest pages in the 2nd-stage page tables, such a removal operation may incur a memory allocation (to replace a large mapping with individual smaller ones). These memory allocations are taken from the global memory pool. A malicious guest might be able to cause the global memory pool to be exhausted by manipulating its own... • http://www.openwall.com/lists/oss-security/2022/10/11/5 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 5.6EPSS: 0%CPEs: 5EXPL: 0CVE-2022-33748 – Gentoo Linux Security Advisory 202402-07
https://notcve.org/view.php?id=CVE-2022-33748
11 Oct 2022 — lock order inversion in transitive grant copy handling As part of XSA-226 a missing cleanup call was inserted on an error handling path. While doing so, locking requirements were not paid attention to. As a result two cooperating guests granting each other transitive grants can cause locks to be acquired nested within one another, but in respectively opposite order. With suitable timing between the involved grant copy operations this may result in the locking up of a CPU. Inversión del orden de bloqueo en e... • http://www.openwall.com/lists/oss-security/2022/10/11/2 • CWE-755: Improper Handling of Exceptional Conditions •