CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 2CVE-2022-24122
https://notcve.org/view.php?id=CVE-2022-24122
kernel/ucount.c in the Linux kernel 5.14 through 5.16.4, when unprivileged user namespaces are enabled, allows a use-after-free and privilege escalation because a ucounts object can outlive its namespace. El archivo kernel/ucount.c en el kernel de Linux versiones 5.14 hasta 5.16.4, cuando los espacios de nombres de los usuarios no privilegiados están habilitados, permite un uso de memoria previamente liberada y una escalada de privilegios porque un objeto ucounts puede sobrevivir a su espacio de nombres • https://github.com/meowmeowxw/CVE-2022-24122 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f9d87929d451d3e649699d0f1d74f71f77ad38f5 https://github.com/torvalds/linux/commit/f9d87929d451d3e649699d0f1d74f71f77ad38f5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HSR3AI2IQGRKZCHNKF6S25JGDKUEAWWL https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VVSZKUJAZ2VN6LJ35J2B6YD6BOPQTU3B https://security.netapp.com/advisory/ntap-20220221-0001 htt • CWE-416: Use After Free •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2022-23598 – Reflected XSS vulnerability when rendering error messages in laminas-form
https://notcve.org/view.php?id=CVE-2022-23598
laminas-form is a package for validating and displaying simple and complex forms. When rendering validation error messages via the `formElementErrors()` view helper shipped with laminas-form, many messages will contain the submitted value. However, in laminas-form prior to version 3.1.1, the value was not being escaped for HTML contexts, which could potentially lead to a reflected cross-site scripting attack. Versions 3.1.1 and above contain a patch to mitigate the vulnerability. A workaround is available. • https://getlaminas.org/security/advisory/LP-2022-01 https://github.com/laminas/laminas-form/commit/43005a3ec4c2292d4f825273768d9b884acbca37 https://github.com/laminas/laminas-form/security/advisories/GHSA-jq4p-mq33-w375 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CFF6WJ5I7PSEBRF6I753WKE2BXFBGQXE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SLNABVK26CE4PFL57VLY242FW3QY4CPC • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.4EPSS: 0%CPEs: 3EXPL: 1CVE-2022-0393 – Out-of-bounds Read in vim/vim
https://notcve.org/view.php?id=CVE-2022-0393
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. Una Lectura Fuera de Límites en Conda vim versiones anteriores a 8.2 • https://github.com/vim/vim/commit/a4bc2dd7cccf5a4a9f78b58b6f35a45d17164323 https://huntr.dev/bounties/ecc8f488-01a0-477f-848f-e30b8e524bba https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFXFAILMLUIK4MBUEZO4HNBNKYZRJ5AP https://security.gentoo.org/glsa/202208-32 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2021-3995
https://notcve.org/view.php?id=CVE-2021-3995
A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows an unprivileged local attacker to unmount FUSE filesystems that belong to certain other users who have a UID that is a prefix of the UID of the attacker in its string form. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems. Se ha encontrado un error lógico en la biblioteca libmount de util-linux en la función que permite a un usuario no privilegiado desmontar un sistema de archivos FUSE. Este fallo permite a un atacante local no privilegiado desmontar sistemas de archivos FUSE que pertenecen a otros usuarios determinados que presentan un UID que es un prefijo del UID del atacante en su forma de cadena. • http://packetstormsecurity.com/files/170176/snap-confine-must_mkdir_and_open_with_perms-Race-Condition.html http://seclists.org/fulldisclosure/2022/Dec/4 http://www.openwall.com/lists/oss-security/2022/11/30/2 https://bugzilla.redhat.com/show_bug.cgi?id=2024631https://access.redhat.com/security/cve/CVE-2021-3995 https://github.com/util-linux/util-linux/commit/57202f5713afa2af20ffbb6ab5331481d0396f8d https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes https: • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2021-3996
https://notcve.org/view.php?id=CVE-2021-3996
A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unmount other users' filesystems that are either world-writable themselves (like /tmp) or mounted in a world-writable directory. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems. Se ha encontrado un error lógico en la biblioteca libmount de util-linux en la función que permite a un usuario no privilegiado desmontar un sistema de archivos FUSE. Este fallo permite a un usuario local en un sistema vulnerable desmontar los sistemas de archivos de otros usuarios que son de escritura mundial (como /tmp) o que están montados en un directorio de escritura mundial. • http://packetstormsecurity.com/files/170176/snap-confine-must_mkdir_and_open_with_perms-Race-Condition.html http://seclists.org/fulldisclosure/2022/Dec/4 http://www.openwall.com/lists/oss-security/2022/11/30/2 https://access.redhat.com/security/cve/CVE-2021-3996 https://bugzilla.redhat.com/show_bug.cgi?id=2024628 https://github.com/util-linux/util-linux/commit/166e87368ae88bf31112a30e078cceae637f4cdb https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes https • CWE-552: Files or Directories Accessible to External Parties •