CVE-2022-39286 – Execution with Unnecessary Privileges in JupyterApp
https://notcve.org/view.php?id=CVE-2022-39286
Jupyter Core is a package for the core common functionality of Jupyter projects. Jupyter Core prior to version 4.11.2 contains an arbitrary code execution vulnerability in `jupyter_core` that stems from `jupyter_core` executing untrusted files in CWD. This vulnerability allows one user to run code as another. Version 4.11.2 contains a patch for this issue. There are no known workarounds. • https://github.com/jupyter/jupyter_core/commit/1118c8ce01800cb689d51f655f5ccef19516e283 https://github.com/jupyter/jupyter_core/security/advisories/GHSA-m678-f26j-3hrp https://lists.debian.org/debian-lts-announce/2022/11/msg00022.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KKMP5OXXIX2QAUNVNJZ5UEQFKDYYJVBA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YIDN7JMLK6AOMBQI4QPSW4MBQGWQ5NIN https://security.gentoo.org/glsa/202301-04 https:// • CWE-250: Execution with Unnecessary Privileges CWE-269: Improper Privilege Management CWE-427: Uncontrolled Search Path Element •
CVE-2022-43750 – kernel: memory corruption in usbmon driver
https://notcve.org/view.php?id=CVE-2022-43750
drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user-space client to corrupt the monitor's internal memory. El archivo drivers/usb/mon/mon_bin.c en usbmon en el kernel de Linux versiones anteriores a 5.19.15 y versiones 6.x anteriores a 6.0.1, permite que un cliente del espacio de usuario corrompa la memoria interna del monitor An out-of-bounds memory write flaw in the Linux kernel’s USB Monitor component was found in how a user with access to the /dev/usbmon can trigger it by an incorrect write to the memory of the usbmon. This flaw allows a local user to crash or potentially escalate their privileges on the system. • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19.15 https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.0.1 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a659daf63d16aa883be42f3f34ff84235c302198 https://github.com/torvalds/linux/commit/a659daf63d16aa883be42f3f34ff84235c302198 https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html https://access.redhat.com/security/cve • CWE-787: Out-of-bounds Write •
CVE-2022-39348 – Twisted vulnerable to NameVirtualHost Host header injection
https://notcve.org/view.php?id=CVE-2022-39348
Twisted is an event-based framework for internet applications. Started with version 0.9.4, when the host header does not match a configured host `twisted.web.vhost.NameVirtualHost` will return a `NoResource` resource which renders the Host header unescaped into the 404 response allowing HTML and script injection. In practice this should be very difficult to exploit as being able to modify the Host header of a normal HTTP request implies that one is already in a privileged position. This issue was fixed in version 22.10.0rc1. There are no known workarounds. • https://github.com/twisted/twisted/commit/f2f5e81c03f14e253e85fe457e646130780db40b https://github.com/twisted/twisted/commit/f49041bb67792506d85aeda9cf6157e92f8048f4 https://github.com/twisted/twisted/security/advisories/GHSA-vg46-2rrj-3647 https://lists.debian.org/debian-lts-announce/2022/11/msg00038.html https://security.gentoo.org/glsa/202301-02 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVE-2022-3705 – vim autocmd quickfix.c qf_update_buffer use after free
https://notcve.org/view.php?id=CVE-2022-3705
A vulnerability was found in vim and classified as problematic. Affected by this issue is the function qf_update_buffer of the file quickfix.c of the component autocmd Handler. The manipulation leads to use after free. The attack may be launched remotely. Upgrading to version 9.0.0805 is able to address this issue. • http://seclists.org/fulldisclosure/2023/Jan/19 https://github.com/vim/vim/commit/d0fab10ed2a86698937e3c3fed2f10bd9bb5e731 https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4JCW33NOLMELTTTDJH7WGDIFJZ5YEEMK https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYEK5RNMH7MVQH6 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-416: Use After Free •
CVE-2022-42890 – Apache Batik prior to 1.16 allows RCE via scripting
https://notcve.org/view.php?id=CVE-2022-42890
A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16. Una vulnerabilidad en Batik de Apache XML Graphics permite a un atacante ejecutar código Java desde un SVG no confiable por medio de JavaScript. Este problema afecta a Apache XML Graphics versiones anteriores a 1.16. • http://www.openwall.com/lists/oss-security/2022/10/25/3 https://lists.apache.org/thread/pkvhy0nsj1h1mlon008wtzhosbtxjwly https://lists.debian.org/debian-lts-announce/2022/10/msg00038.html https://security.gentoo.org/glsa/202401-11 https://www.debian.org/security/2022/dsa-5264 https://access.redhat.com/security/cve/CVE-2022-42890 https://bugzilla.redhat.com/show_bug.cgi?id=2182183 • CWE-918: Server-Side Request Forgery (SSRF) •