CVSS: 8.1EPSS: 2%CPEs: 14EXPL: 0CVE-2022-37966 – Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2022-37966
Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios en Kerberos RC4-HMAC de Windows • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37966 https://security.gentoo.org/glsa/202309-06 •
CVSS: 7.2EPSS: 5%CPEs: 14EXPL: 0CVE-2022-37967 – Windows Kerberos Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2022-37967
Windows Kerberos Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios de Kerberos en Windows • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37967 https://security.gentoo.org/glsa/202309-06 •
CVSS: 8.1EPSS: 2%CPEs: 14EXPL: 0CVE-2022-38023 – Netlogon RPC Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2022-38023
Netlogon RPC Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios de Netlogon RPC A flaw was found in samba. The Netlogon RPC implementations may use the rc4-hmac encryption algorithm, which is considered weak and should be avoided even if the client supports more modern encryption types. This issue could allow an attacker who knows the plain text content communicated between the samba client and server to craft data with the same MD5 calculation and replace it without being detected. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38023 https://security.gentoo.org/glsa/202309-06 https://access.redhat.com/security/cve/CVE-2022-38023 https://bugzilla.redhat.com/show_bug.cgi?id=2154362 • CWE-328: Use of Weak Hash •
CVSS: 7.5EPSS: 0%CPEs: 63EXPL: 0CVE-2022-45060 – varnish: Request Forgery Vulnerability
https://notcve.org/view.php?id=CVE-2022-45060
An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. An attacker may introduce characters through HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to produce invalid HTTP/1 requests to the backend. This could, in turn, be used to exploit vulnerabilities in a server behind the Varnish server. Note: the 6.0.x LTS series (before 6.0.11) is affected. Se descubrió un problema de HTTP Request Forgery en Varnish Cache 5.x y 6.x anteriores a 6.0.11, 7.x anteriores a 7.1.2 y 7.2.x anteriores a 7.2.1. • https://docs.varnish-software.com/security/VSV00011 https://lists.debian.org/debian-lts-announce/2022/11/msg00036.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G6ZMOZVBLZXHEV5VRW4I4SOWLQEK5OF5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M4KVVCIQVINQQ2D7ORNARSYALMJUMP3I https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XGF6LFTHXCSYMYUX5HLMVXQH3WHCSFLU https://varnish-cache.org/security/VSV00011.html htt • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0CVE-2022-45062
https://notcve.org/view.php?id=CVE-2022-45062
In Xfce xfce4-settings before 4.16.4 and 4.17.x before 4.17.1, there is an argument injection vulnerability in xfce4-mime-helper. En Xfce xfce4-settings anterior a 4.16.4 y 4.17.x anterior a 4.17.1, existe una vulnerabilidad de inyección de argumentos en xfce4-mime-helper. • https://gitlab.xfce.org/xfce/xfce4-settings/-/commit/55e3c5fb667e96ad1412cf249879262b369d28d7 https://gitlab.xfce.org/xfce/xfce4-settings/-/commit/f34a92a84f96268ad24a7a13fd5edc9f1d526110 https://gitlab.xfce.org/xfce/xfce4-settings/-/issues/390 https://gitlab.xfce.org/xfce/xfce4-settings/-/tags https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XGTGTTPFHDUB3EZHVKDK4H32QUUYPPFF https://security.gentoo.org/glsa/202305-05 https://www.debian.org/security/2022/dsa-5296 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •