CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1CVE-2020-35532
https://notcve.org/view.php?id=CVE-2020-35532
In LibRaw, an out-of-bounds read vulnerability exists within the "simple_decode_row()" function (libraw\src\x3f\x3f_utils_patched.cpp) which can be triggered via an image with a large row_stride field. En LibRaw, se presenta una vulnerabilidad de lectura fuera de límites dentro de la función "simple_decode_row()" (libraw\src\x3f\x3f_utils_patched.cpp) que puede desencadenarse por medio de una imagen con un campo row_stride grande • https://github.com/LibRaw/LibRaw/commit/5ab45b085898e379fedc6b113e2e82a890602b1e https://github.com/LibRaw/LibRaw/issues/271 https://lists.debian.org/debian-lts-announce/2022/09/msg00024.html • CWE-125: Out-of-bounds Read •
CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 0CVE-2022-2735 – pcs: obtaining an authentication token for hacluster user could lead to privilege escalation
https://notcve.org/view.php?id=CVE-2022-2735
A vulnerability was found in the PCS project. This issue occurs due to incorrect permissions on a Unix socket used for internal communication between PCS daemons. A privilege escalation could happen by obtaining an authentication token for a hacluster user. With the "hacluster" token, this flaw allows an attacker to have complete control over the cluster managed by PCS. Se ha encontrado una vulnerabilidad en el proyecto PCS. • https://access.redhat.com/security/cve/CVE-2022-2735 https://bugzilla.redhat.com/show_bug.cgi?id=2116815 https://www.debian.org/security/2022/dsa-5226 https://www.openwall.com/lists/oss-security/2022/09/01/4 • CWE-276: Incorrect Default Permissions •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 2CVE-2022-2663 – kernel: netfilter: nf_conntrack_irc message handling issue
https://notcve.org/view.php?id=CVE-2022-2663
An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured. Se ha encontrado un problema en el kernel de Linux en la función nf_conntrack_irc en el que el manejo de los mensajes puede confundirse y hacerlos coincidir incorrectamente. Se ha encontrado un problema en el kernel de Linux en nf_conntrack_irc donde el manejo de mensajes puede confundirse y coincidir incorrectamente con el mensaje A flaw was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and it incorrectly matches on the message. An attacker could exploit this vulnerability to bypass firewall when users are using unencrypted IRC with nf_conntrack_irc configured. • https://dgl.cx/2022/08/nat-again-irc-cve-2022-2663 https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html https://lore.kernel.org/netfilter-devel/20220826045658.100360-1-dgl%40dgl.cx/T https://www.debian.org/security/2022/dsa-5257 https://www.openwall.com/lists/oss-security/2022/08/30/1 https://www.youtube.com/watch?v=WIq-YgQuYCA https://access.redhat.com/security/cve/CVE-2022-2663 h • CWE-923: Improper Restriction of Communication Channel to Intended Endpoints •
CVSS: 7.4EPSS: 0%CPEs: 2EXPL: 0CVE-2022-2996 – python-scciclient: missing server certificate verification
https://notcve.org/view.php?id=CVE-2022-2996
A flaw was found in the python-scciclient when making an HTTPS connection to a server where the server's certificate would not be verified. This issue opens up the connection to possible Man-in-the-middle (MITM) attacks. Se encontró un fallo en python-scciclient cuando es realizada una conexión HTTPS a un servidor en el que no es verificado el certificado del servidor. Este problema abre la conexión a posibles ataques de tipo Man-in-the-middle (MITM) • https://lists.debian.org/debian-lts-announce/2022/11/msg00006.html https://opendev.org/x/python-scciclient/commit/274dca0344b65b4ac113d3271d21c17e970a636c https://access.redhat.com/security/cve/CVE-2022-2996 https://bugzilla.redhat.com/show_bug.cgi?id=2115122 • CWE-295: Improper Certificate Validation •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-3061
https://notcve.org/view.php?id=CVE-2022-3061
Found Linux Kernel flaw in the i740 driver. The Userspace program could pass any values to the driver through ioctl() interface. The driver doesn't check the value of 'pixclock', so it may cause a divide by zero error. Se ha encontrado un fallo en el Kernel de Linux en el controlador i740. El programa de espacio de usuario podía pasar cualquier valor al controlador mediante la interfaz ioctl(). • https://git.kernel.org/pub/scm/linux/kernel/git/deller/linux-fbdev.git/commit/?id=15cf0b82271b1823fb02ab8c377badba614d95d5 https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html https://www.debian.org/security/2022/dsa-5257 • CWE-369: Divide By Zero •