CVE-2022-41032 – NuGet Client Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2022-41032
NuGet Client Elevation of Privilege Vulnerability Una Vulnerabilidad de Elevación de Privilegios en el cliente NuGet A vulnerability was found in dotnet. This flaw allows an attacker to triage a NuGet cache poisoning on Linux via a world-writable cache directory. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FOG35Z5RL5W5RGLLYLN46CI4D2UPDSWM https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HDPT2MJC3HD7HYZGASOOX6MTDR4ASBL5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X7BMHO5ITRBZREVTEKHQRGSFRPDMALV3 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41032 https://access.redhat.com/security/cve/CVE-2022-41032 https://bugzilla.redhat.com/sho • CWE-524: Use of Cache Containing Sensitive Information •
CVE-2022-33747
https://notcve.org/view.php?id=CVE-2022-33747
Arm: unbounded memory consumption for 2nd-level page tables Certain actions require e.g. removing pages from a guest's P2M (Physical-to-Machine) mapping. When large pages are in use to map guest pages in the 2nd-stage page tables, such a removal operation may incur a memory allocation (to replace a large mapping with individual smaller ones). These memory allocations are taken from the global memory pool. A malicious guest might be able to cause the global memory pool to be exhausted by manipulating its own P2M mappings. Arm: consumo de memoria sin límites para las tablas de páginas de segundo nivel determinadas acciones requieren, por ejemplo, eliminar páginas del mapeo P2M (Physical-to-Machine) de un huésped. • http://www.openwall.com/lists/oss-security/2022/10/11/5 http://xenbits.xen.org/xsa/advisory-409.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TJOMUNGW6VTK5CZZRLWLVVEOUPEQBRHI https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWSC77GS5NATI3TT7FMVPULUPXR635XQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZVXG7OOOXCX6VIPEMLFDPIPUTFAYWPE https://security.gentoo.org/glsa/202402-07 https:// • CWE-404: Improper Resource Shutdown or Release •
CVE-2022-3140 – Macro URL arbitrary script execution
https://notcve.org/view.php?id=CVE-2022-3140
LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice links using that scheme could be constructed to call internal macros with arbitrary arguments. Which when clicked on, or activated by document events, could result in arbitrary script execution without warning. This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.1; 7.3 versions prior to 7.3.6. • https://lists.debian.org/debian-lts-announce/2023/03/msg00022.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TORANVTIWWBH3DNJR4UZATAG67KZOH32 https://security.gentoo.org/glsa/202212-04 https://www.debian.org/security/2022/dsa-5252 https://www.libreoffice.org/about-us/security/advisories/CVE-2022-3140 https://access.redhat.com/security/cve/CVE-2022-3140 https://bugzilla.redhat.com/show_bug.cgi?id=2134697 • CWE-20: Improper Input Validation CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVE-2022-33746
https://notcve.org/view.php?id=CVE-2022-33746
P2M pool freeing may take excessively long The P2M pool backing second level address translation for guests may be of significant size. Therefore its freeing may take more time than is reasonable without intermediate preemption checks. Such checking for the need to preempt was so far missing. La liberación del pool P2M puede tardar demasiado El pool P2M que respalda la traducción de direcciones de segundo nivel para huéspedes puede tener un tamaño considerable. Por lo tanto, su liberación puede tomar más tiempo de lo que es razonable sin comprobaciones intermedias de preferencia. • http://www.openwall.com/lists/oss-security/2022/10/11/3 http://xenbits.xen.org/xsa/advisory-410.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TJOMUNGW6VTK5CZZRLWLVVEOUPEQBRHI https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWSC77GS5NATI3TT7FMVPULUPXR635XQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZVXG7OOOXCX6VIPEMLFDPIPUTFAYWPE https://security.gentoo.org/glsa/202402-07 https:// • CWE-404: Improper Resource Shutdown or Release •
CVE-2022-33748
https://notcve.org/view.php?id=CVE-2022-33748
lock order inversion in transitive grant copy handling As part of XSA-226 a missing cleanup call was inserted on an error handling path. While doing so, locking requirements were not paid attention to. As a result two cooperating guests granting each other transitive grants can cause locks to be acquired nested within one another, but in respectively opposite order. With suitable timing between the involved grant copy operations this may result in the locking up of a CPU. Inversión del orden de bloqueo en el manejo de la copia de concesión transitiva Como parte de XSA-226 fue insertada una llamada de limpieza que faltaba en una ruta de manejo de errores. • http://www.openwall.com/lists/oss-security/2022/10/11/2 http://xenbits.xen.org/xsa/advisory-411.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TJOMUNGW6VTK5CZZRLWLVVEOUPEQBRHI https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWSC77GS5NATI3TT7FMVPULUPXR635XQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZVXG7OOOXCX6VIPEMLFDPIPUTFAYWPE https://security.gentoo.org/glsa/202402-07 https:// • CWE-755: Improper Handling of Exceptional Conditions •