CVE-2021-3695 – grub2: Crafted PNG grayscale images may lead to out-of-bounds write in heap
https://notcve.org/view.php?id=CVE-2021-3695
A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an attacker needs to perform some triage over the heap layout to achieve signifcant results, also the values written into the memory are repeated three times in a row making difficult to produce valid payloads. This flaw affects grub2 versions prior grub-2.12. Una imagen PNG en escala de grises de 16 bits diseñada puede conllevar a una escritura fuera de límites en el área de la pila. • https://bugzilla.redhat.com/show_bug.cgi?id=1991685 https://security.gentoo.org/glsa/202209-12 https://security.netapp.com/advisory/ntap-20220930-0001 https://access.redhat.com/security/cve/CVE-2021-3695 • CWE-787: Out-of-bounds Write •
CVE-2022-1708 – cri-o: memory exhaustion on the node when access to the kube api
https://notcve.org/view.php?id=CVE-2022-1708
A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. The ExecSync request runs commands in a container and logs the output of the command. This output is then read by CRI-O after command execution, and it is read in a manner where the entire file corresponding to the output of the command is read in. Thus, if the output of the command is large it is possible to exhaust the memory or the disk space of the node when CRI-O reads the output of the command. The highest threat from this vulnerability is system availability. • https://bugzilla.redhat.com/show_bug.cgi?id=2085361 https://github.com/cri-o/cri-o/commit/f032cf649ecc7e0c46718bd9e7814bfb317cb544 https://github.com/cri-o/cri-o/security/advisories/GHSA-fcm2-6c3h-pg6j https://access.redhat.com/security/cve/CVE-2022-1708 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2022-1319 – undertow: Double AJP response for 400 from EAP 7 results in CPING failures
https://notcve.org/view.php?id=CVE-2022-1319
A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG. Se ha encontrado un fallo en Undertow. Para una respuesta AJP 400, EAP 7 envía inapropiadamente el flag de reúso habilitado aunque JBoss EAP cierra la conexión. es producido un fallo cuando la conexión es reusada después de un 400 por CPING ya que lee en el segundo paquete de respuesta SEND_HEADERS en lugar de un CPONG • https://access.redhat.com/security/cve/CVE-2022-1319 https://bugzilla.redhat.com/show_bug.cgi?id=2073890 https://github.com/undertow-io/undertow/commit/1443a1a2bbb8e32e56788109d8285db250d55c8b https://github.com/undertow-io/undertow/commit/7c5b3ab885b5638fd3f1e8a935d5063d68aa2df3 https://issues.redhat.com/browse/UNDERTOW-2060 https://security.netapp.com/advisory/ntap-20221014-0006 • CWE-252: Unchecked Return Value •
CVE-2022-1677 – openshift/router: route hijacking attack via crafted HAProxy configuration file
https://notcve.org/view.php?id=CVE-2022-1677
In OpenShift Container Platform, a user with permissions to create or modify Routes can craft a payload that inserts a malformed entry into one of the cluster router's HAProxy configuration files. This malformed entry can match any arbitrary hostname, or all hostnames in the cluster, and direct traffic to an arbitrary application within the cluster, including one under attacker control. En OpenShift Container Platform, un usuario con permisos para crear o modificar rutas puede diseñar una carga útil que inserte una entrada malformada en uno de los archivos de configuración del router del clúster. Esta entrada malformada puede coincidir con cualquier nombre de host arbitrario, o con todos los nombres de host del clúster, y dirigir el tráfico a una aplicación arbitraria dentro del clúster, incluyendo una bajo el control del atacante In OpenShift Container Platform, a user with permissions to create or modify Routes can craft a payload that inserts a malformed entry into one of the cluster router's HAProxy configuration files. This malformed entry can match any arbitrary hostname, or all hostnames in the cluster, and direct traffic to an arbitrary application within the cluster, including one under attacker control. • https://access.redhat.com/security/cve/CVE-2022-1677 https://bugzilla.redhat.com/show_bug.cgi?id=2076211 • CWE-280: Improper Handling of Insufficient Permissions or Privileges CWE-400: Uncontrolled Resource Consumption •
CVE-2021-3914 – smallrye-health-ui: persistent cross-site scripting in endpoint
https://notcve.org/view.php?id=CVE-2021-3914
It was found that the smallrye health metrics UI component did not properly sanitize some user inputs. An attacker could use this flaw to conduct cross-site scripting attacks. Se ha detectado que el componente de la interfaz de usuario de smallrye health metrics no sanea correctamente algunas entradas del usuario. Un atacante podría usar este fallo para conducir ataques de tipo cross-site scripting. • https://access.redhat.com/security/cve/CVE-2021-3914 https://bugzilla.redhat.com/show_bug.cgi?id=2018015 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •