CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1CVE-2022-1204 – Ubuntu Security Notice USN-5469-1
https://notcve.org/view.php?id=CVE-2022-1204
28 May 2022 — A use-after-free flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system. Se ha encontrado un fallo de uso de memoria previamente liberada en la funcionalidad del protocolo AX.25 de radioaficionados del kernel de Linux en la forma en que un usuario es conectado con el protocolo. Este fallo permite a un usuario local bloquear el sistema It was discovered that the implementation of the 6pack... • https://access.redhat.com/security/cve/CVE-2022-1204 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1CVE-2022-1897 – Out-of-bounds Write in vim/vim
https://notcve.org/view.php?id=CVE-2022-1897
27 May 2022 — Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. Una Escritura Fuera de Límites en el repositorio de GitHub vim/vim versiones anteriores a 8.2 A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to an out-of-bounds write vulnerability in the vim_regsub_both function. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. Red Hat Advanced Cluster Management for Kubernetes 2.6.0 images Red Hat Advanced Cluster Ma... • http://seclists.org/fulldisclosure/2022/Oct/28 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 1CVE-2022-1898 – Use After Free in vim/vim
https://notcve.org/view.php?id=CVE-2022-1898
27 May 2022 — Use After Free in GitHub repository vim/vim prior to 8.2. Un Uso de Memoria Previamente Liberada en el repositorio de GitHub vim/vim versiones anteriores a 8.2 It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possible execute arbitrary code. This issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. • http://seclists.org/fulldisclosure/2022/Oct/28 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 1CVE-2022-1851 – Out-of-bounds Read in vim/vim
https://notcve.org/view.php?id=CVE-2022-1851
25 May 2022 — Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. Una Lectura Fuera de Límites en el repositorio GitHub vim/vim versiones anteriores a 8.2 It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possible execute arbitrary code. This issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. • http://seclists.org/fulldisclosure/2022/Oct/28 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 1%CPEs: 8EXPL: 1CVE-2022-30600
https://notcve.org/view.php?id=CVE-2022-30600
18 May 2022 — A flaw was found in moodle where logic used to count failed login attempts could result in the account lockout threshold being bypassed. Se ha encontrado un fallo en moodle en el que la lógica usada para contar los intentos de inicio de sesión fallidos podía resultar en que sea omitido el umbral de bloqueo de la cuenta • https://github.com/Boonjune/POC-CVE-2022-30600 • CWE-682: Incorrect Calculation •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-30599
https://notcve.org/view.php?id=CVE-2022-30599
18 May 2022 — A flaw was found in moodle where an SQL injection risk was identified in Badges code relating to configuring criteria. Se encontró un fallo en moodle donde se identificó un riesgo de inyección SQL en el código de Badges relacionado con la configuración de criterios • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-74333 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0CVE-2022-30598
https://notcve.org/view.php?id=CVE-2022-30598
18 May 2022 — A flaw was found in moodle where global search results could include author information on some activities where a user may not otherwise have access to it. Se ha detectado un fallo en moodle por el que los resultados de la búsqueda global podrían incluir información sobre el autor de algunas actividades a las que un usuario no tendría acceso • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-71623 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 0CVE-2022-30597
https://notcve.org/view.php?id=CVE-2022-30597
18 May 2022 — A flaw was found in moodle where the description user field was not hidden when being set as a hidden user field. Se detectó un fallo en moodle por el que el campo de usuario descripción no era ocultado cuando era configurado como campo de usuario oculto • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-74318 • CWE-472: External Control of Assumed-Immutable Web Parameter •
CVSS: 5.4EPSS: 0%CPEs: 8EXPL: 0CVE-2022-30596
https://notcve.org/view.php?id=CVE-2022-30596
18 May 2022 — A flaw was found in moodle where ID numbers displayed when bulk allocating markers to assignments required additional sanitizing to prevent a stored XSS risk. Se ha encontrado un fallo en moodle donde los números de identificación mostrados cuando son asignan marcadores de forma masiva a las asignaciones requerían un saneo adicional para prevenir un riesgo de ataque de tipo XSS almacenado • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-74204 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-1706 – ignition: configs are accessible from unprivileged containers in VMs running on VMware products
https://notcve.org/view.php?id=CVE-2022-1706
17 May 2022 — A vulnerability was found in Ignition where ignition configs are accessible from unprivileged containers in VMs running on VMware products. This issue is only relevant in user environments where the Ignition config contains secrets. The highest threat from this vulnerability is to data confidentiality. Possible workaround is to not put secrets in the Ignition config. Se ha encontrado una vulnerabilidad en Ignition en la que las configuraciones de encendido son accesibles desde contenedores no privilegiados ... • https://bugzilla.redhat.com/show_bug.cgi?id=2082274 • CWE-863: Incorrect Authorization •