CVE-2022-1343 – OCSP_basic_verify may incorrectly verify the response signing certificate
https://notcve.org/view.php?id=CVE-2022-1343
The function `OCSP_basic_verify` verifies the signer certificate on an OCSP response. In the case where the (non-default) flag OCSP_NOCHECKS is used then the response will be positive (meaning a successful verification) even in the case where the response signing certificate fails to verify. It is anticipated that most users of `OCSP_basic_verify` will not use the OCSP_NOCHECKS flag. In this case the `OCSP_basic_verify` function will return a negative value (indicating a fatal error) in the case of a certificate verification failure. The normal expected return value in this case would be 0. • https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2eda98790c5c2741d76d23cc1e74b0dc4f4b391a https://security.netapp.com/advisory/ntap-20220602-0009 https://www.openssl.org/news/secadv/20220503.txt https://access.redhat.com/security/cve/CVE-2022-1343 https://bugzilla.redhat.com/show_bug.cgi?id=2087911 • CWE-295: Improper Certificate Validation •
CVE-2022-0742 – Memory leak in ICMP6 in Linux Kernel
https://notcve.org/view.php?id=CVE-2022-0742
Memory leak in icmp6 implementation in Linux Kernel 5.13+ allows a remote attacker to DoS a host by making it go out-of-memory via icmp6 packets of type 130 or 131. We recommend upgrading past commit 2d3916f3189172d5c69d33065c3c21119fe539fc. Una pérdida de memoria en la implementación de icmp6 en el Kernel de Linux versión 5.13+, permite a un atacante remoto hacer DoS a un host haciendo que salga de la memoria por medio de paquetes icmp6 de tipo 130 o 131. Recomendamos actualizar el commit 2d3916f3189172d5c69d33065c3c21119fe539fc • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2d3916f3189172d5c69d33065c3c21119fe539fc https://security.netapp.com/advisory/ntap-20220425-0001 https://www.openwall.com/lists/oss-security/2022/03/15/3 • CWE-275: Permission Issues CWE-401: Missing Release of Memory after Effective Lifetime •
CVE-2021-0156
https://notcve.org/view.php?id=CVE-2021-0156
Improper input validation in the firmware for some Intel(R) Processors may allow an authenticated user to potentially enable an escalation of privilege via local access. Una comprobación de entrada inapropiada en el firmware de algunos procesadores Intel(R) puede permitir a un usuario autenticado habilitar potencialmente una escalada de privilegios por medio de acceso local • https://security.netapp.com/advisory/ntap-20220210-0007 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00527.html • CWE-20: Improper Input Validation •
CVE-2021-0124
https://notcve.org/view.php?id=CVE-2021-0124
Improper access control in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via physical access. Un control de acceso inapropiado en el firmware de algunos procesadores Intel(R) puede permitir a un usuario privilegiado una escalada de privilegios mediante acceso físico • https://security.netapp.com/advisory/ntap-20220210-0007 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00527.html •
CVE-2021-0118
https://notcve.org/view.php?id=CVE-2021-0118
Out-of-bounds read in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access. Una lectura fuera de límites en el firmware para algunos procesadores Intel(R) puede permitir a un usuario privilegiado habilitar potencialmente una escalada de privilegios por medio de acceso local • https://security.netapp.com/advisory/ntap-20220210-0007 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00527.html • CWE-125: Out-of-bounds Read •