CVSS: 8.1EPSS: 2%CPEs: 14EXPL: 0CVE-2022-37966 – Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2022-37966
Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios en Kerberos RC4-HMAC de Windows • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37966 https://security.gentoo.org/glsa/202309-06 •
CVSS: 7.2EPSS: 5%CPEs: 14EXPL: 0CVE-2022-37967 – Windows Kerberos Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2022-37967
Windows Kerberos Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios de Kerberos en Windows • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37967 https://security.gentoo.org/glsa/202309-06 •
CVSS: 8.1EPSS: 2%CPEs: 14EXPL: 0CVE-2022-38023 – Netlogon RPC Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2022-38023
Netlogon RPC Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios de Netlogon RPC A flaw was found in samba. The Netlogon RPC implementations may use the rc4-hmac encryption algorithm, which is considered weak and should be avoided even if the client supports more modern encryption types. This issue could allow an attacker who knows the plain text content communicated between the samba client and server to craft data with the same MD5 calculation and replace it without being detected. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38023 https://security.gentoo.org/glsa/202309-06 https://access.redhat.com/security/cve/CVE-2022-38023 https://bugzilla.redhat.com/show_bug.cgi?id=2154362 • CWE-328: Use of Weak Hash •
CVSS: 3.7EPSS: 0%CPEs: 21EXPL: 1CVE-2022-35252 – curl: Incorrect handling of control code characters in cookies
https://notcve.org/view.php?id=CVE-2022-35252
When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings. Cuando curl es usado para recuperar y analizar las cookies de un servidor HTTP(S), acepta las cookies usando códigos de control que cuando son enviados de vuelta a un servidor HTTP podrían hacer que el servidor devolviera respuestas 400. En efecto, permite que un "sitio hermano" deniegue el servicio a todos los hermanos. A vulnerability found in curl. • http://seclists.org/fulldisclosure/2023/Jan/20 http://seclists.org/fulldisclosure/2023/Jan/21 https://hackerone.com/reports/1613943 https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html https://security.gentoo.org/glsa/202212-01 https://security.netapp.com/advisory/ntap-20220930-0005 https://support.apple.com/kb/HT213603 https://support.apple.com/kb/HT213604 https://access.redhat.com/security/cve/CVE-2022-35252 https://bugzilla.redhat.com/show_bug.cgi?id=212071 • CWE-20: Improper Input Validation CWE-1286: Improper Validation of Syntactic Correctness of Input •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 1CVE-2022-36033 – jsoup may not sanitize Cross-Site Scripting (XSS) attempts if SafeList.preserveRelativeLinks is enabled
https://notcve.org/view.php?id=CVE-2022-36033
jsoup is a Java HTML parser, built for HTML editing, cleaning, scraping, and cross-site scripting (XSS) safety. jsoup may incorrectly sanitize HTML including `javascript:` URL expressions, which could allow XSS attacks when a reader subsequently clicks that link. If the non-default `SafeList.preserveRelativeLinks` option is enabled, HTML including `javascript:` URLs that have been crafted with control characters will not be sanitized. If the site that this HTML is published on does not set a Content Security Policy, an XSS attack is then possible. This issue is patched in jsoup 1.15.3. Users should upgrade to this version. • https://github.com/jhy/jsoup/releases/tag/jsoup-1.15.3 https://github.com/jhy/jsoup/security/advisories/GHSA-gp7f-rwcx-9369 https://jsoup.org/news/release-1.15.3 https://security.netapp.com/advisory/ntap-20221104-0006 https://access.redhat.com/security/cve/CVE-2022-36033 https://bugzilla.redhat.com/show_bug.cgi?id=2127078 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-87: Improper Neutralization of Alternate XSS Syntax •