CVSS: 9.0EPSS: 0%CPEs: 60EXPL: 2CVE-2022-0435 – kernel: remote stack overflow via kernel panic on systems using TIPC may lead to DoS
https://notcve.org/view.php?id=CVE-2022-0435
A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network. Se ha encontrado un fallo de desbordamiento de pila en la funcionalidad del protocolo TIPC del kernel de Linux en la forma en que un usuario envía un paquete con contenido malicioso cuando el número de nodos miembros del dominio es superior a los 64 permitidos. Este fallo permite a un usuario remoto bloquear el sistema o posiblemente escalar sus privilegios si presenta acceso a la red TIPC A stack overflow flaw was found in the Linux kernel’s TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network. • https://github.com/wlswotmd/CVE-2022-0435 https://bugzilla.redhat.com/show_bug.cgi?id=2048738 https://security.netapp.com/advisory/ntap-20220602-0001 https://www.openwall.com/lists/oss-security/2022/02/10/1 https://access.redhat.com/security/cve/CVE-2022-0435 • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-35497 – ovirt-engine: non-admin user is able to access other users public SSH key
https://notcve.org/view.php?id=CVE-2020-35497
A flaw was found in ovirt-engine 4.4.3 and earlier allowing an authenticated user to read other users' personal information, including name, email and public SSH key. Se encontró un fallo en ovirt-engine versiones 4.4.3 y anteriores permitiendo a un usuario autenticado leer la información personal de otros usuarios, incluyendo el nombre, el correo electrónico y la clave SSH pública A flaw was found in ovirt-engine 4.4.3 and earlier. This flaw allows an authenticated user to read other users' personal information, including the name, email, and public SSH key. The highest threat from this vulnerability is to confidentiality. • https://bugzilla.redhat.com/show_bug.cgi?id=1908755 https://access.redhat.com/security/cve/CVE-2020-35497 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-14333 – ovirt-engine: Reflected cross site scripting vulnerability
https://notcve.org/view.php?id=CVE-2020-14333
A flaw was found in Ovirt Engine's web interface in ovirt 4.4 and earlier, where it did not filter user-controllable parameters completely, resulting in a reflected cross-site scripting attack. This flaw allows an attacker to leverage a phishing attack, steal an unsuspecting user's cookies or other confidential information, or impersonate them within the application's context. Se detectó un fallo en la interfaz web de Ovirt Engine en ovirt versiones 4.4 y anteriores, donde no filtraba los parámetros controlables por el usuario por completo, resultando en un ataque de tipo cross-site scripting reflejado. Este fallo le permite a un atacante aprovechar un ataque de phishing, robar las cookies de un usuario desprevenido u otra información confidencial, o hacerse pasar por ellos dentro del contexto de la aplicación. A flaw was found in the web interface of ovirt-engine 4.4.2 and earlier, where it did not filter user-controllable parameters completely, resulting in a reflected cross-site scripting attack. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14333 https://access.redhat.com/security/cve/CVE-2020-14333 https://bugzilla.redhat.com/show_bug.cgi?id=1858184 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2019-19336 – ovirt-engine: response_type parameter allows reflected XSS
https://notcve.org/view.php?id=CVE-2019-19336
A cross-site scripting vulnerability was reported in the oVirt-engine's OAuth authorization endpoint before version 4.3.8. URL parameters were included in the HTML response without escaping. This flaw would allow an attacker to craft malicious HTML pages that can run scripts in the context of the user's oVirt session. Se reportó una vulnerabilidad de tipo cross-site scripting en el endpoint de autorización OAuth de oVirt-engine versiones anteriores a 4.3.8. Los parámetros URL fueron incluidos en la respuesta HTML sin escapar. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19336 https://access.redhat.com/security/cve/CVE-2019-19336 https://bugzilla.redhat.com/show_bug.cgi?id=1781001 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2014-0161
https://notcve.org/view.php?id=CVE-2014-0161
ovirt-engine-sdk-python before 3.4.0.7 and 3.5.0.4 does not verify that the hostname of the remote endpoint matches the Common Name (CN) or subjectAltName as specified by its x.509 certificate in a TLS/SSL session. This could allow man-in-the-middle attackers to spoof remote endpoints via an arbitrary valid certificate. ovirt-engine-sdk-python versiones anteriores a la versión 3.4.0.7 y 3.5.0.4, no comprueba que el nombre de host del endpoint remoto coincida con el Common Name (CN) o subjectAltName según lo especificado por su certificado x.509 en una sesión TLS/SSL. Esto podría permitir a atacantes de tipo man-in-the-middle falsificar endpoints remotos por medio de un certificado válido arbitrario. • https://access.redhat.com/security/cve/cve-2014-0161 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0161 • CWE-295: Improper Certificate Validation •