CVSS: 6.8EPSS: 1%CPEs: 16EXPL: 0CVE-2022-24512 – .NET and Visual Studio Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-24512
.NET and Visual Studio Remote Code Execution Vulnerability Una vulnerabilidad de Ejecución de Código Remota en .NET y Visual Studio A flaw was found in dotnet, where a buffer overrun exists in the double parse routine, which could lead to remote code execution. This flaw allows an attacker to execute code remotely on the system, leading to some system compromise. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24512 https://access.redhat.com/security/cve/CVE-2022-24512 https://bugzilla.redhat.com/show_bug.cgi?id=2061854 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 0CVE-2022-24464 – .NET and Visual Studio Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2022-24464
.NET and Visual Studio Denial of Service Vulnerability Una vulnerabilidad de Denegación de Servicio en .NET y Visual Studio A flaw was found in .NET Core, related to the FormPipeReader. This issue allows remote unauthenticated attackers to cause a denial of service. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24464 https://access.redhat.com/security/cve/CVE-2022-24464 https://bugzilla.redhat.com/show_bug.cgi?id=2061847 • CWE-1173: Improper Use of Validation Framework •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 1CVE-2022-24713 – Regular expression denial of service in Rust's regex crate
https://notcve.org/view.php?id=CVE-2022-24713
regex is an implementation of regular expressions for the Rust language. The regex crate features built-in mitigations to prevent denial of service attacks caused by untrusted regexes, or untrusted input matched by trusted regexes. Those (tunable) mitigations already provide sane defaults to prevent attacks. This guarantee is documented and it's considered part of the crate's API. Unfortunately a bug was discovered in the mitigations designed to prevent untrusted regexes to take an arbitrary amount of time during parsing, and it's possible to craft regexes that bypass such mitigations. • https://github.com/ItzSwirlz/CVE-2022-24713-POC https://github.com/rust-lang/regex/commit/ae70b41d4f46641dbc45c7a4f87954aea356283e https://github.com/rust-lang/regex/security/advisories/GHSA-m5pq-gvj9-9vr8 https://groups.google.com/g/rustlang-security-announcements/c/NcNNL1Jq7Yw https://lists.debian.org/debian-lts-announce/2022/04/msg00003.html https://lists.debian.org/debian-lts-announce/2022/04/msg00009.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JAN • CWE-400: Uncontrolled Resource Consumption CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 7.8EPSS: 0%CPEs: 40EXPL: 0CVE-2022-0516 – kernel: missing check in ioctl allows kernel memory read/write
https://notcve.org/view.php?id=CVE-2022-0516
A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s390.c function in KVM for s390 in the Linux kernel. This flaw allows a local attacker with a normal user privilege to obtain unauthorized memory write access. This flaw affects Linux kernel versions prior to 5.17-rc4. Se encontró una vulnerabilidad en la función kvm_s390_guest_sida_op en el archivo arch/s390/kvm/kvm-s390.c en KVM para s390 en el kernel de Linux. Este fallo permite a un atacante local con un privilegio de usuario normal obtener un acceso de escritura en memoria no autorizado. • https://bugzilla.redhat.com/show_bug.cgi?id=2050237 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=09a93c1df3eafa43bcdfd7bf837c574911f12f55 https://security.netapp.com/advisory/ntap-20220331-0009 https://www.debian.org/security/2022/dsa-5092 https://access.redhat.com/security/cve/CVE-2022-0516 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 2CVE-2021-4095
https://notcve.org/view.php?id=CVE-2021-4095
A NULL pointer dereference was found in the Linux kernel's KVM when dirty ring logging is enabled without an active vCPU context. An unprivileged local attacker on the host may use this flaw to cause a kernel oops condition and thus a denial of service by issuing a KVM_XEN_HVM_SET_ATTR ioctl. This flaw affects Linux kernel versions prior to 5.17-rc1. Se encontró una desreferencia de puntero NULL en el KVM del kernel de Linux cuando se habilita el registro de anillo sucio sin un contexto de vCPU activo. Un atacante local no privilegiado en el host puede usar este fallo para causar una condición de oops del kernel y, por tanto, una denegación de servicio emitiendo un ioctl KVM_XEN_HVM_SET_ATTR. • http://www.openwall.com/lists/oss-security/2022/01/17/1 https://bugzilla.redhat.com/show_bug.cgi?id=2031194 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QIOQN7JJNN6ABIDGRSTVZA65MHRLMH2Q https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VT6573CGKVK3DU2632VVO5BVM4IU7SBV • CWE-476: NULL Pointer Dereference •