Page 26 of 291 results (0.017 seconds)

CVSS: 7.8EPSS: 0%CPEs: 24EXPL: 2

CVE-2022-1679 – kernel: use-after-free in ath9k_htc_probe_device() could cause an escalation of privileges

https://notcve.org/view.php?id=CVE-2022-1679

A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system. Se ha encontrado un fallo de uso de memoria previamente liberada en el controlador del adaptador inalámbrico Atheros del kernel de Linux en la forma en que un usuario fuerza la función ath9k_htc_wait_for_target a fallar con algunos mensajes de entrada. Este fallo permite a un usuario local bloquear o escalar potencialmente sus privilegios en el sistema • https://github.com/EkamSinghWalia/-Detection-and-Mitigation-for-CVE-2022-1679 https://github.com/ov3rwatch/Detection-and-Mitigation-for-CVE-2022-1679 https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html https://lore.kernel.org/lkml/87ilqc7jv9.fsf%40kernel.org/t https://security.netapp.com/advisory/ntap-20220629-0007 https://access.redhat.com/security/cve/CVE-2022-1679 https://bugzilla.redhat.com/show_bug • CWE-416: Use After Free •

CVSS: 7.8EPSS: 0%CPEs: 27EXPL: 1

CVE-2022-30594 – kernel: Unprivileged users may use PTRACE_SEIZE to set PTRACE_O_SUSPEND_SECCOMP option

https://notcve.org/view.php?id=CVE-2022-30594

The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag. El kernel de Linux versiones anteriores a 5.17.2, maneja inapropiadamente los permisos de seccomp. La ruta de código PTRACE_SEIZE permite a atacantes omitir las restricciones previstas al establecer el flag PT_SUSPEND_SECCOMP A flaw was found in the Linux kernel. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag, possibly disabling seccomp. • http://packetstormsecurity.com/files/167386/Kernel-Live-Patch-Security-Notice-LSN-0086-1.html http://packetstormsecurity.com/files/170362/Linux-PT_SUSPEND_SECCOMP-Permission-Bypass-Ptracer-Death-Race.html https://bugs.chromium.org/p/project-zero/issues/detail?id=2276 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.2 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee1fee900537b5d9560e9f937402de5ddc8412f3 https://github.com/torvalds/linux/commit/ee1fee900537b5d9560e9f937402de • CWE-276: Incorrect Default Permissions CWE-862: Missing Authorization •

CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 1

CVE-2022-27781 – curl: CERTINFO never-ending busy-loop

https://notcve.org/view.php?id=CVE-2022-27781

libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation. libcurl proporciona la opción "CURLOPT_CERTINFO" para permitir que las aplicaciones soliciten que se devuelvan detalles sobre la cadena de certificados de un servidor. Debido a una función errónea, un servidor malicioso podría hacer que libcurl construido conNSS quedara atascado en un bucle ocupado interminable cuando intentara recuperar esa información A vulnerability was found in curl. This issue occurs due to an erroneous function. A malicious server could make curl within Network Security Services (NSS) get stuck in a never-ending busy loop when trying to retrieve that information. This flaw allows an Infinite Loop, affecting system availability. • https://hackerone.com/reports/1555441 https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html https://security.gentoo.org/glsa/202212-01 https://security.netapp.com/advisory/ntap-20220609-0009 https://www.debian.org/security/2022/dsa-5197 https://access.redhat.com/security/cve/CVE-2022-27781 https://bugzilla.redhat.com/show_bug.cgi?id=2082204 • CWE-400: Uncontrolled Resource Consumption CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVSS: 7.5EPSS: 0%CPEs: 17EXPL: 1

CVE-2022-27780

https://notcve.org/view.php?id=CVE-2022-27780

The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a *different* URL usingthe wrong host name when it is later retrieved.For example, a URL like `http://example.com%2F127.0.0.1/`, would be allowed bythe parser and get transposed into `http://example.com/127.0.0.1/`. This flawcan be used to circumvent filters, checks and more. El analizador de URLs de Curl acepta erróneamente separadores de URL codificados en porcentaje, como "/", cuando decodifica la parte del nombre del host de una URL, convirtiéndola en una URL *diferente* que usa un nombre de host incorrecto cuando es recuperado posteriormente. Por ejemplo, una URL como "http://example.com%2F127.0.0.1/", sería permitida por el analizador y sería transpuesta a "http://example.com/127.0.0.1/". Este fallo puede usarse para omitir filtros, comprobaciones y otras cosas • https://hackerone.com/reports/1553841 https://security.gentoo.org/glsa/202212-01 https://security.netapp.com/advisory/ntap-20220609-0009 • CWE-177: Improper Handling of URL Encoding (Hex Encoding) CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 9.8EPSS: 1%CPEs: 17EXPL: 1

CVE-2022-29155

https://notcve.org/view.php?id=CVE-2022-29155

In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping. En OpenLDAP versiones 2.x anteriores a 2.5.12 y versiones 2.6.x anteriores a 2.6.2, se presenta una vulnerabilidad de inyección SQL en el backend experimental back-sql de slapd, por medio de una sentencia SQL dentro de una consulta LDAP. Esto puede ocurrir durante una operación de búsqueda LDAP cuando es procesado el filtro de búsqueda, debido a una falta de escapes apropiados • https://bugs.openldap.org/show_bug.cgi?id=9815 https://lists.debian.org/debian-lts-announce/2022/05/msg00032.html https://security.netapp.com/advisory/ntap-20220609-0007 https://www.debian.org/security/2022/dsa-5140 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •