CVSS: 9.8EPSS: 8%CPEs: 5EXPL: 1CVE-2022-24724 – Integer overflow in table parsing extension leads to heap memory corruption
https://notcve.org/view.php?id=CVE-2022-24724
cmark-gfm is GitHub's extended version of the C reference implementation of CommonMark. Prior to versions 0.29.0.gfm.3 and 0.28.3.gfm.21, an integer overflow in cmark-gfm's table row parsing `table.c:row_from_string` may lead to heap memory corruption when parsing tables who's marker rows contain more than UINT16_MAX columns. The impact of this heap corruption ranges from Information Leak to Arbitrary Code Execution depending on how and where `cmark-gfm` is used. If `cmark-gfm` is used for rendering remote user controlled markdown, this vulnerability may lead to Remote Code Execution (RCE) in applications employing affected versions of the `cmark-gfm` library. This vulnerability has been patched in the following cmark-gfm versions 0.29.0.gfm.3 and 0.28.3.gfm.21. • http://packetstormsecurity.com/files/166599/cmark-gfm-Integer-overflow.html https://github.com/github/cmark-gfm/security/advisories/GHSA-mc3g-88wq-6f4x https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5CYUU662VO6CCXQKVZVOHXX3RGIF2DLQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7V3HAM5H6YFJG2QFEXACZR3XVWFTXTC https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KH4UQA6VWVZU5EW3HNEAB7D7BTCNJSJ2 https://lists.fedorapro • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-0730
https://notcve.org/view.php?id=CVE-2022-0730
Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types. Bajo determinadas condiciones de ldap, la autenticación de Cacti puede ser omitida con determinados tipos de credenciales • https://github.com/Cacti/cacti/issues/4562 https://lists.debian.org/debian-lts-announce/2022/03/msg00038.html https://lists.debian.org/debian-lts-announce/2022/12/msg00039.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RVOALVZSCBFNOAAZVHTJFSFB7UDSNYQ2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZH67CCORDEYFG7NL7G6UH47PAV2PU7BA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZJERS4NYIGJ • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 2CVE-2022-23648 – Insecure handling of image volumes in containerd CRI plugin
https://notcve.org/view.php?id=CVE-2022-23648
containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd’s CRI implementation on Linux with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy) and expose potentially sensitive information. Kubernetes and crictl can both be configured to use containerd’s CRI implementation. This bug has been fixed in containerd 1.6.1, 1.5.10, and 1.4.12. • https://github.com/raesene/CVE-2022-23648-POC http://packetstormsecurity.com/files/166421/containerd-Image-Volume-Insecure-Handling.html https://github.com/containerd/containerd/commit/10f428dac7cec44c864e1b830a4623af27a9fc70 https://github.com/containerd/containerd/releases/tag/v1.4.13 https://github.com/containerd/containerd/releases/tag/v1.5.10 https://github.com/containerd/containerd/releases/tag/v1.6.1 https://github.com/containerd/containerd/security/advisories/GHSA-crp2-qrr5-8pq7 https://lists.fedorapro • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2022-26126
https://notcve.org/view.php?id=CVE-2022-26126
Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to the use of strdup with a non-zero-terminated binary string in isis_nb_notifications.c. Se presentan vulnerabilidades de desbordamiento del búfer en FRRouting versiones hasta 8.1.0, debido al uso de strdup con una cadena binaria que no termina en cero en el archivo isis_nb_notifications.c • https://github.com/FRRouting/frr/issues/10505 https://lists.debian.org/debian-lts-announce/2024/04/msg00019.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MIEQNIWUSBQTFR65HM2LLIB7PH27CZUZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VTYSAL4QCE4XWMMBKUB7LSLPAFLWUML4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XUCZR6RYQVZ35BFUV7OLIUEHZW2433I2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2021-3623
https://notcve.org/view.php?id=CVE-2021-3623
A flaw was found in libtpms. The flaw can be triggered by specially-crafted TPM 2 command packets containing illegal values and may lead to an out-of-bounds access when the volatile state of the TPM 2 is marshalled/written or unmarshalled/read. The highest threat from this vulnerability is to system availability. Se ha encontrado un fallo en libtpms. El fallo puede ser desencadenado por paquetes de comandos TPM 2 especialmente diseñados que contengan valores ilegales y puede conllevar a un acceso fuera de límites cuando el estado volátil del TPM 2 es marshalled/written o unmarshalled/read. • https://bugzilla.redhat.com/show_bug.cgi?id=1976806 https://github.com/stefanberger/libtpms/commit/2e6173c https://github.com/stefanberger/libtpms/commit/2f30d62 https://github.com/stefanberger/libtpms/commit/7981d9a https://github.com/stefanberger/libtpms/pull/223 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7KZSYMTE7Z4BBEZUWO2DIMQDWMGEP46 • CWE-787: Out-of-bounds Write •