Page 3 of 1100 results (0.009 seconds)

CVSS: 5.1EPSS: 0%CPEs: 5EXPL: 0

CVE-2022-3500 – keylime: exception handling and impedance match in tornado_requests

https://notcve.org/view.php?id=CVE-2022-3500

A vulnerability was found in keylime. This security issue happens in some circumstances, due to some improperly handled exceptions, there exists the possibility that a rogue agent could create errors on the verifier that stopped attestation attempts for that host leaving it in an attested state but not verifying that anymore. Se encontró una vulnerabilidad en keylime. Este problema de seguridad ocurre en algunas circunstancias, debido a algunas excepciones manejadas incorrectamente, existe la posibilidad de que un agente deshonesto pueda crear errores en el verificador que detuviera los intentos de atestación para ese host dejándolo en un estado atestado pero sin verificarlo más. A vulnerability was found in keylime. • https://access.redhat.com/security/cve/CVE-2022-3500 https://github.com/keylime/keylime/pull/1128 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PUTHMDVFNGGVPCNPOGULMJAAFEP7MEXP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QX4XVCAUFGJ2I2NCTOKONTJGRJB2NBBT https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQH5CJRX65QYMQN5WGUKKKE3IRJBWG5Z https://bugzilla.redhat.com/show_bug.cgi?id=2135343 • CWE-248: Uncaught Exception •

CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 1

CVE-2022-45063

https://notcve.org/view.php?id=CVE-2022-45063

xterm before 375 allows code execution via font ops, e.g., because an OSC 50 response may have Ctrl-g and therefore lead to command execution within the vi line-editing mode of Zsh. NOTE: font ops are not allowed in the xterm default configurations of some Linux distributions. xterm anterior a 375 permite la ejecución de código mediante operaciones de fuentes, por ejemplo, porque una respuesta OSC 50 puede tener Ctrl-g y, por lo tanto, conducir a la ejecución de comandos dentro del modo de edición de línea vi de Zsh. NOTA: las operaciones de fuentes no están permitidas en las configuraciones predeterminadas de xterm de algunas distribuciones de Linux. • http://www.openwall.com/lists/oss-security/2022/11/10/1 http://www.openwall.com/lists/oss-security/2022/11/10/5 http://www.openwall.com/lists/oss-security/2024/06/15/1 http://www.openwall.com/lists/oss-security/2024/06/17/1 https://invisible-island.net/xterm/xterm.log.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4TPVNTYFFWNTGZJJQAA4MGGFSTXA4XEA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 5.5EPSS: 0%CPEs: 504EXPL: 0

CVE-2022-23824

https://notcve.org/view.php?id=CVE-2022-23824

IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure. IBPB no puede evitar que las predicciones de sucursales de retorno sean especificadas por objetivos de sucursales anteriores a IBPB, lo que lleva a una posible divulgación de información. • http://www.openwall.com/lists/oss-security/2022/11/10/2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NTQMPJC5N6XJYQ232OZFLK47HVZNRBY3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ https://security.gentoo.org/glsa/202402-07 https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1040 https://www.debian.org/security/2023/dsa-5378 •

CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 1

CVE-2022-45059

https://notcve.org/view.php?id=CVE-2022-45059

An issue was discovered in Varnish Cache 7.x before 7.1.2 and 7.2.x before 7.2.1. A request smuggling attack can be performed on Varnish Cache servers by requesting that certain headers are made hop-by-hop, preventing the Varnish Cache servers from forwarding critical headers to the backend. Se descubrió un problema en Varnish Cache 7.x anterior a la versión 7.1.2 y 7.2.x anterior a la versión 7.2.1. Se puede realizar un ataque de tráfico ilegal de solicitudes en los servidores Varnish Cache solicitando que ciertos encabezados se realicen salto por salto, evitando que los servidores Varnish Cache reenvíen encabezados críticos al backend. • https://github.com/martinvks/CVE-2022-45059-demo https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G6ZMOZVBLZXHEV5VRW4I4SOWLQEK5OF5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M4KVVCIQVINQQ2D7ORNARSYALMJUMP3I https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XGF6LFTHXCSYMYUX5HLMVXQH3WHCSFLU https://varnish-cache.org/security/VSV00010.html • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •

CVSS: 7.5EPSS: 0%CPEs: 63EXPL: 0

CVE-2022-45060 – varnish: Request Forgery Vulnerability

https://notcve.org/view.php?id=CVE-2022-45060

An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. An attacker may introduce characters through HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to produce invalid HTTP/1 requests to the backend. This could, in turn, be used to exploit vulnerabilities in a server behind the Varnish server. Note: the 6.0.x LTS series (before 6.0.11) is affected. Se descubrió un problema de HTTP Request Forgery en Varnish Cache 5.x y 6.x anteriores a 6.0.11, 7.x anteriores a 7.1.2 y 7.2.x anteriores a 7.2.1. • https://docs.varnish-software.com/security/VSV00011 https://lists.debian.org/debian-lts-announce/2022/11/msg00036.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G6ZMOZVBLZXHEV5VRW4I4SOWLQEK5OF5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M4KVVCIQVINQQ2D7ORNARSYALMJUMP3I https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XGF6LFTHXCSYMYUX5HLMVXQH3WHCSFLU https://varnish-cache.org/security/VSV00011.html htt • CWE-918: Server-Side Request Forgery (SSRF) •