Page 3 of 26 results (0.011 seconds)

CVSS: 7.8EPSS: 0%CPEs: 19EXPL: 0

CVE-2022-4318 – Cri-o: /etc/passwd tampering privesc

https://notcve.org/view.php?id=CVE-2022-4318

A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable. Se encontró una vulnerabilidad en cri-o. Este problema permite la adición de líneas arbitrarias en /etc/passwd mediante el uso de una variable de entorno especialmente manipulada. • https://access.redhat.com/errata/RHSA-2023:1033 https://access.redhat.com/errata/RHSA-2023:1503 https://access.redhat.com/security/cve/CVE-2022-4318 https://bugzilla.redhat.com/show_bug.cgi?id=2152703 • CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory CWE-913: Improper Control of Dynamically-Managed Code Resources •

CVSS: 7.5EPSS: 0%CPEs: 29EXPL: 0

CVE-2023-1108 – Undertow: infinite loop in sslconduit during close

https://notcve.org/view.php?id=CVE-2023-1108

A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates. Se encontró una falla en undertow. Este problema hace posible lograr una denegación de servicio debido a un estado de protocolo de enlace inesperado actualizado en SslConduit, donde el bucle nunca termina • https://access.redhat.com/errata/RHSA-2023:1184 https://access.redhat.com/errata/RHSA-2023:1185 https://access.redhat.com/errata/RHSA-2023:1512 https://access.redhat.com/errata/RHSA-2023:1513 https://access.redhat.com/errata/RHSA-2023:1514 https://access.redhat.com/errata/RHSA-2023:1516 https://access.redhat.com/errata/RHSA-2023:2135 https://access.redhat.com/errata/RHSA-2023:3883 https://access.redhat.com/errata/RHSA-2023:3884 https://access.redhat.com/errata/RHSA • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVSS: 7.6EPSS: 0%CPEs: 13EXPL: 0

CVE-2022-1274 – keycloak: HTML injection in execute-actions-email Admin REST API

https://notcve.org/view.php?id=CVE-2022-1274

A flaw was found in Keycloak in the execute-actions-email endpoint. This issue allows arbitrary HTML to be injected into emails sent to Keycloak users and can be misused to perform phishing or other attacks against users. • https://bugzilla.redhat.com/show_bug.cgi?id=2073157 https://github.com/keycloak/keycloak/security/advisories/GHSA-m4fv-gm5m-4725 https://herolab.usd.de/security-advisories/usd-2021-0033 https://access.redhat.com/security/cve/CVE-2022-1274 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •

CVSS: 6.5EPSS: 0%CPEs: 29EXPL: 0

CVE-2023-0056 – haproxy: segfault DoS

https://notcve.org/view.php?id=CVE-2023-0056

An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an authenticated remote attacker to run a specially crafted malicious server in an OpenShift cluster. The biggest impact is to availability. • https://access.redhat.com/security/cve/CVE-2023-0056 https://bugzilla.redhat.com/show_bug.cgi?id=2160808 • CWE-400: Uncontrolled Resource Consumption •

CVSS: 6.8EPSS: 0%CPEs: 15EXPL: 0

CVE-2022-3916 – Keycloak: session takeover with oidc offline refreshtokens

https://notcve.org/view.php?id=CVE-2022-3916

A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user. Se encontró una falla en el alcance offline_access en Keycloak. Este problema afectaría más a los usuarios de ordenadores compartidos (especialmente si las cookies no se borran), debido a la falta de validación de la sesión root y a la reutilización de los identificadores de sesión en las sesiones de autenticación de usuario y root. • https://access.redhat.com/errata/RHSA-2022:8961 https://access.redhat.com/errata/RHSA-2022:8962 https://access.redhat.com/errata/RHSA-2022:8963 https://access.redhat.com/errata/RHSA-2022:8964 https://access.redhat.com/errata/RHSA-2022:8965 https://access.redhat.com/errata/RHSA-2023:1043 https://access.redhat.com/errata/RHSA-2023:1044 https://access.redhat.com/errata/RHSA-2023:1045 https://access.redhat.com/errata/RHSA-2023:1047 https://access.redhat.com/errata/RHSA • CWE-384: Session Fixation CWE-613: Insufficient Session Expiration •