CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-3248 – Openshift api admission checks does not enforce "custom-host" permissions
https://notcve.org/view.php?id=CVE-2022-3248
A flaw was found in OpenShift API, as admission checks do not enforce "custom-host" permissions. This issue could allow an attacker to violate the boundaries, as permissions will not be applied. Se encontró una falla en la API de OpenShift, ya que las comprobaciones de admisión no aplican permisos de "custom-host". Este problema podría permitir que un atacante viole los límites, ya que no se aplicarán los permisos. • https://access.redhat.com/security/cve/CVE-2022-3248 https://bugzilla.redhat.com/show_bug.cgi?id=2072188 • CWE-863: Incorrect Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-4145 – Content spoofing
https://notcve.org/view.php?id=CVE-2022-4145
A content spoofing flaw was found in OpenShift's OAuth endpoint. This flaw allows a remote, unauthenticated attacker to inject text into a webpage, enabling the obfuscation of a phishing operation. Se encontró una falla de suplantación de contenido en el endpoint OAuth de OpenShift. Esta falla permite que un atacante remoto y no autenticado inyecte texto en una página web, lo que permite ofuscar una operación de phishing. • https://access.redhat.com/security/cve/CVE-2022-4145 https://bugzilla.redhat.com/show_bug.cgi?id=2148667 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-3576 – Libtiff: memory leak in tiffcrop.c
https://notcve.org/view.php?id=CVE-2023-3576
A memory leak flaw was found in Libtiff's tiffcrop utility. This issue occurs when tiffcrop operates on a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes this memory leak issue, resulting an application crash, eventually leading to a denial of service. Se encontró una falla de pérdida de memoria en la utilidad tiffcrop de Libatiff. Este problema se produce cuando tiffcrop opera en un archivo de imagen TIFF, lo que permite a un atacante pasar un archivo de imagen TIFF manipulado a la utilidad tiffcrop, lo que provoca este problema de pérdida de memoria, un bloqueo de la aplicación y, finalmente, una denegación de servicio. • https://access.redhat.com/errata/RHSA-2023:6575 https://access.redhat.com/security/cve/CVE-2023-3576 https://bugzilla.redhat.com/show_bug.cgi?id=2219340 https://lists.debian.org/debian-lts-announce/2024/03/msg00011.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2023-4692 – Grub2: out-of-bounds write at fs/ntfs.c may lead to unsigned code execution
https://notcve.org/view.php?id=CVE-2023-4692
An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub's heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap metadata. As a result, arbitrary code execution and secure boot protection bypass may be achieved. Se encontró una falla de escritura fuera de los límites en el controlador del sistema de archivos NTFS de grub2. • https://access.redhat.com/errata/RHSA-2024:2456 https://access.redhat.com/errata/RHSA-2024:3184 https://access.redhat.com/security/cve/CVE-2023-4692 https://bugzilla.redhat.com/show_bug.cgi?id=2236613 https://dfir.ru/2023/10/03/cve-2023-4692-cve-2023-4693-vulnerabilities-in-the-grub-boot-manager https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUU42E7CPYLATXOYVYNW6YTXXULAOV6L https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.or • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 1CVE-2023-4693 – Grub2: out-of-bounds read at fs/ntfs.c
https://notcve.org/view.php?id=CVE-2023-4693
An out-of-bounds read flaw was found on grub2's NTFS filesystem driver. This issue may allow a physically present attacker to present a specially crafted NTFS file system image to read arbitrary memory locations. A successful attack allows sensitive data cached in memory or EFI variable values to be leaked, presenting a high Confidentiality risk. Se encontró una falla de lectura fuera de los límites en el controlador del sistema de archivos NTFS de grub2. Este problema puede permitir que un atacante físicamente presente presente una imagen del sistema de archivos NTFS especialmente manipulada para leer ubicaciones de memoria arbitrarias. • https://access.redhat.com/errata/RHSA-2024:2456 https://access.redhat.com/errata/RHSA-2024:3184 https://access.redhat.com/security/cve/CVE-2023-4693 https://bugzilla.redhat.com/show_bug.cgi?id=2238343 https://dfir.ru/2023/10/03/cve-2023-4692-cve-2023-4693-vulnerabilities-in-the-grub-boot-manager https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUU42E7CPYLATXOYVYNW6YTXXULAOV6L https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.or • CWE-125: Out-of-bounds Read •