CVSS: 3.7EPSS: 0%CPEs: 4EXPL: 0CVE-2021-36368
https://notcve.org/view.php?id=CVE-2021-36368
An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without -oLogLevel=verbose, and an attacker has silently modified the server to support the None authentication option, then the user cannot determine whether FIDO authentication is going to confirm that the user wishes to connect to that server, or that the user wishes to allow that server to connect to a different server on the user's behalf. NOTE: the vendor's position is "this is not an authentication bypass, since nothing is being bypassed. ** EN DISPUTA ** Se ha detectado un problema en OpenSSH versiones anteriores a 8.9. Si un cliente está usando autenticación de clave pública con reenvío de agentes pero sin -oLogLevel=verbose, y un atacante ha modificado silenciosamente el servidor para que soporte la opción de autenticación None, entonces el usuario no puede determinar si la autenticación FIDO va a confirmar que el usuario desea conectarse a ese servidor, o que el usuario desea permitir que ese servidor sea conectado a un servidor diferente en nombre del usuario. NOTA: la posición del proveedor es que "esto no es una omisión de la autenticación, ya que no está omitiéndose nada" • https://bugzilla.mindrot.org/show_bug.cgi?id=3316 https://docs.ssh-mitm.at/trivialauth.html https://github.com/openssh/openssh-portable/pull/258 https://security-tracker.debian.org/tracker/CVE-2021-36368 https://www.openssh.com/security.html • CWE-287: Improper Authentication •
CVSS: 5.5EPSS: 0%CPEs: 17EXPL: 0CVE-2022-26966
https://notcve.org/view.php?id=CVE-2022-26966
An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to obtain sensitive information from heap memory via crafted frame lengths from a device. Se ha detectado un problema en el kernel de Linux versiones anteriores a 5.16.12. El archivo drivers/net/usb/sr9700.c permite a atacantes obtener información confidencial de la memoria de la pila por medio de tramas diseñadas desde un dispositivo • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.10 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e9da0b56fe27206b49f39805f7dcda8a89379062 https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html https://security.netapp.com/advisory/ntap-20220419-0001 •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 1CVE-2022-26874
https://notcve.org/view.php?id=CVE-2022-26874
lib/Horde/Mime/Viewer/Ooo.php in Horde Mime_Viewer before 2.2.4 allows XSS via an OpenOffice document, leading to account takeover in Horde Groupware Webmail Edition. This occurs after XSLT rendering. el archivo lib/Horde/Mime/Viewer/Ooo.php en Horde Mime_Viewer versiones anteriores a 2.2.4, permite un ataque de tipo XSS por medio de un documento de OpenOffice, conllevando a la toma de posesión de la cuenta en Horde Groupware Webmail Edition. Esto ocurre después de la renderización de XSLT • https://blog.sonarsource.com/horde-webmail-account-takeover-via-email https://github.com/horde/Mime_Viewer/commit/02b46cec1a7e8f1a6835b628850cd56b85963bb5 https://lists.debian.org/debian-lts-announce/2022/06/msg00007.html https://lists.debian.org/debian-lts-announce/2022/08/msg00021.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 77EXPL: 1CVE-2020-36518 – jackson-databind: denial of service via a large depth of nested objects
https://notcve.org/view.php?id=CVE-2020-36518
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects. jackson-databind versiones anteriores a 2.13.0, permite una excepción Java StackOverflow y una denegación de servicio por medio de una gran profundidad de objetos anidados A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects. • https://github.com/FasterXML/jackson-databind/issues/2816 https://lists.debian.org/debian-lts-announce/2022/05/msg00001.html https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html https://security.netapp.com/advisory/ntap-20220506-0004 https://www.debian.org/security/2022/dsa-5283 https://www.oracle.com/security-alerts/cpuapr2022.html https://www.oracle.com/security-alerts/cpujul2022.html https://access.redhat.com/security/cve/CVE-2020-36518 https://bugzilla.redhat.com/ • CWE-400: Uncontrolled Resource Consumption CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-24754 – Buffer overflow in pjsip
https://notcve.org/view.php?id=CVE-2022-24754
PJSIP is a free and open source multimedia communication library written in C language. In versions prior to and including 2.12 PJSIP there is a stack-buffer overflow vulnerability which only impacts PJSIP users who accept hashed digest credentials (credentials with data_type `PJSIP_CRED_DATA_DIGEST`). This issue has been patched in the master branch of the PJSIP repository and will be included with the next release. Users unable to upgrade need to check that the hashed digest data length must be equal to `PJSIP_MD5STRLEN` before passing to PJSIP. PJSIP es una biblioteca de comunicación multimedia gratuita y de código abierto escrita en lenguaje C. • https://github.com/pjsip/pjproject/commit/d27f79da11df7bc8bb56c2f291d71e54df8d2c47 https://github.com/pjsip/pjproject/security/advisories/GHSA-73f7-48m9-w662 https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html https://security.gentoo.org/glsa/202210-37 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-1284: Improper Validation of Specified Quantity in Input •