CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 0CVE-2022-26490
https://notcve.org/view.php?id=CVE-2022-26490
st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters. La función st21nfca_connectivity_event_received en el archivo drivers/nfc/st21nfca/se.c en el kernel de Linux hasta la versión 5.16.12, presenta desbordamientos de búfer EVT_TRANSACTION debido a parámetros de longitud no confiables • https://github.com/torvalds/linux/commit/4fbcc1a4cb20fe26ad0225679c536c80f1648221 https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BG4J46EMFPDD5QHYXDUI3PJCZQ7HQAZR https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C5AUUDGSDLGYU7SZSK4PFAN22NISQZBT https://security.netapp.com/advisory/ntap-20220429-0004 https://www.debian.org/security/2022/dsa-5127 https://www.debian.org/security/20 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 1CVE-2021-3999 – glibc: Off-by-one buffer overflow/underflow in getcwd()
https://notcve.org/view.php?id=CVE-2021-3999
A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system. Se ha encontrado un fallo en glibc. Un desbordamiento y subdesbordamiento de búfer en la función getcwd() puede conllevar a una corrupción de memoria cuando el tamaño del búfer es exactamente 1. • https://access.redhat.com/security/cve/CVE-2021-3999 https://bugzilla.redhat.com/show_bug.cgi?id=2024637 https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html https://security-tracker.debian.org/tracker/CVE-2021-3999 https://security.netapp.com/advisory/ntap-20221104-0001 https://sourceware.org/bugzilla/show_bug.cgi?id=28769 https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=23e0e8f5f1fb5ed150253d986ecccdc90c2dcd5e https://www.openwall.com/lists/oss-security/2022/01/24/4 • CWE-193: Off-by-one Error •
CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0CVE-2021-3998
https://notcve.org/view.php?id=CVE-2021-3998
A flaw was found in glibc. The realpath() function can mistakenly return an unexpected value, potentially leading to information leakage and disclosure of sensitive data. Se ha encontrado un fallo en glibc. La función realpath() puede devolver por error un valor no esperado, conllevando potencialmente a un filtrado de información y una divulgación de datos confidenciales. • https://access.redhat.com/security/cve/CVE-2021-3998 https://bugzilla.redhat.com/show_bug.cgi?id=2024633 https://security-tracker.debian.org/tracker/CVE-2021-3998 https://security.netapp.com/advisory/ntap-20221020-0003 https://sourceware.org/bugzilla/show_bug.cgi?id=28770 https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=84d2d0fe20bdf94feed82b21b4d7d136db471f03 https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=ee8d5e33adb284601c00c94687bc907e10aec9bb https://www.openwall.com/lists/oss-security/2022 • CWE-125: Out-of-bounds Read CWE-252: Unchecked Return Value •
CVSS: 5.9EPSS: 0%CPEs: 29EXPL: 0CVE-2020-36516 – kernel: off-path attacker may inject data or terminate victim's TCP session
https://notcve.org/view.php?id=CVE-2020-36516
An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session. Se ha detectado un problema en el kernel de Linux versiones hasta 5.16.11. El método de asignación de IPID mixto con la política de asignación de IPID basada en hash permite a un atacante fuera de la ruta inyectar datos en la sesión TCP de una víctima o terminar esa sesión. A TCP/IP packet spoofing attack flaw was found in the Linux kernel’s TCP/IP protocol, where a Man-in-the-Middle Attack (MITM) performs an IP fragmentation attack and an IPID collision. • https://dl.acm.org/doi/10.1145/3372297.3417884 https://security.netapp.com/advisory/ntap-20220331-0003 https://access.redhat.com/security/cve/CVE-2020-36516 https://bugzilla.redhat.com/show_bug.cgi?id=2059928 • CWE-290: Authentication Bypass by Spoofing CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 8.1EPSS: 0%CPEs: 58EXPL: 0CVE-2022-23308 – libxml2: Use-after-free of ID and IDREF attributes
https://notcve.org/view.php?id=CVE-2022-23308
valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. El archivo valid.c en libxml2 versiones anteriores a 2.9.13, presenta un uso de memoria previamente liberada de los atributos ID e IDREF. A flaw was found in libxml2. A call to the xmlGetID function can return a pointer already freed when parsing an XML document with the XML_PARSE_DTDVALID option and without the XML_PARSE_NOENT option, resulting in a use-after-free issue. • http://seclists.org/fulldisclosure/2022/May/33 http://seclists.org/fulldisclosure/2022/May/34 http://seclists.org/fulldisclosure/2022/May/35 http://seclists.org/fulldisclosure/2022/May/36 http://seclists.org/fulldisclosure/2022/May/37 http://seclists.org/fulldisclosure/2022/May/38 https://github.com/GNOME/libxml2/commit/652dd12a858989b14eed4e84e453059cd3ba340e https://gitlab.gnome.org/GNOME/libxml2/-/blob/v2.9.13/NEWS https://lists.debian.org/debian-lts-announce/2022/04/msg00004. • CWE-416: Use After Free •