CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1CVE-2022-2078 – kernel: buffer overflow in nft_set_desc_concat_parse()
https://notcve.org/view.php?id=CVE-2022-2078
A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allows an attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and possibly to run code. Se ha encontrado una vulnerabilidad en la función nft_set_desc_concat_parse() del kernel de Linux. Este fallo permite a un atacante desencadenar un desbordamiento de búfer por medio de la función nft_set_desc_concat_parse() , causando una denegación de servicio y posiblemente una ejecución de código • https://github.com/delsploit/CVE-2022-2078 https://bugzilla.redhat.com/show_bug.cgi?id=2096178 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/netfilter/nf_tables_api.c?id=fecf31ee395b0295f2d7260aa29946b7605f7c85 https://www.debian.org/security/2022/dsa-5161 https://access.redhat.com/security/cve/CVE-2022-2078 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-121: Stack-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 1CVE-2022-1708 – cri-o: memory exhaustion on the node when access to the kube api
https://notcve.org/view.php?id=CVE-2022-1708
A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. The ExecSync request runs commands in a container and logs the output of the command. This output is then read by CRI-O after command execution, and it is read in a manner where the entire file corresponding to the output of the command is read in. Thus, if the output of the command is large it is possible to exhaust the memory or the disk space of the node when CRI-O reads the output of the command. The highest threat from this vulnerability is system availability. • https://bugzilla.redhat.com/show_bug.cgi?id=2085361 https://github.com/cri-o/cri-o/commit/f032cf649ecc7e0c46718bd9e7814bfb317cb544 https://github.com/cri-o/cri-o/security/advisories/GHSA-fcm2-6c3h-pg6j https://access.redhat.com/security/cve/CVE-2022-1708 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 4.7EPSS: 0%CPEs: 5EXPL: 0CVE-2022-0207 – vdsm: disclosure of sensitive values in log files
https://notcve.org/view.php?id=CVE-2022-0207
A race condition was found in vdsm. Functionality to obfuscate sensitive values in log files that may lead to values being stored in clear text. Se encontró una condición de carrera en vdsm. Funcionalidad para ofuscar valores sensibles en archivos de registro que puede conllevar a que los valores sean almacenados en texto sin cifrar. • https://access.redhat.com/security/cve/CVE-2022-0207 https://bugzilla.redhat.com/show_bug.cgi?id=2033697 https://bugzilla.redhat.com/show_bug.cgi?id=2039248 https://gerrit.ovirt.org/c/vdsm/+/118025 https://gerrit.ovirt.org/gitweb?p=vdsm.git%3Ba=commit%3Bh=53b0036fc72d3b8877d4e7f047d705e5a4c722e8 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-1706 – ignition: configs are accessible from unprivileged containers in VMs running on VMware products
https://notcve.org/view.php?id=CVE-2022-1706
A vulnerability was found in Ignition where ignition configs are accessible from unprivileged containers in VMs running on VMware products. This issue is only relevant in user environments where the Ignition config contains secrets. The highest threat from this vulnerability is to data confidentiality. Possible workaround is to not put secrets in the Ignition config. Se ha encontrado una vulnerabilidad en Ignition en la que las configuraciones de encendido son accesibles desde contenedores no privilegiados en máquinas virtuales que son ejecutados en productos VMware. • https://bugzilla.redhat.com/show_bug.cgi?id=2082274 https://github.com/coreos/ignition/commit/4b70b44b430ecf8377a276e89b5acd3a6957d4ea https://github.com/coreos/ignition/issues/1300 https://github.com/coreos/ignition/issues/1315 https://github.com/coreos/ignition/pull/1350 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LY7LKGMQMXV6DGD263YQHNSLOJJ5VLV5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NP765L7TJI7CD4XVOHUWZVRYRH3FYBOR https:/& • CWE-863: Incorrect Authorization •
CVSS: 5.5EPSS: 0%CPEs: 34EXPL: 0CVE-2021-3669 – kernel: reading /proc/sysvipc/shm does not scale with large shared memory segment counts
https://notcve.org/view.php?id=CVE-2021-3669
A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS. Se ha encontrado un fallo en el kernel de Linux. La medición del uso de la memoria compartida no escala con grandes recuentos de segmentos de memoria compartida, lo que podría conllevar a el agotamiento de recursos y el DoS. • https://access.redhat.com/security/cve/CVE-2021-3669 https://bugzilla.redhat.com/show_bug.cgi?id=1980619 https://bugzilla.redhat.com/show_bug.cgi?id=1986473 https://security-tracker.debian.org/tracker/CVE-2021-3669 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •