CVSS: 7.0EPSS: 0%CPEs: 6EXPL: 0CVE-2023-1476 – Kpatch: mm/mremap.c: incomplete fix for cve-2022-41222
https://notcve.org/view.php?id=CVE-2023-1476
05 Apr 2023 — A use-after-free flaw was found in the Linux kernel’s mm/mremap memory address space accounting source code. This issue occurs due to a race condition between rmap walk and mremap, allowing a local user to crash the system or potentially escalate their privileges on the system. Se encontró una falla de use-after-free en el código fuente de contabilidad del espacio de direcciones de memoria mm/mremap del kernel de Linux. Este problema ocurre debido a una condición de ejecución entre rmap walk y mremap, lo qu... • https://access.redhat.com/errata/RHSA-2023:1659 • CWE-416: Use After Free •
CVSS: 7.6EPSS: 0%CPEs: 13EXPL: 0CVE-2022-1274 – keycloak: HTML injection in execute-actions-email Admin REST API
https://notcve.org/view.php?id=CVE-2022-1274
02 Mar 2023 — A flaw was found in Keycloak in the execute-actions-email endpoint. This issue allows arbitrary HTML to be injected into emails sent to Keycloak users and can be misused to perform phishing or other attacks against users. Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.6.2 serves as a replacement for Red Hat Single Sign-On 7.... • https://bugzilla.redhat.com/show_bug.cgi?id=2073157 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 7.8EPSS: 0%CPEs: 35EXPL: 0CVE-2023-0494 – X.Org Server DeepCopyPointerClasses Use-After-Free Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-0494
07 Feb 2023 — A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions. This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the abilit... • https://bugzilla.redhat.com/show_bug.cgi?id=2165995 • CWE-416: Use After Free •
CVSS: 5.0EPSS: 0%CPEs: 5EXPL: 0CVE-2022-3962 – Kiali: error message spoofing in kiali ui
https://notcve.org/view.php?id=CVE-2022-3962
31 Jan 2023 — A content spoofing vulnerability was found in Kiali. It was discovered that Kiali does not implement error handling when the page or endpoint being accessed cannot be found. This issue allows an attacker to perform arbitrary text injection when an error response is retrieved from the URL being accessed. Se encontró una vulnerabilidad de suplantación de contenido en Kiali. Se descubrió que Kiali no implementa el manejo de errores cuando no se puede encontrar la página o el endpoint al que se accede. • https://access.redhat.com/errata/RHSA-2023:0542 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 7.8EPSS: 0%CPEs: 26EXPL: 3CVE-2023-0179 – kernel: Netfilter integer overflow vulnerability in nft_payload_copy_vlan
https://notcve.org/view.php?id=CVE-2023-0179
24 Jan 2023 — A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution. Davide Ornaghi discovered that the netfilter subsystem in the Linux kernel did not properly handle VLAN headers in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. It was discov... • https://github.com/TurtleARM/CVE-2023-0179-PoC • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.6EPSS: 0%CPEs: 12EXPL: 0CVE-2022-2601 – grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass
https://notcve.org/view.php?id=CVE-2022-2601
16 Nov 2022 — A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism. Se encontró un desbordamiento del búfer en grub_font_construct_glyph(). Una fuente pf2 manipulada maliciosamente puede provocar un desbordamien... • https://bugzilla.redhat.com/show_bug.cgi?id=2112975#c0 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 41EXPL: 0CVE-2021-3695 – grub2: Crafted PNG grayscale images may lead to out-of-bounds write in heap
https://notcve.org/view.php?id=CVE-2021-3695
10 Jun 2022 — A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an attacker needs to perform some triage over the heap layout to achieve signifcant results, also the values written into the memory are repeated three times in a row making difficult to produce valid payloads. This flaw af... • https://bugzilla.redhat.com/show_bug.cgi?id=1991685 • CWE-787: Out-of-bounds Write •
CVSS: 6.9EPSS: 0%CPEs: 40EXPL: 0CVE-2021-3696 – grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling
https://notcve.org/view.php?id=CVE-2021-3696
10 Jun 2022 — A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be considered Low as it's very complex to an attacker control the encoding and positioning of corrupted Huffman entries to achieve results such as arbitrary code execution and/or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12. Puede producirse una escritura fuera de límites de la p... • https://bugzilla.redhat.com/show_bug.cgi?id=1991686 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 39EXPL: 0CVE-2021-3697 – grub2: Crafted JPEG image can lead to buffer underflow write in the heap
https://notcve.org/view.php?id=CVE-2021-3697
10 Jun 2022 — A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data corruption and eventual code execution or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12. Una imagen JPEG diseñada puede conllevar que el lector de JPEG desborde su p... • https://bugzilla.redhat.com/show_bug.cgi?id=1991687 • CWE-787: Out-of-bounds Write •
CVSS: 6.8EPSS: 0%CPEs: 21EXPL: 0CVE-2021-3975 – libvirt: segmentation fault during VM shutdown can lead to vdsm hang
https://notcve.org/view.php?id=CVE-2021-3975
03 May 2022 — A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the virConnectGetAllDomainStats API when the guest is shutting down. An unprivileged client with a read-only connection could use this flaw to perform a denial of service attack by causing the libvirt daemon to crash. Se ha encontrado un fallo de uso de memoria previamente liberad... • https://access.redhat.com/security/cve/CVE-2021-3975 • CWE-416: Use After Free •