CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 2CVE-2022-2850 – 389-ds-base: SIGSEGV in sync_repl
https://notcve.org/view.php?id=CVE-2022-2850
A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. This CVE is assigned against an incomplete fix of CVE-2021-3514. Se ha encontrado un fallo en 389-ds-base. • https://access.redhat.com/security/cve/CVE-2022-2850 https://bugzilla.redhat.com/show_bug.cgi?id=2118691 https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 2CVE-2022-2990 – buildah: possible information disclosure and modification
https://notcve.org/view.php?id=CVE-2022-2990
An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container. Un manejo incorrecto de los grupos suplementarios en el motor de contenedores de Buildah podría conllevar a una divulgación de información confidencial o una posible modificación de datos si un atacante presenta acceso directo al contenedor afectado donde son usados los grupos suplementarios para establecer los permisos de acceso y es capaz de ejecutar un código binario en ese contenedor • https://bugzilla.redhat.com/show_bug.cgi?id=2121453 https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation https://access.redhat.com/security/cve/CVE-2022-2990 • CWE-842: Placement of User into Incorrect Group CWE-863: Incorrect Authorization •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 2CVE-2022-2989 – podman: possible information disclosure and modification
https://notcve.org/view.php?id=CVE-2022-2989
An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container. Un manejo incorrecto de los grupos suplementarios en el motor de contenedores Podman podría conllevar a una divulgación de información confidencial o una posible modificación de datos si un atacante presenta acceso directo al contenedor afectado donde son usados grupos suplementarios para establecer permisos de acceso y es capaz de ejecutar un código binario en ese contenedor • https://bugzilla.redhat.com/show_bug.cgi?id=2121445 https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation https://access.redhat.com/security/cve/CVE-2022-2989 • CWE-842: Placement of User into Incorrect Group CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 0CVE-2022-2964 – kernel: memory corruption in AX88179_178A based USB ethernet device.
https://notcve.org/view.php?id=CVE-2022-2964
A flaw was found in the Linux kernel’s driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes. Se ha encontrado un fallo en el controlador del kernel de Linux para los dispositivos USB 2.0/3.0 Gigabit Ethernet basados en ASIX versión AX88179_178A. La vulnerabilidad contiene múltiples lecturas fuera de límites y posibles escrituras fuera de límites • https://bugzilla.redhat.com/show_bug.cgi?id=2067482 https://security.netapp.com/advisory/ntap-20230113-0001 https://access.redhat.com/security/cve/CVE-2022-2964 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 4CVE-2022-2639 – kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size()
https://notcve.org/view.php?id=CVE-2022-2639
An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system. Se ha encontrado un error de coerción de enteros en el módulo del kernel openvswitch. Dado un número suficientemente grande de acciones, mientras ses copiado y es reservada memoria para una nueva acción de un nuevo flujo, la función reserve_sfa_size() no devuelve -EMSGSIZE como es esperado, conllevando potencialmente a un acceso de escritura fuera de límites. • https://github.com/bb33bb/CVE-2022-2639-PipeVersion https://github.com/letsr00t/-2022-LOCALROOT-CVE-2022-2639 https://github.com/EkamSinghWalia/Detection-and-Mitigation-for-CVE-2022-2639 https://bugzilla.redhat.com/show_bug.cgi?id=2084479 https://github.com/torvalds/linux/commit/cefa91b2332d7009bc0be5d951d6cbbf349f90f8 https://access.redhat.com/security/cve/CVE-2022-2639 • CWE-192: Integer Coercion Error CWE-681: Incorrect Conversion between Numeric Types •