CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-2553 – booth: authfile directive in booth config file is completely ignored.
https://notcve.org/view.php?id=CVE-2022-2553
28 Jul 2022 — The authfile directive in the booth config file is ignored, preventing use of authentication in communications from node to node. As a result, nodes that do not have the correct authentication key are not prevented from communicating with other nodes in the cluster. La directiva authfile en el archivo de configuración de booth es ignorada, impidiendo el uso de la autenticación en las comunicaciones de nodo a nodo. Como resultando, los nodos que no presentan la clave de autenticación correcta no son impedido... • https://github.com/ClusterLabs/booth/commit/35bf0b7b048d715f671eb68974fb6b4af6528c67 • CWE-287: Improper Authentication •
CVSS: 5.5EPSS: 0%CPEs: 44EXPL: 0CVE-2022-36879 – kernel: xfrm_expand_policies() in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice
https://notcve.org/view.php?id=CVE-2022-36879
27 Jul 2022 — An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice. Se ha detectado un problema en el kernel de Linux versiones hasta 5.18.14. la función xfrm_expand_policies en el archivo net/xfrm/xfrm_policy.c puede causar que un refcount sea descartado dos veces A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). An error while resolving policies in xfrm_bundle_lookup causes the re... • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=f85daf0e725358be78dfd208dea5fd665d8cb901 • CWE-911: Improper Update of Reference Count •
CVSS: 7.8EPSS: 4%CPEs: 14EXPL: 2CVE-2022-36946 – kernel: DoS in nfqnl_mangle in net/netfilter/nfnetlink_queue.c
https://notcve.org/view.php?id=CVE-2022-36946
27 Jul 2022 — nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len. La función nfqnl_mangle en el archivo net/netfilter/nfnetlink_queue.c en el kernel de Linux versiones hasta 5.18.14, permite a atacantes remotos causar una denegación de servicio (pánico) porque, en el caso de un veredicto nf_queue con ... • https://github.com/Pwnzer0tt1/CVE-2022-36946 •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 2CVE-2020-7677 – Arbitrary Code Execution
https://notcve.org/view.php?id=CVE-2020-7677
25 Jul 2022 — This affects the package thenify before 3.3.1. The name argument provided to the package can be controlled by users without any sanitization, and this is provided to the eval function without any sanitization. Esto afecta al paquete thenify antes de la versión 3.3.1. El argumento del nombre proporcionado al paquete puede ser controlado por los usuarios sin ningún tipo de sanitización, y este es proporcionado a la función eval sin ninguna sanitización It was discovered that thenify incorrectly handled certai... • https://github.com/thenables/thenify/blob/master/index.js%23L17 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-26306 – Execution of Untrusted Macros Due to Improper Certificate Validation
https://notcve.org/view.php?id=CVE-2022-26306
25 Jul 2022 — LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where the required initialization vector for encryption was always the same which weakens the security of the encryption making them vulnerable if an attacker has access to the user's configuration data. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.7; 7.3 ver... • http://www.openwall.com/lists/oss-security/2022/08/13/1 • CWE-326: Inadequate Encryption Strength CWE-330: Use of Insufficiently Random Values •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-26307 – Weak Master Keys
https://notcve.org/view.php?id=CVE-2022-26307
25 Jul 2022 — LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where master key was poorly encoded resulting in weakening its entropy from 128 to 43 bits making the stored passwords vulerable to a brute force attack if an attacker has access to the users stored config. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.7; 7.3 ... • http://www.openwall.com/lists/oss-security/2022/08/13/2 • CWE-326: Inadequate Encryption Strength •
CVSS: 8.1EPSS: 11%CPEs: 3EXPL: 1CVE-2022-31163 – TZInfo relative path traversal vulnerability allows loading of arbitrary files
https://notcve.org/view.php?id=CVE-2022-31163
21 Jul 2022 — TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using time zone rules. Versions prior to 0.36.1, as well as those prior to 1.2.10 when used with the Ruby data source tzinfo-data, are vulnerable to relative path traversal. With the Ruby data source, time zones are defined in Ruby files. There is one file per time zone. Time zone files are loaded with `require` on demand. • https://github.com/tzinfo/tzinfo/commit/9905ca93abf7bf3e387bd592406e403cd18334c7 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-46828 – libtirpc: DoS vulnerability with lots of connections
https://notcve.org/view.php?id=CVE-2021-46828
20 Jul 2022 — In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svc_run infinite loop without accepting new connections. En libtirpc versiones anteriores a 1.3.3rc1, los atacantes remotos podían agotar los descriptores de archivo de un proceso que usa libtirpc porque las conexiones TCP inactivas son manejadas inapropiadamente. Esto puede, a su vez, conllevar a un bucle infinito svc_run... • http://git.linux-nfs.org/?p=steved/libtirpc.git%3Ba=commit%3Bh=86529758570cef4c73fb9b9c4104fdc510f701ed • CWE-400: Uncontrolled Resource Consumption CWE-755: Improper Handling of Exceptional Conditions CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.4EPSS: 6%CPEs: 20EXPL: 1CVE-2022-31160 – jQuery UI contains potential XSS vulnerability when refreshing a checkboxradio with an HTML-like initial text label
https://notcve.org/view.php?id=CVE-2022-31160
20 Jul 2022 — jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Versions prior to 1.13.2 are potentially vulnerable to cross-site scripting. Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents considered as the input label. Calling `.checkboxradio( "refresh" )` on such a widget and the initial HTML contained encoded HTML entities will make them erroneously get decoded. This can lead to potentially executing ... • https://blog.jqueryui.com/2022/07/jquery-ui-1-13-2-released • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-1924 – gstreamer-plugins-good: Potential heap overwrite in mkv demuxing using lzo decompression
https://notcve.org/view.php?id=CVE-2022-1924
19 Jul 2022 — DOS / potential heap overwrite in mkv demuxing using lzo decompression. Integer overflow in matroskademux element in lzo decompression function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite. If the libc uses mmap for large chunks, and the OS supports mmap, then it is just a segfault (because the realloc before the integer overflow will use mremap to reduce the... • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1225 • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •