CVE-2022-32545
https://notcve.org/view.php?id=CVE-2022-32545
A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior. Se ha encontrado una vulnerabilidad en ImageMagick, que causa un fallo fuera del rango de valores representables del tipo "unsigned char" en el archivo coders/psd.c, cuando se procesa una entrada diseñada o no confiable. Esto conlleva a un impacto negativo en la disponibilidad de la aplicación u otros problemas relacionados con el comportamiento no definido • https://bugzilla.redhat.com/show_bug.cgi?id=2091811 https://github.com/ImageMagick/ImageMagick/commit/9c9a84cec4ab28ee0b57c2b9266d6fbe68183512 https://github.com/ImageMagick/ImageMagick6/commit/450949ed017f009b399c937cf362f0058eacc5fa https://lists.debian.org/debian-lts-announce/2023/05/msg00020.html • CWE-190: Integer Overflow or Wraparound •
CVE-2022-28327 – golang: crypto/elliptic: panic caused by oversized scalar
https://notcve.org/view.php?id=CVE-2022-28327
The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input. La característica genérica P-256 en crypto/elliptic en Go versiones anteriores a 1.17.9 y versiones 1.18.x anteriores a 1.18.1, permite un pánico por medio de una entrada escalar larga An integer overflow flaw was found in Golang's crypto/elliptic library. This flaw allows an attacker to use a crafted scaler input longer than 32 bytes, causing P256().ScalarMult or P256().ScalarBaseMult to panic, leading to a loss of availability. • https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf https://groups.google.com/g/golang-announce https://groups.google.com/g/golang-announce/c/oecdBNLOml8 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42TYZC4OAY54TO75FBEFAPV5G7O4D5TM https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F3BMW5QGX53CMIJIZWKXFKBJX2C5GWTY https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NY6GEAJMNKKMU5H46QO4D7D6A24KSPXE h • CWE-190: Integer Overflow or Wraparound •
CVE-2022-0983
https://notcve.org/view.php?id=CVE-2022-0983
An SQL injection risk was identified in Badges code relating to configuring criteria. Access to the relevant capability was limited to teachers and managers by default. Se identificó un riesgo de inyección SQL en el código deBadges relacionado con la configuración de criterios. El acceso a la capacidad correspondiente estaba limitado por defecto a los profesores y administradores • https://bugzilla.redhat.com/show_bug.cgi?id=2064119 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G4GRMWBGHOJMFXMTORECQNULJK7ZJJ6Y • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2022-27191 – golang: crash in a golang.org/x/crypto/ssh server
https://notcve.org/view.php?id=CVE-2022-27191
The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey. El paquete golang.org/x/crypto/ssh anterior a 0.0.0-20220314234659-1baeb1ce4c0b para Go permite a un atacante bloquear un servidor en ciertas circunstancias que implican AddHostKey A broken cryptographic algorithm flaw was found in golang.org/x/crypto/ssh. This issue causes a client to fail authentication with RSA keys to servers that reject signature algorithms based on SHA-2, enabling an attacker to crash the server, resulting in a loss of availability. • https://groups.google.com/g/golang-announce https://groups.google.com/g/golang-announce/c/-cp44ypCT5s https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZ3S7LB65N54HXXBCB67P4TTOHTNPP5O https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HHGBEGJ54DZZGTXFUQNS7ZIG3E624YAF https://lists.fedoraproject.org/archives/list/package-announce%40lis • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVE-2022-0725
https://notcve.org/view.php?id=CVE-2022-0725
A flaw was found in keepass. The vulnerability occurs due to logging the plain text passwords in system log and leads to an Information Exposure vulnerability. This flaw allows an attacker to interact and read sensitive passwords and logs. Se ha encontrado un fallo en keepass. La vulnerabilidad se produce debido al registro de las contraseñas en texto plano en el registro del sistema y conduce a una vulnerabilidad de exposición de información. • https://bugzilla.redhat.com/show_bug.cgi?id=2052696 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-532: Insertion of Sensitive Information into Log File •