CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-47021
https://notcve.org/view.php?id=CVE-2022-47021
A null pointer dereference issue was discovered in functions op_get_data and op_open1 in opusfile.c in xiph opusfile 0.9 thru 0.12 allows attackers to cause denial of service or other unspecified impacts. Se descubrió un problema de desreferencia de puntero null en las funciones op_get_data y op_open1 en opusfile.c en xiph opusfile 0.9 a 0.12 que permite a los atacantes causar denegación de servicio u otros impactos no especificados. • https://github.com/xiph/opusfile/commit/0a4cd796df5b030cb866f3f4a5e41a4b92caddf5 https://github.com/xiph/opusfile/issues/36 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ODIA6QRIRBNF2HRXOE5VCZ2AFP4ZB4R https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4LIKBLOE433RA44YTYUZLED4IOWJG5DV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ED4CWLBR2WQ2IXXTHZ24UYZBRNCLMJXH https://lists.fedoraproject.org/archives/list/package-announ • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 12CVE-2023-22809 – sudo 1.8.0 to 1.9.12p1 - Privilege Escalation
https://notcve.org/view.php?id=CVE-2023-22809
In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value. En Sudo anterior a 1.9.12p2, la función sudoedit (también conocida como -e) maneja mal argumentos adicionales pasados en las variables de entorno proporcionadas por el usuario (SUDO_EDITOR, VISUAL y EDITOR), permitiendo a un atacante local agregar entradas arbitrarias a la lista de archivos para procesar. . • https://www.exploit-db.com/exploits/51217 https://github.com/n3m1sys/CVE-2023-22809-sudoedit-privesc https://github.com/Chan9Yan9/CVE-2023-22809 https://github.com/Toothless5143/CVE-2023-22809 https://github.com/3yujw7njai/CVE-2023-22809-sudo-POC https://github.com/pashayogi/CVE-2023-22809 https://github.com/M4fiaB0y/CVE-2023-22809 https://github.com/asepsaepdin/CVE-2023-22809 https://github.com/AntiVlad/CVE-2023-22809 http://packetstormsecurity.com/files/171644/sudo-1.9.12p • CWE-269: Improper Privilege Management •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 2CVE-2018-14628
https://notcve.org/view.php?id=CVE-2018-14628
An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the LDAP store. Se descubrió una vulnerabilidad de fuga de información en el servidor LDAP de Samba. Debido a la falta de comprobaciones de control de acceso, un atacante autenticado pero sin privilegios podría descubrir los nombres y atributos conservados de los objetos eliminados en el almacén LDAP. • http://www.openwall.com/lists/oss-security/2023/11/28/4 https://bugzilla.redhat.com/show_bug.cgi?id=1625445 https://bugzilla.samba.org/show_bug.cgi?id=13595 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DK57HQRTCDOZDIIICYWQ4Z5IQXTWVVW https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ACVMYEP5KJRL3FWSCZW2MQZ26IVPXY62 • CWE-862: Missing Authorization •
CVSS: 8.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-47318 – ruby-git: code injection vulnerability
https://notcve.org/view.php?id=CVE-2022-47318
ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product. This vulnerability is different from CVE-2022-46648. Las versiones de ruby-git anteriores a v1.13.0 permiten a un atacante remoto autenticado ejecutar un código Ruby arbitrario haciendo que un usuario cargue en el producto un repositorio que contiene un nombre de archivo especialmente manipulado. Esta vulnerabilidad es diferente de CVE-2022-46648. A code injection flaw was found in the ruby-git package. • https://github.com/ruby-git/ruby-git https://github.com/ruby-git/ruby-git/pull/602 https://jvn.jp/en/jp/JVN16765254/index.html https://lists.debian.org/debian-lts-announce/2023/01/msg00043.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KPFLSZPUM7APWVBRM5DCAY5OUVQBF4K https://access.redhat.com/security/cve/CVE-2022-47318 https://bugzilla.redhat.com/show_bug.cgi?id=2159672 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 1CVE-2023-23589
https://notcve.org/view.php?id=CVE-2023-23589
The SafeSocks option in Tor before 0.4.7.13 has a logic error in which the unsafe SOCKS4 protocol can be used but not the safe SOCKS4a protocol, aka TROVE-2022-002. La opción SafeSocks en Tor anterior a 0.4.7.13 tiene un error lógico en el que se puede usar el protocolo SOCKS4 inseguro pero no el protocolo SOCKS4a seguro, también conocido como TROVE-2022-002. • https://gitlab.torproject.org/tpo/core/tor/-/commit/a282145b3634547ab84ccd959d0537c021ff7ffc https://gitlab.torproject.org/tpo/core/tor/-/issues/40730 https://gitlab.torproject.org/tpo/core/tor/-/raw/release-0.4.7/ReleaseNotes https://lists.debian.org/debian-lts-announce/2023/01/msg00026.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IYOLTP6HQO2HPXUYKOR7P5YYYN7CINQQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message •