CVSS: 8.6EPSS: 0%CPEs: 12EXPL: 0CVE-2022-2601 – grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass
https://notcve.org/view.php?id=CVE-2022-2601
A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism. Se encontró un desbordamiento del búfer en grub_font_construct_glyph(). Una fuente pf2 manipulada maliciosamente puede provocar un desbordamiento al calcular el valor max_glyph_size, asignando un búfer más pequeño de lo necesario para el glifo, lo que además provoca un desbordamiento del búfer y una escritura fuera de los límites basada en el heap. • https://bugzilla.redhat.com/show_bug.cgi?id=2112975#c0 https://security.gentoo.org/glsa/202311-14 https://security.netapp.com/advisory/ntap-20230203-0004 https://access.redhat.com/security/cve/CVE-2022-2601 https://bugzilla.redhat.com/show_bug.cgi?id=2112975 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.1EPSS: 0%CPEs: 5EXPL: 0CVE-2022-3500 – keylime: exception handling and impedance match in tornado_requests
https://notcve.org/view.php?id=CVE-2022-3500
A vulnerability was found in keylime. This security issue happens in some circumstances, due to some improperly handled exceptions, there exists the possibility that a rogue agent could create errors on the verifier that stopped attestation attempts for that host leaving it in an attested state but not verifying that anymore. Se encontró una vulnerabilidad en keylime. Este problema de seguridad ocurre en algunas circunstancias, debido a algunas excepciones manejadas incorrectamente, existe la posibilidad de que un agente deshonesto pueda crear errores en el verificador que detuviera los intentos de atestación para ese host dejándolo en un estado atestado pero sin verificarlo más. A vulnerability was found in keylime. • https://access.redhat.com/security/cve/CVE-2022-3500 https://github.com/keylime/keylime/pull/1128 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PUTHMDVFNGGVPCNPOGULMJAAFEP7MEXP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QX4XVCAUFGJ2I2NCTOKONTJGRJB2NBBT https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQH5CJRX65QYMQN5WGUKKKE3IRJBWG5Z https://bugzilla.redhat.com/show_bug.cgi?id=2135343 • CWE-248: Uncaught Exception •
CVSS: 4.6EPSS: 0%CPEs: 3EXPL: 0CVE-2022-41877 – Missing input length validation in `drive` channel in FreeRDP
https://notcve.org/view.php?id=CVE-2022-41877
FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing input length validation in `drive` channel. A malicious server can trick a FreeRDP based client to read out of bound data and send it back to the server. This issue has been addressed in version 2.9.0 and all users are advised to upgrade. Users unable to upgrade should not use the drive redirection channel - command line options `/drive`, `+drives` or `+home-drive`. • https://github.com/FreeRDP/FreeRDP/commit/6655841cf2a00b764f855040aecb8803cfc5eaba https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-pmv3-wpw4-pw5h https://lists.debian.org/debian-lts-announce/2023/11/msg00010.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UDOTAOJBCZKREZJPT6VZ25GESI5T6RBG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YGQN3OWQNHSMWKOF4D35PF5ASKNLC74B https://security.gentoo.org/glsa/202401-16 https://access.redhat • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 5.7EPSS: 0%CPEs: 3EXPL: 0CVE-2022-39318 – Division by zero in urbdrc channel in FreeRDP
https://notcve.org/view.php?id=CVE-2022-39318
FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing input validation in `urbdrc` channel. A malicious server can trick a FreeRDP based client to crash with division by zero. This issue has been addressed in version 2.9.0. All users are advised to upgrade. • https://github.com/FreeRDP/FreeRDP/commit/80adde17ddc4b596ed1dae0922a0c54ab3d4b8ea https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-387j-8j96-7q35 https://lists.debian.org/debian-lts-announce/2023/11/msg00010.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UDOTAOJBCZKREZJPT6VZ25GESI5T6RBG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YGQN3OWQNHSMWKOF4D35PF5ASKNLC74B https://security.gentoo.org/glsa/202401-16 https://access.redhat • CWE-20: Improper Input Validation CWE-369: Divide By Zero •
CVSS: 5.7EPSS: 0%CPEs: 3EXPL: 0CVE-2022-39316 – Out of bound read in FreeRDP
https://notcve.org/view.php?id=CVE-2022-39316
FreeRDP is a free remote desktop protocol library and clients. In affected versions there is an out of bound read in ZGFX decoder component of FreeRDP. A malicious server can trick a FreeRDP based client to read out of bound data and try to decode it likely resulting in a crash. This issue has been addressed in the 2.9.0 release. Users are advised to upgrade. • https://github.com/FreeRDP/FreeRDP/commit/e865c24efc40ebc52e75979c94cdd4ee2c1495b0 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5w4j-mrrh-jjrm https://lists.debian.org/debian-lts-announce/2023/11/msg00010.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UDOTAOJBCZKREZJPT6VZ25GESI5T6RBG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YGQN3OWQNHSMWKOF4D35PF5ASKNLC74B https://security.gentoo.org/glsa/202401-16 https://access.redhat • CWE-125: Out-of-bounds Read •