CVSS: 7.8EPSS: 0%CPEs: 19EXPL: 0CVE-2022-1882 – kernel: use-after-free in free_pipe_info() could lead to privilege escalation
https://notcve.org/view.php?id=CVE-2022-1882
A use-after-free flaw was found in the Linux kernel’s pipes functionality in how a user performs manipulations with the pipe post_one_notification() after free_pipe_info() that is already called. This flaw allows a local user to crash or potentially escalate their privileges on the system. Se ha encontrado un fallo de uso después de libre en la funcionalidad de tuberías del kernel de Linux en la forma en que un usuario realiza manipulaciones con la tubería post_one_notification() después de free_pipe_info() que ya ha sido llamada. Este defecto permite a un usuario local bloquear o potencialmente escalar sus privilegios en el sistema • https://bugzilla.redhat.com/show_bug.cgi?id=2089701 https://lore.kernel.org/lkml/20220507115605.96775-1-tcs.kernel%40gmail.com/T https://security.netapp.com/advisory/ntap-20220715-0002 https://access.redhat.com/security/cve/CVE-2022-1882 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 26EXPL: 0CVE-2022-1678
https://notcve.org/view.php?id=CVE-2022-1678
An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference in TCP pacing can lead to memory/netns leak, which can be used by remote clients. Se ha detectado un problema en el Kernel de Linux de la 4.18 a 4.19, una actualización inapropiada de la referencia sock en el paso TCP puede conllevar a una pérdida de memoria/netns, que puede ser usada por clientes remotos • https://anas.openanolis.cn/cves/detail/CVE-2022-1678 https://anas.openanolis.cn/errata/detail/ANSA-2022:0143 https://bugzilla.openanolis.cn/show_bug.cgi?id=61 https://gitee.com/anolis/cloud-kernel/commit/bed537da691b https://github.com/torvalds/linux/commit/0a70f118475e037732557796accd0878a00fc25a https://lore.kernel.org/all/20200602080425.93712-1-kerneljasonxing%40gmail.com https://security.netapp.com/advisory/ntap-20220715-0001 • CWE-911: Improper Update of Reference Count •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2022-28948 – golang-gopkg-yaml: crash when attempting to deserialize invalid input
https://notcve.org/view.php?id=CVE-2022-28948
An issue in the Unmarshal function in Go-Yaml v3 causes the program to crash when attempting to deserialize invalid input. Un problema en la función Unmarshal de Go-Yaml versión v3, causa el bloqueo del programa cuando intenta de serializar una entrada no válida A flaw was found in the Unmarshal function in Go-Yaml. This vulnerability results in program crashes when attempting to convert (or deserialize) invalid input data, potentially impacting system stability and reliability. • https://github.com/go-yaml/yaml/issues/666 https://security.netapp.com/advisory/ntap-20220923-0006 https://access.redhat.com/security/cve/CVE-2022-28948 https://bugzilla.redhat.com/show_bug.cgi?id=2088748 • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 0CVE-2022-22976 – springframework: BCrypt skips salt rounds for work factor of 31
https://notcve.org/view.php?id=CVE-2022-22976
Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability. When using the BCrypt class with the maximum work factor (31), the encoder does not perform any salt rounds, due to an integer overflow error. The default settings are not affected by this CVE. Spring Security versiones 5.5.x anteriores a 5.5.7, 5.6.x anteriores a 5.6.4 y versiones anteriores no soportadas, contienen una vulnerabilidad de desbordamiento de enteros. Cuando es usada la clase BCrypt con el máximo factor de trabajo (31), el codificador no lleva a cabo ninguna ronda salt, debido a un error de desbordamiento de enteros. • https://security.netapp.com/advisory/ntap-20220707-0003 https://tanzu.vmware.com/security/cve-2022-22976 https://www.oracle.com/security-alerts/cpujul2022.html https://access.redhat.com/security/cve/CVE-2022-22976 https://bugzilla.redhat.com/show_bug.cgi?id=2087214 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0CVE-2022-1183 – Destroying a TLS session early causes assertion failure
https://notcve.org/view.php?id=CVE-2022-1183
On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Vulnerable configurations are those that include a reference to http within the listen-on statements in their named.conf. TLS is used by both DNS over TLS (DoT) and DNS over HTTPS (DoH), but configurations using DoT alone are unaffected. Affects BIND 9.18.0 -> 9.18.2 and version 9.19.0 of the BIND 9.19 development branch. En configuraciones vulnerables, el demonio nombrado puede, en algunas circunstancias, terminar con un fallo de aserción. • https://kb.isc.org/docs/cve-2022-1183 https://security.netapp.com/advisory/ntap-20220707-0002 • CWE-617: Reachable Assertion •