Page 83 of 5554 results (0.014 seconds)

CVSS: 8.8EPSS: 5%CPEs: 8EXPL: 0

CVE-2022-46344 – X.Org Server ProcXIChangeProperty Numeric Truncation Information Disclosure Vulnerability

https://notcve.org/view.php?id=CVE-2022-46344

A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential information disclosure. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. Se encontró una vulnerabilidad en X.Org. Esta falla de seguridad se produce porque el controlador de la solicitud XIChangeProperty tiene problemas de validación de longitud, lo que genera lecturas de memoria fuera de los límites y una posible divulgación de información. • http://www.openwall.com/lists/oss-security/2023/12/13/1 https://access.redhat.com/security/cve/CVE-2022-46344 https://bugzilla.redhat.com/show_bug.cgi?id=2151760 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J36 • CWE-125: Out-of-bounds Read •

CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2022-3782 – keycloak: path traversal via double URL encoding

https://notcve.org/view.php?id=CVE-2022-3782

keycloak: path traversal via double URL encoding. A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field. Keycloack: Path Traversal mediante codificación de URL doble. • https://access.redhat.com/security/cve/CVE-2022-3782 https://bugzilla.redhat.com/show_bug.cgi?id=2138971 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.8EPSS: 0%CPEs: 15EXPL: 0

CVE-2022-3916 – Keycloak: session takeover with oidc offline refreshtokens

https://notcve.org/view.php?id=CVE-2022-3916

A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user. Se encontró una falla en el alcance offline_access en Keycloak. Este problema afectaría más a los usuarios de ordenadores compartidos (especialmente si las cookies no se borran), debido a la falta de validación de la sesión root y a la reutilización de los identificadores de sesión en las sesiones de autenticación de usuario y root. • https://access.redhat.com/errata/RHSA-2022:8961 https://access.redhat.com/errata/RHSA-2022:8962 https://access.redhat.com/errata/RHSA-2022:8963 https://access.redhat.com/errata/RHSA-2022:8964 https://access.redhat.com/errata/RHSA-2022:8965 https://access.redhat.com/errata/RHSA-2023:1043 https://access.redhat.com/errata/RHSA-2023:1044 https://access.redhat.com/errata/RHSA-2023:1045 https://access.redhat.com/errata/RHSA-2023:1047 https://access.redhat.com/errata/RHSA • CWE-384: Session Fixation CWE-613: Insufficient Session Expiration •

CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2022-3259 – OpenShift: Missing HTTP Strict Transport Security

https://notcve.org/view.php?id=CVE-2022-3259

Openshift 4.9 does not use HTTP Strict Transport Security (HSTS) which may allow man-in-the-middle (MITM) attacks. Openshift 4.9 no utiliza HTTP Strict Transport Security (HSTS), que puede permitir ataques de intermediario (MITM). • https://bugzilla.redhat.com/show_bug.cgi?id=2103220 https://access.redhat.com/security/cve/CVE-2022-3259 • CWE-665: Improper Initialization •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

CVE-2022-3596 – Instack-undercloud: rsync leaks information to undercloud

https://notcve.org/view.php?id=CVE-2022-3596

An information leak was found in OpenStack's undercloud. This flaw allows unauthenticated, remote attackers to inspect sensitive data after discovering the IP address of the undercloud, possibly leading to compromising private information, including administrator access credentials. Se encontró una fuga de información en la nube inferior de OpenStack. Esta falla permite a atacantes remotos no autenticados inspeccionar datos sensibles después de descubrir la dirección IP de la nube, lo que posiblemente comprometa la información privada, incluidas las credenciales de acceso del administrador. • https://access.redhat.com/errata/RHSA-2022:8897 https://access.redhat.com/security/cve/CVE-2022-3596 https://bugzilla.redhat.com/show_bug.cgi?id=2136596 • CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak') •