CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2022-27942
https://notcve.org/view.php?id=CVE-2022-27942
tcpprep in Tcpreplay 4.4.1 has a heap-based buffer over-read in parse_mpls in common/get.c. tcpprep en Tcpreplay versión 4.4.1 presenta una lectura excesiva de búfer en la región heap de la memoria en la función parse_mpls en el archivo common/get.c • https://github.com/appneta/tcpreplay/issues/719 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5B75AFRJUGOYHCFG2ZV2JKSUPA6MSCT5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ECRCFJ6X3IVB7BT4KS6AHQMSL532YXYD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWRZO7BG6DHA5NAC3COB45WFXLYRIERC https://security.gentoo.org/glsa/202210-08 • CWE-125: Out-of-bounds Read •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-27920
https://notcve.org/view.php?id=CVE-2022-27920
libkiwix 10.0.0 and 10.0.1 allows XSS in the built-in webserver functionality via the search suggestions URL parameter. This is fixed in 10.1.0. libkiwix versiones 10.0.0 y 10.0.1, permite una vulnerabilidad de tipo XSS en la funcionalidad del servidor web integrado por medio del parámetro URL de sugerencias de búsqueda. Esto ha sido corregido en versión 10.1.0 • https://github.com/kiwix/libkiwix/issues/728 https://github.com/kiwix/libkiwix/pull/721 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KD4KX5N2PGMIOQR2IZWEUTZCCTPWU3EJ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 33EXPL: 5CVE-2022-0995 – Watch Queue Out-Of-Bounds Write
https://notcve.org/view.php?id=CVE-2022-0995
An out-of-bounds (OOB) memory write flaw was found in the Linux kernel’s watch_queue event notification subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local user to gain privileged access or cause a denial of service on the system. Se encontró un fallo de escritura en memoria fuera de límites (OOB) en el subsistema de notificación de eventos watch_queue del kernel de Linux. este fallo puede sobrescribir partes del estado del kernel, permitiendo potencialmente a un usuario local conseguir acceso privilegiado o causar una denegación de servicio en el sistema The Linux watch_queue filter suffers from an out of bounds write vulnerability. • https://github.com/Bonfee/CVE-2022-0995 https://github.com/1nzag/CVE-2022-0995 https://github.com/AndreevSemen/CVE-2022-0995 http://packetstormsecurity.com/files/166770/Linux-watch_queue-Filter-Out-Of-Bounds-Write.html http://packetstormsecurity.com/files/166815/Watch-Queue-Out-Of-Bounds-Write.html https://bugzilla.redhat.com/show_bug.cgi?id=2063786 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=93ce93587d36493f2f86921fa79921b3cba63fbb https://security.netapp.com • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-0983
https://notcve.org/view.php?id=CVE-2022-0983
An SQL injection risk was identified in Badges code relating to configuring criteria. Access to the relevant capability was limited to teachers and managers by default. Se identificó un riesgo de inyección SQL en el código deBadges relacionado con la configuración de criterios. El acceso a la capacidad correspondiente estaba limitado por defecto a los profesores y administradores • https://bugzilla.redhat.com/show_bug.cgi?id=2064119 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G4GRMWBGHOJMFXMTORECQNULJK7ZJJ6Y • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 0CVE-2022-0500 – kernel: Linux ebpf logic vulnerability leads to critical memory read and write gaining root privileges
https://notcve.org/view.php?id=CVE-2022-0500
A flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD, leading to a possible out-of-bounds memory write in the Linux kernel’s BPF subsystem due to the way a user loads BTF. This flaw allows a local user to crash or escalate their privileges on the system. Se ha encontrado un fallo en el uso irrestricto de eBPF por parte de BPF_BTF_LOAD, que conlleva una posible escritura de memoria fuera de los límites en el subsistema BPF del kernel de Linux debido a la forma en que un usuario carga BTF. este fallo permite a un usuario local bloquear o escalar sus privilegios en el sistema • https://bugzilla.redhat.com/show_bug.cgi?id=2044578 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=20b2aff4bc15bda809f994761d5719827d66c0b4 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=216e3cd2f28dbbf1fe86848e0e29e6693b9f0a20 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=34d3a78c681e8e7844b43d1a2f4671a04249c821 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/? • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •