CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 2CVE-2022-2850 – 389-ds-base: SIGSEGV in sync_repl
https://notcve.org/view.php?id=CVE-2022-2850
A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. This CVE is assigned against an incomplete fix of CVE-2021-3514. Se ha encontrado un fallo en 389-ds-base. • https://access.redhat.com/security/cve/CVE-2022-2850 https://bugzilla.redhat.com/show_bug.cgi?id=2118691 https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html • CWE-476: NULL Pointer Dereference •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15855
https://notcve.org/view.php?id=CVE-2020-15855
Two cross-site scripting vulnerabilities were fixed in Bodhi 5.6.1. En Bodhi versión 5.6.1, han sido corregidas dos vulnerabilidades de tipo cross-site scripting • https://pyup.io/packages/pypi/bodhi/changelog#5.6.1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 10EXPL: 0CVE-2022-3100 – openstack-barbican: access policy bypass via query string injection
https://notcve.org/view.php?id=CVE-2022-3100
A flaw was found in the openstack-barbican component. This issue allows an access policy bypass via a query string when accessing the API. Se encontró una falla en el componente openstack-barbican. Este problema permite omitir la política de acceso a través de una cadena de consulta al acceder a la API. • https://access.redhat.com/security/cve/CVE-2022-3100 https://bugzilla.redhat.com/show_bug.cgi?id=2125404 • CWE-305: Authentication Bypass by Primary Weakness •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-3205 – Controller: cross site scripting in automation controller ui
https://notcve.org/view.php?id=CVE-2022-3205
Cross site scripting in automation controller UI in Red Hat Ansible Automation Platform 1.2 and 2.0 where the project name is susceptible to XSS injection Se presenta un ataque de tipo un XSS en la Interfaz de Usuario del controlador de automatización en el que el nombre del proyecto es susceptible de inyección de tipo XSS • https://access.redhat.com/security/cve/CVE-2022-3205 https://bugzilla.redhat.com/show_bug.cgi?id=2120597 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 2CVE-2022-2990 – buildah: possible information disclosure and modification
https://notcve.org/view.php?id=CVE-2022-2990
An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container. Un manejo incorrecto de los grupos suplementarios en el motor de contenedores de Buildah podría conllevar a una divulgación de información confidencial o una posible modificación de datos si un atacante presenta acceso directo al contenedor afectado donde son usados los grupos suplementarios para establecer los permisos de acceso y es capaz de ejecutar un código binario en ese contenedor • https://bugzilla.redhat.com/show_bug.cgi?id=2121453 https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation https://access.redhat.com/security/cve/CVE-2022-2990 • CWE-842: Placement of User into Incorrect Group CWE-863: Incorrect Authorization •