CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-3560 – pesign: Local privilege escalation on pesign systemd service
https://notcve.org/view.php?id=CVE-2022-3560
02 Feb 2023 — A flaw was found in pesign. The pesign package provides a systemd service used to start the pesign daemon. This service unit runs a script to set ACLs for /etc/pki/pesign and /run/pesign directories to grant access privileges to users in the 'pesign' group. However, the script doesn't check for symbolic links. This could allow an attacker to gain access to privileged files and directories via a path traversal attack. • https://bugzilla.redhat.com/show_bug.cgi?id=2135420#c0 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 2CVE-2022-4285 – binutils: NULL pointer dereference in _bfd_elf_get_symbol_version_string leads to segfault
https://notcve.org/view.php?id=CVE-2022-4285
27 Jan 2023 — An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599. Se encontró una falla de acceso ilegal a la memoria en el paquete binutils. El parseo de un archivo ELF que contiene información de versión de símbolo corrupta puede resultar en una denegación de servicio. • https://bugzilla.redhat.com/show_bug.cgi?id=2150768 • CWE-476: NULL Pointer Dereference •
CVSS: 9.0EPSS: 0%CPEs: 14EXPL: 2CVE-2022-4254 – sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters
https://notcve.org/view.php?id=CVE-2022-4254
24 Jan 2023 — sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters A vulnerability was found in SSSD, in the libsss_certmap functionality. PKINIT enables a client to authenticate to the KDC using an X.509 certificate and the corresponding private key, rather than a passphrase or keytab. FreeIPA uses mapping rules to map a certificate presented during a PKINIT authentication request to the corresponding principal. The mapping filter is vulnerable to LDAP filter injection. The search result can be i... • https://access.redhat.com/security/cve/CVE-2022-4254 • CWE-90: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-4283 – X.Org Server XkbCopyNames Double Free Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-4283
14 Dec 2022 — A vulnerability was found in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests.. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. Se encontró una vulnerabilidad en X.Org. Este fallo de seguridad se produce porque la función XkbCopyNames dejó un puntero colgante a ... • https://access.redhat.com/security/cve/CVE-2022-4283 • CWE-416: Use After Free •
CVSS: 9.0EPSS: 1%CPEs: 8EXPL: 0CVE-2022-46340 – X.Org Server XTestFakeInput Type Confusion Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-46340
14 Dec 2022 — A vulnerability was found in X.Org. This security flaw occurs becuase the swap handler for the XTestFakeInput request of the XTest extension may corrupt the stack if GenericEvents with lengths larger than 32 bytes are sent through a the XTestFakeInput request. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. This issue does not affect systems where client and server use the same byte order. Se encon... • https://access.redhat.com/security/cve/CVE-2022-46340 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.0EPSS: 1%CPEs: 8EXPL: 0CVE-2022-46341 – X.Org Server ProcXIPassiveUngrabDevice Improper Validation of Array Index Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-46341
14 Dec 2022 — A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIPassiveUngrab request accesses out-of-bounds memory when invoked with a high keycode or button code. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. Se encontró una vulnerabilidad en X.Org. Esta falla de seguridad se produce porque el controlador de la solicitud XIPassiveUngrab accede a la memoria fuera de l... • https://access.redhat.com/security/cve/CVE-2022-46341 • CWE-787: Out-of-bounds Write •
CVSS: 9.0EPSS: 0%CPEs: 8EXPL: 0CVE-2022-46342 – X.Org Server XvdiSelectVideoNotify Use-After-Free Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-46342
14 Dec 2022 — A vulnerability was found in X.Org. This security flaw occurs because the handler for the XvdiSelectVideoNotify request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X se Se encontró una vulnerabilidad en X.Org. Este fallo de seguridad se produce porque el controlador de la solicitud XvdiSelectVideoNotify puede escribir en la memoria una vez liberada. Este problema puede provocar una elevación de privilegios locales en sistemas donde X se... • https://access.redhat.com/security/cve/CVE-2022-46342 • CWE-416: Use After Free •
CVSS: 9.0EPSS: 1%CPEs: 8EXPL: 0CVE-2022-46343 – X.Org Server ScreenSaverSetAttributes Use-After-Free Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-46343
14 Dec 2022 — A vulnerability was found in X.Org. This security flaw occurs because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. Se encontró una vulnerabilidad en X.Org. Este fallo de seguridad se produce porque el controlador de la solicitud ScreenSaverSetAttributes puede escribir en la memoria una vez liberada.... • https://access.redhat.com/security/cve/CVE-2022-46343 • CWE-416: Use After Free •
CVSS: 9.0EPSS: 0%CPEs: 8EXPL: 0CVE-2022-46344 – X.Org Server ProcXIChangeProperty Numeric Truncation Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-46344
14 Dec 2022 — A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential information disclosure. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. Se encontró una vulnerabilidad en X.Org. Esta falla de seguridad se produce porque el controlador de la solicitud XIChangeProper... • http://www.openwall.com/lists/oss-security/2023/12/13/1 • CWE-125: Out-of-bounds Read •
CVSS: 6.8EPSS: 0%CPEs: 15EXPL: 0CVE-2022-3916 – Keycloak: session takeover with oidc offline refreshtokens
https://notcve.org/view.php?id=CVE-2022-3916
13 Dec 2022 — A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user. Se encontró una falla en el alcance offline_access en Keyclo... • https://access.redhat.com/errata/RHSA-2022:8961 • CWE-384: Session Fixation CWE-613: Insufficient Session Expiration •