CVSS: 9.1EPSS: 0%CPEs: 18EXPL: 0CVE-2022-1587 – pcre2: Out-of-bounds read in get_recurse_data_length in pcre2_jit_compile.c
https://notcve.org/view.php?id=CVE-2022-1587
An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers. Se ha detectado una vulnerabilidad de lectura fuera de límites en la biblioteca PCRE2 en la función get_recurse_data_length() del archivo pcre2_jit_compile.c. Este problema afecta a las recursiones en expresiones regulares compiladas en JIT causadas por transferencias de datos duplicadas • https://bugzilla.redhat.com/show_bug.cgi?id=2077983%2C https://github.com/PCRE2Project/pcre2/commit/03654e751e7f0700693526b67dfcadda6b42c9d0 https://lists.debian.org/debian-lts-announce/2023/03/msg00014.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DWNG2NS3GINO6LQYUVC4BZLUQPJ3DYHA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXINO3KKI5DICQ45E2FKD6MKVMGJLEKJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/ • CWE-125: Out-of-bounds Read •
CVSS: 9.1EPSS: 0%CPEs: 19EXPL: 0CVE-2022-1586 – pcre2: Out-of-bounds read in compile_xclass_matchingpath in pcre2_jit_compile.c
https://notcve.org/view.php?id=CVE-2022-1586
An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT. Se ha detectado una vulnerabilidad de lectura fuera de límites en la biblioteca PCRE2 en la función compile_xclass_matchingpath() del archivo pcre2_jit_compile.c. Esto implica un problema de coincidencia de propiedades unicode en expresiones regulares compiladas en JIT. • https://bugzilla.redhat.com/show_bug.cgi?id=2077976%2C https://github.com/PCRE2Project/pcre2/commit/50a51cb7e67268e6ad417eb07c9de9bfea5cc55a%2C https://github.com/PCRE2Project/pcre2/commit/d4fa336fbcc388f89095b184ba6d99422cfc676c https://lists.debian.org/debian-lts-announce/2023/03/msg00014.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DWNG2NS3GINO6LQYUVC4BZLUQPJ3DYHA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXINO3KKI5DICQ45E2FKD6MKVMGJLEKJ https:&# • CWE-125: Out-of-bounds Read •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 1CVE-2022-1379 – URL Restriction Bypass in plantuml/plantuml
https://notcve.org/view.php?id=CVE-2022-1379
URL Restriction Bypass in GitHub repository plantuml/plantuml prior to V1.2022.5. An attacker can abuse this to bypass URL restrictions that are imposed by the different security profiles and achieve server side request forgery (SSRF). This allows accessing restricted internal resources/servers or sending requests to third party servers. Una Omisión de Restricciones de URL en el repositorio de GitHub plantuml/plantuml versiones anteriores a V1.2022.5. Un atacante puede abusar de esto para omitir las restricciones de URL impuestas por los diferentes perfiles de seguridad y lograr un ataque de tipo server side request forgery (SSRF). • https://github.com/plantuml/plantuml/commit/93e5964e5f35914f3f7b89de620c596795550083 https://huntr.dev/bounties/0d737527-86e1-41d1-9d37-b2de36bc063a https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHUE4G5CAJUD7L2QPJF6U4JYQTP7CNNL https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J4DP36G2VBOZUNQIUZ5LVJKZIVO4SDAI • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 2CVE-2022-1158 – kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region
https://notcve.org/view.php?id=CVE-2022-1158
A flaw was found in KVM. When updating a guest's page table entry, vm_pgoff was improperly used as the offset to get the page's pfn. As vaddr and vm_pgoff are controllable by user-mode processes, this flaw allows unprivileged local users on the host to write outside the userspace region and potentially corrupt the kernel, resulting in a denial of service condition. Se ha encontrado un fallo en KVM. Cuando era actualizada la entrada de la tabla de páginas de un huésped, vm_pgoff era usado incorrectamente como desplazamiento para obtener el pfn de la página. • https://bugzilla.redhat.com/show_bug.cgi?id=2069793 https://security.netapp.com/advisory/ntap-20230214-0003 https://www.openwall.com/lists/oss-security/2022/04/08/4 https://access.redhat.com/security/cve/CVE-2022-1158 • CWE-416: Use After Free •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 1CVE-2022-28919
https://notcve.org/view.php?id=CVE-2022-28919
HTMLCreator release_stable_2020-07-29 was discovered to contain a cross-site scripting (XSS) vulnerability via the function _generateFilename. Se ha detectado que HTMLCreator versión release_stable_2020-07-29, contiene una vulnerabilidad de cross-site scripting (XSS) por medio de la función _generateFilename • https://github.com/splitbrain/dokuwiki/issues/3651 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DB7BXJKFALXHURED3OMJIQ4KEDGZOOWL https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JFL5KMLTSWOHTDHURW5W6YP2DV67IQFP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZGKXK6TK27URC76FTX46Z6OLTKYIQK7E • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •