CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 0CVE-2022-24884 – Trivial signature forgery in ecdsautils
https://notcve.org/view.php?id=CVE-2022-24884
ecdsautils is a tiny collection of programs used for ECDSA (keygen, sign, verify). `ecdsa_verify_[prepare_]legacy()` does not check whether the signature values `r` and `s` are non-zero. A signature consisting only of zeroes is always considered valid, making it trivial to forge signatures. Requiring multiple signatures from different public keys does not mitigate the issue: `ecdsa_verify_list_legacy()` will accept an arbitrary number of such forged signatures. Both the `ecdsautil verify` CLI command and the libecdsautil library are affected. • https://github.com/freifunk-gluon/ecdsautils/commit/1d4b091abdf15ad7b2312535b5b95ad70f6dbd08 https://github.com/freifunk-gluon/ecdsautils/commit/39b6d0a77414fd41614953a0e185c4eefa2f88ad https://github.com/freifunk-gluon/ecdsautils/security/advisories/GHSA-qhcg-9ffp-78pw https://lists.debian.org/debian-lts-announce/2022/05/msg00007.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4AKQH5WCBMJA3ODCSNERY6HVX4BX3ITG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/messa • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 2CVE-2022-27337 – poppler: A logic error in the Hints::Hints function can cause denial of service
https://notcve.org/view.php?id=CVE-2022-27337
A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. Un error lógico en la función Hints::Hints de Poppler versión v22.03.0, permite a atacantes causar una denegación de servicio (DoS) por medio de un archivo PDF diseñado A logic error was found in Popplers' Hints::Hints function in the Hints.cc file. This flaw allows an attacker to trick a user into opening a crafted PDf file into the pdftops utility, which causes the program to hang for a long time, leading to a denial of service. • https://gitlab.freedesktop.org/poppler/poppler/-/issues/1230 https://gitlab.freedesktop.org/poppler/poppler/-/issues/1230#note_1372177 https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KOTDUXJOKDYO4I7MKHLT5NBGTN5E7FHQ https://www.debian.org/security/2022/dsa-5224 https://access.redhat.com/security/cve/CVE-2022-27337 https://bugzilla.redhat.com/show_bug.cgi?id=2087190 • CWE-1173: Improper Use of Validation Framework •
CVSS: 9.0EPSS: 0%CPEs: 6EXPL: 0CVE-2022-29500
https://notcve.org/view.php?id=CVE-2022-29500
SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Information Disclosure. SchedMD Slurm versiones 21.08.x hasta 20.11.x, presenta un Control de Acceso Incorrecto que conlleva a una Divulgación de Información • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HXLOI3ERTKMZR2KWNRN7OR5S55VPWENH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y6B7OWVNVCJUDE6VDWGCBUWMRCRETAO3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YBI4NFDGGMBKWG4EMSZL5UHATDCLPCQW https://lists.schedmd.com/pipermail/slurm-announce https://www.debian.org/security/2022/dsa-5166 https://www.schedmd.com/news.php https://www.schedmd.com/news. •
CVSS: 9.0EPSS: 0%CPEs: 6EXPL: 0CVE-2022-29501
https://notcve.org/view.php?id=CVE-2022-29501
SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges and code execution. SchedMD Slurm versiones 21.08.x hasta 20.11.x , presenta un Control de Acceso Incorrecto que conlleva a una Escalada de Privilegios y ejecución de código • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HXLOI3ERTKMZR2KWNRN7OR5S55VPWENH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y6B7OWVNVCJUDE6VDWGCBUWMRCRETAO3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YBI4NFDGGMBKWG4EMSZL5UHATDCLPCQW https://lists.schedmd.com/pipermail/slurm-announce https://www.debian.org/security/2022/dsa-5166 https://www.schedmd.com/news.php https://www.schedmd.com/news. •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-29502
https://notcve.org/view.php?id=CVE-2022-29502
SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges. SchedMD Slurm versiones 21.08.x hasta 20.11.x, presenta un Control de Acceso Incorrecto que conlleva a una Escalada de Privilegios • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HXLOI3ERTKMZR2KWNRN7OR5S55VPWENH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y6B7OWVNVCJUDE6VDWGCBUWMRCRETAO3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YBI4NFDGGMBKWG4EMSZL5UHATDCLPCQW https://lists.schedmd.com/pipermail/slurm-announce https://www.schedmd.com/news.php https://www.schedmd.com/news.php?id=260 •