CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 1CVE-2022-2568 – Ansible: Logic flaw leads to privilage escalation
https://notcve.org/view.php?id=CVE-2022-2568
17 Aug 2022 — A privilege escalation flaw was found in the Ansible Automation Platform. This flaw allows a remote authenticated user with 'change user' permissions to modify the account settings of the superuser account and also remove the superuser privileges. Se ha encontrado un fallo de escalada de privilegios en Ansible Automation Platform. Este fallo permite a un usuario remoto autenticado con permisos de tipo "change user" modificar la configuración de la cuenta de superusuario y también eliminar los privilegios de... • https://bugzilla.redhat.com/show_bug.cgi?id=2108653 • CWE-269: Improper Privilege Management •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-23238
https://notcve.org/view.php?id=CVE-2022-23238
09 Aug 2022 — Linux deployments of StorageGRID (formerly StorageGRID Webscale) versions 11.6.0 through 11.6.0.2 deployed with a Linux kernel version less than 4.7.0 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to view limited metrics information and modify alert email recipients and content. Las implantaciones en Linux de StorageGRID (anteriormente conocido como StorageGRID Webscale) versiones 11.6.0 hasta 11.6.0.2 implantadas con una versión del kernel de Linux inferior a 4.7.0 ... • https://security.netapp.com/advisory/NTAP-20220808-0001 •
CVSS: 6.7EPSS: 0%CPEs: 31EXPL: 0CVE-2022-21505 – kernel: lockdown bypass using IMA
https://notcve.org/view.php?id=CVE-2022-21505
09 Aug 2022 — In the linux kernel, if IMA appraisal is used with the "ima_appraise=log" boot param, lockdown can be defeated with kexec on any machine when Secure Boot is disabled or unavailable. IMA prevents setting "ima_appraise=log" from the boot param when Secure Boot is enabled, but this does not cover cases where lockdown is used without Secure Boot. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity, Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). An authentication bypass flaw ... • https://git.kernel.org/linus/543ce63b664e2c2f9533d089a4664b559c3e6b5b • CWE-305: Authentication Bypass by Primary Weakness CWE-346: Origin Validation Error •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-2509 – gnutls: Double free during gnutls_pkcs7_verify
https://notcve.org/view.php?id=CVE-2022-2509
01 Aug 2022 — A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function. Una vulnerabilidad encontrada en gnutls. Este fallo de seguridad es producida por un error de doble liberación durante la verificación de firmas pkcs7 en la función gnutls_pkcs7_verify A vulnerability was found in gnutls. This issue is due to a double-free error that occurs during the verification of pkcs7 signatures in the gnutls_pkcs7_ve... • https://access.redhat.com/security/cve/CVE-2022-2509 • CWE-415: Double Free •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 1CVE-2022-2153 – kernel: KVM: NULL pointer dereference in kvm_irq_delivery_to_apic_fast()
https://notcve.org/view.php?id=CVE-2022-2153
28 Jul 2022 — A flaw was found in the Linux kernel’s KVM when attempting to set a SynIC IRQ. This issue makes it possible for a misbehaving VMM to write to SYNIC/STIMER MSRs, causing a NULL pointer dereference. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service. Se ha encontrado un fallo en el KVM del kernel de Linux cuando es intentado establecer una IRQ SynIC. Este problema hace posible a un VMM que sea comportad... • https://bugzilla.redhat.com/show_bug.cgi?id=2069736 • CWE-476: NULL Pointer Dereference •
CVSS: 6.4EPSS: 77%CPEs: 12EXPL: 0CVE-2022-35653
https://notcve.org/view.php?id=CVE-2022-35653
25 Jul 2022 — A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website to steal potentially sensitive information, change appearance of the web page, can perform phishing and drive-by-download attacks. This vulnerability does not impact authenticated... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-72299 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 12EXPL: 0CVE-2022-35651
https://notcve.org/view.php?id=CVE-2022-35651
25 Jul 2022 — A stored XSS and blind SSRF vulnerability was found in Moodle, occurs due to insufficient sanitization of user-supplied data in the SCORM track details. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website to steal potentially sensitive information, change appearance of the web page, can perform phishing and drive-by-download attacks. Se encontró una vulnerabilidad de tipo XSS almacenado y SSRF... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-71921 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 14EXPL: 1CVE-2021-4204 – kernel: improper input validation may lead to privilege escalation
https://notcve.org/view.php?id=CVE-2021-4204
21 Jul 2022 — An out-of-bounds (OOB) memory access flaw was found in the Linux kernel's eBPF due to an Improper Input Validation. This flaw allows a local attacker with a special privilege to crash the system or leak internal information. Se ha encontrado un fallo de acceso a memoria fuera de límites (OOB) en el eBPF del kernel de Linux debido a una comprobación de entrada inapropiada. Este fallo permite a un atacante local con un privilegio especial bloquear el sistema o filtrar información interna. An update that solve... • https://github.com/tr3ee/CVE-2021-4204 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.6EPSS: 0%CPEs: 7EXPL: 0CVE-2022-2393 – pki-core: When using the caServerKeygen_DirUserCert profile, user can get certificates for other UIDs by entering name in Subject field
https://notcve.org/view.php?id=CVE-2022-2393
14 Jul 2022 — A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not be able to decrypt message content. Se ha encontrado un fallo en pki-core, que podría permitir a un usuario conseguir un certificado para otra identidad de usuario cuando la autenticación basada en el directorio está... • https://bugzilla.redhat.com/show_bug.cgi?id=2101046 • CWE-285: Improper Authorization CWE-287: Improper Authentication •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-2211 – libguestfs: Buffer overflow in get_keys leads to DoS
https://notcve.org/view.php?id=CVE-2022-2211
12 Jul 2022 — A vulnerability was found in libguestfs. This issue occurs while calculating the greatest possible number of matching keys in the get_keys() function. This flaw leads to a denial of service, either by mistake or malicious actor. Se ha encontrado una vulnerabilidad en libguestfs. Este problema es producido al calcular el mayor número posible de claves coincidentes en la función get_keys(). • https://access.redhat.com/security/cve/CVE-2022-2211 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •