CVE-2022-41862 – postgresql: Client memory disclosure when connecting with Kerberos to modified server
https://notcve.org/view.php?id=CVE-2022-41862
In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client to over-read and report an error message containing uninitialized bytes. A flaw was found In PostgreSQL. A modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions, a server can cause a libpq client to over-read and report an error message containing uninitialized bytes. • https://bugzilla.redhat.com/show_bug.cgi?id=2165722 https://security.netapp.com/advisory/ntap-20230427-0002 https://www.postgresql.org/support/security/CVE-2022-41862 https://access.redhat.com/security/cve/CVE-2022-41862 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2022-3602 – X.509 Email Address 4-byte Buffer Overflow
https://notcve.org/view.php?id=CVE-2022-3602
A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution. Many platforms implement stack overflow protections which would mitigate against the risk of remote code execution. • https://github.com/colmmacc/CVE-2022-3602 https://github.com/eatscrayon/CVE-2022-3602-poc https://github.com/corelight/CVE-2022-3602 https://github.com/cybersecurityworks553/CVE-2022-3602-and-CVE-2022-3786 http://packetstormsecurity.com/files/169687/OpenSSL-Security-Advisory-20221101.html http://www.openwall.com/lists/oss-security/2022/11/01/15 http://www.openwall.com/lists/oss-security/2022/11/01/16 http://www.openwall.com/lists/oss-security/2022/11/01/17 http://www • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2019-12067
https://notcve.org/view.php?id=CVE-2019-12067
The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to cause a denial of service (NULL dereference) when the command header 'ad->cur_cmd' is null. La función ahci_commit_buf en el archivo ide/ahci.c en QEMU permite a atacantes causar una denegación de servicio (derivación de NULL) cuando el encabezado del comando "ad-)cur_cmd" es null • https://bugzilla.suse.com/show_bug.cgi?id=1145642 https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01358.html https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01487.html https://security-tracker.debian.org/tracker/CVE-2019-12067 https://security.netapp.com/advisory/ntap-20210727-0001 • CWE-476: NULL Pointer Dereference •
CVE-2019-10196
https://notcve.org/view.php?id=CVE-2019-10196
A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent passes an auth option to the Buffer constructor without proper sanitization. This could result in a Denial of Service through the usage of all available CPU resources and data exposure through an uninitialized memory leak in setups where an attacker could submit typed input to the auth parameter. Se encontró un fallo en http-proxy-agent, versiones anteriores a 2.1.0. Se detectó que http-proxy-agent pasa una opción de autenticación al constructor de Buffer sin un saneamiento apropiado. • https://bugzilla.redhat.com/show_bug.cgi?id=1567245 https://www.npmjs.com/advisories/607 • CWE-665: Improper Initialization •
CVE-2020-14312
https://notcve.org/view.php?id=CVE-2020-14312
A flaw was found in the default configuration of dnsmasq, as shipped with Fedora versions prior to 31 and in all versions Red Hat Enterprise Linux, where it listens on any interface and accepts queries from addresses outside of its local subnet. In particular, the option `local-service` is not enabled. Running dnsmasq in this manner may inadvertently make it an open resolver accessible from any address on the internet. This flaw allows an attacker to conduct a Distributed Denial of Service (DDoS) against other systems. Se encontró un fallo en la configuración predeterminada de dnsmasq, como es enviado con Fedora versiones anteriores a 31 y en todas las versiones de Red Hat Enterprise Linux, donde escucha en cualquier interfaz y acepta consultas de direcciones fuera de su subred local. • https://bugzilla.redhat.com/show_bug.cgi?id=1851342 • CWE-284: Improper Access Control •