CVSS: 7.8EPSS: 87%CPEs: 9EXPL: 8CVE-2022-3602 – X.509 Email Address 4-byte Buffer Overflow
https://notcve.org/view.php?id=CVE-2022-3602
01 Nov 2022 — A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash... • https://github.com/colmmacc/CVE-2022-3602 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-1632
https://notcve.org/view.php?id=CVE-2022-1632
01 Sep 2022 — An Improper Certificate Validation attack was found in Openshift. A re-encrypt Route with destinationCACertificate explicitly set to the default serviceCA skips internal Service TLS certificate validation. This flaw allows an attacker to exploit an invalid certificate, resulting in a loss of confidentiality. Se ha encontrado un ataque de comprobación inapropiada de certificados en Openshift. Una ruta de re-encriptación con destinationCACertificate explícitamente establecido en el serviceCA por defecto omite... • https://bugzilla.redhat.com/show_bug.cgi?id=2081181 • CWE-295: Improper Certificate Validation •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 2CVE-2022-1354 – libtiff: heap-buffer-overflow in TIFFReadRawDataStriped() in tiffinfo.c
https://notcve.org/view.php?id=CVE-2022-1354
31 Aug 2022 — A heap buffer overflow flaw was found in Libtiffs' tiffinfo.c in TIFFReadRawDataStriped() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffinfo tool, triggering a heap buffer overflow issue and causing a crash that leads to a denial of service. Se ha encontrado un fallo de desbordamiento del búfer de la pila en el archivo tiffinfo.c de Libtiffs, en la función TIFFReadRawDataStriped(). Este defecto permite a un atacante pasar un archivo TIFF diseñado a la herramienta tiffinfo, de... • https://access.redhat.com/security/cve/CVE-2022-1354 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 6.6EPSS: 0%CPEs: 10EXPL: 2CVE-2022-1355 – libtiff: stack-buffer-overflow in tiffcp.c in main()
https://notcve.org/view.php?id=CVE-2022-1355
31 Aug 2022 — A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffcp tool, triggering a stack buffer overflow issue, possibly corrupting the memory, and causing a crash that leads to a denial of service. Se ha encontrado un fallo de desbordamiento del búfer de la pila en la función main() del archivo tiffcp.c de Libtiffs. Este defecto permite a un atacante pasar un archivo TIFF diseñado a la herramienta tiffcp, desencadenando... • https://access.redhat.com/security/cve/CVE-2022-1355 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 6.4EPSS: 0%CPEs: 6EXPL: 1CVE-2021-35937 – rpm: TOCTOU race in checks for unsafe symlinks
https://notcve.org/view.php?id=CVE-2021-35937
25 Aug 2022 — A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se encontró una vulnerabilidad de condición de carrera en rpm. Un usuario local no privilegiado podría usar este fallo para omitir las comprobaciones introducidas en respuest... • https://access.redhat.com/security/cve/CVE-2021-35937 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 6.7EPSS: 0%CPEs: 5EXPL: 1CVE-2021-35938 – rpm: races with chown/chmod/capabilities calls during installation
https://notcve.org/view.php?id=CVE-2021-35938
25 Aug 2022 — A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se ha encontrado un problema de enlaces simbólicos en rpm. • https://access.redhat.com/security/cve/CVE-2021-35938 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 3.2EPSS: 0%CPEs: 11EXPL: 2CVE-2020-14394 – Ubuntu Security Notice USN-6567-2
https://notcve.org/view.php?id=CVE-2020-14394
17 Aug 2022 — An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block (TRB) Ring. This flaw allows a privileged guest user to hang the QEMU process on the host, resulting in a denial of service. Se ha encontrado un fallo de bucle infinito en la emulación del controlador USB xHCI de QEMU mientras es calculada la longitud del anillo de petición de transferencia (TRB). Este fallo permite a un usuario invitado privilegiado colgar el proceso de QEMU... • https://bugzilla.redhat.com/show_bug.cgi?id=1908004 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-1949
https://notcve.org/view.php?id=CVE-2022-1949
01 Jun 2022 — An access control bypass vulnerability found in 389-ds-base. That mishandling of the filter that would yield incorrect results, but as that has progressed, can be determined that it actually is an access control bypass. This may allow any remote unauthenticated user to issue a filter that allows searching for database items they do not have access to, including but not limited to potentially userPassword hashes and other sensitive data. Una vulnerabilidad de omisión de control de acceso encontrada en 389-ds... • https://bugzilla.redhat.com/show_bug.cgi?id=2091781 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 6.9EPSS: 0%CPEs: 6EXPL: 0CVE-2022-1789 – kernel: KVM: NULL pointer dereference in kvm_mmu_invpcid_gva
https://notcve.org/view.php?id=CVE-2022-1789
31 May 2022 — With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer dereference. Con shadow paging habilitada, la instrucción INVPCID resulta en una llamada a kvm_mmu_invpcid_gva. Si INVPCID es ejecutado con CR0.PG=0, la llamada de retorno invlpg no es establecida y el resultado es una desreferencia de puntero NULL A flaw was found in KVM. With shadow paging enabled if INVPCID is e... • https://bugzilla.redhat.com/show_bug.cgi?id=1832397 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2022-1927 – Buffer Over-read in vim/vim
https://notcve.org/view.php?id=CVE-2022-1927
29 May 2022 — Buffer Over-read in GitHub repository vim/vim prior to 8.2. Una lectura excesiva del Búfer en el repositorio de GitHub vim/vim versiones anteriores a 8.2 A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to a buffer over-read vulnerability in the utf_ptr2char function. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. Red Hat Advanced Cluster Management for Kubernetes 2.6.0 images Red Hat Advanced Cluster Management f... • http://seclists.org/fulldisclosure/2022/Oct/28 • CWE-125: Out-of-bounds Read CWE-126: Buffer Over-read •