CVSS: 6.5EPSS: 6%CPEs: 1575EXPL: 2CVE-2022-40982 – hw: Intel: Gather Data Sampling (GDS) side channel vulnerability
https://notcve.org/view.php?id=CVE-2022-40982
11 Aug 2023 — Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. La exposición de información a través del estado microarquitectónico tras la ejecución transitoria en determinadas unidades de ejecución vectorial de algunos procesadores Intel(R) puede permitir a un usuario autenticado la divulgación potencial de información a través del a... • http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00828.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy CWE-1342: Information Exposure through Microarchitectural State after Transient Execution •
CVSS: 6.5EPSS: 91%CPEs: 10EXPL: 13CVE-2023-25136 – openssh: the functions order_hostkeyalgs() and list_hostkey_types() leads to double-free vulnerability
https://notcve.org/view.php?id=CVE-2023-25136
03 Feb 2023 — OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One third-party report states "remote code execution is theoretically possible." OpenSSH server (sshd) v9.1 introdujo una vulnerabilidad de doble liberación durante el manejo de "options.key_algorithms". • https://github.com/Christbowel/CVE-2023-25136 • CWE-401: Missing Release of Memory after Effective Lifetime CWE-415: Double Free •
CVSS: 5.5EPSS: 0%CPEs: 44EXPL: 0CVE-2022-36879 – kernel: xfrm_expand_policies() in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice
https://notcve.org/view.php?id=CVE-2022-36879
27 Jul 2022 — An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice. Se ha detectado un problema en el kernel de Linux versiones hasta 5.18.14. la función xfrm_expand_policies en el archivo net/xfrm/xfrm_policy.c puede causar que un refcount sea descartado dos veces A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). An error while resolving policies in xfrm_bundle_lookup causes the re... • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=f85daf0e725358be78dfd208dea5fd665d8cb901 • CWE-911: Improper Update of Reference Count •
CVSS: 7.5EPSS: 0%CPEs: 43EXPL: 0CVE-2022-1473 – Resource leakage when decoding certificates and keys
https://notcve.org/view.php?id=CVE-2022-1473
03 May 2022 — The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived process periodically decodes certificates or keys its memory usage will expand without bounds and the process might be terminated by the operating system causing a denial of service. Also traversing the empty hash table entries will take increasingly more time. Typically such long liv... • https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf • CWE-401: Missing Release of Memory after Effective Lifetime CWE-459: Incomplete Cleanup •
CVSS: 10.0EPSS: 72%CPEs: 59EXPL: 5CVE-2022-1292 – The c_rehash script allows command injection
https://notcve.org/view.php?id=CVE-2022-1292
03 May 2022 — The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). • https://github.com/alcaparra/CVE-2022-1292 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.3EPSS: 0%CPEs: 43EXPL: 0CVE-2022-1343 – OCSP_basic_verify may incorrectly verify the response signing certificate
https://notcve.org/view.php?id=CVE-2022-1343
03 May 2022 — The function `OCSP_basic_verify` verifies the signer certificate on an OCSP response. In the case where the (non-default) flag OCSP_NOCHECKS is used then the response will be positive (meaning a successful verification) even in the case where the response signing certificate fails to verify. It is anticipated that most users of `OCSP_basic_verify` will not use the OCSP_NOCHECKS flag. In this case the `OCSP_basic_verify` function will return a negative value (indicating a fatal error) in the case of a certif... • https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf • CWE-295: Improper Certificate Validation •
CVSS: 5.9EPSS: 0%CPEs: 43EXPL: 0CVE-2022-1434 – Incorrect MAC key used in the RC4-MD5 ciphersuite
https://notcve.org/view.php?id=CVE-2022-1434
03 May 2022 — The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to modify data being sent from one endpoint to an OpenSSL 3.0 recipient such that the modified data would still pass the MAC integrity check. Note that data sent from an OpenSSL 3.0 endpoint to a non-OpenSSL 3.0 endpoint will always be rejected by the recipient and the connection wil... • https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.5EPSS: 17%CPEs: 32EXPL: 8CVE-2022-0778 – Infinite loop in BN_mod_sqrt() reachable when parsing certificates
https://notcve.org/view.php?id=CVE-2022-0778
15 Mar 2022 — The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of ... • https://packetstorm.news/files/id/167344 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 77%CPEs: 28EXPL: 1CVE-2021-4044 – Invalid handling of X509_verify_cert() internal errors in libssl
https://notcve.org/view.php?id=CVE-2021-4044
14 Dec 2021 — Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error (for example out of memory). Such a negative return value is mishandled by OpenSSL and will cause an IO function (such as SSL_connect() or SSL_do_handshake()) to not indicate success and a subsequent call to SSL_get_error() to return the value SSL_ERROR_WANT_RETRY_VERIFY. This return value is only supposed to be ... • https://github.com/phirojshah/CVE-2021-4044 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.0EPSS: 0%CPEs: 18EXPL: 0CVE-2021-41617 – openssh: privilege escalation when AuthorizedKeysCommand or AuthorizedPrincipalsCommand are configured
https://notcve.org/view.php?id=CVE-2021-41617
26 Sep 2021 — sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user. sshd en OpenSSH versiones 6.2 hasta 8.x anteriores a 8.8, cuando son usadas determinadas configuraciones... • https://bugzilla.suse.com/show_bug.cgi?id=1190975 • CWE-273: Improper Check for Dropped Privileges •