CVSS: 5.8EPSS: 0%CPEs: 10EXPL: 1CVE-2023-21971
https://notcve.org/view.php?id=CVE-2023-21971
18 Apr 2023 — Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.32 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) o... • https://github.com/Avento/CVE-2023-21971_Analysis •
CVSS: 4.4EPSS: 0%CPEs: 3EXPL: 0CVE-2023-21824
https://notcve.org/view.php?id=CVE-2023-21824
17 Jan 2023 — Vulnerability in the Oracle Communications BRM - Elastic Charging Engine product of Oracle Communications Applications (component: Customer, Config, Pricing Manager). Supported versions that are affected are 12.0.0.3.0-12.0.0.7.0. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Communications BRM - Elastic Charging Engine executes to compromise Oracle Communications BRM - Elastic Charging Engine. Successful attacks of this vulnerability can resu... • https://www.oracle.com/security-alerts/cpujan2023.html •
CVSS: 9.8EPSS: 94%CPEs: 97EXPL: 82CVE-2022-22965 – Spring Framework JDK 9+ Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-22965
01 Apr 2022 — A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it. Una aplicación Spring MVC o Spring WebFlux que es ejecutada en JDK 9+ puede ser ... • https://packetstorm.news/files/id/167011 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 0CVE-2022-0322 – kernel: DoS in sctp_addto_chunk in net/sctp/sm_make_chunk.c
https://notcve.org/view.php?id=CVE-2022-0322
25 Mar 2022 — A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS). Se ha encontrado un fallo en la función sctp_make_strreset_req en el archivo net/sctp/sm_make_chunk.c en el protocolo de red SCTP en el kernel de Linux con un acceso de privilegio de usuario local. En este fallo, un in... • https://bugzilla.redhat.com/show_bug.cgi?id=2042822 • CWE-681: Incorrect Conversion between Numeric Types CWE-704: Incorrect Type Conversion or Cast •
CVSS: 8.0EPSS: 0%CPEs: 26EXPL: 0CVE-2021-4157 – kernel: Buffer overwrite in decode_nfs_fh function
https://notcve.org/view.php?id=CVE-2021-4157
25 Mar 2022 — An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could potentially use this flaw to crash the system or escalate privileges on the system. Se encontró un fallo de escritura fuera de los límites de la memoria (1 o 2 bytes de memoria) en el subsistema NFS del kernel de Linux en la forma en que los usuarios usan el mirroring (replicación de archivos con ... • https://bugzilla.redhat.com/show_bug.cgi?id=2034342 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 0%CPEs: 27EXPL: 1CVE-2021-4203 – kernel: Race condition in races in sk_peer_pid and sk_peer_cred accesses
https://notcve.org/view.php?id=CVE-2021-4203
25 Mar 2022 — A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information. Se ha encontrado un fallo de lectura de uso de memoria previamente liberada en la función sock_getsockopt() en el archivo net/core/sock.c debido a la carrera de SO_PEERCRED y SO_PEERGROUPS con listen() (y connect()) en el kernel de Lin... • https://bugs.chromium.org/p/project-zero/issues/detail?id=2230&can=7&q=modified-after%3Atoday-30&sort=-modified&colspec=ID%20Type%20Status%20Priority%20Milestone%20Owner%20Summary%20Modified%20Cve&cells=tiles&redir=1 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 0CVE-2021-4197 – kernel: cgroup: Use open-time creds and namespace for migration perm checks
https://notcve.org/view.php?id=CVE-2021-4197
22 Mar 2022 — An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system. Se encontró un fallo de escritura no privilegiado en el manejador de archivos en el subsi... • https://bugzilla.redhat.com/show_bug.cgi?id=2035652 • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 54EXPL: 3CVE-2022-1011 – kernel: FUSE allows UAF reads of write() buffers, allowing theft of (partial) /etc/shadow hashes
https://notcve.org/view.php?id=CVE-2022-1011
18 Mar 2022 — A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation. Se ha encontrado un fallo de uso después de libre en el sistema de archivos FUSE del kernel de Linux en la forma en que un usuario activa write(). Este defecto permite a un usuario local obtener acceso no autorizado a los datos del sistema de archivos FUSE, lo que resulta en una... • https://packetstorm.news/files/id/166772 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 77EXPL: 2CVE-2020-36518 – jackson-databind: denial of service via a large depth of nested objects
https://notcve.org/view.php?id=CVE-2020-36518
11 Mar 2022 — jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects. jackson-databind versiones anteriores a 2.13.0, permite una excepción Java StackOverflow y una denegación de servicio por medio de una gran profundidad de objetos anidados A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects. Red Hat JBoss Enterprise Appli... • https://github.com/ghillert/boot-jackson-cve • CWE-400: Uncontrolled Resource Consumption CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 458EXPL: 0CVE-2022-0001 – hw: cpu: intel: Branch History Injection (BHI)
https://notcve.org/view.php?id=CVE-2022-0001
09 Mar 2022 — Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. La compartición no transparente de selectores de predicción de rama entre contextos en algunos procesadores Intel(R) puede permitir que un usuario autorizado permita potencialmente una divulgación de información por medio del acceso local A flaw was found in hw. The Branch History Injection (BHI) describes a specific fo... • http://www.openwall.com/lists/oss-security/2022/03/18/2 •