Report A 2022-10-18 11 35 05

a
October 18, 2022, 11:35 am

a
Generated: October 18, 2022, 11:35 am

Report date: Items period before October 18, 2022, 11:35 am
Description:
CONTENTS
vulnerabilidades ........................................................................................................................ 3
pandorafms.com 2
a
vulnerabilidades
Agent Module Date Agent Module Date CVE Description Score Link Packages
A flaw was found in the way samba implemented SMB1

authentication. An attacker could use this flaw to retrieve
koldo_software vulnerabilidades 2022-10-18 CVE-2016-2124 5.9 https://nvd.nist.gov/vuln/detail/CVE-2016-2124 libsmbclient,libwbclient,samba-client-libs,samba-common,samba-common-libs
the plaintext password sent over the wire even if Kerberos
authentication was required.
Possible cross-site scripting vulnerability in libxml after
koldo_software vulnerabilidades 2022-10-18 CVE-2016-3709 6.1 https://nvd.nist.gov/vuln/detail/CVE-2016-3709 libxml2 Affected no
commit 960f0e2.
libarchive 3.3.2 allows remote attackers to cause a denial
of service (xml_data heap-based buffer over-read and
koldo_software vulnerabilidades 2022-10-18 CVE-2017-14166 application crash) via a crafted xar archive, related to the 6.5 https://nvd.nist.gov/vuln/detail/CVE-2017-14166 libarchive Affected no
mishandling of empty strings in the atol8 function in
archive_read_support_format_xar.c.
An out-of-bounds read flaw exists in parse_file_info in
archive_read_support_format_iso9660.c in libarchive 3.3.2
koldo_software vulnerabilidades 2022-10-18 CVE-2017-14501 6.5 https://nvd.nist.gov/vuln/detail/CVE-2017-14501 libarchive Affected no
when extracting a specially crafted iso9660 iso file, related
to archive_read_format_iso9660_read_header.
An issue was discovered in cp-demangle.c in GNU
libiberty, as distributed in GNU Binutils 2.31. There is a
stack consumption vulnerability resulting from infinite
koldo_software vulnerabilidades 2022-10-18 CVE-2018-18700 recursion in the functions d_name(), d_encoding(), and 5.5 https://nvd.nist.gov/vuln/detail/CVE-2018-18700 binutils Affected no
d_local_name() in cp-demangle.c. Remote attackers could
leverage this vulnerability to cause a denial-of-service via
an ELF file, as demonstrated by nm.
zlib before 1.2.12 allows memory corruption when
koldo_software vulnerabilidades 2022-10-18 CVE-2018-25032 deflating (i.e., when compressing) if the input has many 7.5 https://nvd.nist.gov/vuln/detail/CVE-2018-25032 rsync,zlib,zlib-devel
distant matches.
TSX Asynchronous Abort condition on some CPUs utilizing
speculative execution may allow an authenticated user to
koldo_software vulnerabilidades 2022-10-18 CVE-2019-11135 6.5 https://nvd.nist.gov/vuln/detail/CVE-2019-11135 microcode_ctl Affected no
potentially enable information disclosure via a side
channel with local access.
Improper conditions check in the voltage modulation
interface for some Intel(R) Xeon(R) Scalable Processors
koldo_software vulnerabilidades 2022-10-18 CVE-2019-11139 6 https://nvd.nist.gov/vuln/detail/CVE-2019-11139 microcode_ctl Affected no
may allow a privileged user to potentially enable denial of
service via local access.
An issue was discovered in the Linux kernel before 5.2.3.
koldo_software vulnerabilidades 2022-10-18 CVE-2019-15213 There is a use-after-free caused by a malicious USB device 4.6 https://nvd.nist.gov/vuln/detail/CVE-2019-15213 kernel Affected no
in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver.
There is a NULL pointer dereference caused by a
koldo_software vulnerabilidades 2022-10-18 CVE-2019-15219 4.6 https://nvd.nist.gov/vuln/detail/CVE-2019-15219 kernel Affected no
malicious USB device in the
drivers/usb/misc/sisusbvga/sisusb.c driver.
Oniguruma through 6.9.3, as used in PHP 7.3.x and other
koldo_software vulnerabilidades 2022-10-18 CVE-2019-19246 products, has a heap-based buffer over-read in 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-19246 oniguruma Affected no
str_lower_case_match in regexec.c.
In the Linux kernel before 5.2.10, there is a use-after-free
koldo_software vulnerabilidades 2022-10-18 CVE-2019-19530 bug that can be caused by a malicious USB device in the 4.6 https://nvd.nist.gov/vuln/detail/CVE-2019-19530 kernel Affected no
drivers/usb/class/cdc-acm.c driver, aka CID-c52873e5a1ef.
mwifiex_tm_cmd in
drivers/net/wireless/marvell/mwifiex/cfg80211.c in the
Linux kernel before 5.1.6 has some error-handling cases
that did not free allocated hostcmd memory, aka
CID-003b686ace82. This will cause a memory leak and
denial of service.
In uvc_scan_chain_forward of uvc_driver.c, there is a
possible linked list corruption due to an unusual root
cause. This could lead to local escalation of privilege in the
koldo_software vulnerabilidades 2022-10-18 CVE-2020-0404 kernel with no additional execution privileges needed. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-0404 bpftool,kernel,kernel-core,kernel-modules,kernel-tools,kernel-tools-libs,python3-perf
User interaction is not needed for exploitation.Product:
AndroidVersions: Android kernelAndroid ID:
A-111893654References: Upstream kernel
In uvc_scan_chain_forward of uvc_driver.c, there is a
possible linked list corruption due to an unusual root
cause. This could lead to local escalation of privilege in the
koldo_software vulnerabilidades 2022-10-18 CVE-2020-0404 kernel with no additional execution privileges needed. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-0404 kernel Affected no
An issue was discovered in the Linux kernel 4.4 through
5.7.1. drivers/tty/vt/keyboard.c has an integer overflow if
k_ascii is called several times in a row, aka CID-
koldo_software vulnerabilidades 2022-10-18 CVE-2020-13974 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-13974 bpftool,kernel,kernel-core,kernel-modules,kernel-tools,kernel-tools-libs,python3-perf
b86dab054059. NOTE: Members in the community argue
that the integer overflow does not lead to a security issue
in this case.
A flaw was found in the Linux kernel in versions before
5.9-rc6. When changing screen size, an out-of-bounds
koldo_software vulnerabilidades 2022-10-18 CVE-2020-14390 memory write can occur leading to memory corruption or 5.6 https://nvd.nist.gov/vuln/detail/CVE-2020-14390 kernel Affected no
a denial of service. Due to the nature of the flaw, privilege
escalation cannot be fully ruled out.
In the Linux kernel before 5.4.16, a race condition in
tty->disc_data handling in the slip and slcan line discipline
could lead to a use-after-free, aka CID-0ace17d56824. This
affects drivers/net/slip/slip.c and drivers/net/can/slcan.c.
Buffer Overflow in LibTiff v4.0.10 allows attackers to
koldo_software vulnerabilidades 2022-10-18 CVE-2020-19131 cause a denial of service via the "invertImage()" function 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-19131 libtiff
in the component "tiffcrop".
A flaw was found in the Linux kernel in versions before
5.9-rc7. Traffic between two Geneve endpoints may be
unencrypted when IPsec is configured to encrypt traffic
koldo_software vulnerabilidades 2022-10-18 CVE-2020-25645 for the specific UDP port used by the GENEVE tunnel 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-25645 kernel Affected no
allowing anyone between the two endpoints to read the
traffic unencrypted. The main threat from this
vulnerability is to data confidentiality.
A flaw was found in the way Samba maps domain users to
koldo_software vulnerabilidades 2022-10-18 CVE-2020-25717 local users. An authenticated attacker could use this flaw 8.1 https://nvd.nist.gov/vuln/detail/CVE-2020-25717 libsmbclient,libwbclient,samba-client-libs,samba-common,samba-common-libs
to cause possible privilege escalation.
kernel/bpf/verifier.c performs undesirable out-of-bounds
speculation on pointer arithmetic, leading to side-channel
koldo_software vulnerabilidades 2022-10-18 CVE-2020-27170 attacks that defeat Spectre mitigations and obtain 4.7 https://nvd.nist.gov/vuln/detail/CVE-2020-27170 kernel Affected no
sensitive information from kernel memory, aka CID-
f232326f6966. This affects pointer types that do not define
a ptr_limit.
kernel/bpf/verifier.c has an off-by-one error (with a
resultant integer underflow) affecting out-of-bounds
koldo_software vulnerabilidades 2022-10-18 CVE-2020-27171 speculation on pointer arithmetic, leading to side-channel 6 https://nvd.nist.gov/vuln/detail/CVE-2020-27171 kernel Affected no
attacks that defeat Spectre mitigations and obtain
sensitive information from kernel memory, aka
CID-10d2bb2e6b1d.
A vulnerability was found in Linux kernel, where a use-
after-frees in nouveau's postclose() handler could happen
koldo_software vulnerabilidades 2022-10-18 CVE-2020-27820 if removing device (that is not common to remove video 4.7 https://nvd.nist.gov/vuln/detail/CVE-2020-27820 bpftool,kernel,kernel-core,kernel-modules,kernel-tools,kernel-tools-libs,python3-perf
card physically without power-off, but same happens if
"unbind" the driver).
The vgacon subsystem in the Linux kernel before 5.8.10
mishandles software scrollback. There is a
vgacon_scrolldelta out-of-bounds read, aka
CID-973c096f6a85.
A buffer over-read (at the framebuffer layer) in the fbcon
code in the Linux kernel before 5.8.15 could be used by
local attackers to read kernel memory, aka
CID-6735b4632def.
An issue was discovered in the Linux kernel before 5.7.3,
related to mm/gup.c and mm/huge_memory.c. The
get_user_pages (aka gup) implementation, when used for a
copy-on-write page, does not properly consider the
semantics of read operations and therefore can grant
unintended write access, aka CID-17839856fd58.
A flaw was found in cairo's image-compositor.c in all
versions prior to 1.17.4. This flaw allows an attacker who
can provide a crafted input file to cairo's image-compositor
(for example, by convincing a user to open a file in an
koldo_software vulnerabilidades 2022-10-18 CVE-2020-35492 application using cairo, or if an application uses cairo on 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-35492 cairo
untrusted input) to cause a stack buffer overflow -> out-of-
bounds WRITE. The highest impact from this vulnerability
is to confidentiality, integrity, as well as system
availability.
A flaw was found in the Linux kernels implementation of
koldo_software vulnerabilidades 2022-10-18 CVE-2020-35501 audit rules, where a syscall can unexpectedly not be 3.4 https://nvd.nist.gov/vuln/detail/CVE-2020-35501 kernel Affected no
correctly not be logged by the audit subsystem
In SQlite 3.31.1, a potential null pointer derreference was
koldo_software vulnerabilidades 2022-10-18 CVE-2020-35525 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-35525 sqlite Affected no
found in the INTERSEC query processing.
In SQLite 3.31.1, there is an out of bounds access problem
koldo_software vulnerabilidades 2022-10-18 CVE-2020-35527 through ALTER TABLE for views that have a nested FROM 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-35527 sqlite Affected no
clause.
An issue was discovered in the Linux kernel before 5.9.
arch/x86/kvm/svm/sev.c allows attackers to cause a denial
koldo_software vulnerabilidades 2022-10-18 CVE-2020-36311 of service (soft lockup) by triggering destruction of a large 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-36311 kernel Affected no
SEV VM (which requires unregistering many encrypted
regions), aka CID-7be74942f184.
An issue was discovered in the Linux kernel through
5.16.11. The mixed IPID assignment method with the
koldo_software vulnerabilidades 2022-10-18 CVE-2020-36516 hash-based IPID assignment policy allows an off-path 5.9 https://nvd.nist.gov/vuln/detail/CVE-2020-36516 kernel Affected no
attacker to inject data into a victim's TCP session or
terminate that session.
A race condition in the Linux kernel before 5.6.2 between
koldo_software vulnerabilidades 2022-10-18 CVE-2020-36557 the VT_DISALLOCATE ioctl and closing/opening of ttys 5.1 https://nvd.nist.gov/vuln/detail/CVE-2020-36557 kernel Affected no
could lead to a use-after-free.
A race condition in the Linux kernel before 5.5.7 involving
koldo_software vulnerabilidades 2022-10-18 CVE-2020-36558 VT_RESIZEX could lead to a NULL pointer dereference 5.1 https://nvd.nist.gov/vuln/detail/CVE-2020-36558 kernel Affected no
and general protection fault.
u'Specifically timed and handcrafted traffic can cause
internal errors in a WLAN device that lead to improper
layer 2 Wi-Fi encryption with a consequent possibility of
information disclosure over the air for a discrete set of
traffic' in Snapdragon Auto, Snapdragon Compute,
koldo_software vulnerabilidades 2022-10-18 CVE-2020-3702 Snapdragon Connectivity, Snapdragon Consumer IOT, 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-3702 kernel Affected no
Snapdragon Industrial IOT, Snapdragon Mobile,
Snapdragon Voice & Music, Snapdragon Wearables,
Snapdragon Wired Infrastructure and Networking in
APQ8053, IPQ4019, IPQ8064, MSM8909W, MSM8996AU,
QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150
IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could
allow a local user to obtain sensitive information from the
data in the L1 cache under extenuating circumstances.
IBM X-Force ID: 189296.
Insufficient control flow management in some Intel(R)
koldo_software vulnerabilidades 2022-10-18 CVE-2021-0127 Processors may allow an authenticated user to potentially 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-0127 microcode_ctl Affected no
enable a denial of service via local access.
Improper initialization of shared resources in some
koldo_software vulnerabilidades 2022-10-18 CVE-2021-0145 Intel(R) Processors may allow an authenticated user to 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-0145 microcode_ctl Affected no
potentially enable information disclosure via local access.
pandorafms.com 3
a
Hardware allows activation of test or debug logic at

runtime for some Intel(R) processors which may allow an
unauthenticated user to potentially enable escalation of
privilege via physical access.
In unix_scm_to_skb of af_unix.c, there is a possible use
after free bug due to a race condition. This could lead to
local escalation of privilege with System execution
koldo_software vulnerabilidades 2022-10-18 CVE-2021-0920 privileges needed. User interaction is not needed for 6.4 https://nvd.nist.gov/vuln/detail/CVE-2021-0920 bpftool,kernel,kernel-core,kernel-modules,kernel-tools,kernel-tools-libs,python3-perf
exploitation.Product: AndroidVersions: Android
kernelAndroid ID: A-196926917References: Upstream
kernel
In bpf_skb_change_head of filter.c, there is a possible out
of bounds read due to a use after free. This could lead to
local escalation of privilege with System execution
koldo_software vulnerabilidades 2022-10-18 CVE-2021-0941 privileges needed. User interaction is not needed for 6.7 https://nvd.nist.gov/vuln/detail/CVE-2021-0941 bpftool,kernel,kernel-core,kernel-modules,kernel-tools,kernel-tools-libs,python3-perf
exploitation.Product: AndroidVersions: Android
kernel
A flaw was found in the way Samba handled file/directory
metadata. This flaw allows an authenticated attacker with
permissions to read or modify share metadata, to perform
this operation outside of the share.
A flaw was found in the Linux kernel. A corrupted timer
tree caused the task wakeup to be missing in the
timerqueue_add function in lib/timerqueue.c. This flaw
allows a local attacker with special user privileges to
cause a denial of service, slowing and eventually stopping
the system while running OSP.
A race condition accessing file object in the Linux kernel
OverlayFS subsystem was found in the way users do
rename in specific way with OverlayFS. A local user could
use this flaw to crash the system.
A flaw in the processing of received ICMP errors (ICMP
fragment needed and ICMP redirect) in the Linux kernel
functionality was found to allow the ability to quickly scan
open UDP ports. This flaw allows an off-path remote user
koldo_software vulnerabilidades 2022-10-18 CVE-2021-20322 to effectively bypass the source port UDP randomization. 7.4 https://nvd.nist.gov/vuln/detail/CVE-2021-20322 bpftool,kernel,kernel-core,kernel-modules,kernel-tools,kernel-tools-libs,python3-perf
The highest threat from this vulnerability is to
confidentiality and possibly integrity, because software
that relies on UDP source port randomization are
indirectly affected as well.
An information disclosure vulnerability exists in the ARM
SIGPAGE functionality of Linux Kernel v5.4.66 and
v5.4.54. The latest version (5.11-rc4) seems to still be
vulnerable. A userland application can read the contents of
the sigpage, which can leak kernel memory contents. An
attacker can read a process’s memory at a specific offset
to trigger this vulnerability. This was fixed in kernel
releases: 4.14.222 4.19.177 5.4.99 5.10.17 5.11
An improper link resolution flaw while extracting an
archive can lead to changing the access control list (ACL)
of the target of the link. An attacker may provide a
koldo_software vulnerabilidades 2022-10-18 CVE-2021-23177 malicious archive to a victim user, who would trigger this 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-23177 libarchive
flaw when trying to extract the archive. A local attacker
may use this flaw to change the ACL of a file on the system
and gain more privileges.
A flaw was found in the way samba implemented
DCE/RPC. If a client to a Samba server sent a very large
koldo_software vulnerabilidades 2022-10-18 CVE-2021-23192 DCE/RPC request, and chose to fragment it, an attacker 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-23192 libsmbclient,libwbclient,samba-client-libs,samba-common,samba-common-libs
could replace later fragments with their own data,
bypassing the signature requirements.
Some AMD CPUs may transiently execute beyond
koldo_software vulnerabilidades 2022-10-18 CVE-2021-26341 unconditional direct branches, which may potentially 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-26341 kernel Affected no
result in data leakage.
LFENCE/JMP (mitigation V2-2) may not sufficiently
mitigate CVE-2017-5715 on some AMD CPUs.
In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel
through 5.11.8, the RPA PCI Hotplug driver has a user-
tolerable buffer overflow when writing a new device name
koldo_software vulnerabilidades 2022-10-18 CVE-2021-28972 to the driver from userspace, allowing userspace to write 6.7 https://nvd.nist.gov/vuln/detail/CVE-2021-28972 kernel Fix deferred no
data to the kernel stack frame directly. This occurs
because add_slot_store and remove_slot_store mishandle
drc_name '\0' termination, aka CID-cc7a0bb058b8.
BPF JIT compilers in the Linux kernel through 5.11.12
have incorrect computation of branch displacements,
koldo_software vulnerabilidades 2022-10-18 CVE-2021-29154 allowing them to execute arbitrary code within the kernel 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-29154 bpftool,kernel,kernel-core,kernel-modules,kernel-tools,kernel-tools-libs,python3-perf
context. This affects arch/x86/net/bpf_jit_comp.c and
arch/x86/net/bpf_jit_comp32.c.
arch/x86/kvm/svm/nested.c in the Linux kernel before
5.11.12 has a use-after-free in which an AMD KVM guest
can bypass access control on host OS MSRs when there
are nested guests, aka CID-a58d9166a756. This occurs
because of a TOCTOU race condition associated with a
VMCB12 double fetch in nested_svm_vmrun.
An issue was discovered in the Linux kernel before 5.11.3
when a webcam device exists. video_usercopy in
drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for
large arguments, aka CID-fb18802a338b.
An improper link resolution flaw can occur while
extracting an archive leading to changing modes, times,
access control lists, and flags of a file outside of the
koldo_software vulnerabilidades 2022-10-18 CVE-2021-31566 archive. An attacker may provide a malicious archive to a 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-31566 libarchive
victim user, who would trigger this flaw when trying to
extract the archive. A local attacker may use this flaw to
gain more privileges in a system.
** DISPUTED ** fs/nfsd/nfs3xdr.c in the Linux kernel
through 5.10.8, when there is an NFS export of a
subdirectory of a filesystem, allows remote attackers to see also the exports(5) no_subtree_check default
traverse to other parts of the filesystem via behavior.
READDIRPLUS. NOTE: some parties argue that such a
subdirectory export is not intended to prevent this attack
Improper access control for some 3rd Generation Intel(R)
Xeon(R) Scalable Processors before BIOS version MR7,
may allow a local attacker to potentially enable
information disclosure via local access.
Out of bounds read under complex microarchitectural
condition in memory subsystem for some Intel Atom(R)
koldo_software vulnerabilidades 2022-10-18 CVE-2021-33120 Processors may allow authenticated user to potentially 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-33120 microcode_ctl Affected no
enable information disclosure or cause denial of service
via network access.
In kernel/bpf/verifier.c in the Linux kernel before 5.12.13,
a branch can be mispredicted (e.g., because of type
koldo_software vulnerabilidades 2022-10-18 CVE-2021-33624 confusion) and consequently an unprivileged BPF program 4.7 https://nvd.nist.gov/vuln/detail/CVE-2021-33624 kernel Affected no
can read arbitrary memory locations via a side-channel
attack, aka CID-9183671af6db.
When sending malicous data to kernel by ioctl cmd
koldo_software vulnerabilidades 2022-10-18 CVE-2021-33655 FBIOPUT_VSCREENINFO,kernel will write memory out of 6.7 https://nvd.nist.gov/vuln/detail/CVE-2021-33655 kernel Affected no
bounds.
When setting font with malicous data by ioctl cmd
PIO_FONT,kernel will write memory out of bounds.
A flaw was found in the Linux kernel. A denial of service
problem is identified if an extent tree is corrupted in a
crafted ext4 filesystem in fs/ext4/extents.c in
koldo_software vulnerabilidades 2022-10-18 CVE-2021-3428 ext4_es_cache_extent. Fabricating an integer overflow, A 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3428 kernel Affected no
local attacker with a special user privilege may cause a
system crash problem which can lead to an availability
threat.
The bpf verifier in the Linux kernel did not properly handle
mod32 destination register truncation when the source
register was known to be 0. A local attacker with the
ability to load bpf programs could use this gain out-of-
bounds reads in kernel memory leading to information
koldo_software vulnerabilidades 2022-10-18 CVE-2021-3444 disclosure (kernel memory), and possibly out-of-bounds 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-3444 kernel Affected no
writes that could potentially lead to code execution. This
issue was addressed in the upstream kernel in commit
9b00f1b78809 ("bpf: Fix truncation handling for mod32
dst reg wrt zero") and in Linux stable kernels 5.11.2,
5.10.19, and 5.4.101.
In the Linux kernel through 5.13.7, an unprivileged BPF
program can obtain sensitive information from kernel
memory via a Speculative Store Bypass side-channel
attack because the protection mechanism neglects the
possibility of uninitialized memory locations on the BPF
stack.
net/can/bcm.c in the Linux kernel through 5.12.10 allows
local users to obtain sensitive information from kernel
stack memory because parts of a data structure are
uninitialized.
net/can/bcm.c in the Linux kernel through 5.12.10 allows
local users to obtain sensitive information from kernel
koldo_software vulnerabilidades 2022-10-18 CVE-2021-34693 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-34693 kernel Fix deferred no
stack memory because parts of a data structure are
uninitialized.
There is a flaw in RPM's signature functionality. OpenPGP
subkeys are associated with a primary key via a "binding
signature." RPM does not check the binding signature of
subkeys prior to importing them. If an attacker is able to
add or socially engineer another party to add a malicious
subkey to a legitimate public key, RPM could wrongly trust
koldo_software vulnerabilidades 2022-10-18 CVE-2021-3521 4.7 https://nvd.nist.gov/vuln/detail/CVE-2021-3521 python3-rpm,rpm,rpm-build-libs,rpm-libs,rpm-plugin-selinux,rpm-plugin-systemd-inhibit
a malicious signature. The greatest impact of this flaw is
to data integrity. To exploit this flaw, an attacker must
either compromise an RPM repository or convince an
administrator to install an untrusted RPM or public key. It
is strongly recommended to only use RPMs and public
keys from trusted sources.
In the Linux kernel through 5.13.7, an unprivileged BPF
program can obtain sensitive information from kernel
memory via a Speculative Store Bypass side-channel
attack because a certain preempting store operation does
not necessarily occur before a store operation that has an
attacker-controlled value.
A race condition vulnerability was found in rpm. A local
unprivileged user could use this flaw to bypass the checks
that were introduced in response to CVE-2017-7500 and
koldo_software vulnerabilidades 2022-10-18 CVE-2021-35937 6.4 https://nvd.nist.gov/vuln/detail/CVE-2021-35937 rpm Affected no
CVE-2017-7501, potentially gaining root privileges. The
highest threat from this vulnerability is to data
confidentiality and integrity as well as system availability.
A symbolic link issue was found in rpm. It occurs when
rpm sets the desired permissions and credentials after
installing a file. A local unprivileged user could use this
flaw to exchange the original file with a symbolic link to a
security-critical file and escalate their privileges on the
system. The highest threat from this vulnerability is to
data confidentiality and integrity as well as system
availability.
It was found that the fix for CVE-2017-7500 and
CVE-2017-7501 was incomplete: the check was only
implemented for the parent directory of the file to be
created. A local unprivileged user who owns another
ancestor directory could potentially use this flaw to gain
root privileges. The highest threat from this vulnerability
is to data confidentiality and integrity as well as system
availability.
pandorafms.com 4
a
An out-of-bounds memory write flaw was found in the

Linux kernel's joystick devices subsystem in versions
before 5.9-rc1, in the way the user calls ioctl
koldo_software vulnerabilidades 2022-10-18 CVE-2021-3612 JSIOCSBTNMAP. This flaw allows a local user to crash the 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-3612 bpftool,kernel,kernel-core,kernel-modules,kernel-tools,kernel-tools-libs,python3-perf
system or possibly escalate their privileges on the system.
The highest threat from this vulnerability is to
confidentiality, integrity, as well as system availability.
A flaw has been found in libssh in versions prior to 0.9.6.
The SSH protocol keeps track of two shared secrets during
the lifetime of the session. One of them is called
secret_hash and the other session_id. Initially, both of
them are the same, but after key re-exchange, previous
session_id is kept and used as an input to new secret_hash.
Historically, both of these buffers had shared length
koldo_software vulnerabilidades 2022-10-18 CVE-2021-3634 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3634 libssh,libssh-config
variable, which worked as long as these buffers were
same. But the key re-exchange operation can also change
the key exchange method, which can be based on hash of
different size, eventually creating "secret_hash" of
different size than the session_id has. This becomes an
issue when the session_id memory is zeroed or when it is
used again during second key re-exchange.
A flaw use-after-free in function sco_sock_sendmsg() of the
Linux kernel HCI subsystem was found in the way user
calls ioct UFFDIO_REGISTER or other way triggers race
condition of the call sco_conn_del() together with the call
koldo_software vulnerabilidades 2022-10-18 CVE-2021-3640 7 https://nvd.nist.gov/vuln/detail/CVE-2021-3640 kernel Affected no
sco_sock_sendmsg() with the expected controllable
faulting memory page. A privileged local user could use
this flaw to crash the system or escalate their privileges on
the system.
A vulnerability was found in the Linux kernel in versions
prior to v5.14-rc1. Missing size validations on inbound
SCTP packets may allow the kernel to read uninitialized
memory.
Cockpit (and its plugins) do not seem to protect itself
against clickjacking. It is possible to render a page from a
koldo_software vulnerabilidades 2022-10-18 CVE-2021-3660 cockpit server via another website, inside an HTML entry. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-3660 cockpit,cockpit-bridge,cockpit-system,cockpit-ws
This may be used by a malicious website in clickjacking or
similar attacks.
A flaw was found in the Linux kernel. Measuring usage of
the shared memory does not scale with large shared
memory segment counts which could lead to resource
exhaustion and DoS.
A flaw was found in c-ares library, where a missing input
validation check of host names returned by DNS (Domain
Name Servers) can lead to output of wrong hostnames
koldo_software vulnerabilidades 2022-10-18 CVE-2021-3672 5.6 https://nvd.nist.gov/vuln/detail/CVE-2021-3672 c-ares
which might potentially lead to Domain Hijacking. The
highest threat from this vulnerability is to confidentiality
and integrity as well as system availability.
A crafted 16-bit grayscale PNG image may lead to a out-of-
bounds write in the heap area. An attacker may take
advantage of that to cause heap data corruption or
eventually arbitrary code execution and circumvent secure
boot protections. This issue has a high complexity to be
koldo_software vulnerabilidades 2022-10-18 CVE-2021-3695 4.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3695 grub2-common,grub2-pc,grub2-pc-modules,grub2-tools,grub2-tools-extra,grub2-tools-minimal
exploited as an attacker needs to perform some triage over
the heap layout to achieve signifcant results, also the
values written into the memory are repeated three times
in a row making difficult to produce valid payloads. This
flaw affects grub2 versions prior grub-2.12.
A heap out-of-bounds write may heppen during the
handling of Huffman tables in the PNG reader. This may
lead to data corruption in the heap space. Confidentiality,
Integrity and Availablity impact may be considered Low as
koldo_software vulnerabilidades 2022-10-18 CVE-2021-3696 it's very complex to an attacker control the encoding and 4.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3696 grub2-common,grub2-pc,grub2-pc-modules,grub2-tools,grub2-tools-extra,grub2-tools-minimal
positioning of corrupted Huffman entries to achieve
results such as arbitrary code execution and/or secure
boot circumvention. This flaw affects grub2 versions prior
grub-2.12.
A crafted JPEG image may lead the JPEG reader to
underflow its data pointer, allowing user-controlled data to
be written in heap. To a successful to be performed the
attacker needs to perform some triage over the heap
koldo_software vulnerabilidades 2022-10-18 CVE-2021-3697 7 https://nvd.nist.gov/vuln/detail/CVE-2021-3697 grub2-common,grub2-pc,grub2-pc-modules,grub2-tools,grub2-tools-extra,grub2-tools-minimal
layout and craft an image with a malicious format and
payload. This vulnerability can lead to data corruption and
eventual code execution or secure boot circumvention.
This flaw affects grub2 versions prior grub-2.12.
A flaw was found in Cockpit in versions prior to 260 in the
way it handles the certificate verification performed by the
System Security Services Daemon (SSSD). This flaw allows
koldo_software vulnerabilidades 2022-10-18 CVE-2021-3698 client certificates to authenticate successfully, regardless 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3698 cockpit,cockpit-bridge,cockpit-system,cockpit-ws
of the Certificate Revocation List (CRL) configuration or
the certificate status. The highest threat from this
vulnerability is to confidentiality.
A flaw was found in the Linux kernels memory
deduplication mechanism. Previous work has shown that
memory deduplication can be attacked via a local
koldo_software vulnerabilidades 2022-10-18 CVE-2021-3714 exploitation mechanism. The same technique can be used 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3714 kernel Affected no
if an attacker can upload page sized files and detect the
change in access time from a networked service to
determine if the page has been merged.
hso_free_net_device in drivers/net/usb/hso.c in the Linux
kernel through 5.13.4 calls unregister_netdev without
checking for the NETREG_REGISTERED state, leading to
a use-after-free and a double free.
A flaw was found in python. An improperly handled HTTP
response in the HTTP client code of python may allow a
remote attacker, who controls the HTTP server, to make
koldo_software vulnerabilidades 2022-10-18 CVE-2021-3737 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3737 platform-python,python3-libs
the client script enter an infinite loop, consuming CPU
time. The highest threat from this vulnerability is to
system availability.
An out-of-bounds (OOB) memory read flaw was found in
the Qualcomm IPC router protocol in the Linux kernel. A
missing sanity check allows a local attacker to gain access
to out-of-bounds memory, leading to a system crash or a
leak of internal kernel information. The highest threat
from this vulnerability is to system availability.
A memory leak flaw was found in the Linux kernel in the
ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-
koldo_software vulnerabilidades 2022-10-18 CVE-2021-3744 ops.c, which allows attackers to cause a denial of service 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3744 bpftool,kernel,kernel-core,kernel-modules,kernel-tools,kernel-tools-libs,python3-perf
(memory consumption). This vulnerability is similar with
the older CVE-2019-18808.
A use-after-free flaw was found in the Linux kernel’s
Bluetooth subsystem in the way user calls connect to the
socket and disconnect simultaneously due to a race
koldo_software vulnerabilidades 2022-10-18 CVE-2021-3752 condition. This flaw allows a user to crash the system or 7.1 https://nvd.nist.gov/vuln/detail/CVE-2021-3752 bpftool,kernel,kernel-core,kernel-modules,kernel-tools,kernel-tools-libs,python3-perf
escalate their privileges. The highest threat from this
vulnerability is to confidentiality, integrity, as well as
system availability.
A memory overflow vulnerability was found in the Linux
kernel’s ipc functionality of the memcg subsystem, in the
way a user calls the semget function multiple times,
koldo_software vulnerabilidades 2022-10-18 CVE-2021-3759 creating semaphores. This flaw allows a local user to 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3759 bpftool,kernel,kernel-core,kernel-modules,kernel-tools,kernel-tools-libs,python3-perf
starve the resources, causing a denial of service. The
highest threat from this vulnerability is to system
availability.
A memory leak flaw was found in the Linux kernel's
ccp_run_aes_gcm_cmd() function that allows an attacker
koldo_software vulnerabilidades 2022-10-18 CVE-2021-3764 to cause a denial of service. The vulnerability is similar to 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3764 bpftool,kernel,kernel-core,kernel-modules,kernel-tools,kernel-tools-libs,python3-perf
the older CVE-2019-18808. The highest threat from this
vulnerability is to system availability.
A flaw was found in the Linux SCTP stack. A blind attacker
may be able to kill an existing SCTP association through
koldo_software vulnerabilidades 2022-10-18 CVE-2021-3772 invalid chunks if the attacker knows the IP-addresses and 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3772 bpftool,kernel,kernel-core,kernel-modules,kernel-tools,kernel-tools-libs,python3-perf
port numbers being used and the attacker can send
packets with spoofed IP addresses.
A flaw in netfilter could allow a network-connected
koldo_software vulnerabilidades 2022-10-18 CVE-2021-3773 attacker to infer openvpn connection endpoint information 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-3773 bpftool,kernel,kernel-core,kernel-modules,kernel-tools,kernel-tools-libs,python3-perf
for further use in traditional network attacks.
In kernel/bpf/hashtab.c in the Linux kernel through 5.13.8,
there is an integer overflow and out-of-bounds write when
koldo_software vulnerabilidades 2022-10-18 CVE-2021-38166 many elements are placed in a single bucket. NOTE: 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-38166 kernel Affected no
exploitation might be impractical without the
CAP_SYS_ADMIN capability.
GNU cpio through 2.13 allows attackers to execute
arbitrary code via a crafted pattern file, because of a
dstring.c ds_fgetstr integer overflow that triggers an out-
koldo_software vulnerabilidades 2022-10-18 CVE-2021-38185 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-38185 cpio
of-bounds heap write. NOTE: it is unclear whether there
are common cases where the pattern file, associated with
the -E option, is untrusted data.
arch/x86/kvm/mmu/paging_tmpl.h in the Linux kernel
before 5.12.11 incorrectly computes the access
permissions of a shadow page, leading to a missing guest
protection page fault.
The mac80211 subsystem in the Linux kernel before
5.12.13, when a device supporting only 5 GHz is used,
koldo_software vulnerabilidades 2022-10-18 CVE-2021-38206 allows attackers to cause a denial of service (NULL 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-38206 kernel Affected no
pointer dereference in the radiotap parser) by injecting a
frame with 802.11a rates.
Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer
koldo_software vulnerabilidades 2022-10-18 CVE-2021-38297 Overflow via large arguments in a function invocation from 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-38297 git-lfs Affected no
a WASM module, when GOARCH=wasm GOOS=js is used.
koldo_software vulnerabilidades 2022-10-18 CVE-2021-3872 vim is vulnerable to Heap-based Buffer Overflow 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-3872 vim-minimal
koldo_software vulnerabilidades 2022-10-18 CVE-2021-3872 vim is vulnerable to Heap-based Buffer Overflow 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-3872 kernel Affected no
A flaw in grub2 was found where its configuration file,
known as grub.cfg, is being created with the wrong
permission set allowing non privileged users to read its
content. This represents a low severity confidentiality
koldo_software vulnerabilidades 2022-10-18 CVE-2021-3981 issue, as those users can eventually read any encrypted 3.3 https://nvd.nist.gov/vuln/detail/CVE-2021-3981 grub2-common,grub2-pc,grub2-pc-modules,grub2-tools,grub2-tools-extra,grub2-tools-minimal
passwords present in grub.cfg. This flaw affects grub2
2.06 and previous versions. This issue has been fixed in
grub upstream but no version with the fix is currently
released.
A race condition was found in the Linux kernel's ebpf
verifier between bpf_map_update_elem and
bpf_map_freeze due to a missing lock in
koldo_software vulnerabilidades 2022-10-18 CVE-2021-4001 kernel/bpf/syscall.c. In this flaw, a local user with a special 4.1 https://nvd.nist.gov/vuln/detail/CVE-2021-4001 kernel Affected no
privilege (cap_sys_admin or cap_bpf) can modify the
frozen mapped address space. This flaw affects kernel
versions prior to 5.16 rc2.
A memory leak flaw in the Linux kernel's hugetlbfs
memory usage was found in the way the user maps some
regions of memory twice using shmget() which are aligned
to PUD alignment with the fault of some of the memory
pages. A local user could use this flaw to get unauthorized
access to some data.
this is then used by unsquashfs to create the new
file during the unsquash. The filename is not
squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5
koldo_software vulnerabilidades 2022-10-18 CVE-2021-40153 validated for traversal outside of the destination 8.1 https://nvd.nist.gov/vuln/detail/CVE-2021-40153 squashfs-tools Affected no
stores the filename in the directory entry
directory, and thus allows writing to locations
outside of the destination.
pandorafms.com 5
a
A flaw in the Linux kernel's implementation of RDMA

communications manager listener code allowed an
attacker with local access to setup a socket to listen on a
koldo_software vulnerabilidades 2022-10-18 CVE-2021-4028 high port allowing for a list element to be used after free. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-4028 bpftool,kernel,kernel-core,kernel-modules,kernel-tools,kernel-tools-libs,python3-perf
Given the ability to execute code, a local attacker could
leverage this use-after-free to crash the system or possibly
escalate privileges on the system.
A local privilege escalation vulnerability was found on
polkit's pkexec utility. The pkexec application is a setuid
tool designed to allow unprivileged users to run commands
as privileged users according predefined policies. The
current version of pkexec doesn't handle the calling
parameters count correctly and ends trying to execute
koldo_software vulnerabilidades 2022-10-18 CVE-2021-4034 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-4034 polkit,polkit-libs
environment variables as commands. An attacker can
leverage this by crafting environment variables in such a
way it'll induce pkexec to execute arbitrary code. When
successfully executed the attack can cause a local
privilege escalation given unprivileged users
administrative rights on the target machine.
A vulnerability was found in the
fs/inode.c:inode_init_owner() function logic of the LInux
kernel that allows local users to create files for the XFS
file-system with an unintended group ownership and with
group execution and SGID permission bits set, in a
koldo_software vulnerabilidades 2022-10-18 CVE-2021-4037 scenario where a directory is SGID and belongs to a 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-4037 bpftool,kernel,kernel-core,kernel-modules,kernel-tools,kernel-tools-libs,python3-perf
certain group and is writable by a user who is not a
member of this group. This can lead to excessive
permissions granted in case when they should not. This
vulnerability is similar to the previous CVE-2018-13405
and adds the missed fix for the XFS.
The ElGamal implementation in Libgcrypt before 1.9.4
allows plaintext recovery because, during interaction
between two cryptographic libraries, a certain dangerous
koldo_software vulnerabilidades 2022-10-18 CVE-2021-40528 combination of the prime defined by the receiver's public 5.9 https://nvd.nist.gov/vuln/detail/CVE-2021-40528 libgcrypt
key, the generator defined by the receiver's public key,
and the sender's ephemeral exponents can lead to a cross-
configuration attack against OpenPGP.
A read-after-free memory flaw was found in the Linux
kernel's garbage collection for Unix domain socket file
handlers in the way users call close() and fget()
koldo_software vulnerabilidades 2022-10-18 CVE-2021-4083 simultaneously and can potentially trigger a race 7 https://nvd.nist.gov/vuln/detail/CVE-2021-4083 bpftool,kernel,kernel-core,kernel-modules,kernel-tools,kernel-tools-libs,python3-perf
condition. This flaw allows a local user to crash the system
or escalate their privileges on the system. This flaw affects
Linux kernel versions prior to 5.16-rc4.
A flaw was found in the KVM's AMD code for supporting
the Secure Encrypted Virtualization-Encrypted State (SEV-
ES). A KVM guest using SEV-ES can trigger out-of-bounds
reads and writes in the host kernel via a malicious
VMGEXIT for a string I/O instruction (for example, outs or
ins) using the exit reason SVM_EXIT_IOIO. This issue
results in a crash of the entire system or a potential guest-
to-host escape scenario.
There is a flaw in polkit which can allow an unprivileged
user to cause polkit to crash, due to process file descriptor
exhaustion. The highest threat from this vulnerability is to
koldo_software vulnerabilidades 2022-10-18 CVE-2021-4115 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-4115 polkit,polkit-libs
availability. NOTE: Polkit process outage duration is tied
to the failing process being reaped and a new one being
spawned
It was found that a specially crafted LUKS header could
trick cryptsetup into disabling encryption during the
recovery of the device. An attacker with physical access to
koldo_software vulnerabilidades 2022-10-18 CVE-2021-4122 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-4122 cryptsetup,cryptsetup-libs
the medium, such as a flash disk, could use this flaw to
force a user into permanently disabling the encryption
layer of that medium.
A memory leak vulnerability was found in the Linux
kernel's eBPF for the Simulated networking device driver
koldo_software vulnerabilidades 2022-10-18 CVE-2021-4135 in the way user uses BPF for the device such that function 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-4135 kernel Affected no
nsim_map_alloc_elem being called. A local user could use
this flaw to get unauthorized access to some data.
A use-after-free flaw was found in cgroup1_parse_param in
kernel/cgroup/cgroup-v1.c in the Linux kernel's cgroup v1
parser. A local attacker with a user privilege could cause a
privilege escalation by exploiting the fsconfig syscall
parameter leading to a container breakout and a denial of
service on the system.
A data leak flaw was found in the way XFS_IOC_ALLOCSP
IOCTL in the XFS filesystem allowed for size increase of
koldo_software vulnerabilidades 2022-10-18 CVE-2021-4155 files with unaligned size. A local attacker could use this 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-4155 bpftool,kernel,kernel-core,kernel-modules,kernel-tools,kernel-tools-libs,python3-perf
flaw to leak data on the XFS filesystem otherwise not
accessible to them.
An out of memory bounds write flaw (1 or 2 bytes of
memory) in the Linux kernel NFS subsystem was found in
the way users use mirroring (replication of files with NFS).
koldo_software vulnerabilidades 2022-10-18 CVE-2021-4157 8 https://nvd.nist.gov/vuln/detail/CVE-2021-4157 bpftool,kernel,kernel-core,kernel-modules,kernel-tools,kernel-tools-libs,python3-perf
A user, having access to the NFS mount, could potentially
use this flaw to crash the system or escalate privileges on
the system.
A vulnerability was found in the Linux kernel's EBPF
verifier when handling internal data structures. Internal
memory locations could be returned to userspace. A local
koldo_software vulnerabilidades 2022-10-18 CVE-2021-4159 attacker with the permissions to insert eBPF code to the 4.4 https://nvd.nist.gov/vuln/detail/CVE-2021-4159 kernel Affected no
kernel can use this to leak internal kernel memory details
defeating some of the exploit mitigations in place for the
kernel.
sshd in OpenSSH 6.2 through 8.x before 8.8, when certain
non-default configurations are used, allows privilege
escalation because supplemental groups are not initialized
as expected. Helper programs for
koldo_software vulnerabilidades 2022-10-18 CVE-2021-41617 AuthorizedKeysCommand and 7 https://nvd.nist.gov/vuln/detail/CVE-2021-41617 openssh,openssh-clients,openssh-server
AuthorizedPrincipalsCommand may run with privileges
associated with group memberships of the sshd process, if
the configuration specifies running the command as a
different user.
prealloc_elems_and_freelist in kernel/bpf/stackmap.c in
the Linux kernel before 5.14.12 allows unprivileged users
to trigger an eBPF multiplication integer overflow with a
resultant out-of-bounds write.
A flaw was found in Python, specifically in the FTP (File
Transfer Protocol) client library in PASV (passive) mode.
The issue is how the FTP client trusts the host from the
PASV response by default. This flaw allows an attacker to
koldo_software vulnerabilidades 2022-10-18 CVE-2021-4189 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-4189 platform-python,python3-libs
set up a malicious FTP server that can trick FTP clients
into connecting back to a given IP address and port. This
vulnerability could lead to FTP client scanning ports,
which otherwise would not have been possible.
koldo_software vulnerabilidades 2022-10-18 CVE-2021-4192 vim is vulnerable to Use After Free 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-4192 vim-minimal
koldo_software vulnerabilidades 2022-10-18 CVE-2021-4193 vim is vulnerable to Out-of-bounds Read 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-4193 vim-minimal
An unprivileged write to the file handler flaw in the Linux
kernel's control groups and namespaces subsystem was
found in the way users have access to some less privileged
process that are controlled by cgroups and have higher
privileged parent process. It is actually both for cgroup2
and cgroup1 versions of control groups. A local user could
use this flaw to crash the system or escalate their
privileges on the system.
A use-after-free read flaw was found in sock_getsockopt()
in net/core/sock.c due to SO_PEERCRED and
SO_PEERGROUPS race with listen() (and connect()) in the
Linux kernel. In this flaw, an attacker with a user
privileges may crash the system or leak internal kernel
information.
A vulnerability was found in Angular up to 11.0.4/11.1.0-
next.2. It has been classified as problematic. Affected is
the handling of comments. The manipulation leads to cross
site scripting. It is possible to launch the attack remotely
koldo_software vulnerabilidades 2022-10-18 CVE-2021-4231 but it might require an authentication first. Upgrading to 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-4231 mozjs60 Affected no
version 11.0.5 and 11.1.0-next.3 is able to address this
issue. The name of the patch is
ba8da742e3b243e8f43d4c63aa842b44e14f2b09. It is
recommended to upgrade the affected component.
** DISPUTED ** An issue was discovered in the
Bidirectional Algorithm in the Unicode Specification
through 14.0. It permits the visual reordering of
characters via control sequences, which can be used to
craft source code that renders different logic than the
logical ordering of tokens ingested by compilers and
interpreters. Adversaries can leverage this to encode
source code for compilers accepting Unicode such that
targeted vulnerabilities are introduced invisibly to human
reviewers. NOTE: the Unicode Consortium offers the
following alternative approach to presenting this concern.
An issue is noted in the nature of international text that
can affect applications that implement support for The
Unicode Standard and the Unicode Bidirectional Algorithm
(all versions). Due to text display behavior when text
includes left-to-right and right-to-left characters, the visual
see HL4 in Unicode Standard Annex #9, Unicode
koldo_software vulnerabilidades 2022-10-18 CVE-2021-42574 order of tokens may be different from their logical order. 8.3 https://nvd.nist.gov/vuln/detail/CVE-2021-42574 binutils,libstdc++
Bidirectional Algorithm.
Additionally, control characters needed to fully support
the requirements of bidirectional text can further
obfuscate the logical order of tokens. Unless mitigated, an
adversary could craft source code such that the ordering
of tokens perceived by human reviewers does not match
what will be processed by a compiler/interpreter/etc. The
Unicode Consortium has documented this class of
vulnerability in its document, Unicode Technical Report
#36, Unicode Security Considerations. The Unicode
Consortium also provides guidance on mitigations for this
class of issues in Unicode Technical Standard #39,
Unicode Security Mechanisms, and in Unicode Standard
Annex #31, Unicode Identifier and Pattern Syntax. Also,
the BIDI specification allows applications to tailor the
implementation in ways that can mitigate misleading
visual reordering in program text
A heap-based buffer overflow flaw was found in the Linux
kernel FireDTV media card driver, where the user calls the
CA_SEND_MSG ioctl. This flaw allows a local user of the
host machine to crash the system or escalate privileges on
the system. The highest threat from this vulnerability is to
confidentiality, integrity, as well as system availability.
An issue was discovered in the Linux kernel for powerpc
before 5.14.15. It allows a malicious KVM guest to crash
the host, when the host is running on Power8, due to an
arch/powerpc/kvm/book3s_hv_rmhandlers.S
implementation bug in the handling of the SRR1 register
values.
An issue was discovered in net/tipc/crypto.c in the Linux
kernel before 5.14.16. The Transparent Inter-Process
koldo_software vulnerabilidades 2022-10-18 CVE-2021-43267 Communication (TIPC) functionality allows remote 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-43267 bpftool,kernel,kernel-core,kernel-modules,kernel-tools,kernel-tools-libs,python3-perf
attackers to exploit insufficient validation of user-supplied
sizes for the MSG_CRYPTO message type.
An issue was discovered in the Linux kernel before
koldo_software vulnerabilidades 2022-10-18 CVE-2021-43389 5.14.15. There is an array-index-out-of-bounds flaw in the 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-43389 bpftool,kernel,kernel-core,kernel-modules,kernel-tools,kernel-tools-libs,python3-perf
detach_capi_ctr function in drivers/isdn/capi/kcapi.c.
In the Linux kernel through 5.15.2,
hw_atl_utils_fw_rpc_wait in
koldo_software vulnerabilidades 2022-10-18 CVE-2021-43975 drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c 6.7 https://nvd.nist.gov/vuln/detail/CVE-2021-43975 kernel Affected no
allows an attacker (who can introduce a crafted device) to
trigger an out-of-bounds write via a crafted length value.
pandorafms.com 6
a
In the Linux kernel through 5.15.2, mwifiex_usb_recv in

drivers/net/wireless/marvell/mwifiex/usb.c allows an
attacker (who can connect a crafted USB device) to cause
a denial of service (skb_over_panic).
All versions of Samba prior to 4.15.5 are vulnerable to a
malicious client using a server symlink to determine if a
file or directory exists in an area of the server file system
not exported under the share definition. SMB1 with unix
extensions has to be enabled in order for this attack to
succeed.
The Samba vfs_fruit module uses extended file attributes
(EA, xattr) to provide "...enhanced compatibility with
Apple SMB clients and interoperability with a Netatalk 3
AFP fileserver." Samba versions prior to 4.13.17, 4.14.12
koldo_software vulnerabilidades 2022-10-18 CVE-2021-44142 and 4.15.5 with vfs_fruit configured allow out-of-bounds 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-44142 libsmbclient,libwbclient,samba-client-libs,samba-common,samba-common-libs
heap read and write via specially crafted extended file
attributes. A remote attacker with write access to
extended file attributes can execute arbitrary code with
the privileges of smbd, typically root.
Two heap-overflow vulnerabilities exist in
openSUSE/libsolv libsolv through 13 Dec 2020 in the
koldo_software vulnerabilidades 2022-10-18 CVE-2021-44568 decisionmap variable via the resolve_dependencies 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-44568 libsolv Affected no
function at src/solver.c (line 1940 & line 1995), which
could cause a remote Denial of Service.
A use-after-free exists in drivers/tee/tee_shm.c in the TEE
subsystem in the Linux kernel through 5.15.11. This
koldo_software vulnerabilidades 2022-10-18 CVE-2021-44733 7 https://nvd.nist.gov/vuln/detail/CVE-2021-44733 bpftool,kernel,kernel-core,kernel-modules,kernel-tools,kernel-tools-libs,python3-perf
occurs because of a race condition in tee_shm_get_from_id
during an attempt to free a shared memory object.
In the IPv6 implementation in the Linux kernel before
5.13.3, net/ipv6/output_core.c has an information leak
koldo_software vulnerabilidades 2022-10-18 CVE-2021-45485 because of certain use of a hash table which, although big, 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-45485 bpftool,kernel,kernel-core,kernel-modules,kernel-tools,kernel-tools-libs,python3-perf
doesn't properly consider that IPv6-based attackers can
typically choose among many IPv6 source addresses.
In the IPv4 implementation in the Linux kernel before
koldo_software vulnerabilidades 2022-10-18 CVE-2021-45486 5.12.4, net/ipv4/route.c has an information leak because 3.5 https://nvd.nist.gov/vuln/detail/CVE-2021-45486 bpftool,kernel,kernel-core,kernel-modules,kernel-tools,kernel-tools-libs,python3-perf
the hash table is very small.
In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or
more) places in the storeAtts function in xmlparse.c can
koldo_software vulnerabilidades 2022-10-18 CVE-2021-45960 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-45960 expat
lead to realloc misbehavior (e.g., allocating too few bytes,
or only freeing memory).
In doProlog in xmlparse.c in Expat (aka libexpat) before
2.4.3, an integer overflow exists for m_groupSize.
Execution unit scheduler contention may lead to a side
channel vulnerability found on AMD CPU
microarchitectures codenamed “Zen 1”, “Zen 2” and “Zen
3” that use simultaneous multithreading (SMT). By
measuring the contention level on scheduler queues an
attacker may potentially leak sensitive information.
In libtirpc before 1.3.3rc1, remote attackers could exhaust
the file descriptors of a process that uses libtirpc because
koldo_software vulnerabilidades 2022-10-18 CVE-2021-46828 idle TCP connections are mishandled. This can, in turn, 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-46828 libtirpc Affected no
lead to an svc_run infinite loop without accepting new
connections.
Non-transparent sharing of branch predictor selectors
between contexts in some Intel(R) Processors may allow
an authorized user to potentially enable information
disclosure via local access.
Non-transparent sharing of branch predictor within a
context in some Intel(R) Processors may allow an
authorized user to potentially enable information
Sensitive information accessible by physical probing of
JTAG interface for some Intel(R) Processors with SGX may
allow an unprivileged user to potentially enable
information disclosure via physical access.
A denial of service (DOS) issue was found in the Linux
kernel’s smb2_ioctl_query_info function in the
fs/cifs/smb2ops.c Common Internet File System (CIFS) due
to an incorrect return from the memdup_user function.
This flaw allows a local, privileged (CAP_SYS_ADMIN)
attacker to crash the system.
A flaw was found in the Linux kernel. The existing KVM
SEV API has a vulnerability that allows a non-root (host)
koldo_software vulnerabilidades 2022-10-18 CVE-2022-0171 user-level application to crash the host kernel by creating 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0171 kernel Affected no
a confidential guest VM instance in AMD CPU that
supports Secure Encrypted Virtualization (SEV).
A heap-based buffer overflow flaw was found in the way
the legacy_parse_param function in the Filesystem Context
functionality of the Linux kernel verified the supplied
parameters length. An unprivileged (in case of
koldo_software vulnerabilidades 2022-10-18 CVE-2022-0185 unprivileged user namespaces enabled, otherwise needs 8.4 https://nvd.nist.gov/vuln/detail/CVE-2022-0185 bpftool,kernel,kernel-core,kernel-modules,kernel-tools,kernel-tools-libs,python3-perf
namespaced CAP_SYS_ADMIN privilege) local user able to
open a filesystem that does not support the Filesystem
Context API (and thus fallbacks to legacy handling) could
use this flaw to escalate their privileges on the system.
Heap-based Buffer Overflow in GitHub repository vim/vim
koldo_software vulnerabilidades 2022-10-18 CVE-2022-0261 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0261 vim-minimal
prior to 8.2.
A flaw was found in the Linux kernel. A null pointer
koldo_software vulnerabilidades 2022-10-18 CVE-2022-0286 dereference in bond_ipsec_add_sa() may lead to local 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0286 bpftool,kernel,kernel-core,kernel-modules,kernel-tools,kernel-tools-libs,python3-perf
denial of service.
koldo_software vulnerabilidades 2022-10-18 CVE-2022-0318 Heap-based Buffer Overflow in vim/vim prior to 8.2. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0318 vim-minimal
A flaw was found in the sctp_make_strreset_req function in
net/sctp/sm_make_chunk.c in the SCTP network protocol
in the Linux kernel with a local user privilege access. In
this flaw, an attempt to use more buffer than is allocated
triggers a BUG_ON issue, leading to a denial of service
(DOS).
A random memory access flaw was found in the Linux
kernel's GPU i915 kernel driver functionality in the way a
koldo_software vulnerabilidades 2022-10-18 CVE-2022-0330 user may run malicious code on the GPU. This flaw allows 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0330 bpftool,kernel,kernel-core,kernel-modules,kernel-tools,kernel-tools-libs,python3-perf
a local user to crash the system or escalate their privileges
on the system.
prior to 8.2.
prior to 8.2.
Heap-based Buffer Overflow in GitHub repository vim
prior to 8.2.
koldo_software vulnerabilidades 2022-10-18 CVE-2022-0413 Use After Free in GitHub repository vim/vim prior to 8.2. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0413 vim-minimal
A stack overflow flaw was found in the Linux kernel's TIPC
protocol functionality in the way a user sends a packet
with malicious content where the number of domain
koldo_software vulnerabilidades 2022-10-18 CVE-2022-0435 member nodes is higher than the 64 allowed. This flaw 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0435 bpftool,kernel,kernel-core,kernel-modules,kernel-tools,kernel-tools-libs,python3-perf
allows a remote user to crash the system or possibly
escalate their privileges if they have access to the TIPC
network.
A vulnerability was found in the Linux kernel’s
cgroup_release_agent_write in the kernel/cgroup/cgroup-
v1.c function. This flaw, under certain circumstances,
allows the use of the cgroups v1 release_agent feature to
escalate privileges and bypass the namespace isolation
unexpectedly.
A kernel information leak flaw was identified in the
scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux
koldo_software vulnerabilidades 2022-10-18 CVE-2022-0494 kernel. This flaw allows a local attacker with a special user 4.4 https://nvd.nist.gov/vuln/detail/CVE-2022-0494 kernel Affected no
privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create
issues with confidentiality.
A vulnerability was found in kvm_s390_guest_sida_op in
the arch/s390/kvm/kvm-s390.c function in KVM for s390 in
the Linux kernel. This flaw allows a local attacker with a
normal user privilege to obtain unauthorized memory
write access. This flaw affects Linux kernel versions prior
to 5.17-rc4.
Null source pointer passed as an argument to memcpy()
function within TIFFFetchStripThing() in tif_dirread.c in
koldo_software vulnerabilidades 2022-10-18 CVE-2022-0561 libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0561 libtiff Affected no
Service via crafted TIFF file. For users that compile libtiff
from sources, the fix is available with commit eecb0712.
function within TIFFReadDirectory() in tif_dirread.c in
koldo_software vulnerabilidades 2022-10-18 CVE-2022-0562 libtiff versions from 4.0 to 4.3.0 could lead to Denial of 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0562 libtiff Affected no
Service via crafted TIFF file. For users that compile libtiff
from sources, a fix is available with commit 561599c.
A flaw null pointer dereference in the Linux kernel UDF
file system functionality was found in the way user
koldo_software vulnerabilidades 2022-10-18 CVE-2022-0617 triggers udf_file_write_iter function for the malicious UDF 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0617 kernel Affected no
image. A local user could use this flaw to crash the system.
Actual from Linux kernel 4.2-rc1 till 5.17-rc2.
The BN_mod_sqrt() function, which computes a modular
square root, contains a bug that can cause it to loop
forever for non-prime moduli. Internally this function is
used when parsing certificates that contain elliptic curve
public keys in compressed form or explicit elliptic curve
parameters with a base point encoded in compressed
form. It is possible to trigger the infinite loop by crafting a
certificate that has invalid explicit curve parameters. Since
certificate parsing happens prior to verification of the
certificate signature, any process that parses an externally
supplied certificate may thus be subject to a denial of
service attack. The infinite loop can also be reached when
parsing crafted private keys as they can contain explicit
elliptic curve parameters. Thus vulnerable situations
include: - TLS clients consuming server certificates - TLS
servers consuming client certificates - Hosting providers
taking certificates or private keys from customers -
koldo_software vulnerabilidades 2022-10-18 CVE-2022-0778 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0778 compat-openssl10
Certificate authorities parsing certification requests from
subscribers - Anything else which parses ASN.1 elliptic
curve parameters Also any other applications that use the
BN_mod_sqrt() where the attacker can control the
parameter values are vulnerable to this DoS issue. In the
OpenSSL 1.0.2 version the public key is not parsed during
initial parsing of the certificate which makes it slightly
harder to trigger the infinite loop. However any operation
which requires the public key from the certificate will
trigger the infinite loop. In particular the attacker can use
a self-signed certificate to trigger the loop during
verification of the certificate signature. This issue affects
OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in
the releases of 1.1.1n and 3.0.2 on the 15th March 2022.
Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in
OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL
1.0.2zd (Affected 1.0.2-1.0.2zc).
A flaw was found in the way the "flags" member of the new
pipe buffer structure was lacking proper initialization in
copy_page_to_iter_pipe and push_pipe functions in the
koldo_software vulnerabilidades 2022-10-18 CVE-2022-0847 Linux kernel and could thus contain stale values. An 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0847 bpftool,kernel,kernel-core,kernel-modules,kernel-tools,kernel-tools-libs,python3-perf
unprivileged local user could use this flaw to write to
pages in the page cache backed by read only files and as
such escalate their privileges on the system.
A memory leak flaw was found in the Linux kernel’s DMA
subsystem, in the way a user calls DMA_FROM_DEVICE.
This flaw allows a local user to read random memory from
the kernel space.
pandorafms.com 7
a
Reachable Assertion in tiffcp in libtiff 4.3.0 allows

attackers to cause a denial-of-service via a crafted tiff file.
koldo_software vulnerabilidades 2022-10-18 CVE-2022-0865 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0865 libtiff Affected no
For users that compile libtiff from sources, the fix is
available with commit 5e180045.
Reachable Assertion in tiffcp in libtiff 4.3.0 allows
available with commit 5e180045.
A heap buffer overflow in ExtractImageSection function in
tiffcrop.c in libtiff library Version 4.3.0 allows attacker to
trigger unsafe or out of bounds memory access via crafted
TIFF image file which could result into application crash,
potential information disclosure or any other context-
dependent impact
function within TIFFFetchNormalTag () in tif_dirread.c in
libtiff versions up to 4.3.0 could lead to Denial of Service
via crafted TIFF file.
Divide By Zero error in tiffcrop in libtiff 4.3.0 allows
available with commit f8d0f9aa.
Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows
available with commit 408976c4.
A use-after-free flaw was found in the Linux kernel’s FUSE
filesystem in the way a user triggers write(). This flaw
allows a local user to gain unauthorized access to data
from the FUSE filesystem, resulting in privilege escalation.
A memory leak problem was found in the TCP source port
generation algorithm in net/ipv4/tcp.c due to the small
koldo_software vulnerabilidades 2022-10-18 CVE-2022-1012 table perturb size. This flaw may allow an attacker to 9.1 https://nvd.nist.gov/vuln/detail/CVE-2022-1012 bpftool,kernel,kernel-core,kernel-headers,kernel-modules,kernel-tools,kernel-tools-libs,python3-perf
information leak and may cause a denial of service
problem.
A flaw was found in the Linux kernel in
net/netfilter/nf_tables_core.c:nft_do_chain, which can
cause a use-after-free. This issue needs to handle 'return'
with proper preconditions, as it can lead to a kernel
information leak problem caused by a local, unprivileged
attacker.
A use-after-free flaw was found in the Linux kernel’s sound
subsystem in the way a user triggers concurrent calls of
PCM hw_params. The hw_free ioctls or similar race
koldo_software vulnerabilidades 2022-10-18 CVE-2022-1048 7 https://nvd.nist.gov/vuln/detail/CVE-2022-1048 kernel Affected no
condition happens inside ALSA PCM for other ioctls. This
flaw allows a local user to crash or potentially escalate
their privileges on the system.
A use-after-free exists in the Linux Kernel in tc_new_tfilter
that could allow a local attacker to gain privilege
koldo_software vulnerabilidades 2022-10-18 CVE-2022-1055 escalation. The exploit requires unprivileged user 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1055 kernel Affected no
namespaces. We recommend upgrading past commit
04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5
A flaw was found in the opj2_decompress program in
openjpeg2 2.4.0 in the way it handles an input directory
with a large number of files. When it fails to allocate a
koldo_software vulnerabilidades 2022-10-18 CVE-2022-1122 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1122 openjpeg2 Affected no
buffer to store the filenames of the input directory, it calls
free() on an uninitialized pointer, leading to a
segmentation fault and a denial of service.
Use after free in utf_ptr2char in GitHub repository vim/vim
koldo_software vulnerabilidades 2022-10-18 CVE-2022-1154 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1154 vim-common,vim-enhanced,vim-filesystem,vim-minimal
prior to 8.2.4646.
A flaw was found in KVM. When updating a guest's page
table entry, vm_pgoff was improperly used as the offset to
get the page's pfn. As vaddr and vm_pgoff are controllable
koldo_software vulnerabilidades 2022-10-18 CVE-2022-1158 by user-mode processes, this flaw allows unprivileged local 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1158 kernel Affected no
users on the host to write outside the userspace region
and potentially corrupt the kernel, resulting in a denial of
service condition.
A use-after-free flaw was found in
fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s
filesystem sub-component. This flaw allows a local
attacker with a user privilege to cause a denial of service.
A NULL pointer dereference issue was found in KVM when
releasing a vCPU with dirty ring support enabled. This
koldo_software vulnerabilidades 2022-10-18 CVE-2022-1263 flaw allows an unprivileged local attacker on the host to 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1263 kernel Affected no
issue specific ioctl calls, causing a kernel oops condition
that results in a denial of service.
An arbitrary file write vulnerability was found in GNU
gzip's zgrep utility. When zgrep is applied on the
attacker's chosen file name (for example, a crafted file
name), this can overwrite an attacker's content to an
arbitrary attacker-selected file. This flaw occurs due to
koldo_software vulnerabilidades 2022-10-18 CVE-2022-1271 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1271 gzip,xz,xz-libs
insufficient validation when processing filenames with two
or more newlines where selected content and the target
file names are embedded in crafted multi-line file names.
This flaw allows a remote, low privileged attacker to force
zgrep to write arbitrary files on the system.
A use-after-free vulnerability was found in drm_lease_held
in drivers/gpu/drm/drm_lease.c in the Linux kernel due to
koldo_software vulnerabilidades 2022-10-18 CVE-2022-1280 a race problem. This flaw allows a local user privilege 6.3 https://nvd.nist.gov/vuln/detail/CVE-2022-1280 kernel Affected no
attacker to cause a denial of service (DoS) or a kernel
information leak.
The c_rehash script does not properly sanitise shell
metacharacters to prevent command injection. This script
is distributed by some operating systems in a manner
where it is automatically executed. On such operating
systems, an attacker could execute arbitrary commands
koldo_software vulnerabilidades 2022-10-18 CVE-2022-1292 with the privileges of the script. Use of the c_rehash script 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1292 openssl,openssl-devel,openssl-libs
is considered obsolete and should be replaced by the
OpenSSL rehash command line tool. Fixed in OpenSSL
3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o
(Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze
(Affected 1.0.2-1.0.2zd).
An out-of-bounds read/write vulnerability was found in
e2fsprogs 1.46.5. This issue leads to a segmentation fault
koldo_software vulnerabilidades 2022-10-18 CVE-2022-1304 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1304 e2fsprogs Affected no
and possibly arbitrary code execution via a specially
crafted filesystem.
A vulnerability was found in the pfkey_register function in
net/key/af_key.c in the Linux kernel. This flaw allows a
koldo_software vulnerabilidades 2022-10-18 CVE-2022-1353 local, unprivileged user to gain access to kernel memory, 7.1 https://nvd.nist.gov/vuln/detail/CVE-2022-1353 kernel Affected no
leading to a system crash or a leak of internal kernel
information.
A stack buffer overflow flaw was found in Libtiffs' tiffcp.c
in main() function. This flaw allows an attacker to pass a
koldo_software vulnerabilidades 2022-10-18 CVE-2022-1355 crafted TIFF file to the tiffcp tool, triggering a stack buffer 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-1355 libtiff Affected no
overflow issue, possibly corrupting the memory, and
causing a crash that leads to a denial of service.
An out-of-bounds read flaw was found in the Linux kernel’s
TeleTYpe subsystem. The issue occurs in how a user
triggers a race condition using ioctls TIOCSPTLCK and
koldo_software vulnerabilidades 2022-10-18 CVE-2022-1462 TIOCGPTPEER and TIOCSTI and TCXONC with leakage of 6.3 https://nvd.nist.gov/vuln/detail/CVE-2022-1462 kernel Affected no
memory in the flush_to_ldisc function. This flaw allows a
local user to crash the system or read unauthorized
random data from memory.
An out-of-bounds read vulnerability was discovered in the
PCRE2 library in the compile_xclass_matchingpath()
function of the pcre2_jit_compile.c file. This involves a
koldo_software vulnerabilidades 2022-10-18 CVE-2022-1586 9.1 https://nvd.nist.gov/vuln/detail/CVE-2022-1586 pcre2,pcre2-devel,pcre2-utf16,pcre2-utf32
unicode property matching issue in JIT-compiled regular
expressions. The issue occurs because the character was
not fully read in case-less matching within JIT.
Heap buffer overflow in vim_strncpy find_word in GitHub
repository vim/vim prior to 8.2.4919. This vulnerability is
koldo_software vulnerabilidades 2022-10-18 CVE-2022-1621 capable of crashing software, Bypass Protection 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1621 vim-common,vim-enhanced,vim-filesystem,vim-minimal
Mechanism, Modify Memory, and possible remote
execution
Buffer Over-read in function find_next_quote in GitHub
repository vim/vim prior to 8.2.4925. This vulnerabilities
are capable of crashing software, Modify Memory, and
possible remote execution
A set of pre-production kernel packages of Red Hat
Enterprise Linux for IBM Power architecture can be
booted by the grub in Secure Boot mode even though it
koldo_software vulnerabilidades 2022-10-18 CVE-2022-1665 shouldn't. These kernel builds don't have the secure boot 8.2 https://nvd.nist.gov/vuln/detail/CVE-2022-1665 kernel Affected no
lockdown patches applied to it and can bypass the secure
boot validations, allowing the attacker to load another
non-trusted code.
An issue was discovered in the Linux Kernel from 4.18 to
4.19, an improper update of sock reference in TCP pacing
can lead to memory/netns leak, which can be used by
remote clients.
A use-after-free flaw was found in the Linux kernel’s
Atheros wireless adapter driver in the way a user forces
koldo_software vulnerabilidades 2022-10-18 CVE-2022-1679 the ath9k_htc_wait_for_target function to fail with some 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1679 kernel Affected no
input messages. This flaw allows a local user to crash or
potentially escalate their privileges on the system.
Acceptance of some invalid Transfer-Encoding headers in
the HTTP/1 client in net/http before Go 1.17.12 and Go
koldo_software vulnerabilidades 2022-10-18 CVE-2022-1705 1.18.4 allows HTTP request smuggling if combined with an 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1705 git-lfs Affected no
intermediate server that also improperly fails to reject the
header as invalid.
A race condition was found the Linux kernel in
perf_event_open() which can be exploited by an
koldo_software vulnerabilidades 2022-10-18 CVE-2022-1729 unprivileged user to gain root privileges. The bug allows to 7 https://nvd.nist.gov/vuln/detail/CVE-2022-1729 bpftool,kernel,kernel-core,kernel-modules,kernel-tools,kernel-tools-libs,python3-perf
build several exploit primitives such as kernel address
information leak, arbitrary execution, etc.
Out-of-bounds Write in GitHub repository vim/vim prior to
8.2.4977.
With shadow paging enabled, the INVPCID instruction
results in a call to kvm_mmu_invpcid_gva. If INVPCID is
executed with CR0.PG=0, the invlpg callback is not set
and the result is a NULL pointer dereference.
A NULL pointer dereference flaw was found in the Linux
kernel’s KVM module, which can lead to a denial of service
koldo_software vulnerabilidades 2022-10-18 CVE-2022-1852 in the x86_emulate_insn in arch/x86/kvm/emulate.c. This 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1852 kernel Affected no
flaw occurs while executing an illegal instruction in guest
in the Intel CPU.
Out-of-bounds Write in GitHub repository vim/vim prior to
8.2.
koldo_software vulnerabilidades 2022-10-18 CVE-2022-1927 Buffer Over-read in GitHub repository vim/vim prior to 8.2. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1927 vim-common,vim-enhanced,vim-filesystem,vim-minimal
koldo_software vulnerabilidades 2022-10-18 CVE-2022-1927 Buffer Over-read in GitHub repository vim/vim prior to 8.2. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1927 kernel Affected no
In ip_check_mc_rcu of igmp.c, there is a possible use after
free due to improper locking. This could lead to local
escalation of privilege when opening and closing inet
koldo_software vulnerabilidades 2022-10-18 CVE-2022-20141 sockets with no additional execution privileges needed. 7 https://nvd.nist.gov/vuln/detail/CVE-2022-20141 kernel Affected no
In various methods of kernel base drivers, there is a
possible out of bounds write due to a heap buffer overflow.
This could lead to local escalation of privilege with System
koldo_software vulnerabilidades 2022-10-18 CVE-2022-20166 execution privileges needed. User interaction is not 6.7 https://nvd.nist.gov/vuln/detail/CVE-2022-20166 kernel Affected no
needed for exploitation.Product: AndroidVersions: Android
kernel
pandorafms.com 8
a

available with commit f3a5e010.
In addition to the c_rehash shell command injection
identified in CVE-2022-1292, further circumstances where
the c_rehash script does not properly sanitise shell
metacharacters to prevent command injection were found
by code review. When the CVE-2022-1292 was fixed it was
not discovered that there are other places in the script
where the file names of certificates being hashed were
possibly passed to a command executed through the shell.
koldo_software vulnerabilidades 2022-10-18 CVE-2022-2068 This script is distributed by some operating systems in a 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2068 openssl,openssl-devel,openssl-libs
manner where it is automatically executed. On such
operating systems, an attacker could execute arbitrary
commands with the privileges of the script. Use of the
c_rehash script is considered obsolete and should be
replaced by the OpenSSL rehash command line tool. Fixed
in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed
in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in
OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).
A vulnerability was found in the Linux kernel's
nft_set_desc_concat_parse() function .This flaw allows an
koldo_software vulnerabilidades 2022-10-18 CVE-2022-2078 attacker to trigger a buffer overflow via 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-2078 kernel Affected no
nft_set_desc_concat_parse() , causing a denial of service
and possibly to run code.
AES OCB mode for 32-bit x86 platforms using the AES-NI
assembly optimised implementation will not encrypt the
entirety of the data under some circumstances. This could
reveal sixteen bytes of data that was preexisting in the
memory that wasn't written. In the special case of "in
koldo_software vulnerabilidades 2022-10-18 CVE-2022-2097 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-2097 openssl,openssl-devel,openssl-libs
place" encryption, sixteen bytes of the plaintext would be
revealed. Since OpenSSL does not support OCB based
cipher suites for TLS and DTLS, they are both unaffected.
Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in
OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).
Incomplete cleanup of multi-core shared buffers for some
koldo_software vulnerabilidades 2022-10-18 CVE-2022-21123 Intel(R) Processors may allow an authenticated user to 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-21123 kernel,microcode_ctl Affected no
potentially enable information disclosure via local access.
Incomplete cleanup of microarchitectural fill buffers on
some Intel(R) Processors may allow an authenticated user
koldo_software vulnerabilidades 2022-10-18 CVE-2022-21125 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-21125 kernel,microcode_ctl Affected no
to potentially enable information disclosure via local
access.
Incomplete cleanup in specific special register read
operations for some Intel(R) Processors may allow an
authenticated user to potentially enable information
Improper access control for some Intel(R) Xeon(R)
koldo_software vulnerabilidades 2022-10-18 CVE-2022-21131 Processors may allow an authenticated user to potentially 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-21131 microcode_ctl Affected no
enable information disclosure via local access.
Improper input validation for some Intel(R) Xeon(R)
koldo_software vulnerabilidades 2022-10-18 CVE-2022-21136 Processors may allow a privileged user to potentially 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-21136 microcode_ctl Affected no
enable denial of service via local access.
Processor optimization removal or modification of
security-critical code for some Intel(R) Processors may
allow an authenticated user to potentially enable
information disclosure via local access.
Incomplete cleanup in specific special register write
operations for some Intel(R) Processors may allow an
koldo_software vulnerabilidades 2022-10-18 CVE-2022-21166 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-21166 kernel,microcode_ctl Affected no
authenticated user to potentially enable information
Improper isolation of shared resources in some Intel(R)
koldo_software vulnerabilidades 2022-10-18 CVE-2022-21233 Processors may allow a privileged user to potentially 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-21233 kernel,microcode_ctl Affected no
enable information disclosure via local access.
Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1
and 22.0.0.2. Easily exploitable vulnerability allows
unauthenticated attacker with network access via
multiple protocols to compromise Oracle Java SE,
Oracle GraalVM Enterprise Edition. Successful
attacks of this vulnerability can result in
unauthorized ability to cause a partial denial of
service (partial DOS) of Oracle Java SE, Oracle
Vulnerability in the Oracle Java SE, Oracle GraalVM GraalVM Enterprise Edition. Note: This
Enterprise Edition product of Oracle Java SE (component: vulnerability applies to Java deployments, typically
koldo_software vulnerabilidades 2022-10-18 CVE-2022-21426 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-21426 java-1.8.0-openjdk,java-1.8.0-openjdk-headless
JAXP). Supported versions that are affected are Oracle in clients running sandboxed Java Web Start
Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18 applications or sandboxed Java applets, that load
and run untrusted code (e.g., code that comes from
the internet) and rely on the Java sandbox for
security. This vulnerability can also be exploited by
using APIs in the specified Component, e.g.,
through a web service which supplies data to the
APIs. CVSS 3.1 Base Score 5.3 (Availability
impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
unauthorized update, insert or delete access to
some of Oracle Java SE, Oracle GraalVM Enterprise
Vulnerability in the Oracle Java SE, Oracle GraalVM Edition accessible data. Note: This vulnerability
Enterprise Edition product of Oracle Java SE (component: applies to Java deployments, typically in clients
Libraries). Supported versions that are affected are Oracle running sandboxed Java Web Start applications or
Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18 sandboxed Java applets, that load and run
untrusted code (e.g., code that comes from the
internet) and rely on the Java sandbox for security.
This vulnerability can also be exploited by using
APIs in the specified Component, e.g., through a
web service which supplies data to the APIs. CVSS
3.1 Base Score 5.3 (Integrity impacts). CVSS
Vector:
(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).
and 22.0.0.2. Difficult to exploit vulnerability
allows unauthenticated attacker with network
access via multiple protocols to compromise Oracle
Java SE, Oracle GraalVM Enterprise Edition.
Successful attacks of this vulnerability can result in
unauthorized ability to cause a partial denial of
service (partial DOS) of Oracle Java SE, Oracle
Vulnerability in the Oracle Java SE, Oracle GraalVM GraalVM Enterprise Edition. Note: This
Libraries). Supported versions that are affected are Oracle in clients running sandboxed Java Web Start
APIs. CVSS 3.1 Base Score 3.7 (Availability
(CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
unauthorized access to critical data or complete
access to all Oracle Java SE, Oracle GraalVM
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This
Libraries). Supported versions that are affected are Oracle in clients running sandboxed Java Web Start
APIs. CVSS 3.1 Base Score 7.5 (Confidentiality
(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
unauthorized update, insert or delete access to
some of Oracle Java SE, Oracle GraalVM Enterprise
Vulnerability in the Oracle Java SE, Oracle GraalVM Edition accessible data. Note: This vulnerability
Enterprise Edition product of Oracle Java SE (component: applies to Java deployments, typically in clients
JNDI). Supported versions that are affected are Oracle running sandboxed Java Web Start applications or
Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18 sandboxed Java applets, that load and run
3.1 Base Score 5.3 (Integrity impacts). CVSS
Vector:
(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).
KGDB and KDB allow read and write access to kernel
memory, and thus should be restricted during lockdown.
An attacker with access to a serial port could trigger the
debugger so it is important that the debugger respect the
lockdown mode when/if it is triggered. CVSS 3.1 Base
Score 6.5 (Confidentiality, Integrity and Availability
(CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H).
A flaw was found in the Linux kernel’s KVM when
attempting to set a SynIC IRQ. This issue makes it possible
for a misbehaving VMM to write to SYNIC/STIMER MSRs,
koldo_software vulnerabilidades 2022-10-18 CVE-2022-2153 causing a NULL pointer dereference. This flaw allows an 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-2153 kernel Affected no
unprivileged local attacker on the host to issue specific
ioctl calls, causing a kernel oops condition that results in a
denial of service.
pandorafms.com 9
a

and 22.1.0. Easily exploitable vulnerability allows
unauthorized read access to a subset of Oracle Java
SE, Oracle GraalVM Enterprise Edition accessible
Vulnerability in the Oracle Java SE, Oracle GraalVM data. Note: This vulnerability applies to Java
Enterprise Edition product of Oracle Java SE (component: deployments, typically in clients running
Hotspot). Supported versions that are affected are Oracle sandboxed Java Web Start applications or
Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1 sandboxed Java applets, that load and run
3.1 Base Score 5.3 (Confidentiality impacts). CVSS
Vector:
(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
and 22.1.0. Difficult to exploit vulnerability allows
unauthorized creation, deletion or modification
access to critical data or all Oracle Java SE, Oracle
Vulnerability in the Oracle Java SE, Oracle GraalVM GraalVM Enterprise Edition accessible data. Note:
Enterprise Edition product of Oracle Java SE (component: This vulnerability applies to Java deployments,
Hotspot). Supported versions that are affected are Oracle typically in clients running sandboxed Java Web
Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1 Start applications or sandboxed Java applets, that
load and run untrusted code (e.g., code that comes
from the internet) and rely on the Java sandbox for
APIs. CVSS 3.1 Base Score 5.9 (Integrity impacts).
CVSS Vector:
(CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).
An improper authentication vulnerability exists in curl
7.33.0 to and including 7.82.0 which might allow reuse
OAUTH2-authenticated connections without properly
koldo_software vulnerabilidades 2022-10-18 CVE-2022-22576 making sure that the connection was authenticated with 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-22576 curl,libcurl
the same credentials as set for this transfer. This affects
SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and
LDAP(S) (openldap only).
addBinding in xmlparse.c in Expat (aka libexpat) before
2.4.3 has an integer overflow.
build_model in xmlparse.c in Expat (aka libexpat) before
2.4.3 has an integer overflow.
defineAttribute in xmlparse.c in Expat (aka libexpat)
before 2.4.3 has an integer overflow.
lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3
has an integer overflow.
nextScaffoldPart in xmlparse.c in Expat (aka libexpat)
before 2.4.3 has an integer overflow.
storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3
has an integer overflow.
LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy
koldo_software vulnerabilidades 2022-10-18 CVE-2022-22844 in tif_unix.c in certain situations involving a custom tag 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-22844 libtiff Affected no
and 0x0200 as the second word of the DE field.
LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy
koldo_software vulnerabilidades 2022-10-18 CVE-2022-22844 in tif_unix.c in certain situations involving a custom tag 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-22844 bpftool,kernel,kernel-core,kernel-modules,kernel-tools,kernel-tools-libs,python3-perf
and 0x0200 as the second word of the DE field.
valid.c in libxml2 before 2.9.13 has a use-after-free of ID
koldo_software vulnerabilidades 2022-10-18 CVE-2022-23308 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-23308 libxml2,python3-libxml2
and IDREF attributes.
valid.c in libxml2 before 2.9.13 has a use-after-free of ID
and IDREF attributes.
Aliases in the branch predictor may cause some AMD
koldo_software vulnerabilidades 2022-10-18 CVE-2022-23825 processors to predict the wrong branch type potentially 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-23825 kernel Affected no
leading to information disclosure.
Expat (aka libexpat) before 2.4.4 has a signed integer
koldo_software vulnerabilidades 2022-10-18 CVE-2022-23852 overflow in XML_GetBuffer, for configurations with a 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23852 expat
nonzero XML_CONTEXT_BYTES.
Certain Arm Cortex and Neoverse processors through
2022-03-08 do not properly restrict cache speculation, aka
Spectre-BHB. An attacker can leverage the shared branch
history in the Branch History Buffer (BHB) to influence
mispredicted branches. Then, cache allocation can allow
the attacker to obtain sensitive information.
In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28,
koldo_software vulnerabilidades 2022-10-18 CVE-2022-24407 plugins/sql.c does not escape the password for a SQL 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24407 cyrus-sasl-gssapi,cyrus-sasl-lib,cyrus-sasl-plain
INSERT or UPDATE statement.
An issue was discovered in fs/nfs/dir.c in the Linux kernel
before 5.16.5. If an application sets the O_DIRECTORY
flag, and tries to open a regular file, nfs_atomic_open()
performs a regular lookup. If a regular file is found,
ENOTDIR should occur, but the server instead returns
uninitialized data in the file descriptor.
koldo_software vulnerabilidades 2022-10-18 CVE-2022-24448 3.3 https://nvd.nist.gov/vuln/detail/CVE-2022-24448 net-snmp Affected no
A vulnerability found in gnutls. This security flaw happens
koldo_software vulnerabilidades 2022-10-18 CVE-2022-2509 because of a double free error occurs during verification 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-2509 gnutls Affected no
of pkcs7 signatures in gnutls_pkcs7_verify function.
xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks
koldo_software vulnerabilidades 2022-10-18 CVE-2022-25235 certain validation of encoding, such as checks for whether 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25235 expat
a UTF-8 character is valid in a certain context.
xmlparse.c in Expat (aka libexpat) before 2.4.5 allows
koldo_software vulnerabilidades 2022-10-18 CVE-2022-25236 attackers to insert namespace-separator characters into 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25236 expat
namespace URIs.
xmlparse.c in Expat (aka libexpat) before 2.4.5 allows
koldo_software vulnerabilidades 2022-10-18 CVE-2022-25236 attackers to insert namespace-separator characters into 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25236 systemd,systemd-libs,systemd-pam,systemd-udev
namespace URIs.
In the Linux kernel through 5.16.10, certain binary files
may have the exec-all attribute if they were built in
koldo_software vulnerabilidades 2022-10-18 CVE-2022-25265 approximately 2003 (e.g., with GCC 3.2.2 and Linux kernel 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25265 kernel Affected no
2.4.20). This can cause execution of bytes located in
supposedly non-executable regions of a file.
A stack-based buffer overflow flaw was found in the Fribidi
package. This flaw allows an attacker to pass a specially
koldo_software vulnerabilidades 2022-10-18 CVE-2022-25308 0 https://nvd.nist.gov/vuln/detail/CVE-2022-25308 fribidi Affected no
crafted file to the Fribidi application, which leads to a
possible memory leak or a denial of service.
A heap-based buffer overflow flaw was found in the Fribidi
package and affects the fribidi_cap_rtl_to_unicode()
function of the fribidi-char-sets-cap-rtl.c file. This flaw
koldo_software vulnerabilidades 2022-10-18 CVE-2022-25309 0 https://nvd.nist.gov/vuln/detail/CVE-2022-25309 fribidi Affected no
allows an attacker to pass a specially crafted file to the
Fribidi application with the '--caprtl' option, leading to a
crash and causing a denial of service.
A segmentation fault (SEGV) flaw was found in the Fribidi
package and affects the fribidi_remove_bidi_marks()
koldo_software vulnerabilidades 2022-10-18 CVE-2022-25310 function of the lib/fribidi.c file. This flaw allows an 0 https://nvd.nist.gov/vuln/detail/CVE-2022-25310 fribidi Affected no
attacker to pass a specially crafted file to Fribidi, leading
to a crash and causing a denial of service.
In Expat (aka libexpat) before 2.4.5, an attacker can
koldo_software vulnerabilidades 2022-10-18 CVE-2022-25313 trigger stack exhaustion in build_model via a large nesting 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-25313 expat
depth in the DTD element.
In Expat (aka libexpat) before 2.4.5, there is an integer
overflow in copyString.
In Expat (aka libexpat) before 2.4.5, there is an integer
overflow in storeRawNames.
net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4
through 5.6.10 allows local users to gain privileges
because of a heap out-of-bounds write. This is related to
nf_tables_offload.
nf_tables_offload.
nf_tables_offload.
Non-transparent sharing of return predictor targets
between contexts in some Intel(R) Processors may allow
an authorized user to potentially enable information
An integer coercion error was found in the openvswitch
kernel module. Given a sufficiently large number of
actions, while copying and reserving memory for a new
action of a new flow, the reserve_sfa_size() function does
not return -EMSGSIZE as expected, potentially leading to
an out-of-bounds write access. This flaw allows a local user
to crash or potentially escalate their privileges on the
system.
pandorafms.com 10
a
A logic issue was addressed with improved state

management. This issue is fixed in Security Update
koldo_software vulnerabilidades 2022-10-18 CVE-2022-26691 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 6.7 https://nvd.nist.gov/vuln/detail/CVE-2022-26691 cups-libs
11.6.5. An application may be able to gain elevated
privileges.
FreeType commit
1e2eb65048f75c64b68708efed6ce904c31f3b2f was
koldo_software vulnerabilidades 2022-10-18 CVE-2022-27404 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-27404 freetype Affected no
discovered to contain a heap buffer overflow via the
function sfnt_init_face.
FreeType commit
53dfdcd8198d2b3201a23c4bad9190519ba918db was
discovered to contain a segmentation violation via the
function FNT_Size_Request.
FreeType commit
22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 was
discovered to contain a segmentation violation via the
function FT_Request_Size.
A heap buffer overflow flaw was found in IPsec ESP
transformation code in net/ipv4/esp4.c and
koldo_software vulnerabilidades 2022-10-18 CVE-2022-27666 net/ipv6/esp6.c. This flaw allows a local attacker with a 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-27666 bpftool,kernel,kernel-core,kernel-modules,kernel-tools,kernel-tools-libs,python3-perf
normal user privilege to overwrite kernel heap objects and
may cause a local privilege escalation threat.
An insufficiently protected credentials vulnerability exists
in curl 4.9 to and include curl 7.82.0 are affected that
could allow an attacker to extract credentials when follows
koldo_software vulnerabilidades 2022-10-18 CVE-2022-27774 5.7 https://nvd.nist.gov/vuln/detail/CVE-2022-27774 curl,libcurl
HTTP(S) redirects is used with authentication could leak
credentials to other services that exist on different
protocols or port numbers.
A insufficiently protected credentials vulnerability in fixed
in curl 7.83.0 might leak authentication or cookie header
data on HTTP redirects to the same host but another port
number.
libcurl would reuse a previously created connection even
when a TLS or SSHrelated option had been changed that
should have prohibited reuse.libcurl keeps previously used
koldo_software vulnerabilidades 2022-10-18 CVE-2022-27782 connections in a connection pool for subsequenttransfers 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-27782 curl,libcurl
to reuse if one of them matches the setup. However,
several TLS andSSH settings were left out from the
configuration match checks, making themmatch too easily.
libiberty/rust-demangle.c in GNU GCC 11.2 allows stack
koldo_software vulnerabilidades 2022-10-18 CVE-2022-27943 consumption in demangle_const, as demonstrated by nm- 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 gcc Affected no
new.
In drivers/hid/hid-elo.c in the Linux kernel before 5.16.11,
koldo_software vulnerabilidades 2022-10-18 CVE-2022-27950 a memory leak exists for a certain hid_parse error 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-27950 kernel Affected no
condition.
ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in
the Linux kernel through 5.17.1 has a double free.
libtiff's tiffcrop utility has a uint32_t underflow that can
lead to out of bounds read and write. An attacker who
koldo_software vulnerabilidades 2022-10-18 CVE-2022-2867 supplies a crafted file to tiffcrop (likely via tricking a user 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2867 libtiff Affected no
to run tiffcrop on it with certain parameters) could cause a
crash or in some cases, further exploitation.
libtiff's tiffcrop utility has a improper input validation flaw
that can lead to out of bounds read and ultimately cause a
crash if an attacker is able to supply a crafted file to
tiffcrop.
libtiff's tiffcrop tool has a uint32_t underflow which leads
to out of bounds read and write in the
extractContigSamples8bits routine. An attacker who
koldo_software vulnerabilidades 2022-10-18 CVE-2022-2869 supplies a crafted file to tiffcrop could trigger this flaw, 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2869 libtiff Affected no
most likely by tricking a user into opening the crafted file
with tiffcrop. Triggering this flaw could cause a crash or
potentially further exploitation.
libtiff's tiffcrop tool has a uint32_t underflow which leads
to out of bounds read and write in the
extractContigSamples8bits routine. An attacker who
koldo_software vulnerabilidades 2022-10-18 CVE-2022-2869 supplies a crafted file to tiffcrop could trigger this flaw, 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2869 kernel Affected no
most likely by tricking a user into opening the crafted file
with tiffcrop. Triggering this flaw could cause a crash or
potentially further exploitation.
An out-of-bounds memory access flaw was found in the
Linux kernel Intel’s iSMT SMBus host controller driver in
koldo_software vulnerabilidades 2022-10-18 CVE-2022-2873 the way a user triggers the I2C_SMBUS_BLOCK_DATA 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-2873 kernel Affected no
(with the ioctl I2C_SMBUS) with malicious input data. This
flaw allows a local user to crash the system.
koldo_software vulnerabilidades 2022-10-18 CVE-2022-2873 the way a user triggers the I2C_SMBUS_BLOCK_DATA 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-2873 grub2-common,grub2-pc,grub2-pc-modules,grub2-tools,grub2-tools-extra,grub2-tools-minimal
The SUNRPC subsystem in the Linux kernel through
koldo_software vulnerabilidades 2022-10-18 CVE-2022-28893 5.17.2 can call xs_xprt_free before ensuring that sockets 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-28893 kernel Affected no
are in the intended state.
An issue was discovered in rsync before 3.2.5 that allows
malicious remote servers to write arbitrary files inside the
directories of connecting peers. The server chooses which
files/directories are sent to the client. However, the rsync
koldo_software vulnerabilidades 2022-10-18 CVE-2022-29154 client performs insufficient validation of file names. A 7.4 https://nvd.nist.gov/vuln/detail/CVE-2022-29154 rsync
malicious rsync server (or Man-in-The-Middle attacker)
can overwrite arbitrary files in the rsync client target
directory and subdirectories (for example, overwrite the
.ssh/authorized_keys file).
Hawk is an HTTP authentication scheme providing
mechanisms for making authenticated HTTP requests with
partial cryptographic verification of the request and
response, covering the HTTP method, request URI, host,
and optionally the request payload. Hawk used a regular
expression to parse `Host` HTTP header
(`Hawk.utils.parseHost()`), which was subject to regular
koldo_software vulnerabilidades 2022-10-18 CVE-2022-29167 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-29167 mozjs60 Affected no
expression DoS attack - meaning each added character in
the attacker's input increases the computation time
exponentially. `parseHost()` was patched in `9.0.1` to use
built-in ÙRL` class to parse hostname instead.
`Hawk.authenticate()` accepts òptions` argument. If that
contains `host` and `port`, those would be used instead of
a call to ùtils.parseHost()`.
Git is a distributed revision control system. Git prior to
versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3,
2.31.4, and 2.30.5, is vulnerable to privilege escalation in
all platforms. An unsuspecting user could still be affected
by the issue reported in CVE-2022-24765, for example
when navigating as root into a shared tmp directory that is
owned by them, but where an attacker could create a git
repository. Versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4,
koldo_software vulnerabilidades 2022-10-18 CVE-2022-29187 2.32.3, 2.31.4, and 2.30.5 contain a patch for this issue. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-29187 git Affected no
The simplest way to avoid being affected by the exploit
described in the example is to avoid running git as root (or
an Administrator in Windows), and if needed to reduce its
use to a minimum. While a generic workaround is not
possible, a system could be hardened from the exploit
described in the example by removing any such repository
if it exists already and creating one as root to block any
future attacks.
A flaw was found in the Linux kernel's implementation of
Pressure Stall Information. While the feature is disabled
by default, it could allow an attacker to crash the system
or have other memory-corruption side effects.
Improper Update of Reference Count vulnerability in
net/sched of Linux Kernel allows local attacker to cause
koldo_software vulnerabilidades 2022-10-18 CVE-2022-29581 version 4.14 and later versions. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-29581 kernel Affected no
privilege escalation to root. This issue affects: Linux
Kernel versions prior to 5.18
Improper Update of Reference Count vulnerability in
net/sched of Linux Kernel allows local attacker to cause
koldo_software vulnerabilidades 2022-10-18 CVE-2022-29581 version 4.14 and later versions. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-29581 kernel Affected no
privilege escalation to root. This issue affects: Linux
Kernel versions prior to 5.18
A flaw use after free in the Linux kernel NILFS file system
was found in the way user triggers function
security_inode_alloc to fail with following call to function
nilfs_mdt_destroy. A local user could use this flaw to crash
the system or potentially escalate their privileges on the
system.
In libxml2 before 2.9.14, several buffer handling functions
in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for
integer overflows. This can result in out-of-bounds memory
koldo_software vulnerabilidades 2022-10-18 CVE-2022-29824 writes. Exploitation requires a victim to open a crafted, 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-29824 libxml2,python3-libxml2
multi-gigabyte XML file. Other software using libxml2's
buffer functions, for example libxslt through 1.1.35, is
affected as well.
Mis-trained branch predictions for return instructions may
koldo_software vulnerabilidades 2022-10-18 CVE-2022-29900 allow arbitrary speculative code execution under certain 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-29900 kernel Affected no
microarchitecture-dependent conditions.
Intel microprocessor generations 6 to 8 are affected by a
new Spectre variant that is able to bypass their retpoline
mitigation in the kernel to leak arbitrary data. An attacker
koldo_software vulnerabilidades 2022-10-18 CVE-2022-29901 with unprivileged user access can hijack return 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-29901 kernel Affected no
instructions to achieve arbitrary speculative code
execution under certain microarchitecture-dependent
conditions.
A race condition was found in the Linux kernel's IP
framework for transforming packets (XFRM subsystem)
when multiple calls to xfrm_probe_algs occurred
koldo_software vulnerabilidades 2022-10-18 CVE-2022-3028 simultaneously. This flaw could allow a local attacker to 7 https://nvd.nist.gov/vuln/detail/CVE-2022-3028 kernel Affected no
potentially trigger an out-of-bounds write or leak kernel
heap memory by performing an out-of-bounds read and
copying it into a socket.
The Linux kernel before 5.17.2 mishandles seccomp
permissions. The PTRACE_SEIZE code path allows
attackers to bypass intended restrictions on setting the
PT_SUSPEND_SECCOMP flag.
Uncontrolled recursion in Glob in io/fs before Go 1.17.12
and Go 1.18.4 allows an attacker to cause a panic due to
koldo_software vulnerabilidades 2022-10-18 CVE-2022-30630 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-30630 git-lfs Affected no
stack exhaustion via a path which contains a large number
of path separators.
pandorafms.com 11
a
Uncontrolled recursion in Glob in path/filepath before Go

1.17.12 and Go 1.18.4 allows an attacker to cause a panic
due to stack exhaustion via a path containing a large
number of path separators.
Uncontrolled recursion in Decoder.Decode in
encoding/gob before Go 1.17.12 and Go 1.18.4 allows an
attacker to cause a panic due to stack exhaustion via a
message which contains deeply nested structures.
Improper exposure of client IP addresses in net/http
before Go 1.17.12 and Go 1.18.4 can be triggered by
calling httputil.ReverseProxy.ServeHTTP with a
Request.Header map containing a nil value for the X-
Forwarded-For header, which causes ReverseProxy to set
the client IP as the value of the X-Forwarded-For header.
A too-short encoded message can cause a panic in
Float.GobDecode and Rat GobDecode in math/big in Go
before 1.17.13 and 1.18.5, potentially allowing a denial of
service.
curl < 7.84.0 supports "chained" HTTP compression
algorithms, meaning that a serverresponse can be
compressed multiple times and potentially with different
algorithms. The number of acceptable "links" in this
"decompression chain" was unbounded, allowing a
malicious server to insert a virtually unlimited number of
compression steps.The use of such a decompression chain
could result in a "malloc bomb", makingcurl end up
spending enormous amounts of allocated heap memory, or
trying toand returning out of memory errors.
When curl < 7.84.0 does FTP transfers secured by krb5, it
handles message verification failures wrongly. This flaw
makes it possible for a Man-In-The-Middle attack to go
unnoticed and even allows it to inject data to the client.
net/netfilter/nf_tables_api.c in the Linux kernel through
5.18.1 allows a local user (able to create user/net
koldo_software vulnerabilidades 2022-10-18 CVE-2022-32250 namespaces) to escalate privileges to root because an 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-32250 bpftool,kernel,kernel-core,kernel-headers,kernel-modules,kernel-tools,kernel-tools-libs,python3-perf
incorrect NFT_STATEFUL_EXPR check leads to a use-
after-free.
A flaw was found in the Samba AD LDAP server. The AD
DC database audit logging module can access LDAP
message values freed by a preceding database module,
koldo_software vulnerabilidades 2022-10-18 CVE-2022-32746 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-32746 libldb Affected no
resulting in a use-after-free issue. This issue is only
possible when modifying certain privileged attributes,
such as userAccountControl.
The got package before 12.1.0 (also fixed in 11.8.5) for
koldo_software vulnerabilidades 2022-10-18 CVE-2022-33987 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-33987 mozjs60 Affected no
Node.js allows a redirect to a UNIX socket.
The Apache Xalan Java XSLT library is vulnerable to an
integer truncation issue when processing malicious XSLT
stylesheets. This can be used to corrupt Java class files
generated by the internal XSLTC compiler and execute
koldo_software vulnerabilidades 2022-10-18 CVE-2022-34169 arbitrary Java bytecode. The Apache Xalan Java project is 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-34169 java-1.8.0-openjdk,java-1.8.0-openjdk-headless
dormant and in the process of being retired. No future
releases of Apache Xalan Java to address this issue are
expected. Note: Java runtimes (such as OpenJDK) include
repackaged copies of Xalan.
GnuPG through 2.3.6, in unusual situations where an
attacker possesses any secret-key information from a
koldo_software vulnerabilidades 2022-10-18 CVE-2022-34903 victim's keyring and other constraints (e.g., use of 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-34903 gnupg2 Affected no
GPGME) are met, allows signature forgery via injection
into the status line.
GnuPG through 2.3.6, in unusual situations where an
attacker possesses any secret-key information from a
koldo_software vulnerabilidades 2022-10-18 CVE-2022-34903 victim's keyring and other constraints (e.g., use of 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-34903 curl Affected no
GPGME) are met, allows signature forgery via injection
into the status line.
An issue was discovered in the Linux kernel through
koldo_software vulnerabilidades 2022-10-18 CVE-2022-36879 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-36879 kernel Affected no
can cause a refcount to be dropped twice.
nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the
Linux kernel through 5.18.14 allows remote attackers to
koldo_software vulnerabilidades 2022-10-18 CVE-2022-36946 cause a denial of service (panic) because, in the case of an 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-36946 kernel Affected no
nf_queue verdict with a one-byte nfta_payload attribute, an
skb_pull can encounter a negative skb->len.
zlib through 1.2.12 has a heap-based buffer over-read or
buffer overflow in inflate in inflate.c via a large gzip
header extra field. NOTE: only applications that call
koldo_software vulnerabilidades 2022-10-18 CVE-2022-37434 inflateGetHeader are affected. Some common applications 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-37434 rsync,zlib Affected no
bundle the affected zlib source code but may be unable to
call inflateGetHeader (e.g., see the nodejs/node
reference).
An issue was discovered the x86 KVM subsystem in the
Linux kernel before 5.18.17. Unprivileged guest users can
koldo_software vulnerabilidades 2022-10-18 CVE-2022-39189 compromise the guest kernel because TLB flush 0 https://nvd.nist.gov/vuln/detail/CVE-2022-39189 kernel Affected no
operations are mishandled in certain
KVM_VCPU_PREEMPTED situations.
pandorafms.com 12

Report A 2022-10-18 11 35 05

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Report A 2022-10-18 11 35 05

Uploaded by

Copyright:

Available Formats

a

October 18, 2022, 11:35 am

Generated: October 18, 2022, 11:35 am

A flaw was found in the way samba implemented SMB1

Hardware allows activation of test or debug logic at

An out-of-bounds memory write flaw was found in the

A flaw in the Linux kernel's implementation of RDMA

In the Linux kernel through 5.15.2, mwifiex_usb_recv in

Reachable Assertion in tiffcp in libtiff 4.3.0 allows

Divide By Zero error in tiffcrop in libtiff 4.4.0 allows

Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2

A logic issue was addressed with improved state

Uncontrolled recursion in Glob in path/filepath before Go

You might also like