CVSS: 7.0EPSS: 0%CPEs: 13EXPL: 0CVE-2022-26488
https://notcve.org/view.php?id=CVE-2022-26488
In Python before 3.10.3 on Windows, local users can gain privileges because the search path is inadequately secured. The installer may allow a local attacker to add user-writable directories to the system search path. To exploit, an administrator must have installed Python for all users and enabled PATH entries. A non-administrative user can trigger a repair that incorrectly adds user-writable paths into PATH, enabling search-path hijacking of other users and system services. This affects Python (CPython) through 3.7.12, 3.8.x through 3.8.12, 3.9.x through 3.9.10, and 3.10.x through 3.10.2. • https://mail.python.org/archives/list/security-announce%40python.org/thread/657Z4XULWZNIY5FRP3OWXHYKUSIH6DMN https://security.netapp.com/advisory/ntap-20220419-0005 • CWE-426: Untrusted Search Path •
CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0CVE-2021-3998
https://notcve.org/view.php?id=CVE-2021-3998
A flaw was found in glibc. The realpath() function can mistakenly return an unexpected value, potentially leading to information leakage and disclosure of sensitive data. Se ha encontrado un fallo en glibc. La función realpath() puede devolver por error un valor no esperado, conllevando potencialmente a un filtrado de información y una divulgación de datos confidenciales. • https://access.redhat.com/security/cve/CVE-2021-3998 https://bugzilla.redhat.com/show_bug.cgi?id=2024633 https://security-tracker.debian.org/tracker/CVE-2021-3998 https://security.netapp.com/advisory/ntap-20221020-0003 https://sourceware.org/bugzilla/show_bug.cgi?id=28770 https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=84d2d0fe20bdf94feed82b21b4d7d136db471f03 https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=ee8d5e33adb284601c00c94687bc907e10aec9bb https://www.openwall.com/lists/oss-security/2022 • CWE-125: Out-of-bounds Read CWE-252: Unchecked Return Value •
CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 1CVE-2021-3999 – glibc: Off-by-one buffer overflow/underflow in getcwd()
https://notcve.org/view.php?id=CVE-2021-3999
A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system. Se ha encontrado un fallo en glibc. Un desbordamiento y subdesbordamiento de búfer en la función getcwd() puede conllevar a una corrupción de memoria cuando el tamaño del búfer es exactamente 1. • https://access.redhat.com/security/cve/CVE-2021-3999 https://bugzilla.redhat.com/show_bug.cgi?id=2024637 https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html https://security-tracker.debian.org/tracker/CVE-2021-3999 https://security.netapp.com/advisory/ntap-20221104-0001 https://sourceware.org/bugzilla/show_bug.cgi?id=28769 https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=23e0e8f5f1fb5ed150253d986ecccdc90c2dcd5e https://www.openwall.com/lists/oss-security/2022/01/24/4 • CWE-193: Off-by-one Error •
CVSS: 8.1EPSS: 0%CPEs: 58EXPL: 0CVE-2022-23308 – libxml2: Use-after-free of ID and IDREF attributes
https://notcve.org/view.php?id=CVE-2022-23308
valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. El archivo valid.c en libxml2 versiones anteriores a 2.9.13, presenta un uso de memoria previamente liberada de los atributos ID e IDREF. A flaw was found in libxml2. A call to the xmlGetID function can return a pointer already freed when parsing an XML document with the XML_PARSE_DTDVALID option and without the XML_PARSE_NOENT option, resulting in a use-after-free issue. • http://seclists.org/fulldisclosure/2022/May/33 http://seclists.org/fulldisclosure/2022/May/34 http://seclists.org/fulldisclosure/2022/May/35 http://seclists.org/fulldisclosure/2022/May/36 http://seclists.org/fulldisclosure/2022/May/37 http://seclists.org/fulldisclosure/2022/May/38 https://github.com/GNOME/libxml2/commit/652dd12a858989b14eed4e84e453059cd3ba340e https://gitlab.gnome.org/GNOME/libxml2/-/blob/v2.9.13/NEWS https://lists.debian.org/debian-lts-announce/2022/04/msg00004. • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 12EXPL: 0CVE-2022-24407 – cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands
https://notcve.org/view.php?id=CVE-2022-24407
In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement. En Cyrus SASL versiones 2.1.17 hasta 2.1.27 anteriores a 2.1.28, el archivo plugins/sql.c no escapa la contraseña para una sentencia SQL INSERT o UPDATE A flaw was found in the SQL plugin shipped with Cyrus SASL. The vulnerability occurs due to failure to properly escape SQL input and leads to an improper input validation vulnerability. This flaw allows an attacker to execute arbitrary SQL commands and the ability to change the passwords for other accounts allowing escalation of privileges. • http://www.openwall.com/lists/oss-security/2022/02/23/4 https://github.com/cyrusimap/cyrus-sasl/blob/fdcd13ceaef8de684dc69008011fa865c5b4a3ac/docsrc/sasl/release-notes/2.1/index.rst https://lists.debian.org/debian-lts-announce/2022/03/msg00002.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4FIXU75Q6RBNK6UYM7MQ3TCFGXR7AX4U https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H26R4SMGM3WHXX4XYNNJB4YGFIL5UNF4 https://lists.fedoraproject.org&#x • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •