CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-0730
https://notcve.org/view.php?id=CVE-2022-0730
Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types. Bajo determinadas condiciones de ldap, la autenticación de Cacti puede ser omitida con determinados tipos de credenciales • https://github.com/Cacti/cacti/issues/4562 https://lists.debian.org/debian-lts-announce/2022/03/msg00038.html https://lists.debian.org/debian-lts-announce/2022/12/msg00039.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RVOALVZSCBFNOAAZVHTJFSFB7UDSNYQ2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZH67CCORDEYFG7NL7G6UH47PAV2PU7BA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZJERS4NYIGJ • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 1CVE-2022-21716 – Buffer Overflow in Twisted
https://notcve.org/view.php?id=CVE-2022-21716
Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the peer's SSH version identifier. This ends up with a buffer using all the available memory. The attach is a simple as `nc -rv localhost 22 < /dev/zero`. A patch is available in version 22.2.0. • https://github.com/twisted/twisted/commit/89c395ee794e85a9657b112c4351417850330ef9 https://github.com/twisted/twisted/releases/tag/twisted-22.2.0 https://github.com/twisted/twisted/security/advisories/GHSA-rv6r-3f5q-9rgx https://lists.debian.org/debian-lts-announce/2022/03/msg00009.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 2CVE-2022-23648 – Insecure handling of image volumes in containerd CRI plugin
https://notcve.org/view.php?id=CVE-2022-23648
containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd’s CRI implementation on Linux with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy) and expose potentially sensitive information. Kubernetes and crictl can both be configured to use containerd’s CRI implementation. This bug has been fixed in containerd 1.6.1, 1.5.10, and 1.4.12. • https://github.com/raesene/CVE-2022-23648-POC http://packetstormsecurity.com/files/166421/containerd-Image-Volume-Insecure-Handling.html https://github.com/containerd/containerd/commit/10f428dac7cec44c864e1b830a4623af27a9fc70 https://github.com/containerd/containerd/releases/tag/v1.4.13 https://github.com/containerd/containerd/releases/tag/v1.5.10 https://github.com/containerd/containerd/releases/tag/v1.6.1 https://github.com/containerd/containerd/security/advisories/GHSA-crp2-qrr5-8pq7 https://lists.fedorapro • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2022-26126
https://notcve.org/view.php?id=CVE-2022-26126
Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to the use of strdup with a non-zero-terminated binary string in isis_nb_notifications.c. Se presentan vulnerabilidades de desbordamiento del búfer en FRRouting versiones hasta 8.1.0, debido al uso de strdup con una cadena binaria que no termina en cero en el archivo isis_nb_notifications.c • https://github.com/FRRouting/frr/issues/10505 https://lists.debian.org/debian-lts-announce/2024/04/msg00019.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MIEQNIWUSBQTFR65HM2LLIB7PH27CZUZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VTYSAL4QCE4XWMMBKUB7LSLPAFLWUML4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XUCZR6RYQVZ35BFUV7OLIUEHZW2433I2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2022-25601 – WordPress Contact Form X plugin <= 2.4 - Reflected Cross-Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2022-25601
Reflected Cross-Site Scripting (XSS) vulnerability affecting parameter &tab discovered in Contact Form X WordPress plugin (versions <= 2.4). Se ha detectado vulnerabilidad de tipo Cross-Site Scripting (XSS) Reflejado que afecta al parámetro &tab en el plugin Contact Form X de WordPress (versiones anteriores a 2.4 incluyéndola) • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7CR6VGITIB2TXXZ6B5QRRWPU5S4BXQPD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IJX6NVXSRN3RX3YUVEJQ4WUTQSDL3DSR https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PZQCIZQI267YHVYSFB3CRKNK3F4ASPLK https://patchstack.com/database/vulnerability/contact-form-x/wordpress-contact-form-x-plugin-2-4-authenticated-reflected-cross-site-scripting-xss-vulnerability https://wordpress.org/pl • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •