CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 1CVE-2022-0729 – Use of Out-of-range Pointer Offset in vim/vim
https://notcve.org/view.php?id=CVE-2022-0729
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440. Un Uso de un Desplazamiento de Puntero Fuera de Rango en el repositorio de GitHub vim/vim versiones anteriores a 8.2.4440 • http://seclists.org/fulldisclosure/2022/Oct/28 http://seclists.org/fulldisclosure/2022/Oct/41 https://github.com/vim/vim/commit/6456fae9ba8e72c74b2c0c499eaf09974604ff30 https://huntr.dev/bounties/f3f3d992-7bd6-4ee5-a502-ae0e5f8016ea https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF https://lists.fedoraproject& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-823: Use of Out-of-range Pointer Offset •
CVSS: 8.8EPSS: 0%CPEs: 12EXPL: 0CVE-2022-24407 – cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands
https://notcve.org/view.php?id=CVE-2022-24407
In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement. En Cyrus SASL versiones 2.1.17 hasta 2.1.27 anteriores a 2.1.28, el archivo plugins/sql.c no escapa la contraseña para una sentencia SQL INSERT o UPDATE A flaw was found in the SQL plugin shipped with Cyrus SASL. The vulnerability occurs due to failure to properly escape SQL input and leads to an improper input validation vulnerability. This flaw allows an attacker to execute arbitrary SQL commands and the ability to change the passwords for other accounts allowing escalation of privileges. • http://www.openwall.com/lists/oss-security/2022/02/23/4 https://github.com/cyrusimap/cyrus-sasl/blob/fdcd13ceaef8de684dc69008011fa865c5b4a3ac/docsrc/sasl/release-notes/2.1/index.rst https://lists.debian.org/debian-lts-announce/2022/03/msg00002.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4FIXU75Q6RBNK6UYM7MQ3TCFGXR7AX4U https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H26R4SMGM3WHXX4XYNNJB4YGFIL5UNF4 https://lists.fedoraproject.org&#x • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 1CVE-2022-0713 – Heap-based Buffer Overflow in radareorg/radare2
https://notcve.org/view.php?id=CVE-2022-0713
Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.4. Un Desbordamiento de búfer en la región heap de la memoria en el repositorio de GitHub radareorg/radare2 versiones anteriores a 5.6.4 • https://github.com/radareorg/radare2/commit/a35f89f86ed12161af09330e92e5a213014e46a1 https://huntr.dev/bounties/d35b3dff-768d-4a09-a742-c18ca8f56d3c https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZTIMAS53YT66FUS4QHQAFRJOBMUFG6D https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E6YBRQ3UCFWJVSOYIKPVUDASZ544TFND • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 1CVE-2022-0712 – NULL Pointer Dereference in radareorg/radare2
https://notcve.org/view.php?id=CVE-2022-0712
NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.4. Una Desreferencia de puntero NULL en el repositorio de GitHub radareorg/radare2 versiones anteriores a 5.6.4 • https://github.com/radareorg/radare2/commit/515e592b9bea0612bc63d8e93239ff35bcf645c7 https://huntr.dev/bounties/1e572820-e502-49d1-af0e-81833e2eb466 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZTIMAS53YT66FUS4QHQAFRJOBMUFG6D https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E6YBRQ3UCFWJVSOYIKPVUDASZ544TFND • CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-25600 – WordPress WP Google Map plugin <= 4.2.3 - Cross-Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2022-25600
Cross-Site Request Forgery (CSRF) vulnerability affecting Delete Marker Category, Delete Map, and Copy Map functions in WP Google Map plugin (versions <= 4.2.3). Una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) afectando a las funciones Delete Marker Category, Delete Map y Copy Map en el plugin WP Google Map (versiones anteriores a 4.2.3 incluyéndola) • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7CR6VGITIB2TXXZ6B5QRRWPU5S4BXQPD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IJX6NVXSRN3RX3YUVEJQ4WUTQSDL3DSR https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PZQCIZQI267YHVYSFB3CRKNK3F4ASPLK https://patchstack.com/database/vulnerability/wp-google-map-plugin/wordpress-wp-google-map-plugin-4-2-3-cross-site-request-forgery-csrf-vulnerability https://wordpress.org/plugins& • CWE-352: Cross-Site Request Forgery (CSRF) •