CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-37452
https://notcve.org/view.php?id=CVE-2022-37452
Exim before 4.95 has a heap-based buffer overflow for the alias list in host_name_lookup in host.c when sender_host_name is set. Exim versiones anteriores a 4.95, presenta un desbordamiento de búfer en la región heap de la memoria para la lista de alias en la función host_name_lookup en el archivo host.c cuando sender_host_name está establecido • https://github.com/Exim/exim/commit/d4bc023436e4cce7c23c5f8bb5199e178b4cc743 https://github.com/Exim/exim/compare/exim-4.94...exim-4.95 https://github.com/Exim/exim/wiki/EximSecurity https://github.com/ivd38/exim_overflow https://lists.debian.org/debian-lts-announce/2022/08/msg00014.html https://www.exim.org/static/doc/security https://www.openwall.com/lists/oss-security/2022/08/06/8 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2CVE-2022-2255
https://notcve.org/view.php?id=CVE-2022-2255
A vulnerability was found in mod_wsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing. Se encontró una vulnerabilidad en mod_wsgi. El encabezado X-Client-IP no es eliminado de una solicitud procedente de un proxy no confiable, lo que permite a un atacante pasar la cabecera X-Client-IP a la aplicación WSGI de destino porque falta la condición para eliminarla. • https://github.com/GrahamDumpleton/mod_wsgi/blob/4.9.2/src/server/mod_wsgi.c#L13940-L13941 https://github.com/GrahamDumpleton/mod_wsgi/blob/4.9.2/src/server/mod_wsgi.c#L14046-L14082 https://lists.debian.org/debian-lts-announce/2022/09/msg00021.html https://modwsgi.readthedocs.io/en/latest/release-notes/version-4.9.3.html • CWE-345: Insufficient Verification of Data Authenticity CWE-348: Use of Less Trusted Source •
CVSS: 9.8EPSS: 0%CPEs: 31EXPL: 4CVE-2022-37434 – zlib: heap-based buffer over-read and overflow in inflate() in inflate.c via a large gzip header extra field
https://notcve.org/view.php?id=CVE-2022-37434
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference). zlib versiones hasta 1.2.12, presenta una lectura excesiva de búfer en la región heap de la memoria o desbordamiento de búfer en el archivo inflate.c por medio de un campo extra del encabezado gzip. NOTA: sólo están afectadas las aplicaciones que llaman a inflateGetHeader. Algunas aplicaciones comunes agrupan el código fuente de zlib afectado pero pueden ser incapaces de llamar a inflateGetHeader (por ejemplo, véase la referencia nodejs/node) A security vulnerability was found in zlib. • http://seclists.org/fulldisclosure/2022/Oct/37 http://seclists.org/fulldisclosure/2022/Oct/38 http://seclists.org/fulldisclosure/2022/Oct/41 http://seclists.org/fulldisclosure/2022/Oct/42 http://www.openwall.com/lists/oss-security/2022/08/05/2 http://www.openwall.com/lists/oss-security/2022/08/09/1 https://github.com/curl/curl/issues/9271 https://github.com/ivd38/zlib_overflow https://github.com/madler/zlib/blob/21767c654d31d2dccdde4330529775c6c5fd5389/zlib.h#L1062-L1063 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 8.0EPSS: 0%CPEs: 8EXPL: 1CVE-2022-31197 – SQL Injection in ResultSet.refreshRow() with malicious column names in pgjdbc
https://notcve.org/view.php?id=CVE-2022-31197
PostgreSQL JDBC Driver (PgJDBC for short) allows Java programs to connect to a PostgreSQL database using standard, database independent Java code. The PGJDBC implementation of the `java.sql.ResultRow.refreshRow()` method is not performing escaping of column names so a malicious column name that contains a statement terminator, e.g. `;`, could lead to SQL injection. This could lead to executing additional SQL commands as the application's JDBC user. User applications that do not invoke the `ResultSet.refreshRow()` method are not impacted. User application that do invoke that method are impacted if the underlying database that they are querying via their JDBC application may be under the control of an attacker. • https://github.com/pgjdbc/pgjdbc/commit/739e599d52ad80f8dcd6efedc6157859b1a9d637 https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-r38f-c4h4-hqq2 https://lists.debian.org/debian-lts-announce/2022/10/msg00009.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I6WHUADTZBBQLVHO4YG4XCWDGWBT4LRP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTFE6SV33P5YYU2GNTQZQKQRVR3GYE4S https://access.redhat.com/security/cve/CVE-2022-31197 https://b • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-2509 – gnutls: Double free during gnutls_pkcs7_verify
https://notcve.org/view.php?id=CVE-2022-2509
A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function. Una vulnerabilidad encontrada en gnutls. Este fallo de seguridad es producida por un error de doble liberación durante la verificación de firmas pkcs7 en la función gnutls_pkcs7_verify A vulnerability was found in gnutls. This issue is due to a double-free error that occurs during the verification of pkcs7 signatures in the gnutls_pkcs7_verify function. • https://access.redhat.com/security/cve/CVE-2022-2509 https://lists.debian.org/debian-lts-announce/2022/08/msg00002.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FL27JS3VM74YEQU7PGB62USO3KSBYZX https://lists.gnupg.org/pipermail/gnutls-help/2022-July/004746.html https://www.debian.org/security/2022/dsa-5203 https://bugzilla.redhat.com/show_bug.cgi?id=2108977 • CWE-415: Double Free •