Page 11 of 1478 results (0.015 seconds)

CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 1

CVE-2021-3624

https://notcve.org/view.php?id=CVE-2021-3624

There is an integer overflow vulnerability in dcraw. When the victim runs dcraw with a maliciously crafted X3F input image, arbitrary code may be executed in the victim's system. Se presenta una vulnerabilidad de desbordamiento de enteros en dcraw. Cuando la víctima ejecuta dcraw con una imagen de entrada X3F maliciosamente diseñada, puede ejecutarse código arbitrario en el sistema de la víctima • https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984761 • CWE-20: Improper Input Validation CWE-190: Integer Overflow or Wraparound •

CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 1

CVE-2022-28044

https://notcve.org/view.php?id=CVE-2022-28044

Irzip v0.640 was discovered to contain a heap memory corruption via the component lrzip.c:initialise_control. Se ha detectado que Irzip versión v0.640, contenía una corrupción de memoria de la pila por medio del componente lrzip.c:initialise_control • https://github.com/ckolivas/lrzip/commit/5faf80cd53ecfd16b636d653483144cd12004f46 https://github.com/ckolivas/lrzip/issues/216 https://lists.debian.org/debian-lts-announce/2022/05/msg00016.html https://www.debian.org/security/2022/dsa-5145 • CWE-787: Out-of-bounds Write •

CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 4

CVE-2022-28346 – Django: SQL injection in QuerySet.annotate(),aggregate() and extra()

https://notcve.org/view.php?id=CVE-2022-28346

An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs. Se ha detectado un problema en Django versiones 2.2 anteriores a 2.2.28, 3.2 anteriores a 3.2.13 y 4.0 anteriores a 4.0.4. Los métodos QuerySet.annotate(), aggregate() y extra() están sujetos a inyección SQL en los alias de columna por medio de un diccionario diseñado (con expansión de diccionario) como los **kwargs pasados A flaw was found in the Django package, which leads to a SQL injection. This flaw allows an attacker using a crafted dictionary containing malicious SQL queries to compromise the database completely. • https://github.com/DeEpinGh0st/CVE-2022-28346 https://github.com/YouGina/CVE-2022-28346 https://github.com/kamal-marouane/CVE-2022-28346 https://github.com/vincentinttsh/CVE-2022-28346 http://www.openwall.com/lists/oss-security/2022/04/11/1 https://docs.djangoproject.com/en/4.0/releases/security https://groups.google.com/forum/#%21forum/django-announce https://lists.debian.org/debian-lts-announce/2022/04/msg00013.html https://lists.fedoraproject.org/archives/list/package • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0

CVE-2022-24836 – Inefficient Regular Expression Complexity in Nokogiri

https://notcve.org/view.php?id=CVE-2022-24836

Nokogiri is an open source XML and HTML library for Ruby. Nokogiri `< v1.13.4` contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents. Users are advised to upgrade to Nokogiri `>= 1.13.4`. There are no known workarounds for this issue. Nokogiri es una biblioteca XML y HTML de código abierto para Ruby. • http://seclists.org/fulldisclosure/2022/Dec/23 https://github.com/sparklemotion/nokogiri/commit/e444525ef1634b675cd1cf52d39f4320ef0aecfd https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8 https://lists.debian.org/debian-lts-announce/2022/05/msg00013.html https://lists.debian.org/debian-lts-announce/2022/10/msg00018.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6DHCOWMA5PQTIQIMDENA7R2Y5BDYAIYM https://lists.fedoraproject.org/archives/list/package& • CWE-400: Uncontrolled Resource Consumption CWE-1333: Inefficient Regular Expression Complexity •

CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0

CVE-2022-26110

https://notcve.org/view.php?id=CVE-2022-26110

An issue was discovered in HTCondor 8.8.x before 8.8.16, 9.0.x before 9.0.10, and 9.1.x before 9.6.0. When a user authenticates to an HTCondor daemon via the CLAIMTOBE method, the user can then impersonate any entity when issuing additional commands to that daemon. Se ha detectado un problema en HTCondor versiones 8.8.x anteriores a 8.8.16, versiones 9.0.x anteriores a 9.0.10 y versiones 9.1.x anteriores a 9.6.0. Cuando un usuario es autenticado en un demonio de HTCondor por medio del método CLAIMTOBE, el usuario puede hacerse pasar por cualquier entidad cuando emite comandos adicionales a ese demonio • https://lists.debian.org/debian-lts-announce/2022/04/msg00016.html https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2022-0003 https://www.debian.org/security/2022/dsa-5144 •