CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-45939 – emacs: ctags local command execution vulnerability
https://notcve.org/view.php?id=CVE-2022-45939
28 Nov 2022 — GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags *" command (suggested in the ctags documentation) in a situation where the current working directory has contents that depend on untrusted input. GNU Emacs hasta la versión 28.2 permite a los atacantes ejecutar comandos a través de metacaracteres d... • https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=d48bb4874bc6cd3e69c7a15fc3c91cc141025c51 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-4141 – Heap-based Buffer Overflow in vim/vim
https://notcve.org/view.php?id=CVE-2022-4141
25 Nov 2022 — Heap based buffer overflow in vim/vim 9.0.0946 and below by allowing an attacker to CTRL-W gf in the expression used in the RHS of the substitute command. Desbordamiento de búfer basado en vim/vim 9.0.0946 y versiones anteriores al permitir que un atacante presione CTRL-W gf en la expresión utilizada en el RHS del comando sustituto. Multiple vulnerabilities have been found in Vim, the worst of which could result in denial of service. Versions less than 9.0.1157 are affected. • https://github.com/vim/vim/commit/cc762a48d42b579fb7bdec2c614636b830342dd5 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.4EPSS: 0%CPEs: 7EXPL: 0CVE-2022-45152
https://notcve.org/view.php?id=CVE-2022-45152
25 Nov 2022 — A blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle. This flaw exists due to insufficient validation of user-supplied input in LTI provider library. The library does not utilise Moodle's inbuilt cURL helper, which resulted in a blind SSRF risk. An attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems. This vulnerability allows a remote attacker to perform SSRF attacks. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-71920 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.8EPSS: 0%CPEs: 9EXPL: 0CVE-2022-39346 – Missing length validation of user displayname in nextcloud server
https://notcve.org/view.php?id=CVE-2022-39346
25 Nov 2022 — Nextcloud server is an open source personal cloud server. Affected versions of nextcloud server did not properly limit user display names which could allow a malicious users to overload the backing database and cause a denial of service. It is recommended that the Nextcloud Server is upgraded to 22.2.10, 23.0.7 or 24.0.3. There are no known workarounds for this issue. El servidor Nextcloud es un servidor en la nube personal de código abierto. • https://github.com/nextcloud/security-advisories/security/advisories/GHSA-6w9f-jgjx-4vj6 • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.4EPSS: 0%CPEs: 6EXPL: 0CVE-2022-45149
https://notcve.org/view.php?id=CVE-2022-45149
23 Nov 2022 — A vulnerability was found in Moodle which exists due to insufficient validation of the HTTP request origin in course redirect URL. A user's CSRF token was unnecessarily included in the URL when being redirected to a course they have just restored. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website. This flaw allows an attacker to perform cross-site request forgery attacks. Se encontró una vulnerabilidad... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-75862 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.4EPSS: 0%CPEs: 6EXPL: 0CVE-2022-45150
https://notcve.org/view.php?id=CVE-2022-45150
23 Nov 2022 — A reflected cross-site scripting vulnerability was discovered in Moodle. This flaw exists due to insufficient sanitization of user-supplied data in policy tool. An attacker can trick the victim to open a specially crafted link that executes an arbitrary HTML and script code in user's browser in context of vulnerable website. This vulnerability may allow an attacker to perform cross-site scripting (XSS) attacks to gain access potentially sensitive information and modification of web pages. Se descubrió una v... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-76091 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-45151
https://notcve.org/view.php?id=CVE-2022-45151
23 Nov 2022 — The stored-XSS vulnerability was discovered in Moodle which exists due to insufficient sanitization of user-supplied data in several "social" user profile fields. An attacker could inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website. La vulnerabilidad XSS almacenada se descubrió en Moodle y existe debido a una sanitización insuficiente de los datos proporcionados por el usuario en varios campos de perfil de usuario "social". Un atacante podría inyectar y ejec... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-76131 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 2CVE-2022-45866
https://notcve.org/view.php?id=CVE-2022-45866
23 Nov 2022 — qpress before PierreLvx/qpress 20220819 and before version 11.3, as used in Percona XtraBackup and other products, allows directory traversal via ../ in a .qp file. qpress anterior a PierreLvx/qpress 20220819 y anterior a la versión 11.3, como se usa en Percona XtraBackup y otros productos, permite el Directory Traversal a través de ../ en un archivo .qp. • https://github.com/EvgeniyPatlan/qpress/commit/ddb312090ebd5794e81bc6fb1dfb4e79eda48761 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-45873 – systemd: deadlock in systemd-coredump via a crash with a long backtrace
https://notcve.org/view.php?id=CVE-2022-45873
23 Nov 2022 — systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. This occurs in parse_elf_object in shared/elf-util.c. The exploitation methodology is to crash a binary calling the same function recursively, and put it in a deeply nested directory to make its backtrace large enough to cause the deadlock. This must be done 16 times when MaxConnections=16 is set for the systemd/units/systemd-coredump.socket file. systemd 250 y 251 permiten a los us... • https://github.com/systemd/systemd/commit/076b807be472630692c5348c60d0c2b7b28ad437 • CWE-400: Uncontrolled Resource Consumption CWE-833: Deadlock •
CVSS: 9.0EPSS: 2%CPEs: 9EXPL: 1CVE-2021-33621 – ruby/cgi-gem: HTTP response splitting in CGI
https://notcve.org/view.php?id=CVE-2021-33621
18 Nov 2022 — The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object. La gema cgi anterior a 0.1.0.2, 0.2.x anterior a 0.2.2 y 0.3.x anterior a 0.3.5 para Ruby permite la división de respuestas HTTP. Esto es relevante para aplicaciones que utilizan entradas de usuarios que no son de confianza, ya sea para generar una respuesta HTTP o ... • https://lists.debian.org/debian-lts-announce/2023/06/msg00012.html • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') •