CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 1CVE-2022-0521 – Access of Memory Location After End of Buffer in radareorg/radare2
https://notcve.org/view.php?id=CVE-2022-0521
Access of Memory Location After End of Buffer in GitHub repository radareorg/radare2 prior to 5.6.2. Un Acceso a la Ubicación de la Memoria Después del Final del Búfer en el repositorio de GitHub radareorg/radare2 versiones anteriores a 5.6.2 • https://github.com/radareorg/radare2/commit/6c4428f018d385fc80a33ecddcb37becea685dd5 https://huntr.dev/bounties/4d436311-bbf1-45a3-8774-bdb666d7f7ca https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZTIMAS53YT66FUS4QHQAFRJOBMUFG6D https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E6YBRQ3UCFWJVSOYIKPVUDASZ544TFND • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-788: Access of Memory Location After End of Buffer •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-0520 – Use After Free in radareorg/radare2
https://notcve.org/view.php?id=CVE-2022-0520
Use After Free in NPM radare2.js prior to 5.6.2. Un Uso de Memoria Previamente Liberada en NPM radare2.js versiones anteriores a 5.6.2 • https://github.com/radareorg/radare2/commit/8525ad0b9fd596f4b251bb3d7b114e6dc7ce1ee8 https://huntr.dev/bounties/ce13c371-e5ef-4993-97f3-3d33dcd943a6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZTIMAS53YT66FUS4QHQAFRJOBMUFG6D https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E6YBRQ3UCFWJVSOYIKPVUDASZ544TFND • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 13EXPL: 0CVE-2022-21703 – Cross Site Request Forgery in Grafana
https://notcve.org/view.php?id=CVE-2022-21703
Grafana is an open-source platform for monitoring and observability. Affected versions are subject to a cross site request forgery vulnerability which allows attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users (for example, Editors or Admins). An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into inviting the attacker as a new user with high privileges. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue. • https://github.com/grafana/grafana/pull/45083 https://github.com/grafana/grafana/security/advisories/GHSA-cmf4-h3xc-jw8w https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH https://lists.fedoraproject.org/archives/list • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 1CVE-2022-0519 – Buffer Access with Incorrect Length Value in radareorg/radare2
https://notcve.org/view.php?id=CVE-2022-0519
Buffer Access with Incorrect Length Value in GitHub repository radareorg/radare2 prior to 5.6.2. Un Acceso al Búfer con un Valor de Longitud Incorrecto en el repositorio de GitHub radareorg/radare2 versiones anteriores a 5.6.2 • https://github.com/radareorg/radare2/commit/6c4428f018d385fc80a33ecddcb37becea685dd5 https://huntr.dev/bounties/af85b9e1-d1cf-4c0e-ba12-525b82b7c1e3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZTIMAS53YT66FUS4QHQAFRJOBMUFG6D https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E6YBRQ3UCFWJVSOYIKPVUDASZ544TFND • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-805: Buffer Access with Incorrect Length Value •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 1CVE-2022-0518 – Heap-based Buffer Overflow in radareorg/radare2
https://notcve.org/view.php?id=CVE-2022-0518
Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.2. Un Desbordamiento del Búfer en la región Heap de la Memoria en el repositorio GitHub radareorg/radare2versiones anteriores a 5.6.2 • https://github.com/radareorg/radare2/commit/9650e3c352f675687bf6c6f65ff2c4a3d0e288fa https://huntr.dev/bounties/10051adf-7ddc-4042-8fd0-8e9e0c5b1184 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZTIMAS53YT66FUS4QHQAFRJOBMUFG6D https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E6YBRQ3UCFWJVSOYIKPVUDASZ544TFND • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •