CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-23037
https://notcve.org/view.php?id=CVE-2022-23037
10 Mar 2022 — Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the ... • https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-23036
https://notcve.org/view.php?id=CVE-2022-23036
10 Mar 2022 — Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the ... • https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 1CVE-2021-33293 – Ubuntu Security Notice USN-6163-1
https://notcve.org/view.php?id=CVE-2021-33293
10 Mar 2022 — Panorama Tools libpano13 v2.9.20 was discovered to contain an out-of-bounds read in the function panoParserFindOLine() in parser.c. Se ha detectado que Panorama Tools libpano13 versión v2.9.20, contiene una lectura fuera de límites en la función panoParserFindOLine() en el archivo parser.c It was discovered that pano13 did not properly validate the prefix provided for PTcrop's output. An attacker could use this issue to cause pano13 to crash, resulting in a denial of service, or possibly execute arbitrary c... • https://groups.google.com/u/1/g/hugin-ptx/c/gLtz2vweD74 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 1CVE-2021-32436
https://notcve.org/view.php?id=CVE-2021-32436
10 Mar 2022 — An out-of-bounds read in the function write_title() in subs.c of abcm2ps v8.14.11 allows remote attackers to cause a Denial of Service (DoS) via unspecified vectors. Una lectura fuera de límites en la función write_title() en el archivo subs.c de abcm2ps versión v8.14.11, permite a atacantes remotos causar una denegación de servicio (DoS) por medio de vectores no especificados • https://github.com/leesavide/abcm2ps/commit/2f56e1179cab6affeb8afa9d6c324008fe40d8e3 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1CVE-2021-32435 – Ubuntu Security Notice USN-5961-1
https://notcve.org/view.php?id=CVE-2021-32435
10 Mar 2022 — Stack-based buffer overflow in the function get_key in parse.c of abcm2ps v8.14.11 allows remote attackers to cause a Denial of Service (DoS) via unspecified vectors. Un desbordamiento del búfer en la región Stack de la memoria en la función get_key en el archivo parse.c de abcm2ps versión v8.14.11, permite a atacantes remotos causar una denegación de servicio (DoS) por medio de vectores no especificados It was discovered that abcm2ps incorrectly handled memory when parsing specially crafted ABC files. An a... • https://github.com/leesavide/abcm2ps/commit/3169ace6d63f6f517a64e8df0298f44a490c4a15 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1CVE-2021-32434
https://notcve.org/view.php?id=CVE-2021-32434
10 Mar 2022 — abcm2ps v8.14.11 was discovered to contain an out-of-bounds read in the function calculate_beam at draw.c. Se ha detectado que abcm2ps versión v8.14.11, contiene una lectura fuera de límites en la función calculate_beam en el archivo draw.c • https://github.com/leesavide/abcm2ps/commit/2f56e1179cab6affeb8afa9d6c324008fe40d8e3 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-26846
https://notcve.org/view.php?id=CVE-2022-26846
10 Mar 2022 — SPIP before 3.2.14 and 4.x before 4.0.5 allows remote authenticated editors to execute arbitrary code. SPIP versiones anteriores a 3.2.14 y versiones 4.x anteriores a 4.0.5, permite a editores remotos autenticados ejecutar código arbitrario • https://blog.spip.net/Mise-a-jour-critique-de-securite-sorties-de-SPIP-4-0-5-et-SPIP-3-2-14.html •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2022-26847
https://notcve.org/view.php?id=CVE-2022-26847
10 Mar 2022 — SPIP before 3.2.14 and 4.x before 4.0.5 allows unauthenticated access to information about editorial objects. SPIP versiones anteriores a 3.2.14 y versiones 4.x anteriores a 4.0.5, permite el acceso no autenticado a información sobre objetos editoriales • https://blog.spip.net/Mise-a-jour-critique-de-securite-sorties-de-SPIP-4-0-5-et-SPIP-3-2-14.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.4EPSS: 0%CPEs: 8EXPL: 0CVE-2022-24919 – Reflected XSS in graph configuration window of Zabbix Frontend
https://notcve.org/view.php?id=CVE-2022-24919
09 Mar 2022 — An authenticated user can create a link with reflected Javascript code inside it for graphs’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim during social engineering attacks. Un usuario autenticado puede crear un enlac... • https://lists.debian.org/debian-lts-announce/2022/04/msg00011.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.4EPSS: 0%CPEs: 8EXPL: 0CVE-2022-24917 – Reflected XSS in service configuration window of Zabbix Frontend
https://notcve.org/view.php?id=CVE-2022-24917
09 Mar 2022 — An authenticated user can create a link with reflected Javascript code inside it for services’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim during social engineering attacks. Un usuario autenticado puede crear un enl... • https://lists.debian.org/debian-lts-announce/2022/04/msg00011.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •