Page 120 of 1100 results (0.012 seconds)

CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 1

CVE-2022-22818 – django: Possible XSS via '{% debug %}' template tag

https://notcve.org/view.php?id=CVE-2022-22818

The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2 does not properly encode the current context. This may lead to XSS. La etiqueta de plantilla {% debug %} en Django versiones 2.2 anteriores a 2.2.27, 3.2 anteriores a 3.2.12 y 4.0 anteriores a 4.0.2, no codifica correctamente el contexto actual. Esto puede conllevar a un ataque de tipo XSS A flaw was found in Django. The ``{% debug %}`` template tag did not properly encode the current context, posing a Cross-site scripting attack vector (XSS). • https://docs.djangoproject.com/en/4.0/releases/security https://groups.google.com/forum/#%21forum/django-announce https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV https://security.netapp.com/advisory/ntap-20220221-0003 https://www.debian.org/security/2022/dsa-5254 https://www.djangoproject.com/weblog/2022/feb/01/security-releases https://access.redhat.com/security/cve/CVE-2022-22818 https://bugzilla.redhat.com/show_bug • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 2%CPEs: 6EXPL: 0

CVE-2022-23833 – django: Denial-of-service possibility in file uploads

https://notcve.org/view.php?id=CVE-2022-23833

An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2. Passing certain inputs to multipart forms could result in an infinite loop when parsing files. Se ha detectado un problema en MultiPartParser en Django versiones 2.2 anteriores a 2.2.27, 3.2 anteriores a 3.2.12 y 4.0 anteriores a 4.0.2. Pasar determinadas entradas a formularios multiparte podía resultar en un bucle infinito cuando eran analizados los archivos A flaw was found in Django. The issue occurs when passing certain inputs to multipart forms, resulting in an infinite loop when parsing files. • https://docs.djangoproject.com/en/4.0/releases/security https://github.com/django/django/commit/c477b761804984c932704554ad35f78a2e230c6a https://github.com/django/django/commit/d16133568ef9c9b42cb7a08bdf9ff3feec2e5468 https://github.com/django/django/commit/f9c7d48fdd6f198a6494a9202f90242f176e4fc9 https://groups.google.com/forum/#%21forum/django-announce https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV https://security.netapp.com/advisory/ntap-20220221-0003 https:/& • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVSS: 9.8EPSS: 2%CPEs: 8EXPL: 2

CVE-2022-21724 – Unchecked Class Instantiation when providing Plugin Classes

https://notcve.org/view.php?id=CVE-2022-21724

pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin instances based on class names provided via `authenticationPluginClassName`, `sslhostnameverifier`, `socketFactory`, `sslfactory`, `sslpasswordcallback` connection properties. However, the driver did not verify if the class implements the expected interface before instantiating the class. This can lead to code execution loaded via arbitrary classes. • https://github.com/ToontjeM/CVE-2022-21724 https://github.com/pgjdbc/pgjdbc/commit/f4d0ed69c0b3aae8531d83d6af4c57f22312c813 https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-v7wg-cpwc-24m4 https://lists.debian.org/debian-lts-announce/2022/05/msg00027.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BVEO7BEFXPBVHSPYL3YKQWZI6DYXQLFS https://security.netapp.com/advisory/ntap-20220311-0005 https://www.debian.org/security/2022/dsa-5196 https://access.redhat.com&# • CWE-665: Improper Initialization •

CVSS: 8.4EPSS: 0%CPEs: 5EXPL: 1

CVE-2022-0443 – Use After Free in vim/vim

https://notcve.org/view.php?id=CVE-2022-0443

Use After Free in GitHub repository vim/vim prior to 8.2. Un Uso de Memoria Previamente Liberada en el repositorio de GitHub vim/vim de versiones anteriores a 8.2 • https://github.com/vim/vim/commit/9b4a80a66544f2782040b641498754bcb5b8d461 https://huntr.dev/bounties/b987c8cb-bbbe-4601-8a6c-54ff907c6b51 https://lists.debian.org/debian-lts-announce/2022/05/msg00022.html https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFXFAILMLUIK4MBUEZO4HNBNKYZRJ5AP https://secur • CWE-416: Use After Free •

CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0

CVE-2022-0336

https://notcve.org/view.php?id=CVE-2022-0336

The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that SPNs do not alias with those already in the database. Some of these checks are able to be bypassed if an account modification re-adds an SPN that was previously present on that account, such as one added when a computer is joined to a domain. An attacker who has the ability to write to an account can exploit this to perform a denial-of-service attack by adding an SPN that matches an existing service. Additionally, an attacker who can intercept traffic can impersonate existing services, resulting in a loss of confidentiality and integrity. El DC de Samba AD incluye comprobaciones cuando son añadidos nombres de directores de servicio (SPN) a una cuenta para asegurar que los SPN no presentan alias con los que ya están en la base de datos. • https://access.redhat.com/security/cve/CVE-2022-0336 https://bugzilla.redhat.com/show_bug.cgi?id=2046134 https://bugzilla.samba.org/show_bug.cgi?id=14950 https://github.com/samba-team/samba/commit/1a5dc817c0c9379bbaab14c676681b42b0039a3c https://github.com/samba-team/samba/commit/c58ede44f382bd0125f761f0479c8d48156be400 https://security.gentoo.org/glsa/202309-06 https://www.samba.org/samba/security/CVE-2022-0336.html • CWE-276: Incorrect Default Permissions •