CVSS: 7.3EPSS: 0%CPEs: 3EXPL: 1CVE-2022-0476 – Denial of Service in radareorg/radare2
https://notcve.org/view.php?id=CVE-2022-0476
Denial of Service in GitHub repository radareorg/radare2 prior to 5.6.4. Una Denegación de Servicio en el repositorio de GitHub radareorg/radare2 versiones anteriores a 5.6.4 • https://github.com/radareorg/radare2/commit/27fe8031782d3a06c3998eaa94354867864f9f1b https://huntr.dev/bounties/81ddfbda-6c9f-4b69-83ff-85b15141e35d https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZTIMAS53YT66FUS4QHQAFRJOBMUFG6D https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E6YBRQ3UCFWJVSOYIKPVUDASZ544TFND • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.8EPSS: 0%CPEs: 12EXPL: 0CVE-2022-24407 – cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands
https://notcve.org/view.php?id=CVE-2022-24407
In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement. En Cyrus SASL versiones 2.1.17 hasta 2.1.27 anteriores a 2.1.28, el archivo plugins/sql.c no escapa la contraseña para una sentencia SQL INSERT o UPDATE A flaw was found in the SQL plugin shipped with Cyrus SASL. The vulnerability occurs due to failure to properly escape SQL input and leads to an improper input validation vulnerability. This flaw allows an attacker to execute arbitrary SQL commands and the ability to change the passwords for other accounts allowing escalation of privileges. • http://www.openwall.com/lists/oss-security/2022/02/23/4 https://github.com/cyrusimap/cyrus-sasl/blob/fdcd13ceaef8de684dc69008011fa865c5b4a3ac/docsrc/sasl/release-notes/2.1/index.rst https://lists.debian.org/debian-lts-announce/2022/03/msg00002.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4FIXU75Q6RBNK6UYM7MQ3TCFGXR7AX4U https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H26R4SMGM3WHXX4XYNNJB4YGFIL5UNF4 https://lists.fedoraproject.org&#x • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 1CVE-2022-0713 – Heap-based Buffer Overflow in radareorg/radare2
https://notcve.org/view.php?id=CVE-2022-0713
Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.4. Un Desbordamiento de búfer en la región heap de la memoria en el repositorio de GitHub radareorg/radare2 versiones anteriores a 5.6.4 • https://github.com/radareorg/radare2/commit/a35f89f86ed12161af09330e92e5a213014e46a1 https://huntr.dev/bounties/d35b3dff-768d-4a09-a742-c18ca8f56d3c https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZTIMAS53YT66FUS4QHQAFRJOBMUFG6D https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E6YBRQ3UCFWJVSOYIKPVUDASZ544TFND • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 1CVE-2022-0712 – NULL Pointer Dereference in radareorg/radare2
https://notcve.org/view.php?id=CVE-2022-0712
NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.4. Una Desreferencia de puntero NULL en el repositorio de GitHub radareorg/radare2 versiones anteriores a 5.6.4 • https://github.com/radareorg/radare2/commit/515e592b9bea0612bc63d8e93239ff35bcf645c7 https://huntr.dev/bounties/1e572820-e502-49d1-af0e-81833e2eb466 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZTIMAS53YT66FUS4QHQAFRJOBMUFG6D https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E6YBRQ3UCFWJVSOYIKPVUDASZ544TFND • CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-25600 – WordPress WP Google Map plugin <= 4.2.3 - Cross-Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2022-25600
Cross-Site Request Forgery (CSRF) vulnerability affecting Delete Marker Category, Delete Map, and Copy Map functions in WP Google Map plugin (versions <= 4.2.3). Una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) afectando a las funciones Delete Marker Category, Delete Map y Copy Map en el plugin WP Google Map (versiones anteriores a 4.2.3 incluyéndola) • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7CR6VGITIB2TXXZ6B5QRRWPU5S4BXQPD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IJX6NVXSRN3RX3YUVEJQ4WUTQSDL3DSR https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PZQCIZQI267YHVYSFB3CRKNK3F4ASPLK https://patchstack.com/database/vulnerability/wp-google-map-plugin/wordpress-wp-google-map-plugin-4-2-3-cross-site-request-forgery-csrf-vulnerability https://wordpress.org/plugins& • CWE-352: Cross-Site Request Forgery (CSRF) •