CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 1CVE-2022-21699 – Execution with Unnecessary Privileges in ipython
https://notcve.org/view.php?id=CVE-2022-21699
IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Affected versions are subject to an arbitrary code execution vulnerability achieved by not properly managing cross user temporary files. This vulnerability allows one user to run code as another on the same machine. All users are advised to upgrade. IPython (Interactive Python) es un shell de comandos para la computación interactiva en múltiples lenguajes de programación, desarrollado originalmente para el lenguaje de programación Python. • https://github.com/ipython/ipython/commit/46a51ed69cdf41b4333943d9ceeb945c4ede5668 https://github.com/ipython/ipython/security/advisories/GHSA-pq7m-3gw7-gq5x https://ipython.readthedocs.io/en/stable/whatsnew/version8.html#ipython-8-0-1-cve-2022-21699 https://lists.debian.org/debian-lts-announce/2022/01/msg00021.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CRQRTWHYXMLDJ572VGVUZMUPEOTPM3KB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/m • CWE-250: Execution with Unnecessary Privileges CWE-269: Improper Privilege Management CWE-279: Incorrect Execution-Assigned Permissions •
CVSS: 9.8EPSS: 1%CPEs: 7EXPL: 1CVE-2021-41816 – ruby: buffer overflow in CGI.escape_html
https://notcve.org/view.php?id=CVE-2021-41816
CGI.escape_html in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) where size_t and long have different numbers of bytes. This also affects the CGI gem before 0.3.1 for Ruby. El archivo CGI.escape_html en Ruby versiones anteriores a 2.7.5 y 3.x versiones anteriores a 3.0.3, presenta un desbordamiento de enteros y un desbordamiento de búfer resultante por medio de una cadena larga en plataformas (como Windows) donde size_t y long tienen diferentes números de bytes. Esto también afecta a CGI gem versiones anteriores a 0.3.1 para Ruby A flaw was found in the ruby. This issue occurs due to improper bounds checking by a buffer overrun in CGI.escape_html. • https://hackerone.com/reports/1328463 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUXQCH6FRKANCVZO2Q7D2SQX33FP3KWN https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTOJGS5IEFDK3UOO7IY4OTTFGHGLSWZF https://security-tracker.debian.org/tracker/CVE-2021-41816 https://security.gentoo.org/glsa/202401-27 https://security.netapp.com/advisory/ntap-20220303-0006 https://www.ruby-lang.org/en/news/2021/11/24/buffer-overrun-in-cgi-escape& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound •
CVSS: 4.9EPSS: 0%CPEs: 8EXPL: 0CVE-2022-21339 – mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2022)
https://notcve.org/view.php?id=CVE-2022-21339
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2XBX2PNTBLJNK5G7EP7LIDPFTPDIHPW https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6OB7IPXBSJRAGCA4P47EVGC76VS2DS4 https://security.netapp.com/advisory/ntap-20220121-0008 https://www.oracle.com/security-alerts/cpujan2022.html https://access.redhat.com/security/cve/CVE-2022-21339 https://bugzilla.redhat.com/show_bug.cgi?id=2043634 •
CVSS: 4.9EPSS: 0%CPEs: 9EXPL: 0CVE-2022-21304 – mysql: Server: Parser unspecified vulnerability (CPU Jan 2022)
https://notcve.org/view.php?id=CVE-2022-21304
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2XBX2PNTBLJNK5G7EP7LIDPFTPDIHPW https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6OB7IPXBSJRAGCA4P47EVGC76VS2DS4 https://security.netapp.com/advisory/ntap-20220121-0008 https://www.oracle.com/security-alerts/cpujan2022.html https://access.redhat.com/security/cve/CVE-2022-21304 https://bugzilla.redhat.com/show_bug.cgi?id=2043633 •
CVSS: 4.9EPSS: 0%CPEs: 9EXPL: 0CVE-2022-21303 – mysql: Server: Stored Procedure unspecified vulnerability (CPU Jan 2022)
https://notcve.org/view.php?id=CVE-2022-21303
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2XBX2PNTBLJNK5G7EP7LIDPFTPDIHPW https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6OB7IPXBSJRAGCA4P47EVGC76VS2DS4 https://security.netapp.com/advisory/ntap-20220121-0008 https://www.oracle.com/security-alerts/cpujan2022.html https://access.redhat.com/security/cve/CVE-2022-21303 https://bugzilla.redhat.com/show_bug.cgi?id=2043632 •