CVSS: 9.8EPSS: 4%CPEs: 5EXPL: 0CVE-2022-21831
https://notcve.org/view.php?id=CVE-2022-21831
A code injection vulnerability exists in the Active Storage >= v5.2.0 that could allow an attacker to execute code via image_processing arguments. Se presenta una vulnerabilidad de inyección de código en Active Storage versiones posteriores a v5.2.0 incluyéndola, que podría permitir a un atacante ejecutar código por medio de argumentos image_processing • https://github.com/advisories/GHSA-w749-p3v6-hccq https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html https://security.netapp.com/advisory/ntap-20221118-0001 https://www.debian.org/security/2023/dsa-5372 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-22577 – rubygem-actionpack: Possible cross-site scripting vulnerability in Action Pack
https://notcve.org/view.php?id=CVE-2022-22577
An XSS Vulnerability in Action Pack >= 5.2.0 and < 5.2.0 that could allow an attacker to bypass CSP for non HTML like responses. Una vulnerabilidad de tipo XSS en Action Pack versiones posteriores a 5.2.0 incluyéndola y versiones anteriores a 5.2.0, que podría permitir a un atacante omitir el CSP para conseguir respuestas que no sean HTML A flaw was found in rubygem-actionpack where CSP headers were sent with responses that Rails considered "HTML" responses. This flaw allows an attacker to leave API requests without CSP headers and perform a Cross-site scripting attack. • https://discuss.rubyonrails.org/t/cve-2022-22577-possible-xss-vulnerability-in-action-pack/80533 https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html https://security.netapp.com/advisory/ntap-20221118-0002 https://www.debian.org/security/2023/dsa-5372 https://access.redhat.com/security/cve/CVE-2022-22577 https://bugzilla.redhat.com/show_bug.cgi?id=2080302 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-30788 – ntfs-3g: crafted NTFS image can cause a heap-based buffer overflow in ntfs_mft_rec_alloc
https://notcve.org/view.php?id=CVE-2022-30788
A crafted NTFS image can cause a heap-based buffer overflow in ntfs_mft_rec_alloc in NTFS-3G through 2021.8.22. Una imagen NTFS diseñada puede causar un desbordamiento del búfer en la región heap de la memoria en ntfs_mft_rec_alloc en NTFS-3G versiones hasta 2021.8.22 A vulnerability was found in NTFS-3G. Incorrect validation of NTFS metadata can result in a heap-based buffer overflow when processing a crafted NTFS image file or partition. • https://github.com/tuxera/ntfs-3g/releases https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-xchm-ph5h-hw4x https://lists.debian.org/debian-lts-announce/2022/06/msg00017.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7JPX6OUCQKZX4PN5DQPVDUFZCOOZUX7Z https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ECDCISL24TYH4CTDFCUVF24WAKRSYF7F https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-30784 – ntfs-3g: crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value
https://notcve.org/view.php?id=CVE-2022-30784
A crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value in NTFS-3G through 2021.8.22. Una imagen NTFS diseñada puede causar el agotamiento de la pila en ntfs_get_attribute_value en NTFS-3G versiones hasta 2021.8.22 A vulnerability was found in NTFS-3G. Incorrect validation of NTFS metadata can result in a heap exhaustion when processing a crafted NTFS image file or partition. • https://github.com/tuxera/ntfs-3g/releases https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-xchm-ph5h-hw4x https://lists.debian.org/debian-lts-announce/2022/06/msg00017.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7JPX6OUCQKZX4PN5DQPVDUFZCOOZUX7Z https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ECDCISL24TYH4CTDFCUVF24WAKRSYF7F https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.7EPSS: 0%CPEs: 6EXPL: 0CVE-2022-30787
https://notcve.org/view.php?id=CVE-2022-30787
An integer underflow in fuse_lib_readdir enables arbitrary memory read operations in NTFS-3G through 2021.8.22 when using libfuse-lite. Un desbordamiento de enteros en fuse_lib_readdir permite realizar operaciones de lectura de memoria arbitrarias en NTFS-3G versiones hasta 2021.8.22 cuando se usa libfuse-lite • http://www.openwall.com/lists/oss-security/2022/06/07/4 https://github.com/tuxera/ntfs-3g/releases https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-6mv4-4v73-xw58 https://lists.debian.org/debian-lts-announce/2022/06/msg00017.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7JPX6OUCQKZX4PN5DQPVDUFZCOOZUX7Z https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ECDCISL24TYH4CTDFCUVF24WAKRSYF7F https://lists.fedoraprojec • CWE-191: Integer Underflow (Wrap or Wraparound) •