CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 1CVE-2022-0519 – Buffer Access with Incorrect Length Value in radareorg/radare2
https://notcve.org/view.php?id=CVE-2022-0519
Buffer Access with Incorrect Length Value in GitHub repository radareorg/radare2 prior to 5.6.2. Un Acceso al Búfer con un Valor de Longitud Incorrecto en el repositorio de GitHub radareorg/radare2 versiones anteriores a 5.6.2 • https://github.com/radareorg/radare2/commit/6c4428f018d385fc80a33ecddcb37becea685dd5 https://huntr.dev/bounties/af85b9e1-d1cf-4c0e-ba12-525b82b7c1e3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZTIMAS53YT66FUS4QHQAFRJOBMUFG6D https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E6YBRQ3UCFWJVSOYIKPVUDASZ544TFND • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-805: Buffer Access with Incorrect Length Value •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 1CVE-2022-0518 – Heap-based Buffer Overflow in radareorg/radare2
https://notcve.org/view.php?id=CVE-2022-0518
Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.2. Un Desbordamiento del Búfer en la región Heap de la Memoria en el repositorio GitHub radareorg/radare2versiones anteriores a 5.6.2 • https://github.com/radareorg/radare2/commit/9650e3c352f675687bf6c6f65ff2c4a3d0e288fa https://huntr.dev/bounties/10051adf-7ddc-4042-8fd0-8e9e0c5b1184 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZTIMAS53YT66FUS4QHQAFRJOBMUFG6D https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E6YBRQ3UCFWJVSOYIKPVUDASZ544TFND • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 6.8EPSS: 0%CPEs: 8EXPL: 1CVE-2022-21702 – Cross site scripting in Grafana proxy
https://notcve.org/view.php?id=CVE-2022-21702
Grafana is an open-source platform for monitoring and observability. In affected versions an attacker could serve HTML content thru the Grafana datasource or plugin proxy and trick a user to visit this HTML page using a specially crafted link and execute a Cross-site Scripting (XSS) attack. The attacker could either compromise an existing datasource for a specific Grafana instance or either set up its own public service and instruct anyone to set it up in their Grafana instance. To be impacted, all of the following must be applicable. For the data source proxy: A Grafana HTTP-based datasource configured with Server as Access Mode and a URL set, the attacker has to be in control of the HTTP server serving the URL of above datasource, and a specially crafted link pointing at the attacker controlled data source must be clicked on by an authenticated user. • https://github.com/grafana/grafana/commit/27726868b3d7c613844b55cd209ca93645c99b85 https://github.com/grafana/grafana/security/advisories/GHSA-xc3p-28hw-q24g https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH https://lists.fedorapr • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-0523 – Use After Free in radareorg/radare2
https://notcve.org/view.php?id=CVE-2022-0523
Use After Free in GitHub repository radareorg/radare2 prior to 5.6.2. Una Desreferencia de Puntero Caducada en el repositorio GitHub radareorg/radare2 versiones anteriores a 5.6.2 • https://github.com/radareorg/radare2/commit/35482cb760db10f87a62569e2f8872dbd95e9269 https://huntr.dev/bounties/9d8d6ae0-fe00-40b9-ae1e-b0e8103bac69 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZTIMAS53YT66FUS4QHQAFRJOBMUFG6D https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E6YBRQ3UCFWJVSOYIKPVUDASZ544TFND • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 1CVE-2022-0115 – Chrome storage::BlobBuilderFromStream Uninitializaed On-Stack Pointer
https://notcve.org/view.php?id=CVE-2022-0115
Uninitialized use in File API in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Un uso no inicializado en File API en Google Chrome versiones anteriores a 97.0.4692.71, permitía a un atacante remoto llevar a cabo un acceso a la memoria fuera de límites por medio de una página HTML diseñada Chrome suffers from making use of an uninitialized on-stack pointer in storage::BlobBuilderFromStream. • https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop.html https://crbug.com/1268903 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5PAGL5M2KGYPN3VEQCRJJE6NA7D5YG5X https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQJB6ZPRLKV6WCMX2PRRRQBFAOXFBK6B https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRWRAXAFR3JR7XCFWTHC2KALSZKWACCE • CWE-908: Use of Uninitialized Resource •