CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-21712 – Cookie and header exposure in twisted
https://notcve.org/view.php?id=CVE-2022-21712
twisted is an event-driven networking engine written in Python. In affected versions twisted exposes cookies and authorization headers when following cross-origin redirects. This issue is present in the `twited.web.RedirectAgent` and `twisted.web. BrowserLikeRedirectAgent` functions. Users are advised to upgrade. • https://github.com/twisted/twisted/commit/af8fe78542a6f2bf2235ccee8158d9c88d31e8e2 https://github.com/twisted/twisted/releases/tag/twisted-22.1.0 https://github.com/twisted/twisted/security/advisories/GHSA-92x2-jw7w-xvvx https://lists.debian.org/debian-lts-announce/2022/02/msg00021.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-346: Origin Validation Error •
CVSS: 6.3EPSS: 0%CPEs: 4EXPL: 1CVE-2021-40403
https://notcve.org/view.php?id=CVE-2021-40403
An information disclosure vulnerability exists in the pick-and-place rotation parsing functionality of Gerbv 2.7.0 and dev (commit b5f1eacd), and Gerbv forked 2.8.0. A specially-crafted pick-and-place file can exploit the missing initialization of a structure to leak memory contents. An attacker can provide a malicious file to trigger this vulnerability. Se presenta una vulnerabilidad de divulgación de información en la funcionalidad pick-and-place rotation parsing de Gerbv versiones 2.7.0 y dev (commit b5f1eacd), y Gerbv forked versión 2.8.0. Un archivo pick-and-place especialmente diseñado puede explotar la falta de inicialización de una estructura para perder el contenido de la memoria. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PTGBC37N2FV7NKOWFVCFMPAFYEPHSB7C https://talosintelligence.com/vulnerability_reports/TALOS-2021-1417 https://www.debian.org/security/2022/dsa-5306 • CWE-456: Missing Initialization of a Variable CWE-909: Missing Initialization of Resource •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 1CVE-2021-40401
https://notcve.org/view.php?id=CVE-2021-40401
A use-after-free vulnerability exists in the RS-274X aperture definition tokenization functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and Gerbv forked 2.7.1. A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. Se presenta una vulnerabilidad de uso de memoria previamente liberada en la funcionalidad RS-274X aperture definition tokenization de Gerbv versiones 2.7.0 y dev (commit b5f1eacd) y Gerbv forked versión 2.7.1. Un archivo gerber especialmente diseñado puede conllevar a una ejecución de código. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TUM5GIUZJ7AVHVCXDZW6ZVCAPV2ISN47 https://talosintelligence.com/vulnerability_reports/TALOS-2021-1415 https://www.debian.org/security/2022/dsa-5306 • CWE-252: Unchecked Return Value •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 1CVE-2021-46661 – mariadb: MariaDB allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE)
https://notcve.org/view.php?id=CVE-2021-46661
MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE). MariaDB versiones hasta 10.5.9, permite un bloqueo de aplicación en las funciones find_field_in_tables y find_order_in_list por medio de una expresión de tabla común (CTE) no usada • https://jira.mariadb.org/browse/MDEV-25766 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKJRBYJAQCOPHSED43A3HUPNKQLDTFGD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZFZVMJL5UDTOZMARLXQIMG3BTG6UNYW https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NJ4KDAGF3H4D4BDTHRAM6ZEAJJWWMRUO https://mariadb.com/kb/en/security https://security.netapp.com/advisory/ntap-20220221-0002 https://access.redhat.com/s • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 1CVE-2021-46663 – mariadb: MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements
https://notcve.org/view.php?id=CVE-2021-46663
MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements. MariaDB versiones hasta 10.5.13, permite un bloqueo de la aplicación ha_maria::extra por medio de determinadas sentencias SELECT • https://jira.mariadb.org/browse/MDEV-26351 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKJRBYJAQCOPHSED43A3HUPNKQLDTFGD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZFZVMJL5UDTOZMARLXQIMG3BTG6UNYW https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NJ4KDAGF3H4D4BDTHRAM6ZEAJJWWMRUO https://mariadb.com/kb/en/security https://security.netapp.com/advisory/ntap-20220221-0002 https://access.redhat.com/s • CWE-20: Improper Input Validation •