CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 1CVE-2022-39348 – Twisted vulnerable to NameVirtualHost Host header injection
https://notcve.org/view.php?id=CVE-2022-39348
Twisted is an event-based framework for internet applications. Started with version 0.9.4, when the host header does not match a configured host `twisted.web.vhost.NameVirtualHost` will return a `NoResource` resource which renders the Host header unescaped into the 404 response allowing HTML and script injection. In practice this should be very difficult to exploit as being able to modify the Host header of a normal HTTP request implies that one is already in a privileged position. This issue was fixed in version 22.10.0rc1. There are no known workarounds. • https://github.com/twisted/twisted/commit/f2f5e81c03f14e253e85fe457e646130780db40b https://github.com/twisted/twisted/commit/f49041bb67792506d85aeda9cf6157e92f8048f4 https://github.com/twisted/twisted/security/advisories/GHSA-vg46-2rrj-3647 https://lists.debian.org/debian-lts-announce/2022/11/msg00038.html https://security.gentoo.org/glsa/202301-02 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-3705 – vim autocmd quickfix.c qf_update_buffer use after free
https://notcve.org/view.php?id=CVE-2022-3705
A vulnerability was found in vim and classified as problematic. Affected by this issue is the function qf_update_buffer of the file quickfix.c of the component autocmd Handler. The manipulation leads to use after free. The attack may be launched remotely. Upgrading to version 9.0.0805 is able to address this issue. • http://seclists.org/fulldisclosure/2023/Jan/19 https://github.com/vim/vim/commit/d0fab10ed2a86698937e3c3fed2f10bd9bb5e731 https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4JCW33NOLMELTTTDJH7WGDIFJZ5YEEMK https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYEK5RNMH7MVQH6 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-42890 – Apache Batik prior to 1.16 allows RCE via scripting
https://notcve.org/view.php?id=CVE-2022-42890
A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16. Una vulnerabilidad en Batik de Apache XML Graphics permite a un atacante ejecutar código Java desde un SVG no confiable por medio de JavaScript. Este problema afecta a Apache XML Graphics versiones anteriores a 1.16. • http://www.openwall.com/lists/oss-security/2022/10/25/3 https://lists.apache.org/thread/pkvhy0nsj1h1mlon008wtzhosbtxjwly https://lists.debian.org/debian-lts-announce/2022/10/msg00038.html https://security.gentoo.org/glsa/202401-11 https://www.debian.org/security/2022/dsa-5264 https://access.redhat.com/security/cve/CVE-2022-42890 https://bugzilla.redhat.com/show_bug.cgi?id=2182183 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-41704 – Apache Batik prior to 1.16 allows RCE when loading untrusted SVG input
https://notcve.org/view.php?id=CVE-2022-41704
A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16. Una vulnerabilidad en Batik de Apache XML Graphics permite a un atacante ejecutar código Java no confiable desde un SVG. Este problema afecta a Apache XML Graphics versiones anteriores a 1.16. • http://www.openwall.com/lists/oss-security/2022/10/25/2 https://lists.apache.org/thread/hplhx0o74jb7blj39fm4kw3otcnjd6xf https://lists.debian.org/debian-lts-announce/2022/10/msg00038.html https://security.gentoo.org/glsa/202401-11 https://www.debian.org/security/2022/dsa-5264 https://access.redhat.com/security/cve/CVE-2022-41704 https://bugzilla.redhat.com/show_bug.cgi?id=2182182 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 0%CPEs: 21EXPL: 3CVE-2022-43680 – expat: use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate
https://notcve.org/view.php?id=CVE-2022-43680
In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations. En libexpat versiones hasta 2.4.9, se presenta un uso de memoria previamente liberada causado por la destrucción excesiva de un DTD compartido en XML_ExternalEntityParserCreate en situaciones fuera de memoria A use-after-free flaw was found in the Expat package, caused by destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations. This may lead to availability disruptions. • http://www.openwall.com/lists/oss-security/2023/12/28/5 http://www.openwall.com/lists/oss-security/2024/01/03/5 https://github.com/libexpat/libexpat/issues/649 https://github.com/libexpat/libexpat/pull/616 https://github.com/libexpat/libexpat/pull/650 https://lists.debian.org/debian-lts-announce/2022/10/msg00033.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AJ5VY2VYXE4WTRGQ6LMGLF6FV3SY37YE https://lists.fedoraproject.org/archives/list&#x • CWE-416: Use After Free •