CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 1CVE-2021-46659 – mariadb: Crash executing query with VIEW, aggregate and subquery
https://notcve.org/view.php?id=CVE-2021-46659
MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW. MariaDB versiones anteriores a 10.7.2 permite un bloqueo de la aplicación porque no reconoce que SELECT_LEX::nest_level es local a cada VIEW • https://jira.mariadb.org/browse/MDEV-25631 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKJRBYJAQCOPHSED43A3HUPNKQLDTFGD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZFZVMJL5UDTOZMARLXQIMG3BTG6UNYW https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NJ4KDAGF3H4D4BDTHRAM6ZEAJJWWMRUO https://mariadb.com/kb/en/security https://security.netapp.com/advisory/ntap-20220311-0003 https://access.redhat.com/s • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 0CVE-2021-22570 – Nullptr Dereference in Protobuf
https://notcve.org/view.php?id=CVE-2021-22570
Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend upgrading to version 3.15.0 or greater. Una desreferencia de puntero Null cuando un char nulo está presente en un símbolo proto. • https://github.com/protocolbuffers/protobuf/releases/tag/v3.15.0 https://lists.debian.org/debian-lts-announce/2023/04/msg00019.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3DVUZPALAQ34TQP6KFNLM4IZS6B32XSA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5PAGL5M2KGYPN3VEQCRJJE6NA7D5YG5X https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BTRGBRC5KGCA4SK5MUNLPYJRAGXMBIYY https://lists.fedoraproject.org/archi • CWE-476: NULL Pointer Dereference •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2022-21673 – OAuth Identity Token exposure in Grafana
https://notcve.org/view.php?id=CVE-2022-21673
Grafana is an open-source platform for monitoring and observability. In affected versions when a data source has the Forward OAuth Identity feature enabled, sending a query to that datasource with an API token (and no other user credentials) will forward the OAuth Identity of the most recently logged-in user. This can allow API token holders to retrieve data for which they may not have intended access. This attack relies on the Grafana instance having data sources that support the Forward OAuth Identity feature, the Grafana instance having a data source with the Forward OAuth Identity feature toggled on, the Grafana instance having OAuth enabled, and the Grafana instance having usable API keys. This issue has been patched in versions 7.5.13 and 8.3.4. • https://github.com/grafana/grafana/releases/tag/v7.5.13 https://github.com/grafana/grafana/releases/tag/v8.3.4 https://github.com/grafana/grafana/security/advisories/GHSA-8wjh-59cw-9xh4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/mess • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 7.8EPSS: 1%CPEs: 3EXPL: 0CVE-2021-44537
https://notcve.org/view.php?id=CVE-2021-44537
ownCloud owncloud/client before 2.9.2 allows Resource Injection by a server into the desktop client via a URL, leading to remote code execution. ownCloud owncloud/client versiones anteriores a 2.9.2 permite una inyección de recursos por parte de un servidor en el cliente de escritorio por medio de una URL, conllevando a una ejecución de código remota • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STKTSNYBZPXBGJOCDAMCZPRXJLAYGDMO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSZNJFGM66LJONBQFYYQL4GD5XI5QO2Y https://owncloud.com/security-advisories/cve-2021-44537 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2021-46021
https://notcve.org/view.php?id=CVE-2021-46021
An Use-After-Free vulnerability in rec_record_destroy() at rec-record.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash. Una vulnerabilidad de Uso de Memoria Previamente Liberada en la función rec_record_destroy() en el archivo rec-record.c de GNU Recutils versión v1.8.90, puede conllevar a un fallo de segmentación o un fallo de la aplicación • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDVOFC3HTBG7DF2PZTEXRMG4CV2F55UF https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRSXSN2XF6PX74WDYVV26TQMYIFAEQ3T https://lists.gnu.org/archive/html/bug-recutils/2021-12/msg00008.html • CWE-416: Use After Free •