CVSS: 9.6EPSS: 0%CPEs: 3EXPL: 1CVE-2022-0173 – Out-of-bounds Read in radareorg/radare2
https://notcve.org/view.php?id=CVE-2022-0173
radare2 is vulnerable to Out-of-bounds Read radare2 es vulnerable a una Lectura Fuera de Límites • https://github.com/radareorg/radare2/commit/37897226a1a31f982bfefdc4aeefc2e50355c73c https://huntr.dev/bounties/727d8600-88bc-4dde-8dea-ee3d192600e5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IQIRJ72UALGMSWH6MYPVJQQLXFGZ23RS https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SKGIB52R4XPCPNEW6GF56EHW7ST24IJU • CWE-125: Out-of-bounds Read •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 2CVE-2022-21668 – Pipenv's requirements.txt parsing allows malicious index url in comments
https://notcve.org/view.php?id=CVE-2022-21668
pipenv is a Python development workflow tool. Starting with version 2018.10.9 and prior to version 2022.1.8, a flaw in pipenv's parsing of requirements files allows an attacker to insert a specially crafted string inside a comment anywhere within a requirements.txt file, which will cause victims who use pipenv to install the requirements file to download dependencies from a package index server controlled by the attacker. By embedding malicious code in packages served from their malicious index server, the attacker can trigger arbitrary remote code execution (RCE) on the victims' systems. If an attacker is able to hide a malicious `--index-url` option in a requirements file that a victim installs with pipenv, the attacker can embed arbitrary malicious code in packages served from their malicious index server that will be executed on the victim's host during installation (remote code execution/RCE). When pip installs from a source distribution, any code in the setup.py is executed by the install process. • https://github.com/sreeram281997/CVE-2022-21668-Pipenv-RCE-vulnerability https://github.com/pypa/pipenv/commit/439782a8ae36c4762c88e43d5f0d8e563371b46f https://github.com/pypa/pipenv/releases/tag/v2022.1.8 https://github.com/pypa/pipenv/security/advisories/GHSA-qc9x-gjcv-465w https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56HBA3EOSLEDNCCBJVHE6DO34P56EOUM https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KCROBYHUS6DKQPCXBRPCZ5CDBNQTYAWT https:// • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-190: Integer Overflow or Wraparound CWE-427: Uncontrolled Search Path Element CWE-791: Incomplete Filtering of Special Elements CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 1CVE-2022-0156 – Use After Free in vim/vim
https://notcve.org/view.php?id=CVE-2022-0156
vim is vulnerable to Use After Free vim es vulnerable a un Uso de Memoria Previamente Liberada • http://seclists.org/fulldisclosure/2022/Jul/13 http://seclists.org/fulldisclosure/2022/Mar/29 http://www.openwall.com/lists/oss-security/2022/01/15/1 https://github.com/vim/vim/commit/9f1a39a5d1cd7989ada2d1cb32f97d84360e050f https://huntr.dev/bounties/47dded34-3767-4725-8c7c-9dcb68c70b36 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HD5S2FC2HF22A7XQXK2X • CWE-416: Use After Free •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 1CVE-2022-0157 – Cross-site Scripting (XSS) - Stored in phoronix-test-suite/phoronix-test-suite
https://notcve.org/view.php?id=CVE-2022-0157
phoronix-test-suite is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') phoronix-test-suite es vulnerable a una Neutralización Inapropiada de Entradas durante la Generación de Páginas Web ("Cross-site Scripting") • https://github.com/phoronix-test-suite/phoronix-test-suite/commit/56fd0a3b69fb33c1c90a6017ed735889aaa59486 https://huntr.dev/bounties/2c0fe81b-0977-4e1e-b5d8-7646c9a7ebbd https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/57V2CSFU5MKWKL6RJUKMXSD4PCRFTMMQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BU7E6OOZCXS3ZWHOQ2AR7MKM56IN2R6R • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 1CVE-2022-0158 – Heap-based Buffer Overflow in vim/vim
https://notcve.org/view.php?id=CVE-2022-0158
vim is vulnerable to Heap-based Buffer Overflow vim es vulnerable a un Desbordamiento del Búfer en la región Heap de la Memoria • http://seclists.org/fulldisclosure/2022/Jul/13 http://seclists.org/fulldisclosure/2022/Mar/29 http://www.openwall.com/lists/oss-security/2022/01/15/1 https://github.com/vim/vim/commit/5f25c3855071bd7e26255c68bf458b1b5cf92f39 https://huntr.dev/bounties/ac5d7005-07c6-4a0a-b251-ba9cdbf6738b https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HD5S2FC2HF22A7XQXK2X • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •