CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 1CVE-2022-40320
https://notcve.org/view.php?id=CVE-2022-40320
cfg_tilde_expand in confuse.c in libConfuse 3.3 has a heap-based buffer over-read. La función cfg_tilde_expand en el archivo confuse.c en libConfuse 3.3 presenta una lectura excesiva del búfer en la región heap de la memoria • https://github.com/libconfuse/libconfuse/issues/163 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BSAZK4KAWRWNAFUBBXOYU3PVNH3X7226 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EDUT2V62V2XF2IT5TJFPB6P3EQ6X5VLL https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FJKHAPJ6AUWVP4HDGKH4M5A2XXWQI73O • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 34%CPEs: 4EXPL: 6CVE-2022-25765 – Command Injection
https://notcve.org/view.php?id=CVE-2022-25765
The package pdfkit from 0.0.0 are vulnerable to Command Injection where the URL is not properly sanitized. El paquete pdfkit a partir de la versión 0.0.0, es vulnerable a una inyección de comandos cuando la URL no está saneada apropiadamente pdfkit version 08.7.2 suffers from a command injection vulnerability. • https://github.com/PurpleWaveIO/CVE-2022-25765-pdfkit-Exploit-Reverse-Shell https://github.com/UNICORDev/exploit-CVE-2022-25765 https://github.com/nikn0laty/PDFkit-CMD-Injection-CVE-2022-25765 https://github.com/LordRNA/CVE-2022-25765 https://github.com/lowercasenumbers/CVE-2022-25765 http://packetstormsecurity.com/files/171746/pdfkit-0.8.7.2-Command-Injection.html https://github.com/pdfkit/pdfkit/blob/46cdf53ec540da1a1a2e4da979e3e5fe2f92a257/lib/pdfkit/pdfkit.rb%23L55-L58 https://github.com/pdfkit/pd •
CVSS: 7.5EPSS: 0%CPEs: 23EXPL: 0CVE-2020-10735 – python: int() type in PyLong_FromString() does not limit amount of digits converting text to int leading to DoS
https://notcve.org/view.php?id=CVE-2020-10735
A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability. Se ha encontrado un fallo en python. En los algoritmos con complejidad de tiempo cuadrática que usan bases no binarias, cuando es usada int("text"), un sistema podría tardar 50ms en analizar una cadena int con 100.000 dígitos y 5s para 1.000.000 de dígitos (float, decimal, int.from_bytes(), e int() para bases binarias 2, 4, 8, 16, y 32 no están afectados). • http://www.openwall.com/lists/oss-security/2022/09/21/1 http://www.openwall.com/lists/oss-security/2022/09/21/4 https://access.redhat.com/security/cve/CVE-2020-10735 https://bugzilla.redhat.com/show_bug.cgi?id=1834423 https://docs.google.com/document/d/1KjuF_aXlzPUxTK4BMgezGJ2Pn7uevfX7g0_mvgHlL7Y https://github.com/python/cpython/issues/95778 https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fed • CWE-400: Uncontrolled Resource Consumption CWE-704: Incorrect Type Conversion or Cast •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 1CVE-2022-3123 – Cross-site Scripting (XSS) - Reflected in splitbrain/dokuwiki
https://notcve.org/view.php?id=CVE-2022-3123
Cross-site Scripting (XSS) - Reflected in GitHub repository splitbrain/dokuwiki prior to 2022-07-31a. Una vulnerabilidad de tipo Cross-site Scripting (XSS) - Reflejado en el repositorio GitHub splitbrain/dokuwiki versiones anteriores a 2022-07-31a • https://github.com/splitbrain/dokuwiki/commit/63e9a247c072008a031f9db39fa496f6aca489b6 https://huntr.dev/bounties/d72a979b-57db-4201-9500-66b49a5c1345 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LLNV7GYZPGLIKBLISVQUREQXE3WHI5R2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PZQTVHRBEVMSKQESNFLU7MAUAB3R3PG2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XIWZXLDU7SUS2FANXQRCHJY3F3SWT27E • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2022-3099 – Use After Free in vim/vim
https://notcve.org/view.php?id=CVE-2022-3099
Use After Free in GitHub repository vim/vim prior to 9.0.0360. Un Uso de Memoria Previamente Liberada en el repositorio GitHub vim/vim versiones anteriores a 9.0.0360 • https://github.com/vim/vim/commit/35d21c6830fc2d68aca838424a0e786821c5891c https://huntr.dev/bounties/403210c7-6cc7-4874-8934-b57f88bd4f5e https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DVWBI4BVTBUMNW4NMB3WZZDQJBKIGXI3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LLK2RMZEECKKWUQK7J46D2FQZOXFQLTC https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/messa • CWE-416: Use After Free •