CVSS: 8.1EPSS: 0%CPEs: 58EXPL: 0CVE-2022-23308 – libxml2: Use-after-free of ID and IDREF attributes
https://notcve.org/view.php?id=CVE-2022-23308
valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. El archivo valid.c en libxml2 versiones anteriores a 2.9.13, presenta un uso de memoria previamente liberada de los atributos ID e IDREF. A flaw was found in libxml2. A call to the xmlGetID function can return a pointer already freed when parsing an XML document with the XML_PARSE_DTDVALID option and without the XML_PARSE_NOENT option, resulting in a use-after-free issue. • http://seclists.org/fulldisclosure/2022/May/33 http://seclists.org/fulldisclosure/2022/May/34 http://seclists.org/fulldisclosure/2022/May/35 http://seclists.org/fulldisclosure/2022/May/36 http://seclists.org/fulldisclosure/2022/May/37 http://seclists.org/fulldisclosure/2022/May/38 https://github.com/GNOME/libxml2/commit/652dd12a858989b14eed4e84e453059cd3ba340e https://gitlab.gnome.org/GNOME/libxml2/-/blob/v2.9.13/NEWS https://lists.debian.org/debian-lts-announce/2022/04/msg00004. • CWE-416: Use After Free •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2022-25601 – WordPress Contact Form X plugin <= 2.4 - Reflected Cross-Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2022-25601
Reflected Cross-Site Scripting (XSS) vulnerability affecting parameter &tab discovered in Contact Form X WordPress plugin (versions <= 2.4). Se ha detectado vulnerabilidad de tipo Cross-Site Scripting (XSS) Reflejado que afecta al parámetro &tab en el plugin Contact Form X de WordPress (versiones anteriores a 2.4 incluyéndola) • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7CR6VGITIB2TXXZ6B5QRRWPU5S4BXQPD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IJX6NVXSRN3RX3YUVEJQ4WUTQSDL3DSR https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PZQCIZQI267YHVYSFB3CRKNK3F4ASPLK https://patchstack.com/database/vulnerability/contact-form-x/wordpress-contact-form-x-plugin-2-4-authenticated-reflected-cross-site-scripting-xss-vulnerability https://wordpress.org/pl • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.0EPSS: 0%CPEs: 3EXPL: 0CVE-2021-3607
https://notcve.org/view.php?id=CVE-2021-3607
An integer overflow was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest due to improper input validation. This flaw allows a privileged guest user to make QEMU allocate a large amount of memory, resulting in a denial of service. The highest threat from this vulnerability is to system availability. Se encontró un desbordamiento de enteros en la implementación de QEMU del dispositivo RDMA paravirtual de VMWare en versiones anteriores a 6.1.0. • https://bugzilla.redhat.com/show_bug.cgi?id=1973349 https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html https://lists.gnu.org/archive/html/qemu-devel/2021-06/msg07925.html https://security.gentoo.org/glsa/202208-27 https://security.netapp.com/advisory/ntap-20220318-0002 • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.4EPSS: 0%CPEs: 6EXPL: 0CVE-2021-3700
https://notcve.org/view.php?id=CVE-2021-3700
A use-after-free vulnerability was found in usbredir in versions prior to 0.11.0 in the usbredirparser_serialize() in usbredirparser/usbredirparser.c. This issue occurs when serializing large amounts of buffered write data in the case of a slow or blocked destination. Se ha encontrado una vulnerabilidad de uso de memoria previamente liberada en usbredir en versiones anteriores a 0.11.0, en la función usbredirparser_serialize() en el archivo usbredirparser/usbredirparser.c. Este problema es producido cuando son serializados grandes cantidades de datos de escritura en búfer en el caso de un destino lento o bloqueado • https://bugzilla.redhat.com/show_bug.cgi?id=1992830 https://gitlab.freedesktop.org/spice/usbredir/-/commit/03c519ff5831ba https://lists.debian.org/debian-lts-announce/2022/03/msg00030.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-0546
https://notcve.org/view.php?id=CVE-2022-0546
A missing bounds check in the image loader used in Blender 3.x and 2.93.8 leads to out-of-bounds heap access, allowing an attacker to cause denial of service, memory corruption or potentially code execution. Una comprobación de límites ausente en el cargador de imágenes usado en Blender versiones 3.x y 2.93.8, conlleva a un acceso a la pila fuera de límites, permitiendo a un atacante causar una denegación de servicio, corrupción de memoria o potencialmente una ejecución de código • https://developer.blender.org/T94572 https://lists.debian.org/debian-lts-announce/2022/06/msg00021.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GIZADV3AHTWZ2YKEFTVLNK3K4F4KTYLM https://www.debian.org/security/2022/dsa-5176 • CWE-190: Integer Overflow or Wraparound •