CVSS: 7.4EPSS: 0%CPEs: 28EXPL: 2CVE-2022-29824 – libxml2: integer overflows in xmlBuf and xmlBuffer lead to out-of-bounds write
https://notcve.org/view.php?id=CVE-2022-29824
In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well. En libxml2 versiones anteriores a 2.9.14, varias funciones de manejo de búferes en buf.c (xmlBuf*) y tree.c (xmlBuffer*) no comprueban los desbordamientos de enteros. • http://packetstormsecurity.com/files/167345/libxml2-xmlBufAdd-Heap-Buffer-Overflow.html http://packetstormsecurity.com/files/169825/libxml2-xmlParseNameComplex-Integer-Overflow.html https://gitlab.gnome.org/GNOME/libxml2/-/commit/2554a2408e09f13652049e5ffb0d26196b02ebab https://gitlab.gnome.org/GNOME/libxml2/-/commit/6c283d83eccd940bcde15634ac8c7f100e3caefd https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.9.14 https://gitlab.gnome.org/GNOME/libxslt/-/tags https://lists.debian.org/debian-lts-announce/2022/05/msg0 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 7.7EPSS: 0%CPEs: 14EXPL: 0CVE-2022-25647 – Deserialization of Untrusted Data
https://notcve.org/view.php?id=CVE-2022-25647
The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks. El paquete com.google.code.gson:gson versiones anteriores a 2.8.9, son vulnerables a una Deserialización de Datos No Confiables por medio del método writeReplace() en clases internas, lo cual puede conllevar a ataques DoS A flaw was found in gson, which is vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes. This issue may lead to availability attacks. • https://github.com/google/gson/pull/1991 https://github.com/google/gson/pull/1991/commits https://lists.debian.org/debian-lts-announce/2022/05/msg00015.html https://lists.debian.org/debian-lts-announce/2022/09/msg00009.html https://security.netapp.com/advisory/ntap-20220901-0009 https://snyk.io/vuln/SNYK-JAVA-COMGOOGLECODEGSON-1730327 https://www.debian.org/security/2022/dsa-5227 https://www.oracle.com/security-alerts/cpujul2022.html https://access.redhat.com/security/cve/CVE& • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 1CVE-2022-24891 – Cross-site Scripting in org.owasp.esapi:esapi -- antisamy-esapi.xml configuration file
https://notcve.org/view.php?id=CVE-2022-24891
ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0.0, there is a potential for a cross-site scripting vulnerability in ESAPI caused by a incorrect regular expression for "onsiteURL" in the **antisamy-esapi.xml** configuration file that can cause "javascript:" URLs to fail to be correctly sanitized. This issue is patched in ESAPI 2.3.0.0. As a workaround, manually edit the **antisamy-esapi.xml** configuration files to change the "onsiteURL" regular expression. More information about remediation of the vulnerability, including the workaround, is available in the maintainers' release notes and security bulletin. • https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/ESAPI-security-bulletin8.pdf https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/esapi4java-core-2.3.0.0-release-notes.txt https://github.com/ESAPI/esapi-java-legacy/security/advisories/GHSA-q77q-vx4q-xx6q https://security.netapp.com/advisory/ntap-20230127-0014 https://www.oracle.com/security-alerts/cpujul2022.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 1CVE-2022-23457 – Path Traversal in ESAPI
https://notcve.org/view.php?id=CVE-2022-23457
ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0.0, the default implementation of `Validator.getValidDirectoryPath(String, String, File, boolean)` may incorrectly treat the tested input string as a child of the specified parent directory. This potentially could allow control-flow bypass checks to be defeated if an attack can specify the entire string representing the 'input' path. This vulnerability is patched in release 2.3.0.0 of ESAPI. As a workaround, it is possible to write one's own implementation of the Validator interface. • https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/esapi4java-core-2.3.0.0-release-notes.txt https://github.com/ESAPI/esapi-java-legacy/security/advisories/GHSA-8m5h-hrqm-pxm2 https://security.netapp.com/advisory/ntap-20230127-0014 https://securitylab.github.com/advisories/GHSL-2022-008_The_OWASP_Enterprise_Security_API https://www.oracle.com/security-alerts/cpujul2022.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.3EPSS: 0%CPEs: 31EXPL: 0CVE-2022-21496 – OpenJDK: URI parsing inconsistencies (JNDI, 8278972)
https://notcve.org/view.php?id=CVE-2022-21496
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. • https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html https://security.netapp.com/advisory/ntap-20220429-0006 https://security.netapp.com/advisory/ntap-20240621-0006 https://www.debian.org/security/2022/dsa-5128 https://www.debian.org/security/2022/dsa-5131 https://www.oracle.com/security-alerts/cpuapr2022.html https://access.redhat.com/security/cve/CVE-2022-21496 https://bugzilla.redhat.com/show_bug.cgi?id=2075849 • CWE-1173: Improper Use of Validation Framework •