CVSS: 9.8EPSS: 0%CPEs: 9EXPL: 0CVE-2021-38945
https://notcve.org/view.php?id=CVE-2021-38945
IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 could allow a remote attacker to upload arbitrary files, caused by improper content validation. IBM X-Force ID: 211238. IBM Cognos Analytics versiones 11.2.1, 11.2.0 y 11.1.7, podrían permitir a un atacante remoto cargar archivos arbitrarios, causados por una incorrecta comprobación del contenido. IBM X-Force ID: 211238 • https://exchange.xforce.ibmcloud.com/vulnerabilities/211238 https://security.netapp.com/advisory/ntap-20220729-0002 https://www.ibm.com/support/pages/node/6597241 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2021-29768
https://notcve.org/view.php?id=CVE-2021-29768
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a low level user to obtain sensitive information from the details of the 'Cloud Storage' page for which they should not have access. IBM X-Force ID: 202682. IBM Cognos Analytics versiones 11.1.7, 11.2.0 y 11.2.1, podría permitir a un usuario de bajo nivel obtener información confidencial de los detalles de la página "Cloud Storage" a la que no debería tener acceso. IBM X-Force ID: 202682 • https://exchange.xforce.ibmcloud.com/vulnerabilities/202682 https://security.netapp.com/advisory/ntap-20220729-0002 https://www.ibm.com/support/pages/node/6597241 •
CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 0CVE-2022-1319 – undertow: Double AJP response for 400 from EAP 7 results in CPING failures
https://notcve.org/view.php?id=CVE-2022-1319
A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG. Se ha encontrado un fallo en Undertow. Para una respuesta AJP 400, EAP 7 envía inapropiadamente el flag de reúso habilitado aunque JBoss EAP cierra la conexión. es producido un fallo cuando la conexión es reusada después de un 400 por CPING ya que lee en el segundo paquete de respuesta SEND_HEADERS en lugar de un CPONG • https://access.redhat.com/security/cve/CVE-2022-1319 https://bugzilla.redhat.com/show_bug.cgi?id=2073890 https://github.com/undertow-io/undertow/commit/1443a1a2bbb8e32e56788109d8285db250d55c8b https://github.com/undertow-io/undertow/commit/7c5b3ab885b5638fd3f1e8a935d5063d68aa2df3 https://issues.redhat.com/browse/UNDERTOW-2060 https://security.netapp.com/advisory/ntap-20221014-0006 • CWE-252: Unchecked Return Value •
CVSS: 8.1EPSS: 0%CPEs: 23EXPL: 1CVE-2022-27778
https://notcve.org/view.php?id=CVE-2022-27778
A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`. Una vulnerabilidad en el uso de nombres resueltos incorrectamente, corregida en versión 7.83.1, podía eliminar el archivo equivocado cuando es usado "--no-clobber" junto con "--remove-on-error" • https://hackerone.com/reports/1553598 https://security.netapp.com/advisory/ntap-20220609-0009 https://security.netapp.com/advisory/ntap-20220729-0004 https://www.oracle.com/security-alerts/cpujul2022.html • CWE-706: Use of Incorrectly-Resolved Name or Reference •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 1CVE-2022-22971 – springframework: DoS with STOMP over WebSocket
https://notcve.org/view.php?id=CVE-2022-22971
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user. En spring framework versiones anteriores a 5.3.20+ , 5.2.22+ y las versiones antiguas no soportadas, la aplicación con un endpoint STOMP sobre WebSocket es vulnerable a un ataque de denegación de servicio por parte de un usuario autenticado A flaw was found in Spring Framework Applications. Applications that use STOMP over the WebSocket endpoint are vulnerable to a denial of service attack caused by an authenticated user. • https://github.com/tchize/CVE-2022-22971 https://security.netapp.com/advisory/ntap-20220616-0003 https://tanzu.vmware.com/security/cve-2022-22971 https://www.oracle.com/security-alerts/cpujul2022.html https://access.redhat.com/security/cve/CVE-2022-22971 https://bugzilla.redhat.com/show_bug.cgi?id=2087274 • CWE-770: Allocation of Resources Without Limits or Throttling •