Page 32 of 1478 results (0.007 seconds)

CVSS: 10.0EPSS: 4%CPEs: 5EXPL: 3

CVE-2022-23221 – h2: Loading of custom classes from remote servers through JNDI

https://notcve.org/view.php?id=CVE-2022-23221

H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392. H2 Console versiones anteriores a 2.1.210, permite a atacantes remotos ejecutar código arbitrario por medio de una URL jdbc:h2:mem JDBC que contenga la subcadena IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT, una vulnerabilidad diferente a CVE-2021-42392 A flaw was found in the H2 Console. This flaw allows remote attackers to execute arbitrary code via a JDBC URL, concatenating with a substring that allows remote code execution by using a script. The H2 Database console suffers from an unauthenticated remote code execution vulnerability. • http://packetstormsecurity.com/files/165676/H2-Database-Console-Remote-Code-Execution.html http://seclists.org/fulldisclosure/2022/Jan/39 https://github.com/h2database/h2database/releases/tag/version-2.1.210 https://github.com/h2database/h2database/security/advisories https://lists.debian.org/debian-lts-announce/2022/02/msg00017.html https://security.netapp.com/advisory/ntap-20230818-0011 https://twitter.com/d0nkey_man/status/1483824727936450564 https://www.debian.org/security/2022/dsa-5076 https:&# • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') CWE-502: Deserialization of Untrusted Data •

CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1

CVE-2022-0261 – Heap-based Buffer Overflow in vim/vim

https://notcve.org/view.php?id=CVE-2022-0261

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. Un Desbordamiento de Búfer en la región Heap de la memoria en el repositorio GitHub vim/vim versiones anteriores a 8.2 A heap based out-of-bounds write flaw was found in vim's ops.c. This flaw allows an attacker to trick a user to open a crafted file triggering an out-of-bounds write. This vulnerability is capable of crashing software, modify memory, and possible code execution. • http://seclists.org/fulldisclosure/2022/Oct/28 http://seclists.org/fulldisclosure/2022/Oct/41 http://seclists.org/fulldisclosure/2022/Oct/43 https://github.com/vim/vim/commit/9f8c304c8a390ade133bac29963dc8e56ab14cbc https://huntr.dev/bounties/fa795954-8775-4f23-98c6-d4d4d3fe8a82 https://lists.debian.org/debian-lts-announce/2022/05/msg00022.html https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html https://security.gentoo.org/glsa/202208-32 https://support.apple.com/kb/HT213444&# • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 1

CVE-2022-0213 – Heap-based Buffer Overflow in vim/vim

https://notcve.org/view.php?id=CVE-2022-0213

vim is vulnerable to Heap-based Buffer Overflow vim es vulnerable al desbordamiento del búfer en la región Heap de la memoria • http://www.openwall.com/lists/oss-security/2022/01/15/1 https://github.com/vim/vim/commit/de05bb25733c3319e18dca44e9b59c6ee389eb26 https://huntr.dev/bounties/f3afe1a5-e6f8-4579-b68a-6e5c7e39afed https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html https://security.gentoo.org/glsa/202208-32 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 1

CVE-2022-20698 – Clam AntiVirus (ClamAV) Denial of Service Vulnerability

https://notcve.org/view.php?id=CVE-2022-20698

A vulnerability in the OOXML parsing module in Clam AntiVirus (ClamAV) Software version 0.104.1 and LTS version 0.103.4 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper checks that may result in an invalid pointer read. An attacker could exploit this vulnerability by sending a crafted OOXML file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition. Una vulnerabilidad en el módulo de análisis de OOXML en el software Clam AntiVirus (ClamAV) versión 0.104.1 y LTS versiones 0.103.4 y anteriores, podría permitir a un atacante remoto no autenticado causar una condición de denegación de servicio en un dispositivo afectado. • https://blog.clamav.net/2022/01/clamav-01035-and-01042-security-patch.html https://security.gentoo.org/glsa/202310-01 • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read •

CVSS: 7.7EPSS: 0%CPEs: 8EXPL: 0

CVE-2022-21682 – flatpak-builder can access files outside the build directory.

https://notcve.org/view.php?id=CVE-2022-21682

Flatpak is a Linux application sandboxing and distribution framework. A path traversal vulnerability affects versions of Flatpak prior to 1.12.3 and 1.10.6. flatpak-builder applies `finish-args` last in the build. At this point the build directory will have the full access that is specified in the manifest, so running `flatpak build` against it will gain those permissions. Normally this will not be done, so this is not problem. However, if `--mirror-screenshots-url` is specified, then flatpak-builder will launch `flatpak build --nofilesystem=host appstream-utils mirror-screenshots` after finalization, which can lead to issues even with the `--nofilesystem=host` protection. • https://github.com/flatpak/flatpak/commit/445bddeee657fdc8d2a0a1f0de12975400d4fc1a https://github.com/flatpak/flatpak/commit/4d11f77aa7fd3e64cfa80af89d92567ab9e8e6fa https://github.com/flatpak/flatpak/security/advisories/GHSA-8ch7-5j3h-g4fx https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APFTBYGJJVJPFVHRXUW5PII5XOAFI4KH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IXKBERLJRYV7KXKGXOLI6IOXVBQNN4DP https://security.gentoo.org/glsa/202312-12 https://www.debian • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •