CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1CVE-2021-32434
https://notcve.org/view.php?id=CVE-2021-32434
abcm2ps v8.14.11 was discovered to contain an out-of-bounds read in the function calculate_beam at draw.c. Se ha detectado que abcm2ps versión v8.14.11, contiene una lectura fuera de límites en la función calculate_beam en el archivo draw.c • https://github.com/leesavide/abcm2ps/commit/2f56e1179cab6affeb8afa9d6c324008fe40d8e3 https://github.com/leesavide/abcm2ps/issues/83 https://lists.debian.org/debian-lts-announce/2022/04/msg00015.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6333SXWMES3K22DBAOAW34G6EU6WIJEY https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EVGJH4HMXI3TWMHQJQCG3M7KSXJWJM7R https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTF4F • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-26846
https://notcve.org/view.php?id=CVE-2022-26846
SPIP before 3.2.14 and 4.x before 4.0.5 allows remote authenticated editors to execute arbitrary code. SPIP versiones anteriores a 3.2.14 y versiones 4.x anteriores a 4.0.5, permite a editores remotos autenticados ejecutar código arbitrario • https://blog.spip.net/Mise-a-jour-critique-de-securite-sorties-de-SPIP-4-0-5-et-SPIP-3-2-14.html https://git.spip.net/spip/medias/commit/3014b845da2dd8ad15ff04b50fd9dbba388a9ca2 https://lists.debian.org/debian-lts-announce/2022/03/msg00020.html https://lists.debian.org/debian-security-announce/2022/msg00060.html •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2022-26847
https://notcve.org/view.php?id=CVE-2022-26847
SPIP before 3.2.14 and 4.x before 4.0.5 allows unauthenticated access to information about editorial objects. SPIP versiones anteriores a 3.2.14 y versiones 4.x anteriores a 4.0.5, permite el acceso no autenticado a información sobre objetos editoriales • https://blog.spip.net/Mise-a-jour-critique-de-securite-sorties-de-SPIP-4-0-5-et-SPIP-3-2-14.html https://git.spip.net/spip/medias/commit/3014b845da2dd8ad15ff04b50fd9dbba388a9ca2 https://lists.debian.org/debian-lts-announce/2022/03/msg00020.html https://lists.debian.org/debian-security-announce/2022/msg00060.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.4EPSS: 0%CPEs: 8EXPL: 0CVE-2022-24919 – Reflected XSS in graph configuration window of Zabbix Frontend
https://notcve.org/view.php?id=CVE-2022-24919
An authenticated user can create a link with reflected Javascript code inside it for graphs’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim during social engineering attacks. Un usuario autenticado puede crear un enlace con código Javascript reflejado en su interior para la página de los gráficos y enviarlo a otros usuarios. La carga útil sólo puede ejecutarse con un valor de token CSRF conocido de la víctima, que se cambia periódicamente y es difícil de predecir. • https://lists.debian.org/debian-lts-announce/2022/04/msg00011.html https://lists.debian.org/debian-lts-announce/2023/04/msg00013.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2V4N22R3QVTYAJMWFK2U2O6QXAZYM35Z https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QWP6UBFA5T6MOQPY2VDUG5YAJBFPYRFF https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SWDZONUHDYKBXTAIAGHSYQDEGORD2QT7 https://support.zabbix.com/brows • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.4EPSS: 0%CPEs: 8EXPL: 0CVE-2022-24917 – Reflected XSS in service configuration window of Zabbix Frontend
https://notcve.org/view.php?id=CVE-2022-24917
An authenticated user can create a link with reflected Javascript code inside it for services’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim during social engineering attacks. Un usuario autenticado puede crear un enlace con código Javascript reflejado en su interior para la página de servicios y enviarlo a otros usuarios. La carga útil sólo puede ejecutarse con un valor de token CSRF conocido de la víctima, que se cambia periódicamente y es difícil de predecir. • https://lists.debian.org/debian-lts-announce/2022/04/msg00011.html https://lists.debian.org/debian-lts-announce/2023/04/msg00013.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2V4N22R3QVTYAJMWFK2U2O6QXAZYM35Z https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QWP6UBFA5T6MOQPY2VDUG5YAJBFPYRFF https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SWDZONUHDYKBXTAIAGHSYQDEGORD2QT7 https://support.zabbix.com/brows • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •