Page 39 of 4121 results (0.008 seconds)

CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 0

CVE-2022-0730

https://notcve.org/view.php?id=CVE-2022-0730

Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types. Bajo determinadas condiciones de ldap, la autenticación de Cacti puede ser omitida con determinados tipos de credenciales • https://github.com/Cacti/cacti/issues/4562 https://lists.debian.org/debian-lts-announce/2022/03/msg00038.html https://lists.debian.org/debian-lts-announce/2022/12/msg00039.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RVOALVZSCBFNOAAZVHTJFSFB7UDSNYQ2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZH67CCORDEYFG7NL7G6UH47PAV2PU7BA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZJERS4NYIGJ • CWE-287: Improper Authentication •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1

CVE-2022-0577 – Exposure of Sensitive Information to an Unauthorized Actor in scrapy/scrapy

https://notcve.org/view.php?id=CVE-2022-0577

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository scrapy/scrapy prior to 2.6.1. Una Exposición de Información Confidencial a un Actor no Autorizado en el repositorio de GitHub scrapy/scrapy versiones anteriores a 2.6.1 • https://github.com/scrapy/scrapy/commit/8ce01b3b76d4634f55067d6cfdf632ec70ba304a https://huntr.dev/bounties/3da527b1-2348-4f69-9e88-2e11a96ac585 https://lists.debian.org/debian-lts-announce/2022/03/msg00021.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-863: Incorrect Authorization •

CVSS: 8.1EPSS: 0%CPEs: 58EXPL: 0

CVE-2022-23308 – libxml2: Use-after-free of ID and IDREF attributes

https://notcve.org/view.php?id=CVE-2022-23308

valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. El archivo valid.c en libxml2 versiones anteriores a 2.9.13, presenta un uso de memoria previamente liberada de los atributos ID e IDREF. A flaw was found in libxml2. A call to the xmlGetID function can return a pointer already freed when parsing an XML document with the XML_PARSE_DTDVALID option and without the XML_PARSE_NOENT option, resulting in a use-after-free issue. • http://seclists.org/fulldisclosure/2022/May/33 http://seclists.org/fulldisclosure/2022/May/34 http://seclists.org/fulldisclosure/2022/May/35 http://seclists.org/fulldisclosure/2022/May/36 http://seclists.org/fulldisclosure/2022/May/37 http://seclists.org/fulldisclosure/2022/May/38 https://github.com/GNOME/libxml2/commit/652dd12a858989b14eed4e84e453059cd3ba340e https://gitlab.gnome.org/GNOME/libxml2/-/blob/v2.9.13/NEWS https://lists.debian.org/debian-lts-announce/2022/04/msg00004. • CWE-416: Use After Free •

CVSS: 6.4EPSS: 0%CPEs: 6EXPL: 0

CVE-2021-3700

https://notcve.org/view.php?id=CVE-2021-3700

A use-after-free vulnerability was found in usbredir in versions prior to 0.11.0 in the usbredirparser_serialize() in usbredirparser/usbredirparser.c. This issue occurs when serializing large amounts of buffered write data in the case of a slow or blocked destination. Se ha encontrado una vulnerabilidad de uso de memoria previamente liberada en usbredir en versiones anteriores a 0.11.0, en la función usbredirparser_serialize() en el archivo usbredirparser/usbredirparser.c. Este problema es producido cuando son serializados grandes cantidades de datos de escritura en búfer en el caso de un destino lento o bloqueado • https://bugzilla.redhat.com/show_bug.cgi?id=1992830 https://gitlab.freedesktop.org/spice/usbredir/-/commit/03c519ff5831ba https://lists.debian.org/debian-lts-announce/2022/03/msg00030.html • CWE-416: Use After Free •

CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0

CVE-2022-0546

https://notcve.org/view.php?id=CVE-2022-0546

A missing bounds check in the image loader used in Blender 3.x and 2.93.8 leads to out-of-bounds heap access, allowing an attacker to cause denial of service, memory corruption or potentially code execution. Una comprobación de límites ausente en el cargador de imágenes usado en Blender versiones 3.x y 2.93.8, conlleva a un acceso a la pila fuera de límites, permitiendo a un atacante causar una denegación de servicio, corrupción de memoria o potencialmente una ejecución de código • https://developer.blender.org/T94572 https://lists.debian.org/debian-lts-announce/2022/06/msg00021.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GIZADV3AHTWZ2YKEFTVLNK3K4F4KTYLM https://www.debian.org/security/2022/dsa-5176 • CWE-190: Integer Overflow or Wraparound •