Page 4 of 6783 results (0.011 seconds)

CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0

CVE-2022-26491

https://notcve.org/view.php?id=CVE-2022-26491

An issue was discovered in Pidgin before 2.14.9. A remote attacker who can spoof DNS responses can redirect a client connection to a malicious server. The client will perform TLS certificate verification of the malicious domain name instead of the original XMPP service domain, allowing the attacker to take over control over the XMPP connection and to obtain user credentials and all communication content. This is similar to CVE-2022-24968. Se ha detectado un problema en Pidgin versiones anteriores a 2.14.9. • https://developer.pidgin.im/wiki/FullChangeLog https://github.com/xsf/xeps/pull/1158 https://keep.imfreedom.org/pidgin/pidgin/rev/13cdb7956bdc https://lists.debian.org/debian-lts-announce/2022/06/msg00005.html https://mail.jabber.org/pipermail/standards/2022-February/038759.html https://pidgin.im/about/security/advisories/cve-2022-26491 • CWE-295: Improper Certificate Validation •

CVSS: 9.8EPSS: 1%CPEs: 6EXPL: 0

CVE-2022-31799

https://notcve.org/view.php?id=CVE-2022-31799

Bottle before 0.12.20 mishandles errors during early request binding. Bottle versiones anteriores a 0.12.20, maneja inapropiadamente los errores durante la vinculación temprana de peticiones • https://github.com/bottlepy/bottle/commit/a2b0ee6bb4ce88895429ec4aca856616244c4c4c https://github.com/bottlepy/bottle/commit/e140e1b54da721a660f2eb9d58a106b7b3ff2f00 https://github.com/bottlepy/bottle/compare/0.12.19...0.12.20 https://lists.debian.org/debian-lts-announce/2022/06/msg00010.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IE7U6J45PUEXIYYVWJKPM6QXIRKDK4HD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KTLOQGMDZEPIYTFC2G53OQV2ULCGYS3F • CWE-755: Improper Handling of Exceptional Conditions •

CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 1

CVE-2022-1898 – Use After Free in vim/vim

https://notcve.org/view.php?id=CVE-2022-1898

Use After Free in GitHub repository vim/vim prior to 8.2. Un Uso de Memoria Previamente Liberada en el repositorio de GitHub vim/vim versiones anteriores a 8.2 • http://seclists.org/fulldisclosure/2022/Oct/28 http://seclists.org/fulldisclosure/2022/Oct/41 https://github.com/vim/vim/commit/e2fa213cf571041dbd04ab0329303ffdc980678a https://huntr.dev/bounties/45aad635-c2f1-47ca-a4f9-db5b25979cea https://lists.debian.org/debian-lts-announce/2022/06/msg00014.html https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OZSLFIKFYU5Y2KM5EJKQNYHWRUBDQ4GJ https://lists.fedoraproject& • CWE-416: Use After Free •

CVSS: 7.2EPSS: 0%CPEs: 24EXPL: 0

CVE-2022-26691 – cups: authorization bypass when using "local" authorization

https://notcve.org/view.php?id=CVE-2022-26691

A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to gain elevated privileges. Se abordó un problema de lógica con una administración de estados mejorada. Este problema es corregido en Security Update 2022-003 Catalina, macOS Monterey versión 12.3, macOS Big Sur versión 11.6.5. • https://github.com/OpenPrinting/cups/commit/de4f8c196106033e4c372dce3e91b9d42b0b9444 https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0026/MNDT-2022-0026.md https://lists.debian.org/debian-lts-announce/2022/05/msg00039.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQ6TD7F3VRITPEHFDHZHK7MU6FEBMZ5U https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YQRIT4H75XV6M42K7ZTARWZ7YLLYQHPO https://support.apple.com/en-us/H • CWE-288: Authentication Bypass Using an Alternate Path or Channel CWE-697: Incorrect Comparison •

CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0

CVE-2022-1664 – directory traversal for in-place extracts with untrusted v2 and v3 source packages with debian.tar

https://notcve.org/view.php?id=CVE-2022-1664

Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs. La función Dpkg::Source::Archive en dpkg, el sistema de administración de paquetes de Debian, versiones anteriores a 1.21.8, 1.20.10, 1.19.8, 1.18.26, es propenso a una vulnerabilidad de salto de directorio. Cuando son extraídos paquetes fuente no confiables en formatos de paquetes fuente v2 y v3 que incluyen un debian.tar, la extracción en el lugar puede conllevar a situaciones de salto de directorio en los tarballs orig.tar y debian.tar especialmente diseñados • https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=1f23dddc17f69c9598477098c7fb9936e15fa495 https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=58814cacee39c4ce9e2cd0e3a3b9b57ad437eff5 https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=7a6c03cb34d4a09f35df2f10779cbf1b70a5200b https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=faa4c92debe45412bfcf8a44f26e827800bb24be https://lists.debian.org/debian-lts-announce/2022/05/msg00033.html https://lists.debian.org/debian-security-announce/2022/msg00115.html https://security • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •