CVSS: 5.3EPSS: 0%CPEs: 10EXPL: 0CVE-2021-4189 – python: ftplib should not use the host from the PASV response
https://notcve.org/view.php?id=CVE-2021-4189
28 Mar 2022 — A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible. Se ha encontrado un fallo en Python, concretamente en la bibliote... • https://access.redhat.com/security/cve/CVE-2021-4189 • CWE-252: Unchecked Return Value •
CVSS: 8.2EPSS: 0%CPEs: 71EXPL: 4CVE-2018-25032 – zlib: A flaw found in zlib when compressing (not decompressing) certain inputs
https://notcve.org/view.php?id=CVE-2018-25032
25 Mar 2022 — zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. zlib versiones anteriores a 1.2.12 permite la corrupción de memoria al desinflar (es decir, al comprimir) si la entrada tiene muchas coincidencias distantes An out-of-bounds access flaw was found in zlib, which allows memory corruption when deflating (ex: when compressing) if the input has many distant matches. For some rare inputs with a large number of distant matches (crafted payload... • https://github.com/Trinadh465/external_zlib_4.4_CVE-2018-25032 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-0897 – libvirt: missing locking in nwfilterConnectNumOfNWFilters can lead to denial of service
https://notcve.org/view.php?id=CVE-2022-0897
25 Mar 2022 — A flaw was found in the libvirt nwfilter driver. The virNWFilterObjListNumOfNWFilters method failed to acquire the driver->nwfilters mutex before iterating over virNWFilterObj instances. There was no protection to stop another thread from concurrently modifying the driver->nwfilters object. This flaw allows a malicious, unprivileged user to exploit this issue via libvirt's API virConnectNumOfNWFilters to crash the network filter management daemon (libvirtd/virtnwfilterd). Se ha encontrado un fallo en el con... • https://bugzilla.redhat.com/show_bug.cgi?id=2063883 • CWE-667: Improper Locking •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1CVE-2022-0907 – Debian Security Advisory 5108-1
https://notcve.org/view.php?id=CVE-2022-0907
11 Mar 2022 — Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f2b656e2. Un Valor de Retorno no Comprobado a una Desreferencia de Puntero NULL in tiffcrop in libtiff versión 4.3.0 permite a atacantes causar una denegación de servicio por medio de un archivo tiff diseñado. Para usuarios que compilan libtiff desde las fuentes, la corrección está ... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0907.json • CWE-252: Unchecked Return Value •
CVSS: 7.7EPSS: 0%CPEs: 6EXPL: 1CVE-2022-0908 – tiff: Null source pointer passed as an argument to memcpy in TIFFFetchNormalTag() in tif_dirread.c
https://notcve.org/view.php?id=CVE-2022-0908
11 Mar 2022 — Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file. Un puntero fuente Null pasado como argumento a la función memcpy() dentro de la función TIFFFetchNormalTag () en el archivo tif_dirread.c en libtiff versiones hasta 4.3.0, podría conllevar a una Denegación de Servicio por medio de un archivo TIFF diseñado A flaw was found in LibTIFF where a NULL source pointer pass... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0908.json • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1CVE-2022-0909 – tiff: Divide By Zero error in tiffcrop
https://notcve.org/view.php?id=CVE-2022-0909
11 Mar 2022 — Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f8d0f9aa. Un error de División por cero en tiffcrop en libtiff versión 4.3.0 permite a atacantes causar una denegación de servicio por medio de un archivo tiff diseñado. Para usuarios que compilan libtiff a partir de fuentes, la corrección está disponible con el commit f8d0f9aa A floating-point exception (FPE) f... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0909.json • CWE-369: Divide By Zero •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 1CVE-2022-0924 – libtiff: Out-of-bounds Read error in tiffcp
https://notcve.org/view.php?id=CVE-2022-0924
11 Mar 2022 — Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 408976c4. Un error de Lectura Fuera de límites en tiffcp en libtiff versión 4.3.0, permite a atacantes causar una denegación de servicio por medio de un archivo tiff diseñado. Para usuarios que compilan libtiff a partir de las fuentes, la corrección está disponible con el commit 408976c4 A heap buffer overflow... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0924.json • CWE-125: Out-of-bounds Read •
CVSS: 7.0EPSS: 1%CPEs: 13EXPL: 1CVE-2022-26488
https://notcve.org/view.php?id=CVE-2022-26488
07 Mar 2022 — In Python before 3.10.3 on Windows, local users can gain privileges because the search path is inadequately secured. The installer may allow a local attacker to add user-writable directories to the system search path. To exploit, an administrator must have installed Python for all users and enabled PATH entries. A non-administrative user can trigger a repair that incorrectly adds user-writable paths into PATH, enabling search-path hijacking of other users and system services. This affects Python (CPython) t... • https://github.com/techspence/PyPATHPwner • CWE-426: Untrusted Search Path •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2021-3998 – Ubuntu Security Notice USN-5310-1
https://notcve.org/view.php?id=CVE-2021-3998
02 Mar 2022 — A flaw was found in glibc. The realpath() function can mistakenly return an unexpected value, potentially leading to information leakage and disclosure of sensitive data. Se ha encontrado un fallo en glibc. La función realpath() puede devolver por error un valor no esperado, conllevando potencialmente a un filtrado de información y una divulgación de datos confidenciales. Jan Engelhardt, Tavis Ormandy, and others discovered that the GNU C Library iconv feature incorrectly handled certain input sequences. • https://access.redhat.com/security/cve/CVE-2021-3998 • CWE-125: Out-of-bounds Read CWE-252: Unchecked Return Value •
CVSS: 8.1EPSS: 0%CPEs: 58EXPL: 0CVE-2022-23308 – libxml2: Use-after-free of ID and IDREF attributes
https://notcve.org/view.php?id=CVE-2022-23308
26 Feb 2022 — valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. El archivo valid.c en libxml2 versiones anteriores a 2.9.13, presenta un uso de memoria previamente liberada de los atributos ID e IDREF. A flaw was found in libxml2. A call to the xmlGetID function can return a pointer already freed when parsing an XML document with the XML_PARSE_DTDVALID option and without the XML_PARSE_NOENT option, resulting in a use-after-free issue. Red Hat JBoss Core Services is a set of supplementary s... • http://seclists.org/fulldisclosure/2022/May/33 • CWE-416: Use After Free •