CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-22390
https://notcve.org/view.php?id=CVE-2022-22390
IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an information disclosure caused by improper privilege management when table function is used. IBM X-Force ID: 221973. IBM Db2 para Linux, UNIX y Windows versiones 9.7, 10.1, 10.5, 11.1 y 11.5, puede ser vulnerable a una divulgación de información causada por una administración inapropiada de privilegios cuando es usada la función de tabla. IBM X-Force ID: 221973 • https://exchange.xforce.ibmcloud.com/vulnerabilities/221973 https://security.netapp.com/advisory/ntap-20220729-0007 https://www.ibm.com/support/pages/node/6597993 • CWE-269: Improper Privilege Management •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-22389
https://notcve.org/view.php?id=CVE-2022-22389
IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may terminate abnormally when executing specially crafted SQL statements by an authenticated user. IBM X-Force ID: 2219740. IBM Db2 para Linux, UNIX y Windows versiones 9.7, 10.1, 10.5, 11.1 y 11.5, es vulnerable a una denegación de servicio, ya que el servidor puede terminar de forma anormal cuando son ejecutadas sentencias SQL especialmente diseñadas por un usuario autenticado. IBM X-Force ID: 2219740 • https://exchange.xforce.ibmcloud.com/vulnerabilities/221970 https://security.netapp.com/advisory/ntap-20220729-0007 https://www.ibm.com/support/pages/node/6598047 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 94%CPEs: 4EXPL: 5CVE-2022-30333 – RARLAB UnRAR Directory Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2022-30333
RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. NOTE: WinRAR and Android RAR are unaffected. RARLAB UnRAR versiones hasta 6.12, en Linux y UNIX permite un salto de directorio para escribir en los archivos durante una operación de extracción (también se conoce como desempaquetado), como es demostrado creando un archivo ~/.ssh/authorized_keys. NOTA: WinRAR y Android RAR no están afectados RARLAB UnRAR on Linux and UNIX contains a directory traversal vulnerability, allowing an attacker to write to files during an extract (unpack) operation. • https://github.com/aslitsecurity/Zimbra-CVE-2022-30333 https://github.com/TheL1ghtVn/CVE-2022-30333-PoC https://github.com/J0hnbX/CVE-2022-30333 http://packetstormsecurity.com/files/167989/Zimbra-UnRAR-Path-Traversal.html https://blog.sonarsource.com/zimbra-pre-auth-rce-via-unrar-0day https://lists.debian.org/debian-lts-announce/2023/08/msg00022.html https://security.gentoo.org/glsa/202309-04 https://www.rarlab.com/rar/rarlinux-x32-612.tar.gz https://www.rarlab.com/rar_add.h • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-22772 – TIBCO Managed File Transfer Platform Server Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-22772
The cfsend, cfrecv, and CyberResp components of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for UNIX and TIBCO Managed File Transfer Platform Server for z/Linux contain a difficult to exploit Remote Code Execution (RCE) vulnerability that allows a low privileged attacker with network access to execute arbitrary code on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for UNIX: versions 8.1.0 and below and TIBCO Managed File Transfer Platform Server for z/Linux: versions 8.1.0 and below. Los componentes cfsend, cfrecv y CyberResp de TIBCO Software Inc.' • https://www.tibco.com/services/support/advisories https://www.tibco.com/support/advisories/2022/03/tibco-security-advisory-march-30-2022-tibco-managed-file-transfer-2022-22772 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-25255 – qt: QProcess could execute a binary from the current working directory when not found in the PATH
https://notcve.org/view.php?id=CVE-2022-25255
In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH. En Qt versiones 5.9.x hasta 5.15.x anteriores a 5.15.9 y versiones 6.x anteriores a 6.2.4 en Linux y UNIX, QProcess podía ejecutar un binario del directorio de trabajo actual cuando no era encontrado en el PATH A flaw was found in qt. The vulnerability occurs due to executing binaries from the current directory when the loading path failed, leading to an uncontrolled path element vulnerability. This flaw allows an attacker to execute malicious executables. • https://codereview.qt-project.org/c/qt/qtbase/+/393113 https://codereview.qt-project.org/c/qt/qtbase/+/394914 https://codereview.qt-project.org/c/qt/qtbase/+/396020 https://download.qt.io/official_releases/qt/5.15/qprocess5-15.diff https://download.qt.io/official_releases/qt/6.2/qprocess6-2.diff https://access.redhat.com/security/cve/CVE-2022-25255 https://bugzilla.redhat.com/show_bug.cgi?id=2055505 • CWE-427: Uncontrolled Search Path Element •