CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 1CVE-2022-0157 – Cross-site Scripting (XSS) - Stored in phoronix-test-suite/phoronix-test-suite
https://notcve.org/view.php?id=CVE-2022-0157
phoronix-test-suite is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') phoronix-test-suite es vulnerable a una Neutralización Inapropiada de Entradas durante la Generación de Páginas Web ("Cross-site Scripting") • https://github.com/phoronix-test-suite/phoronix-test-suite/commit/56fd0a3b69fb33c1c90a6017ed735889aaa59486 https://huntr.dev/bounties/2c0fe81b-0977-4e1e-b5d8-7646c9a7ebbd https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/57V2CSFU5MKWKL6RJUKMXSD4PCRFTMMQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BU7E6OOZCXS3ZWHOQ2AR7MKM56IN2R6R • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 1CVE-2022-0158 – Heap-based Buffer Overflow in vim/vim
https://notcve.org/view.php?id=CVE-2022-0158
vim is vulnerable to Heap-based Buffer Overflow vim es vulnerable a un Desbordamiento del Búfer en la región Heap de la Memoria • http://seclists.org/fulldisclosure/2022/Jul/13 http://seclists.org/fulldisclosure/2022/Mar/29 http://www.openwall.com/lists/oss-security/2022/01/15/1 https://github.com/vim/vim/commit/5f25c3855071bd7e26255c68bf458b1b5cf92f39 https://huntr.dev/bounties/ac5d7005-07c6-4a0a-b251-ba9cdbf6738b https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HD5S2FC2HF22A7XQXK2X • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 2CVE-2021-46141
https://notcve.org/view.php?id=CVE-2021-46141
An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriFreeUriMembers and uriMakeOwner. Se ha detectado un problema en uriparser versiones anteriores a 0.9.6. Lleva a cabo operaciones inválidas en uriFreeUriMembers y uriMakeOwner. • https://blog.hartwork.org/posts/uriparser-096-with-security-fixes-released https://github.com/uriparser/uriparser/issues/121 https://github.com/uriparser/uriparser/pull/124 https://lists.debian.org/debian-lts-announce/2022/01/msg00029.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MO6T7WA27H7K3WI2AXUAGPWBGK4HM65D https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YGIJTDNEMU2V4H3JJBQVKBRHU5GBQKG2 https://www.debian.org/security/2022 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 2CVE-2021-46142
https://notcve.org/view.php?id=CVE-2021-46142
An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriNormalizeSyntax. Se ha detectado un problema en uriparser versiones anteriores a 0.9.6. Lleva a cabo operaciones libres no válidas en uriNormalizeSyntax. • https://blog.hartwork.org/posts/uriparser-096-with-security-fixes-released https://github.com/uriparser/uriparser/issues/122 https://github.com/uriparser/uriparser/pull/124 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MO6T7WA27H7K3WI2AXUAGPWBGK4HM65D https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YGIJTDNEMU2V4H3JJBQVKBRHU5GBQKG2 https://www.debian.org/security/2022/dsa-5063 • CWE-416: Use After Free •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 1CVE-2022-21663 – Authenticated Object Injection in Multisites in WordPress
https://notcve.org/view.php?id=CVE-2022-21663
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. On a multisite, users with Super Admin role can bypass explicit/additional hardening under certain conditions through object injection. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. • https://blog.sonarsource.com/wordpress-object-injection-vulnerability https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-jmmq-m8p8-332h https://lists.debian.org/debian-lts-announce/2022/01/msg00019.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV4UNEC63UU5GEU47IIR4RMTZAHNEOJG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DM6XPH3JN6V4NF4WBOJTOXZIVE6VKKE3 https://wordpress.org/news/2022/01/wordpress-5-8-3-security- • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-502: Deserialization of Untrusted Data •