CVSS: 8.1EPSS: 0%CPEs: 20EXPL: 1CVE-2022-22576 – curl: OAUTH2 bearer bypass in connection re-use
https://notcve.org/view.php?id=CVE-2022-22576
29 Apr 2022 — An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only). Se presenta una vulnerabilidad de autenticación inapropiada en curl versiones 7.33.0 hasta 7.82.0 incluyéndola, que podría permitir reúso de conexiones aute... • https://hackerone.com/reports/1526328 • CWE-287: Improper Authentication CWE-295: Improper Certificate Validation CWE-306: Missing Authentication for Critical Function •
CVSS: 7.5EPSS: 6%CPEs: 32EXPL: 8CVE-2022-0778 – Infinite loop in BN_mod_sqrt() reachable when parsing certificates
https://notcve.org/view.php?id=CVE-2022-0778
15 Mar 2022 — The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of ... • https://packetstorm.news/files/id/167344 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 8.1EPSS: 0%CPEs: 58EXPL: 0CVE-2022-23308 – libxml2: Use-after-free of ID and IDREF attributes
https://notcve.org/view.php?id=CVE-2022-23308
26 Feb 2022 — valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. El archivo valid.c en libxml2 versiones anteriores a 2.9.13, presenta un uso de memoria previamente liberada de los atributos ID e IDREF. A flaw was found in libxml2. A call to the xmlGetID function can return a pointer already freed when parsing an XML document with the XML_PARSE_DTDVALID option and without the XML_PARSE_NOENT option, resulting in a use-after-free issue. Red Hat JBoss Core Services is a set of supplementary s... • http://seclists.org/fulldisclosure/2022/May/33 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 755EXPL: 0CVE-2021-0127 – Gentoo Linux Security Advisory 202402-22
https://notcve.org/view.php?id=CVE-2021-0127
09 Feb 2022 — Insufficient control flow management in some Intel(R) Processors may allow an authenticated user to potentially enable a denial of service via local access. Una administración no suficiente del flujo de control en algunos procesadores Intel(R) puede permitir a un usuario autenticado habilitar potencialmente una denegación de servicio por acceso local It was discovered that some Intel processors did not implement sufficient control flow management. A local attacker could use this to cause a denial of service... • https://security.netapp.com/advisory/ntap-20220210-0008 •
CVSS: 9.8EPSS: 1%CPEs: 8EXPL: 1CVE-2022-23852 – expat: Integer overflow in function XML_GetBuffer
https://notcve.org/view.php?id=CVE-2022-23852
24 Jan 2022 — Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES. Expat (también se conoce como libexpat) versiones anteriores a 2.4.4, presenta un desbordamiento de enteros con signo en la función XML_GetBuffer, para configuraciones con un XML_CONTEXT_BYTES no nulo expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can ... • https://github.com/Satheesh575555/external_expat_AOSP10_r33_CVE-2022-23852 • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.1EPSS: 4%CPEs: 11EXPL: 2CVE-2021-46143 – expat: Integer overflow in doProlog in xmlparse.c
https://notcve.org/view.php?id=CVE-2021-46143
06 Jan 2022 — In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize. En la función doProlog en el archivo xmlparse.c en Expat (también se conoce como libexpat) versiones anteriores a 2.4.3, se presenta un desbordamiento de enteros para m_groupSize. expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. ... • https://github.com/nanopathi/external_expat_AOSP10_r33_CVE-2021-46143 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.3EPSS: 0%CPEs: 7EXPL: 1CVE-2021-21707 – Special characters break path parsing in XML functions
https://notcve.org/view.php?id=CVE-2021-21707
29 Nov 2021 — In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the filename, thus interpreting the filename differently from what the user intended, which may lead it to reading a different file than intended. En PHP versiones 7.3.x anteriores a 7.3.33, 7.4.x anteriores a 7.4.26 y 8.... • https://bugs.php.net/bug.php?id=79971 • CWE-20: Improper Input Validation CWE-159: Improper Handling of Invalid Use of Special Elements •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 1CVE-2021-21703 – PHP-FPM memory access in root process leading to privilege escalation
https://notcve.org/view.php?id=CVE-2021-21703
25 Oct 2021 — In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the child processes to access memory shared with the main process and write to it, modifying it in a way that would cause the root process to conduct invalid memory reads and writes, which can be used to escalate privileges from local unprivileged user to the root us... • http://www.openwall.com/lists/oss-security/2021/10/26/7 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-284: Improper Access Control CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 31EXPL: 0CVE-2021-27001
https://notcve.org/view.php?id=CVE-2021-27001
19 Oct 2021 — Clustered Data ONTAP versions 9.x prior to 9.5P18, 9.6P16, 9.7P16, 9.8P7 and 9.9.1P2 are susceptible to a vulnerability which could allow an authenticated privileged local attacker to arbitrarily modify Compliance-mode WORM data prior to the end of the retention period. Clustered Data ONTAP versiones 9.x anteriores a 9.5P18, 9.6P16, 9.7P16, 9.8P7 y 9.9.1P2, son susceptibles de una vulnerabilidad que podría permitir a un atacante local privilegiado y autenticado modificar arbitrariamente los datos WORM en mo... • https://security.netapp.com/advisory/ntap-20211018-0001 •
CVSS: 4.7EPSS: 0%CPEs: 16EXPL: 0CVE-2021-27003
https://notcve.org/view.php?id=CVE-2021-27003
12 Oct 2021 — Clustered Data ONTAP versions prior to 9.5P18, 9.6P15, 9.7P14, 9.8P5 and 9.9.1 are missing an X-Frame-Options header which could allow a clickjacking attack. Clustered Data ONTAP versiones anteriores a 9.5P18, 9.6P15, 9.7P14, 9.8P5 y 9.9.1 carecen de un encabezado X-Frame-Options que podría permitir un ataque de clickjacking • https://security.netapp.com/advisory/ntap-20211012-0001 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •