CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2021-42613
https://notcve.org/view.php?id=CVE-2021-42613
A double free in cleanup_index in index.c in Halibut 1.2 allows an attacker to cause a denial of service or possibly have other unspecified impact via a crafted text document. Una doble liberación en la función cleanup_index en el archivo index.c en Halibut versión 1.2, permite a un atacante causar una denegación de servicio o posiblemente tener otro impacto no especificado por medio de un documento de texto diseñado • https://carteryagemann.com/halibut-case-study.html#poc-halibut-winhelp-df https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CC7UZ7NRXDA7YSCSGWE2CBQM7OZS3K2R • CWE-415: Double Free •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2021-42612
https://notcve.org/view.php?id=CVE-2021-42612
A use after free in cleanup_index in index.c in Halibut 1.2 allows an attacker to cause a segmentation fault or possibly have other unspecified impact via a crafted text document. Un uso de memoria previamente liberada en la función cleanup_index en el archivo index.c en Halibut versión 1.2, permite a un atacante causar un fallo de segmentación o posiblemente tener otro impacto no especificado por medio de un documento de texto diseñado • https://carteryagemann.com/halibut-case-study.html#poc-halibut-text-uaf https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CC7UZ7NRXDA7YSCSGWE2CBQM7OZS3K2R • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-29217 – Key confusion through non-blocklisted public key formats in PyJWT
https://notcve.org/view.php?id=CVE-2022-29217
PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choose the used signing algorithm. The PyJWT library requires that the application chooses what algorithms are supported. The application can specify `jwt.algorithms.get_default_algorithms()` to get support for all algorithms, or specify a single algorithm. • https://github.com/jpadilla/pyjwt/commit/9c528670c455b8d948aff95ed50e22940d1ad3fc https://github.com/jpadilla/pyjwt/releases/tag/2.4.0 https://github.com/jpadilla/pyjwt/security/advisories/GHSA-ffqj-6fqr-9h24 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5PK7IQCBVNLYJEFTPHBBPFP72H4WUFNX https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6HIYEYZRQEP6QTHT3EHH3RGFYJIHIMAO • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 1CVE-2022-30600
https://notcve.org/view.php?id=CVE-2022-30600
A flaw was found in moodle where logic used to count failed login attempts could result in the account lockout threshold being bypassed. Se ha encontrado un fallo en moodle en el que la lógica usada para contar los intentos de inicio de sesión fallidos podía resultar en que sea omitido el umbral de bloqueo de la cuenta • https://github.com/Boonjune/POC-CVE-2022-30600 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-73736 https://bugzilla.redhat.com/show_bug.cgi?id=2083613 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OGF35EN5K2R6X3NTY3XPZSJ3UDASMXI6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PIMSIRKCFLIC646K4GMUSZU7THOUVPAJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q • CWE-682: Incorrect Calculation •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-30599
https://notcve.org/view.php?id=CVE-2022-30599
A flaw was found in moodle where an SQL injection risk was identified in Badges code relating to configuring criteria. Se encontró un fallo en moodle donde se identificó un riesgo de inyección SQL en el código de Badges relacionado con la configuración de criterios • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-74333 https://bugzilla.redhat.com/show_bug.cgi?id=2083610 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OGF35EN5K2R6X3NTY3XPZSJ3UDASMXI6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PIMSIRKCFLIC646K4GMUSZU7THOUVPAJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QCTWSE3JDMSYL7DPCMXMMJEXZSS6VIA5 https://moodle.org/mod/foru • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •