CVE-2022-0130
https://notcve.org/view.php?id=CVE-2022-0130
Tenable.sc versions 5.14.0 through 5.19.1 were found to contain a remote code execution vulnerability which could allow a remote, unauthenticated attacker to execute code under special circumstances. An attacker would first have to stage a specific file type in the web server root of the Tenable.sc host prior to remote exploitation. Se ha detectado que Tenable.sc versiones 5.14.0 a 5.19.1, contienen una vulnerabilidad de ejecución de código remota que podría permitir a un atacante remoto no autenticado ejecutar código en circunstancias especiales. Un atacante tendría que escenificar primero un tipo de archivo específico en el root del servidor web del host de Tenable.sc antes de la explotación remota • https://www.tenable.com/security/tns-2022-01 •
CVE-2022-22822 – expat: Integer overflow in addBinding in xmlparse.c
https://notcve.org/view.php?id=CVE-2022-22822
addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. la función addBinding en el archivo xmlparse.c en Expat (también se conoce como libexpat) antes de 2.4.3 presenta un desbordamiento de enteros expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability confidentiality and integrity. • http://www.openwall.com/lists/oss-security/2022/01/17/3 https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf https://github.com/libexpat/libexpat/pull/539 https://security.gentoo.org/glsa/202209-24 https://www.debian.org/security/2022/dsa-5073 https://www.tenable.com/security/tns-2022-05 https://access.redhat.com/security/cve/CVE-2022-22822 https://bugzilla.redhat.com/show_bug.cgi?id=2044457 • CWE-190: Integer Overflow or Wraparound •
CVE-2022-22823 – expat: Integer overflow in build_model in xmlparse.c
https://notcve.org/view.php?id=CVE-2022-22823
build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. la función build_model en el archivo xmlparse.c en Expat (también se conoce como libexpat) versiones anteriores a 2.4.3, presenta un desbordamiento de enteros expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity. • http://www.openwall.com/lists/oss-security/2022/01/17/3 https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf https://github.com/libexpat/libexpat/pull/539 https://security.gentoo.org/glsa/202209-24 https://www.debian.org/security/2022/dsa-5073 https://www.tenable.com/security/tns-2022-05 https://access.redhat.com/security/cve/CVE-2022-22823 https://bugzilla.redhat.com/show_bug.cgi?id=2044464 • CWE-190: Integer Overflow or Wraparound •
CVE-2022-22824 – expat: Integer overflow in defineAttribute in xmlparse.c
https://notcve.org/view.php?id=CVE-2022-22824
defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. la función defineAttribute en el archivo xmlparse.c en Expat (también se conoce como libexpat) versiones anteriores a 2.4.3, presenta un desbordamiento de enteros expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity. • http://www.openwall.com/lists/oss-security/2022/01/17/3 https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf https://github.com/libexpat/libexpat/pull/539 https://security.gentoo.org/glsa/202209-24 https://www.debian.org/security/2022/dsa-5073 https://www.tenable.com/security/tns-2022-05 https://access.redhat.com/security/cve/CVE-2022-22824 https://bugzilla.redhat.com/show_bug.cgi?id=2044467 • CWE-190: Integer Overflow or Wraparound •
CVE-2022-22825 – expat: Integer overflow in lookup in xmlparse.c
https://notcve.org/view.php?id=CVE-2022-22825
lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. la función lookup en el archivo xmlparse.c en Expat (también se conoce como libexpat) versiones anteriores a 2.4.3, presenta un desbordamiento de enteros expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity. • http://www.openwall.com/lists/oss-security/2022/01/17/3 https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf https://github.com/libexpat/libexpat/pull/539 https://security.gentoo.org/glsa/202209-24 https://www.debian.org/security/2022/dsa-5073 https://www.tenable.com/security/tns-2022-05 https://access.redhat.com/security/cve/CVE-2022-22825 https://bugzilla.redhat.com/show_bug.cgi?id=2044479 • CWE-190: Integer Overflow or Wraparound •