CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2022-3620 – Exim DMARC dmarc.c dmarc_dns_lookup use after free
https://notcve.org/view.php?id=CVE-2022-3620
20 Oct 2022 — A vulnerability was found in Exim and classified as problematic. This issue affects the function dmarc_dns_lookup of the file dmarc.c of the component DMARC Handler. The manipulation leads to use after free. The attack may be initiated remotely. The name of the patch is 12fb3842f81bcbd4a4519d5728f2d7e0e3ca1445. • https://git.exim.org/exim.git/commit/12fb3842f81bcbd4a4519d5728f2d7e0e3ca1445 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-416: Use After Free •
CVSS: 5.3EPSS: 0%CPEs: 157EXPL: 0CVE-2022-21540 – OpenJDK: class compilation issue (Hotspot, 8281859)
https://notcve.org/view.php?id=CVE-2022-21540
19 Jul 2022 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in u... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L • CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak') •
CVSS: 5.9EPSS: 0%CPEs: 156EXPL: 0CVE-2022-21541 – OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866)
https://notcve.org/view.php?id=CVE-2022-21541
19 Jul 2022 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 10%CPEs: 159EXPL: 4CVE-2022-34169 – Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets
https://notcve.org/view.php?id=CVE-2022-34169
19 Jul 2022 — The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan. La biblioteca Apache Xalan Java XSLT es vulnerable a un problema de truncamiento de enteros cuando procesa hojas de estilo XSLT mali... • https://packetstorm.news/files/id/168186 • CWE-192: Integer Coercion Error CWE-681: Incorrect Conversion between Numeric Types •
CVSS: 8.7EPSS: 0%CPEs: 22EXPL: 2CVE-2021-22543 – Improper memory handling in Linux KVM
https://notcve.org/view.php?id=CVE-2021-22543
26 May 2021 — An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allows users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation. Se detectó un problema en Linux: KVM mediante del manejo inapropiado de Los vmas VM_IO|VM_PFNMAP en KVM pueden omitir unas comprobaciones RO y puede conllevar a que las pági... • https://packetstorm.news/files/id/179984 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-863: Incorrect Authorization •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2020-14312
https://notcve.org/view.php?id=CVE-2020-14312
05 Feb 2021 — A flaw was found in the default configuration of dnsmasq, as shipped with Fedora versions prior to 31 and in all versions Red Hat Enterprise Linux, where it listens on any interface and accepts queries from addresses outside of its local subnet. In particular, the option `local-service` is not enabled. Running dnsmasq in this manner may inadvertently make it an open resolver accessible from any address on the internet. This flaw allows an attacker to conduct a Distributed Denial of Service (DDoS) against ot... • https://bugzilla.redhat.com/show_bug.cgi?id=1851342 • CWE-284: Improper Access Control •
CVSS: 5.9EPSS: 1%CPEs: 4EXPL: 0CVE-2013-0294
https://notcve.org/view.php?id=CVE-2013-0294
28 Jan 2020 — packet.py in pyrad before 2.1 uses weak random numbers to generate RADIUS authenticators and hash passwords, which makes it easier for remote attackers to obtain sensitive information via a brute force attack. El archivo packet.py en pyrad versiones anteriores a 2.1, utiliza números aleatorios débiles para generar autenticadores RADIUS y contraseñas de hash, lo que facilita a atacantes remotos obtener información confidencial por medio de un ataque de fuerza bruta. • http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115677.html • CWE-330: Use of Insufficiently Random Values •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2013-1895
https://notcve.org/view.php?id=CVE-2013-1895
28 Jan 2020 — The py-bcrypt module before 0.3 for Python does not properly handle concurrent memory access, which allows attackers to bypass authentication via multiple authentication requests, which trigger the password hash to be overwritten. El módulo py-bcrypt versiones anteriores a 0.3 para Python, no maneja apropiadamente el acceso concurrente a la memoria, que permite a atacantes omitir la autenticación por medio de múltiples peticiones de autenticación, lo que desencadena que el hash de contraseña se sobrescriba. • http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101382.html • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2013-1437
https://notcve.org/view.php?id=CVE-2013-1437
28 Jan 2020 — Eval injection vulnerability in the Module-Metadata module before 1.000015 for Perl allows remote attackers to execute arbitrary Perl code via the $Version value. Una vulnerabilidad de inyección de Eval en el módulo Module-Metadata versiones anteriores a 1.000015 para Perl, permite a atacantes remotos ejecutar código de Perl arbitrario por medio del valor $Version. • http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114904.html • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2013-4752
https://notcve.org/view.php?id=CVE-2013-4752
02 Jan 2020 — Symfony 2.0.X before 2.0.24, 2.1.X before 2.1.12, 2.2.X before 2.2.5, and 2.3.X before 2.3.3 have an issue in the HttpFoundation component. The Host header can be manipulated by an attacker when the framework is generating an absolute URL. A remote attacker could exploit this vulnerability to inject malicious content into the Web application page and conduct various attacks. Symfony versiones 2.0.X anteriores a 2.0.24, versiones 2.1.X anteriores a 2.1.12, versiones 2.2.X anteriores a 2.2.5 y versiones 2.3.X... • http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114450.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •