CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 2CVE-2021-22569 – Denial of Service of protobuf-java parsing procedure
https://notcve.org/view.php?id=CVE-2021-22569
07 Jan 2022 — An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause frequent, repeated pauses. We recommend upgrading libraries beyond the vulnerable versions. Un problema en protobuf-java permitía intercalar campos com.google.protobuf.UnknownFieldSet de tal manera que eran procesados fuera de orden. U... • https://github.com/Mario-Kart-Felix/A-potential-Denial-of-Service-issue-in-protobuf-java • CWE-696: Incorrect Behavior Order •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 2CVE-2021-45943 – Debian Security Advisory 5239-1
https://notcve.org/view.php?id=CVE-2021-45943
31 Dec 2021 — GDAL 3.3.0 through 3.4.0 has a heap-based buffer overflow in PCIDSK::CPCIDSKFile::ReadFromFile (called from PCIDSK::CPCIDSKSegment::ReadFromFile and PCIDSK::CPCIDSKBinarySegment::CPCIDSKBinarySegment). GDAL versiones 3.3.0 hasta 3.4.0, presenta un desbordamiento de búfer en la región heap de la memoria en la función PCIDSK::CPCIDSKFile::ReadFromFile (llamado desde PCIDSK::CPCIDSKSegment::ReadFromFile y PCIDSK::CPCIDSKBinarySegment::CPCIDSKBinarySegment). A heap-based buffer overflow vulnerability was discov... • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41993 • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 1%CPEs: 429EXPL: 0CVE-2019-10219 – hibernate-validator: safeHTML validator allows XSS
https://notcve.org/view.php?id=CVE-2019-10219
08 Nov 2019 — A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack. Una vulnerabilidad fue encontrada en Hibernate-Validator. La anotación del validador SafeHtml no puede sanear apropiadamente las cargas útiles que consisten en código potencialmente malicioso en los comentarios e instrucciones HTML. • https://access.redhat.com/errata/RHSA-2020:0159 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •