CVE-2022-30594
- EPSS 0.8%
- Veröffentlicht 12.05.2022 05:15:06
- Zuletzt bearbeitet 21.11.2024 07:02:59
The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag.
CVE-2022-1434
- EPSS 1.03%
- Veröffentlicht 03.05.2022 16:15:18
- Zuletzt bearbeitet 21.11.2024 06:40:43
The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to modify data being s...
CVE-2022-29824
- EPSS 3.63%
- Veröffentlicht 03.05.2022 03:15:06
- Zuletzt bearbeitet 21.11.2024 06:59:45
In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte...
CVE-2022-29968
- EPSS 1.07%
- Veröffentlicht 02.05.2022 04:15:10
- Zuletzt bearbeitet 21.11.2024 07:00:05
An issue was discovered in the Linux kernel through 5.17.5. io_rw_init_file in fs/io_uring.c lacks initialization of kiocb->private.
- EPSS 48.24%
- Veröffentlicht 19.04.2022 21:15:16
- Zuletzt bearbeitet 21.11.2024 06:44:43
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 17.0.2 and 18; Oracle GraalVM Enterprise Edition: 21.3.1 and 22.0.0.2. E...
- EPSS 2.54%
- Veröffentlicht 19.04.2022 21:15:15
- Zuletzt bearbeitet 21.11.2024 06:44:41
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20...
- EPSS 3.2%
- Veröffentlicht 19.04.2022 21:15:15
- Zuletzt bearbeitet 21.11.2024 06:44:40
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5,...
CVE-2022-28893
- EPSS 0.4%
- Veröffentlicht 11.04.2022 05:15:07
- Zuletzt bearbeitet 21.11.2024 06:58:09
The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state.
- EPSS 0.32%
- Veröffentlicht 08.04.2022 05:15:07
- Zuletzt bearbeitet 21.11.2024 06:57:57
jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition.
CVE-2021-3772
- EPSS 1.24%
- Veröffentlicht 02.03.2022 23:15:09
- Zuletzt bearbeitet 21.11.2024 06:22:23
A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP ad...