CVE-2022-46140
- EPSS 0.11%
- Published 13.12.2022 16:15:25
- Last modified 14.01.2025 11:15:10
Affected devices use a weak encryption scheme to encrypt the debug zip file. This could allow an authenticated attacker to decrypt the contents of the file and retrieve debug information about the system.
CVE-2022-46142
- EPSS 0.07%
- Published 13.12.2022 16:15:25
- Last modified 14.01.2025 11:15:11
Affected devices store the CLI user passwords encrypted in flash memory. Attackers with physical access to the device could retrieve the file and decrypt the CLI user passwords.
CVE-2022-46143
- EPSS 0.28%
- Published 13.12.2022 16:15:25
- Last modified 14.01.2025 11:15:11
Affected devices do not check the TFTP blocksize correctly. This could allow an authenticated attacker to read from an uninitialized buffer that potentially contains previously allocated data.
CVE-2022-32205
- EPSS 1.4%
- Published 07.07.2022 13:15:08
- Last modified 05.05.2025 17:18:12
A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this, or other servers to which the...
CVE-2022-32206
- EPSS 2.57%
- Published 07.07.2022 13:15:08
- Last modified 05.05.2025 17:18:13
curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allo...
CVE-2022-30065
- EPSS 0.6%
- Published 18.05.2022 15:15:10
- Last modified 21.11.2024 07:02:09
A use-after-free in Busybox 1.35-x's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the copyvar function.
CVE-2018-25032
- EPSS 0.09%
- Published 25.03.2022 09:15:08
- Last modified 21.08.2025 20:37:11
zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.