CVE-2022-32292
- EPSS 1.71%
- Published 03.08.2022 14:15:08
- Last modified 21.11.2024 07:06:07
In ConnMan through 1.41, remote attackers able to send HTTP requests to the gweb component are able to exploit a heap-based buffer overflow in received_data to execute code.
CVE-2022-32293
- EPSS 0.35%
- Published 03.08.2022 14:15:08
- Last modified 21.11.2024 07:06:07
In ConnMan through 1.41, a man-in-the-middle attack against a WISPR HTTP query could be used to trigger a use-after-free in WISPR handling, leading to crashes or code execution.
CVE-2022-36359
- EPSS 0.59%
- Published 03.08.2022 14:15:08
- Last modified 21.11.2024 07:12:51
An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.0.7. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a FileResponse when the filena...
CVE-2022-2598
- EPSS 0.08%
- Published 01.08.2022 15:15:09
- Last modified 21.11.2024 07:01:19
Out-of-bounds Write to API in GitHub repository vim/vim prior to 9.0.0100.
CVE-2022-2509
- EPSS 0.7%
- Published 01.08.2022 14:15:09
- Last modified 21.11.2024 07:01:08
A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function.
CVE-2022-34526
- EPSS 0.22%
- Published 29.07.2022 23:15:08
- Last modified 21.11.2024 07:09:42
A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit v4.4.0. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted TIFF file parsed by the "tiffsplit" or "tiffcrop" utilities.
- EPSS 8.13%
- Published 28.07.2022 22:15:08
- Last modified 21.11.2024 07:02:30
Horde Groupware Webmail Edition through 5.2.22 allows a reflection injection attack through which an attacker can instantiate a driver class. This then leads to arbitrary deserialization of PHP objects.
CVE-2022-2553
- EPSS 0.15%
- Published 28.07.2022 15:15:07
- Last modified 21.11.2024 07:01:14
The authfile directive in the booth config file is ignored, preventing use of authentication in communications from node to node. As a result, nodes that do not have the correct authentication key are not prevented from communicating with other nodes...
CVE-2022-36946
- EPSS 4.2%
- Published 27.07.2022 20:15:08
- Last modified 05.05.2025 16:15:18
nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encou...
CVE-2022-36879
- EPSS 0.04%
- Published 27.07.2022 04:15:10
- Last modified 05.05.2025 16:15:17
An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice.