CVE-2022-33745
- EPSS 0.05%
- Published 26.07.2022 13:15:10
- Last modified 21.11.2024 07:08:27
insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. To address XSA-401, code was moved inside a function in Xen. This code ...
CVE-2022-26306
- EPSS 0.52%
- Published 25.07.2022 15:15:09
- Last modified 21.11.2024 06:53:43
LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where the required initialization ...
CVE-2022-26307
- EPSS 0.22%
- Published 25.07.2022 15:15:09
- Last modified 21.11.2024 06:53:43
LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where master key was poorly encode...
CVE-2020-7677
- EPSS 0.2%
- Published 25.07.2022 14:15:10
- Last modified 21.11.2024 05:37:35
This affects the package thenify before 3.3.1. The name argument provided to the package can be controlled by users without any sanitization, and this is provided to the eval function without any sanitization.
CVE-2021-46829
- EPSS 0.65%
- Published 24.07.2022 19:15:10
- Last modified 21.11.2024 06:34:46
GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buffer overflow when compositing or clearing frames in GIF files, as demonstrated by io-gif-animation.c composite_frame. This overflow is controllable and could be abused for code exe...
CVE-2022-31163
- EPSS 6.57%
- Published 22.07.2022 04:15:14
- Last modified 21.11.2024 07:04:02
TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using time zone rules. Versions prior to 0.36.1, as well as those prior to 1.2.10 when used with the Ruby data source tzinfo-data, are vulnerable to rela...
CVE-2022-31160
- EPSS 10.94%
- Published 20.07.2022 20:15:08
- Last modified 21.11.2024 07:04:01
jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Versions prior to 1.13.2 are potentially vulnerable to cross-site scripting. Initializing a checkboxradio widget on an input enclosed with...
CVE-2021-46828
- EPSS 1.2%
- Published 20.07.2022 06:15:07
- Last modified 05.05.2025 17:17:29
In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svc_run infinite loop without accepting new connections.
CVE-2022-21549
- EPSS 0.2%
- Published 19.07.2022 22:15:12
- Last modified 21.11.2024 06:44:56
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 17.0.3.1; Oracle GraalVM Enterprise Edition: 21.3.2 and 22.1.0. Easily e...
CVE-2022-21540
- EPSS 0.38%
- Published 19.07.2022 22:15:11
- Last modified 21.11.2024 06:44:55
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edi...