CVE-2022-23518
- EPSS 0.87%
- Veröffentlicht 14.12.2022 17:15:10
- Zuletzt bearbeitet 03.11.2025 22:15:56
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Versions >= 1.0.3, < 1.4.4 are vulnerable to cross-site scripting via data URIs when used in combination with Loofah >= 2.1.0. This issue is patched in version 1...
CVE-2022-23515
- EPSS 0.79%
- Veröffentlicht 14.12.2022 14:15:10
- Zuletzt bearbeitet 03.11.2025 22:15:56
Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah >= 2.1.0, < 2.19.1 is vulnerable to cross-site scripting via the image/svg+xml media type in data URIs. This issue is pat...
CVE-2022-45685
- EPSS 1.4%
- Veröffentlicht 13.12.2022 15:15:11
- Zuletzt bearbeitet 22.04.2025 04:15:23
A stack overflow in Jettison before v1.5.2 allows attackers to cause a Denial of Service (DoS) via crafted JSON data.
CVE-2022-45693
- EPSS 1.4%
- Veröffentlicht 13.12.2022 15:15:11
- Zuletzt bearbeitet 22.04.2025 15:16:05
Jettison before v1.5.2 was discovered to contain a stack overflow via the map parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string.
CVE-2022-41915
- EPSS 0.89%
- Veröffentlicht 13.12.2022 07:15:13
- Zuletzt bearbeitet 21.11.2024 07:24:03
Netty project is an event-driven asynchronous network application framework. Starting in version 4.1.83.Final and prior to 4.1.86.Final, when calling `DefaultHttpHeadesr.set` with an _iterator_ of values, header value validation was not performed, al...
CVE-2022-41881
- EPSS 1.47%
- Veröffentlicht 12.12.2022 18:15:12
- Zuletzt bearbeitet 21.11.2024 07:23:58
Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version...
CVE-2022-23484
- EPSS 0.72%
- Veröffentlicht 09.12.2022 18:15:17
- Zuletzt bearbeitet 21.11.2024 06:48:39
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Integer Overflow in xrdp_mm_process_rail_update_window_text() function. There are no known work...
CVE-2022-23493
- EPSS 0.89%
- Veröffentlicht 09.12.2022 18:15:17
- Zuletzt bearbeitet 21.11.2024 06:48:40
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in xrdp_mm_trans_process_drdynvc_channel_close() function. There are no known...
CVE-2022-23481
- EPSS 0.73%
- Veröffentlicht 09.12.2022 18:15:16
- Zuletzt bearbeitet 21.11.2024 06:48:39
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in xrdp_caps_process_confirm_active() function. There are no known workaround...
CVE-2022-23482
- EPSS 0.73%
- Veröffentlicht 09.12.2022 18:15:16
- Zuletzt bearbeitet 21.11.2024 06:48:39
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in xrdp_sec_process_mcs_data_CS_CORE() function. There are no known workaroun...