CVE-2022-24439
- EPSS 5.38%
- Veröffentlicht 06.12.2022 05:15:11
- Zuletzt bearbeitet 03.11.2025 22:15:57
All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possibl...
CVE-2022-30122
- EPSS 2.06%
- Veröffentlicht 05.12.2022 22:15:10
- Zuletzt bearbeitet 21.11.2024 07:02:12
A possible denial of service vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 in the multipart parsing component of Rack.
- EPSS 1.8%
- Veröffentlicht 05.12.2022 22:15:10
- Zuletzt bearbeitet 21.11.2024 07:02:12
A sequence injection vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 which could allow is a possible shell escape in the Lint and CommonLogger components of Rack.
CVE-2022-32221
- EPSS 4.33%
- Veröffentlicht 05.12.2022 22:15:10
- Zuletzt bearbeitet 13.02.2026 20:16:13
When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request wh...
CVE-2022-35255
- EPSS 1.87%
- Veröffentlicht 05.12.2022 22:15:10
- Zuletzt bearbeitet 24.04.2025 14:15:32
A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource() in SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc. There are two problems with this: 1) It does not check the return value, i...
CVE-2022-35256
- EPSS 2.59%
- Veröffentlicht 05.12.2022 22:15:10
- Zuletzt bearbeitet 24.04.2025 14:15:32
The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling.
CVE-2022-43548
- EPSS 14.02%
- Veröffentlicht 05.12.2022 22:15:10
- Zuletzt bearbeitet 24.04.2025 14:15:38
A OS Command Injection vulnerability exists in Node.js versions <14.21.1, <16.18.1, <18.12.1, <19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid befor...
CVE-2022-46391
- EPSS 0.66%
- Veröffentlicht 04.12.2022 03:15:09
- Zuletzt bearbeitet 24.04.2025 16:15:23
AWStats 7.x through 7.8 allows XSS in the hostinfo plugin due to printing a response from Net::XWhois without proper checks.
CVE-2021-37533
- EPSS 1.86%
- Veröffentlicht 03.12.2022 15:15:09
- Zuletzt bearbeitet 24.04.2025 16:15:18
Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. T...
CVE-2022-46338
- EPSS 0.66%
- Veröffentlicht 30.11.2022 06:15:11
- Zuletzt bearbeitet 24.04.2025 19:15:44
g810-led 0.4.2, a LED configuration tool for Logitech Gx10 keyboards, contained a udev rule to make supported device nodes world-readable and writable, allowing any process on the system to read traffic from keyboards, including sensitive data.