CVE-2022-45442
- EPSS 0.64%
- Veröffentlicht 28.11.2022 21:15:10
- Zuletzt bearbeitet 04.11.2025 16:15:52
Sinatra is a domain-specific language for creating web applications in Ruby. An issue was discovered in Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Dispos...
CVE-2022-45939
- EPSS 0.63%
- Veröffentlicht 28.11.2022 06:15:10
- Zuletzt bearbeitet 28.04.2025 19:15:46
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may u...
CVE-2022-45934
- EPSS 0.75%
- Veröffentlicht 27.11.2022 04:15:10
- Zuletzt bearbeitet 29.04.2025 14:15:30
An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets.
CVE-2022-24999
- EPSS 14.66%
- Veröffentlicht 26.11.2022 22:15:10
- Zuletzt bearbeitet 29.04.2025 14:15:20
qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an __ proto__ key can be used. In many typical Express use cases, an unauthenticated remote attack...
CVE-2022-44789
- EPSS 2.25%
- Veröffentlicht 23.11.2022 21:15:11
- Zuletzt bearbeitet 25.04.2025 20:15:35
A logical issue in O_getOwnPropertyDescriptor() in Artifex MuJS 1.0.0 through 1.3.x before 1.3.2 allows an attacker to achieve Remote Code Execution through memory corruption, via the loading of a crafted JavaScript file.
CVE-2022-41946
- EPSS 0.48%
- Veröffentlicht 23.11.2022 20:15:10
- Zuletzt bearbeitet 03.11.2025 22:16:00
pgjdbc is an open source postgresql JDBC Driver. In affected versions a prepared statement using either `PreparedStatement.setText(int, InputStream)` or `PreparedStatemet.setBytea(int, InputStream)` will create a temporary file if the InputStream is ...
CVE-2022-36227
- EPSS 1.94%
- Veröffentlicht 22.11.2022 02:15:11
- Zuletzt bearbeitet 03.11.2025 22:15:59
In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. NOTE: the discoverer cites this CWE-476...
CVE-2022-44641
- EPSS 0.97%
- Veröffentlicht 18.11.2022 21:15:11
- Zuletzt bearbeitet 29.04.2025 19:15:52
In Linaro Automated Validation Architecture (LAVA) before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive use of memory on the server and a Denial of Service.
CVE-2022-41916
- EPSS 0.89%
- Veröffentlicht 15.11.2022 23:15:27
- Zuletzt bearbeitet 21.11.2024 07:24:03
Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Versions prior to 7.7.1 are vulnerable to a denial of service vulnerability in Heimdal's PKI certificate validation library, affecting the KDC (via PKINIT) and kinit (via PKINIT), as well...
CVE-2022-3970
- EPSS 1.24%
- Veröffentlicht 13.11.2022 08:15:16
- Zuletzt bearbeitet 21.11.2024 07:20:38
A vulnerability was found in LibTIFF. It has been classified as critical. This affects the function TIFFReadRGBATileExt of the file libtiff/tif_getimage.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. Th...