CVE-2022-39958
- EPSS 0.95%
- Veröffentlicht 20.09.2022 07:15:12
- Zuletzt bearbeitet 03.11.2025 20:15:56
The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass to sequentially exfiltrate small and undetectable sections of data by repeatedly submitting an HTTP Range header field with a small byte range. A restricted resource, acc...
CVE-2022-37032
- EPSS 1.58%
- Veröffentlicht 19.09.2022 22:15:11
- Zuletzt bearbeitet 21.11.2024 07:14:19
An out-of-bounds read in the BGP daemon of FRRouting FRR before 8.4 may lead to a segmentation fault and denial of service. This occurs in bgp_capability_msg_parse in bgpd/bgp_packet.c.
CVE-2022-28201
- EPSS 0.41%
- Veröffentlicht 19.09.2022 21:15:09
- Zuletzt bearbeitet 21.11.2024 06:56:56
An issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. Users with the editinterface permission can trigger infinite recursion, because a bare local interwiki is mishandled for the mainpage message.
CVE-2022-28203
- EPSS 1.16%
- Veröffentlicht 19.09.2022 21:15:09
- Zuletzt bearbeitet 21.11.2024 06:56:56
A denial-of-service issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. When many files exist, requesting Special:NewFiles with actor as a condition can result in a very long running query.
CVE-2022-3235
- EPSS 0.48%
- Veröffentlicht 18.09.2022 20:15:09
- Zuletzt bearbeitet 21.11.2024 07:19:06
Use After Free in GitHub repository vim/vim prior to 9.0.0490.
CVE-2022-40768
- EPSS 0.28%
- Veröffentlicht 18.09.2022 05:15:08
- Zuletzt bearbeitet 21.11.2024 07:22:01
drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.
CVE-2022-3234
- EPSS 0.5%
- Veröffentlicht 17.09.2022 22:15:09
- Zuletzt bearbeitet 21.11.2024 07:19:06
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.
CVE-2022-3176
- EPSS 0.29%
- Veröffentlicht 16.09.2022 14:15:09
- Zuletzt bearbeitet 21.11.2024 07:18:58
There exists a use-after-free in io_uring in the Linux kernel. Signalfd_poll() and binder_poll() use a waitqueue whose lifetime is the current task. It will send a POLLFREE notification to all waiters before the queue is freed. Unfortunately, the io_...
CVE-2022-40149
- EPSS 1.29%
- Veröffentlicht 16.09.2022 10:15:09
- Zuletzt bearbeitet 21.11.2024 07:20:58
Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effe...
CVE-2022-40150
- EPSS 1.26%
- Veröffentlicht 16.09.2022 10:15:09
- Zuletzt bearbeitet 21.11.2024 07:20:59
Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by Out of memory. This effe...