CVE-2022-26363
- EPSS 0.34%
- Veröffentlicht 09.06.2022 17:15:08
- Zuletzt bearbeitet 21.11.2024 06:53:50
x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen maintains a type reference count for pages, in addition to a reg...
CVE-2022-2000
- EPSS 1.53%
- Veröffentlicht 09.06.2022 16:15:08
- Zuletzt bearbeitet 03.11.2025 21:15:51
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.
CVE-2022-31031
- EPSS 1.81%
- Veröffentlicht 09.06.2022 16:15:08
- Zuletzt bearbeitet 04.11.2025 16:15:49
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions prior to and including 2.12.1 a stack buffer overflow vulnerability a...
CVE-2022-31214
- EPSS 0.38%
- Veröffentlicht 09.06.2022 16:15:08
- Zuletzt bearbeitet 21.11.2024 07:04:08
A Privilege Context Switching issue was discovered in join.c in Firejail 0.9.68. By crafting a bogus Firejail container that is accepted by the Firejail setuid-root program as a join target, a local attacker can enter an environment in which the Linu...
CVE-2022-31030
- EPSS 0.38%
- Veröffentlicht 09.06.2022 14:15:08
- Zuletzt bearbeitet 21.11.2024 07:03:44
containerd is an open source container runtime. A bug was found in the containerd's CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the `ExecSync` API. This can...
- EPSS 1.57%
- Veröffentlicht 07.06.2022 18:15:10
- Zuletzt bearbeitet 21.11.2024 04:52:42
PhoneSystem Terminal in 3CX Phone System (Debian based installation) 16.0.0.1570 allows an attacker to gain root privileges by using sudo with the tcpdump command, without a password. This occurs because the -z (aka postrotate-command) option to tcpd...
- EPSS 1.61%
- Veröffentlicht 07.06.2022 18:15:10
- Zuletzt bearbeitet 21.11.2024 04:52:42
PhoneSystem Terminal in 3CX Phone System (Debian based installation) 16.0.0.1570 allows an authenticated attacker to run arbitrary commands with the phonesystem user privileges because of "<space><space> followed by <shift><enter>" mishandling.
CVE-2022-32250
- EPSS 2.88%
- Veröffentlicht 02.06.2022 21:15:07
- Zuletzt bearbeitet 21.11.2024 07:06:01
net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free.
CVE-2022-31799
- EPSS 1.87%
- Veröffentlicht 02.06.2022 14:15:58
- Zuletzt bearbeitet 21.11.2024 07:05:21
Bottle before 0.12.20 mishandles errors during early request binding.
CVE-2022-27781
- EPSS 2.43%
- Veröffentlicht 02.06.2022 14:15:44
- Zuletzt bearbeitet 27.05.2026 14:16:38
libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending bus...