CVE-2022-24917
- EPSS 1.2%
- Veröffentlicht 09.03.2022 20:15:08
- Zuletzt bearbeitet 03.11.2025 22:15:57
An authenticated user can create a link with reflected Javascript code inside it for services’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficu...
CVE-2022-24919
- EPSS 1.2%
- Veröffentlicht 09.03.2022 20:15:08
- Zuletzt bearbeitet 03.11.2025 22:15:57
An authenticated user can create a link with reflected Javascript code inside it for graphs’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult...
CVE-2022-24713
- EPSS 14.46%
- Veröffentlicht 08.03.2022 19:15:08
- Zuletzt bearbeitet 21.11.2024 06:50:55
regex is an implementation of regular expressions for the Rust language. The regex crate features built-in mitigations to prevent denial of service attacks caused by untrusted regexes, or untrusted input matched by trusted regexes. Those (tunable) mi...
CVE-2022-26505
- EPSS 1.58%
- Veröffentlicht 06.03.2022 07:15:07
- Zuletzt bearbeitet 21.11.2024 06:54:04
A DNS rebinding issue in ReadyMedia (formerly MiniDLNA) before 1.3.1 allows a remote web server to exfiltrate media files.
CVE-2022-26495
- EPSS 2.74%
- Veröffentlicht 06.03.2022 06:15:07
- Zuletzt bearbeitet 21.11.2024 06:54:03
In nbd-server in nbd before 3.24, there is an integer overflow with a resultant heap-based buffer overflow. A value of 0xffffffff in the name length field will cause a zero-sized buffer to be allocated for the name, resulting in a write to a dangling...
CVE-2022-26496
- EPSS 3.47%
- Veröffentlicht 06.03.2022 06:15:07
- Zuletzt bearbeitet 21.11.2024 06:54:03
In nbd-server in nbd before 3.24, there is a stack-based buffer overflow. An attacker can cause a buffer overflow in the parsing of the name field by sending a crafted NBD_OPT_INFO or NBD_OPT_GO message with an large value as the length of the name.
CVE-2022-26490
- EPSS 0.43%
- Veröffentlicht 06.03.2022 04:15:07
- Zuletzt bearbeitet 25.06.2025 21:01:34
st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters.
CVE-2022-24921
- EPSS 3.26%
- Veröffentlicht 05.03.2022 20:15:08
- Zuletzt bearbeitet 21.11.2024 06:51:23
regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression.
CVE-2021-20300
- EPSS 0.88%
- Veröffentlicht 04.03.2022 18:15:07
- Zuletzt bearbeitet 21.11.2024 05:46:18
A flaw was found in OpenEXR's hufUncompress functionality in OpenEXR/IlmImf/ImfHuf.cpp. This flaw allows an attacker who can submit a crafted file that is processed by OpenEXR, to trigger an integer overflow. The highest threat from this vulnerabilit...
CVE-2021-20302
- EPSS 0.9%
- Veröffentlicht 04.03.2022 18:15:07
- Zuletzt bearbeitet 21.11.2024 05:46:18
A flaw was found in OpenEXR's TiledInputFile functionality. This flaw allows an attacker who can submit a crafted single-part non-image to be processed by OpenEXR, to trigger a floating-point exception error. The highest threat from this vulnerabilit...