CVE-2022-0711
- EPSS 16.56%
- Veröffentlicht 02.03.2022 22:15:08
- Zuletzt bearbeitet 21.11.2024 06:39:14
A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header. This flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop, eventually resulting in a denial of service cond...
CVE-2022-0577
- EPSS 1.24%
- Veröffentlicht 02.03.2022 04:15:06
- Zuletzt bearbeitet 21.11.2024 06:38:57
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository scrapy/scrapy prior to 2.6.1.
- EPSS 2.6%
- Veröffentlicht 01.03.2022 23:15:08
- Zuletzt bearbeitet 21.11.2024 06:50:56
image_processing is an image processing wrapper for libvips and ImageMagick/GraphicsMagick. Prior to version 1.12.2, using the `#apply` method from image_processing to apply a series of operations that are coming from unsanitized user input allows th...
CVE-2022-23308
- EPSS 6.01%
- Veröffentlicht 26.02.2022 05:15:08
- Zuletzt bearbeitet 05.05.2025 17:17:56
valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.
CVE-2022-21824
- EPSS 21.51%
- Veröffentlicht 24.02.2022 19:15:10
- Zuletzt bearbeitet 21.11.2024 06:45:30
Due to the formatting logic of the "console.table()" function it was not safe to allow user controlled input to be passed to the "properties" parameter while simultaneously passing a plain object with at least one property as the first parameter, whi...
CVE-2021-3596
- EPSS 1.89%
- Veröffentlicht 24.02.2022 19:15:09
- Zuletzt bearbeitet 21.11.2024 06:21:55
A NULL pointer dereference flaw was found in ImageMagick in versions prior to 7.0.10-31 in ReadSVGImage() in coders/svg.c. This issue is due to not checking the return value from libxml2's xmlCreatePushParserCtxt() and uses the value directly, which ...
- EPSS 0.3%
- Veröffentlicht 24.02.2022 19:15:09
- Zuletzt bearbeitet 21.11.2024 06:21:57
An integer overflow was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest due to improper input validation. This flaw allows a ...
- EPSS 0.36%
- Veröffentlicht 24.02.2022 19:15:09
- Zuletzt bearbeitet 21.11.2024 06:21:58
A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest and may result in a crash of QEMU or cause undefined behavior due ...
CVE-2021-3700
- EPSS 0.31%
- Veröffentlicht 24.02.2022 19:15:09
- Zuletzt bearbeitet 21.11.2024 06:22:11
A use-after-free vulnerability was found in usbredir in versions prior to 0.11.0 in the usbredirparser_serialize() in usbredirparser/usbredirparser.c. This issue occurs when serializing large amounts of buffered write data in the case of a slow or bl...
CVE-2021-44532
- EPSS 10.36%
- Veröffentlicht 24.02.2022 19:15:09
- Zuletzt bearbeitet 21.11.2024 06:31:10
Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (Subject Alternative Names) to a string format. It uses this string to check peer certificates against hostnames when validating connections. The string format was subject to an inje...