CVE-2022-41974
- EPSS 0.61%
- Veröffentlicht 29.10.2022 19:15:10
- Zuletzt bearbeitet 21.11.2024 07:24:11
multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited alone or in conjunction with CVE-2022-41973. Local users able to write to UNIX domain sockets can bypass access controls and manipulate the multip...
CVE-2022-41973
- EPSS 0.66%
- Veröffentlicht 29.10.2022 18:15:12
- Zuletzt bearbeitet 21.11.2024 07:24:11
multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction with CVE-2022-41974. Local users able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which...
CVE-2022-42916
- EPSS 1.64%
- Veröffentlicht 29.10.2022 02:15:09
- Zuletzt bearbeitet 13.02.2026 20:16:13
In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using its HSTS support, curl can be instructed to use HTTPS directly (instead of using an insecure cleartext HTTP step) even when HTTP is provided in the URL....
CVE-2022-3725
- EPSS 0.8%
- Veröffentlicht 27.10.2022 17:15:10
- Zuletzt bearbeitet 09.05.2025 20:15:37
Crash in the OPUS protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file
CVE-2022-39286
- EPSS 1.06%
- Veröffentlicht 26.10.2022 20:15:10
- Zuletzt bearbeitet 21.11.2024 07:17:57
Jupyter Core is a package for the core common functionality of Jupyter projects. Jupyter Core prior to version 4.11.2 contains an arbitrary code execution vulnerability in `jupyter_core` that stems from `jupyter_core` executing untrusted files in CWD...
CVE-2022-3705
- EPSS 1.2%
- Veröffentlicht 26.10.2022 20:15:10
- Zuletzt bearbeitet 21.11.2024 07:20:04
A vulnerability was found in vim and classified as problematic. Affected by this issue is the function qf_update_buffer of the file quickfix.c of the component autocmd Handler. The manipulation leads to use after free. The attack may be launched remo...
CVE-2022-43680
- EPSS 2.24%
- Veröffentlicht 24.10.2022 14:15:53
- Zuletzt bearbeitet 30.05.2025 20:15:31
In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.
CVE-2021-46848
- EPSS 2.06%
- Veröffentlicht 24.10.2022 14:15:49
- Zuletzt bearbeitet 07.05.2025 15:15:52
GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.
CVE-2022-3640
- EPSS 1.07%
- Veröffentlicht 21.10.2022 15:15:09
- Zuletzt bearbeitet 21.11.2024 07:19:56
A vulnerability, which was classified as critical, was found in Linux Kernel. Affected is the function l2cap_conn_del of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to ap...
CVE-2022-37454
- EPSS 5.19%
- Veröffentlicht 21.10.2022 06:15:09
- Zuletzt bearbeitet 08.05.2025 15:15:47
The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function int...