CVE-2022-33747
- EPSS 0.26%
- Veröffentlicht 11.10.2022 13:15:10
- Zuletzt bearbeitet 21.11.2024 07:08:27
Arm: unbounded memory consumption for 2nd-level page tables Certain actions require e.g. removing pages from a guest's P2M (Physical-to-Machine) mapping. When large pages are in use to map guest pages in the 2nd-stage page tables, such a removal oper...
CVE-2022-33748
- EPSS 0.25%
- Veröffentlicht 11.10.2022 13:15:10
- Zuletzt bearbeitet 21.11.2024 07:08:27
lock order inversion in transitive grant copy handling As part of XSA-226 a missing cleanup call was inserted on an error handling path. While doing so, locking requirements were not paid attention to. As a result two cooperating guests granting each...
CVE-2022-42010
- EPSS 0.83%
- Veröffentlicht 10.10.2022 00:15:09
- Zuletzt bearbeitet 09.06.2025 15:15:27
An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid typ...
CVE-2022-42011
- EPSS 1.31%
- Veröffentlicht 10.10.2022 00:15:09
- Zuletzt bearbeitet 09.06.2025 15:15:28
An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is...
CVE-2022-42012
- EPSS 1.31%
- Veröffentlicht 10.10.2022 00:15:09
- Zuletzt bearbeitet 09.06.2025 15:15:28
An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descripto...
CVE-2022-3435
- EPSS 3.68%
- Veröffentlicht 08.10.2022 11:15:10
- Zuletzt bearbeitet 21.11.2024 07:19:30
A vulnerability classified as problematic has been found in Linux Kernel. This affects the function fib_nh_match of the file net/ipv4/fib_semantics.c of the component IPv4 Handler. The manipulation leads to out-of-bounds read. It is possible to initi...
CVE-2022-3275
- EPSS 2.09%
- Veröffentlicht 07.10.2022 21:15:11
- Zuletzt bearbeitet 21.11.2024 07:19:11
Command injection is possible in the puppetlabs-apt module prior to version 9.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of...
CVE-2022-2929
- EPSS 0.62%
- Veröffentlicht 07.10.2022 05:15:11
- Zuletzt bearbeitet 21.11.2024 07:01:56
In ISC DHCP 1.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1 a system with access to a DHCP server, sending DHCP packets crafted to include fqdn labels longer than 63 bytes, could eventually cause the server to run out of memory.
CVE-2022-2928
- EPSS 0.66%
- Veröffentlicht 07.10.2022 05:15:08
- Zuletzt bearbeitet 21.11.2024 07:01:56
In ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1, when the function option_code_hash_lookup() is called from add_option(), it increases the option's refcount field. However, there is not a corresponding call to option_dereference() t...
CVE-2022-41556
- EPSS 2.71%
- Veröffentlicht 06.10.2022 18:17:03
- Zuletzt bearbeitet 21.11.2024 07:23:23
A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP/1.1 chunked...