CVE-2022-39958
- EPSS 0.95%
- Veröffentlicht 20.09.2022 07:15:12
- Zuletzt bearbeitet 03.11.2025 20:15:56
The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass to sequentially exfiltrate small and undetectable sections of data by repeatedly submitting an HTTP Range header field with a small byte range. A restricted resource, acc...
CVE-2022-3213
- EPSS 0.47%
- Veröffentlicht 19.09.2022 18:15:09
- Zuletzt bearbeitet 21.11.2024 07:19:03
A heap buffer overflow issue was found in ImageMagick. When an application processes a malformed TIFF file, it could lead to undefined behavior or a crash causing a denial of service.
CVE-2022-3235
- EPSS 0.48%
- Veröffentlicht 18.09.2022 20:15:09
- Zuletzt bearbeitet 21.11.2024 07:19:06
Use After Free in GitHub repository vim/vim prior to 9.0.0490.
CVE-2022-40768
- EPSS 0.28%
- Veröffentlicht 18.09.2022 05:15:08
- Zuletzt bearbeitet 21.11.2024 07:22:01
drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.
CVE-2022-3234
- EPSS 0.5%
- Veröffentlicht 17.09.2022 22:15:09
- Zuletzt bearbeitet 21.11.2024 07:19:06
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.
CVE-2022-30674
- EPSS 0.5%
- Veröffentlicht 16.09.2022 18:15:12
- Zuletzt bearbeitet 21.11.2024 07:03:08
Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASL...
CVE-2022-39209
- EPSS 1.64%
- Veröffentlicht 15.09.2022 18:15:12
- Zuletzt bearbeitet 21.11.2024 07:17:47
cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. In versions prior to 0.29.0.gfm.6 a polynomial time complexity issue in cmark-gfm's autolink extension may lead to unbounded resource exhaustion and sub...
CVE-2022-40674
- EPSS 1.67%
- Veröffentlicht 14.09.2022 11:15:54
- Zuletzt bearbeitet 30.05.2025 20:15:30
libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.
CVE-2022-40626
- EPSS 0.67%
- Veröffentlicht 14.09.2022 11:15:53
- Zuletzt bearbeitet 21.11.2024 07:21:44
An unauthenticated user can create a link with reflected Javascript code inside the backurl parameter and send it to other authenticated users in order to create a fake account with predefined login, password and role in Zabbix Frontend.
CVE-2022-40673
- EPSS 0.36%
- Veröffentlicht 14.09.2022 11:15:53
- Zuletzt bearbeitet 21.11.2024 07:21:49
KDiskMark before 3.1.0 lacks authorization checking for D-Bus methods such as Helper::flushPageCache.