CVE-2022-24065
- EPSS 4.22%
- Veröffentlicht 08.06.2022 08:15:07
- Zuletzt bearbeitet 21.11.2024 06:49:45
The package cookiecutter before 2.1.1 are vulnerable to Command Injection via hg argument injection. When calling the cookiecutter function from Python code with the checkout parameter, it is passed to the hg checkout command in a way that additional...
CVE-2022-1708
- EPSS 2.83%
- Veröffentlicht 07.06.2022 18:15:11
- Zuletzt bearbeitet 21.11.2024 06:41:17
A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. The ExecSync request runs commands in a container and logs the output of the command. This output is then read by CRI-O...
CVE-2022-32511
- EPSS 2.13%
- Veröffentlicht 06.06.2022 22:15:08
- Zuletzt bearbeitet 15.06.2026 15:13:33
jmespath.rb (aka JMESPath for Ruby) before 1.6.1 uses JSON.load in a situation where JSON.parse is preferable.
CVE-2022-32250
- EPSS 2.88%
- Veröffentlicht 02.06.2022 21:15:07
- Zuletzt bearbeitet 21.11.2024 07:06:01
net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free.
CVE-2022-31783
- EPSS 1.07%
- Veröffentlicht 02.06.2022 14:15:58
- Zuletzt bearbeitet 21.11.2024 07:05:18
Liblouis 3.21.0 has an out-of-bounds write in compileRule in compileTranslationTable.c, as demonstrated by lou_trace.
CVE-2022-31799
- EPSS 1.87%
- Veröffentlicht 02.06.2022 14:15:58
- Zuletzt bearbeitet 21.11.2024 07:05:21
Bottle before 0.12.20 mishandles errors during early request binding.
CVE-2022-27776
- EPSS 3.43%
- Veröffentlicht 02.06.2022 14:15:43
- Zuletzt bearbeitet 21.11.2024 06:56:09
A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.
CVE-2022-1949
- EPSS 1.39%
- Veröffentlicht 02.06.2022 14:15:34
- Zuletzt bearbeitet 13.12.2024 18:47:19
An access control bypass vulnerability found in 389-ds-base. That mishandling of the filter that would yield incorrect results, but as that has progressed, can be determined that it actually is an access control bypass. This may allow any remote unau...
CVE-2022-1789
- EPSS 0.32%
- Veröffentlicht 02.06.2022 14:15:33
- Zuletzt bearbeitet 21.11.2024 06:41:28
With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer dereference.
CVE-2022-1942
- EPSS 1.56%
- Veröffentlicht 31.05.2022 14:15:07
- Zuletzt bearbeitet 03.11.2025 21:15:51
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.