CVE-2022-0547
- EPSS 3.52%
- Veröffentlicht 18.03.2022 18:15:12
- Zuletzt bearbeitet 03.11.2025 21:15:49
OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially ...
CVE-2022-1011
- EPSS 1.17%
- Veröffentlicht 18.03.2022 18:15:12
- Zuletzt bearbeitet 21.11.2024 06:39:51
A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation.
CVE-2022-27191
- EPSS 3.93%
- Veröffentlicht 18.03.2022 07:15:06
- Zuletzt bearbeitet 21.11.2024 06:55:22
The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey.
CVE-2022-24302
- EPSS 2.08%
- Veröffentlicht 17.03.2022 22:15:08
- Zuletzt bearbeitet 16.12.2025 02:15:46
In Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_file function could allow unauthorized information disclosure.
CVE-2022-24729
- EPSS 2.45%
- Veröffentlicht 16.03.2022 17:15:07
- Zuletzt bearbeitet 21.11.2024 06:50:57
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the `dialog` plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a ...
CVE-2021-23648
- EPSS 1.42%
- Veröffentlicht 16.03.2022 16:15:10
- Zuletzt bearbeitet 21.11.2024 05:51:51
The package @braintree/sanitize-url before 6.0.0 are vulnerable to Cross-site Scripting (XSS) due to improper sanitization in sanitizeUrl function.
CVE-2022-24728
- EPSS 1.16%
- Veröffentlicht 16.03.2022 16:15:10
- Zuletzt bearbeitet 21.11.2024 06:50:57
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4 prior to version 4.18.0. The vulnerability allows someone to in...
CVE-2021-20257
- EPSS 0.36%
- Veröffentlicht 16.03.2022 15:15:09
- Zuletzt bearbeitet 21.11.2024 05:46:13
An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to cons...
CVE-2021-45848
- EPSS 1.59%
- Veröffentlicht 15.03.2022 19:15:07
- Zuletzt bearbeitet 21.11.2024 06:33:09
Denial of service (DoS) vulnerability in Nicotine+ 3.0.3 and later allows a user with a modified Soulseek client to crash Nicotine+ by sending a file download request with a file path containing a null character.
CVE-2022-0778
- EPSS 70.56%
- Veröffentlicht 15.03.2022 17:15:08
- Zuletzt bearbeitet 14.04.2026 10:16:21
The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed ...