CVE-2022-2601
- EPSS 0.51%
- Veröffentlicht 14.12.2022 21:15:10
- Zuletzt bearbeitet 27.05.2026 15:16:23
A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow...
CVE-2022-4223
- EPSS 79.93%
- Veröffentlicht 13.12.2022 16:15:26
- Zuletzt bearbeitet 14.04.2025 19:15:34
The pgAdmin server includes an HTTP API that is intended to be used to validate the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. The utility is executed by the server to determine what PostgreSQL version it is ...
CVE-2022-4170
- EPSS 2.06%
- Veröffentlicht 09.12.2022 18:15:20
- Zuletzt bearbeitet 14.04.2025 18:15:25
The rxvt-unicode package is vulnerable to a remote code execution, in the Perl background extension, when an attacker can control the data written to the user's terminal and certain options are set.
CVE-2022-41717
- EPSS 5.62%
- Veröffentlicht 08.12.2022 20:15:10
- Zuletzt bearbeitet 21.11.2024 07:23:43
An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending v...
CVE-2022-4122
- EPSS 0.8%
- Veröffentlicht 08.12.2022 16:15:14
- Zuletzt bearbeitet 22.04.2025 21:15:44
A vulnerability was found in buildah. Incorrect following of symlinks while reading .containerignore and .dockerignore results in information disclosure.
CVE-2022-4123
- EPSS 0.24%
- Veröffentlicht 08.12.2022 16:15:14
- Zuletzt bearbeitet 22.04.2025 21:15:44
A flaw was found in Buildah. The local path and the lowest subdirectory may be disclosed due to incorrect absolute path traversal, resulting in an impact to confidentiality.
CVE-2022-24439
- EPSS 5.38%
- Veröffentlicht 06.12.2022 05:15:11
- Zuletzt bearbeitet 03.11.2025 22:15:57
All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possibl...
CVE-2022-46391
- EPSS 0.66%
- Veröffentlicht 04.12.2022 03:15:09
- Zuletzt bearbeitet 24.04.2025 16:15:23
AWStats 7.x through 7.8 allows XSS in the hostinfo plugin due to printing a response from Net::XWhois without proper checks.
CVE-2022-46149
- EPSS 0.85%
- Veröffentlicht 30.11.2022 17:15:10
- Zuletzt bearbeitet 21.11.2024 07:30:12
Cap'n Proto is a data interchange format and remote procedure call (RPC) system. Cap'n Proro prior to versions 0.7.1, 0.8.1, 0.9.2, and 0.10.3, as well as versions of Cap'n Proto's Rust implementation prior to 0.13.7, 0.14.11, and 0.15.2 are vulnerab...
CVE-2022-4144
- EPSS 0.28%
- Veröffentlicht 29.11.2022 18:15:10
- Zuletzt bearbeitet 14.04.2025 18:15:24
An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of the structure pointed to by the guest physical address, potentially reading past the end of the bar space into a...