CVE-2022-4172
- EPSS 0.38%
- Veröffentlicht 29.11.2022 18:15:10
- Zuletzt bearbeitet 14.04.2025 18:15:25
An integer overflow and buffer overflow issues were found in the ACPI Error Record Serialization Table (ERST) device of QEMU in the read_erst_record() and write_erst_record() functions. Both issues may allow the guest to overrun the host buffer alloc...
CVE-2022-4129
- EPSS 0.17%
- Veröffentlicht 28.11.2022 22:15:11
- Zuletzt bearbeitet 14.04.2025 18:15:24
A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a ...
CVE-2022-45939
- EPSS 0.63%
- Veröffentlicht 28.11.2022 06:15:10
- Zuletzt bearbeitet 28.04.2025 19:15:46
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may u...
CVE-2022-45934
- EPSS 0.75%
- Veröffentlicht 27.11.2022 04:15:10
- Zuletzt bearbeitet 29.04.2025 14:15:30
An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets.
CVE-2022-45152
- EPSS 1.35%
- Veröffentlicht 25.11.2022 19:15:12
- Zuletzt bearbeitet 29.04.2025 15:15:52
A blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle. This flaw exists due to insufficient validation of user-supplied input in LTI provider library. The library does not utilise Moodle's inbuilt cURL helper, which resulted in...
CVE-2022-39346
- EPSS 0.99%
- Veröffentlicht 25.11.2022 19:15:11
- Zuletzt bearbeitet 21.11.2024 07:18:05
Nextcloud server is an open source personal cloud server. Affected versions of nextcloud server did not properly limit user display names which could allow a malicious users to overload the backing database and cause a denial of service. It is recomm...
CVE-2022-4141
- EPSS 0.42%
- Veröffentlicht 25.11.2022 14:15:10
- Zuletzt bearbeitet 03.11.2025 21:15:55
Heap based buffer overflow in vim/vim 9.0.0946 and below by allowing an attacker to CTRL-W gf in the expression used in the RHS of the substitute command.
CVE-2022-45873
- EPSS 0.25%
- Veröffentlicht 23.11.2022 23:15:10
- Zuletzt bearbeitet 25.04.2025 19:15:48
systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. This occurs in parse_elf_object in shared/elf-util.c. The exploitation methodology is to crash a binary calling the same fu...
CVE-2022-44789
- EPSS 2.25%
- Veröffentlicht 23.11.2022 21:15:11
- Zuletzt bearbeitet 25.04.2025 20:15:35
A logical issue in O_getOwnPropertyDescriptor() in Artifex MuJS 1.0.0 through 1.3.x before 1.3.2 allows an attacker to achieve Remote Code Execution through memory corruption, via the loading of a crafted JavaScript file.
CVE-2022-45866
- EPSS 1.3%
- Veröffentlicht 23.11.2022 20:15:10
- Zuletzt bearbeitet 25.04.2025 19:15:47
qpress before PierreLvx/qpress 20220819 and before version 11.3, as used in Percona XtraBackup and other products, allows directory traversal via ../ in a .qp file.