CVE-2022-1196

After a VR Process is destroyed, a reference to it may have been retained and used, leading to a use-after-free and potentially exploitable crash. This vulnerability affects Thunderbird 91.8 and Firefox ESR 91.8...

CVE-2022-44030

Redmine 5.x before 5.0.4 allows downloading of file attachments of any Issue or any Wiki page due to insufficient permission checks. Depending on the configuration, this may require login as a registered user...

CVE-2022-32224

A possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record 7.0.3.1, 6.1.6.1, 6.0.5.1 and 5.2.8.1 which could allow an attacker, that can manipulate data in the database via means like SQL injection, the ability to escalate to an RCE...

CVE-2022-45884

An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvbregisterdevice dynamically allocating fops...

CVE-2022-45873

systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. This occurs in parseelfobject in shared/elf-util.c. The exploitation methodology is to crash a binary calling the same function recursively, and put it in a deeply nested...

CVE-2022-3890

Heap buffer overflow in Crashpad in Google Chrome on Android prior to 107.0.5304.106 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

CVE-2022-37599

A Regular expression denial of service ReDoS flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the resourcePath variable in interpolateName.js...

CVE-2022-1480

Removed by vendor...

CVE-2022-3303

A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTLDSPSYNC ioctl. A privileged local user root or member of the audio group could use this flaw to crash the system, resulting in a denial...

CVE-2022-3075

Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page...

CVE-2022-3052

Heap buffer overflow in Window Manager in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions...

CVE-2022-3051

Heap buffer overflow in Exosphere in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions...

CVE-2022-3045

Insufficient validation of untrusted input in V8 in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

CVE-2022-29799

A vulnerability was found in networkd-dispatcher. This flaw exists because no functions are sanitized by the OperationalState or the AdministrativeState of networkd-dispatcher. This attack leads to a directory traversal to escape from the “/etc/networkd-dispatcher” base directory...

CVE-2022-37797

In lighttpd 1.4.65, modwstunnel does not initialize a handler function pointer if an invalid HTTP request websocket handshake is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition...

CVE-2022-38751

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow...

CVE-2022-3028

A race condition was found in the Linux kernel's IP framework for transforming packets XFRM subsystem when multiple calls to xfrmprobealgs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an...

CVE-2021-20316

A flaw was found in the way Samba handled file/directory metadata. This flaw allows an authenticated attacker with permissions to read or modify share metadata, to perform this operation outside of the share...

CVE-2021-3759

A memory overflow vulnerability was found in the Linux kernel’s ipc functionality of the memcg subsystem, in the way a user calls the semget function multiple times, creating semaphores. This flaw allows a local user to starve the resources, causing a denial of service. The highest threat from th...

CVE-2022-21181

Improper input validation for some IntelR PROSet/Wireless WiFi and KillerTM WiFi products may allow a privileged user to potentially enable escalation of privilege via local access...

CVE-2022-2845

Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218...

CVE-2022-2605

Out of bounds read in Dawn in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

CVE-2022-28129

Improper Input Validation vulnerability in HTTP/1.1 header parsing of Apache Traffic Server allows an attacker to send invalid headers. This issue affects Apache Traffic Server 8.0.0 to 9.1.2...

CVE-2022-2399

Use after free in WebGPU in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

CVE-2022-2011

Use after free in ANGLE in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

CVE-2022-1481

Use after free in Sharing in Google Chrome on Mac prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page...

CVE-2022-1133

Use after free in WebRTC Perf in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

CVE-2022-2327

iouring use workflags to determine which identity need to grab from the calling process to make sure it is consistent with the calling process when executing IORINGOP. Some operations are missing some types, which can lead to incorrect reference counts which can then lead to a double free. We...

CVE-2022-21538

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Encryption. Supported versions that are affected are 8.0.29 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server...

CVE-2022-33903

Tor 0.4.7.x before 0.4.7.8 allows a denial of service via the wedging of RTT estimation...

CVE-2022-2282

Removed by vendor...

CVE-2022-32325

JPEGOPTIM v1.4.7 was discovered to contain a segmentation violation which is caused by a READ memory access at jpegoptim.c...

CVE-2022-32209

Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE identifier CVE-2022-32209.Versions Affected: ALLNot affected: NONEFixed Versions: v1.4.3 ImpactA possible XS...

CVE-2022-32278

XFCE 4.16 allows attackers to execute arbitrary code because xdg-open can execute a .desktop file on an attacker-controlled FTP server...

CVE-2022-22577

An XSS Vulnerability in Action Pack = 5.2.0 and 5.2.0 that could allow an attacker to bypass CSP for non HTML like responses...

CVE-2021-44974

radareorg radare2 version 5.5.2 is vulnerable to NULL Pointer Dereference via libr/bin/p/binsymbols.c binary symbol parser...

CVE-2022-30321

go-getter up to 1.5.11 and 2.0.2 allowed arbitrary host access via go-getter path traversal, symlink processing, and command injection flaws. Fixed in 1.6.1 and 2.1.0...

CVE-2022-29339

In GPAC 2.1-DEV-rev87-g053aae8-master, function BSReadByte in utils/bitstream.c has a failed assertion, which causes a Denial of Service. This vulnerability was fixed in commit 9ea93a2...

CVE-2022-29155

In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping...

CVE-2022-20771

On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in the TIFF file parser of Clam AntiVirus ClamAV versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allo...

CVE-2021-46790

ntfsck in NTFS-3G through 2021.8.22 has a heap-based buffer overflow involving buffer+5123-2. NOTE: the upstream position is that ntfsck is deprecated; however, it is shipped by some Linux distributions...

CVE-2021-4207

A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values cursor-header.width and cursor-header.height can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileged guest user could use...

CVE-2022-1227

A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to...

CVE-2022-24736

Redis is an in-memory database that persists on disk. Prior to versions 6.2.7 and 7.0.0, an attacker attempting to load a specially crafted Lua script can cause NULL pointer dereference which will result with a crash of the redis-server process. The problem is fixed in Redis versions 7.0.0 and...

CVE-2022-24792

PJSIP is a free and open source multimedia communication library written in C. A denial-of-service vulnerability affects applications on a 32-bit systems that use PJSIP versions 2.12 and prior to play/read invalid WAV files. The vulnerability occurs when reading WAV file data chunks with length...

CVE-2022-21426

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable...

CVE-2022-27446

MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/itemcmpfunc.h...

CVE-2022-27380

An issue in the component mydecimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service DoS via specially crafted SQL statements...

CVE-2022-24070

Subversion's moddavsvn is vulnerable to memory corruption. While looking up path-based authorization rules, moddavsvn servers may attempt to use memory which has already been freed. Affected Subversion moddavsvn servers 1.10.0 through 1.14.1 inclusive. Servers that do not use moddavsvn are not...

CVE-2022-27147

GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a use-after-free vulnerability in function gfnodegetattributebytag...