Lucene search

Http Server Security Vulnerabilities - February 2022

cve

CVE-2022-0391

A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an a...

7.5CVSS

7.4AI Score

0.003EPSS

2022-02-09 11:15 PM

652

cve

CVE-2022-25235

xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.

9.8CVSS

9.6AI Score

0.011EPSS

2022-02-16 01:15 AM

418

cve

CVE-2022-25236

xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.

9.8CVSS

9.5AI Score

0.05EPSS

2022-02-16 01:15 AM

450

cve

CVE-2022-25313

In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.

6.5CVSS

7.9AI Score

0.009EPSS

2022-02-18 05:15 AM

197

cve

CVE-2022-25314

In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.

7.5CVSS

8.8AI Score

0.013EPSS

2022-02-18 05:15 AM

208

cve

CVE-2022-25315

In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.

9.8CVSS

9.8AI Score

0.025EPSS

2022-02-18 05:15 AM

422