Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-32293 | 2 Debian, Intel | 2 Debian Linux, Connman | 2022-09-29 | N/A | 8.1 HIGH |
| In ConnMan through 1.41, a man-in-the-middle attack against a WISPR HTTP query could be used to trigger a use-after-free in WISPR handling, leading to crashes or code execution. | |||||
| CVE-2022-32292 | 2 Debian, Intel | 2 Debian Linux, Connman | 2022-09-29 | N/A | 9.8 CRITICAL |
| In ConnMan through 1.41, remote attackers able to send HTTP requests to the gweb component are able to exploit a heap-based buffer overflow in received_data to execute code. | |||||
| CVE-2022-23098 | 2 Debian, Intel | 2 Debian Linux, Connman | 2022-09-29 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation has an infinite loop if no data is received. | |||||
| CVE-2022-23097 | 2 Debian, Intel | 2 Debian Linux, Connman | 2022-09-29 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in the DNS proxy in Connman through 1.40. forward_dns_reply mishandles a strnlen call, leading to an out-of-bounds read. | |||||
| CVE-2022-23096 | 2 Debian, Intel | 2 Debian Linux, Connman | 2022-09-29 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation lacks a check for the presence of sufficient Header Data, leading to an out-of-bounds read. | |||||
| CVE-2021-42782 | 2 Fedoraproject, Opensc Project | 2 Fedora, Opensc | 2022-09-29 | 5.0 MEDIUM | 5.3 MEDIUM |
| Stack buffer overflow issues were found in Opensc before version 0.22.0 in various places that could potentially crash programs using the library. | |||||
| CVE-2021-42781 | 3 Fedoraproject, Opensc Project, Redhat | 3 Fedora, Opensc, Enterprise Linux | 2022-09-29 | 5.0 MEDIUM | 5.3 MEDIUM |
| Heap buffer overflow issues were found in Opensc before version 0.22.0 in pkcs15-oberthur.c that could potentially crash programs using the library. | |||||
| CVE-2021-42780 | 3 Fedoraproject, Opensc Project, Redhat | 3 Fedora, Opensc, Enterprise Linux | 2022-09-29 | 5.0 MEDIUM | 5.3 MEDIUM |
| A use after return issue was found in Opensc before version 0.22.0 in insert_pin function that could potentially crash programs using the library. | |||||
| CVE-2021-42778 | 3 Fedoraproject, Opensc Project, Redhat | 3 Fedora, Opensc, Enterprise Linux | 2022-09-29 | 5.0 MEDIUM | 5.3 MEDIUM |
| A heap double free issue was found in Opensc before version 0.22.0 in sc_pkcs15_free_tokeninfo. | |||||
| CVE-2021-42779 | 3 Fedoraproject, Opensc Project, Redhat | 3 Fedora, Opensc, Enterprise Linux | 2022-09-29 | 5.0 MEDIUM | 5.3 MEDIUM |
| A heap use after free issue was found in Opensc before version 0.22.0 in sc_file_valid. | |||||
| CVE-2022-21349 | 3 Debian, Netapp, Oracle | 16 Debian Linux, 7-mode Transition Tool, Cloud Insights and 13 more | 2022-09-29 | 5.0 MEDIUM | 5.3 MEDIUM |
| Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 7u321, 8u311; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). | |||||
| CVE-2022-36449 | 1 Arm | 3 Bifrost, Midgard, Valhall | 2022-09-29 | N/A | 6.5 MEDIUM |
| An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory, write a limited amount outside of buffer bounds, or to disclose details of memory mappings. This affects Midgard r4p0 through r32p0, Bifrost r0p0 through r38p0 and r39p0 before r38p1, and Valhall r19p0 through r38p0 and r39p0 before r38p1. | |||||
| CVE-2022-25371 | 1 Apache | 1 Ofbiz | 2022-09-29 | N/A | 9.8 CRITICAL |
| Apache OFBiz uses the Birt project plugin (https://eclipse.github.io/birt-website/) to create data visualizations and reports. By leveraging a bug in Birt (https://bugs.eclipse.org/bugs/show_bug.cgi?id=538142) it is possible to perform a remote code execution (RCE) attack in Apache OFBiz, release 18.12.05 and earlier. | |||||
| CVE-2022-39170 | 2 Fedoraproject, Libdwarf Project | 2 Fedora, Libdwarf | 2022-09-29 | N/A | 8.8 HIGH |
| libdwarf 0.4.1 has a double free in _dwarf_exec_frame_instr in dwarf_frame.c. | |||||
| CVE-2022-38170 | 1 Apache | 1 Airflow | 2022-09-29 | N/A | 4.7 MEDIUM |
| In Apache Airflow prior to 2.3.4, an insecure umask was configured for numerous Airflow components when running with the `--daemon` flag which could result in a race condition giving world-writable files in the Airflow home directory and allowing local users to expose arbitrary file contents via the webserver. | |||||
| CVE-2022-3123 | 2 Dokuwiki, Fedoraproject | 2 Dokuwiki, Fedora | 2022-09-29 | N/A | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Reflected in GitHub repository splitbrain/dokuwiki prior to 2022-07-31a. | |||||
| CVE-2022-37451 | 2 Exim, Fedoraproject | 2 Exim, Fedora | 2022-09-29 | N/A | 7.5 HIGH |
| Exim before 4.96 has an invalid free in pam_converse in auths/call_pam.c because store_free is not used after store_malloc. | |||||
| CVE-2022-2651 | 1 Joinbookwyrm | 1 Bookwyrm | 2022-09-29 | N/A | 9.8 CRITICAL |
| Authentication Bypass by Primary Weakness in GitHub repository bookwyrm-social/bookwyrm prior to 0.4.5. | |||||
| CVE-2021-46830 | 1 Helpsystems | 1 Goanywhere Managed File Transfer | 2022-09-29 | N/A | 6.5 MEDIUM |
| A path traversal vulnerability exists within GoAnywhere MFT before 6.8.3 that utilize self-registration for the GoAnywhere Web Client. This vulnerability could potentially allow an external user who self-registers with a specific username and/or profile information to gain access to files at a higher directory level than intended. | |||||
| CVE-2022-31151 | 1 Nodejs | 1 Undici | 2022-09-29 | N/A | 6.5 MEDIUM |
| Authorization headers are cleared on cross-origin redirect. However, cookie headers which are sensitive headers and are official headers found in the spec, remain uncleared. There are active users using cookie headers in undici. This may lead to accidental leakage of cookie to a 3rd-party site or a malicious attacker who can control the redirection target (ie. an open redirector) to leak the cookie to the 3rd party site. This was patched in v5.7.1. By default, this vulnerability is not exploitable. Do not enable redirections, i.e. `maxRedirections: 0` (the default). | |||||