# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2022-35410 |
22 |
|
Dir. Trav. +Info |
2022-07-08 |
2022-07-20 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
mat2 (aka metadata anonymisation toolkit) before 0.13.0 allows ../ directory traversal during the ZIP archive cleaning process. This primarily affects mat2 web instances, in which clients could obtain sensitive information via a crafted archive. |
2 |
CVE-2022-34903 |
74 |
|
|
2022-07-01 |
2022-09-09 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line. |
3 |
CVE-2022-32091 |
416 |
|
|
2022-07-01 |
2022-12-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
MariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc. |
4 |
CVE-2022-32088 |
|
|
|
2022-07-01 |
2022-10-26 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort. |
5 |
CVE-2022-32087 |
|
|
|
2022-07-01 |
2022-10-26 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_args::walk_args. |
6 |
CVE-2022-32085 |
|
|
|
2022-07-01 |
2022-10-26 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_func_in::cleanup/Item::cleanup_processor. |
7 |
CVE-2022-32084 |
|
|
|
2022-07-01 |
2022-12-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select. |
8 |
CVE-2022-32083 |
|
|
|
2022-07-01 |
2022-10-25 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
MariaDB v10.2 to v10.6.1 was discovered to contain a segmentation fault via the component Item_subselect::init_expr_cache_tracker. |
9 |
CVE-2022-31291 |
415 |
|
|
2022-06-16 |
2023-02-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
An issue in dlt_config_file_parser.c of dlt-daemon v2.18.8 allows attackers to cause a double free via crafted TCP packets. |
10 |
CVE-2022-31088 |
74 |
|
|
2022-06-27 |
2022-07-07 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 the user name field at login could be used to enumerate LDAP data. This is only the case for LDAP search configuration. This issue has been fixed in version 8.0. |
11 |
CVE-2022-31043 |
200 |
|
+Info |
2022-06-10 |
2022-12-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Guzzle is an open source PHP HTTP client. In affected versions `Authorization` headers on requests are sensitive information. On making a request using the `https` scheme to a server which responds with a redirect to a URI with the `http` scheme, we should not forward the `Authorization` header on. This is much the same as to how we don't forward on the header if the host changes. Prior to this fix, `https` to `http` downgrades did not result in the `Authorization` header being removed, only changes to the host. Affected Guzzle 7 users should upgrade to Guzzle 7.4.4 as soon as possible. Affected users using any earlier series of Guzzle should upgrade to Guzzle 6.5.7 or 7.4.4. Users unable to upgrade may consider an alternative approach which would be to use their own redirect middleware. Alternately users may simply disable redirects all together if redirects are not expected or required. |
12 |
CVE-2022-31042 |
200 |
|
+Info |
2022-06-10 |
2022-12-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Guzzle is an open source PHP HTTP client. In affected versions the `Cookie` headers on requests are sensitive information. On making a request using the `https` scheme to a server which responds with a redirect to a URI with the `http` scheme, or on making a request to a server which responds with a redirect to a a URI to a different host, we should not forward the `Cookie` header on. Prior to this fix, only cookies that were managed by our cookie middleware would be safely removed, and any `Cookie` header manually added to the initial request would not be stripped. We now always strip it, and allow the cookie middleware to re-add any cookies that it deems should be there. Affected Guzzle 7 users should upgrade to Guzzle 7.4.4 as soon as possible. Affected users using any earlier series of Guzzle should upgrade to Guzzle 6.5.7 or 7.4.4. Users unable to upgrade may consider an alternative approach to use your own redirect middleware, rather than ours. If you do not require or expect redirects to be followed, one should simply disable redirects all together. |
13 |
CVE-2022-31002 |
125 |
|
|
2022-05-31 |
2022-11-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause a crash. This type of crash may be caused by a URL ending with `%`. Version 1.13.8 contains a patch for this issue. |
14 |
CVE-2022-31001 |
125 |
|
|
2022-05-31 |
2022-11-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause crash. This type of crash may be caused by `#define MATCH(s, m) (strncmp(s, m, n = sizeof(m) - 1) == 0)`, which will make `n` bigger and trigger out-of-bound access when `IS_NON_WS(s[n])`. Version 1.13.8 contains a patch for this issue. |
15 |
CVE-2022-30293 |
787 |
|
Overflow |
2022-05-06 |
2022-10-14 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp. |
16 |
CVE-2022-29970 |
22 |
|
Dir. Trav. |
2022-05-02 |
2022-11-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static files. |
17 |
CVE-2022-29885 |
400 |
|
|
2022-05-12 |
2022-11-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was not correct. While the EncryptInterceptor does provide confidentiality and integrity protection, it does not protect against all risks associated with running over any untrusted network, particularly DoS risks. |
18 |
CVE-2022-29536 |
787 |
|
Overflow |
2022-04-20 |
2022-10-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow (in ephy_string_shorten in the UI process) via a long page title. The issue occurs because the number of bytes for a UTF-8 ellipsis character is not properly considered. |
19 |
CVE-2022-29458 |
125 |
|
|
2022-04-18 |
2022-11-08 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library. |
20 |
CVE-2022-29248 |
200 |
|
+Info |
2022-05-25 |
2022-12-03 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
Guzzle is a PHP HTTP client. Guzzle prior to versions 6.5.6 and 7.4.3 contains a vulnerability with the cookie middleware. The vulnerability is that it is not checked if the cookie domain equals the domain of the server which sets the cookie via the Set-Cookie header, allowing a malicious server to set cookies for unrelated domains. The cookie middleware is disabled by default, so most library consumers will not be affected by this issue. Only those who manually add the cookie middleware to the handler stack or construct the client with ['cookies' => true] are affected. Moreover, those who do not use the same Guzzle client to call multiple domains and have disabled redirect forwarding are not affected by this vulnerability. Guzzle versions 6.5.6 and 7.4.3 contain a patch for this issue. As a workaround, turn off the cookie middleware. |
21 |
CVE-2022-27782 |
295 |
|
|
2022-06-02 |
2023-01-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily. |
22 |
CVE-2022-27781 |
835 |
|
|
2022-06-02 |
2023-01-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation. |
23 |
CVE-2022-27775 |
|
|
|
2022-06-02 |
2023-01-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead. |
24 |
CVE-2022-27458 |
416 |
|
|
2022-04-14 |
2022-10-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Binary_string::free_buffer() at /sql/sql_string.h. |
25 |
CVE-2022-27456 |
416 |
|
|
2022-04-14 |
2022-10-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc. |
26 |
CVE-2022-27452 |
|
|
|
2022-04-14 |
2022-09-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc. |
27 |
CVE-2022-27449 |
|
|
|
2022-04-14 |
2022-10-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148. |
28 |
CVE-2022-27448 |
617 |
|
|
2022-04-14 |
2022-10-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON' at /row/row0mysql.cc. |
29 |
CVE-2022-27447 |
416 |
|
|
2022-04-14 |
2022-10-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h. |
30 |
CVE-2022-27445 |
|
|
|
2022-04-14 |
2022-09-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc. |
31 |
CVE-2022-27387 |
120 |
|
Overflow |
2022-04-12 |
2022-09-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially crafted SQL statements. |
32 |
CVE-2022-27386 |
89 |
|
Sql |
2022-04-12 |
2022-09-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc. |
33 |
CVE-2022-27384 |
89 |
|
DoS Sql |
2022-04-12 |
2022-09-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. |
34 |
CVE-2022-27383 |
416 |
|
|
2022-04-12 |
2022-09-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. |
35 |
CVE-2022-27381 |
89 |
|
DoS Sql |
2022-04-12 |
2022-09-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. |
36 |
CVE-2022-27380 |
89 |
|
DoS Sql |
2022-04-12 |
2022-11-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. |
37 |
CVE-2022-27379 |
89 |
|
DoS Sql |
2022-04-12 |
2022-10-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. |
38 |
CVE-2022-27378 |
89 |
|
DoS Sql |
2022-04-12 |
2022-10-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. |
39 |
CVE-2022-27377 |
416 |
|
|
2022-04-12 |
2022-10-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. |
40 |
CVE-2022-27376 |
416 |
|
|
2022-04-12 |
2022-09-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially crafted SQL statements. |
41 |
CVE-2022-26847 |
200 |
|
+Info |
2022-03-10 |
2022-03-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
SPIP before 3.2.14 and 4.x before 4.0.5 allows unauthenticated access to information about editorial objects. |
42 |
CVE-2022-26662 |
776 |
|
|
2022-03-10 |
2022-03-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
An XML Entity Expansion (XEE) issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (Command Line Client (proteus)) 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. An unauthenticated user can send a crafted XML-RPC message to consume all the resources of the server. |
43 |
CVE-2022-26498 |
400 |
|
|
2022-04-15 |
2023-01-27 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
An issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it is possible to download files that are not certificates. These files could be much larger than what one would expect to download, leading to Resource Exhaustion. This is fixed in 16.25.2, 18.11.2, and 19.3.2. |
44 |
CVE-2022-26353 |
772 |
|
Exec Code |
2022-03-16 |
2023-02-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748, which forgot to unmap the cached virtqueue elements on error, leading to memory leakage, use-after-free or other unexpected results. A malicious privileged guest could exploit this issue to crash QEMU or potentially execute arbitrary code within the context of the QEMU process on the host. |
45 |
CVE-2022-25647 |
502 |
|
|
2022-05-01 |
2022-11-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks. |
46 |
CVE-2022-25314 |
190 |
|
Overflow |
2022-02-18 |
2022-10-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString. |
47 |
CVE-2022-24921 |
400 |
|
|
2022-03-05 |
2022-11-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression. |
48 |
CVE-2022-24884 |
347 |
|
|
2022-05-06 |
2022-05-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
ecdsautils is a tiny collection of programs used for ECDSA (keygen, sign, verify). `ecdsa_verify_[prepare_]legacy()` does not check whether the signature values `r` and `s` are non-zero. A signature consisting only of zeroes is always considered valid, making it trivial to forge signatures. Requiring multiple signatures from different public keys does not mitigate the issue: `ecdsa_verify_list_legacy()` will accept an arbitrary number of such forged signatures. Both the `ecdsautil verify` CLI command and the libecdsautil library are affected. The issue has been fixed in ecdsautils 0.4.1. All older versions of ecdsautils (including versions before the split into a library and a CLI utility) are vulnerable. |
49 |
CVE-2022-24836 |
400 |
|
|
2022-04-11 |
2022-12-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Nokogiri is an open source XML and HTML library for Ruby. Nokogiri `< v1.13.4` contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents. Users are advised to upgrade to Nokogiri `>= 1.13.4`. There are no known workarounds for this issue. |
50 |
CVE-2022-24790 |
444 |
|
|
2022-03-30 |
2022-10-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP request matches the RFC7230 standard, Puma and the frontend proxy may disagree on where a request starts and ends. This would allow requests to be smuggled via the front-end proxy to Puma. The vulnerability has been fixed in 5.6.4 and 4.3.12. Users are advised to upgrade as soon as possible. Workaround: when deploying a proxy in front of Puma, turning on any and all functionality to make sure that the request matches the RFC7230 standard. |