# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2022-33981 |
416 |
|
DoS |
2022-06-18 |
2022-11-05 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function. |
2 |
CVE-2022-32278 |
|
|
Exec Code |
2022-06-13 |
2022-07-08 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
XFCE 4.16 allows attackers to execute arbitrary code because xdg-open can execute a .desktop file on an attacker-controlled FTP server. |
3 |
CVE-2022-32250 |
416 |
|
|
2022-06-02 |
2023-05-16 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free. |
4 |
CVE-2022-31799 |
755 |
|
|
2022-06-02 |
2022-12-12 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Bottle before 0.12.20 mishandles errors during early request binding. |
5 |
CVE-2022-31214 |
269 |
|
+Priv |
2022-06-09 |
2023-05-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
A Privilege Context Switching issue was discovered in join.c in Firejail 0.9.68. By crafting a bogus Firejail container that is accepted by the Firejail setuid-root program as a join target, a local attacker can enter an environment in which the Linux user namespace is still the initial user namespace, the NO_NEW_PRIVS prctl is not activated, and the entered mount namespace is under the attacker's control. In this way, the filesystem layout can be adjusted to gain root privileges through execution of available setuid-root binaries such as su or sudo. |
6 |
CVE-2022-30789 |
787 |
|
Overflow |
2022-05-26 |
2023-01-13 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
A crafted NTFS image can cause a heap-based buffer overflow in ntfs_check_log_client_array in NTFS-3G through 2021.8.22. |
7 |
CVE-2022-30788 |
787 |
|
Overflow |
2022-05-26 |
2023-01-13 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
A crafted NTFS image can cause a heap-based buffer overflow in ntfs_mft_rec_alloc in NTFS-3G through 2021.8.22. |
8 |
CVE-2022-30787 |
191 |
|
|
2022-05-26 |
2023-01-13 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
An integer underflow in fuse_lib_readdir enables arbitrary memory read operations in NTFS-3G through 2021.8.22 when using libfuse-lite. |
9 |
CVE-2022-30786 |
787 |
|
Overflow |
2022-05-26 |
2023-01-13 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
A crafted NTFS image can cause a heap-based buffer overflow in ntfs_names_full_collate in NTFS-3G through 2021.8.22. |
10 |
CVE-2022-30785 |
|
|
|
2022-05-26 |
2023-01-13 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
A file handle created in fuse_lib_opendir, and later used in fuse_lib_readdir, enables arbitrary memory read and write operations in NTFS-3G through 2021.8.22 when using libfuse-lite. |
11 |
CVE-2022-30784 |
120 |
|
|
2022-05-26 |
2023-01-13 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
A crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value in NTFS-3G through 2021.8.22. |
12 |
CVE-2022-30783 |
252 |
|
|
2022-05-26 |
2023-01-13 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
An invalid return code in fuse_kern_mount enables intercepting of libfuse-lite protocol traffic between NTFS-3G and the kernel in NTFS-3G through 2021.8.22 when using libfuse-lite. |
13 |
CVE-2022-30688 |
269 |
|
|
2022-05-17 |
2022-05-25 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
needrestart 0.8 through 3.5 before 3.6 is prone to local privilege escalation. Regexes to detect the Perl, Python, and Ruby interpreters are not anchored, allowing a local user to escalate privileges when needrestart tries to detect if interpreters are using old source files. |
14 |
CVE-2022-30594 |
863 |
|
Bypass |
2022-05-12 |
2023-02-23 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag. |
15 |
CVE-2022-29869 |
668 |
|
+Info |
2022-04-28 |
2022-10-05 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials file. |
16 |
CVE-2022-29824 |
190 |
|
Overflow |
2022-05-03 |
2023-01-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well. |
17 |
CVE-2022-29221 |
94 |
|
|
2022-05-24 |
2022-12-08 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.45 and 4.1.1, template authors could inject php code by choosing a malicious {block} name or {include} file name. Sites that cannot fully trust template authors should upgrade to versions 3.1.45 or 4.1.1 to receive a patch for this issue. There are currently no known workarounds. |
18 |
CVE-2022-29155 |
89 |
|
Sql |
2022-05-04 |
2022-10-06 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping. |
19 |
CVE-2022-28739 |
125 |
|
|
2022-05-09 |
2022-11-08 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f. |
20 |
CVE-2022-28463 |
120 |
|
Overflow |
2022-05-08 |
2023-05-22 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow. |
21 |
CVE-2022-28390 |
415 |
|
|
2022-04-03 |
2023-02-01 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free. |
22 |
CVE-2022-28356 |
|
|
|
2022-04-02 |
2023-02-03 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c. |
23 |
CVE-2022-28346 |
89 |
|
Sql |
2022-04-12 |
2023-04-28 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs. |
24 |
CVE-2022-28044 |
787 |
|
Mem. Corr. |
2022-04-15 |
2022-07-22 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Irzip v0.640 was discovered to contain a heap memory corruption via the component lrzip.c:initialise_control. |
25 |
CVE-2022-27666 |
787 |
|
Overflow |
2022-03-23 |
2023-02-01 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat. |
26 |
CVE-2022-27239 |
787 |
|
Overflow +Priv |
2022-04-27 |
2022-10-05 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges. |
27 |
CVE-2022-27223 |
129 |
|
|
2022-03-16 |
2023-01-19 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16.12, the endpoint index is not validated and might be manipulated by the host for out-of-array access. |
28 |
CVE-2022-27114 |
190 |
|
Overflow |
2022-05-09 |
2022-05-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
There is a vulnerability in htmldoc 1.9.16. In image_load_jpeg function image.cxx when it calls malloc,'img->width' and 'img->height' they are large enough to cause an integer overflow. So, the malloc function may return a heap blosmaller than the expected size, and it will cause a buffer overflow/Address boundary error in the jpeg_read_scanlines function. |
29 |
CVE-2022-26966 |
|
|
+Info |
2022-03-12 |
2022-12-22 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to obtain sensitive information from heap memory via crafted frame lengths from a device. |
30 |
CVE-2022-26874 |
79 |
|
XSS |
2022-03-11 |
2022-10-14 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
lib/Horde/Mime/Viewer/Ooo.php in Horde Mime_Viewer before 2.2.4 allows XSS via an OpenOffice document, leading to account takeover in Horde Groupware Webmail Edition. This occurs after XSLT rendering. |
31 |
CVE-2022-26847 |
200 |
|
+Info |
2022-03-10 |
2022-03-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
SPIP before 3.2.14 and 4.x before 4.0.5 allows unauthenticated access to information about editorial objects. |
32 |
CVE-2022-26846 |
|
|
Exec Code |
2022-03-10 |
2022-03-18 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
SPIP before 3.2.14 and 4.x before 4.0.5 allows remote authenticated editors to execute arbitrary code. |
33 |
CVE-2022-26691 |
269 |
|
+Priv |
2022-05-26 |
2022-10-19 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to gain elevated privileges. |
34 |
CVE-2022-26662 |
776 |
|
|
2022-03-10 |
2022-03-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
An XML Entity Expansion (XEE) issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (Command Line Client (proteus)) 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. An unauthenticated user can send a crafted XML-RPC message to consume all the resources of the server. |
35 |
CVE-2022-26661 |
611 |
|
|
2022-03-10 |
2022-03-18 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
An XXE issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (Command Line Client (proteus)) 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. An authenticated user can make the server parse a crafted XML SEPA file to access arbitrary files on the system. |
36 |
CVE-2022-26505 |
290 |
|
|
2022-03-06 |
2022-06-03 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
A DNS rebinding issue in ReadyMedia (formerly MiniDLNA) before 1.3.1 allows a remote web server to exfiltrate media files. |
37 |
CVE-2022-26495 |
190 |
|
Overflow |
2022-03-06 |
2022-04-25 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
In nbd-server in nbd before 3.24, there is an integer overflow with a resultant heap-based buffer overflow. A value of 0xffffffff in the name length field will cause a zero-sized buffer to be allocated for the name, resulting in a write to a dangling pointer. This issue exists for the NBD_OPT_INFO, NBD_OPT_GO, and NBD_OPT_EXPORT_NAME messages. |
38 |
CVE-2022-26491 |
295 |
|
|
2022-06-02 |
2022-06-09 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
An issue was discovered in Pidgin before 2.14.9. A remote attacker who can spoof DNS responses can redirect a client connection to a malicious server. The client will perform TLS certificate verification of the malicious domain name instead of the original XMPP service domain, allowing the attacker to take over control over the XMPP connection and to obtain user credentials and all communication content. This is similar to CVE-2022-24968. |
39 |
CVE-2022-26490 |
120 |
|
Overflow |
2022-03-06 |
2023-01-20 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters. |
40 |
CVE-2022-26361 |
|
|
Mem. Corr. |
2022-04-05 |
2022-06-16 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose of these regions is unknown, once a device associated with such a region is active, the mappings of these regions need to remain continuouly accessible by the device. This requirement has been violated. Subsequent DMA or interrupts from the device may have unpredictable behaviour, ranging from IOMMU faults to memory corruption. |
41 |
CVE-2022-26360 |
|
|
Mem. Corr. |
2022-04-05 |
2022-06-16 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose of these regions is unknown, once a device associated with such a region is active, the mappings of these regions need to remain continuouly accessible by the device. This requirement has been violated. Subsequent DMA or interrupts from the device may have unpredictable behaviour, ranging from IOMMU faults to memory corruption. |
42 |
CVE-2022-26354 |
772 |
|
|
2022-03-16 |
2023-02-12 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results. Affected QEMU versions <= 6.2.0. |
43 |
CVE-2022-26291 |
416 |
|
DoS |
2022-03-28 |
2022-10-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
lrzip v0.641 was discovered to contain a multiple concurrency use-after-free between the functions zpaq_decompress_buf() and clear_rulist(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted Irz file. |
44 |
CVE-2022-26110 |
|
|
|
2022-04-06 |
2022-09-03 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
An issue was discovered in HTCondor 8.8.x before 8.8.16, 9.0.x before 9.0.10, and 9.1.x before 9.6.0. When a user authenticates to an HTCondor daemon via the CLAIMTOBE method, the user can then impersonate any entity when issuing additional commands to that daemon. |
45 |
CVE-2022-25647 |
502 |
|
|
2022-05-01 |
2022-11-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks. |
46 |
CVE-2022-25375 |
668 |
|
+Info |
2022-02-20 |
2022-05-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
An issue was discovered in drivers/usb/gadget/function/rndis.c in the Linux kernel before 5.16.10. The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory. |
47 |
CVE-2022-25258 |
476 |
|
Mem. Corr. |
2022-02-16 |
2022-12-07 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
An issue was discovered in drivers/usb/gadget/composite.c in the Linux kernel before 5.16.10. The USB Gadget subsystem lacks certain validation of interface OS descriptor requests (ones with a large array index and ones associated with NULL function pointer retrieval). Memory corruption might occur. |
48 |
CVE-2022-24959 |
401 |
|
|
2022-02-11 |
2022-05-11 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
An issue was discovered in the Linux kernel before 5.16.5. There is a memory leak in yam_siocdevprivate in drivers/net/hamradio/yam.c. |
49 |
CVE-2022-24958 |
763 |
|
|
2022-02-11 |
2023-02-01 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
drivers/usb/gadget/legacy/inode.c in the Linux kernel through 5.16.8 mishandles dev->buf release. |
50 |
CVE-2022-24921 |
400 |
|
|
2022-03-05 |
2023-04-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression. |