# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2022-34903 |
74 |
|
|
2022-07-01 |
2022-09-09 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line. |
2 |
CVE-2022-33099 |
787 |
|
Overflow |
2022-07-01 |
2022-11-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs. |
3 |
CVE-2022-32091 |
416 |
|
|
2022-07-01 |
2022-12-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
MariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc. |
4 |
CVE-2022-32089 |
|
|
|
2022-07-01 |
2022-12-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
MariaDB v10.5 to v10.7 was discovered to contain a segmentation fault via the component st_select_lex_unit::exclude_level. |
5 |
CVE-2022-32084 |
|
|
|
2022-07-01 |
2022-12-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select. |
6 |
CVE-2022-32082 |
617 |
|
|
2022-07-01 |
2022-12-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
MariaDB v10.5 to v10.7 was discovered to contain an assertion failure at table->get_ref_count() == 0 in dict0dict.cc. |
7 |
CVE-2022-31129 |
400 |
|
|
2022-07-06 |
2022-10-27 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment (more specifically rfc2822 parsing, which is tried by default) has quadratic (N^2) complexity on specific inputs. Users may notice a noticeable slowdown is observed with inputs above 10k characters. Users who pass user-provided strings without sanity length checks to moment constructor are vulnerable to (Re)DoS attacks. The problem is patched in 2.29.4, the patch can be applied to all affected versions with minimal tweaking. Users are advised to upgrade. Users unable to upgrade should consider limiting date lengths accepted from user input. |
8 |
CVE-2022-31116 |
670 |
|
|
2022-07-05 |
2022-11-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Affected versions were found to improperly decode certain characters. JSON strings that contain escaped surrogate characters not part of a proper surrogate pair were decoded incorrectly. Besides corrupting strings, this allowed for potential key confusion and value overwriting in dictionaries. All users parsing JSON from untrusted sources are vulnerable. From version 5.4.0, UltraJSON decodes lone surrogates in the same way as the standard library's `json` module does, preserving them in the parsed output. Users are advised to upgrade. There are no known workarounds for this issue. |
9 |
CVE-2022-31033 |
200 |
|
+Info |
2022-06-09 |
2022-11-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
The Mechanize library is used for automating interaction with websites. Mechanize automatically stores and sends cookies, follows redirects, and can follow links and submit forms. In versions prior to 2.8.5 the Authorization header is leaked after a redirect to a different port on the same site. Users are advised to upgrade to Mechanize v2.8.5 or later. There are no known workarounds for this issue. |
10 |
CVE-2022-30597 |
|
|
|
2022-05-18 |
2022-06-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
A flaw was found in moodle where the description user field was not hidden when being set as a hidden user field. |
11 |
CVE-2022-30556 |
200 |
|
+Info |
2022-06-09 |
2022-08-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer. |
12 |
CVE-2022-30522 |
770 |
|
|
2022-06-09 |
2022-09-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort. |
13 |
CVE-2022-29536 |
787 |
|
Overflow |
2022-04-20 |
2022-10-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow (in ephy_string_shorten in the UI process) via a long page title. The issue occurs because the number of bytes for a UTF-8 ellipsis character is not properly considered. |
14 |
CVE-2022-29526 |
269 |
|
|
2022-06-23 |
2022-08-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible. |
15 |
CVE-2022-29404 |
770 |
|
DoS |
2022-06-09 |
2022-08-24 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size. |
16 |
CVE-2022-29217 |
327 |
|
|
2022-05-24 |
2022-06-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choose the used signing algorithm. The PyJWT library requires that the application chooses what algorithms are supported. The application can specify `jwt.algorithms.get_default_algorithms()` to get support for all algorithms, or specify a single algorithm. The issue is not that big as `algorithms=jwt.algorithms.get_default_algorithms()` has to be used. Users should upgrade to v2.4.0 to receive a patch for this issue. As a workaround, always be explicit with the algorithms that are accepted and expected when decoding. |
17 |
CVE-2022-29145 |
|
|
DoS |
2022-05-10 |
2022-10-06 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
.NET and Visual Studio Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-23267, CVE-2022-29117. |
18 |
CVE-2022-29117 |
400 |
|
DoS |
2022-05-10 |
2022-05-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
.NET and Visual Studio Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-23267, CVE-2022-29145. |
19 |
CVE-2022-28614 |
190 |
|
|
2022-06-09 |
2022-08-24 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function. Modules compiled and distributed separately from Apache HTTP Server that use the 'ap_rputs' function and may pass it a very large (INT_MAX or larger) string must be compiled against current headers to resolve the issue. |
20 |
CVE-2022-28487 |
401 |
|
|
2022-05-04 |
2022-10-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Tcpreplay version 4.4.1 contains a memory leakage flaw in fix_ipv6_checksums() function. The highest threat from this vulnerability is to data confidentiality. |
21 |
CVE-2022-28327 |
|
|
|
2022-04-20 |
2022-10-14 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input. |
22 |
CVE-2022-27406 |
125 |
|
|
2022-04-22 |
2022-07-27 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
FreeType commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 was discovered to contain a segmentation violation via the function FT_Request_Size. |
23 |
CVE-2022-27405 |
125 |
|
|
2022-04-22 |
2022-07-27 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovered to contain a segmentation violation via the function FNT_Size_Request. |
24 |
CVE-2022-26377 |
444 |
|
|
2022-06-09 |
2022-08-24 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions. |
25 |
CVE-2022-26280 |
125 |
|
|
2022-03-28 |
2022-11-28 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
Libarchive v3.6.0 was discovered to contain an out-of-bounds read via the component zipx_lzma_alone_init. |
26 |
CVE-2022-25844 |
770 |
|
DoS |
2022-05-01 |
2022-11-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The package angular after 1.7.0 are vulnerable to Regular Expression Denial of Service (ReDoS) by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat() of NUMBER_FORMATS.PATTERNS[1].posPre with a very high value. **Note:** 1) This package has been deprecated and is no longer maintained. 2) The vulnerable versions are 1.7.0 and higher. |
27 |
CVE-2022-25314 |
190 |
|
Overflow |
2022-02-18 |
2022-10-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString. |
28 |
CVE-2022-24884 |
347 |
|
|
2022-05-06 |
2022-05-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
ecdsautils is a tiny collection of programs used for ECDSA (keygen, sign, verify). `ecdsa_verify_[prepare_]legacy()` does not check whether the signature values `r` and `s` are non-zero. A signature consisting only of zeroes is always considered valid, making it trivial to forge signatures. Requiring multiple signatures from different public keys does not mitigate the issue: `ecdsa_verify_list_legacy()` will accept an arbitrary number of such forged signatures. Both the `ecdsautil verify` CLI command and the libecdsautil library are affected. The issue has been fixed in ecdsautils 0.4.1. All older versions of ecdsautils (including versions before the split into a library and a CLI utility) are vulnerable. |
29 |
CVE-2022-24882 |
287 |
|
|
2022-04-26 |
2022-11-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). In versions prior to 2.7.0, NT LAN Manager (NTLM) authentication does not properly abort when someone provides and empty password value. This issue affects FreeRDP based RDP Server implementations. RDP clients are not affected. The vulnerability is patched in FreeRDP 2.7.0. There are currently no known workarounds. |
30 |
CVE-2022-24836 |
400 |
|
|
2022-04-11 |
2022-12-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Nokogiri is an open source XML and HTML library for Ruby. Nokogiri `< v1.13.4` contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents. Users are advised to upgrade to Nokogiri `>= 1.13.4`. There are no known workarounds for this issue. |
31 |
CVE-2022-24790 |
444 |
|
|
2022-03-30 |
2022-10-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP request matches the RFC7230 standard, Puma and the frontend proxy may disagree on where a request starts and ends. This would allow requests to be smuggled via the front-end proxy to Puma. The vulnerability has been fixed in 5.6.4 and 4.3.12. Users are advised to upgrade as soon as possible. Workaround: when deploying a proxy in front of Puma, turning on any and all functionality to make sure that the request matches the RFC7230 standard. |
32 |
CVE-2022-24785 |
22 |
|
Dir. Trav. |
2022-04-04 |
2022-07-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale. This problem is patched in 2.29.2, and the patch can be applied to all affected versions. As a workaround, sanitize the user-provided locale name before passing it to Moment.js. |
33 |
CVE-2022-24778 |
863 |
|
|
2022-03-25 |
2023-01-25 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
The imgcrypt library provides API exensions for containerd to support encrypted container images and implements the ctd-decoder command line tool for use by containerd to decrypt encrypted container images. The imgcrypt function `CheckAuthorization` is supposed to check whether the current used is authorized to access an encrypted image and prevent the user from running an image that another user previously decrypted on the same system. In versions prior to 1.1.4, a failure occurs when an image with a ManifestList is used and the architecture of the local host is not the first one in the ManifestList. Only the first architecture in the list was tested, which may not have its layers available locally since it could not be run on the host architecture. Therefore, the verdict on unavailable layers was that the image could be run anticipating that image run failure would occur later due to the layers not being available. However, this verdict to allow the image to run enabled other architectures in the ManifestList to run an image without providing keys if that image had previously been decrypted. A patch has been applied to imgcrypt 1.1.4. Workarounds may include usage of different namespaces for each remote user. |
34 |
CVE-2022-24729 |
400 |
|
|
2022-03-16 |
2022-12-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the `dialog` plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a significant performance drop resulting in a browser tab freeze. A patch is available in version 4.18.0. There are currently no known workarounds. |
35 |
CVE-2022-24713 |
400 |
|
DoS Bypass |
2022-03-08 |
2023-01-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
regex is an implementation of regular expressions for the Rust language. The regex crate features built-in mitigations to prevent denial of service attacks caused by untrusted regexes, or untrusted input matched by trusted regexes. Those (tunable) mitigations already provide sane defaults to prevent attacks. This guarantee is documented and it's considered part of the crate's API. Unfortunately a bug was discovered in the mitigations designed to prevent untrusted regexes to take an arbitrary amount of time during parsing, and it's possible to craft regexes that bypass such mitigations. This makes it possible to perform denial of service attacks by sending specially crafted regexes to services accepting user-controlled, untrusted regexes. All versions of the regex crate before or equal to 1.5.4 are affected by this issue. The fix is include starting from regex 1.5.5. All users accepting user-controlled regexes are recommended to upgrade immediately to the latest version of the regex crate. Unfortunately there is no fixed set of problematic regexes, as there are practically infinite regexes that could be crafted to exploit this vulnerability. Because of this, it us not recommend to deny known problematic regexes. |
36 |
CVE-2022-24675 |
770 |
|
Overflow |
2022-04-20 |
2022-10-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data. |
37 |
CVE-2022-24464 |
|
|
DoS |
2022-03-09 |
2022-05-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
.NET and Visual Studio Denial of Service Vulnerability. |
38 |
CVE-2022-24070 |
416 |
|
Mem. Corr. |
2022-04-12 |
2022-10-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not affected. |
39 |
CVE-2022-23990 |
190 |
|
Overflow |
2022-01-26 |
2022-10-31 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function. |
40 |
CVE-2022-23833 |
835 |
|
|
2022-02-03 |
2022-11-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2. Passing certain inputs to multipart forms could result in an infinite loop when parsing files. |
41 |
CVE-2022-23648 |
200 |
|
Bypass +Info |
2022-03-03 |
2022-04-25 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd’s CRI implementation on Linux with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy) and expose potentially sensitive information. Kubernetes and crictl can both be configured to use containerd’s CRI implementation. This bug has been fixed in containerd 1.6.1, 1.5.10, and 1.4.12. Users should update to these versions to resolve the issue. |
42 |
CVE-2022-23267 |
400 |
|
DoS |
2022-05-10 |
2022-10-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
.NET and Visual Studio Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-29117, CVE-2022-29145. |
43 |
CVE-2022-23134 |
863 |
|
|
2022-01-13 |
2022-02-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend. |
44 |
CVE-2022-23094 |
476 |
|
DoS |
2022-01-15 |
2022-01-24 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Libreswan 4.2 through 4.5 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted IKEv1 packet because pluto/ikev1.c wrongly expects that a state object exists. This is fixed in 4.6. |
45 |
CVE-2022-22721 |
190 |
|
Overflow |
2022-03-14 |
2022-11-02 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier. |
46 |
CVE-2022-22719 |
665 |
|
|
2022-03-14 |
2022-11-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier. |
47 |
CVE-2022-21716 |
120 |
|
|
2022-03-03 |
2023-01-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the peer's SSH version identifier. This ends up with a buffer using all the available memory. The attach is a simple as `nc -rv localhost 22 < /dev/zero`. A patch is available in version 22.2.0. There are currently no known workarounds. |
48 |
CVE-2022-21698 |
400 |
|
DoS |
2022-02-15 |
2022-12-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides tooling around HTTP servers and clients. In client_golang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and potential memory exhaustion, when handling requests with non-standard HTTP methods. In order to be affected, an instrumented software must use any of `promhttp.InstrumentHandler*` middleware except `RequestsInFlight`; not filter any specific methods (e.g GET) before middleware; pass metric with `method` label name to our middleware; and not have any firewall/LB/proxy that filters away requests with unknown `method`. client_golang version 1.11.1 contains a patch for this issue. Several workarounds are available, including removing the `method` label name from counter/gauge used in the InstrumentHandler; turning off affected promhttp handlers; adding custom middleware before promhttp handler that will sanitize the request method given by Go http.Request; and using a reverse proxy or web application firewall, configured to only allow a limited set of methods. |
49 |
CVE-2022-21681 |
|
|
DoS |
2022-01-14 |
2022-11-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `inline.reflinkSearch` may cause catastrophic backtracking against some strings and lead to a denial of service (DoS). Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a worker with a time limit may be affected. This issue is patched in version 4.0.10. As a workaround, avoid running untrusted markdown through marked or run marked on a worker thread and set a reasonable time limit to prevent draining resources. |
50 |
CVE-2022-21680 |
400 |
|
DoS |
2022-01-14 |
2022-11-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `block.def` may cause catastrophic backtracking against some strings and lead to a regular expression denial of service (ReDoS). Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a worker with a time limit may be affected. This issue is patched in version 4.0.10. As a workaround, avoid running untrusted markdown through marked or run marked on a worker thread and set a reasonable time limit to prevent draining resources. |