Total
9158 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-31002 | 2 Debian, Signalwire | 2 Debian Linux, Sofia-sip | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause a crash. This type of crash may be caused by a URL ending with `%`. Version 1.13.8 contains a patch for this issue. | |||||
| CVE-2022-31001 | 2 Debian, Signalwire | 2 Debian Linux, Sofia-sip | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause crash. This type of crash may be caused by `#define MATCH(s, m) (strncmp(s, m, n = sizeof(m) - 1) == 0)`, which will make `n` bigger and trigger out-of-bound access when `IS_NON_WS(s[n])`. Version 1.13.8 contains a patch for this issue. | |||||
| CVE-2022-30975 | 3 Artifex, Debian, Fedoraproject | 3 Mujs, Debian Linux, Fedora | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| In Artifex MuJS through 1.2.0, jsP_dumpsyntax in jsdump.c has a NULL pointer dereference, as demonstrated by mujs-pp. | |||||
| CVE-2022-30974 | 3 Artifex, Debian, Fedoraproject | 3 Mujs, Debian Linux, Fedora | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| compile in regexp.c in Artifex MuJS through 1.2.0 results in stack consumption because of unlimited recursion, a different issue than CVE-2019-11413. | |||||
| CVE-2022-30789 | 3 Debian, Fedoraproject, Tuxera | 3 Debian Linux, Fedora, Ntfs-3g | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| A crafted NTFS image can cause a heap-based buffer overflow in ntfs_check_log_client_array in NTFS-3G through 2021.8.22. | |||||
| CVE-2022-30788 | 3 Debian, Fedoraproject, Tuxera | 3 Debian Linux, Fedora, Ntfs-3g | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| A crafted NTFS image can cause a heap-based buffer overflow in ntfs_mft_rec_alloc in NTFS-3G through 2021.8.22. | |||||
| CVE-2022-30787 | 3 Debian, Fedoraproject, Tuxera | 3 Debian Linux, Fedora, Ntfs-3g | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| An integer underflow in fuse_lib_readdir enables arbitrary memory read operations in NTFS-3G through 2021.8.22 when using libfuse-lite. | |||||
| CVE-2022-30786 | 3 Debian, Fedoraproject, Tuxera | 3 Debian Linux, Fedora, Ntfs-3g | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| A crafted NTFS image can cause a heap-based buffer overflow in ntfs_names_full_collate in NTFS-3G through 2021.8.22. | |||||
| CVE-2022-30785 | 3 Debian, Fedoraproject, Tuxera | 3 Debian Linux, Fedora, Ntfs-3g | 2024-11-21 | 7.2 HIGH | 6.7 MEDIUM |
| A file handle created in fuse_lib_opendir, and later used in fuse_lib_readdir, enables arbitrary memory read and write operations in NTFS-3G through 2021.8.22 when using libfuse-lite. | |||||
| CVE-2022-30784 | 3 Debian, Fedoraproject, Tuxera | 3 Debian Linux, Fedora, Ntfs-3g | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| A crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value in NTFS-3G through 2021.8.22. | |||||
| CVE-2022-30783 | 3 Debian, Fedoraproject, Tuxera | 3 Debian Linux, Fedora, Ntfs-3g | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| An invalid return code in fuse_kern_mount enables intercepting of libfuse-lite protocol traffic between NTFS-3G and the kernel in NTFS-3G through 2021.8.22 when using libfuse-lite. | |||||
| CVE-2022-30688 | 2 Debian, Needrestart Project | 2 Debian Linux, Needrestart | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| needrestart 0.8 through 3.5 before 3.6 is prone to local privilege escalation. Regexes to detect the Perl, Python, and Ruby interpreters are not anchored, allowing a local user to escalate privileges when needrestart tries to detect if interpreters are using old source files. | |||||
| CVE-2022-30594 | 3 Debian, Linux, Netapp | 21 Debian Linux, Linux Kernel, 8300 and 18 more | 2024-11-21 | 4.4 MEDIUM | 7.8 HIGH |
| The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag. | |||||
| CVE-2022-30293 | 2 Debian, Webkitgtk | 2 Debian Linux, Webkitgtk | 2024-11-21 | 5.1 MEDIUM | 7.5 HIGH |
| In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp. | |||||
| CVE-2022-30287 | 2 Debian, Horde | 2 Debian Linux, Groupware | 2024-11-21 | N/A | 8.0 HIGH |
| Horde Groupware Webmail Edition through 5.2.22 allows a reflection injection attack through which an attacker can instantiate a driver class. This then leads to arbitrary deserialization of PHP objects. | |||||
| CVE-2022-30123 | 2 Debian, Rack Project | 2 Debian Linux, Rack | 2024-11-21 | N/A | 10.0 CRITICAL |
| A sequence injection vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 which could allow is a possible shell escape in the Lint and CommonLogger components of Rack. | |||||
| CVE-2022-30122 | 2 Debian, Rack Project | 2 Debian Linux, Rack | 2024-11-21 | N/A | 7.5 HIGH |
| A possible denial of service vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 in the multipart parsing component of Rack. | |||||
| CVE-2022-2996 | 2 Debian, Python-scciclient Project | 2 Debian Linux, Python-scciclient | 2024-11-21 | N/A | 7.4 HIGH |
| A flaw was found in the python-scciclient when making an HTTPS connection to a server where the server's certificate would not be verified. This issue opens up the connection to possible Man-in-the-middle (MITM) attacks. | |||||
| CVE-2022-2978 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-11-21 | N/A | 7.8 HIGH |
| A flaw use after free in the Linux kernel NILFS file system was found in the way user triggers function security_inode_alloc to fail with following call to function nilfs_mdt_destroy. A local user could use this flaw to crash the system or potentially escalate their privileges on the system. | |||||
| CVE-2022-2953 | 3 Debian, Libtiff, Netapp | 3 Debian Linux, Libtiff, Ontap Select Deploy Administration Utility | 2024-11-21 | N/A | 5.5 MEDIUM |
| LibTIFF 4.4.0 has an out-of-bounds read in extractImageSection in tools/tiffcrop.c:6905, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 48d6ece8. | |||||