Issue |
Severity |
Remote |
Type |
Description |
CVE-2022-47629 |
Unknown |
Unknown |
Unknown |
|
CVE-2022-42012 |
Unknown |
Unknown |
Unknown |
A message in non-native endianness with out-of-band Unix file descriptors would cause a... |
CVE-2022-42011 |
Unknown |
Unknown |
Unknown |
An invalid array of fixed-length elements where the length of the array is not a multiple... |
CVE-2022-42010 |
Unknown |
Unknown |
Unknown |
A syntactically invalid type signature with incorrectly nested parentheses and curly... |
CVE-2022-41767 |
Unknown |
Unknown |
Unknown |
|
CVE-2022-41765 |
Unknown |
Unknown |
Unknown |
|
CVE-2022-41556 |
Unknown |
Unknown |
Unknown |
|
CVE-2022-41323 |
Unknown |
Unknown |
Unknown |
|
CVE-2022-41318 |
Unknown |
Unknown |
Unknown |
|
CVE-2022-41317 |
Unknown |
Unknown |
Unknown |
|
CVE-2022-40674 |
Unknown |
Unknown |
Unknown |
|
CVE-2022-40617 |
Unknown |
Unknown |
Unknown |
|
CVE-2022-38784 |
Unknown |
Unknown |
Unknown |
|
CVE-2022-38178 |
Unknown |
Unknown |
Unknown |
|
CVE-2022-38171 |
Unknown |
Unknown |
Unknown |
|
CVE-2022-37797 |
Unknown |
Unknown |
Unknown |
|
CVE-2022-37434 |
Unknown |
Unknown |
Unknown |
|
CVE-2022-36359 |
Unknown |
Unknown |
Unknown |
|
CVE-2022-35410 |
Unknown |
No |
Directory traversal |
mat2 before 0.13.0 allows ../ directory traversal during the ZIP archive cleaning process.... |
CVE-2022-3515 |
Unknown |
Unknown |
Unknown |
|
CVE-2022-34912 |
Unknown |
Unknown |
Unknown |
|
CVE-2022-34911 |
Unknown |
Unknown |
Unknown |
|
CVE-2022-34903 |
Unknown |
Unknown |
Unknown |
|
CVE-2022-33981 |
Unknown |
Unknown |
Unknown |
|
CVE-2022-32893 |
Unknown |
Unknown |
Unknown |
|
CVE-2022-32891 |
Unknown |
Unknown |
Unknown |
|
CVE-2022-32886 |
Unknown |
Unknown |
Unknown |
|
CVE-2022-32745 |
Medium |
Yes |
Unknown |
Samba AD users can crash the server process with an LDAP add or modify request. |
CVE-2022-32293 |
Unknown |
Unknown |
Unknown |
|
CVE-2022-32292 |
Unknown |
Unknown |
Unknown |
|
CVE-2022-32208 |
Unknown |
Unknown |
Unknown |
|
CVE-2022-32207 |
Unknown |
Unknown |
Unknown |
|
CVE-2022-32206 |
Unknown |
Unknown |
Unknown |
|
CVE-2022-31813 |
Low |
Unknown |
Authentication bypass |
Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin... |
CVE-2022-31748 |
High |
Yes |
Arbitrary code execution |
|
CVE-2022-31747 |
High |
Yes |
Arbitrary code execution |
|
CVE-2022-31745 |
Medium |
Unknown |
Unknown |
If array shift operations are not used, the Garbage Collector may have become confused... |
CVE-2022-31743 |
Medium |
Yes |
Unknown |
Firefox's HTML parser did not correctly interpret HTML comment tags, resulting in an... |
CVE-2022-31742 |
Medium |
Unknown |
Information disclosure |
An attacker could have exploited a timing attack by sending a large number of... |
CVE-2022-31740 |
Unknown |
Unknown |
Unknown |
|
CVE-2022-31739 |
Unknown |
Unknown |
Unknown |
|
CVE-2022-31626 |
Unknown |
Unknown |
Unknown |
|
CVE-2022-31625 |
Unknown |
Unknown |
Unknown |
|
CVE-2022-3140 |
Unknown |
Unknown |
Unknown |
links using that scheme could be constructed to call internal macros with arbitrary... |
CVE-2022-31091 |
Unknown |
Unknown |
Unknown |
|
CVE-2022-31090 |
Unknown |
Unknown |
Unknown |
|
CVE-2022-31043 |
Unknown |
Unknown |
Unknown |
|
CVE-2022-31042 |
Unknown |
Unknown |
Unknown |
|
CVE-2022-31030 |
Unknown |
No |
Denial of service |
programs inside a container can cause the containerd daemon to consume memory without bound... |
CVE-2022-3080 |
Unknown |
Unknown |
Unknown |
|
CVE-2022-30789 |
Unknown |
Unknown |
Unknown |
A crafted NTFS image can cause a heap-based buffer overflow in ntfs_check_log_client_array... |
CVE-2022-30788 |
Unknown |
Unknown |
Unknown |
A crafted NTFS image can cause a heap-based buffer overflow in ntfs_mft_rec_alloc in... |
CVE-2022-30786 |
Unknown |
Unknown |
Unknown |
A crafted NTFS image can cause a heap-based buffer overflow in ntfs_names_full_collate in... |
CVE-2022-30784 |
Unknown |
Unknown |
Unknown |
A crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value in NTFS-3G... |
CVE-2022-30594 |
Medium |
Unknown |
Access restriction bypass |
The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the... |
CVE-2022-30556 |
Low |
Unknown |
Information disclosure |
Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread()... |
CVE-2022-30550 |
Unknown |
Unknown |
Unknown |
|
CVE-2022-30522 |
Low |
Unknown |
Denial of service |
If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts... |
CVE-2022-29824 |
Medium |
Unknown |
Arbitrary code execution |
Integer overflow in xmlBuf (buf.c) and xmlBuffer (tree.c) can lead to out-of-bounds memory... |
CVE-2022-29404 |
Low |
Unknown |
Denial of service |
In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls... |
CVE-2022-29248 |
Unknown |
Unknown |
Unknown |
|
CVE-2022-29217 |
Unknown |
Unknown |
Unknown |
|
CVE-2022-29187 |
Unknown |
Unknown |
Unknown |
|
CVE-2022-29156 |
High |
Unknown |
Unknown |
double free related to rtrs_clt_dev_release in drivers/infiniband/ulp/rtrs/rtrs-clt.c |
CVE-2022-28739 |
High |
Unknown |
Information disclosure |
out-of-bounds read in string-to-float conversion |
CVE-2022-28738 |
Unknown |
Unknown |
Arbitrary code execution |
double-free in Regexp compilation |
CVE-2022-28734 |
High |
Yes |
Unknown |
When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data... |
CVE-2022-28615 |
Low |
Unknown |
Information disclosure |
Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read... |
CVE-2022-28614 |
Low |
Unknown |
Unknown |
The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended... |
CVE-2022-28388 |
High |
Unknown |
Unknown |
usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1... |
CVE-2022-28330 |
Unknown |
Unknown |
Unknown |
|
CVE-2022-28288 |
Medium |
Unknown |
Arbitrary code execution |
Mozilla developers and community members Randell Jesup, Sebastian Hengst, and the Mozilla... |
CVE-2022-28287 |
Low |
Unknown |
Unknown |
In unusual circumstances, selecting text could cause text selection caching to behave... |
CVE-2022-28285 |
Medium |
Unknown |
Unknown |
When generating the assembly code for MLoadTypedArrayElementHole, an incorrect AliasSet was... |
CVE-2022-28284 |
Medium |
Unknown |
Unknown |
SVG's <use> element could have been used to load unexpected content that could have... |
CVE-2022-28283 |
Medium |
Unknown |
Unknown |
The sourceMapURL feature in devtools was missing security checks that would have allowed a... |
CVE-2022-28282 |
Medium |
Unknown |
Unknown |
By using a link with rel="localization" a use-after-free could have been triggered by... |
CVE-2022-28209 |
Critical |
Unknown |
Unknown |
An issue was discovered in Mediawiki through 1.37.1. The check for the override-antispoof... |
CVE-2022-28206 |
Critical |
Unknown |
Unknown |
An issue was discovered in MediaWiki through 1.37.1. ImportPlanValidator.php in the... |
CVE-2022-28205 |
Critical |
Unknown |
Unknown |
An issue was discovered in MediaWiki through 1.37.1. The CentralAuth extension mishandles a... |
CVE-2022-28203 |
Unknown |
Unknown |
Unknown |
|
CVE-2022-28201 |
Unknown |
Unknown |
Unknown |
|
CVE-2022-28192 |
Unknown |
Unknown |
Unknown |
|
CVE-2022-28191 |
Unknown |
Unknown |
Unknown |
|
CVE-2022-28185 |
Unknown |
Unknown |
Unknown |
|
CVE-2022-28184 |
Unknown |
Unknown |
Unknown |
|
CVE-2022-28183 |
Unknown |
Unknown |
Unknown |
|
CVE-2022-28181 |
Unknown |
Unknown |
Unknown |
|
CVE-2022-28144 |
Medium |
Yes |
Unknown |
Jenkins Proxmox Plugin 0.7.0 and earlier does not perform a permission check in several... |
CVE-2022-28142 |
High |
Yes |
Unknown |
Jenkins Proxmox Plugin 0.6.0 and earlier disables SSL/TLS certificate validation globally... |
CVE-2022-28139 |
Medium |
Yes |
Unknown |
A missing permission check in Jenkins RocketChat Notifier Plugin 1.4.10 and earlier allows... |
CVE-2022-28137 |
Medium |
Yes |
Unknown |
A missing permission check in Jenkins JiraTestResultReporter Plugin 165.v817928553942 and... |
CVE-2022-28134 |
Medium |
Yes |
Unknown |
Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not perform permission... |
CVE-2022-2795 |
Unknown |
Unknown |
Unknown |
|
CVE-2022-27942 |
Unknown |
Unknown |
Unknown |
tcpprep in Tcpreplay 4.4.1 has a heap-based buffer over-read in parse_mpls in common/get.c |
CVE-2022-27941 |
Unknown |
Unknown |
Unknown |
tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_l2len_protocol in... |
CVE-2022-27940 |
Unknown |
Unknown |
Unknown |
tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_ipv6_next in common/get.c |
CVE-2022-27939 |
Unknown |
Unknown |
Unknown |
tcprewrite in Tcpreplay 4.4.1 has a reachable assertion in get_layer4_v6 in common/get.c |
CVE-2022-27820 |
Medium |
Unknown |
Unknown |
ZAP proxy does not verify the certificate chain of the HTTPS servers it connects to |
CVE-2022-27782 |
Medium |
Unknown |
Unknown |
libcurl would reuse a previously created connection even when a TLS or SSH related option... |
CVE-2022-27781 |
Low |
Unknown |
Unknown |
libcurl provides the `CURLOPT_CERTINFO` option to allow applications to request details to... |
CVE-2022-27780 |
Medium |
Unknown |
Unknown |
The curl URL parser wrongly accepts percent-encoded URL separators like '/' when decoding... |
CVE-2022-27779 |
Medium |
Unknown |
Unknown |
libcurl wrongly allows HTTP cookies to be set for Top Level Domains (TLDs) if the host name... |
CVE-2022-27778 |
Medium |
Unknown |
Unknown |
If curl adds a number to not "clobber" the output and an error occurs during transfer, the... |
CVE-2022-27666 |
High |
Unknown |
Unknown |
A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c... |
CVE-2022-27337 |
Unknown |
Unknown |
Unknown |
|
CVE-2022-27223 |
High |
Unknown |
Unknown |
In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16.12, the endpoint... |
CVE-2022-26966 |
Medium |
Unknown |
Unknown |
An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows... |
CVE-2022-26878 |
Medium |
Unknown |
Unknown |
drivers/bluetooth/virtio_bt.c in the Linux kernel before 5.16.3 has a memory leak (socket... |
CVE-2022-26710 |
Unknown |
Unknown |
Unknown |
|
CVE-2022-26490 |
High |
Unknown |
Unknown |
st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel... |
CVE-2022-26387 |
High |
Unknown |
Unknown |
When installing an add-on, Thunderbird verified the signature before prompting the user;... |
CVE-2022-26386 |
Low |
No |
Unknown |
Previously Thunderbird for macOS and Linux would download temporary files to a... |
CVE-2022-26384 |
High |
Yes |
Unknown |
If an attacker could control the contents of an iframe sandboxed with allow-popups but not... |
CVE-2022-26383 |
High |
Yes |
Unknown |
When resizing a popup after requesting fullscreen access, the popup would not display the... |
CVE-2022-26377 |
Medium |
Yes |
Unknown |
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in... |
CVE-2022-26307 |
Unknown |
Unknown |
Unknown |
|
CVE-2022-26306 |
Unknown |
Unknown |
Unknown |
|
CVE-2022-26305 |
Unknown |
Unknown |
Unknown |
|
CVE-2022-2539 |
Medium |
Yes |
Unknown |
Unauthorized users can filter issues by contact and organization |
CVE-2022-25375 |
Medium |
Unknown |
Information disclosure |
RNDIS USB gadget in drivers/usb/gadget/function/rndis.c lacks validation of the size of the... |
CVE-2022-2534 |
Low |
Yes |
Unknown |
GitLab was returning contributor emails due to improper data handling in the Datadog integration |
CVE-2022-25310 |
Unknown |
No |
Unknown |
A segmentation fault (SEGV) flaw was found in the Fribidi package and affects the... |
CVE-2022-25309 |
Unknown |
No |
Unknown |
A heap-based buffer overflow flaw was found in the Fribidi package and affects the... |
CVE-2022-2512 |
Medium |
Yes |
Unknown |
Membership changes are not reflected in TODO for confidential notes, allowing a former... |
CVE-2022-2500 |
Medium |
Yes |
Unknown |
stored XSS in job error messages allows attackers to perform arbitrary actions on behalf of... |
CVE-2022-2497 |
Medium |
Yes |
Unknown |
A malicious maintainer could exfiltrate an integration's access token by modifying the... |
CVE-2022-24959 |
Medium |
Unknown |
Unknown |
An issue was discovered in the Linux kernel before 5.16.5. There is a memory leak in... |
CVE-2022-24958 |
High |
Unknown |
Unknown |
drivers/usb/gadget/legacy/inode.c in the Linux kernel through 5.16.8 mishandles dev->buf release. |
CVE-2022-24883 |
Unknown |
Yes |
Authentication bypass |
freerpd servers using authentication against a SAM file with an invalid path configured... |
CVE-2022-24790 |
Unknown |
Yes |
Unknown |
Puma behind a proxy that does not properly validate that the incoming HTTP request matches... |
CVE-2022-24761 |
High |
Yes |
Unknown |
waitress behind a proxy that does not properly validate the incoming HTTP request matches... |
CVE-2022-24713 |
Low |
Unknown |
Unknown |
The rust regex crate did not properly prevent crafted regular expressions from taking an... |
CVE-2022-2456 |
Medium |
Yes |
Unknown |
It may be possible for malicious group or project maintainers to change their corresponding... |
CVE-2022-24303 |
Unknown |
Unknown |
Unknown |
Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames... |
CVE-2022-2417 |
Medium |
Yes |
Unknown |
gitlab allows an authenticated and authorised user to import a project that includes branch... |
CVE-2022-24070 |
High |
Yes |
Unknown |
While looking up path-based authorization rules, mod_dav_svn servers may attempt to use... |
CVE-2022-23901 |
Unknown |
Unknown |
Unknown |
A stack overflow re2c 2.2 exists due to infinite recursion issues in src/dfa/dead_rules.cc. |
CVE-2022-23833 |
Unknown |
Unknown |
Unknown |
|
CVE-2022-23648 |
Unknown |
Unknown |
Information disclosure |
containers launched through containerd’s CRI implementation with a specially-crafted image... |
CVE-2022-23634 |
High |
Yes |
Unknown |
puma may not always call close on the response body. Rails, prior to version 7.0.2.2,... |
CVE-2022-23308 |
High |
Unknown |
Arbitrary code execution |
Use-after-free of ID and IDREF attributes in valid.c |
CVE-2022-2326 |
Medium |
Yes |
Unknown |
It may be possible to gain access to a private project through an email invite by using... |
CVE-2022-2318 |
Unknown |
Unknown |
Unknown |
|
CVE-2022-23098 |
Unknown |
Unknown |
Unknown |
|
CVE-2022-23097 |
Unknown |
Unknown |
Unknown |
|
CVE-2022-23096 |
Unknown |
Unknown |
Unknown |
|
CVE-2022-2307 |
Low |
Yes |
Unknown |
gitlab allows a malicious Group Owner to retain a usable Group Access Token even after the... |
CVE-2022-2303 |
Medium |
Yes |
Unknown |
It may be possible for group members to bypass 2FA enforcement enabled at the group level... |
CVE-2022-22818 |
Unknown |
Unknown |
Unknown |
|
CVE-2022-22817 |
Unknown |
Unknown |
Unknown |
PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such... |
CVE-2022-22816 |
Unknown |
Unknown |
Unknown |
path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization... |
CVE-2022-22815 |
Unknown |
Unknown |
Unknown |
path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path |
CVE-2022-22677 |
Unknown |
Unknown |
Unknown |
|
CVE-2022-22662 |
Unknown |
Unknown |
Unknown |
|
CVE-2022-22637 |
High |
Yes |
Unknown |
A logic issue was addressed with improved state management. A malicious website may cause... |
CVE-2022-21499 |
Unknown |
Unknown |
Unknown |
KGDB and KDB allow read and write access to kernel memory but were not restricted during lockdown |
CVE-2022-21496 |
Medium |
Yes |
Unknown |
|
CVE-2022-21476 |
High |
Yes |
Unknown |
|
CVE-2022-21443 |
Low |
Yes |
Unknown |
|
CVE-2022-21434 |
Medium |
Yes |
Unknown |
|
CVE-2022-21426 |
Medium |
Yes |
Unknown |
|
CVE-2022-2095 |
Medium |
Yes |
Unknown |
gitlab allows a malicious authenticated user to view a public project's Deploy Key's public... |
CVE-2022-20803 |
Unknown |
Yes |
Arbitrary code execution |
possible double-free vulnerability in the OLE2 file parser |
CVE-2022-20796 |
Medium |
Unknown |
Unknown |
possible NULL-pointer dereference crash in the scan verdict cache check |
CVE-2022-20792 |
Unknown |
Yes |
Arbitrary code execution |
possible multi-byte heap buffer overflow write vulnerability in the signature database load module |
CVE-2022-1975 |
Medium |
Unknown |
Unknown |
a sleep called in an atomic context could cause kernel panic during nfc firmware download |
CVE-2022-1919 |
Low |
Unknown |
Unknown |
An attacker could have caused an uninitialized variable on the stack to be mistakenly... |
CVE-2022-1876 |
Low |
Unknown |
Unknown |
Heap buffer overflow in DevTools |
CVE-2022-1875 |
Low |
Unknown |
Unknown |
Inappropriate implementation in PDF |
CVE-2022-1874 |
Low |
Unknown |
Unknown |
Insufficient policy enforcement in Safe Browsing |
CVE-2022-1873 |
Low |
Unknown |
Unknown |
Insufficient policy enforcement in COOP |
CVE-2022-1872 |
Low |
Unknown |
Unknown |
Insufficient policy enforcement in Extensions API |
CVE-2022-1871 |
Low |
Unknown |
Unknown |
Insufficient policy enforcement in File System API |
CVE-2022-1870 |
Medium |
Unknown |
Unknown |
Use after free in App Service |
CVE-2022-1869 |
Medium |
Unknown |
Unknown |
Type Confusion in V8 |
CVE-2022-1868 |
Medium |
Unknown |
Unknown |
Inappropriate implementation in Extensions API |
CVE-2022-1867 |
Medium |
Unknown |
Unknown |
Insufficient validation of untrusted input in Data Transfer |
CVE-2022-1866 |
Medium |
Unknown |
Unknown |
Use after free in Tablet Mode |
CVE-2022-1865 |
Medium |
Unknown |
Unknown |
Use after free in Bookmarks |
CVE-2022-1864 |
Medium |
Unknown |
Unknown |
Use after free in WebApp Installs |
CVE-2022-1863 |
Medium |
Unknown |
Unknown |
Use after free in Tab Groups |
CVE-2022-1862 |
Medium |
Unknown |
Unknown |
Inappropriate implementation in Extensions |
CVE-2022-1789 |
Unknown |
Unknown |
Unknown |
|
CVE-2022-1736 |
Unknown |
Unknown |
Unknown |
|
CVE-2022-1734 |
High |
No |
Unknown |
possible use-after-free due to race condition when simulating NFC device from user space |
CVE-2022-1652 |
Unknown |
Unknown |
Unknown |
A concurrency use-after-free was found in the Linux kernel. |
CVE-2022-1641 |
Medium |
Unknown |
Unknown |
Use after free in Web UI Diagnostics. |
CVE-2022-1640 |
High |
Unknown |
Unknown |
Use after free in Sharing. |
CVE-2022-1639 |
High |
Unknown |
Unknown |
Use after free in ANGLE. |
CVE-2022-1638 |
High |
Unknown |
Unknown |
Heap buffer overflow in V8 Internationalization. |
CVE-2022-1637 |
High |
Unknown |
Unknown |
Inappropriate implementation in Web Contents. |
CVE-2022-1636 |
High |
Unknown |
Unknown |
Use after free in Performance APIs. |
CVE-2022-1635 |
High |
Unknown |
Unknown |
Use after free in Permission Prompts. |
CVE-2022-1634 |
High |
Unknown |
Unknown |
Use after free in Browser UI. |
CVE-2022-1633 |
High |
Unknown |
Unknown |
Use after free in Sharesheet. |
CVE-2022-1516 |
Unknown |
Unknown |
Unknown |
A NULL pointer dereference flaw in the implementation of the X.25 set of standardized... |
CVE-2022-1510 |
Medium |
Unknown |
Denial of service |
GitLab all versions starting from 13.9 before 14.8.6, all versions starting from 14.9... |
CVE-2022-1462 |
Medium |
No |
Unknown |
a local user can use a race condition in `drivers/tty/tty_buffers.c` to cause a memory leak... |
CVE-2022-1460 |
Medium |
Unknown |
Access restriction bypass |
GitLab all versions starting from 9.2 before 14.8.6, all versions starting from 14.9 before... |
CVE-2022-1433 |
Low |
Unknown |
Unknown |
Missing invalidation of Markdown caching causes potential payloads from a previously... |
CVE-2022-1431 |
Medium |
Unknown |
Denial of service |
GitLab all versions starting from 12.10 before 14.8.6, all versions starting from 14.9... |
CVE-2022-1428 |
Medium |
Unknown |
Denial of service |
GitLab all versions before 14.8.6, all versions starting from 14.9 before 14.9.4, all... |
CVE-2022-1426 |
Low |
Unknown |
Authentication bypass |
GitLab from 12.6 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions... |
CVE-2022-1423 |
High |
Unknown |
Arbitrary code execution |
Improper access control in the CI/CD cache mechanism in GitLab CE/EE affecting all versions... |
CVE-2022-1417 |
Medium |
Unknown |
Authentication bypass |
Improper access control in GitLab CE/EE affecting all versions starting from 8.12 before... |
CVE-2022-1416 |
Medium |
Unknown |
Unknown |
Missing sanitization of data in Pipeline error messages in GitLab CE/EE affecting all... |
CVE-2022-1413 |
Medium |
Unknown |
Information disclosure |
Missing input masking in GitLab CE/EE affecting all versions starting from 1.0.2 before... |
CVE-2022-1406 |
Medium |
Unknown |
Insufficient validation |
Improper input validation in GitLab CE/EE affecting all versions from 8.12 prior to 14.8.6,... |
CVE-2022-1353 |
Unknown |
Unknown |
Unknown |
A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux... |
CVE-2022-1352 |
Medium |
Unknown |
Information disclosure |
Due to an insecure direct object reference vulnerability in Gitlab EE/CE affecting all... |
CVE-2022-1328 |
Unknown |
Unknown |
Unknown |
Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before... |
CVE-2022-1292 |
Medium |
Unknown |
Unknown |
The c_rehash script does not properly sanitise shell metacharacters to prevent command... |
CVE-2022-1205 |
Unknown |
Unknown |
Unknown |
There are NPD and use-after-free vulnerabilities in net/ax25/ax25_timer.c of linux that... |
CVE-2022-1204 |
Unknown |
Unknown |
Unknown |
There are use-after-free vulnerabilities in net/ax25/af_ax25.c of linux that allow attacker... |
CVE-2022-1199 |
Unknown |
Unknown |
Unknown |
There are null-ptr-deref vulnerability and use-after-free vulnerabilities in... |
CVE-2022-1198 |
Unknown |
Unknown |
Unknown |
There are use-after-free vulnerabilities in drivers/net/hamradio/6pack.c of linux that... |
CVE-2022-1197 |
Medium |
Unknown |
Unknown |
When importing a revoked key that specified key compromise as the revocation reason,... |
CVE-2022-1196 |
Medium |
Unknown |
Unknown |
After a VR Process is destroyed, a reference to it may have been retained and used, leading... |
CVE-2022-1195 |
Unknown |
Unknown |
Unknown |
A use-after-free vulnerability was found in drivers/net/hamradio in the Linux kernel. In... |
CVE-2022-1172 |
Medium |
Unknown |
Unknown |
Null Pointer Dereference Caused Segmentation Fault in gpac prior to 2.1.0-DEV |
CVE-2022-1158 |
Unknown |
Unknown |
Unknown |
Linux Kernel v5.2+: x86/kvm: cmpxchg_gpte can write to pfns outside the userspace region |
CVE-2022-1124 |
Medium |
Unknown |
Information disclosure |
An improper authorization issue has been discovered in GitLab CE/EE affecting all versions... |
CVE-2022-1106 |
Unknown |
Unknown |
Unknown |
use after free in mrb_vm_exec in mruby prior to 3.2 |
CVE-2022-1096 |
High |
Yes |
Unknown |
It is a type confusion weakness in the Chrome V8 JavaScript engine. Google is aware that an... |
CVE-2022-1048 |
Unknown |
Unknown |
Unknown |
race condition in snd_pcm_hw_free leading to use-after-free |
CVE-2022-1016 |
Unknown |
Unknown |
Unknown |
CVE-2022-1016 pertains to uninitialized stack data in the nft_do_chain routine.... |
CVE-2022-1015 |
Unknown |
Unknown |
Unknown |
CVE-2022-1015 pertains to an out of bounds access in nf_tables expression evaluation due to... |
CVE-2022-0854 |
Medium |
Unknown |
Unknown |
A memory leak flaw was found in the Linux kernel’s DMA subsystem, in the way a user calls... |
CVE-2022-0843 |
Medium |
Unknown |
Arbitrary code execution |
Mozilla developers Kershaw Chang, Ryan VanderMeulen, and Randell Jesup reported memory... |
CVE-2022-0617 |
Medium |
Unknown |
Unknown |
A NULL pointer dereference was found in the Linux kernel’s UDF file system functionality in... |
CVE-2022-0546 |
Unknown |
Unknown |
Unknown |
|
CVE-2022-0545 |
Unknown |
Unknown |
Unknown |
|
CVE-2022-0544 |
Unknown |
Unknown |
Unknown |
|
CVE-2022-0500 |
Unknown |
Unknown |
Unknown |
|
CVE-2022-0494 |
Medium |
Unknown |
Unknown |
A kernel information leak flaw was identified in the scsi_ioctl function in... |
CVE-2022-0419 |
Medium |
Unknown |
Unknown |
NULL pointer dereference in load_buffer |
CVE-2022-0358 |
High |
No |
Unknown |
In the QEMU virtio-fs shared file system daemon (virtiofsd) a local guest user can create... |
CVE-2022-0168 |
Unknown |
Unknown |
Unknown |
A denial of service (DOS) issue was found in the Linux kernel’s smb2_ioctl_query_info... |
CVE-2021-46829 |
Unknown |
Unknown |
Arbitrary code execution |
heap buffer overflow when composing or clearing frames in GIF files |
CVE-2021-44975 |
Unknown |
Unknown |
Unknown |
Buffer Overflow via /libr/core/anal_objc.c mach-o parser |
CVE-2021-44974 |
Unknown |
Unknown |
Unknown |
NULL Pointer Dereference via libr/bin/p/bin_symbols.c binary symbol parser |
CVE-2021-44879 |
Medium |
Unknown |
Unknown |
In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, special files are not... |
CVE-2021-44856 |
Unknown |
Unknown |
Unknown |
|
CVE-2021-44855 |
Unknown |
Unknown |
Unknown |
|
CVE-2021-44854 |
Unknown |
Unknown |
Unknown |
|
CVE-2021-4207 |
High |
Unknown |
Unknown |
In the QXL display device emulation in QEMU. A double fetch of guest controlled values... |
CVE-2021-4197 |
High |
Unknown |
Unknown |
An unprivileged write to the file handler flaw in the Linux kernel's control groups and... |
CVE-2021-4192 |
High |
Unknown |
Unknown |
use-after-free in win_linetabsize() |
CVE-2021-4156 |
High |
Unknown |
Unknown |
An out-of-bounds read flaw was found in libsndfile's FLAC codec functionality. An attacker... |
CVE-2021-41136 |
Low |
Yes |
Unknown |
Using puma with a proxy which forwards LF characters as line endings could allow HTTP... |
CVE-2021-33655 |
Unknown |
Unknown |
Unknown |
|
CVE-2021-28544 |
Medium |
Unknown |
Information disclosure |
Subversion servers reveal 'copyfrom' paths that should be hidden according to configured... |
Issue |
Severity |
Remote |
Type |
Description |
CVE-2021-4206 |
High |
No |
Arbitrary code execution |
An integer overflow in the cursor_alloc() function of the QXL display device emulation can... |
CVE-2021-4207 |
High |
Unknown |
Unknown |
In the QXL display device emulation in QEMU. A double fetch of guest controlled values... |
CVE-2021-45046 |
Medium |
Yes |
Denial of service |
It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete... |
CVE-2022-0358 |
High |
No |
Unknown |
In the QEMU virtio-fs shared file system daemon (virtiofsd) a local guest user can create... |
CVE-2022-0494 |
Medium |
Unknown |
Unknown |
A kernel information leak flaw was identified in the scsi_ioctl function in... |
CVE-2022-0617 |
Medium |
Unknown |
Unknown |
A NULL pointer dereference was found in the Linux kernel’s UDF file system functionality in... |
CVE-2022-0854 |
Medium |
Unknown |
Unknown |
A memory leak flaw was found in the Linux kernel’s DMA subsystem, in the way a user calls... |
CVE-2022-0987 |
Low |
No |
Information disclosure |
A vulnerability was found in PackageKit in the way some of the methods exposed by the... |
CVE-2022-1011 |
High |
No |
Privilege escalation |
A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user... |
CVE-2022-1106 |
Unknown |
Unknown |
Unknown |
use after free in mrb_vm_exec in mruby prior to 3.2 |
CVE-2022-1172 |
Medium |
Unknown |
Unknown |
Null Pointer Dereference Caused Segmentation Fault in gpac prior to 2.1.0-DEV |
CVE-2022-1215 |
High |
No |
Privilege escalation |
Format string vulnerability in evdev device handling |
CVE-2022-1328 |
Unknown |
Unknown |
Unknown |
Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before... |
CVE-2022-1348 |
Medium |
No |
Denial of service |
The state file is used to prevent parallel executions of multiple instances of logrotate by... |
CVE-2022-1462 |
Medium |
No |
Unknown |
a local user can use a race condition in `drivers/tty/tty_buffers.c` to cause a memory leak... |
CVE-2022-1652 |
Unknown |
Unknown |
Unknown |
A concurrency use-after-free was found in the Linux kernel. |
CVE-2022-1852 |
Medium |
No |
Denial of service |
executing an illegal instruction in a kvm guest on an intel cpu causes a null pointer dereference |
CVE-2022-22815 |
Unknown |
Unknown |
Unknown |
path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path |
CVE-2022-22816 |
Unknown |
Unknown |
Unknown |
path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization... |
CVE-2022-22817 |
Unknown |
Unknown |
Unknown |
PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such... |
CVE-2022-23901 |
Unknown |
Unknown |
Unknown |
A stack overflow re2c 2.2 exists due to infinite recursion issues in src/dfa/dead_rules.cc. |
CVE-2022-24303 |
Unknown |
Unknown |
Unknown |
Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames... |
CVE-2022-24448 |
Low |
No |
Information disclosure |
A flaw was found in the Linux kernel. When an application tries to open a directory (using... |
CVE-2022-24903 |
High |
Yes |
Arbitrary code execution |
A flaw was found in rsyslog's reception TCP modules. This flaw allows an attacker to craft... |
CVE-2022-24958 |
High |
Unknown |
Unknown |
drivers/usb/gadget/legacy/inode.c in the Linux kernel through 5.16.8 mishandles dev->buf release. |
CVE-2022-24959 |
Medium |
Unknown |
Unknown |
An issue was discovered in the Linux kernel before 5.16.5. There is a memory leak in... |
CVE-2022-25258 |
Medium |
No |
Denial of service |
NULL pointer dereference in the kernel's USB gadget subsystem allows a local user to crash... |
CVE-2022-25308 |
Medium |
No |
Denial of service |
A stack-based buffer overflow flaw was found in the Fribidi package. This flaw allows an... |
CVE-2022-25309 |
Unknown |
No |
Unknown |
A heap-based buffer overflow flaw was found in the Fribidi package and affects the... |
CVE-2022-25310 |
Unknown |
No |
Unknown |
A segmentation fault (SEGV) flaw was found in the Fribidi package and affects the... |
CVE-2022-25375 |
Medium |
Unknown |
Information disclosure |
RNDIS USB gadget in drivers/usb/gadget/function/rndis.c lacks validation of the size of the... |
CVE-2022-26353 |
High |
No |
Arbitrary code execution |
the fix for CVE-2021-3748 forgot to unmap the cached virtqueue elements on error, leading... |
CVE-2022-26354 |
Low |
No |
Denial of service |
In case of error in the vhost-vsock device, an invalid element was not detached from the... |
CVE-2022-26691 |
High |
No |
Authentication bypass |
CUPS requires users to demonstrate root/admin level access to perform various printer... |
CVE-2022-26878 |
Medium |
Unknown |
Unknown |
drivers/bluetooth/virtio_bt.c in the Linux kernel before 5.16.3 has a memory leak (socket... |
CVE-2022-26966 |
Medium |
Unknown |
Unknown |
An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows... |
CVE-2022-27223 |
High |
Unknown |
Unknown |
In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16.12, the endpoint... |
CVE-2022-27820 |
Medium |
Unknown |
Unknown |
ZAP proxy does not verify the certificate chain of the HTTPS servers it connects to |
CVE-2022-27939 |
Unknown |
Unknown |
Unknown |
tcprewrite in Tcpreplay 4.4.1 has a reachable assertion in get_layer4_v6 in common/get.c |
CVE-2022-27940 |
Unknown |
Unknown |
Unknown |
tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_ipv6_next in common/get.c |
CVE-2022-27941 |
Unknown |
Unknown |
Unknown |
tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_l2len_protocol in... |
CVE-2022-27942 |
Unknown |
Unknown |
Unknown |
tcpprep in Tcpreplay 4.4.1 has a heap-based buffer over-read in parse_mpls in common/get.c |
CVE-2022-28330 |
Unknown |
Unknown |
Unknown |
|
CVE-2022-29156 |
High |
Unknown |
Unknown |
double free related to rtrs_clt_dev_release in drivers/infiniband/ulp/rtrs/rtrs-clt.c |
CVE-2022-29581 |
High |
No |
Privilege escalation |
Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local... |
CVE-2022-30594 |
Medium |
Unknown |
Access restriction bypass |
The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the... |
CVE-2022-31739 |
Unknown |
Unknown |
Unknown |
|
CVE-2022-31740 |
Unknown |
Unknown |
Unknown |
|