Total
8120 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-39261 | 4 Debian, Drupal, Fedoraproject and 1 more | 4 Debian Linux, Drupal, Fedora and 1 more | 2024-02-04 | N/A | 7.5 HIGH |
Twig is a template language for PHP. Versions 1.x prior to 1.44.7, 2.x prior to 2.15.3, and 3.x prior to 3.4.3 encounter an issue when the filesystem loader loads templates for which the name is a user input. It is possible to use the `source` or `include` statement to read arbitrary files from outside the templates' directory when using a namespace like `@somewhere/../some.file`. In such a case, validation is bypassed. Versions 1.44.7, 2.15.3, and 3.4.3 contain a fix for validation of such template names. There are no known workarounds aside from upgrading. | |||||
CVE-2022-43239 | 2 Debian, Struktur | 2 Debian Linux, Libde265 | 2024-02-04 | N/A | 6.5 MEDIUM |
Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via mc_chroma<unsigned short> in motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. | |||||
CVE-2021-37150 | 3 Apache, Debian, Fedoraproject | 3 Traffic Server, Debian Linux, Fedora | 2024-02-04 | N/A | 7.5 HIGH |
Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to request secure resources. This issue affects Apache Traffic Server 8.0.0 to 9.1.2. | |||||
CVE-2022-32214 | 4 Debian, Llhttp, Nodejs and 1 more | 4 Debian Linux, Llhttp, Node.js and 1 more | 2024-02-04 | N/A | 6.5 MEDIUM |
The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS). | |||||
CVE-2022-42799 | 3 Apple, Debian, Fedoraproject | 8 Ipados, Iphone Os, Macos and 5 more | 2024-02-04 | N/A | 6.1 MEDIUM |
The issue was addressed with improved UI handling. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Visiting a malicious website may lead to user interface spoofing. | |||||
CVE-2022-3626 | 3 Debian, Libtiff, Netapp | 3 Debian Linux, Libtiff, Active Iq Unified Manager | 2024-02-04 | N/A | 6.5 MEDIUM |
LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c:340 when called from processCropSelections, tools/tiffcrop.c:7619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191. | |||||
CVE-2022-3649 | 3 Debian, Linux, Netapp | 11 Debian Linux, Linux Kernel, Active Iq Unified Manager and 8 more | 2024-02-04 | N/A | 7.0 HIGH |
A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_new_inode of the file fs/nilfs2/inode.c of the component BPF. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211992. | |||||
CVE-2022-39348 | 2 Debian, Twistedmatrix | 2 Debian Linux, Twisted | 2024-02-04 | N/A | 5.4 MEDIUM |
Twisted is an event-based framework for internet applications. Started with version 0.9.4, when the host header does not match a configured host `twisted.web.vhost.NameVirtualHost` will return a `NoResource` resource which renders the Host header unescaped into the 404 response allowing HTML and script injection. In practice this should be very difficult to exploit as being able to modify the Host header of a normal HTTP request implies that one is already in a privileged position. This issue was fixed in version 22.10.0rc1. There are no known workarounds. | |||||
CVE-2022-30287 | 2 Debian, Horde | 2 Debian Linux, Groupware | 2024-02-04 | N/A | 8.0 HIGH |
Horde Groupware Webmail Edition through 5.2.22 allows a reflection injection attack through which an attacker can instantiate a driver class. This then leads to arbitrary deserialization of PHP objects. | |||||
CVE-2022-39190 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-02-04 | N/A | 5.5 MEDIUM |
An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel before 5.19.6. A denial of service can occur upon binding to an already bound chain. | |||||
CVE-2021-20316 | 3 Debian, Redhat, Samba | 7 Debian Linux, Enterprise Linux, Enterprise Linux Aus and 4 more | 2024-02-04 | N/A | 6.8 MEDIUM |
A flaw was found in the way Samba handled file/directory metadata. This flaw allows an authenticated attacker with permissions to read or modify share metadata, to perform this operation outside of the share. | |||||
CVE-2022-43243 | 2 Debian, Struktur | 2 Debian Linux, Libde265 | 2024-02-04 | N/A | 6.5 MEDIUM |
Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_weighted_pred_avg_8_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. | |||||
CVE-2022-28201 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2024-02-04 | N/A | 4.4 MEDIUM |
An issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. Users with the editinterface permission can trigger infinite recursion, because a bare local interwiki is mishandled for the mainpage message. | |||||
CVE-2022-3234 | 3 Debian, Fedoraproject, Vim | 3 Debian Linux, Fedora, Vim | 2024-02-04 | N/A | 7.8 HIGH |
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483. | |||||
CVE-2022-28203 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2024-02-04 | N/A | 7.5 HIGH |
A denial-of-service issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. When many files exist, requesting Special:NewFiles with actor as a condition can result in a very long running query. | |||||
CVE-2022-41222 | 4 Canonical, Debian, Linux and 1 more | 4 Ubuntu Linux, Debian Linux, Linux Kernel and 1 more | 2024-02-04 | N/A | 7.0 HIGH |
mm/mremap.c in the Linux kernel before 5.13.3 has a use-after-free via a stale TLB because an rmap lock is not held during a PUD move. | |||||
CVE-2022-37032 | 2 Debian, Frrouting | 2 Debian Linux, Frrouting | 2024-02-04 | N/A | 9.1 CRITICAL |
An out-of-bounds read in the BGP daemon of FRRouting FRR before 8.4 may lead to a segmentation fault and denial of service. This occurs in bgp_capability_msg_parse in bgpd/bgp_packet.c. | |||||
CVE-2022-2787 | 1 Debian | 2 Debian Linux, Schroot | 2024-02-04 | N/A | 4.3 MEDIUM |
Schroot before 1.6.13 had too permissive rules on chroot or session names, allowing a denial of service on the schroot service for all users that may start a schroot session. | |||||
CVE-2022-2953 | 3 Debian, Libtiff, Netapp | 3 Debian Linux, Libtiff, Ontap Select Deploy Administration Utility | 2024-02-04 | N/A | 5.5 MEDIUM |
LibTIFF 4.4.0 has an out-of-bounds read in extractImageSection in tools/tiffcrop.c:6905, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 48d6ece8. | |||||
CVE-2021-3999 | 3 Debian, Gnu, Netapp | 15 Debian Linux, Glibc, E-series Performance Analyzer and 12 more | 2024-02-04 | N/A | 7.8 HIGH |
A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system. |