| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2022-29582 |
416 |
|
|
2022-04-22 |
2022-05-04 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
In the Linux kernel before 5.17.3, fs/io_uring.c has a use-after-free due to a race condition in io_uring timeouts. This can be triggered by a local user who has no access to any user namespace; however, the race condition perhaps can only be exploited infrequently. |
|
2 |
CVE-2022-28463 |
120 |
|
Overflow |
2022-05-08 |
2022-05-17 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow. |
|
3 |
CVE-2022-28346 |
89 |
|
Sql |
2022-04-12 |
2022-04-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs. |
|
4 |
CVE-2022-27239 |
787 |
|
Overflow +Priv |
2022-04-27 |
2022-05-16 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges. |
|
5 |
CVE-2022-26846 |
|
|
Exec Code |
2022-03-10 |
2022-03-18 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
SPIP before 3.2.14 and 4.x before 4.0.5 allows remote authenticated editors to execute arbitrary code. |
|
6 |
CVE-2022-26496 |
787 |
|
Overflow |
2022-03-06 |
2022-04-25 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
In nbd-server in nbd before 3.24, there is a stack-based buffer overflow. An attacker can cause a buffer overflow in the parsing of the name field by sending a crafted NBD_OPT_INFO or NBD_OPT_GO message with an large value as the length of the name. |
|
7 |
CVE-2022-26495 |
190 |
|
Overflow |
2022-03-06 |
2022-04-25 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
In nbd-server in nbd before 3.24, there is an integer overflow with a resultant heap-based buffer overflow. A value of 0xffffffff in the name length field will cause a zero-sized buffer to be allocated for the name, resulting in a write to a dangling pointer. This issue exists for the NBD_OPT_INFO, NBD_OPT_GO, and NBD_OPT_EXPORT_NAME messages. |
|
8 |
CVE-2022-25636 |
269 |
|
+Priv |
2022-02-24 |
2022-05-10 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges because of a heap out-of-bounds write. This is related to nf_tables_offload. |
|
9 |
CVE-2022-25315 |
190 |
|
Overflow |
2022-02-18 |
2022-04-27 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames. |
|
10 |
CVE-2022-25236 |
668 |
|
|
2022-02-16 |
2022-05-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs. |
|
11 |
CVE-2022-25235 |
116 |
|
|
2022-02-16 |
2022-04-27 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context. |
|
12 |
CVE-2022-24407 |
89 |
|
Sql |
2022-02-24 |
2022-04-25 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement. |
|
13 |
CVE-2022-24301 |
276 |
|
|
2022-02-02 |
2022-02-28 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
In Minetest before 5.4.0, players can add or subtract items from a different player's inventory. |
|
14 |
CVE-2022-24300 |
74 |
|
|
2022-02-02 |
2022-02-28 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Minetest before 5.4.0 allows attackers to add or modify arbitrary meta fields of the same item stack as saved user input, aka ItemStack meta injection. |
|
15 |
CVE-2022-23990 |
190 |
|
Overflow |
2022-01-26 |
2022-04-27 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function. |
|
16 |
CVE-2022-23959 |
444 |
|
|
2022-01-26 |
2022-03-17 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise (Cache Plus) 4.1.x before 4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can occur for HTTP/1 connections. |
|
17 |
CVE-2022-23943 |
787 |
|
|
2022-03-14 |
2022-04-20 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions. |
|
18 |
CVE-2022-23852 |
190 |
|
Overflow |
2022-01-24 |
2022-04-25 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES. |
|
19 |
CVE-2022-23806 |
252 |
|
|
2022-02-11 |
2022-05-10 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element. |
|
20 |
CVE-2022-23772 |
190 |
|
Overflow |
2022-02-11 |
2022-05-10 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption. |
|
21 |
CVE-2022-23614 |
74 |
|
|
2022-02-04 |
2022-04-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Twig is an open source template language for PHP. When in a sandbox mode, the `arrow` parameter of the `sort` filter must be a closure to avoid attackers being able to run arbitrary PHP functions. In affected versions this constraint was not properly enforced and could lead to code injection of arbitrary PHP code. Patched versions now disallow calling non Closure in the `sort` filter as is the case for some other filters. Users are advised to upgrade. |
|
22 |
CVE-2022-23608 |
416 |
|
|
2022-02-22 |
2022-04-25 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions up to and including 2.11.1 when in a dialog set (or forking) scenario, a hash key shared by multiple UAC dialogs can potentially be prematurely freed when one of the dialogs is destroyed . The issue may cause a dialog set to be registered in the hash table multiple times (with different hash keys) leading to undefined behavior such as dialog list collision which eventually leading to endless loop. A patch is available in commit db3235953baa56d2fb0e276ca510fefca751643f which will be included in the next release. There are no known workarounds for this issue. |
|
23 |
CVE-2022-23222 |
476 |
|
+Priv |
2022-01-14 |
2022-02-28 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local users to gain privileges because of the availability of pointer arithmetic via certain *_OR_NULL pointer types. |
|
24 |
CVE-2022-23097 |
125 |
|
|
2022-01-28 |
2022-03-01 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
An issue was discovered in the DNS proxy in Connman through 1.40. forward_dns_reply mishandles a strnlen call, leading to an out-of-bounds read. |
|
25 |
CVE-2022-23096 |
125 |
|
|
2022-01-28 |
2022-03-01 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation lacks a check for the presence of sufficient Header Data, leading to an out-of-bounds read. |
|
26 |
CVE-2022-22817 |
|
|
|
2022-01-10 |
2022-04-22 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used, |
|
27 |
CVE-2022-22816 |
125 |
|
|
2022-01-10 |
2022-02-16 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path. |
|
28 |
CVE-2022-22815 |
665 |
|
|
2022-01-10 |
2022-05-04 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path. |
|
29 |
CVE-2022-22721 |
190 |
|
Overflow |
2022-03-14 |
2022-05-17 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier. |
|
30 |
CVE-2022-22720 |
444 |
|
|
2022-03-14 |
2022-05-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling |
|
31 |
CVE-2022-21724 |
665 |
|
Exec Code |
2022-02-02 |
2022-05-27 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin instances based on class names provided via `authenticationPluginClassName`, `sslhostnameverifier`, `socketFactory`, `sslfactory`, `sslpasswordcallback` connection properties. However, the driver did not verify if the class implements the expected interface before instantiating the class. This can lead to code execution loaded via arbitrary classes. Users using plugins are advised to upgrade. There are no known workarounds for this issue. |
|
32 |
CVE-2022-21723 |
125 |
|
|
2022-01-27 |
2022-04-25 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions 2.11.1 and prior, parsing an incoming SIP message that contains a malformed multipart can potentially cause out-of-bound read access. This issue affects all PJSIP users that accept SIP multipart. The patch is available as commit in the `master` branch. There are no known workarounds. |
|
33 |
CVE-2022-21664 |
89 |
|
Sql |
2022-01-06 |
2022-04-12 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to lack of proper sanitization in one of the classes, there's potential for unintended SQL queries to be executed. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 4.1.34. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this issue. |
|
34 |
CVE-2022-21663 |
74 |
|
Bypass |
2022-01-06 |
2022-04-12 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. On a multisite, users with Super Admin role can bypass explicit/additional hardening under certain conditions through object injection. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this issue. |
|
35 |
CVE-2022-1616 |
416 |
|
Exec Code Bypass |
2022-05-07 |
2022-05-18 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution |
|
36 |
CVE-2022-1048 |
362 |
|
|
2022-04-29 |
2022-05-11 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system. |
|
37 |
CVE-2022-0730 |
287 |
|
Bypass |
2022-03-03 |
2022-05-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types. |
|
38 |
CVE-2022-0729 |
119 |
|
Overflow |
2022-02-23 |
2022-03-29 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440. |
|
39 |
CVE-2022-0685 |
|
|
|
2022-02-20 |
2022-03-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4418. |
|
40 |
CVE-2022-0586 |
835 |
|
DoS |
2022-02-14 |
2022-04-01 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Infinite loop in RTMPT protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file |
|
41 |
CVE-2022-0582 |
74 |
|
DoS |
2022-02-14 |
2022-04-01 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Unaligned access in the CSN.1 protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file |
|
42 |
CVE-2022-0554 |
119 |
|
Overflow |
2022-02-10 |
2022-03-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2. |
|
43 |
CVE-2022-0408 |
121 |
|
Overflow |
2022-01-30 |
2022-03-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. |
|
44 |
CVE-2022-0368 |
125 |
|
|
2022-01-26 |
2022-03-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. |
|
45 |
CVE-2022-0361 |
787 |
|
Overflow |
2022-01-26 |
2022-03-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. |
|
46 |
CVE-2022-0359 |
787 |
|
Overflow |
2022-01-26 |
2022-03-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. |
|
47 |
CVE-2022-0213 |
787 |
|
Overflow |
2022-01-14 |
2022-03-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
vim is vulnerable to Heap-based Buffer Overflow |
|
48 |
CVE-2021-45911 |
787 |
|
Overflow |
2021-12-28 |
2022-03-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in gif2apng 1.9. There is a heap-based buffer overflow in the main function. It allows an attacker to write 2 bytes outside the boundaries of the buffer. |
|
49 |
CVE-2021-45910 |
787 |
|
Overflow |
2021-12-28 |
2022-03-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in gif2apng 1.9. There is a heap-based buffer overflow within the main function. It allows an attacker to write data outside of the allocated buffer. The attacker has control over a part of the address that data is written to, control over the written data, and (to some extent) control over the amount of data that is written. |
|
50 |
CVE-2021-45909 |
787 |
|
Overflow |
2021-12-28 |
2022-04-06 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in gif2apng 1.9. There is a heap-based buffer overflow vulnerability in the DecodeLZW function. It allows an attacker to write a large amount of arbitrary data outside the boundaries of a buffer. |
