Total
418 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-41587 | 1 Huawei | 1 Emui | 2024-11-21 | N/A | 5.3 MEDIUM |
| Uncaptured exceptions in the home screen module. Successful exploitation of this vulnerability may affect stability. | |||||
| CVE-2022-3616 | 1 Cloudflare | 1 Octorpki | 2024-11-21 | N/A | 5.4 MEDIUM |
| Attackers can create long chains of CAs that would lead to OctoRPKI exceeding its max iterations parameter. In consequence it would cause the program to crash, preventing it from finishing the validation and leading to a denial of service. Credits to Donika Mirdita and Haya Shulman - Fraunhofer SIT, ATHENE, who discovered and reported this vulnerability. | |||||
| CVE-2022-3192 | 1 Abb | 30 Ac500 Cpu Firmware, Pm5630-2eth, Pm5650-2eth and 27 more | 2024-11-21 | N/A | 5.3 MEDIUM |
| Improper Input Validation vulnerability in ABB AC500 V2 PM5xx allows Client-Server Protocol Manipulation.This issue affects AC500 V2: from 2.0.0 before 2.8.6. | |||||
| CVE-2022-39288 | 1 Fastify | 1 Fastify | 2024-11-21 | N/A | 7.5 HIGH |
| fastify is a fast and low overhead web framework, for Node.js. Affected versions of fastify are subject to a denial of service via malicious use of the Content-Type header. An attacker can send an invalid Content-Type header that can cause the application to crash. This issue has been addressed in commit `fbb07e8d` and will be included in release version 4.8.1. Users are advised to upgrade. Users unable to upgrade may manually filter out http content with malicious Content-Type headers. | |||||
| CVE-2022-38235 | 1 Xpdf Project | 1 Xpdf | 2024-11-21 | N/A | 5.5 MEDIUM |
| XPDF commit ffaf11c was discovered to contain a segmentation violation via DCTStream::getChar() at /xpdf/Stream.cc. | |||||
| CVE-2022-38234 | 1 Xpdf Project | 1 Xpdf | 2024-11-21 | N/A | 5.5 MEDIUM |
| XPDF commit ffaf11c was discovered to contain a segmentation violation via Lexer::getObj(Object*) at /xpdf/Lexer.cc. | |||||
| CVE-2022-38233 | 1 Xpdf Project | 1 Xpdf | 2024-11-21 | N/A | 5.5 MEDIUM |
| XPDF commit ffaf11c was discovered to contain a segmentation violation via DCTStream::readMCURow() at /xpdf/Stream.cc. | |||||
| CVE-2022-38152 | 1 Wolfssl | 1 Wolfssl | 2024-11-21 | N/A | 7.5 HIGH |
| An issue was discovered in wolfSSL before 5.5.0. When a TLS 1.3 client connects to a wolfSSL server and SSL_clear is called on its session, the server crashes with a segmentation fault. This occurs in the second session, which is created through TLS session resumption and reuses the initial struct WOLFSSL. If the server reuses the previous session structure (struct WOLFSSL) by calling wolfSSL_clear(WOLFSSL* ssl) on it, the next received Client Hello (that resumes the previous session) crashes the server. Note that this bug is only triggered when resuming sessions using TLS session resumption. Only servers that use wolfSSL_clear instead of the recommended SSL_free; SSL_new sequence are affected. Furthermore, wolfSSL_clear is part of wolfSSL's compatibility layer and is not enabled by default. It is not part of wolfSSL's native API. | |||||
| CVE-2022-36794 | 1 Intel | 1 Server Platform Services | 2024-11-21 | N/A | 6.0 MEDIUM |
| Improper condition check in some Intel(R) SPS firmware before version SPS_E3_06.00.03.300.0 may allow a privileged user to potentially enable denial of service via local access. | |||||
| CVE-2022-36145 | 1 Swfmill | 1 Swfmill | 2024-11-21 | N/A | 5.5 MEDIUM |
| SWFMill commit 53d7690 was discovered to contain a segmentation violation via SWF::Reader::getWord(). | |||||
| CVE-2022-36141 | 1 Swfmill | 1 Swfmill | 2024-11-21 | N/A | 5.5 MEDIUM |
| SWFMill commit 53d7690 was discovered to contain a segmentation violation via SWF::MethodBody::write(SWF::Writer*, SWF::Context*). | |||||
| CVE-2022-36140 | 1 Swfmill | 1 Swfmill | 2024-11-21 | N/A | 5.5 MEDIUM |
| SWFMill commit 53d7690 was discovered to contain a segmentation violation via SWF::DeclareFunction2::write(SWF::Writer*, SWF::Context*). | |||||
| CVE-2022-36046 | 2 Nodejs, Vercel | 2 Node.js, Next.js | 2024-11-21 | N/A | 5.3 MEDIUM |
| Next.js is a React framework that can provide building blocks to create web applications. All of the following must be true to be affected by this CVE: Next.js version 12.2.3, Node.js version above v15.0.0 being used with strict `unhandledRejection` exiting AND using next start or a [custom server](https://nextjs.org/docs/advanced-features/custom-server). Deployments on Vercel ([vercel.com](https://vercel.com/)) are not affected along with similar environments where `next-server` isn't being shared across requests. | |||||
| CVE-2022-35473 | 1 Otfcc Project | 1 Otfcc | 2024-11-21 | N/A | 6.5 MEDIUM |
| OTFCC v0.10.4 was discovered to contain a segmentation violation via /release-x64/otfccdump+0x4fe9a7. | |||||
| CVE-2022-35469 | 1 Otfcc Project | 1 Otfcc | 2024-11-21 | N/A | 6.5 MEDIUM |
| OTFCC v0.10.4 was discovered to contain a segmentation violation via /x86_64-linux-gnu/libc.so.6+0xbb384. | |||||
| CVE-2022-35173 | 1 Nginx | 1 Njs | 2024-11-21 | N/A | 7.5 HIGH |
| An issue was discovered in Nginx NJS v0.7.5. The JUMP offset for a break instruction was not set to a correct offset during code generation, leading to a segmentation violation. | |||||
| CVE-2022-32590 | 3 Google, Linuxfoundation, Mediatek | 47 Android, Yocto, Mt6761 and 44 more | 2024-11-21 | N/A | 6.7 MEDIUM |
| In wlan, there is a possible use after free due to an incorrect status check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07299425; Issue ID: ALPS07299425. | |||||
| CVE-2022-31103 | 1 Lettersanitizer Project | 1 Lettersanitizer | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| lettersanitizer is a DOM-based HTML email sanitizer for in-browser email rendering. All versions of lettersanitizer below 1.0.2 are affected by a denial of service issue when processing a CSS at-rule `@keyframes`. This package is depended on by [react-letter](https://github.com/mat-sz/react-letter), therefore everyone using react-letter is also at risk. The problem has been patched in version 1.0.2. | |||||
| CVE-2022-31093 | 1 Nextauth.js | 1 Next-auth | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| NextAuth.js is a complete open source authentication solution for Next.js applications. In affected versions an attacker can send a request to an app using NextAuth.js with an invalid `callbackUrl` query parameter, which internally is converted to a `URL` object. The URL instantiation would fail due to a malformed URL being passed into the constructor, causing it to throw an unhandled error which led to the **API route handler timing out and logging in to fail**. This has been remedied in versions 3.29.5 and 4.5.0. If for some reason you cannot upgrade, the workaround requires you to rely on Advanced Initialization. Please see the documentation for more. | |||||
| CVE-2022-30738 | 1 Samsung | 1 Internet | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Improper check in Loader in Samsung Internet prior to 17.0.1.69 allows attackers to spoof address bar via executing script. | |||||