Skip to main content
CVE-2022-3037 HIGH POC PATCH This Week

Use After Free in GitHub repository vim/vim prior to 9.0.0322. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Denial Of Service Use After Free Vim Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-38784 HIGH POC PATCH This Week

Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Integer Overflow RCE Poppler Debian Linux Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-39028 HIGH POC PATCH This Week

telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and derivative works has a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Inetutils Kerberos 5 Debian Linux +1
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2022-25857 HIGH POC PATCH This Week

The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Snakeyaml Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
2.2%
CVE-2022-36565 HIGH This Week

Incorrect access control in the install directory (C:\Wamp64) of Wamp v3.2.6 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Wampserver
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-36564 HIGH This Week

Incorrect access control in the install directory (C:\Strawberry) of StrawberryPerl v5.32.1.1 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Strawberryperl
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-36563 HIGH This Week

Incorrect access control in the install directory (C:\RailsInstaller) of Rubyinstaller2 v3.1.2 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Rubyinstaller2
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-36562 HIGH This Week

Incorrect access control in the install directory (C:\Ruby31-x64) of Rubyinstaller2 v3.1.2 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Rubyinstaller2
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-34374 HIGH PATCH This Week

Dell Container Storage Modules 1.2 contains an OS command injection in goiscsi and gobrick libraries. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Dell Command Injection Container Storage Modules
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2022-38118 HIGH This Week

OAKlouds Portal website’s Meeting Room has insufficient validation for user input. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Oaklouds Portal
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2022-37173 HIGH This Week

An issue in the installer of gvim 9.0.0000 allows authenticated attackers to execute arbitrary code via a binary hijacking attack on C:\Program.exe. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Privilege Escalation Gvim
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-37172 HIGH This Week

Incorrect access control in the install directory (C:\msys64) of Msys2 v20220603 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Msys2
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-24107 HIGH This Week

Xpdf prior to 4.04 lacked an integer overflow check in JPXStream.cc. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Xpdfreader
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-24106 HIGH This Week

In Xpdf prior to 4.04, the DCT (JPEG) decoder was incorrectly allowing the 'interleaved' flag to be changed after the first scan of the image, leading to an unknown integer-related vulnerability in. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Information Disclosure Xpdfreader
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-36552 HIGH This Week

Tenda AC6(AC1200) v5.0 Firmware v02.03.01.114 and below contains an issue in the component /cgi-bin/DownloadFlash which allows attackers to steal all data such as source code and system files via a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tenda Path Traversal Information Disclosure Ac6 Firmware
NVD VulDB
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-27563 HIGH This Week

An unauthenticated user can overload a part of HCL VersionVault Express and cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Versionvault Express
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-37237 HIGH PATCH This Week

An attacker can send malicious RTMP requests to make the ZLMediaKit server crash remotely. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Zlmediakit
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-25887 HIGH PATCH This Week

The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure global regular expression replacement logic of HTML comment removal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Sanitize Html
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy