Total
432 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-45854 | 1 Zyxel | 12 Nwa110ax, Nwa110ax Firmware, Nwa210ax and 9 more | 2024-11-21 | 4.3 Medium |
| An improper check for unusual conditions in Zyxel NWA110AX firmware verisons prior to 6.50(ABTG.0)C0, which could allow a LAN attacker to cause a temporary denial-of-service (DoS) by sending crafted VLAN frames if the MAC address of the vulnerable AP were intercepted by the attacker. | ||||
| CVE-2022-43393 | 1 Zyxel | 90 Gs1350-12hp, Gs1350-12hp Firmware, Gs1350-18hp and 87 more | 2024-11-21 | 8.2 High |
| An improper check for unusual or exceptional conditions in the HTTP request processing function of Zyxel GS1920-24v2 firmware prior to V4.70(ABMH.8)C0, which could allow an unauthenticated attacker to corrupt the contents of the memory and result in a denial-of-service (DoS) condition on a vulnerable device. | ||||
| CVE-2022-41587 | 1 Huawei | 1 Emui | 2024-11-21 | 5.3 Medium |
| Uncaptured exceptions in the home screen module. Successful exploitation of this vulnerability may affect stability. | ||||
| CVE-2022-3616 | 1 Cloudflare | 1 Octorpki | 2024-11-21 | 5.4 Medium |
| Attackers can create long chains of CAs that would lead to OctoRPKI exceeding its max iterations parameter. In consequence it would cause the program to crash, preventing it from finishing the validation and leading to a denial of service. Credits to Donika Mirdita and Haya Shulman - Fraunhofer SIT, ATHENE, who discovered and reported this vulnerability. | ||||
| CVE-2022-39288 | 1 Fastify | 1 Fastify | 2024-11-21 | 7.5 High |
| fastify is a fast and low overhead web framework, for Node.js. Affected versions of fastify are subject to a denial of service via malicious use of the Content-Type header. An attacker can send an invalid Content-Type header that can cause the application to crash. This issue has been addressed in commit `fbb07e8d` and will be included in release version 4.8.1. Users are advised to upgrade. Users unable to upgrade may manually filter out http content with malicious Content-Type headers. | ||||
| CVE-2022-38235 | 1 Xpdf Project | 1 Xpdf | 2024-11-21 | 5.5 Medium |
| XPDF commit ffaf11c was discovered to contain a segmentation violation via DCTStream::getChar() at /xpdf/Stream.cc. | ||||
| CVE-2022-38234 | 1 Xpdf Project | 1 Xpdf | 2024-11-21 | 5.5 Medium |
| XPDF commit ffaf11c was discovered to contain a segmentation violation via Lexer::getObj(Object*) at /xpdf/Lexer.cc. | ||||
| CVE-2022-38233 | 1 Xpdf Project | 1 Xpdf | 2024-11-21 | 5.5 Medium |
| XPDF commit ffaf11c was discovered to contain a segmentation violation via DCTStream::readMCURow() at /xpdf/Stream.cc. | ||||
| CVE-2022-38152 | 1 Wolfssl | 1 Wolfssl | 2024-11-21 | 7.5 High |
| An issue was discovered in wolfSSL before 5.5.0. When a TLS 1.3 client connects to a wolfSSL server and SSL_clear is called on its session, the server crashes with a segmentation fault. This occurs in the second session, which is created through TLS session resumption and reuses the initial struct WOLFSSL. If the server reuses the previous session structure (struct WOLFSSL) by calling wolfSSL_clear(WOLFSSL* ssl) on it, the next received Client Hello (that resumes the previous session) crashes the server. Note that this bug is only triggered when resuming sessions using TLS session resumption. Only servers that use wolfSSL_clear instead of the recommended SSL_free; SSL_new sequence are affected. Furthermore, wolfSSL_clear is part of wolfSSL's compatibility layer and is not enabled by default. It is not part of wolfSSL's native API. | ||||
| CVE-2022-37392 | 1 Apache | 1 Traffic Server | 2024-11-21 | 5.3 Medium |
| Improper Check for Unusual or Exceptional Conditions vulnerability in handling the requests to Apache Traffic Server. This issue affects Apache Traffic Server 8.0.0 to 9.1.2. | ||||
| CVE-2022-36145 | 1 Swfmill | 1 Swfmill | 2024-11-21 | 5.5 Medium |
| SWFMill commit 53d7690 was discovered to contain a segmentation violation via SWF::Reader::getWord(). | ||||
| CVE-2022-36141 | 1 Swfmill | 1 Swfmill | 2024-11-21 | 5.5 Medium |
| SWFMill commit 53d7690 was discovered to contain a segmentation violation via SWF::MethodBody::write(SWF::Writer*, SWF::Context*). | ||||
| CVE-2022-36140 | 1 Swfmill | 1 Swfmill | 2024-11-21 | 5.5 Medium |
| SWFMill commit 53d7690 was discovered to contain a segmentation violation via SWF::DeclareFunction2::write(SWF::Writer*, SWF::Context*). | ||||
| CVE-2022-36046 | 2 Nodejs, Vercel | 2 Node.js, Next.js | 2024-11-21 | 5.3 Medium |
| Next.js is a React framework that can provide building blocks to create web applications. All of the following must be true to be affected by this CVE: Next.js version 12.2.3, Node.js version above v15.0.0 being used with strict `unhandledRejection` exiting AND using next start or a [custom server](https://nextjs.org/docs/advanced-features/custom-server). Deployments on Vercel ([vercel.com](https://vercel.com/)) are not affected along with similar environments where `next-server` isn't being shared across requests. | ||||
| CVE-2022-35473 | 1 Otfcc Project | 1 Otfcc | 2024-11-21 | 6.5 Medium |
| OTFCC v0.10.4 was discovered to contain a segmentation violation via /release-x64/otfccdump+0x4fe9a7. | ||||
| CVE-2022-35469 | 1 Otfcc Project | 1 Otfcc | 2024-11-21 | 6.5 Medium |
| OTFCC v0.10.4 was discovered to contain a segmentation violation via /x86_64-linux-gnu/libc.so.6+0xbb384. | ||||
| CVE-2022-35173 | 1 Nginx | 1 Njs | 2024-11-21 | 7.5 High |
| An issue was discovered in Nginx NJS v0.7.5. The JUMP offset for a break instruction was not set to a correct offset during code generation, leading to a segmentation violation. | ||||
| CVE-2022-32749 | 1 Apache | 1 Traffic Server | 2024-11-21 | 7.5 High |
| Improper Check for Unusual or Exceptional Conditions vulnerability handling requests in Apache Traffic Server allows an attacker to crash the server under certain conditions. This issue affects Apache Traffic Server: from 8.0.0 through 9.1.3. | ||||
| CVE-2022-32590 | 3 Google, Linuxfoundation, Mediatek | 47 Android, Yocto, Mt6761 and 44 more | 2024-11-21 | 6.7 Medium |
| In wlan, there is a possible use after free due to an incorrect status check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07299425; Issue ID: ALPS07299425. | ||||
| CVE-2022-31103 | 1 Lettersanitizer Project | 1 Lettersanitizer | 2024-11-21 | 7.5 High |
| lettersanitizer is a DOM-based HTML email sanitizer for in-browser email rendering. All versions of lettersanitizer below 1.0.2 are affected by a denial of service issue when processing a CSS at-rule `@keyframes`. This package is depended on by [react-letter](https://github.com/mat-sz/react-letter), therefore everyone using react-letter is also at risk. The problem has been patched in version 1.0.2. | ||||