Total
1308 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-3273 | 1 Ikus-soft | 1 Rdiffweb | 2024-11-21 | 9.8 Critical |
| Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a4. | ||||
| CVE-2022-3212 | 1 Axum-core Project | 1 Axum-core | 2024-11-21 | 7.5 High |
| <bytes::Bytes as axum_core::extract::FromRequest>::from_request would not, by default, set a limit for the size of the request body. That meant if a malicious peer would send a very large (or infinite) body your server might run out of memory and crash. This also applies to these extractors which used Bytes::from_request internally: axum::extract::Form axum::extract::Json String | ||||
| CVE-2022-38155 | 1 Samsung | 1 Mtower | 2024-11-21 | 7.5 High |
| TEE_Malloc in Samsung mTower through 0.3.0 allows a trusted application to achieve Excessive Memory Allocation via a large len value, as demonstrated by a Numaker-PFM-M2351 TEE kernel crash. | ||||
| CVE-2022-38153 | 1 Wolfssl | 1 Wolfssl | 2024-11-21 | 5.9 Medium |
| An issue was discovered in wolfSSL before 5.5.0 (when --enable-session-ticket is used); however, only version 5.3.0 is exploitable. Man-in-the-middle attackers or a malicious server can crash TLS 1.2 clients during a handshake. If an attacker injects a large ticket (more than 256 bytes) into a NewSessionTicket message in a TLS 1.2 handshake, and the client has a non-empty session cache, the session cache frees a pointer that points to unallocated memory, causing the client to crash with a "free(): invalid pointer" message. NOTE: It is likely that this is also exploitable during TLS 1.3 handshakes between a client and a malicious server. With TLS 1.3, it is not possible to exploit this as a man-in-the-middle. | ||||
| CVE-2022-36155 | 1 Monostream | 1 Tifig | 2024-11-21 | 5.5 Medium |
| tifig v0.2.2 was discovered to contain a resource allocation issue via operator new(unsigned long) at asan_new_delete.cpp. | ||||
| CVE-2022-36146 | 1 Swfmill | 1 Swfmill | 2024-11-21 | 5.5 Medium |
| SWFMill commit 53d7690 was discovered to contain a memory allocation issue via operator new[](unsigned long) at asan_new_delete.cpp. | ||||
| CVE-2022-36124 | 1 Apache | 1 Avro | 2024-11-21 | 7.5 High |
| It is possible for a Reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 (previously known as avro-rs). Users should update to apache-avro version 0.14.0 which addresses this issue. | ||||
| CVE-2022-35724 | 1 Apache | 1 Avro | 2024-11-21 | 7.5 High |
| It is possible to provide data to be read that leads the reader to loop in cycles endlessly, consuming CPU. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 (previously known as avro-rs). Users should update to apache-avro version 0.14.0 which addresses this issue. | ||||
| CVE-2022-35505 | 1 Triplecross Project | 1 Triplecross | 2024-11-21 | 7.5 High |
| A segmentation fault in TripleCross v0.1.0 occurs when sending a control command from the client to the server. This occurs because there is no limit to the length of the output of the executed command. | ||||
| CVE-2022-35221 | 1 Teamplus | 1 Team\+ Pro | 2024-11-21 | 5.4 Medium |
| Teamplus Pro community discussion has an ‘allocation of resource without limits or throttling’ vulnerability on thread subject field. A remote attacker with general user privilege posting a thread subject with large content can cause the server to allocate too much memory, leading to missing partial post content and disrupt partial service. | ||||
| CVE-2022-35220 | 1 Teamplus | 1 Team\+ Pro | 2024-11-21 | 7.7 High |
| Teamplus Pro community discussion function has an ‘allocation of resource without limits or throttling’ vulnerability. A remote attacker with general user privilege posting a thread with large content can cause the receiving client device to allocate too much memory, leading to abnormal termination of this client’s Teamplus Pro application. | ||||
| CVE-2022-35219 | 2 Microsoft, Nhi | 2 Windows, Health Insurance Web Service Component | 2024-11-21 | 5.5 Medium |
| The NHI card’s web service component has a stack-based buffer overflow vulnerability due to insufficient validation for network packet key parameter. A LAN attacker with general user privilege can exploit this vulnerability to disrupt service. | ||||
| CVE-2022-35218 | 2 Microsoft, Nhi | 2 Windows, Health Insurance Web Service Component | 2024-11-21 | 5.5 Medium |
| The NHI card’s web service component has a heap-based buffer overflow vulnerability due to insufficient validation for packet origin parameter length. A LAN attacker with general user privilege can exploit this vulnerability to disrupt service. | ||||
| CVE-2022-35111 | 1 Swftools | 1 Swftools | 2024-11-21 | 5.5 Medium |
| SWFTools commit 772e55a2 was discovered to contain a stack overflow via __sanitizer::StackDepotNode::hash(__sanitizer::StackTrace const&) at /sanitizer_common/sanitizer_stackdepot.cpp. | ||||
| CVE-2022-35107 | 1 Swftools | 1 Swftools | 2024-11-21 | 5.5 Medium |
| SWFTools commit 772e55a2 was discovered to contain a stack overflow via vfprintf at /stdio-common/vfprintf.c. | ||||
| CVE-2022-35089 | 1 Swftools | 1 Swftools | 2024-11-21 | 5.5 Medium |
| SWFTools commit 772e55a2 was discovered to contain a heap-buffer-overflow via getTransparentColor at /home/bupt/Desktop/swftools/src/gif2swf. | ||||
| CVE-2022-35009 | 1 Pngdec Project | 1 Pngdec | 2024-11-21 | 6.5 Medium |
| PNGDec commit 8abf6be was discovered to contain a memory allocation problem via asan_malloc_linux.cpp. | ||||
| CVE-2022-34917 | 2 Apache, Redhat | 2 Kafka, Amq Streams | 2024-11-21 | 7.5 High |
| A security vulnerability has been identified in Apache Kafka. It affects all releases since 2.8.0. The vulnerability allows malicious unauthenticated clients to allocate large amounts of memory on brokers. This can lead to brokers hitting OutOfMemoryException and causing denial of service. Example scenarios: - Kafka cluster without authentication: Any clients able to establish a network connection to a broker can trigger the issue. - Kafka cluster with SASL authentication: Any clients able to establish a network connection to a broker, without the need for valid SASL credentials, can trigger the issue. - Kafka cluster with TLS authentication: Only clients able to successfully authenticate via TLS can trigger the issue. We advise the users to upgrade the Kafka installations to one of the 3.2.3, 3.1.2, 3.0.2, 2.8.2 versions. | ||||
| CVE-2022-34750 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 7.5 High |
| An issue was discovered in MediaWiki through 1.38.1. The lemma length of a Wikibase lexeme is currently capped at a thousand characters. Unfortunately, this length is not validated, allowing much larger lexemes to be created, which introduces various denial-of-service attack vectors within the Wikibase and WikibaseLexeme extensions. This is related to Special:NewLexeme and Special:NewProperty. | ||||
| CVE-2022-34308 | 2 Ibm, Linux | 2 Cics Tx, Linux Kernel | 2024-11-21 | 5.5 Medium |
| IBM CICS TX 11.1 could allow a local user to cause a denial of service due to improper load handling. IBM X-Force ID: 229437. | ||||