2022-12-05 | CVE-2022-30123 | A sequence injection vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 which could allow is a possible shell escape in the Lint and CommonLogger components of Rack. | 10.0 |
2022-11-22 | CVE-2022-36227 | NULL Pointer Dereference vulnerability in multiple products In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. | 9.8 |
2022-11-09 | CVE-2022-45062 | Argument Injection or Modification vulnerability in multiple products In Xfce xfce4-settings before 4.16.4 and 4.17.x before 4.17.1, there is an argument injection vulnerability in xfce4-mime-helper. | 9.8 |
2022-11-09 | CVE-2022-3890 | Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in Crashpad in Google Chrome on Android prior to 107.0.5304.106 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | 9.6 |
2022-11-02 | CVE-2022-39353 | xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. | 9.8 |
2022-10-24 | CVE-2021-46848 | Off-by-one Error vulnerability in multiple products GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der. | 9.1 |
2022-10-21 | CVE-2022-37454 | Integer Overflow or Wraparound vulnerability in multiple products The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. | 9.8 |
2022-10-12 | CVE-2022-37601 | Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils via the name variable in parseQuery.js. | 9.8 |
2022-10-11 | CVE-2022-37616 | A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom (published as @xmldom/xmldom) package before 0.8.3 for Node.js via the p variable. | 9.8 |
2022-10-06 | CVE-2022-41853 | Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb (HyperSQL DataBase) to process untrusted input may be vulnerable to a remote code execution attack. | 9.8 |