High

DATE	CVE	VULNERABILITY TITLE	RISK
2022-12-14	CVE-2022-23517	rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. network low complexity rubyonrails debian	7.5
2022-12-13	CVE-2022-45685	Out-of-bounds Write vulnerability in multiple products A stack overflow in Jettison before v1.5.2 allows attackers to cause a Denial of Service (DoS) via crafted JSON data. network low complexity jettison-project debian CWE-787	7.5
2022-12-13	CVE-2022-45693	Out-of-bounds Write vulnerability in multiple products Jettison before v1.5.2 was discovered to contain a stack overflow via the map parameter. network low complexity jettison-project debian CWE-787	7.5
2022-12-12	CVE-2022-41881	Uncontrolled Recursion vulnerability in multiple products Netty project is an event-driven asynchronous network application framework. network low complexity netty debian CWE-674	7.5
2022-12-06	CVE-2022-41325	Integer Overflow or Wraparound vulnerability in multiple products An integer overflow in the VNC module in VideoLAN VLC Media Player through 3.0.17.4 allows attackers, by tricking a user into opening a crafted playlist or connecting to a rogue VNC server, to crash VLC or execute code under some conditions. local low complexity videolan debian CWE-190	7.8
2022-12-05	CVE-2022-30122	A possible denial of service vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 in the multipart parsing component of Rack. network low complexity rack-project debian	7.5
2022-12-05	CVE-2022-43548	OS Command Injection vulnerability in multiple products A OS Command Injection vulnerability exists in Node.js versions <14.21.1, <16.18.1, <18.12.1, <19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.The fix for this issue in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212 was incomplete and this new CVE is to complete the fix. network high complexity nodejs debian CWE-78	8.1
2022-11-28	CVE-2022-45442	Download of Code Without Integrity Check vulnerability in multiple products Sinatra is a domain-specific language for creating web applications in Ruby. network low complexity sinatrarb debian CWE-494	8.8
2022-11-28	CVE-2022-45939	OS Command Injection vulnerability in multiple products GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. local low complexity gnu debian fedoraproject CWE-78	7.8
2022-11-27	CVE-2022-45934	Integer Overflow or Wraparound vulnerability in multiple products An issue was discovered in the Linux kernel through 6.0.10. local low complexity linux fedoraproject netapp debian CWE-190	7.8