High

DATE	CVE	VULNERABILITY TITLE	RISK
2022-12-05	CVE-2022-43548	OS Command Injection vulnerability in multiple products A OS Command Injection vulnerability exists in Node.js versions <14.21.1, <16.18.1, <18.12.1, <19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.The fix for this issue in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212 was incomplete and this new CVE is to complete the fix. network high complexity nodejs debian CWE-78	8.1
2022-11-28	CVE-2022-45442	Download of Code Without Integrity Check vulnerability in multiple products Sinatra is a domain-specific language for creating web applications in Ruby. network low complexity sinatrarb debian CWE-494	8.8
2022-11-28	CVE-2022-45939	OS Command Injection vulnerability in multiple products GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. local low complexity gnu debian fedoraproject CWE-78	7.8
2022-11-27	CVE-2022-45934	Integer Overflow or Wraparound vulnerability in multiple products An issue was discovered in the Linux kernel through 6.0.10. local low complexity linux fedoraproject netapp debian CWE-190	7.8
2022-11-26	CVE-2022-24999	qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an __ proto__ key can be used. network low complexity qs-project openjsf debian	7.5
2022-11-23	CVE-2022-44789	Out-of-bounds Write vulnerability in multiple products A logical issue in O_getOwnPropertyDescriptor() in Artifex MuJS 1.0.0 through 1.3.x before 1.3.2 allows an attacker to achieve Remote Code Execution through memory corruption, via the loading of a crafted JavaScript file. network low complexity artifex debian fedoraproject CWE-787	8.8
2022-11-15	CVE-2022-41916	Off-by-one Error vulnerability in multiple products Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. network low complexity heimdal-project debian CWE-193	7.5
2022-11-13	CVE-2022-3970	Numeric Errors vulnerability in multiple products A vulnerability was found in LibTIFF. network low complexity libtiff netapp debian apple CWE-189	8.8
2022-11-12	CVE-2022-45188	Out-of-bounds Write vulnerability in multiple products Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl file. local low complexity netatalk debian fedoraproject CWE-787	7.8
2022-11-09	CVE-2022-45060	An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. network low complexity varnish-software varnish-cache-project fedoraproject debian	7.5