High

DATE	CVE	VULNERABILITY TITLE	RISK
2022-07-18	CVE-2020-16093	Improper Certificate Validation vulnerability in multiple products In LemonLDAP::NG (aka lemonldap-ng) through 2.0.8, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. network low complexity lemonldap-ng debian CWE-295	7.5
2022-07-17	CVE-2022-30550	Improper Authentication vulnerability in multiple products An issue was discovered in the auth component in Dovecot 2.2 and 2.3 before 2.3.20. network low complexity dovecot debian CWE-287	8.8
2022-07-14	CVE-2022-32212	OS Command Injection vulnerability in multiple products A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks. network high complexity nodejs debian fedoraproject siemens CWE-78	8.1
2022-07-12	CVE-2022-29187	Improper Ownership Management vulnerability in multiple products Git is a distributed revision control system. local low complexity git-scm fedoraproject apple debian CWE-282	7.8
2022-07-11	CVE-2022-35414	Use of Uninitialized Resource vulnerability in multiple products softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translate_fail path, leading to an io_readx or io_writex crash. local low complexity qemu debian CWE-908	8.8
2022-07-08	CVE-2022-35410	Path Traversal vulnerability in multiple products mat2 (aka metadata anonymisation toolkit) before 0.13.0 allows ../ directory traversal during the ZIP archive cleaning process. network low complexity 0xacab debian CWE-22	7.5
2022-07-07	CVE-2022-2048	In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. network low complexity eclipse debian netapp jenkins	7.5
2022-07-06	CVE-2022-31129	moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. network low complexity momentjs fedoraproject debian	7.5
2022-07-05	CVE-2022-26365	Memory Leak vulnerability in multiple products Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). local low complexity linux xen debian fedoraproject CWE-401	7.1
2022-07-05	CVE-2022-2304	Stack-based Buffer Overflow vulnerability in multiple products Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. local low complexity vim fedoraproject debian CWE-121	7.8