Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

CVE-2022-41717 vulnerabilities and exploits

(subscribe to this query)

5.3
CVE-2022-41717
An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the...
Golang GoGolang Http2
7.5
CVE-2022-32149
An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse....
Golang Text
7.8
CVE-2022-40304
An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked....
Xmlsoft Libxml2Netapp Clustered Data Ontap -Netapp Smi-s Provider -Netapp Clustered Data Ontap Antivirus Connector -Netapp Active Iq Unified Manager -Netapp Manageability Software Development Kit -Netapp Snapmanager -Netapp H300s Firmware -Netapp H500s Firmware -Netapp H700s Firmware -Netapp H410s Firmware -Netapp H410c Firmware -Apple WatchosApple TvosApple IpadosApple Iphone OsApple Macos
7.5
CVE-2022-27664
In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error....
Golang Go 1.19.0Golang GoFedoraproject Fedora 36Fedoraproject Fedora 37
7.5
CVSSv3
CVE-2022-30293
In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp....
Webkitgtk WebkitgtkDebian Debian Linux 10.0Debian Debian Linux 11.0
6.5
CVE-2022-30698
NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a subdomain of a rogue domain name. The rogue nameserver returns...
Nlnetlabs UnboundFedoraproject Fedora 35Fedoraproject Fedora 36
6.5
CVE-2022-30699
NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a rogue domain name when the cached delegation information is...
Nlnetlabs UnboundFedoraproject Fedora 35Fedoraproject Fedora 36
7.5
CVE-2022-40303
An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a...
Xmlsoft Libxml2Netapp Ontap Select Deploy Administration Utility -Netapp Clustered Data Ontap -Netapp Clustered Data Ontap Antivirus Connector -Netapp Active Iq Unified Manager -Netapp Snapmanager -Netapp Netapp Manageability Sdk -Apple MacosApple WatchosApple TvosApple IpadosApple Iphone OsNetapp H300s Firmware -Netapp H500s Firmware -Netapp H700s Firmware -Netapp H410s Firmware -Netapp H410c Firmware -
6.5
CVE-2022-42011
An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size...
D-bus Project D-busFedoraproject Fedora 36Fedoraproject Fedora 37
7.5
CVE-2022-41715
Programs which compile regular expressions from untrusted sources may be vulnerable to memory exhaustion or denial of service. The parsed regexp representation is linear in the size of the input, but in some cases the constant factor can be as high as 40,000, making relatively...
Golang GoFedoraproject Fedora 37
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-45441arbitrary CVE-2022-31254CVE-2023-0719CVE-2023-25136CVE-2023-0744CVE-2022-0847unspecifiedspoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook