CVE-2022-20750

A vulnerability in the checkpoint manager implementation of Cisco Redundancy Configuration Manager (RCM) for Cisco StarOS Software could allow an unauthenticated, remote attacker to cause the checkpoint manager process to restart upon receipt of malformed TCP data. This vulnerability is due to improper input validation of an ingress TCP packet. An attacker could exploit this vulnerability by sending crafted TCP data to the affected application. A successful exploit could allow the attacker to cause a denial of service (DoS) condition due to the checkpoint manager process restarting.

Source: CVE-2022-20750

CVE-2022-20659

A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

Source: CVE-2022-20659

CVE-2022-23319

A segmentation fault during PCF file parsing in pcf2bdf versions >=1.05 allows an attacker to trigger a program crash via a specially crafted PCF font file. This crash affects the availability of the software and dependent downstream components.

Source: CVE-2022-23319

CVE-2022-23318

A heap-buffer-overflow in pcf2bdf, versions >= 1.05 allows an attacker to trigger unsafe memory access via a specially crafted PCF font file. This out-of-bound read may lead to an application crash, information disclosure via program memory or other context-dependent impact.

Source: CVE-2022-23318

CVE-2022-22899

Core FTP / SFTP Server v2 Build 725 was discovered to allow unauthenticated attackers to cause a Denial of Service (DoS) via a crafted packet through the SSH service.

Source: CVE-2022-22899

CVE-2021-46368

TRIGONE Remote System Monitor 3.61 is vulnerable to an unquoted path service allowing local users to launch processes with elevated privileges.

Source: CVE-2021-46368

CVE-2022-0629

Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

Source: CVE-2022-0629

CVE-2022-0623

Out-of-bounds Read in Homebrew mruby prior to 3.2.

Source: CVE-2022-0623

CVE-2022-24953

The Crypt_GPG extension before 1.6.7 for PHP does not prevent additional options in GPG calls, which presents a risk for certain environments and GPG versions.

Source: CVE-2022-24953

CVE-2022-22901

There is an Assertion in ‘context_p->next_scanner_info_p->type == SCANNER_TYPE_FUNCTION’ failed at parser_parse_function_arguments in /js/js-parser.c of JerryScript commit a6ab5e9.

Source: CVE-2022-22901