Security Vulnerabilities - CVEs Published In July 2022
MariaDB v10.4 to v10.8 was discovered to contain a segmentation fault via the component Item_field::fix_outer_field.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-07-01
MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_args::walk_args.
CVSS Score
7.5
EPSS Score
0.011
Published
2022-07-01
MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-07-01
MariaDB v10.5 to v10.7 was discovered to contain a segmentation fault via the component st_select_lex_unit::exclude_level.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-07-01
MariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-07-01
All versions of package scss-tokenizer are vulnerable to Regular Expression Denial of Service (ReDoS) via the loadAnnotation() function, due to the usage of insecure regex.
CVSS Score
5.3
EPSS Score
0.005
Published
2022-07-01
The package link-preview-js before 2.1.16 are vulnerable to Server-side Request Forgery (SSRF) which allows attackers to send arbitrary requests to the local network and read the response. This is due to flawed DNS rebinding protection.
CVSS Score
6.2
EPSS Score
0.001
Published
2022-07-01
This affects the package passport before 0.6.0. When a user logs in or logs out, the session is regenerated instead of being closed.
CVSS Score
4.8
EPSS Score
0.002
Published
2022-07-01
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the function formSetVirtualSer.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-07-01
Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the items parameter in the function formdelMasteraclist.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-07-01