How severe is CVE-2022-29181?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.2 out of 10.

What type of vulnerability is CVE-2022-29181?

This is classified as CWE-241, which is a common weakness in software security.

CVE-2022-29181

HIGH Year: 2022

CVSS v3 Score

8.2

High

CVSS v2 Score

6.4

Medium

Weakness Type

CWE-241

View all →

Vulnerability Description

Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors (segfault) or reads from unrelated memory. Version 1.13.6 contains a patch for this issue. As a workaround, ensure the untrusted input is a `String` by calling `#to_s` or equivalent.

CVE-2022-39064

HIGH

CVSS:8.1(High)

An attacker sending a single malformed IEEE 802.15.4 (Zigbee) frame makes the TRÅDFRI bulb blink, and if they replay (i.e. resend) the same frame multiple times, the bulb performs a factory reset. Thi...

CWE-2412022

CVE-2021-39131

HIGH

CVSS:7.5(High)

ced detects character encoding using Google’s compact_enc_det library. In ced v0.1.0, passing data types other than `Buffer` causes the Node.js process to crash. The problem has been patched in ced v1...

CWE-2412021

CVE-2021-40116

HIGH

CVSS:7.5(High)

Multiple Cisco products are affected by a vulnerability in Snort rules that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.The vulne...

CWE-2412021

CVE-2022-1642

HIGH

CVSS:7.5(High)

A program using swift-corelibs-foundation is vulnerable to a denial of service attack caused by a potentially malicious source producing a JSON document containing a type mismatch. This vulnerability ...

CWE-2412022

CVE-2022-20730

HIGH

CVSS:7.5(High)

A vulnerability in the Security Intelligence feed feature of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the Security Intelligence DNS feed....

CWE-2412022

CVE-2022-24668

HIGH

CVSS:7.5(High)

A program using swift-nio-http2 is vulnerable to a denial of service attack caused by a network peer sending ALTSVC or ORIGIN frames. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.1...

CWE-2412022

CVE-2022-29181

Vulnerability Description

Related Vulnerabilities

CVE-2022-39064

CVE-2021-39131

CVE-2021-40116

CVE-2022-1642

CVE-2022-20730

CVE-2022-24668