CVE-2022-30779

Laravel 9.1.8, when processing attacker-controlled data for deserialization, allows Remote Code Execution via an unserialize pop chain in __destruct in GuzzleHttpCookieFileCookieJar.php.
Source: NIST
CVE-2022-30779

CVE-2022-30778

Laravel 9.1.8, when processing attacker-controlled data for deserialization, allows Remote Code Execution via an unserialize pop chain in __destruct in IlluminateBroadcastingPendingBroadcast.php and dispatch($command) in IlluminateBusQueueingDispatcher.php.
Source: NIST
CVE-2022-30778

CVE-2022-30767

nfs_lookup_reply in net/nfs.c in Das U-Boot through 2022.04 (and through 2022.07-rc2) has an unbounded memcpy with a failed length check, leading to a buffer overflow. NOTE: this issue exists because of an incorrect fix for CVE-2019-14196.
Source: NIST
CVE-2022-30767

CVE-2022-30775

xpdf 4.04 allocates excessive memory when presented with crafted input. This can be triggered by (for example) sending a crafted PDF document to the pdftoppm binary. It is most easily reproduced with the DCMAKE_CXX_COMPILER=afl-clang-fast++ option.
Source: NIST
CVE-2022-30775

CVE-2022-30049

A Server-Side Request Forgery (SSRF) in Rebuild v2.8.3 allows attackers to obtain the real IP address and scan Intranet information via the fileurl parameter.
Source: NIST
CVE-2022-30049