| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2022-22000 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | | |
| CVE-2022-22001 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | | |
| CVE-2022-22002 | Windows User Account Profile Picture Denial of Service Vulnerability | | |
| CVE-2022-22003 | Microsoft Office Graphics Remote Code Execution Vulnerability | | |
| CVE-2022-22004 | Microsoft Office ClickToRun Remote Code Execution Vulnerability | | |
| CVE-2022-22005 | Microsoft SharePoint Server Remote Code Execution Vulnerability | | |
| CVE-2022-22006 | HEVC Video Extensions Remote Code Execution Vulnerability | | |
| CVE-2022-22007 | HEVC Video Extensions Remote Code Execution Vulnerability | | |
| CVE-2022-22008 | Windows Hyper-V Remote Code Execution Vulnerability | | |
| CVE-2022-22009 | Windows Hyper-V Remote Code Execution Vulnerability | | |
| CVE-2022-22010 | Media Foundation Information Disclosure Vulnerability | | |
| CVE-2022-22011 | Windows Graphics Component Information Disclosure Vulnerability | S | |
| CVE-2022-22012 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | S | |
| CVE-2022-22013 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | S | |
| CVE-2022-22014 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | S | |
| CVE-2022-22015 | Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability | S | |
| CVE-2022-22016 | Windows PlayToManager Elevation of Privilege Vulnerability | S | |
| CVE-2022-22017 | Remote Desktop Client Remote Code Execution Vulnerability | S | |
| CVE-2022-22018 | HEVC Video Extensions Remote Code Execution Vulnerability | S | |
| CVE-2022-22019 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | S | |
| CVE-2022-22021 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | S | |
| CVE-2022-22022 | Windows Print Spooler Elevation of Privilege Vulnerability | | |
| CVE-2022-22023 | Windows Portable Device Enumerator Service Security Feature Bypass Vulnerability | | |
| CVE-2022-22024 | Windows Fax Service Remote Code Execution Vulnerability | | |
| CVE-2022-22025 | Windows Internet Information Services Cachuri Module Denial of Service Vulnerability | | |
| CVE-2022-22026 | Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability | | |
| CVE-2022-22027 | Windows Fax Service Remote Code Execution Vulnerability | | |
| CVE-2022-22028 | Windows Network File System Information Disclosure Vulnerability | | |
| CVE-2022-22029 | Windows Network File System Remote Code Execution Vulnerability | | |
| CVE-2022-22031 | Windows Credential Guard Domain-joined Public Key Elevation of Privilege Vulnerability | | |
| CVE-2022-22034 | Windows Graphics Component Elevation of Privilege Vulnerability | S | |
| CVE-2022-22035 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | S | |
| CVE-2022-22036 | Performance Counters for Windows Elevation of Privilege Vulnerability | | |
| CVE-2022-22037 | Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability | | |
| CVE-2022-22038 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | | |
| CVE-2022-22039 | Windows Network File System Remote Code Execution Vulnerability | | |
| CVE-2022-22040 | Internet Information Services Dynamic Compression Module Denial of Service Vulnerability | | |
| CVE-2022-22041 | Windows Print Spooler Elevation of Privilege Vulnerability | | |
| CVE-2022-22042 | Windows Hyper-V Information Disclosure Vulnerability | | |
| CVE-2022-22043 | Windows Fast FAT File System Driver Elevation of Privilege Vulnerability | | |
| CVE-2022-22045 | Windows.Devices.Picker.dll Elevation of Privilege Vulnerability | | |
| CVE-2022-22047 | Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability | KEV S | |
| CVE-2022-22048 | BitLocker Security Feature Bypass Vulnerability | | |
| CVE-2022-22049 | Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability | | |
| CVE-2022-22050 | Windows Fax Service Elevation of Privilege Vulnerability | | |
| CVE-2022-22054 | ASUS RT-AX56U - Path Traversal | | |
| CVE-2022-22055 | Le-yan Co., Ltd. dental management system - SQL Injection | S | |
| CVE-2022-22056 | Le-yan Co., Ltd. dental management system - Hard-coded Credentials | S | |
| CVE-2022-22057 | Use after free in graphics fence due to a race condition while closing fence file descriptor and des... | S | |
| CVE-2022-22058 | Memory corruption due to use after free issue in kernel while processing ION handles in Snapdragon A... | S | |
| CVE-2022-22059 | Memory corruption due to out of bound read while parsing a video file in Snapdragon Auto, Snapdragon... | | |
| CVE-2022-22060 | Reachable Assertion in Modem | | |
| CVE-2022-22061 | Out of bounds writing is possible while verifying device IDs due to improper length check before cop... | | |
| CVE-2022-22062 | An out-of-bounds read can occur while parsing a server certificate due to improper length check in S... | | |
| CVE-2022-22063 | Memory corruption in Core | | |
| CVE-2022-22064 | Possible buffer over read due to lack of size validation while unpacking frame in Snapdragon Auto, S... | S | |
| CVE-2022-22065 | Out of bound read in WLAN HOST due to improper length check can lead to DOS in Snapdragon Auto, Snap... | S | |
| CVE-2022-22066 | Memory corruption occurs while processing command received from HLOS due to improper length check in... | | |
| CVE-2022-22067 | Potential memory leak in modem during the processing of NSA RRC Reconfiguration with invalid Radio B... | | |
| CVE-2022-22068 | kernel event may contain unexpected content which is not generated by NPU software in asynchronous e... | S | |
| CVE-2022-22069 | Devices with keyprotect off may store unencrypted keybox in RPMB and cause cryptographic issue in Sn... | | |
| CVE-2022-22070 | Memory corruption in audio due to lack of check of invalid routing address into APR Routing table in... | | |
| CVE-2022-22071 | Possible use after free when process shell memory is freed using IOCTL munmap call and process initi... | KEV S | |
| CVE-2022-22072 | Buffer overflow can occur due to improper validation of NDP application information length in Snapdr... | S | |
| CVE-2022-22074 | Memory Corruption during wma file playback due to integer overflow in Snapdragon Auto, Snapdragon Co... | | |
| CVE-2022-22075 | Information Exposure in Graphics | S | |
| CVE-2022-22076 | Cryptographic issue in Core | | |
| CVE-2022-22077 | Memory corruption in graphics due to use-after-free in graphics dispatcher logic in Snapdragon Mobil... | S | |
| CVE-2022-22078 | Denial of service in BOOT when partition size for a particular partition is requested due to integer... | S | |
| CVE-2022-22079 | Buffer Over-read in BOOT | S | |
| CVE-2022-22080 | Improper validation of backend id in PCM routing process can lead to memory corruption in Snapdragon... | S | |
| CVE-2022-22081 | Memory corruption in audio module due to integer overflow in Snapdragon Auto, Snapdragon Connectivit... | | |
| CVE-2022-22082 | Memory corruption due to possible buffer overflow while parsing DSF header with corrupted channel co... | | |
| CVE-2022-22083 | Denial of service due to memory corruption while extracting ape header from clips in Snapdragon Auto... | | |
| CVE-2022-22084 | Memory corruption when extracting qcp audio file due to lack of check on data length in Snapdragon A... | | |
| CVE-2022-22085 | Memory corruption in video due to buffer overflow while reading the dts file in Snapdragon Auto, Sna... | | |
| CVE-2022-22086 | Memory corruption in video due to double free while parsing 3gp clip with invalid meta data atoms in... | | |
| CVE-2022-22087 | memory corruption in video due to buffer overflow while parsing mkv clip with no codechecker in Snap... | | |
| CVE-2022-22088 | Integer Overflow to Buffer Overflow in Bluetooth HOST | S | |
| CVE-2022-22089 | Memory corruption in audio while playing record due to improper list handling in two threads in Snap... | | |
| CVE-2022-22090 | Memory corruption in audio due to use after free while managing buffers from internal cache in Snapd... | | |
| CVE-2022-22091 | Improper authorization of a replayed LTE security mode command can lead to a denial of service in Sn... | | |
| CVE-2022-22092 | Memory corruption in kernel due to use after free issue in Snapdragon Compute, Snapdragon Connectivi... | | |
| CVE-2022-22093 | Memory corruption or temporary denial of service due to improper handling of concurrent hypervisor o... | | |
| CVE-2022-22094 | memory corruption in Kernel due to race condition while getting mapping reference in Snapdragon Comp... | | |
| CVE-2022-22095 | Memory corruption in synx driver due to use-after-free condition in the synx driver due to accessing... | S | |
| CVE-2022-22096 | Memory corruption in Bluetooth HOST due to stack-based buffer overflow when when extracting data usi... | S | |
| CVE-2022-22097 | Memory corruption in graphic driver due to use after free while calling multiple threads application... | S | |
| CVE-2022-22098 | Memory corruption in multimedia driver due to untrusted pointer dereference while reading data from ... | | |
| CVE-2022-22099 | Memory corruption in multimedia due to improper validation of array index in Snapdragon Auto... | | |
| CVE-2022-22100 | Memory corruption in multimedia due to improper check on received export descriptors in Snapdragon A... | | |
| CVE-2022-22101 | Denial of service in multimedia due to uncontrolled resource consumption while parsing an incoming H... | | |
| CVE-2022-22102 | Memory corruption in multimedia due to incorrect type conversion while adding data in Snapdragon Aut... | | |
| CVE-2022-22103 | Memory corruption in multimedia driver due to double free while processing data from user in Snapdra... | | |
| CVE-2022-22104 | Memory corruption in multimedia due to improper check on the messages received. in Snapdragon Auto... | | |
| CVE-2022-22105 | Memory corruption in bluetooth due to integer overflow while processing HFP-UNIT profile in Snapdrag... | | |
| CVE-2022-22106 | Memory corruption in multimedia due to improper length check while copying the data in Snapdragon Au... | | |
| CVE-2022-22107 | DayByDay CRM - Missing Authorization when Viewing Appointments | S | |
| CVE-2022-22108 | DayByDay CRM - Missing Authorization when Viewing Absences | S | |
| CVE-2022-22109 | DayByDay CRM - Stored Cross-Site Scripting (XSS) in Task Title | S | |
| CVE-2022-22110 | DayByDay CRM - Weak Password Requirements in Update User | S | |
| CVE-2022-22111 | DayByDay CRM - Missing Authorization when Changing Password | S | |
| CVE-2022-22112 | DayByDay CRM - Application-Wide Client-Side Template Injection (CSTI) | E | |
| CVE-2022-22113 | DayByDay CRM - Insufficient Session Expiration after Password Change | E | |
| CVE-2022-22114 | Teedy - Reflected Cross-Site Scripting (XSS) in the Search Functionality | E S | |
| CVE-2022-22115 | Teedy - Stored Cross-Site Scripting (XSS) in Tag Name | E S | |
| CVE-2022-22116 | Directus - Stored Cross-Site Scripting (XSS) via SVG File Upload | E S | |
| CVE-2022-22117 | Directus - Stored Cross-Site Scripting (XSS) in Profile Avatar Image | E S | |
| CVE-2022-22120 | NocoDB - Observable Discrepancy in the password-reset feature | E S | |
| CVE-2022-22121 | NocoDB - CSV Injection in User Management | E S | |
| CVE-2022-22122 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: This candidate is a res... | R | |
| CVE-2022-22123 | Halo CMS - Stored Cross-Site Scripting (XSS) in Article's Title | E | |
| CVE-2022-22124 | Halo CMS - Stored Cross-Site Scripting (XSS) in Profile Image | E | |
| CVE-2022-22125 | Halo CMS - Stored Cross-Site Scripting (XSS) in Article's Tag | E | |
| CVE-2022-22126 | Openmct XSS via the “Web Page” element | S | |
| CVE-2022-22127 | Tableau is aware of a broken access control vulnerability present in Tableau Server affecting Tablea... | | |
| CVE-2022-22128 | Tableau discovered a path traversal vulnerability affecting Tableau Server Administration Agent’s in... | | |
| CVE-2022-22137 | A memory corruption vulnerability exists in the ioca_mys_rgb_allocate functionality of Accusoft Imag... | E | |
| CVE-2022-22138 | Denial of Service (DoS) | E | |
| CVE-2022-22139 | Uncontrolled search path in the Intel(R) XTU software before version 7.3.0.33 may allow an authentic... | S | |
| CVE-2022-22140 | An os command injection vulnerability exists in the confsrv ucloud_add_node functionality of TCL Lin... | E | |
| CVE-2022-22141 | 'Long-term Data Archive Package' service implemented in the following Yokogawa Electric products cre... | | |
| CVE-2022-22142 | Reflected cross-site scripting vulnerability in the checkbox of php_mailform versions prior to Versi... | | |
| CVE-2022-22143 | Prototype Pollution | E S | |
| CVE-2022-22144 | A hard-coded password vulnerability exists in the libcommonprod.so prod_change_root_passwd functiona... | E | |
| CVE-2022-22145 | CAMS for HIS Log Server contained in the following Yokogawa Electric products is vulnerable to uncon... | M | |
| CVE-2022-22146 | Cross-site scripting vulnerability in TransmitMail 2.5.0 to 2.6.1 allows a remote unauthenticated at... | | |
| CVE-2022-22148 | 'Root Service' service implemented in the following Yokogawa Electric products creates some named pi... | | |
| CVE-2022-22149 | A SQL injection vulnerability exists in the HelpdeskEmailActions.aspx functionality of Lansweeper la... | E | |
| CVE-2022-22150 | A memory corruption vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, ve... | E | |
| CVE-2022-22151 | CAMS for HIS Log Server contained in the following Yokogawa Electric products fails to properly neut... | M | |
| CVE-2022-22152 | Contrail Service Orchestration: Tenants able to see other tenants policies via REST API interface | S | |
| CVE-2022-22153 | SRX Series and MX Series with SPC3: A high percentage of fragments might lead to high latency or packet drops | S | |
| CVE-2022-22154 | Junos Fusion: A Satellite Device can be controlled by rewiring it to a foreign AD causing a DoS | S | |
| CVE-2022-22155 | Junos OS: ACX5448: FPC memory leak due to IPv6 neighbor flaps | S | |
| CVE-2022-22156 | Junos OS: Certificate validation is skipped when fetching system scripts from a HTTPS URL | E S | |
| CVE-2022-22157 | Junos OS: SRX Series: Traffic classification vulnerability when 'no-syn-check' is enabled | S | |
| CVE-2022-22158 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2022-22159 | Junos OS: An attacker sending crafted packets can cause a traffic and CPU Denial of Service (DoS). | S | |
| CVE-2022-22160 | Junos OS: MX Series: The bbe-smgd process crashes if an unsupported configuration exists and a PPPoE client sends a specific message | S | |
| CVE-2022-22161 | Junos OS: MX104 might become unresponsive if the out-of-band management port receives a flood of traffic | S | |
| CVE-2022-22162 | Junos OS: A low privileged user can elevate their privileges to the ones of the highest privileged j-web user logged in | S | |
| CVE-2022-22163 | Junos OS: jdhcpd crashes upon receipt of a specific DHCPv6 packet | S | |
| CVE-2022-22164 | Junos OS Evolved: Telnet service may be enabled when it is expected to be disabled. | S | |
| CVE-2022-22165 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2022-22166 | Junos OS: An rpd core will occur if BGP update tracing is configured and an update containing a malformed BGP SR-TE policy tunnel attribute is received | S | |
| CVE-2022-22167 | Junos OS: SRX Series: If no-syn-check is enabled, traffic classified as UNKNOWN gets permitted by pre-id-default-policy | S | |
| CVE-2022-22168 | Junos OS: vMX and MX150: Specific packets might cause a memory leak and eventually an FPC reboot | S | |
| CVE-2022-22169 | Junos OS and Junos OS Evolved: OSPFv3 session might go into INIT state upon receipt of multiple crafted packets from a trusted neighbor device. | S | |
| CVE-2022-22170 | Junos OS: Specific packets over VXLAN cause FPC memory leak and ultimately reset | S | |
| CVE-2022-22171 | Junos OS: Specific packets over VXLAN cause FPC reset | S | |
| CVE-2022-22172 | Junos OS and Junos OS Evolved: An l2cpd memory leak can occur when specific LLDP packets are received leading to a DoS | S | |
| CVE-2022-22173 | Junos OS: CRL failing to download causes a memory leak and ultimately a DoS | S | |
| CVE-2022-22174 | Junos OS: QFX5000 Series, EX4600: Device may run out of memory, causing traffic loss, upon receipt of specific IPv6 packets | S | |
| CVE-2022-22175 | Junos OS: MX Series and SRX Series: The flowd daemon will crash if the SIP ALG is enabled and specific SIP messages are processed | S | |
| CVE-2022-22176 | Junos OS: In a scenario with dhcp-security and option-82 configured jdhcpd crashes upon receipt of a malformed DHCP packet | S | |
| CVE-2022-22177 | Junos OS and Junos OS Evolved: After receiving a specific number of crafted packets snmpd will segmentation fault (SIGSEGV) requiring a manual restart. | S | |
| CVE-2022-22178 | Junos OS: MX and SRX series: Flowd core observed if the SIP ALG is enabled and a specific Session Initiation Protocol (SIP) packet is received | S | |
| CVE-2022-22179 | Junos OS: jdhcpd crashes upon receiving a specific DHCP packet | S | |
| CVE-2022-22180 | Junos OS: EX2300 Series, EX2300-MP Series, EX3400 Series: A slow memory leak due to processing of specific IPv6 packets | S | |
| CVE-2022-22181 | Junos OS: J-Web can be compromised through reflected XSS attacks | S | |
| CVE-2022-22182 | Junos OS: A XSS vulnerability allows an attacker to execute commands on a target J-Web session | S | |
| CVE-2022-22183 | Junos OS Evolved: A remote attacker may cause a CPU Denial of Service by sending genuine traffic to a device on a specific IPv4 port. | S | |
| CVE-2022-22184 | Junos OS and Junos OS Evolved: A BGP session will flap upon receipt of a specific, optional transitive attribute in version 22.3R1 | S | |
| CVE-2022-22185 | Junos OS: SRX Series: Denial of service vulnerability in flowd daemon upon receipt of a specific fragmented packet | S | |
| CVE-2022-22186 | Junos OS: EX4650 Series: Certain traffic received by the Junos OS device on the management interface may be forwarded to egress interfaces instead of discarded | S | |
| CVE-2022-22187 | JIMS: Local Privilege Escalation vulnerability via repair functionality | S | |
| CVE-2022-22188 | Junos OS: QFX5100/QFX5110/QFX5120/QFX5200/QFX5210/EX4600/EX4650 Series: When storm control profiling is enabled and a device is under an active storm, a Heap-based Buffer Overflow in the PFE will cause a device to hang. | E S | |
| CVE-2022-22189 | Contrail Service Orchestration: An authenticated local user may have their permissions elevated via the device via management interface without authentication | S | |
| CVE-2022-22190 | Paragon Active Assurance Control Center: Information disclosure vulnerability in crafted URL | S | |
| CVE-2022-22191 | Junos OS: EX4300: PFE Denial of Service (DoS) upon receipt of a flood of specific ARP traffic | S | |
| CVE-2022-22192 | Junos OS Evolved: PTX Series: An attacker can cause a kernel panic by sending a malformed TCP packet to the device | S | |
| CVE-2022-22193 | Junos OS and Junos OS Evolved: In a BGP rib-sharding scenario when a certain CLI command is executed the rpd process might crash | S | |
| CVE-2022-22194 | Junos OS Evolved: PTX series: An attacker sending a crafted GRE packet will cause the PFE to restart | S | |
| CVE-2022-22195 | Junos OS Evolved: Specific packets reaching the RE lead to a counter overflow and eventually a crash | S | |
| CVE-2022-22196 | Junos OS and Junos OS Evolved: The rpd CPU spikes to 100% after a malformed ISIS TLV has been received | S | |
| CVE-2022-22197 | Junos OS and Junos OS Evolved: An rpd core will be observed with proxy BGP route-target filtering enabled and certain route add and delete event happening | S | |
| CVE-2022-22198 | Junos OS: MX MS-MPC or MS-MIC, or SRX SPC crashes if it receives a SIP message with a specific contact header format | S | |
| CVE-2022-22199 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2022-22200 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2022-22201 | SRX5000 Series with SPC3, SRX4000 Series, and vSRX: When PowerMode IPsec is configured, the PFE will crash upon receipt of a malformed ESP packet | S | |
| CVE-2022-22202 | Junos OS: PTX Series: FPCs may restart unexpectedly upon receipt of specific MPLS packets with certain multi-unit interface configurations | E S | |
| CVE-2022-22203 | Junos OS: EX4600 Series and QFX5000 Series: Receipt of specific traffic will lead to an fxpc process crash followed by an FPC reboot | S | |
| CVE-2022-22204 | Junos OS: MX Series and SRX Series: When receiving a specific SIP packets stale call table entries are created which eventually leads to a DoS for all SIP traffic | S | |
| CVE-2022-22205 | Junos OS: SRX Series: An FPC memory leak can occur in an APBR scenario | S | |
| CVE-2022-22206 | Junos OS: SRX series: The PFE will crash when specific traffic is scanned by Enhanced Web Filtering safe-search | S | |
| CVE-2022-22207 | Junos OS: MX Series with MPC11: In a GNF / node slicing scenario gathering AF interface statistics can lead to a kernel crash | S | |
| CVE-2022-22208 | Junos OS and Junos OS Evolved: An rpd crash can occur due to memory corruption caused by flapping BGP sessions | S | |
| CVE-2022-22209 | Junos OS: RIB and PFEs can get out of sync due to a memory leak caused by interface flaps or route churn | E S | |
| CVE-2022-22210 | Junos OS: QFX5000 Series and MX Series: An l2alm crash leading to an FPC crash can be observed in VxLAN scenario | S | |
| CVE-2022-22211 | Junos OS Evolved: PTX Series: Multiple FPCs become unreachable due to continuous polling of specific SNMP OID | S | |
| CVE-2022-22212 | Junos OS Evolved: A high rate of specific hostbound traffic will cause unexpected hostbound traffic delays or drops | S | |
| CVE-2022-22213 | Junos OS and Junos OS Evolved: Denial of Service (DoS) vulnerability in RPD upon receipt of specific BGP update | S | |
| CVE-2022-22214 | Junos OS and Junos OS Evolved: In an MPLS scenario upon receipt of a specific IPv6 packet an FPC will crash | S | |
| CVE-2022-22215 | Junos OS and Junos OS Evolved: /var/run/ | E S | |
| CVE-2022-22216 | Junos OS: PTX Series and QFX10000 Series: 'Etherleak' memory disclosure in Ethernet padding data | S | |
| CVE-2022-22217 | Junos OS: QFX10K Series: Denial of Service (DoS) upon receipt of crafted MLD packets on multi-homing ESI in VXLAN | S | |
| CVE-2022-22218 | Junos OS: SRX Series: Upon processing of a genuine packet the pkid process will crash during CMPv2 auto-re-enrollment | S | |
| CVE-2022-22219 | Junos OS and Junos OS Evolved: RPD core upon receipt of a specific EVPN route by a BGP route reflector in an EVPN environment | S | |
| CVE-2022-22220 | Junos OS and Junos OS Evolved: Due to a race condition the rpd process can crash upon receipt of a BGP update message containing flow spec route | S | |
| CVE-2022-22221 | Junos OS: SRX and EX Series: Local privilege escalation flaw in "download" functionality | S | |
| CVE-2022-22223 | Junos OS: QFX10000 Series: In IP/MPLS PHP node scenarios upon receipt of certain crafted packets multiple interfaces in LAG configurations may detach. | E S | |
| CVE-2022-22224 | Junos OS and Junos OS Evolved: PPMD goes into infinite loop upon receipt of malformed OSPF TLV | S | |
| CVE-2022-22225 | Junos OS and Junos OS Evolved: In a BGP multipath scenario, when one of the contributing routes is flapping often and rapidly, rpd may crash | S | |
| CVE-2022-22226 | Junos OS: EX4300-MP, EX4600, QFX5000 Series: In VxLAN scenarios specific packets processed cause a memory leak leading to a PFE crash | S | |
| CVE-2022-22227 | Junos OS Evolved: ACX7000 Series: Specific IPv6 transit traffic gets exceptioned to the routing-engine which causes increased CPU utilization | S | |
| CVE-2022-22228 | Junos OS: IPv6 OAM SRv6 network-enabled devices are vulnerable to Denial of Service (DoS) due to RPD memory leak upon receipt of specific a IPv6 packet | S | |
| CVE-2022-22229 | Paragon Active Assurance (Formerly Netrounds): Stored Cross-site Scripting (XSS) vulnerability in web administration | S | |
| CVE-2022-22230 | Junos OS and Junos OS Evolved: RPD crash upon receipt of specific OSPFv3 LSAs | S | |
| CVE-2022-22231 | SRX Series: If UTM Enhanced Content Filtering and AntiVirus are enabled, and specific traffic is processed the PFE will crash | S | |
| CVE-2022-22232 | SRX Series: If Unified Threat Management (UTM) Enhanced Content Filtering (CF) is enabled and specific traffic is processed the PFE will crash | S | |
| CVE-2022-22233 | Junos OS and Junos OS Evolved: In an SR to LDP interworking scenario, with SRMS, when a specific low privileged command is issued on an ABR rpd will crash | S | |
| CVE-2022-22234 | Junos OS: EX2300 and EX3400 Series: One of more SFPs might become unavailable when the system is very busy | S | |
| CVE-2022-22235 | Junos OS: SRX Series: A flowd core will be observed when malformed GPRS traffic is processed | S | |
| CVE-2022-22236 | Junos OS: SRX Series and MX Series: When specific valid SIP packets are received the PFE will crash | S | |
| CVE-2022-22237 | Junos OS: Peers not configured for TCP-AO can establish a BGP or LDP session even if authentication is configured locally | S | |
| CVE-2022-22238 | Junos OS and Junos OS Evolved: The rpd process will crash when a malformed incoming RESV message is processed | S | |
| CVE-2022-22239 | Junos OS Evolved: The ssh CLI command always runs as root which can lead to privilege escalation | S | |
| CVE-2022-22240 | Junos OS and Junos OS Evolved: An rpd memory leak might be observed while running a specific cli command in a RIB sharding scenario | S | |
| CVE-2022-22241 | Junos OS: Vulnerability in J-Web may allow deserialization without authentication | S | |
| CVE-2022-22242 | Junos OS: Cross-site Scripting (XSS) vulnerability in J-Web | S | |
| CVE-2022-22243 | Junos OS: XPath Injection vulnerability in J-Web | S | |
| CVE-2022-22244 | Junos OS: Unauthenticated XPath Injection vulnerability in J-Web | S | |
| CVE-2022-22245 | Junos OS: Path traversal vulnerability in J-Web | S | |
| CVE-2022-22246 | Junos OS: PHP file inclusion vulnerability in J-Web | S | |
| CVE-2022-22247 | Junos OS Evolved: Kernel processing of unvalidated TCP segments could lead to a Denial of Service (DoS) | S | |
| CVE-2022-22248 | Junos OS Evolved: Incorrect file permissions can allow low-privileged user to cause another user to execute arbitrary commands | S | |
| CVE-2022-22249 | Junos OS: MX Series: An FPC crash might be seen due to mac-moves within the same bridge domain | E S | |
| CVE-2022-22250 | Junos OS and Junos OS Evolved: An FPC crash might be seen due to an EVPN MAC entry moving from local to remote | S | |
| CVE-2022-22251 | cSRX Series: Storing Passwords in a Recoverable Format and software permissions issues allows a local attacker to elevate privileges | S | |
| CVE-2022-22252 | The DFX module has a UAF vulnerability.Successful exploitation of this vulnerability may affect syst... | | |
| CVE-2022-22253 | The DFX module has a vulnerability of improper validation of integrity check values.Successful explo... | | |
| CVE-2022-22254 | A permission bypass vulnerability exists when the NFC CAs access the TEE.Successful exploitation of ... | | |
| CVE-2022-22255 | The application framework has a common DoS vulnerability.Successful exploitation of this vulnerabili... | | |
| CVE-2022-22256 | The DFX module has an access control vulnerability.Successful exploitation of this vulnerability may... | | |
| CVE-2022-22257 | The customization framework has a vulnerability of improper permission control.Successful exploitati... | | |
| CVE-2022-22258 | The Wi-Fi module has an event notification vulnerability.Successful exploitation of this vulnerabili... | | |
| CVE-2022-22259 | There is an improper authentication vulnerability in FLMG-10 10.0.1.0(H100SP22C00). Successful explo... | | |
| CVE-2022-22260 | The kernel module has a UAF vulnerability.Successful exploitation of this vulnerability will affect ... | | |
| CVE-2022-22261 | The HiAIserver has a vulnerability in verifying the validity of the weight used in the model.Success... | | |
| CVE-2022-22262 | ASUS Armoury Crate & Aura Creator Installer之ROG Live Service - Improper Link Resolution Before File Access | S | |
| CVE-2022-22263 | Unprotected dynamic receiver in SecSettings prior to SMR Jan-2022 Release 1 allows untrusted applica... | | |
| CVE-2022-22264 | Improper sanitization of incoming intent in Dressroom prior to SMR Jan-2022 Release 1 allows local a... | | |
| CVE-2022-22265 | An improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release ... | KEV | |
| CVE-2022-22266 | (Applicable to China models only) Unprotected WifiEvaluationService in TencentWifiSecurity applicati... | | |
| CVE-2022-22267 | Implicit Intent hijacking vulnerability in ActivityMetricsLogger prior to SMR Jan-2022 Release 1 all... | | |
| CVE-2022-22268 | Incorrect implementation of Knox Guard prior to SMR Jan-2022 Release 1 allows physically proximate a... | | |
| CVE-2022-22269 | Keeping sensitive data in unprotected BluetoothSettingsProvider prior to SMR Jan-2022 Release 1 allo... | | |
| CVE-2022-22270 | An implicit Intent hijacking vulnerability in Dialer prior to SMR Jan-2022 Release 1 allows unprivil... | | |
| CVE-2022-22271 | A missing input validation before memory copy in TIMA trustlet prior to SMR Jan-2022 Release 1 allow... | | |
| CVE-2022-22272 | Improper authorization in TelephonyManager prior to SMR Jan-2022 Release 1 allows attackers to get I... | | |
| CVE-2022-22273 | Improper neutralization of Special Elements leading to OS Command Injection vulnerability impacting ... | S | |
| CVE-2022-22274 | A Stack-based buffer overflow vulnerability in the SonicOS via HTTP request allows a remote unauthen... | | |
| CVE-2022-22275 | Improper Restriction of TCP Communication Channel in HTTP/S inbound traffic from WAN to DMZ bypassin... | | |
| CVE-2022-22276 | A vulnerability in SonicOS SNMP service resulting exposure of sensitive information to an unauthoriz... | | |
| CVE-2022-22277 | A vulnerability in SonicOS SNMP service resulting exposure of Wireless Access Point sensitive inform... | | |
| CVE-2022-22278 | A vulnerability in SonicOS CFS (Content filtering service) returns a large 403 forbidden HTTP respon... | | |
| CVE-2022-22279 | A post-authentication arbitrary file read vulnerability impacting end-of-life Secure Remote Access (... | | |
| CVE-2022-22280 | Improper Neutralization of Special Elements used in an SQL Command leading to Unauthenticated SQL In... | | |
| CVE-2022-22281 | A buffer overflow vulnerability in the SonicWall SSL-VPN NetExtender Windows Client (32 and 64 bit) ... | | |
| CVE-2022-22282 | SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions incorrectly restricts ac... | | |
| CVE-2022-22283 | Improper session management vulnerability in Samsung Health prior to 6.20.1.005 prevents logging out... | | |
| CVE-2022-22284 | Improper authentication vulnerability in Samsung Internet prior to 16.0.2.19 allows attackers to byp... | | |
| CVE-2022-22285 | A vulnerability using PendingIntent in Reminder prior to version 12.2.05.0 in Android R(11.0) and 12... | | |
| CVE-2022-22286 | A vulnerability using PendingIntent in Bixby Routines prior to version 3.1.21.8 in Android R(11.0) a... | | |
| CVE-2022-22287 | Abitrary file access vulnerability in Samsung Email prior to 6.1.60.16 allows attacker to read isola... | | |
| CVE-2022-22288 | Improper authorization vulnerability in Galaxy Store prior to 4.5.36.5 allows remote app installatio... | | |
| CVE-2022-22289 | Improper access control vulnerability in S Assistant prior to version 7.5 allows attacker to remotel... | | |
| CVE-2022-22290 | Incorrect download source UI in Downloads in Samsung Internet prior to 16.0.6.23 allows attackers to... | | |
| CVE-2022-22291 | Logging of excessive data vulnerability in telephony prior to SMR Feb-2022 Release 1 allows privileg... | | |
| CVE-2022-22292 | Unprotected dynamic receiver in Telecom prior to SMR Feb-2022 Release 1 allows untrusted application... | | |
| CVE-2022-22293 | admin/limits.php in Dolibarr 7.0.2 allows HTML injection, as demonstrated by the MAIN_MAX_DECIMALS_T... | E | |
| CVE-2022-22294 | A SQL injection vulnerability exists in ZFAKA<=1.43 which an attacker can use to complete SQL inject... | E | |
| CVE-2022-22295 | Metinfo v7.5.0 was discovered to contain a SQL injection vulnerability in parameter_admin.class.php ... | E | |
| CVE-2022-22296 | Sourcecodester Hospital's Patient Records Management System 1.0 is vulnerable to Insecure Permission... | | |
| CVE-2022-22297 | An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the ... | S | |
| CVE-2022-22298 | A improper neutralization of special elements used in an os command ('os command injection') in Fort... | S | |
| CVE-2022-22299 | A format string vulnerability [CWE-134] in the command line interpreter of FortiADC version 6.0.0 th... | S | |
| CVE-2022-22300 | A improper handling of insufficient permissions or privileges in Fortinet FortiAnalyzer version 5.6.... | | |
| CVE-2022-22301 | An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in Forti... | S | |
| CVE-2022-22302 | A clear text storage of sensitive information (CWE-312) vulnerability in both FortiGate version 6.4.... | S | |
| CVE-2022-22303 | An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497... | S | |
| CVE-2022-22304 | An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiAuthen... | | |
| CVE-2022-22305 | An improper certificate validation vulnerability [CWE-295] in FortiManager 7.0.1 and below, 6.4.6 an... | S | |
| CVE-2022-22306 | An improper certificate validation vulnerability [CWE-295] in FortiOS 6.0.0 through 6.0.14, 6.2.0 th... | | |
| CVE-2022-22307 | IBM Security Guardium privilege escalation | S | |
| CVE-2022-22308 | IBM Planning Analytics 2.0 is vulnerable to a Remote File Include (RFI) attack. User input could be ... | S | |
| CVE-2022-22309 | The POWER systems FSP is vulnerable to unauthenticated logins through the serial port/TTY interface.... | | |
| CVE-2022-22310 | IBM WebSphere Application Server Liberty 21.0.0.10 through 21.0.0.12 could provide weaker than expec... | S | |
| CVE-2022-22311 | IBM Security Verify Access could allow a user, using man in the middle techniques, to obtain sensiti... | S | |
| CVE-2022-22312 | IBM Security Identity Manager (IBM Security Verify Password Synchronization Plug-in for Windows AD 1... | | |
| CVE-2022-22313 | IBM QRadar Data Synchronization App information disclosure | S | |
| CVE-2022-22314 | IBM Planning Analytics Local 2.0 allows web pages to be stored locally which can be read by another ... | S | |
| CVE-2022-22315 | IBM UrbanCode Deploy (UCD) 7.2.2.1 could allow an authenticated user with special permissions to obt... | S | |
| CVE-2022-22316 | IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an authenticated and authorized user to cause a deni... | S | |
| CVE-2022-22317 | IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which c... | S | |
| CVE-2022-22318 | IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which c... | S | |
| CVE-2022-22319 | IBM Robotic Process Automation 21.0.1 could allow a register user on the system to physically delete... | | |
| CVE-2022-22320 | IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users t... | | |
| CVE-2022-22321 | IBM MQ Appliance 9.2 CD and 9.2 LTS local messaging users stored with a password hash that provides ... | S | |
| CVE-2022-22322 | IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability all... | | |
| CVE-2022-22323 | IBM Security Identity Manager (IBM Security Verify Password Synchronization Plug-in for Windows AD 1... | | |
| CVE-2022-22325 | IBM MQ (IBM MQ for HPE NonStop 8.1.0) can inadvertently disclose sensitive information under certain... | S | |
| CVE-2022-22326 | IBM Datapower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.5, and 2018.4.1.0 through 2... | S | |
| CVE-2022-22327 | IBM UrbanCode Deploy (UCD) 7.0.5, 7.1.0, 7.1.1, and 7.1.2 uses weaker than expected cryptographic al... | | |
| CVE-2022-22328 | IBM SterlingPartner Engagement Manager 6.2.0 could allow a malicious user to elevate their privilege... | S | |
| CVE-2022-22329 | IBM Control Desk 7.6.1 does not set the secure attribute on authorization tokens or session cookies.... | | |
| CVE-2022-22330 | IBM Control Desk 7.6.1 could allow a remote attacker to obtain sensitive information, caused by the ... | | |
| CVE-2022-22331 | IBM SterlingPartner Engagement Manager 6.2.0 could allow a remote authenticated attacker to obtain s... | S | |
| CVE-2022-22332 | IBM Sterling Partner Engagement Manager 6.2.0 could allow an attacker to impersonate another user du... | S | |
| CVE-2022-22333 | IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 and IBM Sterling External Authentication Ser... | S | |
| CVE-2022-22334 | IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a user to access information f... | S | |
| CVE-2022-22336 | IBM Sterling External Authentication Server and IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.... | | |
| CVE-2022-22337 | IBM Sterling B2B Integrator Standard Edition information disclosure | | |
| CVE-2022-22338 | IBM Sterling B2B Integrator Standard Edition SQL injection | | |
| CVE-2022-22339 | IBM Planning Analytics 2.0 is vulnerable to server-side request forgery (SSRF). This may allow an au... | S | |
| CVE-2022-22344 | IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to HTTP header injection, c... | | |
| CVE-2022-22345 | IBM QRadar 7.3, 7.4, and 7.5 is vulnerable to cross-site scripting. This vulnerability allows users ... | S | |
| CVE-2022-22346 | IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is vulnerable to cross-site requ... | | |
| CVE-2022-22348 | IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is vulnerable to reverse tabnabb... | | |
| CVE-2022-22349 | IBM Sterling External Authentication Server 3.4.3.2, 6.0.2.0, and 6.0.3.0 is vulnerable to path trav... | S | |
| CVE-2022-22350 | IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerabili... | | |
| CVE-2022-22351 | IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged trusted host user to exploit a vuln... | S | |
| CVE-2022-22352 | IBM Sterling B2B Integrator Standard Edition cross-site scripting | | |
| CVE-2022-22353 | IBM Big SQL on IBM Cloud Pak for Data 7.1.0, 7.1.1, 7.2.0, and 7.2.3 could allow an authenticated us... | | |
| CVE-2022-22354 | IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.2 and IBM Spectrum Copy Data Management 2.2.0.0 th... | | |
| CVE-2022-22355 | IBM MQ Appliance 9.2 CD and 9.2 LTS are vulnerable to a denial of service in the Login component of ... | S | |
| CVE-2022-22356 | IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an attacker to enumerate account credentials due to ... | S | |
| CVE-2022-22358 | IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to an XML Exte... | S | |
| CVE-2022-22359 | IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to cross-site ... | S | |
| CVE-2022-22360 | IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 could allow a remote authent... | S | |
| CVE-2022-22361 | IBM Business Automation Workflow traditional 21.0.1 through 21.0.3, 20.0.0.1 through 20.0.0.2, 19.0.... | S | |
| CVE-2022-22363 | IBM Cognos Controller information disclosure | | |
| CVE-2022-22364 | IBM Cognos Controller security bypass | | |
| CVE-2022-22365 | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, with the Ajax Proxy Web Application (AjaxPr... | S | |
| CVE-2022-22366 | IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 stores user credentials in plain... | S | |
| CVE-2022-22367 | IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 could disclose sensitive databas... | S | |
| CVE-2022-22368 | IBM Spectrum Scale 5.1.0 through 5.1.3.0 uses weaker than expected cryptographic algorithms that cou... | S | |
| CVE-2022-22369 | IBM Workload Scheduler 9.4 and 9.5 could allow a local user to overwrite key system files which woul... | M | |
| CVE-2022-22370 | IBM Security Verify Access 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 is vulnerable to cross-site sc... | S | |
| CVE-2022-22371 | IBM Sterling B2B Integrator Standard Edition session fixation | S | |
| CVE-2022-22373 | An improper validation vulnerability in IBM InfoSphere Information Server 11.7 Pack for SAP Apps and... | S | |
| CVE-2022-22374 | The BMC (IBM Power 9 AC922 OP910, OP920, OP930, and OP940) may be subject to a firmware downgrade at... | | |
| CVE-2022-22375 | IBM Security Verify Privilege command execution | S | |
| CVE-2022-22377 | IBM Security Verify Privilege information disclosure | S | |
| CVE-2022-22380 | IBM Security Verify Privilege improper authentication | S | |
| CVE-2022-22384 | IBM Security Verify Privilege improper input validation | S | |
| CVE-2022-22385 | IBM Security Verify Privilege information disclosure | S | |
| CVE-2022-22386 | IBM Security Verify Privilege information disclosure | S | |
| CVE-2022-22387 | IBM Application Gateway is vulnerable to cross-site scripting. This vulnerability allows users to em... | S | |
| CVE-2022-22389 | IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of ser... | | |
| CVE-2022-22390 | IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an informat... | | |
| CVE-2022-22391 | IBM Aspera High-Speed Transfer 4.3.1 and earlier could allow an authenticated user to obtain informa... | | |
| CVE-2022-22392 | IBM Planning Analytics Local 2.0 could allow an attacker to upload arbitrary executable files which,... | | |
| CVE-2022-22393 | IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.5 , with the adminCenter-1.0 featur... | S | |
| CVE-2022-22394 | The IBM Spectrum Protect 8.1.14.000 server could allow a remote attacker to bypass security restrict... | S | |
| CVE-2022-22396 | Credentials are printed in clear text in the IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.3 vir... | | |
| CVE-2022-22399 | IBM Aspera Faspex HTTP header injection | | |
| CVE-2022-22401 | IBM Aspera Faspex information disclosure | S | |
| CVE-2022-22402 | IBM Aspera Faspex cross-site scripting | S | |
| CVE-2022-22404 | IBM App Connect Enterprise Certified Container Dashboard UI (IBM App Connect Enterprise Certified Co... | S | |
| CVE-2022-22405 | IBM Aspera Faspex information disclosure | S | |
| CVE-2022-22409 | IBM Aspera Faspex information disclosure | S | |
| CVE-2022-22410 | IBM Watson Query with Cloud Pak for Data as a Service could allow an authenticated user to obtain se... | | |
| CVE-2022-22411 | IBM Spectrum Scale Data Access Services (DAS) 5.1.3.1 could allow an authenticated user to insert co... | S | |
| CVE-2022-22412 | IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a user with access to the loca... | | |
| CVE-2022-22413 | IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to SQL injection. A remote a... | | |
| CVE-2022-22414 | IBM Robotic Process Automation 21.0.2 could allow a local user to obtain sensitive web service confi... | S | |
| CVE-2022-22415 | A vulnerability exists where an IBM Robotic Process Automation 21.0.1 regular user is able to obtain... | | |
| CVE-2022-22416 | IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to server-side... | S | |
| CVE-2022-22417 | IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to cross-site ... | S | |
| CVE-2022-22423 | IBM Common Cryptographic Architecture (CCA 5.x MTM for 4767 and CCA 7.x MTM for 4769) could allow a ... | S | |
| CVE-2022-22424 | IBM QRadar SIEM 7.3, 7.4, and 7.5 could allow a local user to obtain sensitive information from the ... | S | |
| CVE-2022-22425 | "IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. A remote attacke... | S | |
| CVE-2022-22426 | IBM Spectrum Copy Data Management Admin 2.2.0.0 through 2.2.15.0 could allow a local attacker to byp... | S | |
| CVE-2022-22427 | IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability all... | | |
| CVE-2022-22433 | IBM Robotic Process Automation 21.0.1 and 21.0.2 is vulnerable to External Service Interaction attac... | S | |
| CVE-2022-22434 | IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a user with physical access to... | S | |
| CVE-2022-22435 | IBM Maximo Asset Management 7.6.1.2 is vulnerable to cross-site scripting. This vulnerability allows... | S | |
| CVE-2022-22436 | IBM Maximo Asset Management 7.6.1.2 is vulnerable to cross-site scripting. This vulnerability allows... | S | |
| CVE-2022-22441 | IBM InfoSphere Information Server 11.7 could allow an authenticated user to view information of high... | | |
| CVE-2022-22442 | "IBM InfoSphere Information Server 11.7 could allow an authenticated user to access information rest... | S | |
| CVE-2022-22443 | IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability all... | | |
| CVE-2022-22444 | IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a local user to exploit a vulnerability in the lpd d... | S | |
| CVE-2022-22445 | An attacker that gains service access to the FSP (POWER9 only) or gains admin authority to a partiti... | | |
| CVE-2022-22447 | IBM Disconnected Log Collector information disclosure | | |
| CVE-2022-22449 | IBM Security Verify Governance, Identity Manager information disclosure | S | |
| CVE-2022-22450 | IBM Security Verify Identity Manager 10.0 could allow a privileged user to upload a malicious file b... | S | |
| CVE-2022-22452 | IBM Security Verify Identity Manager 10.0 uses an inadequate account lockout setting that could allo... | S | |
| CVE-2022-22453 | IBM Security Verify Identity Manager 10.0 uses weaker than expected cryptographic algorithms that co... | S | |
| CVE-2022-22454 | IBM InfoSphere Information Server 11.7 could allow a locally authenticated attacker to execute arbit... | S | |
| CVE-2022-22455 | IBM Security Verify Governance Identity Manager 10.0 virtual appliance component performs an operati... | S | |
| CVE-2022-22456 | IBM Security Verify Governance, Identity Manager cross-site scripting | S | |
| CVE-2022-22457 | IBM Security Verify Governance, Identity Manager information disclosure | S | |
| CVE-2022-22458 | IBM Security Verify Governance, Identity Manager information disclosure | S | |
| CVE-2022-22460 | IBM Security Verify Identity Manager 10.0 contains sensitive information in the source code reposito... | S | |
| CVE-2022-22461 | IBM Security Verify Governance, Identity Manager information disclosure | S | |
| CVE-2022-22462 | IBM Security Verify Governance, Identity Manager virtual appliance component information disclosure | S | |
| CVE-2022-22463 | IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 is vulnerable to SQ... | S | |
| CVE-2022-22464 | IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 uses weaker than ex... | S | |
| CVE-2022-22465 | IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 could allow a local... | S | |
| CVE-2022-22466 | IBM Security Verify Governance information disclosure | | |
| CVE-2022-22470 | IBM Security Verify Governance information disclosure | S | |
| CVE-2022-22472 | IBM Spectrum Protect Plus Container Backup and Restore (10.1.5 through 10.1.10.2 for Kubernetes and ... | | |
| CVE-2022-22473 | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sens... | S | |
| CVE-2022-22474 | IBM Spectrum Protect 8.1.0.0 through 8.1.14.0 dsmcad, dsmc, and dsmcsvc processes incorrectly handle... | S | |
| CVE-2022-22475 | IBM WebSphere Application Server Liberty and Open Liberty 17.0.0.3 through 22.0.0.5 are vulnerable t... | S | |
| CVE-2022-22476 | IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.7 and Open Liberty are vulnerable t... | S | |
| CVE-2022-22477 | IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerabili... | S | |
| CVE-2022-22478 | IBM Spectrum Protect Client 8.1.0.0 through 8.1.14.0 stores user credentials in plain clear text whi... | S | |
| CVE-2022-22479 | IBM Spectrum Copy Data Management 2.2.0.0through 2.2.15.0 is vulnerable to cross-site request forger... | S | |
| CVE-2022-22480 | IBM QRadar SIEM 7.4 and 7.5 data node rebalancing does not function correctly when using encrypted h... | S | |
| CVE-2022-22481 | IBM Navigator for i 7.2, 7.3, and 7.4 (heritage version) could allow a remote attacker to obtain acc... | S | |
| CVE-2022-22482 | IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5 and 6.1.0.0 through 6.1.1.0 cou... | S | |
| CVE-2022-22483 | IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to an information ... | S | |
| CVE-2022-22484 | IBM Spectrum Protect Operations Center 8.1.12 and 8.1.13 could allow a local attacker to obtain sens... | S | |
| CVE-2022-22485 | In some cases, an unsuccessful attempt to log into IBM Spectrum Protect Operations Center 8.1.0.000 ... | S | |
| CVE-2022-22486 | IBM Tivoli Workload Scheduler XML external entity injection | | |
| CVE-2022-22487 | An IBM Spectrum Protect storage agent could allow a remote attacker to perform a brute force attack ... | S | |
| CVE-2022-22488 | IBM OpenBMC denial of service | | |
| CVE-2022-22489 | IBM MQ 8.0, (9.0, 9.1, 9.2 LTS), and (9.1 and 9.2 CD) are vulnerable to an XML External Entity Injec... | S | |
| CVE-2022-22490 | IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a privileged user to obtain se... | S | |
| CVE-2022-22491 | IBM App Connect Enterprise Certified Container denial of service | | |
| CVE-2022-22493 | IBM WebSphere Automation for Cloud Pak for Watson AIOps 1.4.2 is vulnerable to cross-site request fo... | S | |
| CVE-2022-22494 | IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14 could allow a remote attacker to gai... | S | |
| CVE-2022-22495 | IBM i 7.3, 7.4, and 7.5 is vulnerable to SQL injection. A remote attacker could send specially craft... | S | |
| CVE-2022-22496 | While a user account for the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 is being establish... | S | |
| CVE-2022-22497 | IBM Aspera Faspex 4.4.1 and 5.0.0 could allow unauthorized access due to an incorrectly computed sec... | S | |
| CVE-2022-22502 | IBM Robotic Process Automation 21.0.1 and 21.0.2 is vulnerable to cross-site scripting. This vulnera... | | |
| CVE-2022-22503 | IBM Robotic Process Automation 21.0.0 could allow a remote attacker to hijack the clicking action of... | | |
| CVE-2022-22505 | IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 contains a vulnerability that could allow ... | | |
| CVE-2022-22506 | IBM Robotic Process Automation information disclosure | | |
| CVE-2022-22507 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2022-22508 | CODESYS V3: Improper Input Validation | | |
| CVE-2022-22509 | PHOENIX CONTACT: FL SWITCH 2xxx series incorrect privilege assignment | S | |
| CVE-2022-22510 | CODESYS: Null Pointer Dereference in CODESYS PROFINET stack | S | |
| CVE-2022-22511 | WAGO PLCs WBM vulnerable to reflected XSS | S | |
| CVE-2022-22512 | VARTA: Multiple devices prone to hard-coded credentials | | |
| CVE-2022-22513 | Null Pointer Dereference in multiple CODESYS products can lead to a DoS. | | |
| CVE-2022-22514 | Untrusted Pointer Dereference in multiple CODESYS products can lead to a DoS. | | |
| CVE-2022-22515 | A component of the CODESYS Control runtime system allows read and write access to configuration files | | |
| CVE-2022-22516 | CODESYS driver SysDrv3S allows SYSTEM users on Microsoft Windows to read and write in restricted memory space. | | |
| CVE-2022-22517 | Communication Components in multiple CODESYS products vulnerable to communication channel disruption | | |
| CVE-2022-22518 | A bug in the CODESYS V3 CmpUserMgr component fails to correctly apply a security policy. | | |
| CVE-2022-22519 | Special HTTP(s) Requests can cause a buffer-read causing a crash of the webserver and the runtime system. | | |
| CVE-2022-22520 | User enumeration vulnerability in MB connect line and Helmholz products | S | |
| CVE-2022-22521 | Privilege Escalation in Miele Benchmark Programming Tool | E S | |
| CVE-2022-22522 | Hard-coded credentials in Carlo Gavazzi UWP3.0 allows for authentication bypass and full control of the device | | |
| CVE-2022-22523 | Carlo Gavazzi UWP 3.0 WebApp allows for authentication bypass | | |
| CVE-2022-22524 | SQL-injection in Carlo Gavazzi UWP 3.0 allows for full database access | | |
| CVE-2022-22525 | Command injection in restore function of Carlo Gavazzi UWP3.0 allows for command injection | | |
| CVE-2022-22526 | Missing authentication for API in Carlo Gavazzi UWP 3.0 Car Park Server | | |
| CVE-2022-22528 | SAP Adaptive Server Enterprise (ASE) - version 16.0, installation makes an entry in the system PATH ... | | |
| CVE-2022-22529 | SAP Enterprise Threat Detection (ETD) - version 2.0, does not sufficiently encode user-controlled in... | | |
| CVE-2022-22530 | The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, ... | | |
| CVE-2022-22531 | The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, ... | | |
| CVE-2022-22532 | In SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7... | | |
| CVE-2022-22533 | Due to improper error handling in SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7... | | |
| CVE-2022-22534 | Due to insufficient encoding of user input, SAP NetWeaver allows an unauthenticated attacker to inje... | | |
| CVE-2022-22535 | SAP ERP HCM Portugal - versions 600, 604, 608, does not perform necessary authorization checks for a... | | |
| CVE-2022-22536 | SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Con... | KEV | |
| CVE-2022-22537 | When a user opens a manipulated Tagged Image File Format (.tiff, 2d.x3d)) received from untrusted so... | | |
| CVE-2022-22538 | When a user opens a manipulated Adobe Illustrator file format (.ai, ai.x3d) received from untrusted ... | | |
| CVE-2022-22539 | When a user opens a manipulated JPEG file format (.jpg, 2d.x3d) received from untrusted sources in S... | | |
| CVE-2022-22540 | SAP NetWeaver AS ABAP (Workplace Server) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754... | | |
| CVE-2022-22541 | SAP BusinessObjects Business Intelligence Platform - versions 420, 430, may allow legitimate users t... | | |
| CVE-2022-22542 | S/4HANA Supplier Factsheet exposes the private address and bank details of an Employee Business Part... | | |
| CVE-2022-22543 | SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel) - versions KERNEL 7.22... | | |
| CVE-2022-22544 | Solution Manager (Diagnostics Root Cause Analysis Tools) - version 720, allows an administrator to e... | | |
| CVE-2022-22545 | A high privileged user who has access to transaction SM59 can read connection details stored with th... | | |
| CVE-2022-22546 | Due to improper HTML encoding in input control summary, an authorized attacker can execute XSS vulne... | | |
| CVE-2022-22547 | Simple Diagnostics Agent - versions 1.0 (up to version 1.57.), allows an attacker to access informat... | E | |
| CVE-2022-22549 | Dell PowerScale OneFS, 8.2.x-9.3.x, contains a Improper Certificate Validation. A unauthenticated re... | | |
| CVE-2022-22550 | Dell PowerScale OneFS, versions 8.2.2 and above, contain a password disclosure vulnerability. An unp... | S | |
| CVE-2022-22551 | DELL EMC AppSync versions 3.9 to 4.3 use GET request method with sensitive query strings. An Adjacen... | S | |
| CVE-2022-22552 | Dell EMC AppSync versions 3.9 to 4.3 contain a clickjacking vulnerability in AppSync. A remote unaut... | S | |
| CVE-2022-22553 | Dell EMC AppSync versions 3.9 to 4.3 contain an Improper Restriction of Excessive Authentication Att... | S | |
| CVE-2022-22554 | Dell EMC System Update, version 1.9.2 and prior, contain an Unprotected Storage of Credentials vulne... | S | |
| CVE-2022-22555 | Dell EMC PowerStore, contains an OS command injection Vulnerability. A locally authenticated attacke... | | |
| CVE-2022-22556 | Dell PowerStore contains an Uncontrolled Resource Consumption Vulnerability in PowerStore User Inter... | | |
| CVE-2022-22557 | PowerStore contains Plain-Text Password Storage Vulnerability in PowerStore X & T environments runni... | | |
| CVE-2022-22558 | Dell PowerEdge Server BIOS and Dell Precision Workstation 7910 and 7920 Rack BIOS contain an Imprope... | | |
| CVE-2022-22559 | Dell PowerScale OneFS, version 9.3.0, contains a use of a broken or risky cryptographic algorithm. A... | S | |
| CVE-2022-22560 | Dell EMC PowerScale OneFS 8.1.x - 9.1.x contain hard coded credentials. This allows a local user wit... | S | |
| CVE-2022-22561 | Dell PowerScale OneFS, versions 8.2.x-9.3.0.x, contain an improper restriction of excessive authenti... | S | |
| CVE-2022-22562 | Dell PowerScale OneFS, versions 8.2.0-9.3.0, contain a improper handling of missing values exploit. ... | S | |
| CVE-2022-22563 | Dell EMC Powerscale OneFS 8.2.x - 9.2.x omit security-relevant information in /etc/master.passwd. A ... | | |
| CVE-2022-22564 | Dell EMC Unity versions before 5.2.0.0.5.173 , use(es) broken cryptographic algorithm. A remote unau... | | |
| CVE-2022-22565 | Dell PowerScale OneFS, versions 9.0.0-9.3.0, contain an improper authorization of index containing s... | S | |
| CVE-2022-22566 | Select Dell Client Commercial and Consumer platforms contain a pre-boot direct memory access (DMA) v... | | |
| CVE-2022-22567 | Select Dell Client Commercial and Consumer platforms are vulnerable to an insufficient verification ... | | |
| CVE-2022-22570 | A buffer overflow vulnerability found in the UniFi Door Access Reader Lite’s (UA Lite) firmware (Ver... | | |
| CVE-2022-22571 | An authenticated high privileged user can perform a stored XSS attack due to incorrect output encodi... | M | |
| CVE-2022-22572 | A non-admin user with user management permission can escalate his privilege to admin user via passwo... | | |
| CVE-2022-22576 | An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might a... | E | |
| CVE-2022-22577 | An XSS Vulnerability in Action Pack >= 5.2.0 and < 5.2.0 that could allow an attacker to bypass CSP ... | S | |
| CVE-2022-22578 | A logic issue was addressed with improved validation. This issue is fixed in tvOS 15.3, iOS 15.3 and... | | |
| CVE-2022-22579 | An information disclosure issue was addressed with improved state management. This issue is fixed in... | | |
| CVE-2022-22582 | A validation issue existed in the handling of symlinks. This issue was addressed with improved valid... | | |
| CVE-2022-22583 | A permissions issue was addressed with improved validation. This issue is fixed in Security Update 2... | | |
| CVE-2022-22584 | A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.3, ... | | |
| CVE-2022-22585 | An issue existed within the path validation logic for symlinks. This issue was addressed with improv... | | |
| CVE-2022-22586 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in mac... | | |
| CVE-2022-22587 | A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 1... | KEV | |
| CVE-2022-22588 | A resource exhaustion issue was addressed with improved input validation. This issue is fixed in iOS... | | |
| CVE-2022-22589 | A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 15.3 a... | | |
| CVE-2022-22590 | A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.... | | |
| CVE-2022-22591 | A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS ... | | |
| CVE-2022-22592 | A logic issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPad... | | |
| CVE-2022-22593 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 15.3... | | |
| CVE-2022-22594 | A cross-origin issue in the IndexDB API was addressed with improved input validation. This issue is ... | | |
| CVE-2022-22596 | A memory corruption issue was addressed with improved validation. This issue is fixed in watchOS 8.5... | | |
| CVE-2022-22597 | A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Big S... | | |
| CVE-2022-22598 | An issue with app access to camera metadata was addressed with improved logic. This issue is fixed i... | | |
| CVE-2022-22599 | Description: A permissions issue was addressed with improved validation. This issue is fixed in watc... | | |
| CVE-2022-22600 | The issue was addressed with improved permissions logic. This issue is fixed in tvOS 15.4, iOS 15.4 ... | | |
| CVE-2022-22601 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3... | | |
| CVE-2022-22602 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3... | | |
| CVE-2022-22603 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3... | | |
| CVE-2022-22604 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3... | | |
| CVE-2022-22605 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3... | | |
| CVE-2022-22606 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3... | | |
| CVE-2022-22607 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3... | | |
| CVE-2022-22608 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3... | | |
| CVE-2022-22609 | The issue was addressed with additional permissions checks. This issue is fixed in tvOS 15.4, iOS 15... | | |
| CVE-2022-22610 | A memory corruption issue was addressed with improved state management. This issue is fixed in macOS... | | |
| CVE-2022-22611 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 15.4... | | |
| CVE-2022-22612 | A memory consumption issue was addressed with improved memory handling. This issue is fixed in tvOS ... | | |
| CVE-2022-22613 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvO... | | |
| CVE-2022-22614 | A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15... | | |
| CVE-2022-22615 | A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15... | | |
| CVE-2022-22616 | This issue was addressed with improved checks. This issue is fixed in Security Update 2022-003 Catal... | | |
| CVE-2022-22617 | A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.... | | |
| CVE-2022-22618 | This issue was addressed with improved checks. This issue is fixed in watchOS 8.5, iOS 15.4 and iPad... | | |
| CVE-2022-22620 | A use after free issue was addressed with improved memory management. This issue is fixed in macOS M... | KEV | |
| CVE-2022-22621 | This issue was addressed with improved checks. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS... | | |
| CVE-2022-22622 | This issue was addressed with improved checks. This issue is fixed in iOS 15.4 and iPadOS 15.4. A pe... | | |
| CVE-2022-22623 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2022-22624 | A use after free issue was addressed with improved memory management. This issue is fixed in macOS M... | | |
| CVE-2022-22625 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big... | | |
| CVE-2022-22626 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big ... | | |
| CVE-2022-22627 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big ... | | |
| CVE-2022-22628 | A use after free issue was addressed with improved memory management. This issue is fixed in macOS M... | | |
| CVE-2022-22629 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Mo... | | |
| CVE-2022-22630 | A use after free issue was addressed with improved memory management. This issue is fixed in macOS B... | | |
| CVE-2022-22631 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in mac... | | |
| CVE-2022-22632 | A logic issue was addressed with improved state management. This issue is fixed in tvOS 15.4, iOS 15... | | |
| CVE-2022-22633 | A memory corruption issue was addressed with improved state management. This issue is fixed in watch... | | |
| CVE-2022-22634 | A buffer overflow was addressed with improved bounds checking. This issue is fixed in tvOS 15.4, iOS... | | |
| CVE-2022-22635 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvO... | | |
| CVE-2022-22636 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvO... | | |
| CVE-2022-22637 | A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12... | | |
| CVE-2022-22638 | A null pointer dereference was addressed with improved validation. This issue is fixed in tvOS 15.4,... | | |
| CVE-2022-22639 | A logic issue was addressed with improved state management. This issue is fixed in iOS 15.4 and iPad... | | |
| CVE-2022-22640 | A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.4, ... | | |
| CVE-2022-22641 | A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15... | | |
| CVE-2022-22642 | This issue was addressed with improved checks. This issue is fixed in iOS 15.4 and iPadOS 15.4. A us... | | |
| CVE-2022-22643 | This issue was addressed with improved checks. This issue is fixed in iOS 15.4 and iPadOS 15.4, macO... | | |
| CVE-2022-22644 | A privacy issue existed in the handling of Contact cards. This was addressed with improved state man... | | |
| CVE-2022-22645 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-22646 | This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Monterey 12.2... | | |
| CVE-2022-22647 | This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.5, macOS Mo... | | |
| CVE-2022-22648 | This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.5, macOS Mo... | | |
| CVE-2022-22649 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-22650 | This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.5, macOS Mo... | | |
| CVE-2022-22651 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in mac... | | |
| CVE-2022-22652 | The GSMA authentication panel could be presented on the lock screen. The issue was resolved by requi... | | |
| CVE-2022-22653 | A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.4 and iPadOS 1... | | |
| CVE-2022-22654 | A user interface issue was addressed. This issue is fixed in watchOS 8.5, Safari 15.4. Visiting a ma... | | |
| CVE-2022-22655 | An access issue was addressed with improvements to the sandbox. This issue is fixed in macOS Montere... | | |
| CVE-2022-22656 | An authentication issue was addressed with improved state management. This issue is fixed in macOS B... | | |
| CVE-2022-22657 | A memory initialization issue was addressed with improved memory handling. This issue is fixed in Lo... | | |
| CVE-2022-22658 | An input validation issue was addressed with improved input validation. This issue is fixed in iOS 1... | | |
| CVE-2022-22659 | A logic issue was addressed with improved state management. This issue is fixed in iOS 15.4 and iPad... | | |
| CVE-2022-22660 | This issue was addressed with a new entitlement. This issue is fixed in macOS Monterey 12.3. An app ... | | |
| CVE-2022-22661 | A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big ... | | |
| CVE-2022-22662 | A cookie management issue was addressed with improved state management. This issue is fixed in Secur... | | |
| CVE-2022-22663 | This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed i... | | |
| CVE-2022-22664 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Logic Pro ... | | |
| CVE-2022-22665 | A logic issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.3. A ... | | |
| CVE-2022-22666 | A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.4, ... | | |
| CVE-2022-22667 | A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.... | | |
| CVE-2022-22668 | A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.4 and iPadOS 1... | | |
| CVE-2022-22669 | A use after free issue was addressed with improved memory management. This issue is fixed in macOS M... | | |
| CVE-2022-22670 | An access issue was addressed with improved access restrictions. This issue is fixed in tvOS 15.4, i... | | |
| CVE-2022-22671 | An authentication issue was addressed with improved state management. This issue is fixed in iOS 15.... | | |
| CVE-2022-22672 | A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 15... | | |
| CVE-2022-22673 | This issue was addressed with improved checks. This issue is fixed in iOS 15.5 and iPadOS 15.5. Proc... | | |
| CVE-2022-22674 | An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed ... | KEV | |
| CVE-2022-22675 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvO... | KEV | |
| CVE-2022-22676 | An event handler validation issue in the XPC Services API was addressed by removing the service. Thi... | | |
| CVE-2022-22677 | A logic issue in the handling of concurrent media was addressed with improved state handling. This i... | | |
| CVE-2022-22679 | Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in supp... | | |
| CVE-2022-22680 | Exposure of sensitive information to an unauthorized actor vulnerability in Web Server in Synology D... | | |
| CVE-2022-22681 | Session fixation vulnerability in access control management in Synology Photo Station before 6.8.16-... | | |
| CVE-2022-22682 | Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability i... | | |
| CVE-2022-22683 | Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi componen... | | |
| CVE-2022-22684 | Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerabi... | | |
| CVE-2022-22685 | Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in weba... | | |
| CVE-2022-22686 | Cross-Site Request Forgery (CSRF) vulnerability in webapi component in Synology Calendar before 2.3.... | | |
| CVE-2022-22687 | Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in Authenticati... | | |
| CVE-2022-22688 | Improper neutralization of special elements used in a command ('Command Injection') vulnerability in... | | |
| CVE-2022-22689 | CA Harvest Software Change Manager versions 13.0.3, 13.0.4, 14.0.0, and 14.0.1, contain a vulnerabil... | S | |
| CVE-2022-22690 | Umbraco Remote ApplicationURL Overwrite | E M | |
| CVE-2022-22691 | Umbraco Password Reset URL Poison | E M | |
| CVE-2022-22700 | CyberArk Identity versions up to and including 22.1 in the 'StartAuthentication' resource, exposes t... | E | |
| CVE-2022-22701 | PartKeepr versions up to v1.4.0, loads attachments using a URL while creating a part and allows the ... | E | |
| CVE-2022-22702 | PartKeepr versions up to v1.4.0, in the functionality to upload attachments using a URL when creatin... | E | |
| CVE-2022-22703 | In Stormshield SSO Agent 2.x before 2.1.1 and 3.x before 3.0.2, the cleartext user password and PSK ... | | |
| CVE-2022-22704 | The zabbix-agent2 package before 5.4.9-r1 for Alpine Linux sometimes allows privilege escalation to ... | E | |
| CVE-2022-22706 | Arm Mali GPU Kernel Driver allows a non-privileged user to achieve write access to read-only memory ... | KEV | |
| CVE-2022-22707 | In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugi... | E | |
| CVE-2022-22709 | VP9 Video Extensions Remote Code Execution Vulnerability | | |
| CVE-2022-22710 | Windows Common Log File System Driver Denial of Service Vulnerability | | |
| CVE-2022-22711 | Windows BitLocker Information Disclosure Vulnerability | | |
| CVE-2022-22712 | Windows Hyper-V Denial of Service Vulnerability | | |
| CVE-2022-22713 | Windows Hyper-V Denial of Service Vulnerability | S | |
| CVE-2022-22715 | Named Pipe File System Elevation of Privilege Vulnerability | | |
| CVE-2022-22716 | Microsoft Excel Information Disclosure Vulnerability | | |
| CVE-2022-22717 | Windows Print Spooler Elevation of Privilege Vulnerability | | |
| CVE-2022-22718 | Windows Print Spooler Elevation of Privilege Vulnerability | KEV S | |
| CVE-2022-22719 | mod_lua Use of uninitialized value of in r:parsebody | S | |
| CVE-2022-22720 | HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier | S | |
| CVE-2022-22721 | core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody | S | |
| CVE-2022-22722 | A CWE-798: Use of Hard-coded Credentials vulnerability exists that could result in information discl... | | |
| CVE-2022-22723 | A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could lead to a buff... | | |
| CVE-2022-22724 | A CWE-400: Uncontrolled Resource Consumption vulnerability exists that could cause a denial of servi... | S | |
| CVE-2022-22725 | A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could lead to a buff... | | |
| CVE-2022-22726 | A CWE-20: Improper Input Validation vulnerability exists that could allow arbitrary files on the ser... | S | |
| CVE-2022-22727 | A CWE-20: Improper Input Validation vulnerability exists that could allow an unauthenticated attacke... | S | |
| CVE-2022-22728 | libapreq2 multipart form parse memory corruption | | |
| CVE-2022-22729 | CAMS for HIS Server contained in the following Yokogawa Electric products improperly authenticate th... | M | |
| CVE-2022-22730 | Improper authentication in the Intel(R) Edge Insights for Industrial software before version 2.6.1 m... | | |
| CVE-2022-22731 | A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerabili... | S | |
| CVE-2022-22732 | A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause all remote dom... | S | |
| CVE-2022-22733 | Access-Token in ElasticJob UI causes password disclosure | | |
| CVE-2022-22734 | Simple Quotation <= 1.3.2 - Quote Creation/Edition via CSRF to Stored Cross-Site Scripting | E | |
| CVE-2022-22735 | Simple Quotation <= 1.3.2 - Subscriber+ SQL injection | E | |
| CVE-2022-22736 | If Firefox was installed to a world-writable directory, a local privilege escalation could occur whe... | E | |
| CVE-2022-22737 | Constructing audio sinks could have lead to a race condition when playing audio files and closing wi... | E | |
| CVE-2022-22738 | Applying a CSS filter effect could have accessed out of bounds memory. This could have lead to a hea... | E | |
| CVE-2022-22739 | Malicious websites could have tricked users into accepting launching a program to handle an external... | E | |
| CVE-2022-22740 | Certain network request objects were freed too early when releasing a network request handle. This c... | E | |
| CVE-2022-22741 | When resizing a popup while requesting fullscreen access, the popup would have become unable to leav... | | |
| CVE-2022-22742 | When inserting text while in edit mode, some characters might have lead to out-of-bounds memory acce... | | |
| CVE-2022-22743 | When navigating from inside an iframe while requesting fullscreen access, an attacker-controlled tab... | | |
| CVE-2022-22744 | The constructed curl command from the "Copy as curl" feature in DevTools was not properly escaped fo... | | |
| CVE-2022-22745 | Securitypolicyviolation events could have leaked cross-origin information for frame-ancestors violat... | | |
| CVE-2022-22746 | A race condition could have allowed bypassing the fullscreen notification which could have lead to a... | | |
| CVE-2022-22747 | After accepting an untrusted certificate, handling an empty pkcs7 sequence as part of the certificat... | | |
| CVE-2022-22748 | Malicious websites could have confused Firefox into showing the wrong origin when asking to launch a... | E | |
| CVE-2022-22749 | When scanning QR codes, Firefox for Android would have allowed navigation to some URLs that do not p... | E | |
| CVE-2022-22750 | By generally accepting and passing resource handles across processes, a compromised content process ... | E | |
| CVE-2022-22751 | Mozilla developers Calixte Denizet, Kershaw Chang, Christian Holler, Jason Kratzer, Gabriele Svelto,... | | |
| CVE-2022-22752 | Mozilla developers Christian Holler and Jason Kratzer reported memory safety bugs present in Firefox... | | |
| CVE-2022-22753 | A Time-of-Check Time-of-Use bug existed in the Maintenance (Updater) Service that could be abused to... | E | |
| CVE-2022-22754 | If a user installed an extension of a particular type, the extension could have auto-updated itself ... | | |
| CVE-2022-22755 | By using XSL Transforms, a malicious webserver could have served a user an XSL document that would c... | | |
| CVE-2022-22756 | If a user was convinced to drag and drop an image to their desktop or other folder, the resulting ob... | E | |
| CVE-2022-22757 | Remote Agent, used in WebDriver, did not validate the Host or Origin headers. This could have allowe... | | |
| CVE-2022-22758 | When clicking on a tel: link, USSD codes, specified after a \* character, would be incl... | | |
| CVE-2022-22759 | If a document created a sandboxed iframe without allow-scripts, and subsequently append... | | |
| CVE-2022-22760 | When importing resources using Web Workers, error messages would distinguish the difference between ... | | |
| CVE-2022-22761 | Web-accessible extension pages (pages with a moz-extension:// scheme) were not correctly enforcing t... | | |
| CVE-2022-22762 | Under certain circumstances, a JavaScript alert (or prompt) could have been shown while another webs... | | |
| CVE-2022-22763 | When a worker is shutdown, it was possible to cause script to run late in the lifecycle, at a point ... | | |
| CVE-2022-22764 | Mozilla developers Paul Adenot and the Mozilla Fuzzing Team reported memory safety bugs present in F... | | |
| CVE-2022-22765 | BD Viper LT System - Hardcoded Credentials | S | |
| CVE-2022-22766 | BD Pyxis Products - Hardcoded Credentials | M | |
| CVE-2022-22767 | BD Pyxis™ Products – Default Credentials | S | |
| CVE-2022-22769 | TIBCO EBX vulnerabilities | S | |
| CVE-2022-22770 | TIBCO AuditSafe API Authentication vulnerability | S | |
| CVE-2022-22771 | TIBCO JasperReports Library Directory Traversal Vulnerability | S | |
| CVE-2022-22772 | TIBCO Managed File Transfer Platform Server Remote Code Execution Vulnerability | S | |
| CVE-2022-22773 | TIBCO JasperReports Server Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2022-22774 | TIBCO Managed File Transfer Command Center XXE Vulnerability | S | |
| CVE-2022-22775 | TIBCO ActiveMatrix BPM Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2022-22776 | TIBCO BusinessConnect Trading Community Management Stored Cross Site Scripting Vulnerability | S | |
| CVE-2022-22777 | TIBCO BusinessConnect Trading Community Management Reflected Cross Site Scripting Vulnerability | S | |
| CVE-2022-22778 | TIBCO BusinessConnect Trading Community Management Cross-Site Request Forgery Vulnerability | S | |
| CVE-2022-22779 | Retained exploded messages in Keybase clients for macOS and Windows | | |
| CVE-2022-22780 | Zoom Chat Susceptible to Zip Bombing | | |
| CVE-2022-22781 | Update package downgrade in Zoom Client for Meetings for MacOS | | |
| CVE-2022-22782 | Local privilege escalation in Windows Zoom Clients | | |
| CVE-2022-22783 | Process memory exposure in Zoom on-premise Meeting services | | |
| CVE-2022-22784 | Improper XML Parsing in Zoom Client for Meetings | | |
| CVE-2022-22785 | Improperly constrained session cookies in Zoom Client for Meetings | | |
| CVE-2022-22786 | Update package downgrade in Zoom Client for Meetings for Windows | | |
| CVE-2022-22787 | Insufficient hostname validation during Clusterswitch message in Zoom Client for Meetings | | |
| CVE-2022-22788 | DLL injection in Zoom Opener installer for Zoom and Zoom Rooms clients | | |
| CVE-2022-22789 | Charactell - FormStorm Enterprise Account Take Over | S | |
| CVE-2022-22790 | SYNEL - eharmony Directory Traversal | S | |
| CVE-2022-22791 | SYNEL - eharmony Authenticated Blind & Stored XSS | S | |
| CVE-2022-22792 | MobiSoft - MobiPlus User Take Over and Improper Handling of url Parameters | S | |
| CVE-2022-22793 | Cybonet - PineApp Mail Relay Local File Inclusion | S | |
| CVE-2022-22794 | Cybonet - PineApp Mail Relay Unauthenticated Sql Injection | S | |
| CVE-2022-22795 | Signiant - Manager+Agents XML External Entity (XXE) | S | |
| CVE-2022-22796 | Sysaid – Sysaid System Takeover | S | |
| CVE-2022-22797 | Sysaid – sysaid Open Redirect | S | |
| CVE-2022-22798 | Sysaid – Pro Plus Edition, SysAid Help Desk Broken Access Control | S | |
| CVE-2022-22804 | A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulne... | S | |
| CVE-2022-22805 | A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exis... | | |
| CVE-2022-22806 | A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause an unauthen... | | |
| CVE-2022-22807 | A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could caus... | | |
| CVE-2022-22808 | A CWE-352: Cross-Site Request Forgery (CSRF) exists that could cause a remote attacker to gain unaut... | S | |
| CVE-2022-22809 | A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow modifi... | S | |
| CVE-2022-22810 | A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could... | S | |
| CVE-2022-22811 | A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists that could induce users to perform... | S | |
| CVE-2022-22812 | A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulne... | S | |
| CVE-2022-22813 | A CWE-798: Use of Hard-coded Credentials vulnerability exists. If an attacker were to obtain the TLS... | | |
| CVE-2022-22814 | The System Diagnosis service of MyASUS before 3.1.2.0 allows privilege escalation.... | | |
| CVE-2022-22815 | path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path.... | | |
| CVE-2022-22816 | path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImageP... | | |
| CVE-2022-22817 | PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones t... | | |
| CVE-2022-22818 | The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2 do... | E S | |
| CVE-2022-22819 | NXP LPC55S66JBD64, LPC55S66JBD100, LPC55S66JEV98, LPC55S69JBD64, LPC55S69JBD100, and LPC55S69JEV98 m... | E | |
| CVE-2022-22820 | Due to the lack of media file checks before rendering, it was possible for an attacker to cause abno... | | |
| CVE-2022-22821 | NVIDIA NeMo before 1.6.0 contains a vulnerability in ASR WebApp, in which ../ Path Traversal may lea... | S | |
| CVE-2022-22822 | addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.... | S | |
| CVE-2022-22823 | build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.... | S | |
| CVE-2022-22824 | defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.... | S | |
| CVE-2022-22825 | lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.... | S | |
| CVE-2022-22826 | nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.... | S | |
| CVE-2022-22827 | storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.... | | |
| CVE-2022-22828 | An insecure direct object reference for the file-download URL in Synametrics SynaMan before 5.0 allo... | E | |
| CVE-2022-22831 | An issue was discovered in Servisnet Tessa 0.0.2. An attacker can add a new sysadmin user via a mani... | E | |
| CVE-2022-22832 | An issue was discovered in Servisnet Tessa 0.0.2. Authorization data is available via an unauthentic... | E | |
| CVE-2022-22833 | An issue was discovered in Servisnet Tessa 0.0.2. An attacker can obtain sensitive information via a... | E | |
| CVE-2022-22834 | An issue was discovered in OverIT Geocall before 8.0. An authenticated user who has the Test Trasfor... | E | |
| CVE-2022-22835 | An issue was discovered in OverIT Geocall before version 8.0. An authenticated user who has the Test... | E | |
| CVE-2022-22836 | CoreFTP Server before 727 allows directory traversal (for file creation) by an authenticated attacke... | E | |
| CVE-2022-22844 | LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c in certain situations involving... | E M | |
| CVE-2022-22845 | QXIP SIPCAPTURE homer-app before 1.4.28 for HOMER 7.x has the same 167f0db2-f83e-4baa-9736-d56064a5b... | S | |
| CVE-2022-22846 | The dnslib package through 0.9.16 for Python does not verify that the ID value in a DNS reply matche... | S | |
| CVE-2022-22847 | Formpipe Lasernet before 9.13.3 allows file inclusion in Client Web Services (either by an authentic... | | |
| CVE-2022-22850 | A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodtester Hospital's Patient Recor... | E | |
| CVE-2022-22851 | A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodtester Hospital's Patient Recor... | S | |
| CVE-2022-22852 | A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodtester Hospital's Patient Recor... | E | |
| CVE-2022-22853 | A stored cross-site scripting (XSS) vulnerability in Hospital Patient Record Management System v1.0 ... | E | |
| CVE-2022-22854 | An access control issue in hprms/admin/?page=user/list of Hospital Patient Record Management System ... | E | |
| CVE-2022-22868 | Gibbon CMS v22.0.01 was discovered to contain a cross-site scripting (XSS) vulnerability, that allow... | E | |
| CVE-2022-22880 | Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerability via the code parameter in /j... | E | |
| CVE-2022-22881 | Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerability via the code parameter in /s... | E | |
| CVE-2022-22885 | Hutool v5.7.18's HttpRequest was discovered to ignore all TLS/SSL certificate validation.... | E | |
| CVE-2022-22888 | Jerryscript 3.0.0 was discovered to contain a stack overflow via ecma_op_object_find_own in /ecma/op... | E S | |
| CVE-2022-22890 | There is an Assertion 'arguments_type != SCANNER_ARGUMENTS_PRESENT && arguments_type != SCANNER_ARGU... | E S | |
| CVE-2022-22891 | Jerryscript 3.0.0 was discovered to contain a SEGV vulnerability via ecma_ref_object_inline in /jerr... | E S | |
| CVE-2022-22892 | There is an Assertion 'ecma_is_value_undefined (value) || ecma_is_value_null (value) || ecma_is_valu... | E S | |
| CVE-2022-22893 | Jerryscript 3.0.0 was discovered to contain a stack overflow via vm_loop.lto_priv.304 in /jerry-core... | E S | |
| CVE-2022-22894 | Jerryscript 3.0.0 was discovered to contain a stack overflow via ecma_lcache_lookup in /jerry-core/e... | E S | |
| CVE-2022-22895 | Jerryscript 3.0.0 was discovered to contain a heap-buffer-overflow via ecma_utf8_string_to_number_by... | E S | |
| CVE-2022-22897 | A SQL injection vulnerability in the product_all_one_img and image_product parameters of the ApolloT... | E S | |
| CVE-2022-22899 | Core FTP / SFTP Server v2 Build 725 was discovered to allow unauthenticated attackers to cause a Den... | E | |
| CVE-2022-22901 | There is an Assertion in 'context_p->next_scanner_info_p->type == SCANNER_TYPE_FUNCTION' failed at p... | E S | |
| CVE-2022-22908 | SangforCSClient.exe in Sangfor VDI Client 5.4.2.1006 allows attackers, when they are able to read pr... | E | |
| CVE-2022-22909 | HotelDruid v3.0.3 was discovered to contain a remote code execution (RCE) vulnerability which is exp... | E | |
| CVE-2022-22912 | Prototype pollution vulnerability via .parse() in Plist before v3.0.4 allows attackers to cause a De... | E S | |
| CVE-2022-22914 | An incorrect access control issue in the component FileManager of Ovidentia CMS 6.0 allows authentic... | E | |
| CVE-2022-22916 | O2OA v6.4.7 was discovered to contain a remote code execution (RCE) vulnerability via /x_program_cen... | E | |
| CVE-2022-22919 | Adenza AxiomSL ControllerView through 10.8.1 allows redirection for SSO login URLs.... | E | |
| CVE-2022-22922 | TP-Link TL-WA850RE Wi-Fi Range Extender before v6_200923 was discovered to use highly predictable an... | E | |
| CVE-2022-22928 | MCMS v5.2.4 was discovered to have a hardcoded shiro-key, allowing attackers to exploit the key and ... | E | |
| CVE-2022-22929 | MCMS v5.2.4 was discovered to have an arbitrary file upload vulnerability in the New Template module... | E | |
| CVE-2022-22930 | A remote code execution (RCE) vulnerability in the Template Management function of MCMS v5.2.4 allow... | E | |
| CVE-2022-22931 | Path traversal in Apache James 3.6.1 | M | |
| CVE-2022-22932 | Path traversal flaws | M | |
| CVE-2022-22934 | An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Salt Masters do... | | |
| CVE-2022-22935 | An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. A minion authen... | | |
| CVE-2022-22936 | An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Job publishes a... | | |
| CVE-2022-22938 | VMware Workstation (16.x prior to 16.2.2) and Horizon Client for Windows (5.x prior to 5.5.3) contai... | S | |
| CVE-2022-22939 | VMware Cloud Foundation contains an information disclosure vulnerability due to logging of credentia... | | |
| CVE-2022-22941 | An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. When configured... | | |
| CVE-2022-22942 | The vmwgfx driver contains a local privilege escalation vulnerability that allows unprivileged users... | | |
| CVE-2022-22943 | VMware Tools for Windows (11.x.y and 10.x.y prior to 12.0.0) contains an uncontrolled search path vu... | | |
| CVE-2022-22944 | VMware Workspace ONE Boxer contains a stored cross-site scripting (XSS) vulnerability. Due to insuff... | S | |
| CVE-2022-22945 | VMware NSX Edge contains a CLI shell injection vulnerability. A malicious actor with SSH access to a... | S | |
| CVE-2022-22946 | In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable HTTP2 ... | S | |
| CVE-2022-22947 | In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code ... | KEV E S | |
| CVE-2022-22948 | The vCenter Server contains an information disclosure vulnerability due to improper permission of fi... | KEV S | |
| CVE-2022-22950 | n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user... | M | |
| CVE-2022-22951 | VMware Carbon Black App Control (8.5.x prior to 8.5.14, 8.6.x prior to 8.6.6, 8.7.x prior to 8.7.4 a... | S | |
| CVE-2022-22952 | VMware Carbon Black App Control (8.5.x prior to 8.5.14, 8.6.x prior to 8.6.6, 8.7.x prior to 8.7.4 a... | S | |
| CVE-2022-22953 | VMware HCX update addresses an information disclosure vulnerability. A malicious actor with network ... | | |
| CVE-2022-22954 | VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due t... | KEV E | |
| CVE-2022-22955 | VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022... | S | |
| CVE-2022-22956 | VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022... | S | |
| CVE-2022-22957 | VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execut... | S | |
| CVE-2022-22958 | VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execut... | S | |
| CVE-2022-22959 | VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request f... | S | |
| CVE-2022-22960 | VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation... | KEV E S | |
| CVE-2022-22961 | VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclos... | S | |
| CVE-2022-22962 | VMware Horizon Agent for Linux (prior to 22.x) contains a local privilege escalation as a user is ab... | | |
| CVE-2022-22963 | In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing fu... | KEV E S | |
| CVE-2022-22964 | VMware Horizon Agent for Linux (prior to 22.x) contains a local privilege escalation that allows a u... | | |
| CVE-2022-22965 | A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execut... | KEV E S | |
| CVE-2022-22966 | An authenticated, high privileged malicious actor with network access to the VMware Cloud Director t... | S | |
| CVE-2022-22967 | An issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2. PAM auth fails ... | | |
| CVE-2022-22968 | In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the pat... | | |
| CVE-2022-22969 | | S | |
| CVE-2022-22970 | In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications t... | S | |
| CVE-2022-22971 | In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application wi... | S | |
| CVE-2022-22972 | VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypa... | | |
| CVE-2022-22973 | VMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability. A mal... | | |
| CVE-2022-22975 | An issue was discovered in the Pinniped Supervisor with either LADPIdentityProvider or ActiveDirecto... | | |
| CVE-2022-22976 | Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported version... | S | |
| CVE-2022-22977 | VMware Tools for Windows(12.0.0, 11.x.y and 10.x.y) contains an XML External Entity (XXE) vulnerabil... | | |
| CVE-2022-22978 | In spring security versions prior to 5.4.11+, 5.5.7+ , 5.6.4+ and older unsupported versions, RegexR... | | |
| CVE-2022-22979 | In Spring Cloud Function versions prior to 3.2.6, it is possible for a user who directly interacts w... | | |
| CVE-2022-22980 | A Spring Data MongoDB application is vulnerable to SpEL Injection when using @Query or @Aggregation-... | M | |
| CVE-2022-22982 | The vCenter Server contains a server-side request forgery (SSRF) vulnerability. A malicious actor wi... | | |
| CVE-2022-22983 | VMware Workstation (16.x prior to 16.2.4) contains an unprotected storage of credentials vulnerabili... | S | |
| CVE-2022-22984 | Command Injection | E S | |
| CVE-2022-22985 | ICSA-22-062-01 IPCOMM ipDIO | S | |
| CVE-2022-22986 | Netcommunity OG410X and OG810X series (Netcommunity OG410Xa, OG410Xi, OG810Xa, and OG810Xi firmware ... | | |
| CVE-2022-22987 | Advantech ADAM-3600 | M | |
| CVE-2022-22988 | Insecure file and directory permissions on EdgeRover | S | |
| CVE-2022-22989 | Pre-authenticated stack overflow vulnerability on FTP Service | S | |
| CVE-2022-22990 | Limited authentication bypass vulnerability on Western Digital My Cloud devices | S | |
| CVE-2022-22991 | Command injection through unsecured HTTP calls on Western Digital My Cloud devices | S | |
| CVE-2022-22992 | Command Injection Remote Code Execution vulnerability on Western Digital My Cloud devices. | S | |
| CVE-2022-22993 | Limited Server-Side Request Forgery vulnerability on Western Digital My Cloud devices. | S | |
| CVE-2022-22994 | Insufficient Verification of Data Authenticity Remote Code Execution Vulnerability on Western Digital My Cloud devices. | S | |
| CVE-2022-22995 | Western Digital My Cloud OS 5 and My Cloud Home Unauthenticated Arbitrary File Write Vulnerability in Netatalk | S | |
| CVE-2022-22996 | SanDisk Professional G-RAID 4/8 Software Utility, Privilege Escalation | S | |
| CVE-2022-22997 | Command Injection Vulnerability on My Cloud Home | S | |
| CVE-2022-22998 | Protecting AWS credentials stored in plaintext on My Cloud Home | S | |
| CVE-2022-22999 | Cross-site Scripting Vulnerability in USB Backups App | S |