CVE-2022-23xxx

There are 793 CVE in this subgroup.
Last updated: 
← Back to 2022
ID Summary Flags Max Score
CVE-2022-23000 Weak Default SSL use in Port Forwarding Service
S
CVE-2022-23001 Sweet-B Library: Point compress/decompress using the wrong bit for sign
S
CVE-2022-23002 Point Compression/Decompression of NIST P-256 points with X coordinate of zero
S
CVE-2022-23003 Shared secret or Point multiplication of NIST P-256 points with X coordinate of zero
S
CVE-2022-23004 Algorithm incorrectly returning error and Invalid unreduced value written to output buffer
S
CVE-2022-23005 Host Boot ROM Code Vulnerability in Systems Implementing UFS Boot Feature
E
CVE-2022-23006 Buffer Overflow Vulnerability in Western Digital My Cloud Home Products and SanDisk ibi
S
CVE-2022-23008 On NGINX Controller API Management versions 3.18.0-3.19.0, an authenticated attacker with access to ...
CVE-2022-23009 On BIG-IQ Centralized Management 8.x before 8.1.0, an authenticated administrative role user on a BI...
M
CVE-2022-23010 On BIG-IP versions 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.4, and all versi...
CVE-2022-23011 On certain hardware BIG-IP platforms, in version 15.1.x before 15.1.4 and 14.1.x before 14.1.3, virt...
M
CVE-2022-23012 On BIG-IP versions 15.1.x before 15.1.4.1 and 14.1.x before 14.1.4.5, when the HTTP/2 profile is con...
CVE-2022-23013 On BIG-IP DNS & GTM version 16.x before 16.1.0, 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, and al...
CVE-2022-23014 On versions 16.1.x before 16.1.2 and 15.1.x before 15.1.4.1, when BIG-IP APM portal access is config...
CVE-2022-23015 On BIG-IP versions 16.x before 16.1.0, 15.1.x before 15.1.4.1, and 14.1.2.6-14.1.4.4, when a Client ...
CVE-2022-23016 On versions 16.1.x before 16.1.2 and 15.1.x before 15.1.4.1, when BIG-IP SSL Forward Proxy with TLS ...
CVE-2022-23017 On BIG-IP version 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.5, and all versio...
CVE-2022-23018 On BIG-IP AFM version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.5, and 13.1...
CVE-2022-23019 On BIG-IP version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.4, and all vers...
CVE-2022-23020 On BIG-IP version 16.1.x before 16.1.2, when the 'Respond on Error' setting is enabled on the Reques...
CVE-2022-23021 On BIG-IP version 16.1.x before 16.1.2, when any of the following configurations are configured on a...
CVE-2022-23022 On BIG-IP version 16.1.x before 16.1.2, when an HTTP profile is configured on a virtual server, undi...
CVE-2022-23023 On BIG-IP version 16.1.x before 16.1.2.1, 15.1.x before 15.1.5, 14.1.x before 14.1.4.5, and all vers...
M
CVE-2022-23024 On BIG-IP AFM version 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.2, and all ve...
CVE-2022-23025 On BIG-IP version 16.1.x before 16.1.1, 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, and all versio...
CVE-2022-23026 On BIG-IP ASM & Advanced WAF version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before 14....
CVE-2022-23027 On BIG-IP versions 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, 13.1.x beginning in 13.1.3.6, 12.1....
CVE-2022-23028 On BIG-IP AFM version 16.x before 16.1.0, 15.1.x before 15.1.5, 14.1.x before 14.1.4.5, and all vers...
M
CVE-2022-23029 On BIG-IP version 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.4, and all versio...
M
CVE-2022-23030 On version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.5, and all versions of...
M
CVE-2022-23031 On BIG-IP FPS, ASM, and Advanced WAF versions 16.1.x before 16.1.1, 15.1.x before 15.1.4, and 14.1.x...
M
CVE-2022-23032 In all versions before 7.2.1.4, when proxy settings are configured in the network access resource of...
CVE-2022-23033 arm: guest_physmap_remove_page not removing the p2m mappings The functions to remove one or more ent...
S
CVE-2022-23034 A PV guest could DoS Xen while unmapping a grant To address XSA-380, reference counting was introduc...
S
CVE-2022-23035 Insufficient cleanup of passed-through device IRQs The management of IRQs associated with physical d...
S
CVE-2022-23036 Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to ...
CVE-2022-23037 Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to ...
CVE-2022-23038 Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to ...
CVE-2022-23039 Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to ...
CVE-2022-23040 Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to ...
CVE-2022-23041 Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to ...
CVE-2022-23042 Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to ...
CVE-2022-23043 Zenario CMS 9.2 allows an authenticated admin user to bypass the file upload restriction by creating...
E S
CVE-2022-23044 Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to persuade users to perfo...
E
CVE-2022-23045 PhpIPAM v1.4.4 allows an authenticated admin user to inject persistent JavaScript code inside the "S...
E
CVE-2022-23046 PhpIPAM v1.4.4 allows an authenticated admin user to inject SQL sentences in the "subnet" parameter ...
E
CVE-2022-23047 Exponent CMS 2.6.0patch2 allows an authenticated admin user to inject persistent JavaScript code ins...
E
CVE-2022-23048 Exponent CMS 2.6.0patch2 allows an authenticated admin user to upload a malicious extension in the f...
E
CVE-2022-23049 Exponent CMS 2.6.0patch2 allows an authenticated user to inject persistent JavaScript code on the "U...
E
CVE-2022-23050 ManageEngine AppManager15 (Build No:15510) allows an authenticated admin user to upload a DLL file t...
E
CVE-2022-23051 PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code while...
E
CVE-2022-23052 PeteReport Version 0.5 contains a Cross Site Request Forgery (CSRF) vulnerability allowing an attack...
E
CVE-2022-23053 Openmct XSS via the “Condition Widget”
S
CVE-2022-23054 Openmct XSS via the “Summary Widget”
S
CVE-2022-23055 ERPNext - Improper user access conrol
E S
CVE-2022-23056 ERPNext - Stored XSS leads to account takover
E S
CVE-2022-23057 ERPNext - Stored XSS in My Profile
E S
CVE-2022-23058 ERPNext - Stored XSS in My Settings
E S
CVE-2022-23059 Shopizer - Stored XSS in Manage Images
E S
CVE-2022-23060 Shopizer - Stored XSS in Manage Files
E S
CVE-2022-23061 Shopizer - IDOR delete superadmin
E S
CVE-2022-23063 Shopizer - Insufficient Session Expiration
E
CVE-2022-23064 Snipe-IT - Host Header Injection
E S
CVE-2022-23065 Vendure - XSS via SVG File Upload
E S
CVE-2022-23066 Solana rBPF - Incorrect Calculation in sdiv instruction
E S
CVE-2022-23067 ToolJet - Token Leakage via Referer Header
E S
CVE-2022-23068 ToolJet - HTML Injection in Invite New User
E S
CVE-2022-23071 Recipes - SSRF on Import
E S
CVE-2022-23072 Recipes - Stored XSS in Add to Cart
E S
CVE-2022-23073 Recipes - Stored XSS in Clipboard
E S
CVE-2022-23074 Recipes - Stored XSS in Name Parameter
E S
CVE-2022-23077 Habitica - DOM XSS in login page
E S
CVE-2022-23078 Habitica - Open redirect in login page
E S
CVE-2022-23079 motoradmin - host header Injection in the reset password functionality
E S
CVE-2022-23080 directus - SSRF which leads to internal port scan
E S
CVE-2022-23081 Openlibrary - Reflected XSS
E S
CVE-2022-23082 CureKit - Path Traversal in isFileOutsideDir
S
CVE-2022-23083 NetMaster 12.2 Network Management for TCP/IP and NetMaster File Transfer Management contain a XSS (C...
CVE-2022-23084 Potential jail escape vulnerabilities in netmap
CVE-2022-23085 Potential jail escape vulnerabilities in netmap
CVE-2022-23086 mpr/mps/mpt driver ioctl heap out-of-bounds write
CVE-2022-23087 Bhyve e82545 device emulation out-of-bounds write
CVE-2022-23088 802.11 heap buffer overflow
CVE-2022-23089 Out of bound read in elf_note_prpsinfo()
CVE-2022-23090 AIO credential reference count leak
CVE-2022-23091 Memory disclosure by stale virtual memory mapping
CVE-2022-23092 Missing bounds check in 9p message handling
CVE-2022-23093 Stack overflow in ping(8)
CVE-2022-23094 Libreswan 4.2 through 4.5 allows remote attackers to cause a denial of service (NULL pointer derefer...
E
CVE-2022-23095 Open Design Alliance Drawings SDK before 2022.12.1 mishandles the loading of JPG files. Unchecked in...
CVE-2022-23096 An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementatio...
E
CVE-2022-23097 An issue was discovered in the DNS proxy in Connman through 1.40. forward_dns_reply mishandles a str...
E
CVE-2022-23098 An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementatio...
E
CVE-2022-23099 OX App Suite through 7.10.6 allows XSS by forcing block-wise read....
E
CVE-2022-23100 OX App Suite through 7.10.6 allows OS Command Injection via Documentconverter (e.g., through an emai...
E
CVE-2022-23101 OX App Suite through 7.10.6 allows XSS via appHandler in a deep link in an e-mail message....
E
CVE-2022-23102 A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0). Affected ...
E S
CVE-2022-23103 A stack-based buffer overflow vulnerability exists in the confsrv confctl_set_app_language functiona...
E
CVE-2022-23104 WIN-911 2021 Incorrect Default Permissions
S
CVE-2022-23105 Jenkins Active Directory Plugin 2.25 and earlier does not encrypt the transmission of data between t...
CVE-2022-23106 Jenkins Configuration as Code Plugin 1.55 and earlier used a non-constant time comparison function w...
CVE-2022-23107 Jenkins Warnings Next Generation Plugin 9.10.2 and earlier does not restrict the name of a file when...
CVE-2022-23108 Jenkins Badge Plugin 1.9 and earlier does not escape the description and does not check for allowed ...
CVE-2022-23109 Jenkins HashiCorp Vault Plugin 3.7.0 and earlier does not mask Vault credentials in Pipeline build l...
CVE-2022-23110 Jenkins Publish Over SSH Plugin 1.22 and earlier does not escape the SSH server name, resulting in a...
CVE-2022-23111 A cross-site request forgery (CSRF) vulnerability in Jenkins Publish Over SSH Plugin 1.22 and earlie...
CVE-2022-23112 A missing permission check in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers with...
CVE-2022-23113 Jenkins Publish Over SSH Plugin 1.22 and earlier performs a validation of the file name specifying w...
CVE-2022-23114 Jenkins Publish Over SSH Plugin 1.22 and earlier stores password unencrypted in its global configura...
CVE-2022-23115 Cross-site request forgery (CSRF) vulnerabilities in Jenkins batch task Plugin 1.19 and earlier allo...
CVE-2022-23116 Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able ...
CVE-2022-23117 Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able ...
CVE-2022-23118 Jenkins Debian Package Builder Plugin 1.6.11 and earlier implements functionality that allows agents...
CVE-2022-23119 A directory traversal vulnerability in Trend Micro Deep Security and Cloud One - Workload Security A...
E S
CVE-2022-23120 A code injection vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent ...
E S
CVE-2022-23121 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ne...
CVE-2022-23122 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ne...
CVE-2022-23123 This vulnerability allows remote attackers to disclose sensitive information on affected installatio...
CVE-2022-23124 This vulnerability allows remote attackers to disclose sensitive information on affected installatio...
CVE-2022-23125 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ne...
CVE-2022-23126 TeslaMate before 1.25.1 (when using the default Docker configuration) allows attackers to open doors...
S
CVE-2022-23127 Cross-site Scripting vulnerability in Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) a...
M
CVE-2022-23128 Incomplete List of Disallowed Inputs vulnerability in Mitsubishi Electric MC Works64 versions 4.00A ...
M
CVE-2022-23129 Plaintext Storage of a Password vulnerability in Mitsubishi Electric MC Works64 versions 4.04E (10.9...
M
CVE-2022-23130 Buffer Over-read vulnerability in Mitsubishi Electric MC Works64 versions 4.00A (10.95.201.23) to 4....
M
CVE-2022-23131 Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML
KEV S
CVE-2022-23132 Incorrect permissions of [/var/run/zabbix] forces dac_override
S
CVE-2022-23133 Stored XSS in host groups configuration window in Zabbix Frontend
S
CVE-2022-23134 Possible view of the setup pages by unauthenticated users if config file already exists
KEV S
CVE-2022-23135 There is a directory traversal vulnerability in some home gateway products of ZTE. Due to the lack o...
CVE-2022-23136 There is a stored XSS vulnerability in ZTE home gateway product. An attacker could modify the gatewa...
CVE-2022-23137 ZTE's ZXCDN product has a reflective XSS vulnerability. The attacker could modify the parameters in ...
CVE-2022-23138 ZTE's MF297D product has cryptographic issues vulnerability. Due to the use of weak random values, t...
CVE-2022-23139 ZTE's ZXMP M721 product has a permission and access control vulnerability. Since the folder permissi...
CVE-2022-23141 ZXMP M721 has an information leak vulnerability. Since the serial port authentication on the ZBOOT i...
CVE-2022-23142 ZXEN CG200 has a DoS vulnerability. An attacker could construct and send a large number of HTTP GET ...
CVE-2022-23143 ZTE OTCP product is impacted by a permission and access control vulnerability. Due to improper permi...
CVE-2022-23144 There is a broken access control vulnerability in ZTE ZXvSTB product. Due to improper permission con...
CVE-2022-23155 Dell Wyse Management Suite versions 2.0 through 3.5.2 contain an unrestricted file upload vulnerabil...
S
CVE-2022-23156 Wyse Device Agent version 14.6.1.4 and below contain an Improper Authentication vulnerability. A mal...
CVE-2022-23157 Wyse Device Agent version 14.6.1.4 and below contain a sensitive data exposure vulnerability. A auth...
CVE-2022-23158 Wyse Device Agent version 14.6.1.4 and below contain a sensitive data exposure vulnerability. A loca...
CVE-2022-23159 Dell PowerScale OneFS, 8.2.2 - 9.3.0.x, contain a missing release of memory after effective lifetime...
S
CVE-2022-23160 Dell PowerScale OneFS, versions 8.2.0-9.3.0, contains an Improper Handling of Insufficient Permissio...
S
CVE-2022-23161 Dell PowerScale OneFS versions 8.2.x - 9.3.0.x contain a denial-of-service vulnerability in SmartCon...
S
CVE-2022-23162 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse...
R
CVE-2022-23163 Dell PowerScale OneFS, 8.2,x, 9.1.0.x, 9.2.1.x, and 9.3.0.x contain a denial of service vulnerabilit...
S
CVE-2022-23164 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse...
R
CVE-2022-23165 Sysaid – Sysaid 14.2.0 Reflected Cross-Site Scripting (XSS)
S
CVE-2022-23166 Sysaid – Sysaid Local File Inclusion (LFI)
S
CVE-2022-23167 Amodat - Mobile Application Gateway Local File Inclusion (LFI)
S
CVE-2022-23168 Amodat - Mobile Application Gateway SQL Injection (SQLi)
S
CVE-2022-23169 Amodat - Mobile Application Gateway SQL Injection (SQLi)
S
CVE-2022-23170 SysAid - Okta SSO integration
S
CVE-2022-23171 AtlasVPN - Privilege Escalation
S
CVE-2022-23172 Priority - Priority User Enumeration
S
CVE-2022-23173 Priority - Priority web Insecure direct object references (IDOR)
S
CVE-2022-23176 WatchGuard Firebox and XTM appliances allow a remote attacker with unprivileged credentials to acces...
KEV
CVE-2022-23178 An issue was discovered on Crestron HD-MD4X2-4K-E 1.0.0.2159 devices. When the administrative web in...
E
CVE-2022-23179 Contact Form & Lead Form Elementor Builder < 1.7.0 - Multiple Admin+ Stored Cross-Site Scripting
E
CVE-2022-23180 Contact Form & Lead Form Elementor Builder Plugin < 1.7.4 - Multiple Subscriber+ Settings Update
E S
CVE-2022-23181 Local privilege escalation with FileStore
S
CVE-2022-23182 Improper access control in the Intel(R) Data Center Manager software before version 4.1 may allow an...
CVE-2022-23183 Missing authorization vulnerability in Advanced Custom Fields versions prior to 5.12.1 and Advanced ...
CVE-2022-23184 In affected Octopus Server versions when the server HTTP and HTTPS bindings are configured to localh...
M
CVE-2022-23186 Adobe Illustrator Out-of-bounds Write could lead to Arbitrary code execution
S
CVE-2022-23187 Adobe Illustrator 2022 Buffer Overflow could lead to Arbitrary code execution
CVE-2022-23188 Adobe Illustrator Buffer Overflow could lead to Arbitrary code execution
S
CVE-2022-23189 Adobe Illustrator NULL Pointer Dereference Application denial-of-service
S
CVE-2022-23190 Adobe Illustrator Out-of-bounds Read could lead to Memory leak
S
CVE-2022-23191 Adobe Illustrator Out-of-bounds Read could lead to Memory leak
S
CVE-2022-23192 Adobe Illustrator Out-of-bounds Read could lead to Memory leak
S
CVE-2022-23193 Adobe Illustrator Out-of-bounds Read could lead to Memory leak
S
CVE-2022-23194 Adobe Illustrator Out-of-bounds Read could lead to Memory leak
S
CVE-2022-23195 Adobe Illustrator Out-of-bounds Read could lead to Memory leak
S
CVE-2022-23196 Adobe Illustrator Out-of-bounds Read could lead to Memory leak
S
CVE-2022-23197 Adobe Illustrator Out-of-bounds Read could lead to Memory leak
S
CVE-2022-23198 Adobe Illustrator NULL Pointer Dereference Application denial-of-service
S
CVE-2022-23199 Adobe Illustrator NULL Pointer Dereference Application denial-of-service
S
CVE-2022-23200 Adobe After Effects 3GP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
S
CVE-2022-23201 Adobe RoboHelp Reflected XSS could lead to Arbitrary code execution
S
CVE-2022-23202 Adobe Creative Cloud Desktop Uncontrolled Search Path Element Arbitrary code execution
S
CVE-2022-23203 Adobe Photoshop Buffer Overflow could lead to Arbitrary code execution
CVE-2022-23204 Adobe Premiere Rush JPEG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
S
CVE-2022-23205 Adobe Photoshop Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2022-23206 Server-Side Request Forgery in Traffic Ops endpoint POST /user/login/oauth
M
CVE-2022-23218 The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka ...
E S
CVE-2022-23219 The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka gli...
E S
CVE-2022-23220 USBView 2.1 before 2.2 allows some local users (e.g., ones logged in via SSH) to execute arbitrary c...
E S
CVE-2022-23221 H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC U...
E S
CVE-2022-23222 kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local users to gain privileges beca...
E S
CVE-2022-23223 Apache ShenYu Password leakage
E S
CVE-2022-23227 NUUO NVRmini2 through 3.11 allows an unauthenticated attacker to upload an encrypted TAR archive, wh...
KEV E
CVE-2022-23228 Pexip Infinity before 27.0 has improper WebRTC input validation. An unauthenticated remote attacker ...
CVE-2022-23232 StorageGRID (formerly StorageGRID Webscale) versions prior to 11.6.0 are susceptible to a vulnerabil...
CVE-2022-23233 StorageGRID (formerly StorageGRID Webscale) versions prior to 11.6.0 are susceptible to a vulnerabil...
CVE-2022-23234 SnapCenter versions prior to 4.5 are susceptible to a vulnerability which could allow a local authen...
CVE-2022-23235 Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.10P1 ...
S
CVE-2022-23236 E-Series SANtricity OS Controller Software versions 11.40 through 11.70.2 store the LDAP BIND passwo...
CVE-2022-23237 E-Series SANtricity OS Controller Software 11.x versions through 11.70.2 are vulnerable to host head...
CVE-2022-23238 Linux deployments of StorageGRID (formerly StorageGRID Webscale) versions 11.6.0 through 11.6.0.2 de...
S
CVE-2022-23239 Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.11P1 ...
CVE-2022-23240 Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.11P1 ...
S
CVE-2022-23241 Clustered Data ONTAP versions 9.11.1 through 9.11.1P2 with SnapLock configured FlexGroups are suscep...
CVE-2022-23242 TeamViewer Linux - Deletion command not properly executed after process crash
S
CVE-2022-23252 Microsoft Office Information Disclosure Vulnerability
CVE-2022-23253 Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability
CVE-2022-23254 Microsoft Power BI Information Disclosure Vulnerability
CVE-2022-23255 Microsoft OneDrive for Android Security Feature Bypass Vulnerability
CVE-2022-23256 Azure Data Explorer Spoofing Vulnerability
S
CVE-2022-23257 Windows Hyper-V Remote Code Execution Vulnerability
CVE-2022-23258 Microsoft Edge for Android Spoofing Vulnerability
CVE-2022-23259 Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability
CVE-2022-23261 Microsoft Edge (Chromium-based) Tampering Vulnerability
CVE-2022-23262 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVE-2022-23263 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVE-2022-23264 Microsoft Edge (Chromium-based) Spoofing Vulnerability
S
CVE-2022-23265 Microsoft Defender for IoT Remote Code Execution Vulnerability
CVE-2022-23266 Microsoft Defender for IoT Elevation of Privilege Vulnerability
CVE-2022-23267 .NET and Visual Studio Denial of Service Vulnerability
S
CVE-2022-23268 Windows Hyper-V Denial of Service Vulnerability
CVE-2022-23269 Microsoft Dynamics GP Spoofing Vulnerability
S
CVE-2022-23270 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
S
CVE-2022-23271 Microsoft Dynamics GP Elevation Of Privilege Vulnerability
CVE-2022-23272 Microsoft Dynamics GP Elevation Of Privilege Vulnerability
CVE-2022-23273 Microsoft Dynamics GP Elevation Of Privilege Vulnerability
CVE-2022-23274 Microsoft Dynamics GP Remote Code Execution Vulnerability
CVE-2022-23276 SQL Server for Linux Containers Elevation of Privilege Vulnerability
CVE-2022-23277 Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2022-23278 Microsoft Defender for Endpoint Spoofing Vulnerability
CVE-2022-23279 Windows ALPC Elevation of Privilege Vulnerability
S
CVE-2022-23280 Microsoft Outlook for Mac Security Feature Bypass Vulnerability
CVE-2022-23281 Windows Common Log File System Driver Information Disclosure Vulnerability
CVE-2022-23282 Paint 3D Remote Code Execution Vulnerability
CVE-2022-23283 Windows ALPC Elevation of Privilege Vulnerability
CVE-2022-23284 Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2022-23285 Remote Desktop Client Remote Code Execution Vulnerability
CVE-2022-23286 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
CVE-2022-23287 Windows ALPC Elevation of Privilege Vulnerability
CVE-2022-23288 Windows DWM Core Library Elevation of Privilege Vulnerability
CVE-2022-23290 Windows Inking COM Elevation of Privilege Vulnerability
CVE-2022-23291 Windows DWM Core Library Elevation of Privilege Vulnerability
CVE-2022-23292 Microsoft Power BI Spoofing Vulnerability
CVE-2022-23293 Windows Fast FAT File System Driver Elevation of Privilege Vulnerability
CVE-2022-23294 Windows Event Tracing Remote Code Execution Vulnerability
CVE-2022-23295 Raw Image Extension Remote Code Execution Vulnerability
CVE-2022-23296 Windows Installer Elevation of Privilege Vulnerability
CVE-2022-23297 Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability
CVE-2022-23298 Windows NT OS Kernel Elevation of Privilege Vulnerability
CVE-2022-23299 Windows PDEV Elevation of Privilege Vulnerability
CVE-2022-23300 Raw Image Extension Remote Code Execution Vulnerability
CVE-2022-23301 HEVC Video Extensions Remote Code Execution Vulnerability
CVE-2022-23302 Deserialization of untrusted data in JMSSink in Apache Log4j 1.x
S
CVE-2022-23303 The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to s...
S
CVE-2022-23304 The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable ...
S
CVE-2022-23305 SQL injection in JDBC Appender in Apache Log4j V1
S
CVE-2022-23307 A deserialization flaw in the Chainsaw component of Log4j 1 can lead to malicious code execution.
S
CVE-2022-23308 valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes....
S
CVE-2022-23312 A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP9 Security Patch 1)....
CVE-2022-23314 MCMS v5.2.4 was discovered to contain a SQL injection vulnerability via /ms/mdiy/model/importJson.do...
E
CVE-2022-23315 MCMS v5.2.4 was discovered to contain an arbitrary file upload vulnerability via the component /ms/t...
E
CVE-2022-23316 An issue was discovered in taoCMS v3.0.2. There is an arbitrary file read vulnerability that can rea...
E
CVE-2022-23317 CobaltStrike <=4.5 HTTP(S) listener does not determine whether the request URL begins with "/", and ...
E
CVE-2022-23318 A heap-buffer-overflow in pcf2bdf, versions >= 1.05 allows an attacker to trigger unsafe memory acce...
E S
CVE-2022-23319 A segmentation fault during PCF file parsing in pcf2bdf versions >=1.05 allows an attacker to trigge...
E S
CVE-2022-23320 XMPie uStore 12.3.7244.0 allows for administrators to generate reports based on raw SQL queries. Sin...
E
CVE-2022-23321 A persistent cross-site scripting (XSS) vulnerability exists on two input fields within the administ...
E
CVE-2022-23327 A design flaw in Go-Ethereum 1.10.12 and older versions allows an attacker node to send 5120 future ...
E M
CVE-2022-23328 A design flaw in all versions of Go-Ethereum allows an attacker node to send 5120 pending transactio...
E M
CVE-2022-23329 A vulnerability in ${"freemarker.template.utility.Execute"?new() of UJCMS Jspxcms v10.2.0 allows att...
E
CVE-2022-23330 A remote code execution (RCE) vulnerability in HelloWorldAddonController.java of jpress v4.2.0 allow...
E
CVE-2022-23331 In DataEase v1.6.1, an authenticated user can gain unauthorized access to all user information and c...
E
CVE-2022-23332 Command injection vulnerability in Manual Ping Form (Web UI) in Shenzhen Ejoin Information Technolog...
E
CVE-2022-23334 The Robot application in Ip-label Newtest before v8.5R0 was discovered to use weak signature checks ...
CVE-2022-23335 Metinfo v7.5.0 was discovered to contain a SQL injection vulnerability in language_general.class.php...
E
CVE-2022-23336 S-CMS v5.0 was discovered to contain a SQL injection vulnerability in member_pay.php via the O_id pa...
E
CVE-2022-23337 DedeCMS v5.7.87 was discovered to contain a SQL injection vulnerability in article_coonepage_rule.ph...
E
CVE-2022-23340 Joplin 2.6.10 allows remote attackers to execute system commands through malicious code in user sear...
CVE-2022-23342 The Hyland Onbase Application Server releases prior to 20.3.58.1000 and OnBase releases 21.1.1.1000 ...
E
CVE-2022-23345 BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control....
E
CVE-2022-23346 BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control issues....
E
CVE-2022-23347 BigAnt Software BigAnt Server v5.6.06 was discovered to be vulnerable to directory traversal attacks...
E
CVE-2022-23348 BigAnt Software BigAnt Server v5.6.06 was discovered to utilize weak password hashes....
E
CVE-2022-23349 BigAnt Software BigAnt Server v5.6.06 was discovered to contain a Cross-Site Request Forgery (CSRF)....
E
CVE-2022-23350 BigAnt Software BigAnt Server v5.6.06 was discovered to contain a cross-site scripting (XSS) vulnera...
E
CVE-2022-23352 An issue in BigAnt Software BigAnt Server v5.6.06 can lead to a Denial of Service (DoS)....
E
CVE-2022-23357 mozilo2.0 was discovered to be vulnerable to directory traversal attacks via the parameter curent_di...
E
CVE-2022-23358 EasyCMS v1.6 allows for SQL injection via ArticlemAction.class.php. In the background, search terms ...
E
CVE-2022-23363 Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via index.php....
E
CVE-2022-23364 HMS v1.0 was discovered to contain a SQL injection vulnerability via adminlogin.php....
E
CVE-2022-23365 HMS v1.0 was discovered to contain a SQL injection vulnerability via doctorlogin.php....
E
CVE-2022-23366 HMS v1.0 was discovered to contain a SQL injection vulnerability via patientlogin.php....
E
CVE-2022-23367 Fulusso v1.1 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability in /Bind...
E
CVE-2022-23375 WikiDocs version 0.1.18 has an authenticated remote code execution vulnerability. An attacker can up...
E
CVE-2022-23376 WikiDocs version 0.1.18 has multiple reflected XSS vulnerabilities on different pages....
CVE-2022-23377 Archeevo below 5.0 is affected by local file inclusion through file=~/web.config to allow an attacke...
E
CVE-2022-23378 A Cross-Site Scripting (XSS) vulnerability exists within the 3.2.2 version of TastyIgniter. The "ite...
E
CVE-2022-23379 Emlog v6.0 was discovered to contain a SQL injection vulnerability via the $TagID parameter of getbl...
E
CVE-2022-23380 There is a SQL injection vulnerability in the background of taocms 3.0.2 in parameter id:action=admi...
E
CVE-2022-23382 Shenzhen Hichip Vision Technology IP Camera Firmware V11.4.8.1.1-20170926 has a denial of service vu...
E
CVE-2022-23383 YzmCMS v6.3 is affected by broken access control. Without login, unauthorized access to the user's p...
CVE-2022-23384 YzmCMS v6.3 is affected by Cross Site Request Forgery (CSRF) in /admin.add...
E
CVE-2022-23387 An issue was discovered in taocms 3.0.2. This is a SQL blind injection that can obtain database data...
E
CVE-2022-23389 PublicCMS v4.0 was discovered to contain a remote code execution (RCE) vulnerability via the cmdarra...
E
CVE-2022-23390 An issue in the getType function of BBS Forum v5.3 and below allows attackers to upload arbitrary fi...
E
CVE-2022-23391 A cross-site scripting (XSS) vulnerability in Pybbs v6.0 allows attackers to execute arbitrary web s...
E
CVE-2022-23395 jQuery Cookie 1.4.1 is affected by prototype pollution, which can lead to DOM cross-site scripting (...
E
CVE-2022-23397 The Cedar Gate EZ-NET portal 6.5.5 6.8.0 Internet portal has a call to display messages to users whi...
CVE-2022-23399 A stack-based buffer overflow vulnerability exists in the confsrv set_port_fwd_rule functionality of...
E
CVE-2022-23400 A stack-based buffer overflow vulnerability exists in the IGXMPXMLParser::parseDelimiter functionali...
E
CVE-2022-23401 The following Yokogawa Electric products contain insecure DLL loading issues. CENTUM CS 3000 version...
CVE-2022-23402 The following Yokogawa Electric products hard-code the password for CAMS server applications: CENTUM...
CVE-2022-23403 Improper input validation in the Intel(R) Data Center Manager software before version 4.1 may allow ...
CVE-2022-23408 wolfSSL 5.x before 5.1.1 uses non-random IV values in certain situations. This affects connections (...
CVE-2022-23409 The Logs plugin before 3.0.4 for Craft CMS allows remote attackers to read arbitrary files via input...
E
CVE-2022-23410 AXIS IP Utility before 4.18.0 allows for remote code execution and local privilege escalation by the...
CVE-2022-23425 Improper input validation in Exynos baseband prior to SMR Feb-2022 Release 1 allows attackers to sen...
CVE-2022-23426 A vulnerability using PendingIntent in DeX Home and DeX for PC prior to SMR Feb-2022 Release 1 allow...
CVE-2022-23427 PendingIntent hijacking vulnerability in KnoxPrivacyNoticeReceiver prior to SMR Feb-2022 Release 1 a...
CVE-2022-23428 An improper boundary check in eden_runtime hal service prior to SMR Feb-2022 Release 1 allows arbitr...
CVE-2022-23429 An improper boundary check in audio hal service prior to SMR Feb-2022 Release 1 allows attackers to ...
CVE-2022-23431 An improper boundary check in RPMB ldfw prior to SMR Feb-2022 Release 1 allows arbitrary memory writ...
CVE-2022-23432 An improper input validation in SMC_SRPMB_WSM handler of RPMB ldfw prior to SMR Feb-2022 Release 1 a...
CVE-2022-23433 Improper access control vulnerability in Reminder prior to versions 12.3.01.3000 in Android S(12), 1...
CVE-2022-23434 A vulnerability using PendingIntent in Bixby Vision prior to versions 3.7.60.8 in Android S(12), 3.7...
CVE-2022-23435 decoding.c in android-gif-drawable before 1.2.24 does not limit the maximum length of a comment, lea...
S
CVE-2022-23437 Infinite loop within Apache XercesJ xml parser
S
CVE-2022-23438 An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vul...
CVE-2022-23439 A externally controlled reference to a resource in another sphere in Fortinet FortiManager before ve...
S
CVE-2022-23440 A use of hard-coded cryptographic key vulnerability [CWE-321] in the registration mechanism of Forti...
S
CVE-2022-23441 A use of hard-coded cryptographic key vulnerability [CWE-321] in FortiEDR versions 5.0.2, 5.0.1, 5.0...
S
CVE-2022-23442 An improper access control vulnerability [CWE-284] in FortiOS versions 6.2.0 through 6.2.11, 6.4.0 t...
CVE-2022-23443 An improper access control in Fortinet FortiSOAR before 7.2.0 allows unauthenticated attackers to ac...
CVE-2022-23446 A improper control of a resource through its lifetime in Fortinet FortiEDR version 5.0.3 and earlier...
S
CVE-2022-23447 An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE...
S
CVE-2022-23448 A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.3 Update 1), ...
S
CVE-2022-23449 A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.3 Update 1), ...
S
CVE-2022-23450 A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.3 Update 1), ...
S
CVE-2022-23451 An authorization flaw was found in openstack-barbican. The default policy rules for the secret metad...
S
CVE-2022-23452 An authorization flaw was found in openstack-barbican, where anyone with an admin role could add sec...
S
CVE-2022-23453 Potential security vulnerabilities have been identified in HP Support Assistant. These vulnerabiliti...
CVE-2022-23454 Potential security vulnerabilities have been identified in HP Support Assistant. These vulnerabiliti...
CVE-2022-23455 Potential security vulnerabilities have been identified in HP Support Assistant. These vulnerabiliti...
CVE-2022-23456 Potential arbitrary file deletion vulnerability has been identified in HP Support Assistant software...
S
CVE-2022-23457 Path Traversal in ESAPI
E S
CVE-2022-23458 Toast UI Grid vulnerable to Cross-site scripting
E S
CVE-2022-23459 Double free or Use after Free in Value class of Jsonxx
CVE-2022-23460 Stack overflow in Jsonxx
CVE-2022-23461 Cross-Site Scripting (XSS) in Jodit Editor
E
CVE-2022-23462 Stack Buffer Overflow in iowow
E S
CVE-2022-23463 SpEL Injection in Nepxion Discovery
E
CVE-2022-23464 Potential Server Side Request Forgery (SSRF) in Nepxion Discovery
E
CVE-2022-23465 SwiftTerm vulnerable to arbitrary command execution
S
CVE-2022-23466 DOM-based cross-site scripting (XSS) in teler dashboard
S
CVE-2022-23467 Out of Bounds Read in OpenRazer Driver
S
CVE-2022-23468 Buffer Overflow in xrdp
CVE-2022-23469 Authorization header displayed in the debug logs
E S
CVE-2022-23470 Arbitrary file access in the Galaxy data analysis platform
S
CVE-2022-23471 containerd CRI stream server: Host memory exhaustion through terminal resize goroutine leak
S
CVE-2022-23472 Use of insecure random number generator in Passeo
S
CVE-2022-23473 Tuleap MediaWiki standalone "readers" can also edit pages
S
CVE-2022-23474 editor.js contains Code Injection
E S
CVE-2022-23475 dalorRadius full account take over
E S
CVE-2022-23476 Unchecked return value from xmlTextReaderExpand in Nokogiri
S
CVE-2022-23477 Buffer Overflow in xrdp
CVE-2022-23478 Out of Bound Write in xrdp
CVE-2022-23479 Buffer Overflow occurs in xrdp
CVE-2022-23480 Buffer Overflow in xrdp
CVE-2022-23481 Out-of-Bound Read in xrdp
CVE-2022-23482 Out-of-Bound Read in xrdp
CVE-2022-23483 Out-of-Bound Read in libxrdp
CVE-2022-23484 Integer Overflow in xrdp
CVE-2022-23485 Invite code reuse via cookie manipulation in sentry
M
CVE-2022-23486 libp2p-rust denial of service vulnerability from lack of resource management
CVE-2022-23487 libp2p denial of service vulnerability from lack of resource management
M
CVE-2022-23488 BigBlueButton vulnerable to Insertion of Sensitive Information Into Sent Data
S
CVE-2022-23490 Improper access control to polling votes
S
CVE-2022-23491 Removal of TrustCor root certificate
CVE-2022-23492 go-libp2p denial of service vulnerability from lack of resource management
S
CVE-2022-23493 Out of Bound Read in xrdp
CVE-2022-23494 Cross-site scripting vulnerability in TinyMCE alerts
S
CVE-2022-23495 ProtoNode may be modified such that common method calls may panic in ipfs/go-merkledag
S
CVE-2022-23496 A crafted list can trigger a ArrayIndexOutOfBoundsException in Yauaa
S
CVE-2022-23497 Insecure file access in FreshRSS
S
CVE-2022-23498 When query caching is enabled in Grafana users can query another users session
E M
CVE-2022-23499 Cross-Site Scripting Protection bypass in HTML Sanitizer
CVE-2022-23500 TYPO3 subject to Uncontrolled Recursion resulting in Denial of Service
CVE-2022-23501 TYPO3 vulnerable to Improper Authentication in Frontend Login
CVE-2022-23502 TYPO3 contains Insufficient Session Expiration after Password Reset
CVE-2022-23503 TYPO3 vulnerable to Arbitrary Code Execution via Form Framework
CVE-2022-23504 TYPO3 contains Sensitive Information Disclosure via YAML Placeholder Expressions in Site Configuration
CVE-2022-23505 Passport-wsfed-saml2 vulnerable to Authentication Bypass for WSFed authentication
CVE-2022-23506 Spinnaker's Rosco microservice vulnerable to improper log masking on AWS Packer builds
S
CVE-2022-23507 Light client verification not taking into account chain ID
CVE-2022-23508 GitOps Run allows for Kubernetes workload injection
S
CVE-2022-23509 Weave Gitops Run vulnerable to insecure communication
S
CVE-2022-23510 SQl injection in cube-js
S
CVE-2022-23511 A privilege escalation issue exists within the Amazon CloudWatch Agent for Windows, software for col...
S
CVE-2022-23512 Metersphere is vulnerable to Path Injection.
E S
CVE-2022-23513 Pi-Hole/AdminLTE vulnerable due to improper access control in queryads endpoint
E
CVE-2022-23514 Inefficient Regular Expression Complexity in Loofah
CVE-2022-23515 Improper neutralization of data URIs may allow XSS in Loofah
CVE-2022-23516 Uncontrolled Recursion in Loofah
CVE-2022-23517 Inefficient Regular Expression Complexity in rails-html-sanitizer
S
CVE-2022-23518 Improper neutralization of data URIs allows XSS in rails-html-sanitizer
E
CVE-2022-23519 Possible XSS vulnerability with certain configurations of rails-html-sanitizer
E
CVE-2022-23520 rails-html-sanitizer contains an incomplete fix for an XSS vulnerability
E
CVE-2022-23521 gitattributes parsing integer overflow in git
S
CVE-2022-23522 Arbitrary File Write when Extracting Tarballs retrieved from a remote location using in mindsdb
E
CVE-2022-23523 rust-vmm linux-loader vulnerable to Out-of-bounds Read
S
CVE-2022-23524 Helm vulnerable to Denial of service through string value parsing
CVE-2022-23525 Helm vulnerable to Denial of service via NULL Pointer Dereference
S
CVE-2022-23526 Helm contains Denial of service through schema file
S
CVE-2022-23527 Open Redirect in oidc_validate_redirect_url()
CVE-2022-23529 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The issue is not a vuln...
R
CVE-2022-23530 GuardDog vulnerable to arbitrary file write when scanning a specially-crafted remote PyPI package
E S
CVE-2022-23531 Arbitrary file write when scanning a specially-crafted local PyPI package
S
CVE-2022-23532 neo4j-apoc-procedures is vulnerable to path traversal
S
CVE-2022-23535 LiteDB contains Deserialization of Untrusted Data
S
CVE-2022-23536 Alertmanager can expose local files content via specially crafted config
CVE-2022-23537 PJSIP vulnerable to heap buffer overflow when decoding STUN message
S
CVE-2022-23538 User credentials leaked to third-party service via HTTP redirect in scs-library-client
S
CVE-2022-23539 jsonwebtoken unrestricted key type could lead to legacy keys usage
S
CVE-2022-23540 jsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify()
S
CVE-2022-23541 jsonwebtoken's insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC
S
CVE-2022-23542 OpenFGA Authorization Bypass
S
CVE-2022-23543 HTML attributes when attaching a YouTube link to the post
CVE-2022-23544 Server-Side Request Forgery in Metersphere leads to Cross-Site Scripting
E S
CVE-2022-23546 Discourse vulnerable to private topic leak via email#send_digest
S
CVE-2022-23547 Heap buffer overflow in pjproject when decoding STUN message
S
CVE-2022-23548 Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch an...
S
CVE-2022-23549 Discourse vulnerable to bypass of post max_length using HTML comments
S
CVE-2022-23551 AAD Pod Identity obtaining token with backslash
S
CVE-2022-23552 Grafana stored XSS in FileUploader component
S
CVE-2022-23553 URL access filters bypass in Alpine
CVE-2022-23554 Authentication bypass in Alpine
S
CVE-2022-23555 authentik vulnerable to Improper Authentication via invitation URL token reuse
E
CVE-2022-23556 CodeIgniter is vulnerable to IP address spoofing when using proxy
E S
CVE-2022-23557 Division by zero in TFLite
E S
CVE-2022-23558 Integer overflow in TFLite array creation
E S
CVE-2022-23559 Integer overflow in TFLite
E S
CVE-2022-23560 Read and Write outside of bounds in TFLite
E S
CVE-2022-23561 Out of bounds write in TFLite
S
CVE-2022-23562 Integer overflow in Tensorflow
S
CVE-2022-23563 Insecure temporary file in Tensorflow
CVE-2022-23564 Reachable Assertion in Tensorflow
S
CVE-2022-23565 `CHECK`-failures in Tensorflow
S
CVE-2022-23566 Out of bounds write in Tensorflow
E S
CVE-2022-23567 Integer overflows in Tensorflow
E S
CVE-2022-23568 Integer overflows in Tensorflow
E S
CVE-2022-23569 `CHECK`-fails when building invalid tensor shapes in Tensorflow
S
CVE-2022-23570 Null-dereference in Tensorflow
E S
CVE-2022-23571 Reachable Assertion in Tensorflow
S
CVE-2022-23572 Crash when type cannot be specialized in Tensorflow
E S
CVE-2022-23573 Uninitialized variable access in Tensorflow
E S
CVE-2022-23574 Out of bounds read and write in Tensorflow
E S
CVE-2022-23575 Integer overflow in Tensorflow
E S
CVE-2022-23576 Integer overflow in Tensorflow
E S
CVE-2022-23577 Null-dereference in Tensorflow
E S
CVE-2022-23578 Memory leak in Tensorflow
E S
CVE-2022-23579 `CHECK`-failures during Grappler's `SafeToRemoveIdentity` in Tensorflow
E S
CVE-2022-23580 Abort caused by allocating a vector that is too large in Tensorflow
E S
CVE-2022-23581 `CHECK`-failures during Grappler's `IsSimplifiableReshape` in Tensorflow
E S
CVE-2022-23582 `CHECK`-failures in `TensorByteSize` in Tensorflow
E S
CVE-2022-23583 `CHECK`-failures in binary ops in Tensorflow
E S
CVE-2022-23584 Use after free in `DecodePng` in Tensorflow
E S
CVE-2022-23585 Memory leak in decoding PNG images in Tensorflow
E S
CVE-2022-23586 Multiple `CHECK`-fails in `function.cc` in Tensorflow
E S
CVE-2022-23587 Integer overflow in Tensorflow
E S
CVE-2022-23588 `CHECK`-fails due to attempting to build a reference tensor in Tensorflow
E S
CVE-2022-23589 Null pointer dereference in Grappler's `IsConstant` in Tensorflow
E S
CVE-2022-23590 Crash due to erroneous `StatusOr` in Tensorflow
E S
CVE-2022-23591 Stack overflow in Tensorflow
S
CVE-2022-23592 Out of bounds read in Tensorflow
E S
CVE-2022-23593 Segfault in `simplifyBroadcast` in Tensorflow
E S
CVE-2022-23594 Out of bounds read in Tensorflow
CVE-2022-23595 Null pointer dereference in TensorFlow
E S
CVE-2022-23596 Infinite loop in junrar
E S
CVE-2022-23597 Remote program execution with user interaction
S
CVE-2022-23598 Reflected XSS vulnerability when rendering error messages in laminas-form
S
CVE-2022-23599 Cross-site Scripting and Open Redirect in Products.ATContentTypes
S
CVE-2022-23600 Limited ability to spoof SAML authentication with missing audience verification
S
CVE-2022-23601 CSRF token missing in Symfony
S
CVE-2022-23602 Nim's rst parser sandboxed mode allows include which can embed any local file
E S
CVE-2022-23603 Code injection in iTunesRPC-Remastered
S
CVE-2022-23604 Privilege escalation in Defender
S
CVE-2022-23605 Expired Ephemeral Messages not reliably removed in wire-webapp
S
CVE-2022-23606 Crash when a cluster is deleted in Envoy
S
CVE-2022-23607 Unsafe handling of user-specified cookies in treq
M
CVE-2022-23608 Use after free in PJSIP
S
CVE-2022-23609 Path traveresal in iTunesRPC-Remastered
S
CVE-2022-23610 Improper Verification of Cryptographic Signature in wire-server
M
CVE-2022-23611 OS command injection in iTunesRPC-Remastered
S
CVE-2022-23612 Directory Traversal in OpenMRS Startup Filter
E S
CVE-2022-23613 Privilege escalation on xrdp
S
CVE-2022-23614 Code injection in Twig
S
CVE-2022-23615 Partial authorization bypass on document save in xwiki-platform
S
CVE-2022-23616 Remote code execution in xwiki-platform
S
CVE-2022-23617 Missing authorization in xwiki-platform
S
CVE-2022-23618 Open Redirect in xwiki-platform
S
CVE-2022-23619 Information exposure in xwiki-platform
S
CVE-2022-23620 Path traversal in xwiki-platform-skin-skinx
S
CVE-2022-23621 Missing authorization in xwiki-platform
S
CVE-2022-23622 Cross site scripting in registration template in xwiki-platform
S
CVE-2022-23623 Validation bypass in frourio
S
CVE-2022-23624 Validation bypass in frourio-express
S
CVE-2022-23625 DoS vulnerability: Malformed Resource Identifiers
S
CVE-2022-23626 Insufficient file checks in m1k1o/blog
E S
CVE-2022-23627 Inadequate access verification when using proxy commands in ArchiSteamFarm
S
CVE-2022-23628 Array literal misordering in github.com/open-policy-agent/opa
E S
CVE-2022-23630 Dependency verification bypass in Gradle
S
CVE-2022-23631 Prototype Pollution leading to Remote Code Execution in superjson
E
CVE-2022-23632 Traefik skips the router TLS configuration when the host header is an FQDN
S
CVE-2022-23633 Exposure of sensitive information in Action Pack
S
CVE-2022-23634 Information Exposure when using Puma with Rails
S
CVE-2022-23635 Unauthenticated control plane denial of service attack in Istio
S
CVE-2022-23636 Invalid drop of partially-initialized instances in wasmtime
S
CVE-2022-23637 Stored Cross-Site-Scripting (XSS) in Markdown Editor
S
CVE-2022-23638 Cross-site Scripting in svg-sanitizer
S
CVE-2022-23639 Improper Restriction of Operations within the Bounds of a Memory Buffer and Race Condition in crossbeam-utils
E S
CVE-2022-23640 Improper Restriction of XML External Entity Reference in Excel-Streaming-Reader
S
CVE-2022-23641 Denial of Service in Discourse
S
CVE-2022-23642 Code Injection in Sourcegraph
E S
CVE-2022-23643 Side-channel attack in Sourcegraph Code Monitors
S
CVE-2022-23644 Server-side request forgery in BookWyrm
CVE-2022-23645 Out-of-bounds read in swtpm
S
CVE-2022-23646 Improper CSP in Image Optimization API for Next.js
S
CVE-2022-23647 Cross-site Scripting in Prism
S
CVE-2022-23648 Insecure handling of image volumes in containerd CRI plugin
E S
CVE-2022-23649 Improper Certificate Validation in Cosign
S
CVE-2022-23650 Use of Hard-coded Cryptographic Key in Netmaker
S
CVE-2022-23651 b2-sdk-python TOCTOU application key disclosure
S
CVE-2022-23652 Privilege escalation using hop-by-hop Connection header
E S
CVE-2022-23653 B2 Command Line Tool TOCTOU application key disclosure
S
CVE-2022-23654 Improper write access check in Requarks/wiki
S
CVE-2022-23655 Missing server signature validation in OctoberCMS
S
CVE-2022-23656 Cross-site scripting vulnerability in Zulip Server
S
CVE-2022-23657 A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager versio...
CVE-2022-23658 A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager versio...
CVE-2022-23659 A remote reflected cross site scripting (xss) vulnerability was discovered in Aruba ClearPass Policy...
CVE-2022-23660 A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager versio...
CVE-2022-23661 A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Mana...
CVE-2022-23662 A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Mana...
CVE-2022-23663 A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Mana...
CVE-2022-23664 A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Mana...
CVE-2022-23665 A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Mana...
CVE-2022-23666 A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Mana...
CVE-2022-23667 A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Mana...
CVE-2022-23668 A remote authenticated server-side request forgery (ssrf) vulnerability was discovered in Aruba Clea...
CVE-2022-23669 A remote authorization bypass vulnerability was discovered in Aruba ClearPass Policy Manager version...
M
CVE-2022-23670 A remote authenticated information disclosure vulnerability was discovered in Aruba ClearPass Policy...
CVE-2022-23671 A remote authenticated information disclosure vulnerability was discovered in Aruba ClearPass Policy...
CVE-2022-23672 A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Mana...
M
CVE-2022-23673 A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Mana...
M
CVE-2022-23674 A remote authenticated stored cross-site scripting (xss) vulnerability was discovered in Aruba Clear...
M
CVE-2022-23675 A remote authenticated stored cross-site scripting (xss) vulnerability was discovered in Aruba Clear...
M
CVE-2022-23676 A remote execution of arbitrary code vulnerability was discovered in ArubaOS-Switch Devices version(...
CVE-2022-23677 A remote execution of arbitrary code vulnerability was discovered in ArubaOS-Switch Devices version(...
CVE-2022-23678 A vulnerability in the Aruba Virtual Intranet Access (VIA) client for Microsoft Windows operating sy...
CVE-2022-23679 AOS-CX lacks Anti-CSRF protections in place for state-changing operations. This can potentially be e...
CVE-2022-23680 AOS-CX lacks Anti-CSRF protections in place for state-changing operations. This can potentially be e...
CVE-2022-23681 Multiple vulnerabilities exist in the AOS-CX command line interface that could lead to authenticated...
CVE-2022-23682 Multiple vulnerabilities exist in the AOS-CX command line interface that could lead to authenticated...
CVE-2022-23683 Authenticated command injection vulnerabilities exist in the AOS-CX Network Analytics Engine via NAE...
CVE-2022-23684 A vulnerability in the web-based management interface of AOS-CX could allow a remote authenticated u...
CVE-2022-23685 A vulnerability in the ClearPass Policy Manager web-based management interface exists which exposes ...
CVE-2022-23686 Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Succe...
CVE-2022-23687 Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Succe...
CVE-2022-23688 Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Succe...
CVE-2022-23689 Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Succe...
CVE-2022-23690 A vulnerability in the web-based management interface of AOS-CX could allow a remote unauthenticated...
CVE-2022-23691 A vulnerability exists in certain AOS-CX switch models which could allow an attacker with access to ...
CVE-2022-23692 Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an aut...
CVE-2022-23693 Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an aut...
CVE-2022-23694 Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an aut...
CVE-2022-23695 Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an aut...
CVE-2022-23696 Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an aut...
CVE-2022-23697 A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to...
CVE-2022-23698 A remote unauthenticated disclosure of information vulnerability was discovered in HPE OneView versi...
CVE-2022-23699 A local authentication restriction bypass vulnerability was discovered in HPE OneView version(s): Pr...
CVE-2022-23700 A local unauthorized read access to files vulnerability was discovered in HPE OneView version(s): Pr...
CVE-2022-23701 A potential remote host header injection security vulnerability has been identified in HPE Integrate...
CVE-2022-23702 A potential security vulnerability has been identified in HPE Superdome Flex and Superdome Flex 280 ...
CVE-2022-23703 A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble S...
CVE-2022-23704 A potential security vulnerability has been identified in Integrated Lights-Out 4 (iLO 4). The vulne...
CVE-2022-23705 A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble S...
CVE-2022-23706 A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to...
S
CVE-2022-23707 An XSS vulnerability was found in Kibana index patterns. Using this vulnerability, an authenticated ...
S
CVE-2022-23708 A flaw was discovered in Elasticsearch 7.17.0’s upgrade assistant, in which upgrading from version 6...
CVE-2022-23709 A flaw was discovered in Kibana in which users with Read access to the Uptime feature could modify a...
CVE-2022-23710 A cross-site-scripting (XSS) vulnerability was discovered in the Data Preview Pane (previously known...
CVE-2022-23711 A vulnerability in Kibana could expose sensitive information related to Elastic Stack monitoring in ...
CVE-2022-23712 A Denial of Service flaw was discovered in Elasticsearch. Using this vulnerability, an unauthenticat...
CVE-2022-23713 A cross-site-scripting (XSS) vulnerability was discovered in the Vega Charts Kibana integration whic...
M
CVE-2022-23714 A local privilege escalation (LPE) issue was discovered in the ransomware canaries features of Elast...
M
CVE-2022-23715 A flaw was discovered in ECE before 3.4.0 that might lead to the disclosure of sensitive information...
CVE-2022-23716 A flaw was discovered in ECE before 3.1.1 that could lead to the disclosure of the SAML signing priv...
CVE-2022-23717 PingID Windows Login prior to 2.8 denial of service condition
CVE-2022-23718 PingID Windows Login prior to 2.8 uses known vulnerable components that can lead to remote code execution
CVE-2022-23719 PingID Windows Login prior to 2.8 does not authenticate communication with a local Java service used to capture security key requests
CVE-2022-23720 PingID Windows Login prior to 2.8 does not alert or halt operation if it has been provisioned with the full permissions PingID properties file
CVE-2022-23721 PingID integration for Windows login duplicate username collision.
CVE-2022-23722 PingFederate Password Reset via Authentication API Mishandling
CVE-2022-23723 PingFederate PingOneMFA Integration Kit MFA Bypass
CVE-2022-23724 PingID Integration for Windows Login MFA Bypass
CVE-2022-23725 PingID Windows Login prior to 2.8 does not properly set permissions on the Windows Registry entries used to store sensitive API keys under some circumstances
CVE-2022-23726 PingCentral versions prior to listed versions expose Spring Boot actuator endpoints that with admini...
CVE-2022-23727 There is a privilege escalation vulnerability in some webOS TVs. Due to wrong setting environments, ...
CVE-2022-23728 Attacker can reset the device with AT Command in the process of rebooting the device. The LG ID is L...
CVE-2022-23729 When the device is in factory state, it can be access the shell without adb authentication process. ...
CVE-2022-23730 The public API error causes for the attacker to be able to bypass API access control....
CVE-2022-23731 V8 javascript engine (heap vulnerability) can cause privilege escalation ,which can impact on some w...
CVE-2022-23732 Path traversal in GitHub Enterprise Server management console leading to a bypass of CSRF protections
CVE-2022-23733 Stored XSS vulnerability in GitHub Enterprise Server leading to injection of arbitrary attributes
CVE-2022-23734 Deserialization of Untrusted Data vulnerability in GitHub Enterprise Server leading to Remote Code Execution
CVE-2022-23737 Improper Privilege Management in GitHub Enterprise Server leading to page creation and deletion
CVE-2022-23738 Incomplete cache verification issue in GitHub Enterprise Server leading to exposure of private repo files
CVE-2022-23739 Incorrect authorization check in GitHub Enterprise Server leading to escalation of privileges in GraphQL API requests from GitHub Apps using scoped user-to-server tokens
CVE-2022-23740 Improper Neutralization of Argument Delimiters in a Command in GitHub Enterprise Server leading to Remote Code Execution
CVE-2022-23741 Incorrect authorization in GitHub Enterprise Server token generation leading to full admin access
CVE-2022-23742 Check Point Endpoint Security Client for Windows versions earlier than E86.40 copy files for forensi...
CVE-2022-23743 Check Point ZoneAlarm before version 15.8.200.19118 allows a local actor to escalate privileges duri...
CVE-2022-23744 Check Point Endpoint before version E86.50 failed to protect against specific registry change which ...
CVE-2022-23745 A potential memory corruption issue was found in Capsule Workspace Android app (running on GrapheneO...
CVE-2022-23746 The IPsec VPN blade has a dedicated portal for downloading and connecting through SSL Network Extend...
S
CVE-2022-23747 In Sony Xperia series 1, 5, and Pro, an out of bound memory access can occur due to lack of validati...
E
CVE-2022-23748 mDNSResponder.exe is vulnerable to DLL Sideloading attack. Executable improperly specifies how to lo...
KEV
CVE-2022-23763 DOUZONE BIZON NeoRS file download and execute vulnerability
CVE-2022-23764 TERUTEN WebCube update remote code execution vulnerability
CVE-2022-23765 IPTIME NAS family CSRF vulnerability
CVE-2022-23766 BigFileAgent arbitrary file execution vulnerability
CVE-2022-23767 SecureGate authentication bypass vulnerability
CVE-2022-23768 Neo Information Sys. NIS-HAP11AC remote access and manipulation vulnerability
CVE-2022-23769 Secuever reverseWall-MDS Remote Code Execution Vulnerability
CVE-2022-23770 WISA Smart Wing CMS Remote Command Execution Vulnerability
CVE-2022-23771 IPTIME NAS1DUAL CSRF Vulnerability
CVE-2022-23772 Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lea...
CVE-2022-23773 cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appe...
CVE-2022-23774 Docker Desktop before 4.4.4 on Windows allows attackers to move arbitrary files....
CVE-2022-23775 TrueStack Direct Connect 1.4.7 has Incorrect Access Control....
CVE-2022-23779 Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the installed server name to anyone. Th...
CVE-2022-23790 XSS in Firmanet Software and Technology Customer Relation Manager
S
CVE-2022-23791 XSS in Firmanet Software and Technology Customer Relation Manager
S
CVE-2022-23793 [20220301] - Core - Zip Slip within the Tar extractor
E
CVE-2022-23794 [20220302] - Core - Path Disclosure within filesystem error messages
CVE-2022-23795 [20220303] - Core - User row are not bound to a authentication mechanism
CVE-2022-23796 [20220304] - Core - Missing input validation within com_fields class inputs
CVE-2022-23797 [20220305] - Core - Inadequate filtering on the selected Ids
CVE-2022-23798 [20220306] - Core - Inadequate validation of internal URLs
CVE-2022-23799 [20220307] - Core - Variable Tampering on JInput $_REQUEST data
CVE-2022-23800 [20220308] - Core - Inadequate content filtering within the filter code
CVE-2022-23801 [20220309] - Core - XSS attack vector through SVG
CVE-2022-23802 Extension - Insecure Permissions within Joomla Guru extensions
CVE-2022-23803 A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon ReadXYCo...
E
CVE-2022-23804 A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon ReadIJCo...
E
CVE-2022-23805 A security out-of-bounds read information disclosure vulnerability in Trend Micro Worry-Free Busines...
S
CVE-2022-23806 Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly ret...
CVE-2022-23807 An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 before 5.1.2. A valid user who is alr...
S
CVE-2022-23808 An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into a...
S
CVE-2022-23810 Template injection (Improper Neutralization of Special Elements Used in a Template Engine) vulnerabi...
CVE-2022-23812 Malicious Package
E S
CVE-2022-23813 The software interfaces to ASP and SMU may not enforce the SNP memory security policy resulting in a...
CVE-2022-23814 Failure to validate addresses provided by software to BIOS commands may result in a potential loss o...
CVE-2022-23815 Improper bounds checking in APCB firmware may allow an attacker to perform an out of bounds write, c...
CVE-2022-23816 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse...
R
CVE-2022-23817 Insufficient checking of memory buffer in ASP Secure OS may allow an attacker with a malicious TA to...
CVE-2022-23818 Insufficient input validation on the model specific register: VM_HSAVE_PA may potentially lead to lo...
CVE-2022-23820 Failure to validate the AMD SMM communication buffer may allow an attacker to corrupt the SMRAM pote...
CVE-2022-23821 Improper access control in System Management Mode (SMM) may allow an attacker to write to SPI ROM po...
CVE-2022-23822 In this physical attack, an attacker may potentially exploit the Zynq-7000 SoC First Stage Boot Load...
CVE-2022-23823 A potential vulnerability in some AMD processors using frequency scaling may allow an authenticated ...
CVE-2022-23824 IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leadi...
S
CVE-2022-23825 Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type poten...
CVE-2022-23827 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse...
R
CVE-2022-23829 A potential weakness in AMD SPI protection features may allow a malicious attacker with Ring0 (kerne...
CVE-2022-23830 SMM configuration may not be immutable, as intended, when SNP is enabled resulting in a potential li...
CVE-2022-23831 Insufficient validation of the IOCTL input buffer in AMD μProf may allow an attacker to send an arbi...
CVE-2022-23832 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse...
R
CVE-2022-23833 An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 b...
S
CVE-2022-23835 The Visual Voice Mail (VVM) application through 2022-02-24 for Android allows persistent access if a...
E
CVE-2022-23837 In api.rb in Sidekiq before 5.2.10 and 6.4.0, there is no limit on the number of days when requestin...
E S
CVE-2022-23848 In Alluxio before 2.7.3, the logserver does not validate the input stream. NOTE: this is not the sam...
CVE-2022-23849 The biometric lock in Devolutions Password Hub for iOS before 2021.3.4 allows attackers to access th...
CVE-2022-23850 xhtml_translate_entity in xhtml.c in epub2txt (aka epub2txt2) through 2.02 allows a stack-based buff...
E
CVE-2022-23852 Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations...
S
CVE-2022-23853 The LSP (Language Server Protocol) plugin in KDE Kate before 21.12.2 and KTextEditor before 5.91.0 t...
CVE-2022-23854 AVEVA InTouch Access Anywhere versions 2020 R2 and older are vulnerable to a path traversal exploit ...
S
CVE-2022-23855 An issue was discovered in Saviynt Enterprise Identity Cloud (EIC) 5.5 SP2.x. An authentication bypa...
E
CVE-2022-23856 An issue was discovered in Saviynt Enterprise Identity Cloud (EIC) 5.5 SP2.x. An attacker can enumer...
E
CVE-2022-23857 model/criteria/criteria.go in Navidrome before 0.47.5 is vulnerable to SQL injection attacks when pr...
S
CVE-2022-23858 A flaw was found in the REST API. An improperly handled REST API call could allow any logged user to...
CVE-2022-23861 Multiple Stored Cross-Site Scripting vulnerabilities were discovered in Y Soft SAFEQ 6 Build 53. Mul...
E
CVE-2022-23862 A Local Privilege Escalation issue was discovered in Y Soft SAFEQ 6 Build 53. The SafeQ JMX service ...
E
CVE-2022-23863 Zoho ManageEngine Desktop Central before 10.1.2137.10 allows an authenticated user to change any use...
S
CVE-2022-23865 Nyron 1.0 is affected by a SQL injection vulnerability through Nyron/Library/Catalog/winlibsrch.aspx...
E
CVE-2022-23868 RuoYi v4.7.2 contains a CSV injection vulnerability through ruoyi-admin when a victim opens .xlsx lo...
E
CVE-2022-23869 In RuoYi v4.7.2 through the WebUI, user test1 does not have permission to reset the password of user...
E
CVE-2022-23871 Multiple cross-site scripting (XSS) vulnerabilities in the component outcomes_addProcess.php of Gibb...
E
CVE-2022-23872 Emlog pro v1.1.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the ...
E
CVE-2022-23873 Victor CMS v1.0 was discovered to contain a SQL injection vulnerability that allows attackers to inj...
E
CVE-2022-23878 seacms V11.5 is affected by an arbitrary code execution vulnerability in admin_config.php....
E
CVE-2022-23880 An arbitrary file upload vulnerability in the File Management function module of taoCMS v3.0.2 allow...
E
CVE-2022-23881 ZZZCMS zzzphp v2.1.0 was discovered to contain a remote command execution (RCE) vulnerability via da...
E
CVE-2022-23882 TuziCMS 2.0.6 is affected by SQL injection in \App\Manage\Controller\BannerController.class.php....
E
CVE-2022-23884 Mojang Bedrock Dedicated Server 1.18.2 is affected by an integer overflow leading to a bound check b...
E
CVE-2022-23887 YzmCMS v6.3 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to ...
E
CVE-2022-23888 YzmCMS v6.3 was discovered to contain a Cross-Site Request Forgey (CSRF) via the component /yzmcms/c...
E
CVE-2022-23889 The comment function in YzmCMS v6.3 was discovered as being able to be operated concurrently, allowi...
E
CVE-2022-23896 Admidio 4.1.2 version is affected by stored cross-site scripting (XSS)....
E S
CVE-2022-23898 MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via the categoryId parameter in ...
E
CVE-2022-23899 MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via search.do in the file /web/M...
E
CVE-2022-23900 A command injection vulnerability in the API of the Wavlink WL-WN531P3 router, version M31G3.V5030.2...
E
CVE-2022-23901 A stack overflow re2c 2.2 exists due to infinite recursion issues in src/dfa/dead_rules.cc....
E S
CVE-2022-23902 Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in export_data.php via the...
E
CVE-2022-23903 A Cross Site Scripting (XSS) vulnerability exists in pearadmin pear-admin-think <=5.0.6, which allow...
E
CVE-2022-23904 Rainworx Auctionworx < 3.1R2 is vulnerable to a Cross-Site Request Forgery (CSRF) attack that allows...
E
CVE-2022-23906 CMS Made Simple v2.2.15 was discovered to contain a Remote Command Execution (RCE) vulnerability via...
E
CVE-2022-23907 CMS Made Simple v2.2.15 was discovered to contain a reflected cross-site scripting (XSS) vulnerabili...
E
CVE-2022-23909 There is an unquoted service path in Sherpa Connector Service (SherpaConnectorService.exe) 2020.2.20...
E
CVE-2022-23911 AP Custom Testimonial < 1.4.8 - Admin+ SQL Injection
E
CVE-2022-23912 AP Custom Testimonial < 1.4.8 - Reflected Cross-Site Scripting
E
CVE-2022-23913 Apache ActiveMQ Artemis DoS
E M
CVE-2022-23914 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i...
R
CVE-2022-23915 Remote Code Execution (RCE)
S
CVE-2022-23916 Cross-site scripting vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver....
CVE-2022-23917 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i...
R
CVE-2022-23918 A stack-based buffer overflow vulnerability exists in the confsrv set_mf_rule functionality of TCL L...
E
CVE-2022-23919 A stack-based buffer overflow vulnerability exists in the confsrv set_mf_rule functionality of TCL L...
E
CVE-2022-23921 ICSA-22-053-01 GE Proficy CIMPLICITY-IPM
S
CVE-2022-23922 WIN-911 2021 Incorrect Default Permissions
S
CVE-2022-23923 Sandbox Bypass
E
CVE-2022-23924 Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which ma...
CVE-2022-23925 Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which ma...
CVE-2022-23926 Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which ma...
CVE-2022-23927 Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which ma...
CVE-2022-23928 Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which ma...
CVE-2022-23929 Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which ma...
CVE-2022-23930 Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which ma...
CVE-2022-23931 Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which ma...
CVE-2022-23932 Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which ma...
CVE-2022-23933 Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which ma...
CVE-2022-23934 Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which ma...
CVE-2022-23935 lib/Image/ExifTool.pm in ExifTool before 12.38 mishandles a $file =~ /\|$/ check, leading to command...
E S
CVE-2022-23937 In Wind River VxWorks 6.9 and 7, a specific crafted packet may lead to an out-of-bounds read during ...
CVE-2022-23940 SuiteCRM through 7.12.1 and 8.x through 8.0.1 allows Remote Code Execution. Authenticated users with...
E
CVE-2022-23942 Apache Doris hardcoded cryptography initialization
M
CVE-2022-23943 mod_sed: Read/write beyond bounds
S
CVE-2022-23944 Apache ShenYu 2.4.1 Improper access control
S
CVE-2022-23945 Apache ShenYu missing authentication allows gateway registration
S
CVE-2022-23946 A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon GCodeNum...
E
CVE-2022-23947 A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon DCodeNum...
CVE-2022-23948 A flaw was found in Keylime before 6.3.0. The logic in the Keylime agent for checking for a secure m...
E S
CVE-2022-23949 In Keylime before 6.3.0, unsanitized UUIDs can be passed by a rogue agent and can lead to log spoofi...
E S
CVE-2022-23950 In Keylime before 6.3.0, Revocation Notifier uses a fixed /tmp path for UNIX domain socket which can...
E S
CVE-2022-23951 In Keylime before 6.3.0, quote responses from the agent can contain possibly untrusted ZIP data whic...
E S
CVE-2022-23952 In Keylime before 6.3.0, current keylime installer installs the keylime.conf file, which can contain...
E S
CVE-2022-23953 Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow d...
CVE-2022-23954 Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow d...
S
CVE-2022-23955 Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow d...
S
CVE-2022-23956 Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow d...
CVE-2022-23957 Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow d...
S
CVE-2022-23958 Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow d...
S
CVE-2022-23959 In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Var...
M
CVE-2022-23960 Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache specula...
S
CVE-2022-23967 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-15679. Reason: This candidat...
R
CVE-2022-23968 Xerox VersaLink devices on specific versions of firmware before 2022-01-26 allow remote attackers to...
E
CVE-2022-23970 ASUS RT-AX56U - Path Traversal
S
CVE-2022-23971 ASUS RT-AX56U - Path Traversal
S
CVE-2022-23972 ASUS RT-AX56U - SQL Injection
S
CVE-2022-23973 ASUS RT-AX56U - Stack overflew
S
CVE-2022-23974 Pinot segment push endpoint has a vulnerability in unprotected environments
CVE-2022-23975 WordPress Access Demo Importer plugin <= 1.0.7 - Cross-Site Request Forgery (CSRF) vulnerability leading to Arbitrary Plugin Activation
S
CVE-2022-23976 WordPress Access Demo Importer plugin <= 1.0.7 - Cross-Site Request Forgery (CSRF) vulnerability leading to Data Reset (Posts / Pages / Media)
S
CVE-2022-23979 WordPress Ultimate Reviews plugin <= 3.0.15 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
S
CVE-2022-23980 WordPress Yasr – Yet Another Stars Rating plugin <= 2.9.9 - Cross-Site Scripting (XSS) vulnerability
S
CVE-2022-23981 WordPress Perfect Brands for WooCommerce plugin <= 2.0.4 - Set Featured Brand vulnerability
S
CVE-2022-23982 WordPress Perfect Brands for WooCommerce plugin <= 2.0.4 - Server Information Exposure vulnerability
S
CVE-2022-23983 WordPress WP Content Copy Protection & No Right Click plugin <= 3.4.4 - Cross-Site Request Forgery (CSRF) leads to Settings Update vulnerability
S
CVE-2022-23984 WordPress wpDiscuz plugin <= 7.3.11 - Sensitive Information Disclosure
S
CVE-2022-23985 ICSA-22-055-01 FATEK Automation FvDesigner
S
CVE-2022-23986 SQL injection vulnerability in the phpUploader v1.2 and earlier allows a remote unauthenticated atta...
S
CVE-2022-23987 WS Form < 1.8.176 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-23988 WS Form < 1.8.176 - Unauthenticated Stored Cross-Site Scripting
E
CVE-2022-23989 In Stormshield Network Security (SNS) before 3.7.25, 3.8.x through 3.11.x before 3.11.13, 4.x before...
CVE-2022-23990 Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function....
S
CVE-2022-23992 XCOM Data Transport for Windows, Linux, and UNIX 11.6 releases contain a vulnerability due to insuff...
CVE-2022-23993 /usr/local/www/pkg.php in pfSense CE before 2.6.0 and pfSense Plus before 22.01 uses $_REQUEST['pkg_...
S
CVE-2022-23994 An Improper access control vulnerability in StBedtimeModeReceiver in Wear OS 3.0 prior to Firmware u...
CVE-2022-23995 Unprotected component vulnerability in StBedtimeModeAlarmReceiver in Wear OS 3.0 prior to Firmware u...
CVE-2022-23996 Unprotected component vulnerability in StTheaterModeReceiver in Wear OS 3.0 prior to Firmware update...
CVE-2022-23997 Unprotected component vulnerability in StTheaterModeDurationAlarmReceiver in Wear OS 3.0 prior to Fi...
CVE-2022-23998 Improper access control vulnerability in Camera prior to versions 11.1.02.16 in Android R(11), 10.5....
CVE-2022-23999 PendingIntent hijacking vulnerability in CpaReceiver prior to SMR Feb-2022 Release 1 allows local at...
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.