CVE-2022-24xxx

There are 839 CVE in this subgroup.
Last updated: 
← Back to 2022
ID Summary Flags Max Score
CVE-2022-24000 PendingIntent hijacking vulnerability in DataUsageReminderReceiver prior to SMR Feb-2022 Release 1 a...
CVE-2022-24001 Information disclosure vulnerability in Edge Panel prior to Android S(12) allows physical attackers ...
CVE-2022-24002 Improper Authorization vulnerability in Link Sharing prior to version 12.4.00.3 allows attackers to ...
CVE-2022-24003 Exposure of Sensitive Information vulnerability in Bixby Vision prior to version 3.7.50.6 allows att...
CVE-2022-24004 A Stored Cross-Site Scripting (XSS) vulnerability was discovered in Messenger/messenger_ajax.php in ...
E
CVE-2022-24005 A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_...
E
CVE-2022-24006 A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_...
E
CVE-2022-24007 A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_...
E
CVE-2022-24008 A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_...
E
CVE-2022-24009 A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_...
E
CVE-2022-24010 A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_...
E
CVE-2022-24011 A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_...
E
CVE-2022-24012 A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_...
E
CVE-2022-24013 A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_...
E
CVE-2022-24014 A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_...
E
CVE-2022-24015 A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_...
E
CVE-2022-24016 A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_...
E
CVE-2022-24017 A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_...
E
CVE-2022-24018 A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_...
E
CVE-2022-24019 A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_...
E
CVE-2022-24020 A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_...
E
CVE-2022-24021 A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_...
E
CVE-2022-24022 A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_...
E
CVE-2022-24023 A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_...
E
CVE-2022-24024 A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_...
E
CVE-2022-24025 A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_...
E
CVE-2022-24026 A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_...
E
CVE-2022-24027 A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_...
E
CVE-2022-24028 A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_...
E
CVE-2022-24029 A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_...
E
CVE-2022-24030 An issue was discovered in AhciBusDxe in Insyde InsydeH2O with kernel 5.1 through 5.5. An SMM memory...
CVE-2022-24031 An issue was discovered in NvmExpressDxe in Insyde InsydeH2O with kernel 5.1 through 5.5. An SMM mem...
CVE-2022-24032 Adenza AxiomSL ControllerView through 10.8.1 is vulnerable to user enumeration. An attacker can iden...
E
CVE-2022-24035 An issue was discovered in ONOS 2.5.1. The purge-requested intent remains on the list, but it does n...
E
CVE-2022-24036 Unauthorized modification in Karmasis Informatics Infraskope SIEM+
S
CVE-2022-24037 Unauthorized modification in Karmasis Informatics Infraskope SIEM+
S
CVE-2022-24038 Unauthorized modification in Karmasis Informatics Infraskope SIEM+
S
CVE-2022-24039 A vulnerability has been identified in Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5...
CVE-2022-24040 A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (Al...
CVE-2022-24041 A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (Al...
CVE-2022-24042 A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (Al...
CVE-2022-24043 A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (Al...
CVE-2022-24044 A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (Al...
CVE-2022-24045 A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (Al...
CVE-2022-24046 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat...
CVE-2022-24047 This vulnerability allows remote attackers to bypass authentication on affected installations of BMC...
CVE-2022-24048 MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This ...
S
CVE-2022-24049 This vulnerability allows remote attackers to execute arbitrary code on affected installations of So...
CVE-2022-24050 MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability...
S
CVE-2022-24051 MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability ...
S
CVE-2022-24052 MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This v...
S
CVE-2022-24055 This vulnerability allows remote attackers to disclose sensitive information on affected installatio...
CVE-2022-24056 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sa...
CVE-2022-24057 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sa...
CVE-2022-24058 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sa...
CVE-2022-24059 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sa...
CVE-2022-24060 This vulnerability allows remote attackers to disclose sensitive information on affected installatio...
CVE-2022-24061 This vulnerability allows remote attackers to disclose sensitive information on affected installatio...
CVE-2022-24062 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sa...
CVE-2022-24063 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sa...
CVE-2022-24064 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sa...
CVE-2022-24065 Command Injection
E S
CVE-2022-24066 Command Injection
E S
CVE-2022-24067 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i...
R
CVE-2022-24069 An issue was discovered in AhciBusDxe in Insyde InsydeH2O with kernel 5.0 before 05.08.41, 5.1 befor...
CVE-2022-24070 Apache Subversion mod_dav_svn is vulnerable to memory corruption
CVE-2022-24071 A Built-in extension in Whale browser before 3.12.129.46 allows attackers to compromise the renderin...
CVE-2022-24072 The devtools API in Whale browser before 3.12.129.18 allowed extension developers to inject arbitrar...
CVE-2022-24073 The Web Request API in Whale browser before 3.12.129.18 allowed to deny access to the extension stor...
CVE-2022-24074 Whale Bridge, a default extension in Whale browser before 3.12.129.18, allowed to receive any SendMe...
CVE-2022-24075 Whale browser before 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer we...
CVE-2022-24077 Naver Cloud Explorer Beta allows the attacker to execute arbitrary code as System privilege via mali...
CVE-2022-24082 If an on-premise installation of the Pega Platform is configured with the port for the JMX interface...
E
CVE-2022-24083 Password authentication bypass vulnerability for local accounts can be used to bypass local authenti...
CVE-2022-24086 Adobe Commerce checkout improper input validation leads to remote code execution
KEV S
CVE-2022-24090 Adobe Photoshop 2022 Out-of-bounds Read could lead to Memory leak
S
CVE-2022-24091 Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2022-24092 Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2022-24093 Adobe Commerce post-auth improper input validation leads to remote code execution
S
CVE-2022-24094 Adobe After Effects Stack-based Buffer Overflow Arbitrary code execution
S
CVE-2022-24095 Adobe After Effects Stack-based Buffer Overflow Arbitrary code execution
S
CVE-2022-24096 Adobe After Effects Heap-based Buffer Overflow Arbitrary code execution
S
CVE-2022-24097 Adobe After Effects Out-of-bounds Write could lead to Arbitrary code execution
S
CVE-2022-24098 Adobe Photoshop PCX File Parsing Memory Corruption Remote Code Execution Vulnerability
CVE-2022-24099 Adobe Photoshop Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
CVE-2022-24101 Adobe Acrobat Reader DC Annotation Use-After-Free Information Disclosure Vulnerability
CVE-2022-24102 Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability
CVE-2022-24103 Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability
CVE-2022-24104 Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability
CVE-2022-24105 Adobe Photoshop U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2022-24106 In Xpdf prior to 4.04, the DCT (JPEG) decoder was incorrectly allowing the 'interleaved' flag to be ...
CVE-2022-24107 Xpdf prior to 4.04 lacked an integer overflow check in JPXStream.cc....
CVE-2022-24108 The Skyoftech So Listing Tabs module 2.2.0 for OpenCart allows a remote attacker to inject a seriali...
E
CVE-2022-24109 An issue was discovered in ONOS 2.5.1. To attack an intent installed by a normal user, a remote atta...
E
CVE-2022-24110 Kiteworks MFT 7.5 may allow an unauthorized user to reset other users' passwords. This is fixed in v...
CVE-2022-24111 In Mahara 21.04 before 21.04.3 and 21.10 before 21.10.1, portfolios created in groups that have not ...
CVE-2022-24112 apisix/batch-requests plugin allows overwriting the X-REAL-IP header
KEV E M
CVE-2022-24113 Local privilege escalation due to excessive permissions assigned to child processes
CVE-2022-24114 Local privilege escalation due to race condition on application startup
CVE-2022-24115 Local privilege escalation due to unrestricted loading of unsigned libraries
CVE-2022-24116 Certain General Electric Renewable Energy products have inadequate encryption strength. This affects...
S
CVE-2022-24117 Certain General Electric Renewable Energy products download firmware without an integrity check. Thi...
S
CVE-2022-24118 Certain General Electric Renewable Energy products allow attackers to use a code to trigger a reboot...
S
CVE-2022-24119 Certain General Electric Renewable Energy products have a hidden feature for unauthenticated remote ...
S
CVE-2022-24120 Certain General Electric Renewable Energy products store cleartext credentials in flash memory. This...
S
CVE-2022-24121 SQL Injection vulnerability discovered in Unified Office Total Connect Now that would allow an attac...
E
CVE-2022-24122 kernel/ucount.c in the Linux kernel 5.14 through 5.16.4, when unprivileged user namespaces are enabl...
E S
CVE-2022-24123 MarkText through 0.16.3 does not sanitize the input of a mermaid block before rendering. This could ...
E S
CVE-2022-24124 The query API in Casdoor before 1.13.1 has a SQL injection vulnerability related to the field and va...
E S
CVE-2022-24125 The matchmaking servers of Bandai Namco FromSoftware Dark Souls III through 2022-03-19 allow remote ...
E
CVE-2022-24126 A buffer overflow in the NRSessionSearchResult parser in Bandai Namco FromSoftware Dark Souls III th...
E
CVE-2022-24127 A Stored Cross-Site Scripting (XSS) vulnerability was discovered in ProjectGeneral/edit_project_sett...
E
CVE-2022-24128 Timescale TimescaleDB 1.x and 2.x before 2.5.2 may allow privilege escalation during extension insta...
CVE-2022-24129 The OIDC OP plugin before 3.0.4 for Shibboleth Identity Provider allows server-side request forgery ...
E
CVE-2022-24130 xterm through Patch 370, when Sixel support is enabled, allows attackers to trigger a buffer overflo...
E S
CVE-2022-24131 DouPHP v1.6 Release 20220121 is affected by Cross Site Scripting (XSS) through /admin/login.php in t...
E
CVE-2022-24132 phpshe V1.8 is affected by a denial of service (DoS) attack in the registry's verification code, whi...
E
CVE-2022-24135 QingScan 1.3.0 is affected by Cross Site Scripting (XSS) vulnerability in all search functions....
E
CVE-2022-24136 Hospital Management System v1.0 is affected by an unrestricted upload of dangerous file type vulerab...
E
CVE-2022-24138 IOBit Advanced System Care (Asc.exe) 15 and Action Download Center both download components of IOBit...
CVE-2022-24139 In IOBit Advanced System Care (AscService.exe) 15, an attacker with SEImpersonatePrivilege can creat...
CVE-2022-24140 IOBit Advanced System Care 15, iTop Screen Recorder 2.1, iTop VPN 3.2, Driver Booster 9, and iTop Sc...
CVE-2022-24141 The iTopVPNmini.exe component of iTop VPN 3.2 will try to connect to datastate_iTopVPN_Pipe_Server o...
CVE-2022-24142 Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetFirewall...
E
CVE-2022-24143 Tenda AX3 v16.03.12.10_CN and AX12 22.03.01.2_CN was discovered to contain a stack overflow in the f...
E
CVE-2022-24144 Tenda AX3 v16.03.12.10_CN was discovered to contain a command injection vulnerability in the functio...
E
CVE-2022-24145 Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formWifiBasicSe...
E
CVE-2022-24146 Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetQosBand....
E
CVE-2022-24147 Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromAdvSetMacMt...
E
CVE-2022-24148 Tenda AX3 v16.03.12.10_CN was discovered to contain a command injection vulnerability in the functio...
E
CVE-2022-24149 Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetWireless...
E
CVE-2022-24150 Tenda AX3 v16.03.12.10_CN was discovered to contain a command injection vulnerability in the functio...
E
CVE-2022-24151 Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetWifiGuse...
E
CVE-2022-24152 Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetRouteSta...
E
CVE-2022-24153 Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formAddMacfilte...
E
CVE-2022-24154 Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetRebootTi...
E
CVE-2022-24155 Tenda AX3 v16.03.12.10_CN was discovered to contain a heap overflow in the function setSchedWifi. Th...
E
CVE-2022-24156 Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetVirtualS...
E
CVE-2022-24157 Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetMacFilte...
E
CVE-2022-24158 Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetIpMacBin...
E
CVE-2022-24159 Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetPPTPServ...
E
CVE-2022-24160 Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetDeviceNa...
E
CVE-2022-24161 Tenda AX3 v16.03.12.10_CN was discovered to contain a heap overflow in the function GetParentControl...
E
CVE-2022-24162 Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function saveParentContr...
E
CVE-2022-24163 Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetSysTime....
E
CVE-2022-24164 Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the func...
E
CVE-2022-24165 Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerab...
E
CVE-2022-24166 Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the func...
E
CVE-2022-24167 Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerab...
E
CVE-2022-24168 Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerab...
E
CVE-2022-24169 Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the func...
E
CVE-2022-24170 Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerab...
E
CVE-2022-24171 Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerab...
E
CVE-2022-24172 Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the func...
E
CVE-2022-24177 A cross-site scripting (XSS) vulnerability in the component cgi-bin/ej.cgi of Ex libris ALEPH 500 v1...
E
CVE-2022-24181 Cross-site scripting (XSS) via Host Header injection in PKP Open Journals System 2.4.8 >= 3.3 allows...
CVE-2022-24187 The user_id and device_id on the Ourphoto App version 1.4.1 /device/* end-points both suffer from in...
E
CVE-2022-24188 The /device/signin end-point for the Ourphoto App version 1.4.1 discloses clear-text password inform...
E
CVE-2022-24189 The user_token authorization header on the Ourphoto App version 1.4.1 /apiv1/* end-points is not imp...
E
CVE-2022-24190 The /device/acceptBind end-point for Ourphoto App version 1.4.1 does not require authentication or a...
E
CVE-2022-24191 In HTMLDOC 1.9.14, an infinite loop in the gif_read_lzw function can lead to a pointer arbitrarily p...
E S
CVE-2022-24193 CasaOS before v0.2.7 was discovered to contain a command injection vulnerability....
E S
CVE-2022-24196 iText v7.1.17, up to (exluding)": 7.1.18 and 7.2.2 was discovered to contain an out-of-memory error ...
E S
CVE-2022-24197 iText v7.1.17 was discovered to contain a stack-based buffer overflow via the component ByteBuffer.a...
E
CVE-2022-24198 iText v7.1.17 was discovered to contain an out-of-bounds exception via the component ARCFOUREncrypti...
CVE-2022-24206 Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in /mobile_seal/get_seal.p...
E
CVE-2022-24218 An issue in /admin/delete_image.php of eliteCMS v1.0 allows attackers to delete arbitrary files....
E
CVE-2022-24219 eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/edit_page.php....
E
CVE-2022-24220 eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/edit_post.php....
E
CVE-2022-24221 eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/functions/functions...
E
CVE-2022-24222 eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/edit_user.php....
E
CVE-2022-24223 AtomCMS v2.0 was discovered to contain a SQL injection vulnerability via /admin/login.php....
E
CVE-2022-24226 Hospital Management System v4.0 was discovered to contain a blind SQL injection vulnerability via th...
E
CVE-2022-24227 A cross-site scripting (XSS) vulnerability in BoltWire v7.10 and v 8.00 allows attackers to execute ...
E
CVE-2022-24229 A cross-site scripting (XSS) vulnerability in ONLYOFFICE Document Server Example before v7.0.0 allow...
E
CVE-2022-24231 Simple Student Information System v1.0 was discovered to contain a SQL injection vulnerability via a...
E
CVE-2022-24232 A local file inclusion in Hospital Patient Record Management System v1.0 allows attackers to execute...
E
CVE-2022-24235 A Cross-Site Request Forgery (CSRF) in the management portal of Snapt Aria v12.8 allows attackers to...
E
CVE-2022-24236 An insecure permissions vulnerability in Snapt Aria v12.8 allows unauthenticated attackers to send e...
E
CVE-2022-24237 The snaptPowered2 component of Snapt Aria v12.8 was discovered to contain a command injection vulner...
E
CVE-2022-24238 ACEweb Online Portal 3.5.065 was discovered to contain a cross-site scripting (XSS) vulnerability vi...
CVE-2022-24239 ACEweb Online Portal 3.5.065 was discovered to contain an unrestricted file upload vulnerability via...
CVE-2022-24240 ACEweb Online Portal 3.5.065 was discovered to contain a SQL injection vulnerability via the criteri...
CVE-2022-24241 ACEweb Online Portal 3.5.065 was discovered to contain an External Controlled File Path and Name vul...
CVE-2022-24247 RiteCMS version 3.1.0 and below suffers from an arbitrary file overwrite via path traversal vulnerab...
E
CVE-2022-24248 RiteCMS version 3.1.0 and below suffers from an arbitrary file deletion via path traversal vulnerabi...
E
CVE-2022-24249 A Null Pointer Dereference vulnerability exists in GPAC 1.1.0 via the xtra_box_write function in /bo...
E S
CVE-2022-24251 Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload vulnerab...
E
CVE-2022-24252 An unrestricted file upload vulnerability in the FileTransferServlet component of Extensis Portfolio...
E
CVE-2022-24253 Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload vulnerab...
E
CVE-2022-24254 An unrestricted file upload vulnerability in the Backup/Restore Archive component of Extensis Portfo...
E
CVE-2022-24255 Extensis Portfolio v4.0 was discovered to contain hardcoded credentials which allows attackers to ga...
E
CVE-2022-24259 An incorrect check in the component cdr.php of Voipmonitor GUI before v24.96 allows unauthenticated ...
E
CVE-2022-24260 A SQL injection vulnerability in Voipmonitor GUI before v24.96 allows attackers to escalate privileg...
E
CVE-2022-24262 The config restore function of Voipmonitor GUI before v24.96 does not properly check files sent as r...
E
CVE-2022-24263 Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital...
E
CVE-2022-24264 Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/...
E
CVE-2022-24265 Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/...
E
CVE-2022-24266 Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/...
CVE-2022-24272 MongoDB Server (mongod) may crash in response to unexpected requests
S
CVE-2022-24278 Directory Traversal
E S
CVE-2022-24279 Prototype Pollution
E S
CVE-2022-24280 Apache Pulsar Proxy target broker address isn't validated
M
CVE-2022-24281 A vulnerability has been identified in SINEC NMS (All versions < V1.0.3), SINEMA Server V14 (All ver...
M
CVE-2022-24282 A vulnerability has been identified in SINEC NMS (All versions >= V1.0.3 < V2.0), SINEC NMS (All ver...
M
CVE-2022-24285 Acer Care Center 4.00.30xx before 4.00.3042 contains a local privilege escalation vulnerability. The...
M
CVE-2022-24286 Acer QuickAccess 2.01.300x before 2.01.3030 and 3.00.30xx before 3.00.3038 contains a local privileg...
M
CVE-2022-24287 A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All ve...
S
CVE-2022-24288 Apache Airflow: RCE in example DAGs
M
CVE-2022-24289 Deserialization of untrusted data in the Hessian Component of Apache Cayenne 4.1 with older Java versions
M
CVE-2022-24290 A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13), Teamcenter V13....
S
CVE-2022-24291 Certain HP Print devices may be vulnerable to potential information disclosure, denial of service, o...
CVE-2022-24292 Certain HP Print devices may be vulnerable to potential information disclosure, denial of service, o...
CVE-2022-24293 Certain HP Print devices may be vulnerable to potential information disclosure, denial of service, o...
CVE-2022-24294 ReDoS in Apache MXNet RTC Module
M
CVE-2022-24295 Okta Advanced Server Access Client for Windows prior to version 1.57.0 was found to be vulnerable to...
CVE-2022-24296 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Air Conditioning System G-150AD Ve...
CVE-2022-24297 Improper buffer restrictions in firmware for some Intel(R) NUCs may allow a privileged user to poten...
S
CVE-2022-24298 Denial of Service (DoS)
CVE-2022-24299 Improper input validation vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions...
S
CVE-2022-24300 Minetest before 5.4.0 allows attackers to add or modify arbitrary meta fields of the same item stack...
S
CVE-2022-24301 In Minetest before 5.4.0, players can add or subtract items from a different player's inventory....
S
CVE-2022-24302 In Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_fi...
E
CVE-2022-24303 Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are misha...
CVE-2022-24304 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-2564. Reason: This candidate...
R
CVE-2022-24305 Zoho ManageEngine SharePoint Manager Plus before 4329 is vulnerable to a sensitive data leak that le...
CVE-2022-24306 Zoho ManageEngine SharePoint Manager Plus before 4329 allows account takeover because authorization ...
CVE-2022-24307 Mastodon before 3.3.2 and 3.4.x before 3.4.6 has incorrect access control because it does not compac...
CVE-2022-24308 Automox Agent prior to version 37 on Windows and Linux and Version 36 on OSX could allow for a non p...
CVE-2022-24309 A vulnerability has been identified in Mendix Runtime V7 (All versions < V7.23.29), Mendix Runtime V...
M
CVE-2022-24310 A CWE-190: Integer Overflow or Wraparound vulnerability exists that could cause heap-based buffer ov...
S
CVE-2022-24311 A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that coul...
S
CVE-2022-24312 A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that coul...
S
CVE-2022-24313 A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-...
S
CVE-2022-24314 A CWE-125: Out-of-bounds Read vulnerability exists that could cause memory leaks potentially resulti...
S
CVE-2022-24315 A CWE-125: Out-of-bounds Read vulnerability exists that could cause denial of service when an attack...
S
CVE-2022-24316 A CWE-665: Improper Initialization vulnerability exists that could cause information exposure when a...
S
CVE-2022-24317 A CWE-862: Missing Authorization vulnerability exists that could cause information exposure when an ...
S
CVE-2022-24318 A CWE-326: Inadequate Encryption Strength vulnerability exists that could cause non-encrypted commun...
S
CVE-2022-24319 A CWE-295: Improper Certificate Validation vulnerability exists that could allow a Man-in-theMiddle ...
S
CVE-2022-24320 A CWE-295: Improper Certificate Validation vulnerability exists that could allow a Man-in-theMiddle ...
S
CVE-2022-24321 A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could caus...
S
CVE-2022-24322 A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exi...
CVE-2022-24323 A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could caus...
CVE-2022-24324 A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-...
S
CVE-2022-24327 In JetBrains Hub before 2021.1.13890, integration with JetBrains Account exposed an API key with exc...
CVE-2022-24328 In JetBrains Hub before 2021.1.13956, an unprivileged user could perform DoS....
CVE-2022-24329 In JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle ...
S
CVE-2022-24330 In JetBrains TeamCity before 2021.2.1, a redirection to an external site was possible....
CVE-2022-24331 In JetBrains TeamCity before 2021.1.4, GitLab authentication impersonation was possible....
CVE-2022-24332 In JetBrains TeamCity before 2021.2, a logout action didn't remove a Remember Me cookie....
CVE-2022-24333 In JetBrains TeamCity before 2021.2, blind SSRF via an XML-RPC call was possible....
CVE-2022-24334 In JetBrains TeamCity before 2021.2.1, the Agent Push feature allowed selection of any private key o...
CVE-2022-24335 JetBrains TeamCity before 2021.2 was vulnerable to a Time-of-check/Time-of-use (TOCTOU) race-conditi...
CVE-2022-24336 In JetBrains TeamCity before 2021.2.1, an unauthenticated attacker can cancel running builds via an ...
CVE-2022-24337 In JetBrains TeamCity before 2021.2, health items of pull requests were shown to users who lacked ap...
CVE-2022-24338 JetBrains TeamCity before 2021.2.1 was vulnerable to reflected XSS....
CVE-2022-24339 JetBrains TeamCity before 2021.2.1 was vulnerable to stored XSS....
CVE-2022-24340 In JetBrains TeamCity before 2021.2.1, XXE during the parsing of the configuration file was possible...
CVE-2022-24341 In JetBrains TeamCity before 2021.2.1, editing a user account to change its password didn't terminat...
CVE-2022-24342 In JetBrains TeamCity before 2021.2.1, URL injection leading to CSRF was possible....
CVE-2022-24343 In JetBrains YouTrack before 2021.4.31698, a custom logo could be set by a user who has read-only pe...
CVE-2022-24344 JetBrains YouTrack before 2021.4.31698 was vulnerable to stored XSS on the Notification templates pa...
CVE-2022-24345 In JetBrains IntelliJ IDEA before 2021.2.4, local code execution (without permission from a user) up...
CVE-2022-24346 In JetBrains IntelliJ IDEA before 2021.3.1, local code execution via RLO (Right-to-Left Override) ch...
CVE-2022-24347 JetBrains YouTrack before 2021.4.36872 was vulnerable to stored XSS via a project icon....
CVE-2022-24348 Argo CD before 2.1.9 and 2.2.x before 2.2.4 allows directory traversal related to Helm charts becaus...
E
CVE-2022-24349 Reflected XSS in action configuration window of Zabbix Frontend
S
CVE-2022-24350 An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. IHISI function ...
CVE-2022-24351 TOCTOU race-condition vulnerability in Insyde InsydeH2O with Kernel 5.2 before version 05.27.29, Ker...
CVE-2022-24352 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat...
CVE-2022-24353 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat...
CVE-2022-24354 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat...
CVE-2022-24355 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat...
CVE-2022-24356 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo...
S
CVE-2022-24357 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo...
S
CVE-2022-24358 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo...
S
CVE-2022-24359 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo...
S
CVE-2022-24360 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo...
S
CVE-2022-24361 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo...
S
CVE-2022-24362 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo...
S
CVE-2022-24363 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo...
S
CVE-2022-24364 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo...
S
CVE-2022-24365 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo...
S
CVE-2022-24366 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo...
S
CVE-2022-24367 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo...
S
CVE-2022-24368 This vulnerability allows remote attackers to disclose sensitive information on affected installatio...
S
CVE-2022-24369 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo...
S
CVE-2022-24370 This vulnerability allows remote attackers to disclose sensitive information on affected installatio...
S
CVE-2022-24372 Linksys MR9600 devices before 2.0.5 allow attackers to read arbitrary files via a symbolic link to t...
E
CVE-2022-24373 Regular Expression Denial of Service (ReDoS)
E S
CVE-2022-24374 Cross-site scripting vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver....
CVE-2022-24375 Denial of Service (DoS)
S
CVE-2022-24376 Command Injection
E
CVE-2022-24377 Command Injection
E S
CVE-2022-24378 Improper initialization in the Intel(R) Data Center Manager software before version 4.1 may allow an...
CVE-2022-24379 Improper input validation in some Intel(R) Server System M70KLP Family BIOS firmware before version ...
S
CVE-2022-24381 Denial of Service (DoS)
CVE-2022-24382 Improper input validation in firmware for some Intel(R) NUCs may allow a privileged user to potentia...
S
CVE-2022-24383 ICSA-22-090-03 Fuji Electric Alpha5
S
CVE-2022-24384 Reflective XSS on SmarterTrack v100.0.8019.14010
CVE-2022-24385 Information disclosure via direct object access on SmarterTrack v100.0.8019.14010
CVE-2022-24386 Stored XSS in SmarterTrack v100.0.8019.14010
CVE-2022-24387 File upload and overwrite to app_data/Config in SmarterTrack v100.0.8019.14010
CVE-2022-24388 Authenticated Privileged Command Injection Vulnerability in Fidelis Network and Deception
S
CVE-2022-24389 Authenticated Privileged Command Injection Vulnerability in Fidelis Network and Deception
S
CVE-2022-24390 Authenticated Command Injection Vulnerability in Fidelis Network and Deception
S
CVE-2022-24391 Authenticated SQL Injection Vulnerability in Fidelis Network and Deception
S
CVE-2022-24392 Authenticated Command Injection Vulnerability in Fidelis Network and Deception
S
CVE-2022-24393 Authenticated Command Injection Vulnerability in Fidelis Network and Deception
S
CVE-2022-24394 Authenticated Command Injection Vulnerability in Fidelis Network and Deception
S
CVE-2022-24395 SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not suffic...
CVE-2022-24396 The Simple Diagnostics Agent - versions 1.0 up to version 1.57, does not perform any authentication ...
E
CVE-2022-24397 SAP NetWeaver Enterprise Portal - versions 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user...
CVE-2022-24398 Under certain conditions SAP Business Objects Business Intelligence Platform - versions 420, 430, al...
CVE-2022-24399 The SAP Focused Run (Real User Monitoring) - versions 200, 300, REST service does not sufficiently s...
E
CVE-2022-24400 DCK pinning attack in TETRA
CVE-2022-24401 Keystream recovery for arbitrary frames in TETRA
CVE-2022-24402 Intentionally weakened effective strength in TETRA TEA1
CVE-2022-24403 De-anonymization attack in TETRA
CVE-2022-24404 Ciphertext Malleability in TETRA
CVE-2022-24405 OX App Suite through 7.10.6 allows OS Command Injection via a serialized Java class to the Documentc...
E
CVE-2022-24406 OX App Suite through 7.10.6 allows SSRF because multipart/form-data boundaries are predictable, and ...
E
CVE-2022-24407 In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a ...
S
CVE-2022-24408 A vulnerability has been identified in SINUMERIK MC (All versions < V1.15 SP1), SINUMERIK ONE (All v...
M
CVE-2022-24409 Dell BSAFE SSL-J contains remediation for a covert timing channel vulnerability that may be exploite...
CVE-2022-24410 Dell BIOS contains an information exposure vulnerability. An unauthenticated local attacker with ph...
CVE-2022-24411 Dell PowerScale OneFS 8.2.2 and above contain an elevation of privilege vulnerability. A local attac...
CVE-2022-24412 Dell EMC PowerScale OneFS 8.2.x - 9.3.0.x contain an improper handling of value vulnerability. An un...
CVE-2022-24413 Dell PowerScale OneFS, versions 8.2.2-9.3.x, contain a time-of-check-to-time-of-use vulnerability. A...
CVE-2022-24414 Dell EMC CloudLink 7.1.3 and all earlier versions, Auth Token is exposed in GET requests. These requ...
S
CVE-2022-24415 Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user ...
CVE-2022-24416 Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user ...
CVE-2022-24417 Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user ...
CVE-2022-24418 Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user ...
CVE-2022-24419 Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user ...
CVE-2022-24420 Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user ...
CVE-2022-24421 Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user ...
CVE-2022-24422 Dell iDRAC9 versions 5.00.00.00 and later but prior to 5.10.10.00, contain an improper authenticatio...
S
CVE-2022-24423 Dell iDRAC8 versions prior to 2.83.83.83 contain a denial of service vulnerability. A remote unauthe...
S
CVE-2022-24424 Dell EMC AppSync versions from 3.9 to 4.3 contain a path traversal vulnerability in AppSync server. ...
CVE-2022-24425 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse...
R
CVE-2022-24426 Dell Command | Update, Dell Update, and Alienware Update version 4.4.0 contains a Local Privilege Es...
S
CVE-2022-24427 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse...
R
CVE-2022-24428 Dell PowerScale OneFS, versions 8.2.x, 9.0.0.x, 9.1.0.x, 9.2.0.x, 9.2.1.x, and 9.3.0.x, contain an i...
CVE-2022-24429 Arbitrary Code Injection
E S
CVE-2022-24431 Command Injection
E
CVE-2022-24432 ICSA-22-062-01 IPCOMM ipDIO
S
CVE-2022-24433 Command Injection
S
CVE-2022-24434 Denial of Service (DoS)
E S
CVE-2022-24435 Cross-site scripting vulnerability in phpUploader v1.2 and earlier allows a remote unauthenticated a...
S
CVE-2022-24436 Observable behavioral in power management throttling for some Intel(R) Processors may allow an authe...
CVE-2022-24437 Command Injection
E S
CVE-2022-24439 Remote Code Execution (RCE)
E
CVE-2022-24440 Command Injection
S
CVE-2022-24441 Code Injection
E S
CVE-2022-24442 JetBrains YouTrack before 2021.4.40426 was vulnerable to SSTI (Server-Side Template Injection) via F...
CVE-2022-24444 Silverstripe silverstripe/framework through 4.10 allows Session Fixation....
CVE-2022-24445 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...
R
CVE-2022-24446 An issue was discovered in Zoho ManageEngine Key Manager Plus 6.1.6. A user, with the level Operator...
CVE-2022-24447 An issue was discovered in Zoho ManageEngine Key Manager Plus before 6200. A service exposed by the ...
CVE-2022-24448 An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets th...
S
CVE-2022-24449 Solar appScreener through 3.10.4, when a valid license is not present, allows XXE and SSRF attacks v...
CVE-2022-24450 NATS nats-server before 2.7.2 has Incorrect Access Control. Any authenticated user can obtain the pr...
CVE-2022-24451 VP9 Video Extensions Remote Code Execution Vulnerability
CVE-2022-24452 HEVC Video Extensions Remote Code Execution Vulnerability
CVE-2022-24453 HEVC Video Extensions Remote Code Execution Vulnerability
CVE-2022-24454 Windows Security Support Provider Interface Elevation of Privilege Vulnerability
CVE-2022-24455 Windows CD-ROM Driver Elevation of Privilege Vulnerability
CVE-2022-24456 HEVC Video Extensions Remote Code Execution Vulnerability
CVE-2022-24457 HEIF Image Extensions Remote Code Execution Vulnerability
CVE-2022-24459 Windows Fax and Scan Service Elevation of Privilege Vulnerability
CVE-2022-24460 Tablet Windows User Interface Application Elevation of Privilege Vulnerability
CVE-2022-24461 Microsoft Office Visio Remote Code Execution Vulnerability
CVE-2022-24462 Microsoft Word Security Feature Bypass Vulnerability
CVE-2022-24463 Microsoft Exchange Server Spoofing Vulnerability
CVE-2022-24464 .NET and Visual Studio Denial of Service Vulnerability
S
CVE-2022-24465 Microsoft Intune Portal for iOS Security Feature Bypass Vulnerability
CVE-2022-24466 Windows Hyper-V Security Feature Bypass Vulnerability
S
CVE-2022-24467 Azure Site Recovery Remote Code Execution Vulnerability
CVE-2022-24468 Azure Site Recovery Remote Code Execution Vulnerability
CVE-2022-24469 Azure Site Recovery Elevation of Privilege Vulnerability
CVE-2022-24470 Azure Site Recovery Remote Code Execution Vulnerability
CVE-2022-24471 Azure Site Recovery Remote Code Execution Vulnerability
CVE-2022-24472 Microsoft SharePoint Server Spoofing Vulnerability
CVE-2022-24473 Microsoft Excel Remote Code Execution Vulnerability
CVE-2022-24474 Windows Win32k Elevation of Privilege Vulnerability
CVE-2022-24475 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVE-2022-24477 Microsoft Exchange Server Elevation of Privilege Vulnerability
CVE-2022-24479 Connected User Experiences and Telemetry Elevation of Privilege Vulnerability
CVE-2022-24480 Outlook for Android Elevation of Privilege Vulnerability
S
CVE-2022-24481 Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2022-24482 Windows ALPC Elevation of Privilege Vulnerability
CVE-2022-24483 Windows Kernel Information Disclosure Vulnerability
CVE-2022-24484 Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability
CVE-2022-24485 Win32 File Enumeration Remote Code Execution Vulnerability
CVE-2022-24486 Windows Kerberos Elevation of Privilege Vulnerability
CVE-2022-24487 Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability
CVE-2022-24488 Windows Desktop Bridge Elevation of Privilege Vulnerability
CVE-2022-24489 Cluster Client Failover (CCF) Elevation of Privilege Vulnerability
CVE-2022-24490 Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability
CVE-2022-24491 Windows Network File System Remote Code Execution Vulnerability
CVE-2022-24492 Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2022-24493 Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability
CVE-2022-24494 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2022-24495 Windows Direct Show Remote Code Execution Vulnerability
CVE-2022-24496 Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability
CVE-2022-24497 Windows Network File System Remote Code Execution Vulnerability
CVE-2022-24498 Windows iSCSI Target Service Information Disclosure Vulnerability
CVE-2022-24499 Windows Installer Elevation of Privilege Vulnerability
CVE-2022-24500 Windows SMB Remote Code Execution Vulnerability
CVE-2022-24501 VP9 Video Extensions Remote Code Execution Vulnerability
CVE-2022-24502 Windows HTML Platforms Security Feature Bypass Vulnerability
CVE-2022-24503 Remote Desktop Protocol Client Information Disclosure Vulnerability
CVE-2022-24504 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
S
CVE-2022-24505 Windows ALPC Elevation of Privilege Vulnerability
CVE-2022-24506 Azure Site Recovery Elevation of Privilege Vulnerability
CVE-2022-24507 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2022-24508 Win32 File Enumeration Remote Code Execution Vulnerability
CVE-2022-24509 Microsoft Office Visio Remote Code Execution Vulnerability
CVE-2022-24510 Microsoft Office Visio Remote Code Execution Vulnerability
CVE-2022-24511 Microsoft Office Word Tampering Vulnerability
CVE-2022-24512 .NET and Visual Studio Remote Code Execution Vulnerability
S
CVE-2022-24513 Visual Studio Elevation of Privilege Vulnerability
CVE-2022-24515 Azure Site Recovery Elevation of Privilege Vulnerability
CVE-2022-24516 Microsoft Exchange Server Elevation of Privilege Vulnerability
CVE-2022-24517 Azure Site Recovery Remote Code Execution Vulnerability
CVE-2022-24518 Azure Site Recovery Elevation of Privilege Vulnerability
CVE-2022-24519 Azure Site Recovery Elevation of Privilege Vulnerability
CVE-2022-24520 Azure Site Recovery Remote Code Execution Vulnerability
CVE-2022-24521 Windows Common Log File System Driver Elevation of Privilege Vulnerability
KEV S
CVE-2022-24522 Skype Extension for Chrome Information Disclosure Vulnerability
CVE-2022-24523 Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVE-2022-24525 Windows Update Stack Elevation of Privilege Vulnerability
CVE-2022-24526 Visual Studio Code Spoofing Vulnerability
CVE-2022-24527 Microsoft Endpoint Configuration Manager Elevation of Privilege Vulnerability
S
CVE-2022-24528 Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2022-24530 Windows Installer Elevation of Privilege Vulnerability
CVE-2022-24532 HEVC Video Extensions Remote Code Execution Vulnerability
CVE-2022-24533 Remote Desktop Protocol Remote Code Execution Vulnerability
CVE-2022-24534 Win32 Stream Enumeration Remote Code Execution Vulnerability
CVE-2022-24536 Windows DNS Server Remote Code Execution Vulnerability
CVE-2022-24537 Windows Hyper-V Remote Code Execution Vulnerability
CVE-2022-24538 Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability
CVE-2022-24539 Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability
CVE-2022-24540 Windows ALPC Elevation of Privilege Vulnerability
CVE-2022-24541 Windows Server Service Remote Code Execution Vulnerability
CVE-2022-24542 Windows Win32k Elevation of Privilege Vulnerability
CVE-2022-24543 Windows Upgrade Assistant Remote Code Execution Vulnerability
CVE-2022-24544 Windows Kerberos Elevation of Privilege Vulnerability
CVE-2022-24545 Windows Kerberos Remote Code Execution Vulnerability
CVE-2022-24546 Windows DWM Core Library Elevation of Privilege Vulnerability
CVE-2022-24547 Windows Digital Media Receiver Elevation of Privilege Vulnerability
CVE-2022-24548 Microsoft Defender Denial of Service Vulnerability
CVE-2022-24549 Windows AppX Package Manager Elevation of Privilege Vulnerability
CVE-2022-24550 Windows Telephony Server Elevation of Privilege Vulnerability
CVE-2022-24551 A flaw was found in StarWind Stack. The endpoint for setting a new password doesn’t check the curren...
CVE-2022-24552 A flaw was found in the REST API in StarWind Stack. REST command, which manipulates a virtual disk, ...
CVE-2022-24553 An issue was found in Zfaka <= 1.4.5. The verification of the background file upload function check ...
E
CVE-2022-24562 In IOBit IOTransfer 4.3.1.1561, an unauthenticated attacker can send GET and POST requests to Airser...
E
CVE-2022-24563 In Genixcms v1.1.11, a stored Cross-Site Scripting (XSS) vulnerability exists in /gxadmin/index.php?...
E
CVE-2022-24564 Checkmk <=2.0.0p19 contains a Cross Site Scripting (XSS) vulnerability. While creating or editing a ...
S
CVE-2022-24565 Checkmk <=2.0.0p19 Fixed in 2.0.0p20 and Checkmk <=1.6.0p27 Fixed in 1.6.0p28 are affected by a Cros...
CVE-2022-24566 In Checkmk <=2.0.0p19 fixed in 2.0.0p20 and Checkmk <=1.6.0p27 fixed in 1.6.0p28, the title of a Pre...
CVE-2022-24568 Novel-plus v3.6.0 was discovered to be vulnerable to Server-Side Request Forgery (SSRF) via user-sup...
E
CVE-2022-24571 Car Driving School Management System v1.0 is affected by SQL injection in the login page. An attacke...
E
CVE-2022-24572 Car Driving School Management System v1.0 is affected by Cross Site Scripting (XSS) in the User Enro...
E
CVE-2022-24573 A stored cross-site scripting (XSS) vulnerability in the admin interface in Element-IT HTTP Commande...
M
CVE-2022-24574 GPAC 1.0.1 is affected by a NULL pointer dereference in gf_dump_vrml_field.isra ()....
E
CVE-2022-24575 GPAC 1.0.1 is affected by a stack-based buffer overflow through MP4Box....
E
CVE-2022-24576 GPAC 1.0.1 is affected by Use After Free through MP4Box....
E
CVE-2022-24577 GPAC 1.0.1 is affected by a NULL pointer dereference in gf_utf8_wcslen. (gf_utf8_wcslen is a renamed...
E
CVE-2022-24578 GPAC 1.0.1 is affected by a heap-based buffer overflow in SFS_AddString () at bifs/script_dec.c....
E
CVE-2022-24580 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-24580. Reason: This candidat...
R
CVE-2022-24581 ACEweb Online Portal 3.5.065 allows unauthenticated SMB hash capture via UNC. By specifying the UNC ...
CVE-2022-24582 Accounting Journal Management 1.0 is vulnerable to XSS-PHPSESSID-Hijacking. The parameter manage_use...
CVE-2022-24584 Incorrect access control in Yubico OTP functionality of the YubiKey hardware tokens along with the Y...
E
CVE-2022-24585 A stored cross-site scripting (XSS) vulnerability in the component /core/admin/comment.php of PluXml...
E
CVE-2022-24586 A stored cross-site scripting (XSS) vulnerability in the component /core/admin/categories.php of Plu...
E
CVE-2022-24587 A stored cross-site scripting (XSS) vulnerability in the component core/admin/medias.php of PluXml v...
E
CVE-2022-24588 Flatpress v1.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability in the Upload ...
E
CVE-2022-24589 Burden v3.0 was discovered to contain a stored cross-site scripting (XSS) in the Add Category functi...
E
CVE-2022-24590 A stored cross-site scripting (XSS) vulnerability in the Add Link function of BackdropCMS v1.21.1 al...
E
CVE-2022-24594 In waline 1.6.1, an attacker can submit messages using X-Forwarded-For to forge any IP address....
E S
CVE-2022-24595 Automotive Grade Linux Kooky Koi 11.0.0, 11.0.1, 11.0.2, 11.0.3, 11.0.4, and 11.0.5 is affected by I...
E
CVE-2022-24599 In autofile Audio File Library 0.3.6, there exists one memory leak vulnerability in printfileinfo, i...
E
CVE-2022-24600 Luocms v2.0 is affected by SQL Injection through /admin/login.php. An attacker can log in to the bac...
E
CVE-2022-24601 Luocms v2.0 is affected by SQL Injection in /admin/manager/admin_mod.php. An attacker can obtain sen...
E
CVE-2022-24602 Luocms v2.0 is affected by SQL Injection in /admin/news/news_mod.php....
E
CVE-2022-24603 Luocms v2.0 is affected by SQL Injection in /admin/news/sort_mod.php....
E
CVE-2022-24604 Luocms v2.0 is affected by SQL Injection in /admin/link/link_mod.php....
E
CVE-2022-24605 Luocms v2.0 is affected by SQL Injection in /admin/link/link_ok.php....
E
CVE-2022-24606 Luocms v2.0 is affected by SQL Injection in /admin/news/sort_ok.php....
E
CVE-2022-24607 Luocms v2.0 is affected by SQL Injection in /admin/news/news_ok.php....
E
CVE-2022-24608 Luocms v2.0 is affected by Cross Site Scripting (XSS) in /admin/news/sort_add.php and /inc/function....
E
CVE-2022-24609 Luocms v2.0 is affected by an incorrect access control vulnerability. Through /admin/templates/templ...
E
CVE-2022-24610 Settings/network settings/wireless settings on the Alecto DVC-215IP camera version 63.1.1.173 and be...
CVE-2022-24611 Denial of Service (DoS) in the Z-Wave S0 NonceGet protocol specification in Silicon Labs Z-Wave 500 ...
CVE-2022-24612 An authenticated user can upload an XML file containing an XSS via the ITSM module of EyesOfNetwork ...
E
CVE-2022-24613 metadata-extractor up to 2.16.0 can throw various uncaught exceptions while parsing a specially craf...
E
CVE-2022-24614 When reading a specially crafted JPEG file, metadata-extractor up to 2.16.0 can be made to allocate ...
E
CVE-2022-24615 zip4j up to v2.10.0 can throw various uncaught exceptions while parsing a specially crafted ZIP file...
CVE-2022-24618 Heimdal.Wizard.exe installer in Heimdal Premium Security 2.5.395 and earlier has insecure permission...
CVE-2022-24620 Piwigo version 12.2.0 is vulnerable to stored cross-site scripting (XSS), which can lead to privileg...
E
CVE-2022-24627 An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is an unaut...
E
CVE-2022-24628 An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is authenti...
E
CVE-2022-24629 An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. Remote code ex...
E
CVE-2022-24630 An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. BrowseFiles.ph...
E
CVE-2022-24631 An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is stored X...
E
CVE-2022-24632 An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is director...
E
CVE-2022-24633 All versions of FileCloud prior to 21.3 are vulnerable to user enumeration. The vulnerability exists...
CVE-2022-24637 Open Web Analytics (OWA) before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive ...
E S
CVE-2022-24643 A stored cross-site scripting (XSS) issue was discovered in the OpenEMR Hospital Information Managem...
CVE-2022-24644 ZZ Inc. KeyMouse Windows 3.08 and prior is affected by a remote code execution vulnerability during ...
E
CVE-2022-24646 Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital...
E
CVE-2022-24647 Cuppa CMS v1.0 was discovered to contain an arbitrary file deletion vulnerability via the unlink() f...
E
CVE-2022-24651 sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized file u...
E
CVE-2022-24652 sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized file u...
E
CVE-2022-24654 Authenticated stored cross-site scripting (XSS) vulnerability in "Field Server Address" field in INT...
E
CVE-2022-24655 A stack overflow vulnerability exists in the upnpd service in Netgear EX6100v1 201.0.2.28, CAX80 2.1...
E S
CVE-2022-24656 HexoEditor 1.1.8 is affected by Cross Site Scripting (XSS). By putting a common XSS payload in a mar...
E
CVE-2022-24657 Goldshell ASIC Miners v2.1.x was discovered to contain hardcoded credentials which allow attackers t...
E M
CVE-2022-24659 Goldshell ASIC Miners v2.2.1 and below was discovered to contain a path traversal vulnerability whic...
E M
CVE-2022-24660 The debug interface of Goldshell ASIC Miners v2.2.1 and below was discovered to be exposed publicly ...
E M
CVE-2022-24661 A vulnerability has been identified in Simcenter STAR-CCM+ Viewer (All versions < V2022.1). The star...
S
CVE-2022-24663 Remote Code Execution by Subscriber+ users via WordPress shortcode
CVE-2022-24664 Remote Code Execution by by Contributor+ users via WordPress metabox
CVE-2022-24665 Remote Code Execution by by Contributor+ users via WordPress gutenberg block
E
CVE-2022-24666 A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network pee...
CVE-2022-24667 A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network pee...
CVE-2022-24668 A program using swift-nio-http2 is vulnerable to a denial of service attack caused by a network peer...
CVE-2022-24669 Anonymous users can register / de-register for configuration change notifications
S
CVE-2022-24670 Any user can run unrestricted LDAP queries against a configuration endpoint
S
CVE-2022-24671 A link following privilege escalation vulnerability in Trend Micro Antivirus for Max 11.0.2150 and b...
CVE-2022-24672 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat...
CVE-2022-24673 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ca...
CVE-2022-24674 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat...
CVE-2022-24675 encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large am...
CVE-2022-24676 update_code in Admin.php in HYBBS2 through 2.3.2 allows arbitrary file upload via a crafted ZIP arch...
E
CVE-2022-24677 Admin.php in HYBBS2 through 2.3.2 allows remote code execution because it writes plugin-related conf...
E
CVE-2022-24678 An security agent resource exhaustion denial-of-service vulnerability in Trend Micro Apex One, Trend...
S
CVE-2022-24679 A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Mi...
S
CVE-2022-24680 A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Mi...
S
CVE-2022-24681 Zoho ManageEngine ADSelfService Plus before 6121 allows XSS via the welcome name attribute to the Re...
E S
CVE-2022-24682 An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 pa...
KEV E
CVE-2022-24683 HashiCorp Nomad and Nomad Enterprise 0.9.2 through 1.0.17, 1.1.11, and 1.2.5 allow operators with re...
CVE-2022-24684 HashiCorp Nomad and Nomad Enterprise 0.9.0 through 1.0.16, 1.1.11, and 1.2.5 allow operators with jo...
CVE-2022-24685 HashiCorp Nomad and Nomad Enterprise 1.0.17, 1.1.11, and 1.2.5 allow invalid HCL for the jobs parse ...
CVE-2022-24686 HashiCorp Nomad and Nomad Enterprise 0.3.0 through 1.0.17, 1.1.11, and 1.2.5 artifact download funct...
CVE-2022-24687 HashiCorp Consul and Consul Enterprise 1.9.0 through 1.9.14, 1.10.7, and 1.11.2 clusters with at lea...
CVE-2022-24688 An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. The Touch settings allow unrestrict...
E
CVE-2022-24689 An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. It mishandles access control. This ...
E
CVE-2022-24690 An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. A PresAbs.php SQL Injection vulnera...
E
CVE-2022-24691 An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. A SQL Injection vulnerability allow...
E
CVE-2022-24692 An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. The new menu option within the gene...
E
CVE-2022-24693 Baicells Nova436Q and Neutrino 430 devices with firmware through QRTB 2.7.8 have hardcoded credentia...
CVE-2022-24694 In Mahara 20.10 before 20.10.4, 21.04 before 21.04.3, and 21.10 before 21.10.1, the names of folders...
E
CVE-2022-24695 Bluetooth Classic in Bluetooth Core Specification through 5.3 does not properly conceal device infor...
CVE-2022-24696 Mirametrix Glance before 5.1.1.42207 (released on 2018-08-30) allows a local attacker to elevate pri...
CVE-2022-24697 Apache Kylin prior to 4.0.2 allows command injection when the configuration overwrites function overwrites system parameters
S
CVE-2022-24700 An issue was discovered in WinAPRS 2.9.0. A buffer overflow in DIGI address processing for VHF KISS ...
E
CVE-2022-24701 An issue was discovered in WinAPRS 2.9.0. A buffer overflow in national.txt processing allows a loca...
E
CVE-2022-24702 An issue was discovered in WinAPRS 2.9.0. A buffer overflow in the VHF KISS TNC component allows a r...
E
CVE-2022-24704 Buffer Overflow via Crafted IPv6 Addr Attribute Type Client Request in Accel-PPP v1.12
S
CVE-2022-24705 Buffer Overflow via Crafted Ipv6 Prefix Attribute Type Client Request in accel-ppp v1.12
S
CVE-2022-24706 Remote Code Execution Vulnerability in Packaging
KEV E S
CVE-2022-24707 SQL injection in anuko timetracker
E S
CVE-2022-24708 Stored XSS vulnerability in anuko/timetracker
S
CVE-2022-24709 Cross site scripting in @awsui/components-react
CVE-2022-24710 Cross-site Scripting in Weblate
S
CVE-2022-24711 Remote CLI Command Execution Vulnerability in CodeIgniter4
S
CVE-2022-24712 Cross-Site Request Forgery (CSRF) Protection Bypass Vulnerability in CodeIgniter4
M
CVE-2022-24713 Regular expression denial of service in Rust's regex crate
S
CVE-2022-24714 Disclosure of hosts and related data, linked to decommissioned services in Icinga Web 2
S
CVE-2022-24715 Arbitrary code execution for authenticated users in Icinga Web 2
S
CVE-2022-24716 Path traversal in Icinga Web 2
S
CVE-2022-24717 Cross Site Scripting (XSS) in ssr-pages
S
CVE-2022-24718 Path Traversal in ssr-pages
S
CVE-2022-24719 Unauthorized forwarding of confidential headers in fluture-node
S
CVE-2022-24720 Improper Input Validation in image_processing
E S
CVE-2022-24721 Incorrect Authorization in org.cometd.oort
CVE-2022-24722 Cross-site Scripting in view_component
S
CVE-2022-24723 Improper Input Validation in URI.js
E S
CVE-2022-24724 Integer overflow in table parsing extension leads to heap memory corruption
E
CVE-2022-24725 Exposure of home directory through shescape on Unix with Bash
E S
CVE-2022-24726 Unauthenticated control plane denial of service attack in Istio
S
CVE-2022-24727 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-23915. Reason: This candidat...
R
CVE-2022-24728 Cross-site Scripting in CKEditor4
S
CVE-2022-24729 Regular expression Denial of Service in dialog plugin
S
CVE-2022-24730 Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server
CVE-2022-24731 Path traversal allows leaking out-of-bound files from Argo CD repo-server
CVE-2022-24732 Maddy Mail Server does not implement account expiry
S
CVE-2022-24733 Improper Restriction of Rendered UI Layers or Frames in Sylius
M
CVE-2022-24734 Remote code execution in mybb
E S
CVE-2022-24735 Lua scripts can be manipulated to overcome ACL rules in Redis
E S
CVE-2022-24736 A Malformed Lua script can crash Redis
E S
CVE-2022-24737 Exposure of Sensitive Information to an Unauthorized Actor in httpie
E S
CVE-2022-24738 Account compromise in Evmos
S
CVE-2022-24739 Server-Side Request Forgery (SSRF) and URL Redirection to Untrusted Site ('Open Redirect') in alltube
S
CVE-2022-24740 Improper Authentication in Volto
S
CVE-2022-24741 High memory usage in Nextcloud server
E S
CVE-2022-24742 Exposure of Sensitive Information Due to Incompatible Policies in Sylius
M
CVE-2022-24743 Insufficient Session Expiration in Sylius
E
CVE-2022-24744 Insufficient Session Expiration in shopware
S
CVE-2022-24745 Guest session is shared between customers in shopware
S
CVE-2022-24746 HTML injection possibility in voucher code form
S
CVE-2022-24747 HTTP caching is marking private HTTP headers as public
S
CVE-2022-24748 Incorrect Authentication in shopware
S
CVE-2022-24749 Basic Cross-site Scripting and Unrestricted Upload of File with Dangerous Type in Sylius
E
CVE-2022-24750 Low privilege user is able to exploit the service and gain SYSTEM privileges in UltraVNC server
S
CVE-2022-24751 Race condition in Zulip
S
CVE-2022-24752 SQL Injection through sorting parameters in SyliusGridBundle
S
CVE-2022-24753 Code injection in Stripe CLI on windows
S
CVE-2022-24754 Buffer overflow in pjsip
S
CVE-2022-24755 Incorrect Authorization in Bareos Director
E S
CVE-2022-24756 Missing Release of Memory after Effective Lifetime in Bareos Director
E S
CVE-2022-24757 Sensitive Auth & Cookie data stored in Jupyter server logs
S
CVE-2022-24758 Insertion of Sensitive Information into Log File affects Jupyter Notebook
CVE-2022-24759 Failure to validate signature during handshake in @chainsafe/libp2p-noise
S
CVE-2022-24760 Command Injection in Parse server
E S
CVE-2022-24761 HTTP Request Smuggling in waitress
S
CVE-2022-24762 Exposure of Sensitive Information to an Unauthorized Actor in sysend.js
E S
CVE-2022-24763 Infinite Loop in PJSIP
S
CVE-2022-24764 Stack buffer overflow in pjproject
S
CVE-2022-24765 Uncontrolled search for the Git directory in Git for Windows
M
CVE-2022-24766 Insufficient Protection against HTTP Request Smuggling in mitmproxy
S
CVE-2022-24767 GitHub: Git for Windows' uninstaller vulnerable to DLL hijacking when run under the SYSTEM user acco...
S
CVE-2022-24768 Improper access control allows admin privilege escalation in Argo CD
S
CVE-2022-24769 Default inheritable capabilities for linux container should be empty
S
CVE-2022-24770 Improper Neutralization of Formula Elements in a CSV File in Gradio Flagging
S
CVE-2022-24771 Improper Verification of Cryptographic Signature in node-forge
S
CVE-2022-24772 Improper Verification of Cryptographic Signature in `node-forge`
S
CVE-2022-24773 Improper Verification of Cryptographic Signature in `node-forge`
S
CVE-2022-24774 Improper Input Validation leading to Path Traversal in CycloneDX BOM Repository Server
S
CVE-2022-24775 Improper Input Validation in guzzlehttp/psr7
S
CVE-2022-24776 Open Redirect in Flask-AppBuilder
S
CVE-2022-24777 Denial of Service via reachable assertion in grpc-swift
S
CVE-2022-24778 Incorrect Authorization in imgcrypt
E S
CVE-2022-24780 Code Injection in Combodo iTop
E S
CVE-2022-24781 Malicious users can take over the session of other players
S
CVE-2022-24782 Secure category names leaked via user activity export in Discourse
S
CVE-2022-24783 Sandbox bypass leading to arbitrary code execution in Deno
CVE-2022-24784 Discoverability of user password hash in Statamic CMS
S
CVE-2022-24785 Path Traversal in Moment.js
S
CVE-2022-24786 Potential out-of-bound read/write in PJSIP
S
CVE-2022-24787 Incorrect Comparison in Vyper
S
CVE-2022-24788 Buffer overflow in Vyper
S
CVE-2022-24789 Deserialization of untrusted data in C1 CMS.
CVE-2022-24790 HTTP Request Smuggling in puma
S
CVE-2022-24791 Use after free in Wasmtime
S
CVE-2022-24792 Potential infinite loop when parsing WAV format file in PJSIP
S
CVE-2022-24793 Potential heap buffer overflow when parsing DNS packets in PJSIP
S
CVE-2022-24794 Open Redirect in express-openid-connect
S
CVE-2022-24795 Buffer Overflow and Integer Overflow in yajl-ruby
E S
CVE-2022-24796 Remote Command Injection in RaspberryMatic
S
CVE-2022-24797 Exposure of Sensitive Information in Pomerium
S
CVE-2022-24798 Insufficient password hash filtering in some IRRd queries and exports
S
CVE-2022-24799 Cross Site Scripting in Wire Webapp
S
CVE-2022-24800 Race Condition in October CMS upload process
S
CVE-2022-24801 HTTP Request Smuggling in twisted.web
S
CVE-2022-24802 Prototype Pollution in deepmerge-ts
S
CVE-2022-24803 Command Injection vulnerability in asciidoctor-include-ext
E S
CVE-2022-24804 Private group name exposure in discourse
S
CVE-2022-24805 net-snmp: A buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB can cause an out-of-bounds memory access.
S
CVE-2022-24806 net-snmp vulnerable to Improper Input Validation when SETing malformed OIDs in master agent and subagent simultaneously
S
CVE-2022-24807 net-snmp: A malformed OID in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an out-of-bounds memory access
S
CVE-2022-24808 net-snmp: A malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference
S
CVE-2022-24809 net-snmp: A malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference
S
CVE-2022-24810 net-snmp: A malformed OID in a SET to the nsVacmAccessTable can cause a NULL pointer dereference.
CVE-2022-24811 Cross-site Scripting in Combodo iTop
E S
CVE-2022-24812 FGAC API Key privilege escalation in Grafana
S
CVE-2022-24813 Authentication Bypass Using an Alternate Path or Channel in CreateWiki
S
CVE-2022-24814 Cross-site Scripting in Directus
S
CVE-2022-24815 SQL Injection when creating an application with Reactive SQL backend
E S
CVE-2022-24816 Improper Control of Generation of Code in jai-ext
KEV S
CVE-2022-24817 Improper kubeconfig validation allows arbitrary code execution
S
CVE-2022-24818 Unchecked JNDI lookups in GeoTools
S
CVE-2022-24819 Unauthenticated user can retrieve the list of users through uorgsuggest.vm
E S
CVE-2022-24820 Unauthenticated user can list hidden document from multiple velocity templates
E
CVE-2022-24821 Incorrect Use of Privileged APIs in org.xwiki.platform.skin.skinx
E S
CVE-2022-24822 Denial of Service in @podium/layout and @podium/proxy
S
CVE-2022-24823 Local Information Disclosure Vulnerability in io.netty:netty-codec-http
E S
CVE-2022-24824 Anonymous user cache poisoning in discourse
S
CVE-2022-24825 Smokescreen SSRF via deny list bypass
CVE-2022-24826 Git LFS can execute a binary from the current directory on Windows
CVE-2022-24827 SQL Injection in elide-datastore-aggregation
S
CVE-2022-24828 Missing input validation can lead to command execution in composer
S
CVE-2022-24829 Missing authentication in Garden
S
CVE-2022-24830 Path Traversal in OpenClinica
E S
CVE-2022-24831 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in OpenClinica
S
CVE-2022-24832 Bundled ldap-authentication-plugin fails to neutralise LDAP special elements in usernames
S
CVE-2022-24833 Persistent Cross-site Scripting (XSS) vulnerability in PrivateBin
E S
CVE-2022-24834 Heap overflow issue with the Lua cjson library used by Redis
CVE-2022-24836 Inefficient Regular Expression Complexity in Nokogiri
S
CVE-2022-24837 Enumerable upload file names in hedgedoc
S
CVE-2022-24838 Command Injection in Appointment Emails for Nextcloud Calendar
S
CVE-2022-24839 Uncontrolled Resource Consumption in org.cyberneko.html (nokogiri fork)
S
CVE-2022-24840 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in django-s3file
E S
CVE-2022-24841 Improper Authorization in github.com/fleetdm/fleet
S
CVE-2022-24842 Improper Privilege Management in MinIO
E S
CVE-2022-24843 Path Traversal in github.com/flipped-aurora/gin-vue-admin
S
CVE-2022-24844 SQL Injection in github.com/flipped-aurora/gin-vue-admin
E S
CVE-2022-24845 Integer bounds error in Vyper
E S
CVE-2022-24846 Unchecked JNDI lookups in GeoWebCache
CVE-2022-24847 Improper Input Validation in GeoServer
M
CVE-2022-24848 SQL Injection in DHIS2's in OrgUnit program association
S
CVE-2022-24849 Contact to DisCatSharp-owned server using authenticated client
M
CVE-2022-24850 Category group permissions leaked in Discourse
CVE-2022-24851 Stored XSS and path traversal in LDAPAccountManager/lam
E S
CVE-2022-24853 File system exposure in Metabase
E
CVE-2022-24854 Database bypassing any permissions in Metabase via SQlite attach
CVE-2022-24855 XSS vulnerability in Metabase
CVE-2022-24856 Server-Side Request Forgery in FlyteConsole
S
CVE-2022-24857 Multi factor authentication bypass in django-mfa3
S
CVE-2022-24858 Default redirect callback vulnerable to open redirects
M
CVE-2022-24859 Manipulated inline images can cause Infinite Loop in PyPDF2
E S
CVE-2022-24860 Databasir 1.01 has Use of Hard-coded Cryptographic Key vulnerability.
E
CVE-2022-24861 Remote Code Execution in Databasir
E S
CVE-2022-24862 Server-Side Request Forgery in Databasir
E
CVE-2022-24863 Denial of service in http-swagger
S
CVE-2022-24864 Malicious Javascript injection in OriginProtocol/origin-website
S
CVE-2022-24865 Improper access control in humhub
E S
CVE-2022-24866 Exposure of Sensitive Information to an Unauthorized Actor in Discourse Assign
S
CVE-2022-24867 LDAP password exposure in glpi
S
CVE-2022-24868 Cross site scripting via SVG file upload in GLPI
S
CVE-2022-24869 Cross Site Scripting in GLPI
S
CVE-2022-24870 Stored Cross-site Scripting in Combodo iTop
E S
CVE-2022-24871 Server-Side Request Forgery (SSRF) in Shopware
S
CVE-2022-24872 Improper Access Control in shopware
S
CVE-2022-24873 Non-Stored Cross-site Scripting in Shopware storefront
CVE-2022-24874 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-28820. Reason: This candidat...
R
CVE-2022-24875 Potential Secrets being logged to disk in CVEProject/cve-services
S
CVE-2022-24876 Stored cross site scrpting in GLPI's Kanban
S
CVE-2022-24877 Improper path handling in kustomization files allows path traversal
CVE-2022-24878 Improper path handling in Kustomization files allows for denial of service
CVE-2022-24879 Malfunction of Cross-Site Request Forgery token validation
CVE-2022-24880 Potential Captcha Validate Bypass in flask-session-captcha
S
CVE-2022-24881 Command Injection in Ballcat Codegen
E S
CVE-2022-24882 Server side NTLM does not properly check parameters in FreeRDP
E S
CVE-2022-24883 FreeRDP Server authentication might allow invalid credentials to pass
S
CVE-2022-24884 Trivial signature forgery in ecdsautils
S
CVE-2022-24885 Improper Authentication in Nextcloud Android Files
E S
CVE-2022-24886 Exposure of Sensitive Information to an Unauthorized Actor in com.nextcloud.client
CVE-2022-24887 Open Redirect in Nextcloud Talk
E S
CVE-2022-24888 Possible Injection in Nextcloud Server
S
CVE-2022-24889 Insufficient Verification of Data Authenticity in Nextcloud Server
E
CVE-2022-24890 Exposure of Private Personal Information to an Unauthorized Actor in Nextcloud Talk
E S
CVE-2022-24891 Cross-site Scripting in org.owasp.esapi:esapi -- antisamy-esapi.xml configuration file
E S
CVE-2022-24892 Multiple valid tokens for password reset in Shopware
S
CVE-2022-24893 Espressif Bluetooth Mesh Stack Vulnerable to Out-of-bounds Write leading to memory buffer corruption
S
CVE-2022-24894 Symfony storing cookie headers in HttpCache
S
CVE-2022-24895 Symfony vulnerable to Session Fixation of CSRF tokens
S
CVE-2022-24896 Tracker report renderer and chart widgets leak information in Tuleap
S
CVE-2022-24897 Arbitrary filesystem write access from Velocity
E S
CVE-2022-24898 Arbitrary file access through XML parsing in org.xwiki.commons:xwiki-commons-xml
E S
CVE-2022-24899 Cross site scripting via canonical tag
S
CVE-2022-24900 Absolute Path Traversal due to incorrect use of `send_file` call in Piano LED Visualizer
E S
CVE-2022-24901 Authentication bypass and denial of service (DoS) vulnerabilities in Apple Game Center auth adapter
CVE-2022-24902 Memory issue in playing videos
CVE-2022-24903 Buffer overflow in TCP syslog server (receiver) components in rsyslog
S
CVE-2022-24904 Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server
M
CVE-2022-24905 Argo CD login screen allows message spoofing if SSO is enabled
CVE-2022-24906 Error in deleting deck cards attachment reveals the full application path in Nextcloud Deck
E S
CVE-2022-24907 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo...
CVE-2022-24908 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo...
CVE-2022-24910 A buffer overflow vulnerability exists in the httpd parse_ping_result API functionality of InHand Ne...
E
CVE-2022-24912 Timing Attack
E S
CVE-2022-24913 Versions of the package com.fasterxml.util:java-merge-sort before 1.1.0 are vulnerable to Insecure T...
S
CVE-2022-24914 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i...
R
CVE-2022-24915 ICSA-22-062-01 IPCOMM ipDIO
S
CVE-2022-24916 Optimism before @eth-optimism/l2geth@0.5.11 allows economic griefing because a balance is duplicated...
E S
CVE-2022-24917 Reflected XSS in service configuration window of Zabbix Frontend
S
CVE-2022-24918 Reflected XSS in item configuration window of Zabbix Frontend
S
CVE-2022-24919 Reflected XSS in graph configuration window of Zabbix Frontend
S
CVE-2022-24921 regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply ne...
CVE-2022-24923 Improper access control vulnerability in Samsung SearchWidget prior to versions 2.3.00.6 in China mo...
CVE-2022-24924 An improper access control in LiveWallpaperService prior to versions 3.0.9.0 allows to create a spec...
CVE-2022-24925 Improper input validation vulnerability in SettingsProvider prior to Android S(12) allows privileged...
CVE-2022-24926 Improper input validation vulnerability in SmartTagPlugin prior to version 1.2.15-6 allows privilege...
CVE-2022-24927 Improper privilege management vulnerability in Samsung Video Player prior to version 7.3.15.30 allow...
CVE-2022-24928 Security misconfiguration of RKP in kernel prior to SMR Mar-2022 Release 1 allows a system not to be...
CVE-2022-24929 Unprotected Activity in AppLock prior to SMR Mar-2022 Release 1 allows attacker to change the list o...
CVE-2022-24930 An Improper access control vulnerability in StRetailModeReceiver in Wear OS 3.0 prior to Firmware up...
CVE-2022-24931 Improper access control vulnerability in dynamic receiver in ApkInstaller prior to SMR MAR-2022 Rele...
CVE-2022-24932 Improper Protection of Alternate Path vulnerability in Setup wizard process prior to SMR Mar-2022 Re...
CVE-2022-24934 wpsupdater.exe in Kingsoft WPS Office through 11.2.0.10382 allows remote code execution by modifying...
E
CVE-2022-24935 Lexmark products through 2022-02-10 have Incorrect Access Control....
M
CVE-2022-24936 Gecko Standalone Bootloader vulnerability may allow bypassing application secure boot in some Series 2 devices
E S
CVE-2022-24937 Malformed Zigbee packet causes Assert in EmberZNet 7.0.0 or earlier
CVE-2022-24938 Malformed Zigbee packet causes Assert in EmberZNet 7.0.1 or earlier
S
CVE-2022-24939 Malformed Zigbee packet with invalid destination address causes Assert
CVE-2022-24940 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse...
R
CVE-2022-24941 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse...
R
CVE-2022-24942 Heap-based buffer overflow in MicriumOS HTTP Server allows potential remote code execution
E S
CVE-2022-24943 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse...
R
CVE-2022-24944 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse...
R
CVE-2022-24945 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...
R
CVE-2022-24946 Improper Resource Locking vulnerability in Mitsubishi Electric MELSEC iQ-R Series R12CCPU-V firmware...
CVE-2022-24947 Apache JSPWiki CSRF Account Takeover
M
CVE-2022-24948 Apache JSPWiki Cross-site scripting vulnerability on User Preferences screen
CVE-2022-24949 A privilege escalation to root exists in Eternal Terminal prior to version 6.2.0. This is due to the...
E S
CVE-2022-24950 A race condition exists in Eternal Terminal prior to version 6.2.0 that allows an authenticated atta...
E S
CVE-2022-24951 A race condition exists in Eternal Terminal prior to version 6.2.0 which allows a local attacker to ...
E S
CVE-2022-24952 Several denial of service vulnerabilities exist in Eternal Terminal prior to version 6.2.0, includin...
E
CVE-2022-24953 The Crypt_GPG extension before 1.6.7 for PHP does not prevent additional options in GPG calls, which...
S
CVE-2022-24954 Foxit PDF Reader before 11.2.1 and Foxit PDF Editor before 11.2.1 have a Stack-Based Buffer Overflow...
E S
CVE-2022-24955 Foxit PDF Reader before 11.2.1 and Foxit PDF Editor before 11.2.1 have an Uncontrolled Search Path E...
S
CVE-2022-24956 An issue was discovered in Shopware B2B-Suite through 4.4.1. The sort-by parameter of the search fun...
E M
CVE-2022-24957 DHC Vision eQMS through 5.4.8.322 has Persistent XSS due to insufficient encoding of untrusted input...
E M
CVE-2022-24958 drivers/usb/gadget/legacy/inode.c in the Linux kernel through 5.16.8 mishandles dev->buf release....
S
CVE-2022-24959 An issue was discovered in the Linux kernel before 5.16.5. There is a memory leak in yam_siocdevpriv...
S
CVE-2022-24960 Use after free vulnerability in PDFTron SDK
S
CVE-2022-24961 In Portainer Agent before 2.11.1, an API server can continue running even if not associated with a P...
S
CVE-2022-24963 Apache Portable Runtime (APR): out-of-bound writes in the apr_encode family of functions
CVE-2022-24967 Black Rainbow NIMBUS before 3.7.0 allows stored Cross-site Scripting (XSS)....
CVE-2022-24968 In Mellium mellium.im/xmpp through 0.21.0, an attacker capable of spoofing DNS TXT records can redir...
CVE-2022-24969 bypass of CVE-2021-25640
CVE-2022-24971 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo...
S
CVE-2022-24972 This vulnerability allows network-adjacent attackers to disclose sensitive information on affected i...
CVE-2022-24973 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat...
CVE-2022-24974 Links may not be rewritten according to policy in some specially formatted emails....
CVE-2022-24975 The --mirror documentation for Git through 2.35.1 does not mention the availability of deleted conte...
E
CVE-2022-24976 Atheme IRC Services before 7.2.12, when used in conjunction with InspIRCd, allows authentication byp...
E S
CVE-2022-24977 ImpressCMS before 1.4.2 allows unauthenticated remote code execution via ...../// directory traversa...
E S
CVE-2022-24978 Zoho ManageEngine ADAudit Plus before 7055 allows authenticated Privilege Escalation on Integrated p...
S
CVE-2022-24979 An issue was discovered in the Varnishcache extension before 2.0.1 for TYPO3. The Edge Site Includes...
S
CVE-2022-24980 An issue was discovered in the Kitodo.Presentation (aka dif) extension before 2.3.2, 3.x before 3.2....
CVE-2022-24981 A reflected cross-site scripting (XSS) vulnerability in forms generated by JQueryForm.com before 202...
CVE-2022-24982 Forms generated by JQueryForm.com before 2022-02-05 allows a remote authenticated attacker to access...
CVE-2022-24983 Forms generated by JQueryForm.com before 2022-02-05 allow remote attackers to obtain the URI to any ...
CVE-2022-24984 Forms generated by JQueryForm.com before 2022-02-05 (if file-upload capability is enabled) allow rem...
CVE-2022-24985 Forms generated by JQueryForm.com before 2022-02-05 allows a remote authenticated attacker to bypass...
CVE-2022-24986 KDE KCron through 21.12.2 uses a temporary file in /tmp when saving, but reuses the filename during ...
CVE-2022-24988 In galois_2p8 before 0.1.2, PrimitivePolynomialField::new has an off-by-one buffer overflow for a ve...
CVE-2022-24989 TerraMaster NAS through 4.2.30 allows remote WAN attackers to execute arbitrary code as root via the...
E
CVE-2022-24990 TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative password b...
KEV E
CVE-2022-24992 A vulnerability in the component process.php of QR Code Generator v5.2.7 allows attackers to perform...
E M
CVE-2022-24995 Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetSysTime....
E
CVE-2022-24999 qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a N...
E S
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.