| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2022-34000 | libjxl 0.6.1 has an assertion failure in LowMemoryRenderPipeline::Init() in render_pipeline/low_memo... | E S | |
| CVE-2022-34001 | Unit4 ERP through 7.9 allows XXE via ExecuteServerProcessAsynchronously.... | E | |
| CVE-2022-34002 | The ‘document’ parameter of PDS Vista 7’s /application/documents/display.aspx page is vulnerable to ... | E | |
| CVE-2022-34005 | An issue was discovered in TitanFTP (aka Titan FTP) NextGen before 1.2.1050. There is Remote Code Ex... | | |
| CVE-2022-34006 | An issue was discovered in TitanFTP (aka Titan FTP) NextGen before 1.2.1050. When installing, Micros... | | |
| CVE-2022-34007 | EQS Integrity Line Professional through 2022-07-01 allows a stored XSS via a crafted whistleblower e... | E | |
| CVE-2022-34008 | Comodo Antivirus 12.2.2.8012 has a quarantine flaw that allows privilege escalation. To escalate pri... | E | |
| CVE-2022-34009 | Fossil 2.18 on Windows allows attackers to cause a denial of service (daemon crash) via an XSS paylo... | E | |
| CVE-2022-34011 | OneBlog v2.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the ... | E | |
| CVE-2022-34012 | Insecure permissions in OneBlog v2.3.4 allows low-level administrators to reset the passwords of hig... | E | |
| CVE-2022-34013 | OneBlog v2.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the ... | E | |
| CVE-2022-34020 | Cross Site Request Forgery (CSRF) vulnerability in ResIOT ResIOT IOT Platform + LoRaWAN Network Serv... | E | |
| CVE-2022-34021 | Multiple Cross Site Scripting (XSS) vulnerabilities in ResIOT IOT Platform + LoRaWAN Network Server ... | E S | |
| CVE-2022-34022 | SQL injection vulnerability in ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 via ... | E | |
| CVE-2022-34023 | Barangay Management System v1.0 was discovered to contain a SQL injection vulnerability via the hidd... | | |
| CVE-2022-34024 | Barangay Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via... | E | |
| CVE-2022-34025 | Vesta v1.0.0-5 was discovered to contain a cross-site scripting (XSS) vulnerability via the post fun... | E | |
| CVE-2022-34026 | ICEcoder v8.1 allows attackers to execute a directory traversal.... | E | |
| CVE-2022-34027 | Nginx NJS v0.7.4 was discovered to contain a segmentation violation via njs_value_property at njs_va... | E | |
| CVE-2022-34028 | Nginx NJS v0.7.5 was discovered to contain a segmentation violation via njs_utf8_next at src/njs_utf... | E | |
| CVE-2022-34029 | Nginx NJS v0.7.4 was discovered to contain an out-of-bounds read via njs_scope_value at njs_scope.h.... | E S | |
| CVE-2022-34030 | Nginx NJS v0.7.5 was discovered to contain a segmentation violation via njs_djb_hash at src/njs_djb_... | E | |
| CVE-2022-34031 | Nginx NJS v0.7.5 was discovered to contain a segmentation violation via njs_value_to_number at src/n... | E | |
| CVE-2022-34032 | Nginx NJS v0.7.5 was discovered to contain a segmentation violation in the function njs_value_own_en... | E | |
| CVE-2022-34033 | HTMLDoc v1.9.15 was discovered to contain a heap overflow via (write_header) /htmldoc/htmldoc/html.c... | E S | |
| CVE-2022-34035 | HTMLDoc v1.9.12 and below was discovered to contain a heap overflow via e_node htmldoc/htmldoc/html.... | E S | |
| CVE-2022-34037 | An out-of-bounds read in the rewrite function at /modules/caddyhttp/rewrite/rewrite.go in Caddy v2.5... | E S | |
| CVE-2022-34038 | Etcd v3.5.4 allows remote attackers to cause a denial of service via function PageWriter.write in pa... | S | |
| CVE-2022-34042 | Barangay Management System v1.0 was discovered to contain a SQL injection vulnerability via the hidd... | E | |
| CVE-2022-34043 | Incorrect permissions for the folder C:\ProgramData\NoMachine\var\uninstall of Nomachine v7.9.2 allo... | E | |
| CVE-2022-34045 | Wavlink WN530HG4 M30HG4.V5030.191116 was discovered to contain a hardcoded encryption/decryption key... | E | |
| CVE-2022-34046 | An access control issue in Wavlink WN533A8 M33A8.V5030.190716 allows attackers to obtain usernames a... | E | |
| CVE-2022-34047 | An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows attackers to obtain usernames... | E | |
| CVE-2022-34048 | Wavlink WN533A8 M33A8.V5030.190716 was discovered to contain a reflected cross-site scripting (XSS) ... | E | |
| CVE-2022-34049 | An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows unauthenticated attackers to ... | E | |
| CVE-2022-34053 | The DR-Web-Engine package in PyPI v0.2.0b0 was discovered to contain a code execution backdoor via t... | E | |
| CVE-2022-34054 | The Perdido package in PyPI v0.0.1 to v0.0.2 was discovered to contain a code execution backdoor via... | E | |
| CVE-2022-34055 | The drxhello package in PyPI v0.0.1 was discovered to contain a code execution backdoor via the requ... | E | |
| CVE-2022-34056 | The Watertools package in PyPI v0.0.0 was discovered to contain a code execution backdoor via the re... | E | |
| CVE-2022-34057 | The Scoptrial package in PyPI version v0.0.5 was discovered to contain a code execution backdoor via... | | |
| CVE-2022-34059 | The Sixfab-Tool in PyPI v0.0.2 to v0.0.3 was discovered to contain a code execution backdoor via the... | E | |
| CVE-2022-34060 | The Togglee package in PyPI version v0.0.8 was discovered to contain a code execution backdoor. This... | E | |
| CVE-2022-34061 | The Catly-Translate package in PyPI v0.0.3 to v0.0.5 was discovered to contain a code execution back... | E | |
| CVE-2022-34064 | The Zibal package in PyPI v1.0.0 was discovered to contain a code execution backdoor. This vulnerabi... | | |
| CVE-2022-34065 | The Rondolu-YT-Concate package in PyPI v0.1.0 was discovered to contain a code execution backdoor. T... | E | |
| CVE-2022-34066 | The Texercise package in PyPI v0.0.1 to v0.0.12 was discovered to contain a code execution backdoor.... | E S | |
| CVE-2022-34067 | Warehouse Management System v1.0 was discovered to contain a SQL injection vulnerability via the car... | E | |
| CVE-2022-34092 | Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting ... | E | |
| CVE-2022-34093 | Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting ... | E | |
| CVE-2022-34094 | Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting ... | E | |
| CVE-2022-34100 | A vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in wh... | | |
| CVE-2022-34101 | A vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in wh... | | |
| CVE-2022-34102 | Insufficient access control vulnerability was discovered in the Crestron AirMedia Windows Applicatio... | | |
| CVE-2022-34108 | An issue in the Feature Navigator of Micro-Star International MSI Feature Nagivator v1.0.1808.0901 a... | E | |
| CVE-2022-34109 | An issue in Micro-Star International MSI Feature Navigator v1.0.1808.0901 allows attackers to write ... | E | |
| CVE-2022-34110 | An issue in Micro-Star International MSI Feature Navigator v1.0.1808.0901 allows attackers to downlo... | E | |
| CVE-2022-34112 | An access control issue in the component /api/plugin/uninstall Dataease v1.11.1 allows attackers to ... | E | |
| CVE-2022-34113 | An issue in the component /api/plugin/upload of Dataease v1.11.1 allows attackers to execute arbitra... | E | |
| CVE-2022-34114 | Dataease v1.11.1 was discovered to contain a SQL injection vulnerability via the parameter dataSourc... | E S | |
| CVE-2022-34115 | DataEase v1.11.1 was discovered to contain a arbitrary file write vulnerability via the parameter da... | E S | |
| CVE-2022-34120 | Barangay Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerabilit... | E | |
| CVE-2022-34121 | Cuppa CMS v1.0 was discovered to contain a local file inclusion (LFI) vulnerability via the componen... | E | |
| CVE-2022-34125 | front/icon.send.php in the CMDB plugin before 3.0.3 for GLPI allows attackers to gain read access to... | | |
| CVE-2022-34126 | The Activity plugin before 3.1.1 for GLPI allows reading local files via directory traversal in the ... | | |
| CVE-2022-34127 | The Managentities plugin before 4.0.2 for GLPI allows reading local files via directory traversal in... | | |
| CVE-2022-34128 | The Cartography (aka positions) plugin before 6.0.1 for GLPI allows remote code execution via PHP co... | | |
| CVE-2022-34132 | Benjamin BALET Jorani v1.0 was discovered to contain a SQL injection vulnerability via the id parame... | E S | |
| CVE-2022-34133 | Benjamin BALET Jorani v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via ... | S | |
| CVE-2022-34134 | Benjamin BALET Jorani v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the com... | S | |
| CVE-2022-34138 | Insecure direct object references (IDOR) in the web server of Biltema IP and Baby Camera Software v1... | | |
| CVE-2022-34140 | A stored cross-site scripting (XSS) vulnerability in /index.php?r=site%2Fsignup of Feehi CMS v2.1.1 ... | E | |
| CVE-2022-34144 | Reachable assertion in Modem | | |
| CVE-2022-34145 | Buffer over-read in WLAN Host | | |
| CVE-2022-34146 | Improper input validation in WLAN Host | | |
| CVE-2022-34147 | Improper input validation in BIOS firmware for some Intel(R) NUC 9 Extreme Laptop Kits, Intel(R) NUC... | | |
| CVE-2022-34148 | WordPress Backup Guard Plugin <= 1.6.9.0 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2022-34149 | WordPress WP OAuth Server plugin <= 3.0.4 - Authentication Bypass vulnerability | S | |
| CVE-2022-34150 | ICSA-22-200-01 MiCODUS MV720 GPS tracker Authorization Bypass Through User-Controlled Key | M | |
| CVE-2022-34151 | Use of hard-coded credentials vulnerability exists in Machine automation controller NJ series all mo... | M | |
| CVE-2022-34152 | Improper input validation in BIOS firmware for some Intel(R) NUC Boards, Intel(R) NUC Kits before ve... | S | |
| CVE-2022-34153 | Improper initialization in the Intel(R) Battery Life Diagnostic Tool software before version 2.2.0 m... | | |
| CVE-2022-34154 | WordPress Enable SVG, WebP & ICO Upload plugin <= 1.0.1 - Authenticated Arbitrary File Upload vulnerability | | |
| CVE-2022-34155 | WordPress OAuth Single Sign On – SSO (OAuth Client) Plugin <= 6.23.3 is vulnerable to Broken Authentication | E S | |
| CVE-2022-34156 | 'Hulu / フールー' App for iOS versions prior to 3.0.81 improperly verifies server certificates, which ma... | | |
| CVE-2022-34157 | Improper access control in the Intel(R) FPGA SDK for OpenCL(TM) with Intel(R) Quartus(R) Prime Pro E... | | |
| CVE-2022-34158 | User Group Privilege Escalation | M | |
| CVE-2022-34159 | Huawei printers have an input verification vulnerability. Successful exploitation of this vulnerabil... | | |
| CVE-2022-34160 | IBM CICS TX Standard and Advanced 11.1 is vulnerable to HTML injection. A remote attacker could inje... | S | |
| CVE-2022-34161 | IBM CICS TX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execut... | S | |
| CVE-2022-34162 | IBM CICS TX 11.1 could allow a remote attacker to hijack the clicking action of the victim. By persu... | | |
| CVE-2022-34163 | IBM CICS TX 11.1 is vulnerable to HTTP header injection, caused by improper validation of input by t... | S | |
| CVE-2022-34164 | IBM CICS TX 11.1 could allow a local user to impersonate another legitimate user due to improper inp... | S | |
| CVE-2022-34165 | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server Liberty... | S | |
| CVE-2022-34166 | IBM CICS TX Standard and Advanced 11.1 is vulnerable to cross-site scripting. This vulnerability all... | S | |
| CVE-2022-34167 | IBM CICS TX Standard and Advanced 11.1 is vulnerable to stored cross-site scripting. This vulnerabil... | S | |
| CVE-2022-34169 | Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets | S | |
| CVE-2022-34170 | In Jenkins 2.320 through 2.355 (both inclusive) and LTS 2.332.1 through LTS 2.332.3 (both inclusive)... | | |
| CVE-2022-34171 | In Jenkins 2.321 through 2.355 (both inclusive) and LTS 2.332.1 through LTS 2.332.3 (both inclusive)... | | |
| CVE-2022-34172 | In Jenkins 2.340 through 2.355 (both inclusive) symbol-based icons unescape previously escaped value... | | |
| CVE-2022-34173 | In Jenkins 2.340 through 2.355 (both inclusive) the tooltip of the build button in list views suppor... | | |
| CVE-2022-34174 | In Jenkins 2.355 and earlier, LTS 2.332.3 and earlier, an observable timing discrepancy on the login... | | |
| CVE-2022-34175 | Jenkins 2.335 through 2.355 (both inclusive) allows attackers in some cases to bypass a protection m... | | |
| CVE-2022-34176 | Jenkins JUnit Plugin 1119.va_a_5e9068da_d7 and earlier does not escape descriptions of test results,... | | |
| CVE-2022-34177 | Jenkins Pipeline: Input Step Plugin 448.v37cea_9a_10a_70 and earlier archives files uploaded for `fi... | | |
| CVE-2022-34178 | Jenkins Embeddable Build Status Plugin 2.0.3 allows specifying a 'link' query parameter that build s... | | |
| CVE-2022-34179 | Jenkins Embeddable Build Status Plugin 2.0.3 and earlier allows specifying a `style` query parameter... | | |
| CVE-2022-34180 | Jenkins Embeddable Build Status Plugin 2.0.3 and earlier does not correctly perform the ViewStatus p... | | |
| CVE-2022-34181 | Jenkins xUnit Plugin 3.0.8 and earlier implements an agent-to-controller message that creates a user... | | |
| CVE-2022-34182 | Jenkins Nested View Plugin 1.20 through 1.25 (both inclusive) does not escape search parameters, res... | | |
| CVE-2022-34183 | Jenkins Agent Server Parameter Plugin 1.1 and earlier does not escape the name and description of Ag... | | |
| CVE-2022-34184 | Jenkins CRX Content Package Deployer Plugin 1.9 and earlier does not escape the name and description... | | |
| CVE-2022-34185 | Jenkins Date Parameter Plugin 0.0.4 and earlier does not escape the name and description of Date par... | | |
| CVE-2022-34186 | Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier does not escape the name and desc... | | |
| CVE-2022-34187 | Jenkins Filesystem List Parameter Plugin 0.0.7 and earlier does not escape the name and description ... | | |
| CVE-2022-34188 | Jenkins Hidden Parameter Plugin 0.0.4 and earlier does not escape the name and description of Hidden... | | |
| CVE-2022-34189 | Jenkins Image Tag Parameter Plugin 1.10 and earlier does not escape the name and description of Imag... | | |
| CVE-2022-34190 | Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.1 and earlier does not escape the name ... | | |
| CVE-2022-34191 | Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.77 and earlier does not escape the name... | | |
| CVE-2022-34192 | Jenkins ontrack Jenkins Plugin 4.0.0 and earlier does not escape the name of Ontrack: Multi Paramete... | | |
| CVE-2022-34193 | Jenkins Package Version Plugin 1.0.1 and earlier does not escape the name of Package version paramet... | | |
| CVE-2022-34194 | Jenkins Readonly Parameter Plugin 1.0.0 and earlier does not escape the name and description of Read... | | |
| CVE-2022-34195 | Jenkins Repository Connector Plugin 2.2.0 and earlier does not escape the name and description of Ma... | | |
| CVE-2022-34196 | Jenkins REST List Parameter Plugin 1.5.2 and earlier does not escape the name and description of RES... | | |
| CVE-2022-34197 | Jenkins Sauce OnDemand Plugin 1.204 and earlier does not escape the name and description of Sauce La... | | |
| CVE-2022-34198 | Jenkins Stash Branch Parameter Plugin 0.3.0 and earlier does not escape the name and description of ... | | |
| CVE-2022-34199 | Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier stores passwords unencrypted in job config... | | |
| CVE-2022-34200 | A cross-site request forgery (CSRF) vulnerability in Jenkins Convertigo Mobile Platform Plugin 1.1 a... | | |
| CVE-2022-34201 | A missing permission check in Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier allows attac... | | |
| CVE-2022-34202 | Jenkins EasyQA Plugin 1.0 and earlier stores user passwords unencrypted in its global configuration ... | | |
| CVE-2022-34203 | A cross-site request forgery (CSRF) vulnerability in Jenkins EasyQA Plugin 1.0 and earlier allows at... | | |
| CVE-2022-34204 | A missing permission check in Jenkins EasyQA Plugin 1.0 and earlier allows attackers with Overall/Re... | | |
| CVE-2022-34205 | A cross-site request forgery (CSRF) vulnerability in Jenkins Jianliao Notification Plugin 1.1 and ea... | | |
| CVE-2022-34206 | A missing permission check in Jenkins Jianliao Notification Plugin 1.1 and earlier allows attackers ... | | |
| CVE-2022-34207 | A cross-site request forgery (CSRF) vulnerability in Jenkins Beaker builder Plugin 1.10 and earlier ... | | |
| CVE-2022-34208 | A missing permission check in Jenkins Beaker builder Plugin 1.10 and earlier allows attackers with O... | | |
| CVE-2022-34209 | A cross-site request forgery (CSRF) vulnerability in Jenkins ThreadFix Plugin 1.5.4 and earlier allo... | | |
| CVE-2022-34210 | A missing permission check in Jenkins ThreadFix Plugin 1.5.4 and earlier allows attackers with Overa... | | |
| CVE-2022-34211 | A cross-site request forgery (CSRF) vulnerability in Jenkins vRealize Orchestrator Plugin 3.0 and ea... | | |
| CVE-2022-34212 | A missing permission check in Jenkins vRealize Orchestrator Plugin 3.0 and earlier allows attackers ... | | |
| CVE-2022-34213 | Jenkins Squash TM Publisher (Squash4Jenkins) Plugin 1.0.0 and earlier stores passwords unencrypted i... | | |
| CVE-2022-34215 | Adobe Acrobat Reader DC Annotation Polygon Out-Of-Bounds Read Remote Code Execution Vulnerability | | |
| CVE-2022-34216 | Adobe Acrobat Reader DC PDF Parsing Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2022-34217 | Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2022-34218 | AEM Reflected XSS Arbitrary code execution | | |
| CVE-2022-34219 | Adobe Acrobat Reader DC Font Parsing Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2022-34220 | Acrobat Reader DC Font Parsing Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2022-34221 | Adobe Acrobat Reader Type Confusion vulnerability could lead to Arbitrary code execution | | |
| CVE-2022-34222 | Adobe Acrobat Reader DC query Out-Of-Bounds Read Remote Code Execution Vulnerability | | |
| CVE-2022-34223 | Adobe Acrobat Reader DC AcroForm currentValueIndices Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2022-34224 | Adobe Acrobat Reader DC AcroForm setItems Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2022-34225 | Adobe Acrobat Reader DC AcroForm exportValues Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2022-34226 | Adobe Acrobat Reader DC PDF Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability | | |
| CVE-2022-34227 | Adobe Acrobat Reader DC AcroForm value Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2022-34228 | Adobe Acrobat Reader DC Font Parsing Uninitialized Variable Remote Code Execution Vulnerability | | |
| CVE-2022-34229 | Adobe Acrobat Reader DC AcroForm rect Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2022-34230 | Adobe Acrobat Reader Use After Free could lead to Arbitrary code execution | | |
| CVE-2022-34232 | Adobe Acrobat Reader DC Annotation print Use-After-Free Information Disclosure Vulnerability | | |
| CVE-2022-34233 | Adobe Acrobat Reader DC Doc print Use-After-Free Information Disclosure Vulnerability | | |
| CVE-2022-34234 | Adobe Acrobat Reader DC Doc printWithParams Use-After-Free Information Disclosure Vulnerability | | |
| CVE-2022-34235 | Adobe Premiere Elements Uncontrolled Search Path Element Privilege Escalation | S | |
| CVE-2022-34236 | Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2022-34237 | Adobe Acrobat Reader DC Font Parsing Use-After-Free Information Disclosure Vulnerability | | |
| CVE-2022-34238 | Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2022-34239 | Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2022-34241 | Adobe Character Animator SVG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability | S | |
| CVE-2022-34242 | Adobe Character Animator SVG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability | S | |
| CVE-2022-34243 | Adobe Photoshop U3D File Parsing Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2022-34244 | Adobe Photoshop U3D File Parsing Access of Uninitialized Pointer Information Disclosure Vulnerability | | |
| CVE-2022-34245 | Adobe InDesign Font Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2022-34246 | Adobe InDesign Font Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2022-34247 | Adobe InDesign Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2022-34248 | Adobe InDesign Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2022-34249 | Adobe InCopy Font Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2022-34250 | Adobe InCopy Font Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2022-34251 | Adobe InCopy Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2022-34252 | Adobe InCopy Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2022-34253 | Adobe Commerce XML Injection Arbitrary code execution | | |
| CVE-2022-34254 | Adobe Commerce Improper Limitation of a Pathname to a Restricted Directory Arbitrary code execution | | |
| CVE-2022-34255 | Adobe Commerce Improper Access Control Privilege escalation | | |
| CVE-2022-34256 | Adobe Commerce Improper Authorization Privilege escalation | | |
| CVE-2022-34257 | Adobe Commerce Stored XSS Arbitrary code execution | | |
| CVE-2022-34258 | Adobe Commerce Stored XSS Arbitrary code execution | | |
| CVE-2022-34259 | Adobe Commerce Improper Access Control Security feature bypass | | |
| CVE-2022-34260 | Adobe Illustrator Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | S | |
| CVE-2022-34261 | Adobe Illustrator Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | S | |
| CVE-2022-34262 | Adobe Illustrator Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | S | |
| CVE-2022-34263 | Adobe Illustrator Font Parsing Use-After-Free Remote Code Execution Vulnerability | S | |
| CVE-2022-34264 | Adobe FrameMaker Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | S | |
| CVE-2022-34265 | An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() ... | S | |
| CVE-2022-34266 | The libtiff-4.0.3-35.amzn2.0.1 package for LibTIFF on Amazon Linux 2 allows attackers to cause a den... | M | |
| CVE-2022-34267 | An issue was discovered in RWS WorldServer before 11.7.3. Adding a token parameter with the value of... | E | |
| CVE-2022-34268 | An issue was discovered in RWS WorldServer before 11.7.3. /clientLogin deserializes Java objects wit... | E | |
| CVE-2022-34269 | An issue was discovered in RWS WorldServer before 11.7.3. An authenticated, remote attacker can perf... | E | |
| CVE-2022-34270 | An issue was discovered in RWS WorldServer before 11.7.3. Regular users can create users with the Ad... | E | |
| CVE-2022-34271 | Apache Atlas: zip path traversal in import functionality | | |
| CVE-2022-34272 | A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected applic... | | |
| CVE-2022-34273 | A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected applic... | | |
| CVE-2022-34274 | A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected applic... | | |
| CVE-2022-34275 | A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected applic... | | |
| CVE-2022-34276 | A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected applic... | | |
| CVE-2022-34277 | A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected applic... | | |
| CVE-2022-34278 | A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected applic... | | |
| CVE-2022-34279 | A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected applic... | | |
| CVE-2022-34280 | A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected applic... | | |
| CVE-2022-34281 | A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected applic... | | |
| CVE-2022-34282 | A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected applic... | | |
| CVE-2022-34283 | A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected applic... | | |
| CVE-2022-34284 | A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected applic... | | |
| CVE-2022-34285 | A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected applic... | | |
| CVE-2022-34286 | A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected applic... | | |
| CVE-2022-34287 | A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected applic... | | |
| CVE-2022-34288 | A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected applic... | | |
| CVE-2022-34289 | A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected applic... | | |
| CVE-2022-34290 | A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected applic... | | |
| CVE-2022-34291 | A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected applic... | | |
| CVE-2022-34292 | Docker Desktop for Windows before 4.6.0 allows attackers to overwrite any file through a symlink att... | | |
| CVE-2022-34293 | wolfSSL before 5.4.0 allows remote attackers to cause a denial of service via DTLS because a check f... | | |
| CVE-2022-34294 | totd 1.5.3 uses a fixed UDP source port in upstream queries sent to DNS resolvers. This allows DNS c... | E | |
| CVE-2022-34295 | totd before 1.5.3 does not properly randomize mesg IDs.... | E S | |
| CVE-2022-34296 | In Zalando Skipper before 0.13.218, a query predicate could be bypassed via a prepared request.... | E S | |
| CVE-2022-34297 | Yii Yii2 Gii through 2.2.4 allows stored XSS by injecting a payload into any field.... | E | |
| CVE-2022-34298 | The NT auth module in OpenAM before 14.6.6 allows a "replace Samba username attack."... | S | |
| CVE-2022-34299 | There is a heap-based buffer over-read in libdwarf 0.4.0. This issue is related to dwarf_global_form... | E S | |
| CVE-2022-34300 | In tinyexr 1.0.1, there is a heap-based buffer over-read in tinyexr::DecodePixelData.... | E | |
| CVE-2022-34301 | A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01. An attacker may use this bo... | | |
| CVE-2022-34302 | A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this boot... | | |
| CVE-2022-34303 | A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to b... | | |
| CVE-2022-34305 | XSS in examples web application | | |
| CVE-2022-34306 | IBM CICS TX Standard and Advanced 11.1 is vulnerable to HTTP header injection, caused by improper va... | S | |
| CVE-2022-34307 | IBM CICS TX 11.1 does not set the secure attribute on authorization tokens or session cookies. Attac... | S | |
| CVE-2022-34308 | IBM CICS TX 11.1 could allow a local user to cause a denial of service due to improper load handling... | S | |
| CVE-2022-34309 | IBM CICS TX information disclosure | | |
| CVE-2022-34310 | IBM CICS TX information disclosure | | |
| CVE-2022-34311 | IBM CICS TX session fixation | | |
| CVE-2022-34312 | IBM CICS TX information disclosure | S | |
| CVE-2022-34313 | IBM CICS TX Standard is vulnerable to allowing attackers access to an application via insecure session cookies | S | |
| CVE-2022-34314 | IBM CICS TX 11.1 could disclose sensitive information to a local user due to insecure permission se... | S | |
| CVE-2022-34315 | IBM CICS TX cross-site scripting | S | |
| CVE-2022-34316 | IBM CICS TX information disclosure | S | |
| CVE-2022-34317 | IBM CICS TX cross-site scripting | S | |
| CVE-2022-34318 | IBM CICS TX clickjacking | S | |
| CVE-2022-34319 | IBM CICS TX information disclosure | S | |
| CVE-2022-34320 | IBM CICS TX information disclosure | S | |
| CVE-2022-34321 | Apache Pulsar: Improper Authentication for Pulsar Proxy Statistics Endpoint | | |
| CVE-2022-34322 | Multiple XSS issues were discovered in Sage Enterprise Intelligence 2021 R1.1 that allow an attacker... | E | |
| CVE-2022-34323 | Multiple XSS issues were discovered in Sage XRT Business Exchange 12.4.302 that allow an attacker to... | E | |
| CVE-2022-34324 | Multiple SQL injections in Sage XRT Business Exchange 12.4.302 allow an authenticated attacker to in... | E | |
| CVE-2022-34325 | DMA transactions which are targeted at input buffers used for the StorageSecurityCommandDxe software... | | |
| CVE-2022-34326 | In ambiot amb1_sdk (aka SDK for Ameba1) before 2022-06-20 on Realtek RTL8195AM devices before 284241... | | |
| CVE-2022-34328 | PMB 7.3.10 allows reflected XSS via the id parameter in an lvl=author_see request to index.php.... | E | |
| CVE-2022-34329 | IBM CICS TX information disclosure | S | |
| CVE-2022-34330 | IBM Sterling B2B Integrator cross-site scripting | S | |
| CVE-2022-34331 | IBM Power FW security bypass | | |
| CVE-2022-34333 | IBM Sterling Order Management information disclosure | | |
| CVE-2022-34334 | IBM Sterling Partner Engagement Manager 2.0 does not invalidate session after logout which could all... | S | |
| CVE-2022-34335 | IBM Sterling Partner Engagement Manager denial of service | S | |
| CVE-2022-34336 | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This ... | S | |
| CVE-2022-34338 | IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could disclose sensitive information due t... | | |
| CVE-2022-34339 | "IBM Cognos Analytics 11.2.1, 11.2.0, 11.1.7 stores user credentials in plain clear text which can b... | S | |
| CVE-2022-34344 | WordPress Wholesale Suite Plugin <= 2.1.5 is vulnerable to Broken Access Control | S | |
| CVE-2022-34345 | Improper input validation in the firmware for some Intel(R) NUC Laptop Kits before version BC0076 ma... | S | |
| CVE-2022-34346 | Out-of-bounds read in the Intel(R) Media SDK software before version 22.2.2 may allow an authenticat... | S | |
| CVE-2022-34347 | WordPress Download Manager plugin <= 3.2.48 - Cross-Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2022-34348 | IBM Sterling Partner Engagement Manager 6.1 is vulnerable to an XML External Entity Injection (XXE) ... | S | |
| CVE-2022-34350 | IBM API Connect security bypass | S | |
| CVE-2022-34351 | IBM QRadar SIEM information disclosure | S | |
| CVE-2022-34352 | IBM QRadar information disclosure | S | |
| CVE-2022-34354 | IBM Sterling Partner Engagement Manager information disclosure | S | |
| CVE-2022-34355 | IBM Jazz Foundation information disclosure | | |
| CVE-2022-34356 | IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerabili... | S | |
| CVE-2022-34357 | IBM Cognos Analytics Mobile Server denial of service | | |
| CVE-2022-34358 | IBM i 7.2, 7.3, 7.4, and 7.5 is vulnerable to cross-site scripting. This vulnerability allows users ... | S | |
| CVE-2022-34361 | IBM Sterling Secure Proxy information disclosure | S | |
| CVE-2022-34362 | IBM Sterling Secure Proxy HOST header injection | S | |
| CVE-2022-34364 | Dell BSAFE SSL-J, versions before 6.5 and version 7.0 contain a debug message revealing unnecessa... | | |
| CVE-2022-34365 | WMS 3.7 contains a Path Traversal Vulnerability in Device API. An attacker could potentially exploit... | | |
| CVE-2022-34366 | Dell SupportAssist for Home PCs (version 3.11.2 and prior) contain Overly Permissive Cross-domain W... | | |
| CVE-2022-34367 | Dell EMC Data Protection Central versions 19.1, 19.2, 19.3, 19.4, 19.5, 19.6, contain(s) a Cross-Sit... | | |
| CVE-2022-34368 | Dell EMC NetWorker 19.2.1.x 19.3.x, 19.4.x, 19.5.x, 19.6.x and 19.7.0.0 contain an Improper Handling... | S | |
| CVE-2022-34369 | Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3 ,... | S | |
| CVE-2022-34371 | Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.3, ... | S | |
| CVE-2022-34372 | Dell PowerProtect Cyber Recovery versions before 19.11.0.2 contain an authentication bypass vulnerab... | S | |
| CVE-2022-34373 | Dell Command | Integration Suite for System Center, versions prior to 6.2.0, contains arbitrary file... | S | |
| CVE-2022-34374 | Dell Container Storage Modules 1.2 contains an OS command injection in goiscsi and gobrick libraries... | S | |
| CVE-2022-34375 | Dell Container Storage Modules 1.2 contains a path traversal vulnerability in goiscsi and gobrick li... | S | |
| CVE-2022-34376 | Dell PowerEdge BIOS and Dell Precision BIOS contain an improper input validation vulnerability. A... | S | |
| CVE-2022-34377 | Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verifica... | S | |
| CVE-2022-34378 | Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3, ... | S | |
| CVE-2022-34379 | Dell EMC CloudLink 7.1.2 and all prior versions contain an Authentication Bypass Vulnerability. A re... | S | |
| CVE-2022-34380 | Dell CloudLink 7.1.3 and all earlier versions contain an Authentication Bypass Using an Alternate Pa... | S | |
| CVE-2022-34381 | Dell BSAFE SSL-J version 7.0 and all versions prior to 6.5, and Dell BSAFE Crypto-J versions prior ... | | |
| CVE-2022-34382 | Dell Command Update, Dell Update and Alienware Update versions prior to 4.6.0 contains a Local Privi... | S | |
| CVE-2022-34383 | Dell Edge Gateway 5200 (EGW) versions before 1.03.10 contain an operating system command injection v... | S | |
| CVE-2022-34384 | Dell SupportAssist Client Consumer (version 3.11.1 and prior), SupportAssist Client Commercial (ver... | | |
| CVE-2022-34385 | SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version ... | | |
| CVE-2022-34386 | Dell SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (vers... | | |
| CVE-2022-34387 | Dell SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (v... | | |
| CVE-2022-34388 | Dell SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (ver... | | |
| CVE-2022-34389 | Dell SupportAssist contains a rate limit bypass issues in screenmeet API third party component. An ... | | |
| CVE-2022-34390 | Dell BIOS contains a use of uninitialized variable vulnerability. A local authenticated malicious us... | | |
| CVE-2022-34391 | Dell Client BIOS Versions prior to the remediated version contain an improper input validation vulne... | | |
| CVE-2022-34392 | SupportAssist for Home PCs (versions 3.11.4 and prior) contain an insufficient session expiration V... | | |
| CVE-2022-34393 | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user... | | |
| CVE-2022-34394 | Dell OS10, version 10.5.3.4, contains an Improper Certificate Validation vulnerability in Support As... | | |
| CVE-2022-34395 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2022-34396 | Dell OpenManage Server Administrator (OMSA) version 10.3.0.0 and earlier contains a DLL Injection V... | S | |
| CVE-2022-34397 | Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 10.0.0.5 an... | S | |
| CVE-2022-34398 | Dell BIOS contains a Time-of-check Time-of-use vulnerability. A local authenticated malicious user ... | | |
| CVE-2022-34399 | Dell Alienware m17 R5 BIOS version prior to 1.2.2 contain a buffer access vulnerability. A maliciou... | | |
| CVE-2022-34400 | Dell BIOS contains a heap buffer overflow vulnerability. A local attacker with admin privileges cou... | | |
| CVE-2022-34401 | Dell BIOS contains a stack based buffer overflow vulnerability. A local authenticated malicious use... | | |
| CVE-2022-34402 | Dell Wyse ThinOS 2205 contains a Regular Expression Denial of Service Vulnerability in UI. An admin ... | S | |
| CVE-2022-34403 | Dell BIOS contains a Stack based buffer overflow vulnerability. A local authenticated attacker coul... | | |
| CVE-2022-34404 | Dell System Update, version 2.0.0 and earlier, contains an Improper Certificate Validation in data ... | | |
| CVE-2022-34405 | An improper access control vulnerability was identified in the Realtek audio driver. A local authent... | | |
| CVE-2022-34406 | Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verificati... | S | |
| CVE-2022-34407 | Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verificati... | S | |
| CVE-2022-34408 | Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verificati... | S | |
| CVE-2022-34409 | Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verificati... | S | |
| CVE-2022-34410 | Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verificati... | S | |
| CVE-2022-34411 | Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verificati... | S | |
| CVE-2022-34412 | Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verificati... | S | |
| CVE-2022-34413 | Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verificati... | S | |
| CVE-2022-34414 | Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verificati... | S | |
| CVE-2022-34415 | Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verificati... | S | |
| CVE-2022-34416 | Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verificati... | S | |
| CVE-2022-34417 | Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verificati... | S | |
| CVE-2022-34418 | Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verificati... | S | |
| CVE-2022-34419 | Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verificati... | S | |
| CVE-2022-34420 | Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verificati... | S | |
| CVE-2022-34421 | Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verificati... | S | |
| CVE-2022-34422 | Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verificati... | S | |
| CVE-2022-34423 | Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verificati... | S | |
| CVE-2022-34424 | Networking OS10, versions 10.5.1.x, 10.5.2.x, and 10.5.3.x contain a vulnerability that could allow ... | | |
| CVE-2022-34425 | Dell Enterprise SONiC OS, 4.0.0, 4.0.1, contain a cryptographic key vulnerability in SSH. An unauthe... | | |
| CVE-2022-34426 | Dell Container Storage Modules 1.2 contains an Improper Limitation of a Pathname to a Restricted Dir... | S | |
| CVE-2022-34427 | Dell Container Storage Modules 1.2 contains an OS Command Injection in goiscsi and gobrick libraries... | S | |
| CVE-2022-34428 | Dell Hybrid Client prior to version 1.8 contains a Regular Expression Denial of Service Vulnerabilit... | | |
| CVE-2022-34429 | Dell Hybrid Client below 1.8 version contains a Zip Slip Vulnerability in UI. A guest privilege atta... | | |
| CVE-2022-34430 | Dell Hybrid Client below 1.8 version contains a Zip Bomb Vulnerability in UI. A guest privilege atta... | S | |
| CVE-2022-34431 | Dell Hybrid Client below 1.8 version contains a guest user profile corruption vulnerability. A WMS p... | S | |
| CVE-2022-34432 | Dell Hybrid Client below 1.8 version contains a gedit vulnerability. A guest attacker could potentia... | S | |
| CVE-2022-34434 | Cloud Mobility for Dell Storage versions 1.3.0 and earlier contains an Improper Access Control vulne... | S | |
| CVE-2022-34435 | Dell iDRAC9 version 6.00.02.00 and prior contain an improper input validation vulnerability in Raca... | S | |
| CVE-2022-34436 | Dell iDRAC8 version 2.83.83.83 and prior contain an improper input validation vulnerability in Raca... | S | |
| CVE-2022-34437 | Dell PowerScale OneFS, versions 8.2.2-9.3.0, contain an OS command injection vulnerability. A privil... | S | |
| CVE-2022-34438 | Dell PowerScale OneFS, versions 8.2.x-9.4.0.x, contain a privilege context switching error. A local ... | S | |
| CVE-2022-34439 | Dell PowerScale OneFS, versions 8.2.0.x-9.4.0.x contain allocation of Resources Without Limits or Th... | S | |
| CVE-2022-34440 | Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptogra... | | |
| CVE-2022-34441 | Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptogr... | | |
| CVE-2022-34442 | Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptogr... | | |
| CVE-2022-34443 | Dell Rugged Control Center, versions prior to 4.5, contain an Improper Input Validation in the Serv... | S | |
| CVE-2022-34444 | Dell PowerScale OneFS, versions 9.2.0.x through 9.4.0.x contain an information vulnerability. A rem... | | |
| CVE-2022-34445 | Dell PowerScale OneFS, versions 8.2.x through 9.3.x contain a weak encoding for a password. A malic... | | |
| CVE-2022-34446 | PowerPath Management Appliance with versions 3.3 & 3.2* contains Authorization Bypass vulnerability... | | |
| CVE-2022-34447 | PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & 3.0* contains OS Command Injection v... | | |
| CVE-2022-34448 | PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & 3.0* contains a Cross-site Request F... | | |
| CVE-2022-34449 | PowerPath Management Appliance with versions 3.3 & 3.2* contains a Hardcoded Cryptographic Keys vul... | | |
| CVE-2022-34450 | PowerPath Management Appliance with version 3.3 contains Privilege Escalation vulnerability. An aut... | | |
| CVE-2022-34451 | PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & 3.0* contains a Stored Cross-site Sc... | | |
| CVE-2022-34452 | PowerPath Management Appliance with versions 3.3, 3.2*, 3.1 & 3.0* contains sensitive information d... | | |
| CVE-2022-34453 | Dell XtremIO X2 XMS versions prior to 6-4-1.11 contain an improper access control vulnerability. A ... | | |
| CVE-2022-34454 | Dell PowerScale OneFS, versions 8.2.x-9.3.x, contain a heap-based buffer overflow. A local privilege... | | |
| CVE-2022-34456 | Dell EMC Metro node, Version(s) prior to 7.1, contain a Code Injection Vulnerability. An authentica... | | |
| CVE-2022-34457 | Dell command configuration, version 4.8 and prior, contains improper folder permission when install... | S | |
| CVE-2022-34458 | Dell Command | Update, Dell Update, and Alienware Update versions prior to 4.7 contain a Exposure o... | S | |
| CVE-2022-34459 | Dell Command | Update, Dell Update, and Alienware Update versions prior to 4.7 contain a improper v... | S | |
| CVE-2022-34460 | Prior Dell BIOS versions contain an improper input validation vulnerability. A local authenticated ... | | |
| CVE-2022-34461 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2022-34462 | Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a Hard-coded Password Vulnerabi... | | |
| CVE-2022-34464 | A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions), SICAM GridEdge E... | S | |
| CVE-2022-34465 | A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.264), Parasolid V34.0 (... | S | |
| CVE-2022-34466 | A vulnerability has been identified in Mendix Applications using Mendix 9 (All versions >= V9.11 < V... | S | |
| CVE-2022-34467 | A vulnerability has been identified in Mendix Excel Importer Module (Mendix 8 compatible) (All versi... | S | |
| CVE-2022-34468 | An iframe that was not permitted to run scripts could do so if the user clicked on a javascrip... | | |
| CVE-2022-34469 | When a TLS Certificate error occurs on a domain protected by the HSTS header, the browser should not... | | |
| CVE-2022-34470 | Session history navigations may have led to a use-after-free and potentially exploitable crash. This... | | |
| CVE-2022-34471 | When downloading an update for an addon, the downloaded addon update's version was not verified to m... | | |
| CVE-2022-34472 | If there was a PAC URL set and the server that hosts the PAC was not reachable, OCSP requests would ... | | |
| CVE-2022-34473 | The HTML Sanitizer should have sanitized the href attribute of SVG <use> | | |
| CVE-2022-34474 | Even when an iframe was sandboxed with allow-top-navigation-by-user-activation, if it r... | | |
| CVE-2022-34475 | SVG <use> tags that referenced a same-origin document could have resulted in scri... | | |
| CVE-2022-34476 | ASN.1 parsing of an indefinite SEQUENCE inside an indefinite GROUP could have resulted in the parser... | | |
| CVE-2022-34477 | The MediaError message property should be consistent to avoid leaking information about cross-origin... | | |
| CVE-2022-34478 | The ms-msdt, search, and search-ms protocols deliver content ... | | |
| CVE-2022-34479 | A malicious website that could create a popup could have resized the popup to overlay the address ba... | | |
| CVE-2022-34480 | Within the lg_init() function, if several allocations succeed but then one fails, an un... | | |
| CVE-2022-34481 | In the nsTArray_Impl::ReplaceElementsAt() function, an integer overflow could have occu... | | |
| CVE-2022-34482 | An attacker who could have convinced a user to drag and drop an image to a filesystem could have man... | | |
| CVE-2022-34483 | An attacker who could have convinced a user to drag and drop an image to a filesystem could have man... | | |
| CVE-2022-34484 | The Mozilla Fuzzing Team reported potential vulnerabilities present in Thunderbird 91.10. Some of th... | E | |
| CVE-2022-34485 | Mozilla developers Bryce Seager van Dyk and the Mozilla Fuzzing Team reported potential vulnerabilit... | | |
| CVE-2022-34486 | Path traversal vulnerability in PukiWiki versions 1.4.5 to 1.5.3 allows a remote authenticated attac... | S | |
| CVE-2022-34487 | WordPress Shortcode Addons plugin <= 3.0.2 - Unauthenticated Arbitrary Option Update vulnerability | S | |
| CVE-2022-34488 | Improper buffer restrictions in the firmware for some Intel(R) NUC Laptop Kits before version BC0076... | S | |
| CVE-2022-34489 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-34491 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-29969. Reason: This candidat... | R | |
| CVE-2022-34494 | rpmsg_virtio_add_ctrl_dev in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has ... | S | |
| CVE-2022-34495 | rpmsg_probe in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free.... | S | |
| CVE-2022-34496 | Hiby R3 PRO firmware v1.5 to v1.7 was discovered to contain a file upload vulnerability via the file... | E | |
| CVE-2022-34500 | The bin-collect package in PyPI before v0.1 included a code execution backdoor inserted by a third p... | | |
| CVE-2022-34501 | The bin-collection package in PyPI before v0.1 included a code execution backdoor inserted by a thir... | | |
| CVE-2022-34502 | Radare2 v5.7.0 was discovered to contain a heap buffer overflow via the function consume_encoded_nam... | E | |
| CVE-2022-34503 | QPDF v8.4.2 was discovered to contain a heap buffer overflow via the function QPDF::processXRefStrea... | E | |
| CVE-2022-34509 | The wikifaces package in PyPI v1.0 included a code execution backdoor inserted by a third party.... | | |
| CVE-2022-34520 | Radare2 v5.7.2 was discovered to contain a NULL pointer dereference via the function r_bin_file_xtr_... | E | |
| CVE-2022-34526 | A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit v4.4.0. This vulnerabili... | E S | |
| CVE-2022-34527 | D-Link DSL-3782 v1.03 and below was discovered to contain a command injection vulnerability via the ... | E | |
| CVE-2022-34528 | D-Link DSL-3782 v1.03 and below was discovered to contain a stack overflow via the function getAttrV... | E | |
| CVE-2022-34529 | WASM3 v0.5.0 was discovered to contain a segmentation fault via the component Compile_Memory_CopyFil... | E | |
| CVE-2022-34530 | An issue in the login and reset password functionality of Backdrop CMS v1.22.0 allows attackers to e... | | |
| CVE-2022-34531 | DedeCMS v5.7.95 was discovered to contain a remote code execution (RCE) vulnerability via the compon... | E | |
| CVE-2022-34534 | Digital Watchdog DW Spectrum Server 4.2.0.32842 allows attackers to access sensitive infromation via... | | |
| CVE-2022-34535 | Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 allows unauthenticated attackers to view inte... | | |
| CVE-2022-34536 | Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 allows attackers to access the core log file ... | | |
| CVE-2022-34537 | Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 was discovered to contain a cross-site script... | | |
| CVE-2022-34538 | Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 was discovered to contain a command injection... | | |
| CVE-2022-34539 | Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 was discovered to contain a command injection... | | |
| CVE-2022-34540 | Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 was discovered to contain a command injection... | | |
| CVE-2022-34549 | Sims v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /upload... | E | |
| CVE-2022-34550 | Sims v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /ad... | E | |
| CVE-2022-34551 | Sims v1.0 was discovered to allow path traversal when downloading attachments.... | E | |
| CVE-2022-34555 | TP-LINK TL-R473G 2.0.1 Build 220529 Rel.65574n was discovered to contain a remote code execution vul... | E | |
| CVE-2022-34556 | PicoC v3.2.2 was discovered to contain a NULL pointer dereference at variable.c.... | E | |
| CVE-2022-34557 | Barangay Management System v1.0 was discovered to contain a SQL injection vulnerability via the hidd... | E | |
| CVE-2022-34558 | WMAgent v1.3.3rc2 and 1.3.3rc1, reqmgr 2 1.4.1rc5 and 1.4.0rc2, reqmon 1.4.1rc5, and global-workqueu... | E | |
| CVE-2022-34560 | A cross-site scripting (XSS) vulnerability in PHPFox v4.8.9 allows attackers to execute arbitrary we... | | |
| CVE-2022-34561 | A cross-site scripting (XSS) vulnerability in PHPFox v4.8.9 allows attackers to execute arbitrary we... | | |
| CVE-2022-34562 | A cross-site scripting (XSS) vulnerability in PHPFox v4.8.9 allows attackers to execute arbitrary we... | | |
| CVE-2022-34567 | An issue in \Roaming\Mango\Plugins of University of Texas Multi-image Analysis GUI (Mango) 4.1 allow... | E | |
| CVE-2022-34568 | SDL v1.2 was discovered to contain a use-after-free via the XFree function at /src/video/x11/SDL_x11... | E S | |
| CVE-2022-34570 | WAVLINK WN579 X3 M79X3.V5030.191012/M79X3.V5030.191012 contains an information leak which allows att... | E | |
| CVE-2022-34571 | An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to... | E | |
| CVE-2022-34572 | An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to... | E | |
| CVE-2022-34573 | An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to... | E | |
| CVE-2022-34574 | An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to... | E | |
| CVE-2022-34575 | An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to... | E | |
| CVE-2022-34576 | A vulnerability in /cgi-bin/ExportAllSettings.sh of WAVLINK WN535 G3 M35G3R.V5030.180927 allows atta... | E | |
| CVE-2022-34577 | A vulnerability in adm.cgi of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to execute arbit... | E | |
| CVE-2022-34578 | Open Source Point of Sale v3.3.7 was discovered to contain an arbitrary file upload vulnerability vi... | E | |
| CVE-2022-34580 | Advanced School Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulner... | E | |
| CVE-2022-34586 | itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via the grade par... | E | |
| CVE-2022-34588 | itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via the grade par... | E | |
| CVE-2022-34590 | Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the edit... | E | |
| CVE-2022-34592 | Wavlink WL-WN575A3 RPT75A3.V4300.201217 was discovered to contain a command injection vulnerability ... | E | |
| CVE-2022-34593 | DPTech VPN v8.1.28.0 was discovered to contain an arbitrary file read vulnerability.... | | |
| CVE-2022-34594 | Advanced School Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulner... | E | |
| CVE-2022-34595 | Tenda AX1803 v1.0.0.1_2890 was discovered to contain a command injection vulnerability via the funct... | E | |
| CVE-2022-34596 | Tenda AX1803 v1.0.0.1_2890 was discovered to contain a command injection vulnerability via the funct... | E | |
| CVE-2022-34597 | Tenda AX1806 v1.0.0.1 was discovered to contain a command injection vulnerability via the function W... | E | |
| CVE-2022-34598 | The udpserver in H3C Magic R100 V200R004 and V100R005 has the 9034 port opened, allowing attackers t... | E | |
| CVE-2022-34599 | H3C Magic R200 R200V200R004L02 was discovered to contain a stack overflow via the EdittriggerList in... | E | |
| CVE-2022-34600 | H3C Magic R200 R200V200R004L02 was discovered to contain a stack overflow via the EditSTList interfa... | E | |
| CVE-2022-34601 | H3C Magic R200 R200V200R004L02 was discovered to contain a stack overflow via the Delstlist interfac... | E | |
| CVE-2022-34602 | H3C Magic R200 R200V200R004L02 was discovered to contain a stack overflow via the ipqos_lanip_editli... | E | |
| CVE-2022-34603 | H3C Magic R200 R200V200R004L02 was discovered to contain a stack overflow via the DelDNSHnList inter... | E | |
| CVE-2022-34604 | H3C Magic R200 R200V200R004L02 was discovered to contain a stack overflow via the INTF parameter at ... | E | |
| CVE-2022-34605 | H3C Magic R200 R200V200R004L02 was discovered to contain a stack overflow via the HOST parameter at ... | E | |
| CVE-2022-34606 | H3C Magic R200 R200V200R004L02 was discovered to contain a stack overflow via the EditvsList paramet... | E | |
| CVE-2022-34607 | H3C Magic R200 R200V200R004L02 was discovered to contain a stack overflow via the HOST parameter at ... | E | |
| CVE-2022-34608 | H3C Magic R200 R200V200R004L02 was discovered to contain a stack overflow via the ajaxmsg parameter ... | E | |
| CVE-2022-34609 | H3C Magic R200 R200V200R004L02 was discovered to contain a stack overflow via the INTF parameter at ... | E | |
| CVE-2022-34610 | H3C Magic R200 R200V200R004L02 was discovered to contain a stack overflow via the URL /ihomers/app.... | E | |
| CVE-2022-34611 | A cross-site scripting (XSS) vulnerability in /index.php/?p=report of Online Fire Reporting System v... | E | |
| CVE-2022-34612 | Rizin v0.4.0 and below was discovered to contain an integer overflow via the function get_long_objec... | E S | |
| CVE-2022-34613 | Mealie 1.0.0beta3 contains an arbitrary file upload vulnerability which allows attackers to execute ... | E | |
| CVE-2022-34615 | Mealie 1.0.0beta3 employs weak password requirements which allows attackers to potentially gain unau... | | |
| CVE-2022-34618 | A stored cross-site scripting (XSS) vulnerability in Mealie 1.0.0beta3 allows attackers to execute a... | E | |
| CVE-2022-34619 | A stored cross-site scripting (XSS) vulnerability in Mealie v0.5.5 allows attackers to execute arbit... | E | |
| CVE-2022-34621 | Mealie 1.0.0beta3 was discovered to contain an Insecure Direct Object Reference (IDOR) vulnerability... | | |
| CVE-2022-34623 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-32425. Reason: This candidat... | R | |
| CVE-2022-34624 | Mealie1.0.0beta3 does not terminate download tokens after a user logs out, allowing attackers to per... | | |
| CVE-2022-34625 | Mealie1.0.0beta3 was discovered to contain a Server-Side Template Injection vulnerability, which all... | E | |
| CVE-2022-34632 | Rocket-Chip commit 4f8114374d8824dfdec03f576a8cd68bebce4e56 was discovered to contain insufficient c... | S | |
| CVE-2022-34633 | CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a executes crafted or incorrectly formatted sfenc... | E | |
| CVE-2022-34634 | CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a executes crafted or incorrectly formatted det i... | E | |
| CVE-2022-34635 | The mstatus.sd field in CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a does not update when th... | E | |
| CVE-2022-34636 | CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a and RISCV-Boom commit ad64c5419151e5e886daee708... | E | |
| CVE-2022-34637 | CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a implements an incorrect exception type when an ... | E | |
| CVE-2022-34639 | CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a treats non-standard fence instructions as illeg... | E S | |
| CVE-2022-34640 | The *tval of ecall/ebreak in CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a was discovered to ... | E | |
| CVE-2022-34641 | CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a and RISCV-Boom commit ad64c5419151e5e886daee708... | E S | |
| CVE-2022-34642 | The component mcontrol.action in RISCV ISA Sim commit ac466a21df442c59962589ba296c702631e041b5 conta... | E | |
| CVE-2022-34643 | RISCV ISA Sim commit ac466a21df442c59962589ba296c702631e041b5 implements the incorrect exception pri... | E S | |
| CVE-2022-34648 | WordPress Uploading SVG, WEBP and ICO files plugin <= 1.0.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability | | |
| CVE-2022-34649 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-34650 | WordPress Team plugin <= 1.2.6 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities | | |
| CVE-2022-34651 | BIG-IP TLS 1.3 iRule vulnerability CVE-2022-34651 | | |
| CVE-2022-34652 | A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev mast... | | |
| CVE-2022-34653 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-34654 | WordPress Manage Notification E-mails Plugin <= 1.8.2 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2022-34655 | TMM vulnerability CVE-2022-34655 | | |
| CVE-2022-34656 | WordPress Poll, Survey, Questionnaire and Voting system plugin <= 1.7.4 - Authenticated Cross-Site Scripting (XSS) vulnerability | | |
| CVE-2022-34657 | Improper input validation in firmware for some Intel(R) PCSD BIOS before version 02.01.0013 may allo... | | |
| CVE-2022-34658 | WordPress Download Manager plugin <= 3.2.48 - Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities | S | |
| CVE-2022-34659 | A vulnerability has been identified in Simcenter STAR-CCM+ (All versions only if the Power-on-Demand... | M | |
| CVE-2022-34660 | A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.15), Teamcenter V13.... | M | |
| CVE-2022-34661 | A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.15), Teamcenter V13.... | M | |
| CVE-2022-34662 | Apache DolphinScheduler prior to 3.0.0 allows path traversal | | |
| CVE-2022-34663 | A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i... | S | |
| CVE-2022-34665 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, w... | S | |
| CVE-2022-34666 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, w... | | |
| CVE-2022-34667 | NVIDIA CUDA Toolkit SDK contains a stack-based buffer overflow vulnerability in cuobjdump, where an ... | S | |
| CVE-2022-34668 | NVFLARE, versions prior to 2.1.4, contains a vulnerability that deserialization of Untrusted Data du... | | |
| CVE-2022-34669 | NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unpr... | | |
| CVE-2022-34670 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where... | | |
| CVE-2022-34671 | NVIDIA GPU Display Driver for Windows contains a vulnerability in the user-mode layer, where an unpr... | | |
| CVE-2022-34672 | NVIDIA Control Panel for Windows contains a vulnerability where an unauthorized user or an unprivile... | | |
| CVE-2022-34673 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), w... | | |
| CVE-2022-34674 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where... | | |
| CVE-2022-34675 | NVIDIA Display Driver for Linux contains a vulnerability in the Virtual GPU Manager, where it does n... | | |
| CVE-2022-34676 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where... | | |
| CVE-2022-34677 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where... | | |
| CVE-2022-34678 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, w... | | |
| CVE-2022-34679 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where... | | |
| CVE-2022-34680 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where... | | |
| CVE-2022-34681 | NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sy... | | |
| CVE-2022-34682 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where an unpr... | | |
| CVE-2022-34683 | NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sy... | | |
| CVE-2022-34684 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), w... | | |
| CVE-2022-34685 | Azure RTOS GUIX Studio Information Disclosure Vulnerability | | |
| CVE-2022-34686 | Azure RTOS GUIX Studio Information Disclosure Vulnerability | | |
| CVE-2022-34687 | Azure RTOS GUIX Studio Remote Code Execution Vulnerability | | |
| CVE-2022-34689 | Windows CryptoAPI Spoofing Vulnerability | S | |
| CVE-2022-34690 | Windows Fax Service Elevation of Privilege Vulnerability | | |
| CVE-2022-34691 | Active Directory Domain Services Elevation of Privilege Vulnerability | | |
| CVE-2022-34692 | Microsoft Exchange Server Information Disclosure Vulnerability | | |
| CVE-2022-34696 | Windows Hyper-V Remote Code Execution Vulnerability | | |
| CVE-2022-34699 | Windows Win32k Elevation of Privilege Vulnerability | | |
| CVE-2022-34700 | Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerability | | |
| CVE-2022-34701 | Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service Vulnerability | | |
| CVE-2022-34702 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | | |
| CVE-2022-34703 | Windows Partition Management Driver Elevation of Privilege Vulnerability | | |
| CVE-2022-34704 | Windows Defender Credential Guard Information Disclosure Vulnerability | | |
| CVE-2022-34705 | Windows Defender Credential Guard Elevation of Privilege Vulnerability | | |
| CVE-2022-34706 | Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability | | |
| CVE-2022-34707 | Windows Kernel Elevation of Privilege Vulnerability | | |
| CVE-2022-34708 | Windows Kernel Information Disclosure Vulnerability | | |
| CVE-2022-34709 | Windows Defender Credential Guard Security Feature Bypass Vulnerability | | |
| CVE-2022-34710 | Windows Defender Credential Guard Information Disclosure Vulnerability | | |
| CVE-2022-34711 | Windows Defender Credential Guard Elevation of Privilege Vulnerability | | |
| CVE-2022-34712 | Windows Defender Credential Guard Information Disclosure Vulnerability | | |
| CVE-2022-34713 | Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability | KEV S | |
| CVE-2022-34714 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | | |
| CVE-2022-34715 | Windows Network File System Remote Code Execution Vulnerability | | |
| CVE-2022-34716 | .NET Spoofing Vulnerability | | |
| CVE-2022-34717 | Microsoft Office Remote Code Execution Vulnerability | | |
| CVE-2022-34718 | Windows TCP/IP Remote Code Execution Vulnerability | | |
| CVE-2022-34719 | Windows Distributed File System (DFS) Elevation of Privilege Vulnerability | | |
| CVE-2022-34720 | Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability | | |
| CVE-2022-34721 | Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability | | |
| CVE-2022-34722 | Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability | | |
| CVE-2022-34723 | Windows DPAPI (Data Protection Application Programming Interface) Information Disclosure Vulnerability | | |
| CVE-2022-34724 | Windows DNS Server Denial of Service Vulnerability | | |
| CVE-2022-34725 | Windows ALPC Elevation of Privilege Vulnerability | | |
| CVE-2022-34726 | Microsoft ODBC Driver Remote Code Execution Vulnerability | | |
| CVE-2022-34727 | Microsoft ODBC Driver Remote Code Execution Vulnerability | | |
| CVE-2022-34728 | Windows Graphics Component Information Disclosure Vulnerability | | |
| CVE-2022-34729 | Windows GDI Elevation of Privilege Vulnerability | | |
| CVE-2022-34730 | Microsoft ODBC Driver Remote Code Execution Vulnerability | | |
| CVE-2022-34731 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | | |
| CVE-2022-34732 | Microsoft ODBC Driver Remote Code Execution Vulnerability | | |
| CVE-2022-34733 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | | |
| CVE-2022-34734 | Microsoft ODBC Driver Remote Code Execution Vulnerability | | |
| CVE-2022-34735 | The frame scheduling module has a null pointer dereference vulnerability. Successful exploitation of... | | |
| CVE-2022-34736 | The frame scheduling module has a null pointer dereference vulnerability. Successful exploitation of... | | |
| CVE-2022-34737 | The application security module has a vulnerability in permission assignment. Successful exploitatio... | | |
| CVE-2022-34738 | The SystemUI module has a vulnerability in permission control. If this vulnerability is successfully... | | |
| CVE-2022-34739 | The fingerprint module has a vulnerability of overflow in arithmetic addition. Successful exploitati... | | |
| CVE-2022-34740 | The NFC module has a buffer overflow vulnerability. Successful exploitation of this vulnerability ma... | | |
| CVE-2022-34741 | The NFC module has a buffer overflow vulnerability. Successful exploitation of this vulnerability ma... | | |
| CVE-2022-34742 | The system module has a read/write vulnerability. Successful exploitation of this vulnerability may ... | | |
| CVE-2022-34743 | The AT commands of the USB port have an out-of-bounds read vulnerability. Successful exploitation of... | | |
| CVE-2022-34746 | An insufficient entropy vulnerability caused by the improper use of randomness sources with low entr... | S | |
| CVE-2022-34747 | A format string vulnerability in Zyxel NAS326 firmware versions prior to V5.21(AAZF.12)C0 could allo... | S | |
| CVE-2022-34748 | A vulnerability has been identified in Simcenter Femap (All versions < V2022.2). The affected applic... | S | |
| CVE-2022-34749 | In mistune through 2.0.2, support of inline markup is implemented by using regular expressions that ... | S | |
| CVE-2022-34750 | An issue was discovered in MediaWiki through 1.38.1. The lemma length of a Wikibase lexeme is curren... | | |
| CVE-2022-34753 | A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')... | E S | |
| CVE-2022-34754 | A CWE-269: Improper Privilege Management vulnerability exists that could allow elevated functionalit... | S | |
| CVE-2022-34755 | A CWE-427 - Uncontrolled Search Path Element vulnerability exists that could allow an attacker with... | S | |
| CVE-2022-34756 | A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in remo... | S | |
| CVE-2022-34757 | A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists where weak cipher s... | S | |
| CVE-2022-34758 | A CWE-20: Improper Input Validation vulnerability exists that could cause the device watchdog functi... | S | |
| CVE-2022-34759 | A CWE-787: Out-of-bounds Write vulnerability exists that could cause a denial of service of the webs... | S | |
| CVE-2022-34760 | A CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability exists that could ca... | S | |
| CVE-2022-34761 | A CWE-476: NULL Pointer Dereference vulnerability exists that could cause a denial of service of the... | S | |
| CVE-2022-34762 | A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerabili... | S | |
| CVE-2022-34763 | A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists that could cause load... | S | |
| CVE-2022-34764 | A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exi... | S | |
| CVE-2022-34765 | A CWE-73: External Control of File Name or Path vulnerability exists that could cause loading of una... | S | |
| CVE-2022-34767 | ALLNET Gmbh - ADSL/VDSL Router inkl. Modem and Wlan Authorization Bypass | S | |
| CVE-2022-34768 | Synel - eHarmony Stored XSS | S | |
| CVE-2022-34769 | Michlol - rashim web interface Insecure direct object references (IDOR) | S | |
| CVE-2022-34770 | Tabit - sensitive information disclosure | S | |
| CVE-2022-34771 | Tabit - arbitrary SMS send on Tabits behalf | S | |
| CVE-2022-34772 | Tabit - password enumeration | S | |
| CVE-2022-34773 | Tabit - HTTP Method manipulation | S | |
| CVE-2022-34774 | Tabit - Arbitrary account modification | S | |
| CVE-2022-34775 | Tabit - Excessive data exposure | S | |
| CVE-2022-34776 | Tabit - giftcard stealth | S | |
| CVE-2022-34777 | Jenkins GitLab Plugin 1.5.34 and earlier does not escape multiple fields inserted into the descripti... | | |
| CVE-2022-34778 | Jenkins TestNG Results Plugin 554.va4a552116332 and earlier renders the unescaped test descriptions ... | | |
| CVE-2022-34779 | A missing permission check in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allows attacker... | | |
| CVE-2022-34780 | A cross-site request forgery (CSRF) vulnerability in Jenkins XebiaLabs XL Release Plugin 22.0.0 and ... | | |
| CVE-2022-34781 | Missing permission checks in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allow attackers ... | | |
| CVE-2022-34782 | An incorrect permission check in Jenkins requests-plugin Plugin 2.2.16 and earlier allows attackers ... | | |
| CVE-2022-34783 | Jenkins Plot Plugin 2.1.10 and earlier does not escape plot descriptions, resulting in a stored cros... | | |
| CVE-2022-34784 | Jenkins build-metrics Plugin 1.3 does not escape the build description on one of its views, resultin... | | |
| CVE-2022-34785 | Jenkins build-metrics Plugin 1.3 and earlier does not perform permission checks in multiple HTTP end... | | |
| CVE-2022-34786 | Jenkins Rich Text Publisher Plugin 1.4 and earlier does not escape the HTML message set by its post-... | | |
| CVE-2022-34787 | Jenkins Project Inheritance Plugin 21.04.03 and earlier does not escape the reason a build is blocke... | | |
| CVE-2022-34788 | Jenkins Matrix Reloaded Plugin 1.1.3 and earlier does not escape the agent name in tooltips, resulti... | | |
| CVE-2022-34789 | A cross-site request forgery (CSRF) vulnerability in Jenkins Matrix Reloaded Plugin 1.1.3 and earlie... | | |
| CVE-2022-34790 | Jenkins eXtreme Feedback Panel Plugin 2.0.1 and earlier does not escape the job names used in toolti... | | |
| CVE-2022-34791 | Jenkins Validating Email Parameter Plugin 1.10 and earlier does not escape the name and description ... | | |
| CVE-2022-34792 | A cross-site request forgery (CSRF) vulnerability in Jenkins Recipe Plugin 1.2 and earlier allows at... | | |
| CVE-2022-34793 | Jenkins Recipe Plugin 1.2 and earlier does not configure its XML parser to prevent XML external enti... | | |
| CVE-2022-34794 | Missing permission checks in Jenkins Recipe Plugin 1.2 and earlier allow attackers with Overall/Read... | | |
| CVE-2022-34795 | Jenkins Deployment Dashboard Plugin 1.0.10 and earlier does not escape environment names on its Depl... | | |
| CVE-2022-34796 | A missing permission check in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attacker... | | |
| CVE-2022-34797 | A cross-site request forgery (CSRF) vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and ... | | |
| CVE-2022-34798 | Jenkins Deployment Dashboard Plugin 1.0.10 and earlier does not perform a permission check in severa... | | |
| CVE-2022-34799 | Jenkins Deployment Dashboard Plugin 1.0.10 and earlier stores a password unencrypted in its global c... | | |
| CVE-2022-34800 | Jenkins Build Notifications Plugin 1.5.0 and earlier stores tokens unencrypted in its global configu... | | |
| CVE-2022-34801 | Jenkins Build Notifications Plugin 1.5.0 and earlier transmits tokens in plain text as part of the g... | | |
| CVE-2022-34802 | Jenkins RocketChat Notifier Plugin 1.5.2 and earlier stores the login password and webhook token une... | | |
| CVE-2022-34803 | Jenkins OpsGenie Plugin 1.9 and earlier stores API keys unencrypted in its global configuration file... | | |
| CVE-2022-34804 | Jenkins OpsGenie Plugin 1.9 and earlier transmits API keys in plain text as part of the global Jenki... | | |
| CVE-2022-34805 | Jenkins Skype notifier Plugin 1.1.0 and earlier stores a password unencrypted in its global configur... | | |
| CVE-2022-34806 | Jenkins Jigomerge Plugin 0.9 and earlier stores passwords unencrypted in job config.xml files on the... | | |
| CVE-2022-34807 | Jenkins Elasticsearch Query Plugin 1.2 and earlier stores a password unencrypted in its global confi... | | |
| CVE-2022-34808 | Jenkins Cisco Spark Plugin 1.1.1 and earlier stores bearer tokens unencrypted in its global configur... | | |
| CVE-2022-34809 | Jenkins RQM Plugin 2.8 and earlier stores a password unencrypted in its global configuration file on... | | |
| CVE-2022-34810 | A missing check in Jenkins RQM Plugin 2.8 and earlier allows attackers with Overall/Read permission ... | | |
| CVE-2022-34811 | A missing permission check in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows att... | | |
| CVE-2022-34812 | A cross-site request forgery (CSRF) vulnerability in Jenkins XPath Configuration Viewer Plugin 1.1.1... | | |
| CVE-2022-34813 | A missing permission check in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows att... | | |
| CVE-2022-34814 | Jenkins Request Rename Or Delete Plugin 1.1.0 and earlier does not correctly perform a permission ch... | | |
| CVE-2022-34815 | A cross-site request forgery (CSRF) vulnerability in Jenkins Request Rename Or Delete Plugin 1.1.0 a... | | |
| CVE-2022-34816 | Jenkins HPE Network Virtualization Plugin 1.0 stores passwords unencrypted in its global configurati... | | |
| CVE-2022-34817 | A cross-site request forgery (CSRF) vulnerability in Jenkins Failed Job Deactivator Plugin 1.2.1 and... | | |
| CVE-2022-34818 | Jenkins Failed Job Deactivator Plugin 1.2.1 and earlier does not perform permission checks in severa... | | |
| CVE-2022-34819 | A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions < V3.3.46), SIMATIC CP 124... | S | |
| CVE-2022-34820 | A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions < V3.3.46), SIMATIC CP 124... | S | |
| CVE-2022-34821 | A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2), RUGGEDCOM R... | S | |
| CVE-2022-34822 | Path traversal vulnerability in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for W... | | |
| CVE-2022-34823 | Buffer overflow vulnerability in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for ... | | |
| CVE-2022-34824 | Weak File and Folder Permissions vulnerability in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSC... | | |
| CVE-2022-34825 | Uncontrolled Search Path Element in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 f... | | |
| CVE-2022-34826 | In Couchbase Server 7.1.x before 7.1.1, an encrypted Private Key passphrase may be leaked in the log... | | |
| CVE-2022-34827 | Carel Boss Mini 1.5.0 has Improper Access Control.... | E | |
| CVE-2022-34829 | Zoho ManageEngine ADSelfService Plus before 6203 allows a denial of service (application restart) vi... | S | |
| CVE-2022-34830 | An Arm product family through 2022-06-29 has a TOCTOU Race Condition that allows non-privileged user... | | |
| CVE-2022-34831 | An issue was discovered in Keyfactor PrimeKey EJBCA before 7.9.0, related to possible inconsistencie... | | |
| CVE-2022-34832 | An issue was discovered in VERMEG AgileReporter 21.3. XXE can occur via an XML document to the Analy... | E | |
| CVE-2022-34833 | An issue was discovered in VERMEG AgileReporter 21.3. An admin can enter an XSS payload in the Analy... | E | |
| CVE-2022-34834 | An issue was discovered in VERMEG AgileReporter 21.3. Attackers can gain privileges via an XSS paylo... | E | |
| CVE-2022-34835 | In Das U-Boot through 2022.07-rc5, an integer signedness error and resultant stack-based buffer over... | E S | |
| CVE-2022-34836 | ABB Ability TM Operations Data Management Zenon Zenon Log Server file access control | | |
| CVE-2022-34837 | ABB Ability TM Operations Data Management Zenon Zenon Log Server file access control | | |
| CVE-2022-34838 | ABB Ability TM Operations Data Management Zenon Zenon Log Server file access control | | |
| CVE-2022-34839 | WordPress WP OAuth2 Server plugin <= 1.0.1 - Authentication Bypass vulnerability | | |
| CVE-2022-34840 | Use of hard-coded credentials vulnerability in multiple Buffalo network devices allows a network-adj... | S | |
| CVE-2022-34841 | Improper buffer restrictions in the Intel(R) Media SDK software before version 22.2.2 may allow an a... | S | |
| CVE-2022-34842 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-34843 | Integer overflow in the Intel(R) Trace Analyzer and Collector software before version 2021.5 may all... | | |
| CVE-2022-34844 | BIG-IP and BIG-IQ AWS vulnerability CVE-2022-34844 | | |
| CVE-2022-34845 | A firmware update vulnerability exists in the sysupgrade functionality of Robustel R1510 3.1.16 and ... | E | |
| CVE-2022-34846 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-34848 | Uncontrolled search path for the Intel(R) NUC Pro Software Suite before version 2.0.0.3 may allow an... | | |
| CVE-2022-34849 | Uncaught exception in the Intel(R) Iris(R) Xe MAX drivers for Windows before version 100.0.5.1436(v2... | | |
| CVE-2022-34850 | An OS command injection vulnerability exists in the web_server /action/import_authorized_keys/ funct... | E | |
| CVE-2022-34851 | BIG-IP and BIG-IQ iControl SOAP vulnerability CVE-2022-34851 | | |
| CVE-2022-34852 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-34853 | WordPress Team plugin <= 1.2.6 - Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities | | |
| CVE-2022-34854 | Improper access control in the Intel(R) SUR software before version 2.4.8902 may allow an authentica... | S | |
| CVE-2022-34855 | Path traversal for the Intel(R) NUC Pro Software Suite before version 2.0.0.3 may allow an authentic... | | |
| CVE-2022-34856 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-34857 | WordPress SP Project & Document Manager plugin <= 4.59 - Reflected Cross-Site Scripting (XSS) vulnerability | S | |
| CVE-2022-34858 | WordPress OAuth 2.0 client for SSO plugin <= 1.11.3 - Authentication Bypass vulnerability | E S | |
| CVE-2022-34859 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-34860 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-34861 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-34862 | TMM vulnerability CVE-2022-34862 | E | |
| CVE-2022-34863 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-34864 | Out-of-bounds read in the Intel(R) Trace Analyzer and Collector software before version 2021.5 may a... | | |
| CVE-2022-34865 | Traffic intelligence feeds vulnerability CVE-2022-34865 | | |
| CVE-2022-34866 | Passage Drive versions v1.4.0 to v1.5.1.0 and Passage Drive for Box version v1.0.0 contain an insuff... | | |
| CVE-2022-34867 | WordPress WP Libre Form 2 plugin <= 2.0.8 - Unauthenticated Sensitive Information Disclosure vulnerability | S | |
| CVE-2022-34868 | WordPress ЮKassa для WooCommerce plugin <= 2.3.0 - Authenticated Arbitrary Settings Update vulnerability | S | |
| CVE-2022-34869 | Undocumented hidden command that can be executed from the telnet function of CentreCOM AR260S V2 fir... | M | |
| CVE-2022-34870 | Apache Geode stored Cross-Site Scripting (XSS) via data injection vulnerability in Pulse web application | | |
| CVE-2022-34871 | This vulnerability allows remote attackers to escalate privileges on affected installations of Centr... | | |
| CVE-2022-34872 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2022-34873 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2022-34874 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2022-34875 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2022-34876 | VICIDial 2.14b0.5 SVN 3550 was discovered to contain multiple SQL injection vulnerability at /vicidial/admin.php. | S | |
| CVE-2022-34877 | VICIDial 2.14b0.5 SVN 3550 was discovered to contains a SQL injection vulnerability at /vicidial/AST_agent_time_sheet.php. | S | |
| CVE-2022-34878 | VICIDial 2.14b0.5 SVN 3550 was discovered to contain a SQL injection vulnerability at /vicidial/user_stats.php. | S | |
| CVE-2022-34879 | VICIDial 2.14b0.5 SVN 3550 was discovered to contain multiple Cross Site Scripting (XSS) vulnerabilities at /vicidial/admin.php. | S | |
| CVE-2022-34881 | Information Exposure Vulnerability in JP1/Automatic Operation | | |
| CVE-2022-34882 | Information Exposure Vulnerability in RAID Manager Storage Replication Adapter | | |
| CVE-2022-34883 | OS Command Injection Vulnerability in RAID Manager Storage Replication Adapter | | |
| CVE-2022-34884 | A buffer overflow exists in the Remote Presence subsystem which can potentially allow valid, authent... | S | |
| CVE-2022-34885 | An improper input sanitization vulnerability in the Motorola MR2600 router could allow a local user ... | S | |
| CVE-2022-34886 | A remote code execution vulnerability was found in the firmware used in some Lenovo printers, which ... | S | |
| CVE-2022-34887 | Standard users can directly operate and set printer configuration information , such as IP, in some ... | S | |
| CVE-2022-34888 | The Remote Mount feature can potentially be abused by valid, authenticated users to make connections... | S | |
| CVE-2022-34889 | This vulnerability allows local attackers to escalate privileges on affected installations of Parall... | | |
| CVE-2022-34890 | This vulnerability allows local attackers to disclose sensitive information on affected installation... | | |
| CVE-2022-34891 | This vulnerability allows local attackers to escalate privileges on affected installations of Parall... | | |
| CVE-2022-34892 | This vulnerability allows local attackers to escalate privileges on affected installations of Parall... | | |
| CVE-2022-34893 | Trend Micro Security 2022 (consumer) has a link following vulnerability where an attacker with lower... | S | |
| CVE-2022-34894 | In JetBrains Hub before 2022.2.14799, insufficient access control allowed the hijacking of untrusted... | | |
| CVE-2022-34899 | This vulnerability allows local attackers to escalate privileges on affected installations of Parall... | | |
| CVE-2022-34900 | This vulnerability allows local attackers to escalate privileges on affected installations of Parall... | | |
| CVE-2022-34901 | This vulnerability allows local attackers to escalate privileges on affected installations of Parall... | | |
| CVE-2022-34902 | This vulnerability allows local attackers to escalate privileges on affected installations of Parall... | | |
| CVE-2022-34903 | GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information fr... | E S | |
| CVE-2022-34906 | A hard-coded cryptographic key is used in FileWave before 14.6.3 and 14.7.x before 14.7.2. Exploitat... | E | |
| CVE-2022-34907 | An authentication bypass vulnerability exists in FileWave before 14.6.3 and 14.7.x before 14.7.2. Ex... | E | |
| CVE-2022-34908 | An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android. It possesses an a... | | |
| CVE-2022-34909 | An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android. It allows SQL Inj... | | |
| CVE-2022-34910 | An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android. It uses a local d... | | |
| CVE-2022-34911 | An issue was discovered in MediaWiki before 1.35.7, 1.36.x and 1.37.x before 1.37.3, and 1.38.x befo... | | |
| CVE-2022-34912 | An issue was discovered in MediaWiki before 1.37.3 and 1.38.x before 1.38.1. The contributions-title... | | |
| CVE-2022-34913 | md2roff 1.7 has a stack-based buffer overflow via a Markdown file containing a large number of conse... | | |
| CVE-2022-34914 | Webswing before 22.1.3 allows X-Forwarded-For header injection. The client IP address is associated ... | | |
| CVE-2022-34916 | Improper Input Validation (JNDI Injection) in JMSMessageConsumer | S | |
| CVE-2022-34917 | Unauthenticated clients may cause OutOfMemoryError on Apache Kafka Brokers | | |
| CVE-2022-34918 | An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_ini... | E S | |
| CVE-2022-34919 | The file upload wizard in Zengenti Contensis Classic before 15.2.1.79 does not correctly check that ... | E | |
| CVE-2022-34924 | Lanling OA Landray Office Automation (OA) internal patch number #133383/#137780 contains an arbitrar... | E | |
| CVE-2022-34927 | MilkyTracker v1.03.00 was discovered to contain a stack overflow via the component LoaderXM::load. T... | E S | |
| CVE-2022-34928 | JFinal CMS v5.1.0 was discovered to contain a SQL injection vulnerability via /system/user.... | E | |
| CVE-2022-34937 | Yuba u5cms v8.3.5 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component sa... | E | |
| CVE-2022-34943 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2022-34945 | Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the star... | E | |
| CVE-2022-34946 | Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the star... | E | |
| CVE-2022-34947 | Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id p... | E | |
| CVE-2022-34948 | Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id p... | E | |
| CVE-2022-34949 | Pharmacy Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities via... | E | |
| CVE-2022-34950 | Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id p... | E | |
| CVE-2022-34951 | Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the star... | E | |
| CVE-2022-34952 | Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id p... | E | |
| CVE-2022-34953 | Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the star... | E | |
| CVE-2022-34954 | Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id p... | E | |
| CVE-2022-34955 | Pligg CMS v2.0.2 was discovered to contain a time-based SQL injection vulnerability via the page_siz... | E | |
| CVE-2022-34956 | Pligg CMS v2.0.2 was discovered to contain a time-based SQL injection vulnerability via the page_siz... | E | |
| CVE-2022-34960 | The container package in MikroTik RouterOS 7.4beta4 allows an attacker to create mount points pointi... | E | |
| CVE-2022-34961 | OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-sit... | E | |
| CVE-2022-34962 | OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-sit... | E | |
| CVE-2022-34963 | OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-sit... | E | |
| CVE-2022-34964 | OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-sit... | E | |
| CVE-2022-34965 | OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain an arbitrary file ... | E | |
| CVE-2022-34966 | OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain an HTML injection ... | E | |
| CVE-2022-34967 | The assertion `stmt->Dbc->FirstStmt' failed in MonetDB Database Server v11.43.13.... | E S | |
| CVE-2022-34968 | An issue in the fetch_step function in Percona Server for MySQL v8.0.28-19 allows attackers to cause... | E | |
| CVE-2022-34969 | PingCAP TiDB v6.1.0 was discovered to contain a NULL pointer dereference.... | E S | |
| CVE-2022-34970 | Crow before 1.0+4 has a heap-based buffer overflow via the function qs_parse in query_string.h. On s... | E S | |
| CVE-2022-34971 | An arbitrary file upload vulnerability in the Advertising Management module of Feehi CMS v2.1.1 allo... | E | |
| CVE-2022-34972 | So Filter Shop v3.x was discovered to contain multiple blind SQL injection vulnerabilities via the a... | E | |
| CVE-2022-34973 | D-Link DIR820LA1_FW106B02 was discovered to contain a buffer overflow via the nextPage parameter at ... | E | |
| CVE-2022-34974 | D-Link DIR810LA1_FW102B22 was discovered to contain a command injection vulnerability via the Ping_a... | E | |
| CVE-2022-34981 | The PyCrowdTangle package in PyPI before v0.0.1 included a code execution backdoor inserted by a thi... | E | |
| CVE-2022-34982 | The eziod package in PyPI before v0.0.1 included a code execution backdoor inserted by a third party... | | |
| CVE-2022-34983 | The scu-captcha package in PyPI v0.0.1 to v0.0.4 included a code execution backdoor inserted by a th... | E | |
| CVE-2022-34988 | Inout Blockchain AltExchanger v1.2.1 was discovered to contain a cross-site scripting (XSS) vulnerab... | E | |
| CVE-2022-34989 | Fruits Bazar v1.0 was discovered to contain a SQL injection vulnerability via the recover_email para... | E | |
| CVE-2022-34991 | Paymoney v3.3 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilitie... | E | |
| CVE-2022-34992 | Luadec v0.9.9 was discovered to contain a heap-buffer overflow via the function UnsetPending.... | E | |
| CVE-2022-34993 | Totolink A3600R_Firmware V4.1.2cu.5182_B20201102 contains a hard code password for root in /etc/shad... | E | |
| CVE-2022-34998 | JPEGDEC commit be4843c was discovered to contain a global buffer overflow via JPEGDecodeMCU at /src/... | E | |
| CVE-2022-34999 | JPEGDEC commit be4843c was discovered to contain a FPE via DecodeJPEG at /src/jpeg.inl.... | E |