| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2022-39000 | The iAware module has a vulnerability in managing malicious apps.Successful exploitation of this vul... | | |
| CVE-2022-39001 | The number identification module has a path traversal vulnerability. Successful exploitation of this... | | |
| CVE-2022-39002 | Double free vulnerability in the storage module. Successful exploitation of this vulnerability will ... | | |
| CVE-2022-39003 | Buffer overflow vulnerability in the video framework. Successful exploitation of this vulnerability ... | | |
| CVE-2022-39004 | The MPTCP module has the memory leak vulnerability. Successful exploitation of this vulnerability ca... | | |
| CVE-2022-39005 | The MPTCP module has the memory leak vulnerability. Successful exploitation of this vulnerability ca... | | |
| CVE-2022-39006 | The MPTCP module has the race condition vulnerability. Successful exploitation of this vulnerability... | | |
| CVE-2022-39007 | The location module has a vulnerability of bypassing permission verification.Successful exploitation... | | |
| CVE-2022-39008 | The NFC module has bundle serialization/deserialization vulnerabilities. Successful exploitation of ... | | |
| CVE-2022-39009 | The WLAN module has a vulnerability in permission verification. Successful exploitation of this vuln... | | |
| CVE-2022-39010 | The HwChrService module has a vulnerability in permission control. Successful exploitation of this v... | | |
| CVE-2022-39011 | The HISP module has a vulnerability of bypassing the check of the data transferred in the kernel spa... | | |
| CVE-2022-39012 | Huawei Aslan Children's Watch has an improper input validation vulnerability. Successful exploitatio... | | |
| CVE-2022-39013 | Under certain conditions an authenticated attacker can get access to OS credentials. Getting access ... | | |
| CVE-2022-39014 | Under certain conditions SAP BusinessObjects Business Intelligence Platform Central Management Conso... | | |
| CVE-2022-39015 | Under certain conditions, BOE AdminTools/ BOE SDK allows an attacker to access information which wou... | | |
| CVE-2022-39016 | Javascript injection in PDFtron in M-Files Hubshare | | |
| CVE-2022-39017 | XSS in all comments fields in M-Files Hubshare | | |
| CVE-2022-39018 | Broken access controls on PDFtron data in M-Files Hubshare | | |
| CVE-2022-39019 | Broken access controls on PDFtron WebviewerUI in M-Files Hubshare | | |
| CVE-2022-39020 | Cross-site scripting in Schoolbox version 21.0.2, by Schoolbox Pty Ltd | | |
| CVE-2022-39021 | e-Excellence Inc. U-Office Force - Open Redirect | S | |
| CVE-2022-39022 | e-Excellence Inc. U-Office Force - Path Traversal | S | |
| CVE-2022-39023 | e-Excellence Inc. U-Office Force - Path Traversal | S | |
| CVE-2022-39024 | e-Excellence Inc. U-Office Force - Reflected XSS | S | |
| CVE-2022-39025 | e-Excellence Inc. U-Office Force - Reflected XSS | S | |
| CVE-2022-39026 | e-Excellence Inc. U-Office Force - Stored XSS | S | |
| CVE-2022-39027 | e-Excellence Inc. U-Office Force - Stored XSS | S | |
| CVE-2022-39028 | telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and derivative works has a NULL p... | E S | |
| CVE-2022-39029 | Smart eVision - Exposure of Sensitive Information to an Unauthorized Actor -1 | S | |
| CVE-2022-39030 | Smart eVision - Exposure of Sensitive Information to an Unauthorized Actor -2 | S | |
| CVE-2022-39031 | Smart eVision - Exposure of Sensitive Information to an Unauthorized Actor -3 | S | |
| CVE-2022-39032 | Smart eVision - Improper Privilege Management | S | |
| CVE-2022-39033 | Smart eVision - Path Traversal -1 | S | |
| CVE-2022-39034 | Smart eVision - Path Traversal -2 | S | |
| CVE-2022-39035 | Smart eVision - Stored XSS | S | |
| CVE-2022-39036 | FLOWRING Agentflow BPM - Arbitrary File Upload | S | |
| CVE-2022-39037 | FLOWRING Agentflow BPM - Path Traversal | S | |
| CVE-2022-39038 | FLOWRING Agentflow BPM - Broken Access Control | S | |
| CVE-2022-39039 | aEnrich a+HRD - Server-Side Request Forgery (SSRF) | | |
| CVE-2022-39040 | aEnrich a+HRD - Path Traversal | | |
| CVE-2022-39041 | aEnrich a+HRD - SQL Injection | | |
| CVE-2022-39042 | aEnrich a+HRD - Improper Authentication | | |
| CVE-2022-39043 | Juiker app - Information Leakage | S | |
| CVE-2022-39044 | Hidden functionality vulnerability in multiple Buffalo network devices allows a network-adjacent att... | S | |
| CVE-2022-39045 | A file write vulnerability exists in the httpd upload.cgi functionality of Siretta QUARTZ-GOLD G5.0.... | E | |
| CVE-2022-39046 | An issue was discovered in the GNU C Library (glibc) 2.36. When the syslog function is passed a craf... | E | |
| CVE-2022-39047 | Freeciv before 2.6.7 and before 3.0.3 is prone to a buffer overflow vulnerability in the Modpack Ins... | S | |
| CVE-2022-39048 | Cross-Site Scripting (XSS) vulnerability in ServiceNow UI page assessment_redirect | | |
| CVE-2022-39049 | Possible XSS in Admin Interface | S | |
| CVE-2022-39050 | Possible XSS stored in customer information | S | |
| CVE-2022-39051 | Perl Code execution in Template Toolkit | S | |
| CVE-2022-39052 | DoS attack using email | S | |
| CVE-2022-39053 | HEIMAVISTA INC. Rpage - Reflected XSS | S | |
| CVE-2022-39054 | COWELL INFORMATION SYSTEM CO., LTD. enterprise travel management system - Reflected XSS | S | |
| CVE-2022-39055 | Changing Information Technology Inc. RAVA certificate validation system - Server-Side Request Forgery (SSRF) | S | |
| CVE-2022-39056 | Changing Information Technology Inc. RAVA certificate validation system - SQL Injection | S | |
| CVE-2022-39057 | Changing Information Technology Inc. RAVA certificate validation system - Command Injection | S | |
| CVE-2022-39058 | Changing Information Technology Inc. RAVA certificate validation system - Path Traversal | S | |
| CVE-2022-39059 | ChangingTec MegaServiSignAdapter - Path Traversal | S | |
| CVE-2022-39060 | ChangingTec MegaServiSignAdapter - Improper Input Validation | S | |
| CVE-2022-39061 | ChangingTec MegaServiSignAdapter - Out-of-bounds Read | S | |
| CVE-2022-39062 | A vulnerability has been identified in SICAM TOOLBOX II (All versions < V07.10). Affected applicatio... | S | |
| CVE-2022-39063 | When Open5GS UPF receives a PFCP Session Establishment Request, it stores related values for buildin... | E | |
| CVE-2022-39064 | An attacker sending a single malformed IEEE 802.15.4 (Zigbee) frame makes the TRÅDFRI bulb blink, an... | | |
| CVE-2022-39065 | A single malformed IEEE 802.15.4 (Zigbee) frame makes the TRÅDFRI gateway unresponsive, such that co... | | |
| CVE-2022-39066 | There is a SQL injection vulnerability in ZTE MF286R. Due to insufficient validation of the input pa... | | |
| CVE-2022-39067 | There is a buffer overflow vulnerability in ZTE MF286R. Due to lack of input validation on parameter... | | |
| CVE-2022-39068 | Buffer Overflow Vulnerability in ZTE MF296R | S | |
| CVE-2022-39069 | There is a SQL injection vulnerability in ZTE ZAIP-AIE. Due to lack of input verification by the ser... | | |
| CVE-2022-39070 | There is an access control vulnerability in some ZTE PON OLT products. Due to improper access contro... | | |
| CVE-2022-39071 | There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application ... | | |
| CVE-2022-39072 | There is a SQL injection vulnerability in Some ZTE Mobile Internet products. Due to insufficient val... | | |
| CVE-2022-39073 | There is a command injection vulnerability in ZTE MF286R, Due to insufficient validation of the inpu... | | |
| CVE-2022-39074 | There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application ... | | |
| CVE-2022-39075 | There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application ... | | |
| CVE-2022-39080 | In messaging service, there is a missing permission check. This could lead to elevation of privilege... | | |
| CVE-2022-39081 | In network service, there is a missing permission check. This could lead to local escalation of priv... | | |
| CVE-2022-39082 | In network service, there is a missing permission check. This could lead to local escalation of priv... | | |
| CVE-2022-39083 | In network service, there is a missing permission check. This could lead to local escalation of priv... | | |
| CVE-2022-39084 | In network service, there is a missing permission check. This could lead to local escalation of priv... | | |
| CVE-2022-39085 | In network service, there is a missing permission check. This could lead to local escalation of priv... | | |
| CVE-2022-39086 | In network service, there is a missing permission check. This could lead to local escalation of priv... | | |
| CVE-2022-39087 | In network service, there is a missing permission check. This could lead to local escalation of priv... | | |
| CVE-2022-39088 | In network service, there is a missing permission check. This could lead to local escalation of priv... | | |
| CVE-2022-39089 | In mlog service, there is a possible out of bounds read due to a missing bounds check. This could le... | | |
| CVE-2022-39090 | In power management service, there is a missing permission check. This could lead to set up power ma... | | |
| CVE-2022-39091 | In power management service, there is a missing permission check. This could lead to set up power ma... | | |
| CVE-2022-39092 | In power management service, there is a missing permission check. This could lead to set up power ma... | | |
| CVE-2022-39093 | In power management service, there is a missing permission check. This could lead to set up power ma... | | |
| CVE-2022-39094 | In power management service, there is a missing permission check. This could lead to set up power ma... | | |
| CVE-2022-39095 | In power management service, there is a missing permission check. This could lead to set up power ma... | | |
| CVE-2022-39096 | In power management service, there is a missing permission check. This could lead to set up power ma... | | |
| CVE-2022-39097 | In power management service, there is a missing permission check. This could lead to set up power ma... | | |
| CVE-2022-39098 | In power management service, there is a missing permission check. This could lead to set up power ma... | | |
| CVE-2022-39099 | In power management service, there is a missing permission check. This could lead to set up power ma... | | |
| CVE-2022-39100 | In power management service, there is a missing permission check. This could lead to set up power ma... | | |
| CVE-2022-39101 | In power management service, there is a missing permission check. This could lead to set up power ma... | | |
| CVE-2022-39102 | In power management service, there is a missing permission check. This could lead to set up power ma... | | |
| CVE-2022-39103 | In Gallery service, there is a missing permission check. This could lead to local denial of service ... | | |
| CVE-2022-39104 | In contacts service, there is a missing permission check. This could lead to local denial of service... | | |
| CVE-2022-39105 | In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could ... | | |
| CVE-2022-39106 | In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could ... | | |
| CVE-2022-39107 | In Soundrecorder service, there is a missing permission check. This could lead to elevation of privi... | | |
| CVE-2022-39108 | In Music service, there is a missing permission check. This could lead to elevation of privilege in ... | | |
| CVE-2022-39109 | In Music service, there is a missing permission check. This could lead to elevation of privilege in ... | | |
| CVE-2022-39110 | In Music service, there is a missing permission check. This could lead to elevation of privilege in ... | | |
| CVE-2022-39111 | In Music service, there is a missing permission check. This could lead to elevation of privilege in ... | | |
| CVE-2022-39112 | In Music service, there is a missing permission check. This could lead to local denial of service in... | | |
| CVE-2022-39113 | In Music service, there is a missing permission check. This could lead to local denial of service in... | | |
| CVE-2022-39114 | In Music service, there is a missing permission check. This could lead to local denial of service in... | | |
| CVE-2022-39115 | In Music service, there is a missing permission check. This could lead to local denial of service in... | | |
| CVE-2022-39116 | In sprd_sysdump driver, there is a possible out of bounds write due to a missing bounds check. This ... | | |
| CVE-2022-39117 | In messaging service, there is a missing permission check. This could lead to local information disc... | | |
| CVE-2022-39118 | In sprd_sysdump driver, there is a possible out of bounds write due to a missing bounds check. This ... | | |
| CVE-2022-39119 | In network service, there is a missing permission check. This could lead to local escalation of priv... | | |
| CVE-2022-39120 | In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could ... | | |
| CVE-2022-39121 | In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could ... | | |
| CVE-2022-39122 | In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could ... | | |
| CVE-2022-39123 | In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could ... | | |
| CVE-2022-39124 | In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could ... | | |
| CVE-2022-39125 | In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could ... | | |
| CVE-2022-39126 | In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could ... | | |
| CVE-2022-39127 | In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could ... | | |
| CVE-2022-39128 | In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could ... | | |
| CVE-2022-39129 | In face detect driver, there is a possible out of bounds write due to a missing bounds check. This c... | | |
| CVE-2022-39130 | In face detect driver, there is a possible out of bounds write due to a missing bounds check. This c... | | |
| CVE-2022-39131 | In camera driver, there is a possible memory corruption due to improper locking. This could lead to ... | | |
| CVE-2022-39132 | In camera driver, there is a possible out of bounds write due to a missing bounds check. This could ... | | |
| CVE-2022-39133 | In wlan driver, there is a possible missing bounds check, This could lead to local denial of service... | | |
| CVE-2022-39134 | In audio driver, there is a use after free due to a race condition. This could lead to local denial ... | | |
| CVE-2022-39135 | Apache Calcite: potential XEE attacks | M | |
| CVE-2022-39136 | A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V... | | |
| CVE-2022-39137 | A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V34.0 (... | | |
| CVE-2022-39138 | A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V34.0 (... | | |
| CVE-2022-39139 | A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V34.0 (... | | |
| CVE-2022-39140 | A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V34.0 (... | | |
| CVE-2022-39141 | A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V34.0 (... | | |
| CVE-2022-39142 | A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (... | | |
| CVE-2022-39143 | A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (... | | |
| CVE-2022-39144 | A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (... | | |
| CVE-2022-39145 | A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (... | | |
| CVE-2022-39146 | A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (... | | |
| CVE-2022-39147 | A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (... | | |
| CVE-2022-39148 | A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (... | | |
| CVE-2022-39149 | A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (... | | |
| CVE-2022-39150 | A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (... | | |
| CVE-2022-39151 | A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (... | | |
| CVE-2022-39152 | A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (... | | |
| CVE-2022-39153 | A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (... | | |
| CVE-2022-39154 | A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (... | | |
| CVE-2022-39155 | A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (... | | |
| CVE-2022-39156 | A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (... | | |
| CVE-2022-39157 | A vulnerability has been identified in Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.0 (... | | |
| CVE-2022-39158 | Affected devices improperly handle partial HTTP requests which makes them vulnerable to slowloris at... | S | |
| CVE-2022-39159 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2022-39160 | IBM Cognos Analytics cross-site scripting | S | |
| CVE-2022-39161 | IBM WebSphere Application Server information disclosure | | |
| CVE-2022-39163 | IBM Cognos Controller HTTP response smuggling | | |
| CVE-2022-39164 | IBM AIX denial of service | S | |
| CVE-2022-39165 | IBM AIX denial of service | S | |
| CVE-2022-39166 | IBM Security Guardium information disclosure | S | |
| CVE-2022-39167 | IBM Spectrum Virtualize information disclosure | S | |
| CVE-2022-39168 | IBM Robotic Process Automation Clients are vulnerable to proxy credentials being exposed in upgrade ... | S | |
| CVE-2022-39170 | libdwarf 0.4.1 has a double free in _dwarf_exec_frame_instr in dwarf_frame.c.... | S | |
| CVE-2022-39172 | A stored XSS in the process overview (bersicht zugewiesener Vorgaenge) in mbsupport openVIVA c2 2022... | E | |
| CVE-2022-39173 | In wolfSSL before 5.5.1, malicious clients can cause a buffer overflow during a TLS 1.3 handshake. T... | E | |
| CVE-2022-39176 | BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because prof... | S | |
| CVE-2022-39177 | BlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malform... | S | |
| CVE-2022-39178 | Webvendome - webvendome Internal Server IP Disclosure | S | |
| CVE-2022-39179 | College Management System v1.0 - Authenticated remote code execution | | |
| CVE-2022-39180 | College Management System v1.0 - SQL Injection (SQLi) | | |
| CVE-2022-39181 | GLPI - Reports plugin for GLPI Reflected Cross-Site-Scripting (RXSS) | | |
| CVE-2022-39182 | H C Mingham-Smith Ltd - Tardis 2000 Privilege escalation | S | |
| CVE-2022-39183 | Moodle Plugin - SAML Auth Open Redirect | | |
| CVE-2022-39184 | EXFO - BV-10 Performance Endpoint Unit Authentication bypass | S | |
| CVE-2022-39185 | EXFO - BV-10 Performance Endpoint Unit Undocumented privileged user. | S | |
| CVE-2022-39186 | EXFO - BV-10 Performance Endpoint Unit Misconfiguration | S | |
| CVE-2022-39187 | Rumpus - FTP server Reflected cross-site scripting (RXSS) | | |
| CVE-2022-39188 | An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a r... | S | |
| CVE-2022-39189 | An issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Unprivileged guest... | S | |
| CVE-2022-39190 | An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel before 5.19.6. A denial... | S | |
| CVE-2022-39193 | An issue was discovered in the CheckUser extension for MediaWiki through 1.39.x. Various components ... | E S | |
| CVE-2022-39194 | An issue was discovered in the MediaWiki through 1.38.2. The community configuration pages for the G... | E | |
| CVE-2022-39195 | A cross-site scripting (XSS) vulnerability in the LISTSERV 17 web interface allows remote attackers ... | | |
| CVE-2022-39196 | Blackboard Learn 1.10.1 allows remote authenticated users to read unintended files by entering stude... | E | |
| CVE-2022-39197 | An XSS (Cross Site Scripting) vulnerability was found in HelpSystems Cobalt Strike through 4.7 that ... | KEV M | |
| CVE-2022-39198 | Apache Dubbo Hession Deserialization Vulnerability Gadgets Bypass | | |
| CVE-2022-39199 | Lack of proper validation in immudb | | |
| CVE-2022-39200 | Signature checks not applied to some retrieved missing events | S | |
| CVE-2022-39201 | Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins | S | |
| CVE-2022-39202 | IRC mode parameter confusion in matrix-appservice-irc | S | |
| CVE-2022-39203 | Parsing issue in matrix-org/node-irc leading to room takeovers | M | |
| CVE-2022-39205 | Access Control Bypass in Onedev | E S | |
| CVE-2022-39206 | CI/CD Docker Escape in OneDev | E S | |
| CVE-2022-39207 | Persistent XSS in OneDev | E S | |
| CVE-2022-39208 | Git Repository Disclosure in Onedev | E S | |
| CVE-2022-39209 | Uncontrolled Resource Consumption in cmark-gfm | S | |
| CVE-2022-39210 | Access to internal files of the Nextcloud Android app | S | |
| CVE-2022-39211 | Server-Side Request Forgery (SSRF) via potential filter bypass in Nextcloud Server | S | |
| CVE-2022-39212 | Last video frame is still sent after video is disabled in a call in Nextcloud Talk | S | |
| CVE-2022-39213 | Out-of-bounds Read in go-cvss | E S | |
| CVE-2022-39214 | Authenticated users of Combodo iTop can take over any account | S | |
| CVE-2022-39215 | The readDir Endpoint Scope can be Bypassed With Symbolic Links in Tauri | E S | |
| CVE-2022-39216 | Combodo iTop's weak password reset token leads to account takeover | S | |
| CVE-2022-39217 | Improper Neutralization of Formula Elements in a CSV File in ghas-to-csv | S | |
| CVE-2022-39218 | Random number seed fixed during compilation | | |
| CVE-2022-39219 | Bifrost users using basic authntication can bypass write permission limit | E | |
| CVE-2022-39220 | XSS Vulnerabilities in WebClient | | |
| CVE-2022-39221 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') McWebserver Minecraft Mod | S | |
| CVE-2022-39222 | OAuth authorization code exposure in Dex | E S | |
| CVE-2022-39224 | Arbitrary shell execution when extracting or listing files contained in a malicious rpm. | E S | |
| CVE-2022-39225 | Parse Server subject to Incorrect Resource Transfer Between Spheres | | |
| CVE-2022-39226 | Discourse user profile location and website fields were not sufficiently length-limited | S | |
| CVE-2022-39227 | Python-jwt subject to Authentication Bypass by Spoofing | S | |
| CVE-2022-39228 | Observable Response Discrepancy in vantage6 | S | |
| CVE-2022-39229 | Grafana users with email as a username can block other users from signing in | S | |
| CVE-2022-39230 | Security issue in fhir-works-on-aws-authz-smart | | |
| CVE-2022-39231 | Parse Server subject to Improper Authentication allowing Auth adapter app ID validation to be circumvented | | |
| CVE-2022-39232 | Discourse vulnerable to incomplete quote causing a topic to crash in the browser | S | |
| CVE-2022-39233 | Tuleap subject to Missing Authorization allowing for branch prefix modification | E S | |
| CVE-2022-39234 | user session persists even after permanently deleting account in GLPI | | |
| CVE-2022-39236 | Matrix Javascript SDK improper beacon events can cause availability issues | S | |
| CVE-2022-39237 | Digital Signature Hash Algorithms Not Validated in sylabs/sif | S | |
| CVE-2022-39238 | Improper Authentication in Arvados when using PAM as identity provider | | |
| CVE-2022-39239 | nefly-ipx subject to Server-Side Request Forgery and Stored Cross-Site Scripting via Cache Poisoning and Improper Host Validation | | |
| CVE-2022-39240 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in MyGraph | E | |
| CVE-2022-39241 | Possible Server-Side Request Forgery (SSRF) in webhooks | | |
| CVE-2022-39242 | Incorrect Calculation in Frontier leads to inflated Ethereum chain gas prices | S | |
| CVE-2022-39243 | NuProcess vulnerable to command-line injection through insertion of NUL character(s) | E S | |
| CVE-2022-39244 | Buffer overflow in pjlib scanner and pjmedia | S | |
| CVE-2022-39245 | Mist vulnerable to user providing a Sudo binary for authentication checks | S | |
| CVE-2022-39246 | matrix-android-sdk2 vulnerable to impersonation via forwarded Megolm sessions | S | |
| CVE-2022-39248 | matrix-android-sdk2 vulnerable to Olm/Megolm protocol confusion | S | |
| CVE-2022-39249 | Matrix Javascript SDK vulnerable to impersonation via forwarded Megolm sessions | S | |
| CVE-2022-39250 | Matrix JavaScript SDK vulnerable to key/device identifier confusion in SAS verification | S | |
| CVE-2022-39251 | Matrix Javascript SDK vulnerable to Olm/Megolm protocol confusion | S | |
| CVE-2022-39252 | When matrix-rust-sdk recieves forwarded room keys, the reciever doesn't check if it requested the key from the forwarder | S | |
| CVE-2022-39253 | Git subject to exposure of sensitive information via local clone of symbolic links | M | |
| CVE-2022-39254 | When matrix-nio receives forwarded room keys, the receiver doesn't check if it requested the key from the forwarder | S | |
| CVE-2022-39255 | Matrix iOS SDK vulnerable ton Olm/Megolm protocol confusion | S | |
| CVE-2022-39256 | Orckestra C1 CMS's deserialization of untrusted data allows for arbitrary code execution. | S | |
| CVE-2022-39257 | Matrix iOS SDK vulnerable to impersonation via forwarded Megolm sessions | S | |
| CVE-2022-39258 | mailcow-dockerized critical information misrepresentation can lead to phishing attacks through Swagger UI | E S | |
| CVE-2022-39259 | Jadx-gui subject to Denial of Service via Swing HTML rendering | E | |
| CVE-2022-39260 | Git vulnerable to Remote Code Execution via Heap overflow in `git shell` | M | |
| CVE-2022-39261 | Twig may load a template outside a configured directory when using the filesystem loader | S | |
| CVE-2022-39262 | Stored Cross-Site Scripting (XSS) on login page in GLPI | E | |
| CVE-2022-39263 | NextAuth.js Upstash Adapter missing token verification | S | |
| CVE-2022-39264 | nheko vulnerable to secret poisoning using MITM on secret requests by the homeserver | S | |
| CVE-2022-39265 | Mail settings' command parameter injection in mybb | E S | |
| CVE-2022-39266 | isolated-vm has vulnerable CachedDataOptions in API | | |
| CVE-2022-39267 | Brokercap Bifrost vulnerable to authentication bypass for admin and monitor user groups | S | |
| CVE-2022-39268 | orchest vulnerable to cross-site request forgery that allows control of a user instance | S | |
| CVE-2022-39269 | Media transport downgrade from the secure version (SRTP) to non-secure (RTP) in pjsip | S | |
| CVE-2022-39270 | Arbitrary HTML injection in table-of-contents theme component in DiscoTOC | S | |
| CVE-2022-39271 | Traefik HTTP/2 connections management could cause a denial of service | S | |
| CVE-2022-39272 | Flux2 vulnerable to Denial of Service due to Improper use of metav1.Duration | S | |
| CVE-2022-39273 | Default OAuth Authorization Server secret in FlyteAdmin | S | |
| CVE-2022-39274 | Buffer Overflow in `ProcessRadioRxDone` in LoRaMac-node | E S | |
| CVE-2022-39275 | Improper object type validation in saleor | S | |
| CVE-2022-39276 | Blind Server-Side Request Forgery (SSRF) in RSS feeds and planning | E | |
| CVE-2022-39277 | Cross-Site Scripting (XSS) in external links in GLPI | E S | |
| CVE-2022-39278 | Istio vulnerable to denial of service attack due to Golang Regex Library | | |
| CVE-2022-39279 | Discourse-chat plugin susceptible to XSS in channel name and description | S | |
| CVE-2022-39280 | Regular expression denial of service in dparse | S | |
| CVE-2022-39281 | Remote Denial of Service via Tasks endpoint in fat_free_crm | S | |
| CVE-2022-39282 | RDP client: Read of uninitialized memory with parallel port redirection | | |
| CVE-2022-39283 | FreeRDP may read and display out of bounds data | | |
| CVE-2022-39284 | Secure or HttpOnly flag set in Config\Cookie is not reflected in Cookies issued in Codeigniter4 | E S | |
| CVE-2022-39285 | Stored Cross-Site Scripting Vulnerability In File Parameter in zoneminder | E S | |
| CVE-2022-39286 | Execution with Unnecessary Privileges in JupyterApp | S | |
| CVE-2022-39287 | Plaintext transmission of CSRF tokens in tiny-csrf | S | |
| CVE-2022-39288 | Denial of service in Fastify via Content-Type header | S | |
| CVE-2022-39289 | Database log access in ZoneMinder | E S | |
| CVE-2022-39290 | CSRF key bypass using HTTP methods in zoneminder | E S | |
| CVE-2022-39291 | Denial of service through logs in zoneminder | E S | |
| CVE-2022-39292 | Exposure of sensitive Slack webhook URLs in debug logs and traces | | |
| CVE-2022-39293 | Azure RTOS USBX Host PIMA vulnerable to read integer underflow with buffer overflow | S | |
| CVE-2022-39294 | (DoS) Denial of Service from unchecked request length in conduit-hyper | | |
| CVE-2022-39295 | Improper Neutralization of Alternate XSS Syntax in Knowage-Server | E | |
| CVE-2022-39296 | Path traversal in MelisAssetManager | S | |
| CVE-2022-39297 | Deserialization of untrusted data in MelisCms | S | |
| CVE-2022-39298 | Deserialization of untrusted data in MelisFront | S | |
| CVE-2022-39299 | Signature bypass via multiple root elements in Passport-SAML | S | |
| CVE-2022-39300 | Signature bypass via multiple root elements in node-SAML | S | |
| CVE-2022-39301 | sra-admin is vulnerable to storage cross-site scripting (XSS) via unrestricted file upload | E | |
| CVE-2022-39302 | Ree6 may bypass webhook protection | S | |
| CVE-2022-39303 | Ree6 vulnerable to SQL Injection | S | |
| CVE-2022-39304 | ghinstallation returns app JWT in error responses | E S | |
| CVE-2022-39305 | Gin-vue-admin vulnerable to Unrestricted Upload of File with Dangerous Type | E S | |
| CVE-2022-39306 | Grafana contains Improper Input Validation | S | |
| CVE-2022-39307 | Grafana subject to Exposure of Sensitive Information resulting in User enumeration via forget password | | |
| CVE-2022-39308 | GoCD API authentication of user access tokens subject to timing attack during comparison | S | |
| CVE-2022-39309 | GoCD server secret encryption/decryption key leaked to agents during material serialization | S | |
| CVE-2022-39310 | Malicious agent may be able to impersonate another agent in GoCD | S | |
| CVE-2022-39311 | Compromised agents may be able to execute remote code on GoCD Server | S | |
| CVE-2022-39312 | Dataease Mysql Data Source JDBC Connection Parameters Not Verified Leads to Deserialization Vulnerability | E S | |
| CVE-2022-39313 | Parse Server crashes when receiving file download request with invalid byte range | | |
| CVE-2022-39314 | User enumeration in the code-based login and password reset forms | | |
| CVE-2022-39315 | Kirby CMS vulnerable to user enumeration in the brute force protection | | |
| CVE-2022-39316 | Out of bound read in FreeRDP | S | |
| CVE-2022-39317 | Out of bounds read in zgfx decoder in FreeRDP | | |
| CVE-2022-39318 | Division by zero in urbdrc channel in FreeRDP | S | |
| CVE-2022-39319 | Missing length validation in urbdrc channel in FreeRDP | S | |
| CVE-2022-39320 | Heap buffer overflow in urbdrc channel | | |
| CVE-2022-39321 | GitHub Actions Runner vulnerable to Docker Command Escaping | S | |
| CVE-2022-39322 | @keystone-6/core vulnerable to field-level access-control bypass for multiselect field | E S | |
| CVE-2022-39323 | SQL Injection on REST API in GLPI | | |
| CVE-2022-39324 | Grafana vulnerable to spoofing originalUrl of snapshots | S | |
| CVE-2022-39325 | Cross-site scripting vulnerability in BaserCMS | S | |
| CVE-2022-39326 | kartverket/github-workflows's run-terraform allows for RCE via terraform plan | S | |
| CVE-2022-39327 | Improper Control of Generation of Code ('Code Injection') in Azure CLI | E S | |
| CVE-2022-39328 | Grafana vulnerable to race condition allowing privilege escalation | | |
| CVE-2022-39329 | Profile of disabled user stays accessible | S | |
| CVE-2022-39330 | Database resource exhaustion for logged-in users via sharee recommendations with circles | S | |
| CVE-2022-39331 | Cross-site Scripting (XSS) in Nexcloud Desktop Client | E S | |
| CVE-2022-39332 | Cross-site scripting (XSS) in Nextcloud Desktop Client | E S | |
| CVE-2022-39333 | Cross-site scripting (XSS) in Nextcloud Desktop Client | E S | |
| CVE-2022-39334 | nextcloudcmd incorrectly trusts bad TLS certificates | E S | |
| CVE-2022-39335 | Synapse does not apply enough checks to servers requesting auth events of events in a room | S | |
| CVE-2022-39337 | Permission bypass due to incorrect configuration in github.com/dromara/hertzbeat | E S | |
| CVE-2022-39338 | Stored cross site scripting (XSS) vulnerability via Authorization Endpoint in user_oidc | S | |
| CVE-2022-39339 | Cleartext Transmission of Sensitive Information in user_oidc | S | |
| CVE-2022-39340 | OpenFGA Information Disclosure | S | |
| CVE-2022-39341 | OpenFGA Authorization Bypass | S | |
| CVE-2022-39342 | OpenFGA Authorization Bypass | S | |
| CVE-2022-39343 | Azure RTOS FileX vulnerable to Buffer Offerflow | E S | |
| CVE-2022-39344 | Azure RTOS USBX vulnerable to buffer overflow | E | |
| CVE-2022-39345 | Gin-vue-admin arbitrary file upload vulnerability caused by path traversal | E S | |
| CVE-2022-39346 | Missing length validation of user displayname in nextcloud server | S | |
| CVE-2022-39347 | Missing path sanitation with `drive` channel in FreeRDP | S | |
| CVE-2022-39348 | Twisted vulnerable to NameVirtualHost Host header injection | E S | |
| CVE-2022-39349 | Tasks.org vulnerable to data exfiltration by malicous app or adb | S | |
| CVE-2022-39350 | @dependencytrack/frontend vulnerable to Persistent Cross-Site-Scripting via Vulnerability Details | | |
| CVE-2022-39351 | Dependency-Track vulnerable to logging of API keys in clear text when handling API requests using keys with insufficient permissions | | |
| CVE-2022-39352 | OpenFGA Authorization Bypass | | |
| CVE-2022-39353 | xmldom allows multiple root nodes in a DOM | E | |
| CVE-2022-39354 | evm has incorrect is_static parameter for custom stateful precompiles | S | |
| CVE-2022-39355 | Discourse Patreon vulnerable to improper validation of email during Patreon authentication | S | |
| CVE-2022-39356 | Discourse user account takeover via email and invite link | S | |
| CVE-2022-39357 | Winter vulnerable to Prototype Pollution in Snowboard framework | S | |
| CVE-2022-39358 | Metabase vulnerable to circumvention of Locked parameter in Signed Embedding | | |
| CVE-2022-39359 | Metabase's GeoJSON validation doesn't prevent redirects to blocked URLs | S | |
| CVE-2022-39360 | Metabase SSO users able to circumvent IdP login by doing password reset | S | |
| CVE-2022-39361 | Metabase vulnerable to Remote Code Execution via H2 | | |
| CVE-2022-39362 | Metabase vulnerable to arbitrary SQL execution from queryhash | S | |
| CVE-2022-39364 | Exception logging in Sharepoint app reveals clear-text connection details | E S | |
| CVE-2022-39365 | RCE vulnerability in Pimcore/Mail & Dynamic Text Layout | S | |
| CVE-2022-39366 | DataHub missing JWT signature check | E | |
| CVE-2022-39367 | Vulnerability in handling of uploaded QTI ZIP files | E S | |
| CVE-2022-39368 | Californium Failing DTLS handshakes causes Data Loss due to throttling blocking processing of records | S | |
| CVE-2022-39369 | Service Hostname Discovery Exploitation in phpCAS | M | |
| CVE-2022-39370 | Improper access to debug panel in GLPI | M | |
| CVE-2022-39371 | Stored Cross-Site Scripting (XSS) through asset inventory in GLPI | | |
| CVE-2022-39372 | Stored Cross-Site Scripting (XSS) in user information in GLPI | | |
| CVE-2022-39373 | Stored Cross-Site Scripting (XSS) in entity name in GLPI | | |
| CVE-2022-39374 | Synapse Denial of service due to incorrect application of event authorization rules during state resolution | S | |
| CVE-2022-39375 | Cross-Site Scripting (XSS) through public RSS feed in GLPI | | |
| CVE-2022-39376 | Improper input validation on emails links in GLPI | | |
| CVE-2022-39377 | sysstat Incorrect Buffer Size calculation on 32-bit systems results in RCE via buffer overflow | E | |
| CVE-2022-39378 | Displaying user badges can leak topic titles to users that have no access to the topic | | |
| CVE-2022-39379 | Fluentd vulnerable to remote code execution due to insecure deserialization (in non-default configuration) | S | |
| CVE-2022-39380 | wire-webapp contains Improper Handling of Exceptional Conditions leading to a DoS via Markdown Rendering | | |
| CVE-2022-39381 | Unchecked Return Value to NULL Pointer Dereference in PDFDocumentHandler.cpp | E S | |
| CVE-2022-39382 | NODE_ENV in Keystone defaults to development with esbuild | E S | |
| CVE-2022-39383 | SSRF vulnerability in KubeVela VelaUX APIServer | S | |
| CVE-2022-39384 | OpenZeppelin Contracts initializer reentrancy may lead to double initialization | S | |
| CVE-2022-39385 | Users erroneously and transparently added to private messages in Discourse | S | |
| CVE-2022-39386 | fastify-websocket vulnerable to uncaught exception via crash on malformed packet | | |
| CVE-2022-39387 | XWiki OIDC Authenticator vulnerable to OpenID login bypass due to improper authentication | S | |
| CVE-2022-39388 | Istio may allow identity impersonation if user has localhost access | S | |
| CVE-2022-39389 | Witness Block Parsing DoS Vulnerability in lnd | E S | |
| CVE-2022-39390 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-36534. Reason: This candidat... | R | |
| CVE-2022-39392 | Wasmtime vulnerable to out of bounds read/write with zero-memory-pages configuration | S | |
| CVE-2022-39393 | Wasmtime vulnerable to data leakage between instances in the pooling allocator | S | |
| CVE-2022-39394 | wasmtime_trap_code C API function has out of bounds write vulnerability | S | |
| CVE-2022-39395 | Vela Insecure Defaults | S | |
| CVE-2022-39396 | Parse Server vulnerable to Remote Code Execution via prototype pollution in MongoDB BSON parser | | |
| CVE-2022-39397 | Exposure of sensitive information in aliyun-oss-client | S | |
| CVE-2022-39398 | InfotelGLPI vulnerable to Cross-site Scripting | S | |
| CVE-2022-39399 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (co... | S | |
| CVE-2022-39400 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported ... | S | |
| CVE-2022-39401 | Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported ver... | S | |
| CVE-2022-39402 | Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell: Core Client). Supported ... | S | |
| CVE-2022-39403 | Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell: Core Client). Supported ... | S | |
| CVE-2022-39404 | Vulnerability in the MySQL Installer product of Oracle MySQL (component: Installer: General). Suppor... | S | |
| CVE-2022-39405 | Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Authentic... | S | |
| CVE-2022-39406 | Vulnerability in the PeopleSoft Enterprise Common Components product of Oracle PeopleSoft (component... | S | |
| CVE-2022-39407 | Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Secu... | S | |
| CVE-2022-39408 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported ... | S | |
| CVE-2022-39409 | Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain (component: Bus... | S | |
| CVE-2022-39410 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported ... | S | |
| CVE-2022-39411 | Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain (component: Bus... | S | |
| CVE-2022-39412 | Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Admin Con... | S | |
| CVE-2022-39417 | Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported... | | |
| CVE-2022-39419 | Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affect... | S | |
| CVE-2022-39420 | Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain (component: Dat... | S | |
| CVE-2022-39421 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Suppor... | S | |
| CVE-2022-39422 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Suppor... | S | |
| CVE-2022-39423 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Suppor... | S | |
| CVE-2022-39424 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Suppor... | S | |
| CVE-2022-39425 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Suppor... | S | |
| CVE-2022-39426 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Suppor... | S | |
| CVE-2022-39427 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Suppor... | S | |
| CVE-2022-39428 | Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (... | S | |
| CVE-2022-39429 | Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affec... | S | |
| CVE-2022-39799 | An attacker with no prior authentication could craft and send malicious script to SAP GUI for HTML w... | | |
| CVE-2022-39800 | SAP BusinessObjects BI LaunchPad - versions 420, 430, is susceptible to script execution attack by a... | | |
| CVE-2022-39801 | SAP GRC Access control Emergency Access Management allows an authenticated attacker to access a Fire... | | |
| CVE-2022-39802 | SAP Manufacturing Execution - versions 15.1, 15.2, 15.3, allows an attacker to exploit insufficient ... | | |
| CVE-2022-39803 | Due to lack of proper memory management, when a victim opens a manipulated ACIS Part and Assembly (.... | | |
| CVE-2022-39804 | Due to lack of proper memory management, when a victim opens a manipulated SolidWorks Part (.sldprt,... | | |
| CVE-2022-39805 | Due to lack of proper memory management, when a victim opens a manipulated Computer Graphics Metafil... | | |
| CVE-2022-39806 | Due to lack of proper memory management, when a victim opens a manipulated SolidWorks Drawing (.sldd... | | |
| CVE-2022-39807 | Due to lack of proper memory management, when a victim opens manipulated SolidWorks Drawing (.sldasm... | | |
| CVE-2022-39808 | Due to lack of proper memory management, when a victim opens a manipulated Wavefront Object (.obj, O... | | |
| CVE-2022-39809 | An issue was discovered in WSO2 Enterprise Integrator 6.4.0. A Reflected Cross-Site Scripting (XSS) ... | | |
| CVE-2022-39810 | An issue was discovered in WSO2 Enterprise Integrator 6.4.0. A Reflected Cross-Site Scripting (XSS) ... | | |
| CVE-2022-39811 | Italtel NetMatch-S CI 5.2.0-20211008 has incorrect Access Control under NMSCI-WebGui/advancedsetting... | E | |
| CVE-2022-39812 | Italtel NetMatch-S CI 5.2.0-20211008 allows Absolute Path Traversal under NMSCI-WebGui/SaveFileUploa... | E | |
| CVE-2022-39813 | Italtel NetMatch-S CI 5.2.0-20211008 allows Multiple Reflected/Stored XSS issues under NMSCIWebGui/j... | E | |
| CVE-2022-39814 | In NOKIA 1350 OMS R14.2, an Open Redirect vulnerability occurs is the login page via next HTTP GET p... | | |
| CVE-2022-39815 | In NOKIA 1350 OMS R14.2, multiple OS Command Injection vulnerabilities occurs. This vulnerability al... | | |
| CVE-2022-39816 | In NOKIA 1350 OMS R14.2, Insufficiently Protected Credentials (cleartext administrator password) occ... | | |
| CVE-2022-39817 | In NOKIA 1350 OMS R14.2, multiple SQL Injection vulnerabilities occurs. Exploitation requires an aut... | | |
| CVE-2022-39818 | In NOKIA NFM-T R19.9, an OS Command Injection vulnerability occurs in /cgi-bin/R19.9/log.pl of the V... | E | |
| CVE-2022-39819 | In NOKIA 1350 OMS R14.2, multiple OS Command Injection vulnerabilities occurs. This allows authentic... | | |
| CVE-2022-39820 | In Network Element Manager in NOKIA NFM-T R19.9, an Unprotected Storage of Credentials vulnerability... | E | |
| CVE-2022-39821 | In NOKIA 1350 OMS R14.2, an Insertion of Sensitive Information into an Application Log File vulnerab... | | |
| CVE-2022-39822 | In NOKIA NFM-T R19.9, a SQL Injection vulnerability occurs in /cgi-bin/R19.9/easy1350.pl of the VM M... | E | |
| CVE-2022-39823 | An issue was discovered in Softing OPC UA C++ SDK 5.66 through 6.x before 6.10. An OPC/UA browse req... | M | |
| CVE-2022-39824 | Server-side JavaScript injection in Appsmith through 1.7.14 allows remote attackers to execute arbit... | E | |
| CVE-2022-39828 | sign_pFwInfo in Samsung mTower through 0.3.0 has a missing check on the return value of EC_KEY_set_p... | E | |
| CVE-2022-39829 | There is a NULL pointer dereference in aes256_encrypt in Samsung mTower through 0.3.0 due to a missi... | E | |
| CVE-2022-39830 | sign_pFwInfo in Samsung mTower through 0.3.0 has a missing check on the return value of EC_KEY_set_p... | E | |
| CVE-2022-39831 | An issue was discovered in PSPP 1.6.2. There is a heap-based buffer overflow at the function read_by... | E S | |
| CVE-2022-39832 | An issue was discovered in PSPP 1.6.2. There is a heap-based buffer overflow at the function read_st... | E | |
| CVE-2022-39833 | FileCloud Versions 20.2 and later allows remote attackers to potentially cause unauthorized remote c... | E | |
| CVE-2022-39834 | A stored XSS vulnerability was discovered in adminweb/ra/viewendentity.jsp in PrimeKey EJBCA through... | | |
| CVE-2022-39835 | An issue was discovered in Gajim through 1.4.7. The vulnerability allows attackers, via crafted XML ... | | |
| CVE-2022-39836 | An issue was discovered in Connected Vehicle Systems Alliance (COVESA) dlt-daemon through 2.18.8. Du... | E S | |
| CVE-2022-39837 | An issue was discovered in Connected Vehicle Systems Alliance (COVESA) dlt-daemon through 2.18.8. Du... | E S | |
| CVE-2022-39838 | Systematic FIX Adapter (ALFAFX) 2.4.0.25 13/09/2017 allows remote file inclusion via a UNC share pat... | E | |
| CVE-2022-39839 | Cotonti Siena 0.9.20 allows admins to conduct stored XSS attacks via a forum post.... | E | |
| CVE-2022-39840 | Cotonti Siena 0.9.20 allows admins to conduct stored XSS attacks via a direct message (DM).... | E | |
| CVE-2022-39842 | An issue was discovered in the Linux kernel before 5.19. In pxa3xx_gcu_write in drivers/video/fbdev/... | S | |
| CVE-2022-39843 | 123elf Lotus 1-2-3 before 1.0.0rc3 for Linux, and Lotus 1-2-3 R3 for UNIX and other platforms throug... | E | |
| CVE-2022-39844 | Improper validation of integrity check vulnerability in Smart Switch PC prior to version 4.3.22083 a... | | |
| CVE-2022-39845 | Improper validation of integrity check vulnerability in Samsung Kies prior to version 2.6.4.22074 al... | | |
| CVE-2022-39846 | DLL hijacking vulnerability in Smart Switch PC prior to version 4.3.22083_3 allows attacker to execu... | | |
| CVE-2022-39847 | Use after free vulnerability in set_nft_pid and signal_handler function of NFC driver prior to SMR O... | | |
| CVE-2022-39848 | Exposure of sensitive information in AT_Distributor prior to SMR Oct-2022 Release 1 allows local att... | | |
| CVE-2022-39849 | Improper access control in knox_vpn_policy service prior to SMR Oct-2022 Release 1 allows allows una... | | |
| CVE-2022-39850 | Improper access control in mum_container_policy service prior to SMR Oct-2022 Release 1 allows allow... | | |
| CVE-2022-39851 | Improper access control vulnerability in CocktailBarService prior to SMR Oct-2022 Release 1 allows l... | | |
| CVE-2022-39852 | A heap-based overflow vulnerability in makeContactAGIF in libagifencoder.quram.so library prior to S... | | |
| CVE-2022-39853 | A use after free vulnerability in perf-mgr driver prior to SMR Oct-2022 Release 1 allows attacker to... | | |
| CVE-2022-39854 | Improper protection in IOMMU prior to SMR Oct-2022 Release 1 allows unauthorized access to secure me... | | |
| CVE-2022-39855 | Improper access control vulnerability in FACM application prior to SMR Oct-2022 Release 1 allows a l... | | |
| CVE-2022-39856 | Improper access control vulnerability in imsservice application prior to SMR Oct-2022 Release 1 allo... | | |
| CVE-2022-39857 | Improper access control vulnerability in CameraTestActivity in FactoryCameraFB prior to version 3.5.... | | |
| CVE-2022-39858 | Path traversal vulnerability in AtBroadcastReceiver in FactoryCamera prior to version 3.5.51 allows ... | | |
| CVE-2022-39859 | Implicit intent hijacking vulnerability in UPHelper library prior to version 3.0.12 allows attackers... | | |
| CVE-2022-39860 | Improper access control vulnerability in QuickShare prior to version 13.2.3.5 allows attackers to ac... | | |
| CVE-2022-39861 | Unprotected Receiver in AtBroadcastReceiver in FactoryCamera prior to version 3.5.51 allows attacker... | | |
| CVE-2022-39862 | Improper authorization in Dynamic Lockscreen prior to SMR Sep-2022 Release 1 in Android R(11) and 3.... | | |
| CVE-2022-39863 | Intent redirection vulnerability in Samsung Account prior to version 13.5.01.3 allows attackers to a... | | |
| CVE-2022-39864 | Improper access control vulnerability in WifiSetupLaunchHelper in SmartThings prior to version 1.7.8... | | |
| CVE-2022-39865 | Improper access control vulnerability in ContentsSharingActivity.java SmartThings prior to version 1... | | |
| CVE-2022-39866 | Improper access control vulnerability in RegisteredEventMediator.kt SmartThings prior to version 1.7... | | |
| CVE-2022-39867 | Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version ... | | |
| CVE-2022-39868 | Improper access control vulnerability in GedSamsungAccount.kt SmartThings prior to version 1.7.89.0 ... | | |
| CVE-2022-39869 | Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version ... | | |
| CVE-2022-39870 | Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version ... | | |
| CVE-2022-39871 | Improper access control vulnerability cloudNotificationManager.java in SmartThings prior to version ... | | |
| CVE-2022-39872 | Improper restriction of broadcasting Intent in ShareLive prior to version 13.2.03.5 leaks MAC addres... | | |
| CVE-2022-39873 | Improper authorization vulnerability in Samsung Internet prior to version 18.0.4.14 allows physical ... | | |
| CVE-2022-39874 | Sensitive log information leakage vulnerability in Samsung Account prior to version 13.5.0 allows at... | | |
| CVE-2022-39875 | Improper component protection vulnerability in Samsung Account prior to version 13.5.0 allows attack... | | |
| CVE-2022-39876 | Insertion of Sensitive Information into Log in PushRegIdUpdateClient of SReminder prior to 8.2.01.13... | | |
| CVE-2022-39877 | Improper access control vulnerability in ProfileSharingAccount in Group Sharing prior to versions 13... | | |
| CVE-2022-39878 | Improper access control vulnerability in Samsung Checkout prior to version 5.0.55.3 allows attackers... | | |
| CVE-2022-39879 | Improper authorization vulnerability in?CallBGProvider prior to SMR Nov-2022 Release 1 allows local ... | | |
| CVE-2022-39880 | Improper input validation vulnerability in DualOutFocusViewer prior to SMR Nov-2022 Release 1 allows... | | |
| CVE-2022-39881 | Improper input validation vulnerability for processing SIB12 PDU in Exynos modems prior to SMR Sep-2... | | |
| CVE-2022-39882 | Heap overflow vulnerability in sflacf_fal_bytes_peek function in libsmat.so library prior to SMR Nov... | | |
| CVE-2022-39883 | Improper authorization vulnerability in StorageManagerService prior to SMR Nov-2022 Release 1 allows... | | |
| CVE-2022-39884 | Improper access control vulnerability in IImsService prior to SMR Nov-2022 Release 1 allows local at... | | |
| CVE-2022-39885 | Improper access control vulnerability in BootCompletedReceiver_CMCC in DeviceManagement prior to SMR... | | |
| CVE-2022-39886 | Improper access control vulnerability in IpcRxServiceModeBigDataInfo in RIL prior to SMR Nov-2022 Re... | | |
| CVE-2022-39887 | Improper access control vulnerability in clearAllGlobalProxy in MiscPolicy prior to SMR Nov-2022 Rel... | | |
| CVE-2022-39889 | Improper access control vulnerability in GalaxyWatch4Plugin prior to versions 2.2.11.22101351 and 2.... | | |
| CVE-2022-39890 | Improper Authorization in Samsung Billing prior to version 5.0.56.0 allows attacker to get sensitive... | | |
| CVE-2022-39891 | Heap overflow vulnerability in parse_pce function in libsavsaudio.so in Editor Lite prior to version... | | |
| CVE-2022-39892 | Improper access control in Samsung Pass prior to version 4.0.05.1 allows attackers to unauthenticate... | | |
| CVE-2022-39893 | Sensitive information exposure vulnerability in FmmBaseModel in Galaxy Buds Pro Manage prior to vers... | | |
| CVE-2022-39894 | Improper access control vulnerability in ContactListStartActivityHelper in Phone prior to SMR Dec-20... | | |
| CVE-2022-39895 | Improper access control vulnerability in ContactListUtils in Phone prior to SMR Dec-2022 Release 1 a... | | |
| CVE-2022-39896 | Improper access control vulnerabilities in Contacts prior to SMR Dec-2022 Release 1 allows to access... | | |
| CVE-2022-39897 | Exposure of Sensitive Information vulnerability in kernel prior to SMR Dec-2022 Release 1 allows att... | | |
| CVE-2022-39898 | Improper access control vulnerability in IIccPhoneBook prior to SMR Dec-2022 Release 1 allows attack... | | |
| CVE-2022-39899 | Improper authentication vulnerability in Samsung WindowManagerService prior to SMR Dec-2022 Release ... | | |
| CVE-2022-39900 | Improper access control vulnerability in Nice Catch prior to SMR Dec-2022 Release 1 allows physical ... | | |
| CVE-2022-39901 | Improper authentication in Exynos baseband prior to SMR DEC-2022 Release 1 allows remote attacker to... | | |
| CVE-2022-39902 | Improper authorization in Exynos baseband prior to SMR DEC-2022 Release 1 allows remote attacker to ... | | |
| CVE-2022-39903 | Improper access control vulnerability in RCS call prior to SMR Dec-2022 Release 1 allows local attac... | | |
| CVE-2022-39904 | Exposure of Sensitive Information vulnerability in Samsung Settings prior to SMR Dec-2022 Release 1 ... | | |
| CVE-2022-39905 | Implicit intent hijacking vulnerability in Telecom application prior to SMR Dec-2022 Release 1 allow... | | |
| CVE-2022-39906 | Improper access control vulnerability in SecTelephonyProvider prior to SMR Dec-2022 Release 1 allows... | | |
| CVE-2022-39907 | Integer overflow vulnerability in Samsung decoding library for video thumbnails prior to SMR Dec-202... | | |
| CVE-2022-39908 | TOCTOU vulnerability in Samsung decoding library for video thumbnails prior to SMR Dec-2022 Release ... | | |
| CVE-2022-39909 | Insufficient verification of data authenticity vulnerability in Samsung Gear IconX PC Manager prior ... | | |
| CVE-2022-39910 | Improper access control vulnerability in Samsung Pass prior to version 4.0.06.7 allow physical attac... | | |
| CVE-2022-39911 | Improper check or handling of exceptional conditions vulnerability in Samsung Pass prior to version ... | | |
| CVE-2022-39912 | Improper handling of insufficient permissions vulnerability in setSecureFolderPolicy in PersonaManag... | | |
| CVE-2022-39913 | Exposure of Sensitive Information to an Unauthorized Actor in Persona Manager prior to Android T(13)... | | |
| CVE-2022-39914 | Exposure of Sensitive Information from an Unauthorized Actor vulnerability in Samsung DisplayManager... | | |
| CVE-2022-39915 | Improper access control vulnerability in Calendar prior to versions 11.6.08.0 in Android Q(10), 12.2... | | |
| CVE-2022-39916 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-39917 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-39918 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-39919 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-39920 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-39921 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-39922 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-39923 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-39924 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-39925 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-39926 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-39927 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-39928 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-39929 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-39930 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-39931 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-39932 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-39933 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-39934 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-39935 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-39936 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-39937 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-39938 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-39939 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-39940 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-39941 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-39942 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-39943 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-39944 | The Apache Linkis JDBC EngineConn module has a RCE Vulnerability | M | |
| CVE-2022-39945 | An improper access control vulnerability [CWE-284] in FortiMail 7.2.0, 7.0.0 through 7.0.3, 6.4 all ... | | |
| CVE-2022-39946 | An access control vulnerability [CWE-284] in FortiNAC version 9.4.2 and below, version 9.2.7 and bel... | S | |
| CVE-2022-39947 | A improper neutralization of special elements used in an os command ('os command injection') in Fort... | S | |
| CVE-2022-39948 | An improper certificate validation vulnerability [CWE-295] in FortiOS 7.2.0 through 7.2.3, 7.0.0 thr... | S | |
| CVE-2022-39949 | An improper control of a resource through its lifetime vulnerability [CWE-664] in FortiEDR Collector... | | |
| CVE-2022-39950 | An improper neutralization of input during web page generation vulnerability [CWE-79] exists in Fort... | | |
| CVE-2022-39951 | A improper neutralization of special elements used in an os command ('os command injection') in Fort... | S | |
| CVE-2022-39952 | A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.... | S | |
| CVE-2022-39953 | A improper privilege management in Fortinet FortiNAC version 9.4.0 through 9.4.1, FortiNAC version 9... | S | |
| CVE-2022-39954 | An improper restriction of xml external entity reference in Fortinet FortiNAC version 9.4.0 through ... | S | |
| CVE-2022-39955 | Partial rule set bypass in OWASP ModSecurity Core Rule Set by submitting a specially crafted HTTP Content-Type header | S | |
| CVE-2022-39956 | Partial rule set bypass in OWASP ModSecurity Core Rule Set for HTTP multipart requests using character encoding in the Content-Type or Content-Transfer-Encoding header | S | |
| CVE-2022-39957 | Response body bypass in OWASP ModSecurity Core Rule Set via a specialy crafted charset in the HTTP Accept header | S | |
| CVE-2022-39958 | Response body bypass in OWASP ModSecurity Core Rule Set via repeated HTTP Range header submission with a small byte range | S | |
| CVE-2022-39959 | Panini Everest Engine 2.0.4 allows unprivileged users to create a file named Everest.exe in the %PRO... | | |
| CVE-2022-39960 | The Netic Group Export add-on before 1.0.3 for Atlassian Jira does not perform authorization checks.... | E | |
| CVE-2022-39974 | WASM3 v0.5.0 was discovered to contain a segmentation fault via the component op_Select_i32_srs in w... | E | |
| CVE-2022-39975 | The Layout module in Liferay Portal v7.3.3 through v7.4.3.34, and Liferay DXP 7.3 before update 10, ... | S | |
| CVE-2022-39976 | School Activity Updates with SMS Notification v1.0 was discovered to contain a SQL injection vulnera... | E | |
| CVE-2022-39977 | Online Pet Shop We App v1.0 was discovered to contain an arbitrary file upload vulnerability via the... | E | |
| CVE-2022-39978 | Online Pet Shop We App v1.0 was discovered to contain an arbitrary file upload vulnerability via the... | E | |
| CVE-2022-39983 | File upload vulnerability in Instantdeveloper RD3 22.0.8500, allows attackers to execute arbitrary c... | E | |
| CVE-2022-39986 | A Command injection vulnerability in RaspAP 2.8.0 thru 2.8.7 allows unauthenticated attackers to exe... | | |
| CVE-2022-39987 | A Command injection vulnerability in RaspAP 2.8.0 thru 2.9.2 allows an authenticated attacker to exe... | | |
| CVE-2022-39988 | A cross-site scripting (XSS) vulnerability in Centreon 22.04.0 allows attackers to execute arbitrary... | E | |
| CVE-2022-39989 | An issue was discovered in Fighting Cock Information System 1.0, which uses default credentials, but... | | |
| CVE-2022-39996 | Cross Site Scripting vulnerability in Teldats Router RS123, RS123w allows attacker to execute arbitr... | E | |
| CVE-2022-39997 | A weak password requirement issue was discovered in Teldats Router RS123, RS123w allows a remote att... | |