| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2022-42000 | Potential XSS in comment section | S | |
| CVE-2022-42001 | Potential XSS in book navigation | S | |
| CVE-2022-42002 | SonicJS through 0.6.0 allows file overwrite. It has the following mutations that are used for updati... | E | |
| CVE-2022-42003 | In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur ... | E S | |
| CVE-2022-42004 | In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a ch... | E S | |
| CVE-2022-42009 | Apache Ambari: A malicious authenticated user can remotely execute arbitrary code in the context of the application. | | |
| CVE-2022-42010 | An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before ... | E S | |
| CVE-2022-42011 | An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before ... | E S | |
| CVE-2022-42012 | An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before ... | E S | |
| CVE-2022-42021 | Best Student Result Management System v1.0 is vulnerable to SQL Injection via /upresult/upresult/not... | E | |
| CVE-2022-42029 | Chamilo 1.11.16 is affected by an authenticated local file inclusion vulnerability which allows auth... | | |
| CVE-2022-42034 | Wedding Planner v1.0 is vulnerable to arbitrary code execution via users_profile.php.... | E | |
| CVE-2022-42036 | The d8s-urls package for Python, as distributed on PyPI, included a potential code-execution backdoo... | E | |
| CVE-2022-42037 | The d8s-asns package for Python, as distributed on PyPI, included a potential code-execution backdoo... | E | |
| CVE-2022-42038 | The d8s-ip-addresses package for Python, as distributed on PyPI, included a potential code-execution... | E | |
| CVE-2022-42039 | The d8s-lists package for Python, as distributed on PyPI, included a potential code-execution backdo... | E | |
| CVE-2022-42040 | The d8s-algorithms package for Python, as distributed on PyPI, included a potential code-execution b... | E | |
| CVE-2022-42041 | The d8s-file-system package for Python, as distributed on PyPI, included a potential code-execution ... | E | |
| CVE-2022-42042 | The d8s-networking package for Python, as distributed on PyPI, included a potential code-execution b... | E | |
| CVE-2022-42043 | The d8s-xml package for Python, as distributed on PyPI, included a potential code-execution backdoor... | E | |
| CVE-2022-42044 | The d8s-asns package for Python, as distributed on PyPI, included a potential code-execution backdoo... | E | |
| CVE-2022-42045 | Certain Zemana products are vulnerable to Arbitrary code injection. This affects Watchdog Anti-Malwa... | | |
| CVE-2022-42046 | wfshbr64.sys and wfshbr32.sys specially crafted IOCTL allows arbitrary user to perform local privile... | E S | |
| CVE-2022-42053 | Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a command injection vul... | E | |
| CVE-2022-42054 | Multiple stored cross-site scripting (XSS) vulnerabilities in GL.iNet GoodCloud IoT Device Managemen... | E | |
| CVE-2022-42055 | Multiple command injection vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version... | E | |
| CVE-2022-42058 | Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a stack overflow via th... | E | |
| CVE-2022-42060 | Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a stack overflow via th... | E | |
| CVE-2022-42064 | Online Diagnostic Lab Management System version 1.0 remote exploit that bypasses login with SQL inje... | E | |
| CVE-2022-42066 | Online Examination System version 1.0 suffers from a cross site scripting vulnerability via index.ph... | E | |
| CVE-2022-42067 | Online Birth Certificate Management System version 1.0 suffers from an Insecure Direct Object Refere... | E | |
| CVE-2022-42069 | Online Birth Certificate Management System version 1.0 suffers from a persistent Cross Site Scriptin... | E | |
| CVE-2022-42070 | Online Birth Certificate Management System version 1.0 is vulnerable to Cross Site Request Forgery (... | E | |
| CVE-2022-42071 | Online Birth Certificate Management System version 1.0 suffers from a Cross Site Scripting (XSS) Vul... | E | |
| CVE-2022-42073 | Online Diagnostic Lab Management System v1.0 is vulnerable to SQL Injection via /diagnostic/editclie... | E | |
| CVE-2022-42074 | Online Diagnostic Lab Management System v1.0 is vulnerable to SQL Injection via /diagnostic/editcate... | E | |
| CVE-2022-42075 | Wedding Planner v1.0 is vulnerable to arbitrary code execution.... | E | |
| CVE-2022-42077 | Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 is vulnerable to Cross Site Request Forgery (C... | E | |
| CVE-2022-42078 | Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 is vulnerable to Cross Site Request Forgery (C... | E | |
| CVE-2022-42079 | Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 was discovered to contain a stack overflow via... | E | |
| CVE-2022-42080 | Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 was discovered to contain a heap overflow via ... | E | |
| CVE-2022-42081 | Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 was discovered to contain a stack overflow via... | E | |
| CVE-2022-42086 | Tenda AX1803 US_AX1803v2.0br_v1.0.0.1_2994_CN_ZGYD01_4 is vulnerable to Cross Site Request Forgery (... | E | |
| CVE-2022-42087 | Tenda AX1803 US_AX1803v2.0br_v1.0.0.1_2994_CN_ZGYD01_4 is vulnerable to Cross Site Request Forgery (... | E | |
| CVE-2022-42092 | Backdrop CMS 1.22.0 has Unrestricted File Upload vulnerability via 'themes' that allows attackers to... | E | |
| CVE-2022-42094 | Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerabil... | E | |
| CVE-2022-42095 | Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerabil... | E | |
| CVE-2022-42096 | Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerabil... | E | |
| CVE-2022-42097 | Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerabil... | E | |
| CVE-2022-42098 | KLiK SocialMediaWebsite version v1.0.1 is vulnerable to SQL Injection via the profile.php.... | E | |
| CVE-2022-42099 | KLiK SocialMediaWebsite Version 1.0.1 has XSS vulnerabilities that allow attackers to store XSS via ... | E | |
| CVE-2022-42100 | KLiK SocialMediaWebsite Version 1.0.1 has XSS vulnerabilities that allow attackers to store XSS via ... | E | |
| CVE-2022-42109 | Online-shopping-system-advanced 1.0 was discovered to contain a SQL injection vulnerability via the ... | | |
| CVE-2022-42110 | A Cross-site scripting (XSS) vulnerability in the Announcements module in Liferay Portal 7.1.0 throu... | | |
| CVE-2022-42111 | A Cross-site scripting (XSS) vulnerability in the Sharing module's user notification in Liferay Port... | | |
| CVE-2022-42112 | A Cross-site scripting (XSS) vulnerability in the Portal Search module's Sort widget in Liferay Port... | S | |
| CVE-2022-42113 | A Cross-site scripting (XSS) vulnerability in Document Library module in Liferay Portal 7.4.3.30 thr... | S | |
| CVE-2022-42114 | A Cross-site scripting (XSS) vulnerability in the Role module's edit role assignees page in Liferay ... | S | |
| CVE-2022-42115 | Cross-site scripting (XSS) vulnerability in the Object module's edit object details page in Liferay ... | S | |
| CVE-2022-42116 | A Cross-site scripting (XSS) vulnerability in the Frontend Editor module's integration with CKEditor... | S | |
| CVE-2022-42117 | A Cross-site scripting (XSS) vulnerability in the Frontend Taglib module in Liferay Portal 7.3.2 thr... | S | |
| CVE-2022-42118 | A Cross-site scripting (XSS) vulnerability in the Portal Search module in Liferay Portal 7.1.0 throu... | | |
| CVE-2022-42119 | Certain Liferay products are vulnerable to Cross Site Scripting (XSS) via the Commerce module. This ... | | |
| CVE-2022-42120 | A SQL injection vulnerability in the Fragment module in Liferay Portal 7.3.3 through 7.4.3.16, and L... | | |
| CVE-2022-42121 | A SQL injection vulnerability in the Layout module in Liferay Portal 7.1.3 through 7.4.3.4, and Life... | | |
| CVE-2022-42122 | A SQL injection vulnerability in the Friendly Url module in Liferay Portal 7.3.7, and Liferay DXP 7.... | | |
| CVE-2022-42123 | A Zip slip vulnerability in the Elasticsearch Connector in Liferay Portal 7.3.3 through 7.4.3.18, an... | | |
| CVE-2022-42124 | ReDoS vulnerability in LayoutPageTemplateEntryUpgradeProcess in Liferay Portal 7.3.2 through 7.4.3.4... | | |
| CVE-2022-42125 | Zip slip vulnerability in FileUtil.unzip in Liferay Portal 7.4.3.5 through 7.4.3.35 and Liferay DXP ... | | |
| CVE-2022-42126 | The Asset Libraries module in Liferay Portal 7.3.5 through 7.4.3.28, and Liferay DXP 7.3 before upda... | | |
| CVE-2022-42127 | The Friendly Url module in Liferay Portal 7.4.3.5 through 7.4.3.36, and Liferay DXP 7.4 update 1 tho... | | |
| CVE-2022-42128 | The Hypermedia REST APIs module in Liferay Portal 7.4.1 through 7.4.3.4, and Liferay DXP 7.4 GA does... | | |
| CVE-2022-42129 | An Insecure direct object reference (IDOR) vulnerability in the Dynamic Data Mapping module in Lifer... | | |
| CVE-2022-42130 | The Dynamic Data Mapping module in Liferay Portal 7.1.0 through 7.4.3.4, and Liferay DXP 7.1 before ... | | |
| CVE-2022-42131 | Certain Liferay products are affected by: Missing SSL Certificate Validation in the Dynamic Data Map... | | |
| CVE-2022-42132 | The Test LDAP Users functionality in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.0 fix p... | | |
| CVE-2022-42136 | Authenticated mail users, under specific circumstances, could add files with unsanitized content in ... | | |
| CVE-2022-42139 | Delta Electronics DVW-W02W2-E2 1.5.0.10 is vulnerable to Command Injection via Crafted URL.... | E | |
| CVE-2022-42140 | Delta Electronics DX-2100-L1-CN 2.42 is vulnerable to Command Injection via lform/net_diagnose.... | E | |
| CVE-2022-42141 | Delta Electronics DX-2100-L1-CN 2.42 is vulnerable to Cross Site Scripting (XSS) via lform/urlfilter... | E | |
| CVE-2022-42142 | Online Tours & Travels Management System v1.0 is vulnerable to Arbitrary code execution via ip/tour/... | E | |
| CVE-2022-42143 | Open Source SACCO Management System v1.0 is vulnerable to SQL Injection via /sacco_shield/manage_pay... | E | |
| CVE-2022-42147 | kkFileView 4.0 is vulnerable to Cross Site Scripting (XSS) via controller\ Filecontroller.java.... | | |
| CVE-2022-42149 | kkFileView 4.0 is vulnerable to Server-side request forgery (SSRF) via controller\OnlinePreviewContr... | | |
| CVE-2022-42150 | TinyLab linux-lab v1.1-rc1 and cloud-labv0.8-rc2, v1.1-rc1 are vulnerable to insecure permissions. T... | E S | |
| CVE-2022-42154 | An arbitrary file upload vulnerability in the component /apiadmin/upload/attach of 74cmsSE v3.13.0 a... | E | |
| CVE-2022-42156 | D-Link COVR 1200,1203 v1.08 was discovered to contain a command injection vulnerability via the tomo... | E | |
| CVE-2022-42159 | D-Link COVR 1200,1202,1203 v1.08 was discovered to have a predictable seed in a Pseudo-Random Number... | E | |
| CVE-2022-42160 | D-Link COVR 1200,1202,1203 v1.08 was discovered to contain a command injection vulnerability via the... | E | |
| CVE-2022-42161 | D-Link COVR 1200,1202,1203 v1.08 was discovered to contain a command injection vulnerability via the... | E | |
| CVE-2022-42163 | Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/fromNatStaticSetting.... | E | |
| CVE-2022-42164 | Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetClientState.... | E | |
| CVE-2022-42165 | Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetDeviceName.... | E | |
| CVE-2022-42166 | Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetSpeedWan.... | E | |
| CVE-2022-42167 | Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetFirewallCfg.... | E | |
| CVE-2022-42168 | Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/fromSetIpMacBind.... | E | |
| CVE-2022-42169 | Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/addWifiMacFilter.... | E | |
| CVE-2022-42170 | Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formWifiWpsStart.... | E | |
| CVE-2022-42171 | Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/saveParentControlInfo.... | E | |
| CVE-2022-42175 | Insecure Direct Object Reference vulnerability in WHMCS module SolusVM 1 4.1.2 allows an attacker to... | | |
| CVE-2022-42176 | In PCTechSoft PCSecure V5.0.8.xw, use of Hard-coded Credentials in configuration files leads to admi... | E | |
| CVE-2022-42182 | Precisely Spectrum Spatial Analyst 20.01 is vulnerable to Directory Traversal.... | E S | |
| CVE-2022-42183 | Precisely Spectrum Spatial Analyst 20.01 is vulnerable to Server-Side Request Forgery (SSRF).... | E S | |
| CVE-2022-42187 | Hustoj 22.09.22 has a XSS Vulnerability in /admin/problem_judge.php.... | E | |
| CVE-2022-42188 | In Lavalite 9.0.0, the XSRF-TOKEN cookie is vulnerable to path traversal attacks, enabling read acce... | E | |
| CVE-2022-42189 | Emlog Pro 1.6.0 plugins upload suffers from a remote code execution (RCE) vulnerability.... | E | |
| CVE-2022-42197 | In Simple Exam Reviewer Management System v1.0 the User List function has improper access control th... | E | |
| CVE-2022-42198 | In Simple Exam Reviewer Management System v1.0 the User List function suffers from insecure file upl... | E | |
| CVE-2022-42199 | Simple Exam Reviewer Management System v1.0 is vulnerable to Cross Site Request Forgery (CSRF) via t... | E | |
| CVE-2022-42200 | Simple Exam Reviewer Management System v1.0 is vulnerable to Stored Cross Site Scripting (XSS) via t... | E | |
| CVE-2022-42201 | Simple Exam Reviewer Management System v1.0 is vulnerable to Insecure file upload.... | E | |
| CVE-2022-42202 | TP-Link TL-WR841N 8.0 4.17.16 Build 120201 Rel.54750n is vulnerable to Cross Site Scripting (XSS).... | E | |
| CVE-2022-42205 | PHPGurukul Hospital Management System In PHP V 4.0 is vulnerable to Cross Site Scripting (XSS) via a... | E | |
| CVE-2022-42206 | PHPGurukul Hospital Management System In PHP V 4.0 is vulnerable to Cross Site Scripting (XSS) via d... | E | |
| CVE-2022-42218 | Open Source SACCO Management System v1.0 vulnerable to SQL Injection via /sacco_shield/manage_loan.p... | E | |
| CVE-2022-42221 | Netgear R6220 v1.1.0.114_1.0.1 suffers from Incorrect Access Control, resulting in a command injecti... | E | |
| CVE-2022-42225 | Jumpserver 2.10.0 <= version <= 2.26.0 contains multiple stored XSS vulnerabilities because of impro... | E S | |
| CVE-2022-42227 | jsonlint 1.0 is vulnerable to heap-buffer-overflow via /home/hjsz/jsonlint/src/lexer.... | E | |
| CVE-2022-42229 | Wedding Planner v1.0 is vulnerable to Arbitrary code execution via package_edit.php.... | E | |
| CVE-2022-42230 | Simple Cold Storage Management System v1.0 is vulnerable to SQL Injection via /csms/admin/?page=user... | | |
| CVE-2022-42232 | Simple Cold Storage Management System v1.0 is vulnerable to SQL Injection via /csms/classes/Master.p... | E | |
| CVE-2022-42233 | Tenda 11N with firmware version V5.07.33_cn suffers from an Authentication Bypass vulnerability.... | E | |
| CVE-2022-42234 | There is a file inclusion vulnerability in the template management module in UCMS 1.6... | E | |
| CVE-2022-42235 | A Stored XSS issue in Student Clearance System v.1.0 allows the injection of arbitrary JavaScript in... | E | |
| CVE-2022-42236 | A Stored XSS issue in Merchandise Online Store v.1.0 allows to injection of Arbitrary JavaScript in ... | | |
| CVE-2022-42237 | A SQL Injection issue in Merchandise Online Store v.1.0 allows an attacker to log in to the admin ac... | E | |
| CVE-2022-42238 | A Vertical Privilege Escalation issue in Merchandise Online Store v.1.0 allows an attacker to get ac... | E | |
| CVE-2022-42241 | Simple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/classes/Master.p... | E | |
| CVE-2022-42242 | Simple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/classes/Master.p... | E | |
| CVE-2022-42243 | Simple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/admin/storages/m... | E | |
| CVE-2022-42245 | Dreamer CMS 4.0.01 is vulnerable to SQL Injection.... | E | |
| CVE-2022-42246 | Doufox 0.0.4 contains a CSRF vulnerability that can add system administrator account.... | E | |
| CVE-2022-42247 | pfSense v2.5.2 was discovered to contain a cross-site scripting (XSS) vulnerability in the browser.p... | E S | |
| CVE-2022-42248 | QlikView 12.60.2 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the ... | | |
| CVE-2022-42249 | Simple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/admin/storages/v... | E | |
| CVE-2022-42250 | Simple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/admin/inquiries/... | E | |
| CVE-2022-42252 | Apache Tomcat request smuggling via malformed content-length | | |
| CVE-2022-42254 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), w... | | |
| CVE-2022-42255 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), w... | | |
| CVE-2022-42256 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), w... | | |
| CVE-2022-42257 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), w... | | |
| CVE-2022-42258 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), w... | | |
| CVE-2022-42259 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), w... | | |
| CVE-2022-42260 | NVIDIA vGPU Display Driver for Linux guest contains a vulnerability in a D-Bus configuration file, w... | | |
| CVE-2022-42261 | NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where an inp... | | |
| CVE-2022-42262 | NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where an inp... | | |
| CVE-2022-42263 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where... | | |
| CVE-2022-42264 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where an unpr... | | |
| CVE-2022-42265 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), w... | | |
| CVE-2022-42266 | NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sy... | | |
| CVE-2022-42267 | NVIDIA GPU Display Driver for Windows contains a vulnerability where a regular user can cause an out... | | |
| CVE-2022-42268 | Omniverse Kit contains a vulnerability in the reference applications Create, Audio2Face, Isaac Sim,... | | |
| CVE-2022-42269 | NVIDIA Trusted OS contains a vulnerability in an SMC call handler, where failure to validate untrust... | | |
| CVE-2022-42270 | NVIDIA distributions of Linux contain a vulnerability in nvdla_emu_task_submit, where unvalidated in... | | |
| CVE-2022-42271 | NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer... | | |
| CVE-2022-42272 | NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer... | | |
| CVE-2022-42273 | NVIDIA BMC contains a vulnerability in libwebsocket, where an authorized attacker can cause a buffer... | | |
| CVE-2022-42274 | NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer... | | |
| CVE-2022-42275 | NVIDIA BMC IPMI handler allows an unauthenticated host to write to a host SPI flash bypassing secure... | | |
| CVE-2022-42276 | NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmiFlash, where a local user with elevated ... | | |
| CVE-2022-42277 | NVIDIA DGX Station contains a vulnerability in SBIOS in the SmiFlash, where a local user with elevat... | | |
| CVE-2022-42278 | NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can read and write... | | |
| CVE-2022-42279 | NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitra... | | |
| CVE-2022-42280 | NVIDIA BMC contains a vulnerability in SPX REST auth handler, where an un-authorized attacker can ex... | | |
| CVE-2022-42281 | NVIDIA DGX A100 contains a vulnerability in SBIOS in the FsRecovery, which may allow a highly privil... | | |
| CVE-2022-42282 | NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can access arbitra... | | |
| CVE-2022-42283 | NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer... | | |
| CVE-2022-42284 | NVIDIA BMC stores user passwords in an obfuscated form in a database accessible by the host. This ma... | | |
| CVE-2022-42285 | DGX A100 SBIOS contains a vulnerability in the Pre-EFI Initialization (PEI)phase, where a privileged... | | |
| CVE-2022-42286 | DGX A100 SBIOS contains a vulnerability in Bds, which may lead to code execution, denial of service,... | | |
| CVE-2022-42287 | NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can upload and dow... | | |
| CVE-2022-42288 | NVIDIA BMC contains a vulnerability in IPMI handler, where an unauthorized attacker can use certain ... | | |
| CVE-2022-42289 | NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitra... | | |
| CVE-2022-42290 | NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitra... | | |
| CVE-2022-42291 | NVIDIA GeForce Experience contains a vulnerability in the installer, where a user installing the NV... | | |
| CVE-2022-42292 | NVIDIA GeForce Experience contains a vulnerability in the NVContainer component, where a user witho... | | |
| CVE-2022-42293 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2022-42294 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2022-42295 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2022-42296 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2022-42297 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2022-42298 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2022-42299 | An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetB... | S | |
| CVE-2022-42300 | An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetB... | S | |
| CVE-2022-42301 | An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetB... | S | |
| CVE-2022-42302 | An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBacku... | S | |
| CVE-2022-42303 | An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBacku... | S | |
| CVE-2022-42304 | An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBacku... | S | |
| CVE-2022-42305 | An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetB... | S | |
| CVE-2022-42306 | An issue was discovered in Veritas NetBackup through 8.2 and related Veritas products. An attacker w... | S | |
| CVE-2022-42307 | An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetB... | S | |
| CVE-2022-42308 | An issue was discovered in Veritas NetBackup through 8.2 and related Veritas products. An attacker w... | S | |
| CVE-2022-42309 | Xenstore: Guests can crash xenstored Due to a bug in the fix of XSA-115 a malicious guest can cause ... | S | |
| CVE-2022-42310 | Xenstore: Guests can create orphaned Xenstore nodes By creating multiple nodes inside a transaction ... | S | |
| CVE-2022-42311 | Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multipl... | S | |
| CVE-2022-42312 | Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multipl... | S | |
| CVE-2022-42313 | Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multipl... | S | |
| CVE-2022-42314 | Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multipl... | S | |
| CVE-2022-42315 | Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multipl... | S | |
| CVE-2022-42316 | Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multipl... | S | |
| CVE-2022-42317 | Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multipl... | S | |
| CVE-2022-42318 | Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multipl... | S | |
| CVE-2022-42319 | Xenstore: Guests can cause Xenstore to not free temporary memory When working on a request of a gues... | S | |
| CVE-2022-42320 | Xenstore: Guests can get access to Xenstore nodes of deleted domains Access rights of Xenstore nodes... | S | |
| CVE-2022-42321 | Xenstore: Guests can crash xenstored via exhausting the stack Xenstored is using recursion for some ... | S | |
| CVE-2022-42322 | Xenstore: Cooperating guests can create arbitrary numbers of nodes T[his CNA information record rela... | S | |
| CVE-2022-42323 | Xenstore: Cooperating guests can create arbitrary numbers of nodes T[his CNA information record rela... | S | |
| CVE-2022-42324 | Oxenstored 32->31 bit integer truncation issues Integers in Ocaml are 63 or 31 bits of signed precis... | S | |
| CVE-2022-42325 | Xenstore: Guests can create arbitrary number of nodes via transactions T[his CNA information record ... | S | |
| CVE-2022-42326 | Xenstore: Guests can create arbitrary number of nodes via transactions T[his CNA information record ... | S | |
| CVE-2022-42327 | x86: unintended memory sharing between guests On Intel systems that support the "virtualize APIC acc... | S | |
| CVE-2022-42328 | Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple... | S | |
| CVE-2022-42329 | Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple... | S | |
| CVE-2022-42330 | Guests can cause Xenstore crash via soft reset When a guest issues a "Soft Reset" (e.g. for performi... | | |
| CVE-2022-42331 | x86: speculative vulnerability in 32bit SYSCALL path Due to an oversight in the very original Spectr... | | |
| CVE-2022-42332 | x86 shadow plus log-dirty mode use-after-free In environments where host assisted address translatio... | | |
| CVE-2022-42333 | x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; ... | | |
| CVE-2022-42334 | x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; ... | | |
| CVE-2022-42335 | x86 shadow paging arbitrary pointer dereference In environments where host assisted address translat... | S | |
| CVE-2022-42336 | Mishandling of guest SSBD selection on AMD hardware The current logic to set SSBD on AMD Family 17h ... | | |
| CVE-2022-42337 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2022-42338 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2022-42339 | Adobe Acrobat Reader DC XFA Parsing Stack Overflow Remote Code Execution | | |
| CVE-2022-42340 | Adobe ColdFusion Improper Input Validation Arbitrary file system read | | |
| CVE-2022-42341 | Adobe ColdFusion Improper Restriction of XML External Entity Reference Arbitrary file system read | | |
| CVE-2022-42342 | Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2022-42343 | Adobe Campaign Classic Server-Side Request Forgery Arbitrary file system read | | |
| CVE-2022-42344 | [CVE-2021-36032] Magento IDOR Leads to Account Takeover | | |
| CVE-2022-42345 | AEM Reflected XSS Arbitrary code execution | | |
| CVE-2022-42346 | AEM Reflected XSS Arbitrary code execution | | |
| CVE-2022-42348 | AEM Reflected XSS Arbitrary code execution | | |
| CVE-2022-42349 | AEM Reflected XSS Arbitrary code execution | | |
| CVE-2022-42350 | AEM Reflected XSS Arbitrary code execution | | |
| CVE-2022-42351 | AEM Incorrect Authorization Security feature bypass | | |
| CVE-2022-42352 | AEM Reflected XSS Arbitrary code execution | | |
| CVE-2022-42354 | AEM Reflected XSS Arbitrary code execution | | |
| CVE-2022-42356 | AEM Reflected XSS Arbitrary code execution | | |
| CVE-2022-42357 | AEM Reflected XSS Arbitrary code execution | | |
| CVE-2022-42360 | AEM Reflected XSS Arbitrary code execution | | |
| CVE-2022-42362 | AEM Reflected XSS Arbitrary code execution | | |
| CVE-2022-42364 | AEM Reflected XSS Arbitrary code execution | | |
| CVE-2022-42365 | AEM Reflected XSS Arbitrary code execution | | |
| CVE-2022-42366 | AEM Reflected XSS Arbitrary code execution | | |
| CVE-2022-42367 | AEM Reflected XSS Arbitrary code execution | | |
| CVE-2022-42369 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2022-42370 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of PD... | | |
| CVE-2022-42371 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of PD... | | |
| CVE-2022-42372 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of PD... | | |
| CVE-2022-42373 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of PD... | | |
| CVE-2022-42374 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of PD... | | |
| CVE-2022-42375 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2022-42376 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2022-42377 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of PD... | | |
| CVE-2022-42378 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of PD... | | |
| CVE-2022-42379 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of PD... | | |
| CVE-2022-42380 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of PD... | | |
| CVE-2022-42381 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of PD... | | |
| CVE-2022-42382 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of PD... | | |
| CVE-2022-42383 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2022-42384 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2022-42385 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2022-42386 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2022-42387 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2022-42388 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2022-42389 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2022-42390 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2022-42391 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2022-42392 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2022-42393 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2022-42394 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of PD... | | |
| CVE-2022-42395 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of PD... | | |
| CVE-2022-42396 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of PD... | | |
| CVE-2022-42397 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2022-42398 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2022-42399 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of PD... | | |
| CVE-2022-42400 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of PD... | | |
| CVE-2022-42401 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2022-42402 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of PD... | | |
| CVE-2022-42403 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of PD... | | |
| CVE-2022-42404 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2022-42405 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of PD... | | |
| CVE-2022-42406 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2022-42407 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2022-42408 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2022-42409 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2022-42410 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of PD... | | |
| CVE-2022-42411 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2022-42412 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2022-42413 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2022-42414 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2022-42415 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of PD... | | |
| CVE-2022-42416 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of PD... | | |
| CVE-2022-42417 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of PD... | | |
| CVE-2022-42418 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of PD... | | |
| CVE-2022-42419 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of PD... | | |
| CVE-2022-42420 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of PD... | | |
| CVE-2022-42421 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of PD... | | |
| CVE-2022-42423 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of PD... | | |
| CVE-2022-42424 | This vulnerability allows remote attackers to escalate privileges on affected installations of Centr... | | |
| CVE-2022-42425 | This vulnerability allows remote attackers to escalate privileges on affected installations of Centr... | | |
| CVE-2022-42426 | This vulnerability allows remote attackers to escalate privileges on affected installations of Centr... | | |
| CVE-2022-42427 | This vulnerability allows remote attackers to escalate privileges on affected installations of Centr... | | |
| CVE-2022-42428 | This vulnerability allows remote attackers to escalate privileges on affected installations of Centr... | | |
| CVE-2022-42429 | This vulnerability allows remote attackers to escalate privileges on affected installations of Centr... | | |
| CVE-2022-42430 | This vulnerability allows local attackers to escalate privileges on affected Tesla vehicles. An atta... | | |
| CVE-2022-42431 | This vulnerability allows local attackers to escalate privileges on affected Tesla vehicles. An atta... | | |
| CVE-2022-42432 | This vulnerability allows local attackers to disclose sensitive information on affected installation... | | |
| CVE-2022-42433 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat... | | |
| CVE-2022-42435 | IBM Business Automation Workflow cross-site request forgery | S | |
| CVE-2022-42436 | IBM MQ information disclosure | S | |
| CVE-2022-42438 | IBM Cloud Pak for Multicloud Management Monitoring privilege escalation | S | |
| CVE-2022-42439 | IBM App Connect Enterprise information disclosure | | |
| CVE-2022-42442 | IBM Robotic Process Automation for Cloud Pak information disclosure | | |
| CVE-2022-42443 | Trusteer for mobile file upload | | |
| CVE-2022-42444 | IBM App Connect Enterprise denial of service | S | |
| CVE-2022-42445 | HCL Launch is vulnerable to Insufficiently Protected LDAP Search Credentials (CVE-2022-42445) | | |
| CVE-2022-42446 | HCL Sametime 12.0 and 12.0FP1 anonymous users have directory lookup access | M | |
| CVE-2022-42447 | Cross-origin resource sharing vulnerability affects HCL Compass | | |
| CVE-2022-42449 | HCL Domino Volt is affected by an unrestricted upload of a dangerous file type | | |
| CVE-2022-42450 | HCL Domino Volt is affected by Cross-site scripting (XSS) | | |
| CVE-2022-42451 | HCL BigFix Patch Management is vulnerable to insecurely stored credentials | | |
| CVE-2022-42452 | HCL Launch is vulnerable to HTML injection. HTML code is stored and included without being sanitize... | | |
| CVE-2022-42453 | HCL BigFix Platform is affected by insufficient warnings | | |
| CVE-2022-42454 | HCL BigFix Insights for Vulnerability Remediation (IVR) is vulnerable to improper certificate validation | | |
| CVE-2022-42455 | ASUS EC Tool driver (aka d.sys) 1beb15c90dcf7a5234ed077833a0a3e900969b60be1d04fcebce0a9f8994bdbb, as... | | |
| CVE-2022-42457 | Generex CS141 through 2.10 allows remote command execution by administrators via a web interface tha... | E | |
| CVE-2022-42458 | Authentication bypass using an alternate path or channel vulnerability in bingo!CMS version1.7.4.1 a... | | |
| CVE-2022-42459 | WordPress Image Hover Effects Ultimate plugin <= 9.7.1 - Auth. WordPress Options Change vulnerability | S | |
| CVE-2022-42460 | WordPress Traffic Manager plugin <= 1.4.5 - Broken Access Control vulnerability leading to Stored Cross-Site Scripting (XSS) | | |
| CVE-2022-42461 | WordPress miniOrange's Google Authenticator plugin <= 5.6.1 - Broken Access Control vulnerability | S | |
| CVE-2022-42462 | WordPress IP Blacklist Cloud Plugin <= 5.00 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2022-42463 | Softbus_server in communication subsystem has a authenication bypass vulnerability in a callback handler function. Attackers can launch attacks on distributed networks by sending Bluetooth rfcomm packets to any remote device and executing arbitrary co ... | | |
| CVE-2022-42464 | Kernel memory pool override in /dev/mmz_userdev device driver. The impact depends on the privileges of the attacker. The unprivileged process run on the device could disclose sensitive information including kernel pointer, which could be used in furth ... | | |
| CVE-2022-42465 | Improper access control in kernel mode driver for the Intel(R) OFU software before version 14.1.30 m... | S | |
| CVE-2022-42466 | XSS vulnerability, eg for String properties. | | |
| CVE-2022-42467 | h2 webconsole (available only in prototype mode) should nevertheless be disabled by default. | | |
| CVE-2022-42468 | Apache Flume prior to 1.11.0 has an Improper Input Validation (JNDI Injection) in JMSSource | S | |
| CVE-2022-42469 | A permissive list of allowed inputs vulnerability [CWE-183] in FortiGate version 7.2.3 and below, ve... | S | |
| CVE-2022-42470 | A relative path traversal vulnerability in Fortinet FortiClient (Windows) 7.0.0 - 7.0.7, 6.4.0 - 6.4... | S | |
| CVE-2022-42471 | An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerabili... | S | |
| CVE-2022-42472 | A improper neutralization of crlf sequences in http headers ('http response splitting') in Fortinet ... | S | |
| CVE-2022-42473 | A missing authentication for a critical function vulnerability in Fortinet FortiSOAR 6.4.0 - 6.4.4 a... | | |
| CVE-2022-42474 | A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.3, ve... | S | |
| CVE-2022-42475 | A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 t... | KEV E S | |
| CVE-2022-42476 | A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.2, 7.... | S | |
| CVE-2022-42477 | An improper input validation vulnerability [CWE-20] in FortiAnalyzer version 7.2.1 and below, versio... | S | |
| CVE-2022-42478 | An Improper Restriction of Excessive Authentication Attempts [CWE-307] in FortiSIEM below 7.0.0 may ... | S | |
| CVE-2022-42480 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-42484 | An OS command injection vulnerability exists in the httpd logs/view.cgi functionality of FreshTomato... | E | |
| CVE-2022-42485 | WordPress Gallery with thumbnail slider Plugin <= 6.0 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2022-42486 | Stored cross-site scripting vulnerability in User group management of baserCMS versions prior to 4.7... | | |
| CVE-2022-42487 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-42488 | Startup subsystem missed permission validation in param service. An malicious application installed on the device could elevate its privileges to the root user, disable security features, or cause DoS by disabling particular services. | | |
| CVE-2022-42490 | Several OS command injection vulnerabilities exist in the m2m binary of Siretta QUARTZ-GOLD G5.0.1.5... | | |
| CVE-2022-42491 | Several OS command injection vulnerabilities exist in the m2m binary of Siretta QUARTZ-GOLD G5.0.1.5... | | |
| CVE-2022-42492 | Several OS command injection vulnerabilities exist in the m2m binary of Siretta QUARTZ-GOLD G5.0.1.5... | | |
| CVE-2022-42493 | Several OS command injection vulnerabilities exist in the m2m binary of Siretta QUARTZ-GOLD G5.0.1.5... | | |
| CVE-2022-42494 | WordPress All in One SEO Pro plugin <= 4.2.5.1 - Server Side Request Forgery (SSRF) vulnerability | S | |
| CVE-2022-42496 | OS command injection vulnerability in Nako3edit, editor component of nadesiko3 (PC Version) v3.3.74 ... | S | |
| CVE-2022-42497 | WordPress Api2Cart Bridge Connector plugin <= 1.1.0 - Arbitrary Code Execution vulnerability | S | |
| CVE-2022-42498 | In Pixel cellular firmware, there is a possible out of bounds write due to a missing bounds check. T... | | |
| CVE-2022-42499 | In sms_SendMmCpErrMsg of sms_MmConManagement.c, there is a possible out of bounds write due to a hea... | | |
| CVE-2022-42500 | In OEM_OnRequest of sced.cpp, there is a possible shell command execution due to improper input vali... | | |
| CVE-2022-42501 | In HexString2Value of util.cpp, there is a possible out of bounds write due to a missing bounds chec... | | |
| CVE-2022-42502 | In FacilityLock::Parse of simdata.cpp, there is a possible out of bounds write due to a missing boun... | | |
| CVE-2022-42503 | In ProtocolMiscBuilder::BuildSetLinkCapaReportCriteria of protocolmiscbuilder.cpp, there is a possib... | | |
| CVE-2022-42504 | In CallDialReqData::encodeCallNumber of callreqdata.cpp, there is a possible out of bounds write due... | | |
| CVE-2022-42505 | In ProtocolMiscBuilder::BuildSetSignalReportCriteria of protocolmiscbuilder.cpp, there is a possible... | | |
| CVE-2022-42506 | In SimUpdatePbEntry::encode of simdata.cpp, there is a possible out of bounds write due to a missing... | | |
| CVE-2022-42507 | In ProtocolSimBuilder::BuildSimUpdatePb3gEntry of protocolsimbuilder.cpp, there is a possible out of... | | |
| CVE-2022-42508 | In ProtocolCallBuilder::BuildSendUssd of protocolcallbuilder.cpp, there is a possible out of bounds ... | | |
| CVE-2022-42509 | In CallDialReqData::encode of callreqdata.cpp, there is a possible out of bounds write due to a miss... | | |
| CVE-2022-42510 | In StringsRequestData::encode of requestdata.cpp, there is a possible out of bounds read due to impr... | | |
| CVE-2022-42511 | In EmbmsSessionData::encode of embmsdata.cpp, there is a possible out of bounds write due to a missi... | | |
| CVE-2022-42512 | In VsimOperationDataExt::encode of vsimdata.cpp, there is a possible out of bounds read due to a mis... | | |
| CVE-2022-42513 | In ProtocolEmbmsBuilder::BuildSetSession of protocolembmsbuilder.cpp, there is a possible out of bou... | | |
| CVE-2022-42514 | In ProtocolImsBuilder::BuildSetConfig of protocolimsbuilder.cpp, there is a possible out of bounds r... | | |
| CVE-2022-42515 | In MiscService::DoOemSetRtpPktlossThreshold of miscservice.cpp, there is a possible out of bounds re... | | |
| CVE-2022-42516 | In ProtocolSimBuilderLegacy::BuildSimGetGbaAuth of protocolsimbuilderlegacy.cpp, there is a possible... | | |
| CVE-2022-42517 | In MiscService::DoOemSetTcsFci of miscservice.cpp, there is a possible out of bounds read due to a m... | | |
| CVE-2022-42518 | In BroadcastSmsConfigsRequestData::encode of smsdata.cpp, there is a possible out of bounds write du... | | |
| CVE-2022-42519 | In CdmaBroadcastSmsConfigsRequestData::encode of cdmasmsdata.cpp, there is a possible stack clash le... | | |
| CVE-2022-42520 | In ServiceInterface::HandleRequest of serviceinterface.cpp, there is a possible use after free. This... | | |
| CVE-2022-42521 | In encode of wlandata.cpp, there is a possible out of bounds write due to improper input validation.... | | |
| CVE-2022-42522 | In DoSetCarrierConfig of miscservice.cpp, there is a possible out of bounds read due to an incorrect... | | |
| CVE-2022-42523 | In fillSetupDataCallInfo_V1_6 of ril_service_1_6.cpp, there is a possible out of bounds write due to... | | |
| CVE-2022-42524 | In sms_GetTpUdlIe of sms_PduCodec.c, there is a possible out of bounds read due to a missing bounds ... | | |
| CVE-2022-42525 | In fillSetupDataCallInfo_V1_6 of ril_service_1_6.cpp, there is a possible out of bounds write due to... | | |
| CVE-2022-42526 | In ConvertUtf8ToUcs2 of radio_hal_utils.cpp, there is a possible out of bounds write due to a missin... | | |
| CVE-2022-42527 | In cd_SsParseMsg of cd_SsCodec.c, there is a possible crash due to a missing null check. This could ... | | |
| CVE-2022-42528 | In ffa_mrd_prot of shared_mem.c, there is a possible ID due to a logic error in the code. This could... | | |
| CVE-2022-42529 | Product: AndroidVersions: Android kernelAndroid ID: A-235292841References: N/A... | | |
| CVE-2022-42530 | In Pixel firmware, there is a possible out of bounds read due to a missing bounds check. This could ... | | |
| CVE-2022-42531 | In mmu_map_for_fw of gs_ldfw_load.c, there is a possible mitigation bypass due to Permissive Memory ... | | |
| CVE-2022-42532 | In Pixel firmware, there is a possible out of bounds read due to a missing bounds check. This could ... | | |
| CVE-2022-42533 | In shared_metadata_init of SharedMetadata.cpp, there is a possible out of bounds write due to an int... | | |
| CVE-2022-42534 | In trusty_ffa_mem_reclaim of shared-mem-smcall.c, there is a possible privilege escalation due to im... | | |
| CVE-2022-42535 | In a query in MmsSmsProvider.java, there is a possible access to restricted tables due to SQL inject... | S | |
| CVE-2022-42536 | Remote code execution... | | |
| CVE-2022-42537 | Remote code execution... | | |
| CVE-2022-42538 | Elevation of privilege... | | |
| CVE-2022-42539 | Information disclosure... | | |
| CVE-2022-42540 | Elevation of privilege... | | |
| CVE-2022-42541 | Remote code execution... | | |
| CVE-2022-42542 | In phNxpNciHal_core_initialized of phNxpNciHal.cc, there is a possible out of bounds write due to a ... | S | |
| CVE-2022-42543 | In fdt_path_offset_namelen of fdt_ro.c, there is a possible out of bounds read due to an incorrect b... | | |
| CVE-2022-42544 | In getView of AddAppNetworksFragment.java, there is a possible way to mislead the user about network... | S | |
| CVE-2022-42698 | WordPress Api2Cart Bridge Connector plugin <= 1.1.0 - Arbitrary File Upload vulnerability | S | |
| CVE-2022-42699 | WordPress Easy WP SMTP Plugin <= 1.5.1 is vulnerable to Remote Code Execution (RCE) | S | |
| CVE-2022-42700 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-42702 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-42703 | mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reu... | E S | |
| CVE-2022-42704 | A cross-site scripting (XSS) vulnerability in Employee Service Center (esc) and Service Portal (sp) ... | S | |
| CVE-2022-42705 | A use-after-free in res_pjsip_pubsub.c in Sangoma Asterisk 16.28, 18.14, 19.6, and certified/18.9-ce... | S | |
| CVE-2022-42706 | An issue was discovered in Sangoma Asterisk through 16.28, 17 and 18 through 18.14, 19 through 19.6,... | S | |
| CVE-2022-42707 | In Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04.3, and 22.10 before 22.10.0... | | |
| CVE-2022-42710 | Nice (formerly Nortek) Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.3... | E | |
| CVE-2022-42711 | In Progress WhatsUp Gold before 22.1.0, an SNMP MIB Walker application endpoint failed to adequately... | | |
| CVE-2022-42715 | A reflected XSS vulnerability exists in REDCap before 12.04.18 in the Alerts & Notifications upload ... | E | |
| CVE-2022-42716 | An issue was discovered in the Arm Mali GPU Kernel Driver. There is a use-after-free. A non-privileg... | | |
| CVE-2022-42717 | An issue was discovered in Hashicorp Packer before 2.3.1. The recommended sudoers configuration for ... | S | |
| CVE-2022-42718 | Incorrect default permissions in the installation folder for NI LabVIEW Command Line Interface (CLI)... | S | |
| CVE-2022-42719 | A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 th... | E S | |
| CVE-2022-42720 | Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 thr... | E S | |
| CVE-2022-42721 | A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x b... | E S | |
| CVE-2022-42722 | In the Linux kernel 5.8 through 5.19.x before 5.19.16, local attackers able to inject WLAN frames in... | E S | |
| CVE-2022-42724 | app/Controller/UsersController.php in MISP before 2.4.164 allows attackers to discover role names (t... | S | |
| CVE-2022-42725 | Warpinator through 1.2.14 allows access outside of an intended directory, as demonstrated by symboli... | E S | |
| CVE-2022-42731 | mfa/FIDO2.py in django-mfa2 before 2.5.1 and 2.6.x before 2.6.1 allows a replay attack that could be... | E | |
| CVE-2022-42732 | A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics ap... | | |
| CVE-2022-42733 | A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics ap... | | |
| CVE-2022-42734 | A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics ap... | | |
| CVE-2022-42735 | Apache ShenYu Admin ultra vires | | |
| CVE-2022-42737 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2022-42738 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2022-42739 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2022-42740 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2022-42741 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2022-42742 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2022-42743 | deep-parse-json version 1.0.2 allows an external attacker to edit or add new properties to an object... | E | |
| CVE-2022-42744 | CandidATS version 3.0.0 allows an external attacker to perform CRUD operations on the application da... | E | |
| CVE-2022-42745 | CandidATS version 3.0.0 allows an external attacker to read arbitrary files from the server. This is... | E | |
| CVE-2022-42746 | CandidATS version 3.0.0 on 'indexFile' of the 'ajax.php' resource, allows an external attacker to st... | E | |
| CVE-2022-42747 | CandidATS version 3.0.0 on 'sortBy' of the 'ajax.php' resource, allows an external attacker to steal... | E | |
| CVE-2022-42748 | CandidATS version 3.0.0 on 'sortDirection' of the 'ajax.php' resource, allows an external attacker t... | E | |
| CVE-2022-42749 | CandidATS version 3.0.0 on 'page' of the 'ajax.php' resource, allows an external attacker to steal t... | E | |
| CVE-2022-42750 | CandidATS version 3.0.0 allows an external attacker to steal the cookie of arbitrary users. This is ... | E | |
| CVE-2022-42751 | CandidATS version 3.0.0 allows an external attacker to elevate privileges in the application. This i... | E | |
| CVE-2022-42753 | SalonERP version 3.0.2 allows an external attacker to steal the cookie of arbitrary users. This is p... | E | |
| CVE-2022-42754 | In npu driver, there is a memory corruption due to a use after free. This could lead to local denial... | | |
| CVE-2022-42755 | In wlan driver, there is a possible missing bounds check, This could lead to local denial of service... | | |
| CVE-2022-42756 | In sensor driver, there is a possible buffer overflow due to a missing bounds check. This could lead... | | |
| CVE-2022-42757 | In wlan driver, there is a possible missing bounds check, This could lead to local denial of service... | | |
| CVE-2022-42758 | In wlan driver, there is a possible missing bounds check, This could lead to local denial of service... | | |
| CVE-2022-42759 | In wlan driver, there is a possible missing bounds check, This could lead to local denial of service... | | |
| CVE-2022-42760 | In wlan driver, there is a possible missing bounds check, This could lead to local denial of service... | | |
| CVE-2022-42761 | In wlan driver, there is a possible missing bounds check, This could lead to local denial of service... | | |
| CVE-2022-42762 | In wlan driver, there is a possible missing bounds check, This could lead to local denial of service... | | |
| CVE-2022-42763 | In wlan driver, there is a possible missing bounds check, This could lead to local denial of service... | | |
| CVE-2022-42764 | In wlan driver, there is a possible missing bounds check, This could lead to local denial of service... | | |
| CVE-2022-42765 | In wlan driver, there is a possible missing bounds check, This could lead to local denial of service... | | |
| CVE-2022-42766 | In wlan driver, there is a possible missing permission check, This could lead to local information d... | | |
| CVE-2022-42767 | In wlan driver, there is a possible missing bounds check, This could lead to local denial of service... | | |
| CVE-2022-42768 | In wlan driver, there is a possible missing bounds check, This could lead to local denial of service... | | |
| CVE-2022-42769 | In wlan driver, there is a possible missing bounds check, This could lead to local denial of service... | | |
| CVE-2022-42770 | In wlan driver, there is a race condition, This could lead to local denial of service in wlan servic... | | |
| CVE-2022-42771 | In wlan driver, there is a race condition, This could lead to local denial of service in wlan servic... | | |
| CVE-2022-42772 | In wlan driver, there is a possible missing bounds check, This could lead to local denial of service... | | |
| CVE-2022-42773 | In wlan driver, there is a possible missing bounds check, This could lead to local denial of service... | | |
| CVE-2022-42774 | In wlan driver, there is a possible missing bounds check, This could lead to local denial of service... | | |
| CVE-2022-42775 | In camera driver, there is a possible memory corruption due to improper locking. This could lead to ... | | |
| CVE-2022-42776 | In UscAIEngine service, there is a missing permission check. This could lead to set up UscAIEngine s... | | |
| CVE-2022-42777 | In power management service, there is a missing permission check. This could lead to set up power ma... | | |
| CVE-2022-42778 | In windows manager service, there is a missing permission check. This could lead to set up windows m... | | |
| CVE-2022-42779 | In wlan driver, there is a possible missing bounds check, This could lead to local denial of service... | | |
| CVE-2022-42780 | In wlan driver, there is a possible missing bounds check, This could lead to local denial of service... | | |
| CVE-2022-42781 | In wlan driver, there is a possible missing bounds check, This could lead to local denial of service... | | |
| CVE-2022-42782 | In wlan driver, there is a possible missing permission check, This could lead to local information d... | | |
| CVE-2022-42783 | In wlan driver, there is a possible missing params check. This could lead to local denial of service... | | |
| CVE-2022-42784 | A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions >= V8.3), L... | | |
| CVE-2022-42785 | Wiesemann & Theis: Authentication bypass in Com-Server family | | |
| CVE-2022-42786 | Wiesemann & Theis: XSS vulnerability in web interface of the Com-Server family | | |
| CVE-2022-42787 | Wiesemann & Theis: Small number space for allocating session id in Com-Server family | | |
| CVE-2022-42788 | A permissions issue existed. This issue was addressed with improved permission validation. This issu... | | |
| CVE-2022-42789 | An issue in code signature validation was addressed with improved checks. This issue is fixed in mac... | | |
| CVE-2022-42790 | A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.... | | |
| CVE-2022-42791 | A race condition was addressed with improved state handling. This issue is fixed in macOS Ventura 13... | | |
| CVE-2022-42792 | This issue was addressed with improved data protection. This issue is fixed in iOS 16.1 and iPadOS 1... | | |
| CVE-2022-42793 | An issue in code signature validation was addressed with improved checks. This issue is fixed in mac... | | |
| CVE-2022-42794 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-42795 | A memory consumption issue was addressed with improved memory handling. This issue is fixed in tvOS ... | | |
| CVE-2022-42796 | This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 15.7 and iPadOS... | | |
| CVE-2022-42797 | An injection issue was addressed with improved input validation. This issue is fixed in Xcode 14.1. ... | | |
| CVE-2022-42798 | The issue was addressed with improved memory handling. This issue is fixed in tvOS 16.1, iOS 15.7.1 ... | | |
| CVE-2022-42799 | The issue was addressed with improved UI handling. This issue is fixed in tvOS 16.1, macOS Ventura 1... | | |
| CVE-2022-42800 | This issue was addressed with improved checks. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, ... | | |
| CVE-2022-42801 | A logic issue was addressed with improved checks. This issue is fixed in tvOS 16.1, iOS 15.7.1 and i... | | |
| CVE-2022-42802 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-42803 | A race condition was addressed with improved locking. This issue is fixed in tvOS 16.1, iOS 15.7.1 a... | | |
| CVE-2022-42804 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-42805 | An integer overflow was addressed with improved input validation. This issue is fixed in iOS 15.6 an... | | |
| CVE-2022-42806 | A race condition was addressed with improved locking. This issue is fixed in iOS 16.1 and iPadOS 16,... | | |
| CVE-2022-42807 | A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.... | | |
| CVE-2022-42808 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvO... | | |
| CVE-2022-42809 | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13. Proc... | | |
| CVE-2022-42810 | The issue was addressed with improved memory handling. This issue is fixed in iOS 15.7.1 and iPadOS ... | | |
| CVE-2022-42811 | An access issue was addressed with additional sandbox restrictions. This issue is fixed in tvOS 16.1... | | |
| CVE-2022-42813 | A certificate validation issue existed in the handling of WKWebView. This issue was addressed with i... | | |
| CVE-2022-42814 | A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13. An app ma... | | |
| CVE-2022-42815 | This issue was addressed with improved data protection. This issue is fixed in macOS Ventura 13. An ... | | |
| CVE-2022-42816 | A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.... | | |
| CVE-2022-42817 | A logic issue was addressed with improved state management. This issue is fixed in iOS 15.7.1 and iP... | | |
| CVE-2022-42818 | This issue was addressed with improved data protection. This issue is fixed in macOS Ventura 13. A u... | | |
| CVE-2022-42819 | An access issue was addressed with improved access restrictions. This issue is fixed in macOS Big Su... | | |
| CVE-2022-42820 | A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 1... | | |
| CVE-2022-42821 | A logic issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.2, macO... | | |
| CVE-2022-42822 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-42823 | A type confusion issue was addressed with improved memory handling. This issue is fixed in tvOS 16.1... | | |
| CVE-2022-42824 | A logic issue was addressed with improved state management. This issue is fixed in tvOS 16.1, macOS ... | | |
| CVE-2022-42825 | This issue was addressed by removing additional entitlements. This issue is fixed in tvOS 16.1, macO... | | |
| CVE-2022-42826 | A use after free issue was addressed with improved memory management. This issue is fixed in macOS V... | | |
| CVE-2022-42827 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS... | KEV | |
| CVE-2022-42828 | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13. An a... | | |
| CVE-2022-42829 | A use after free issue was addressed with improved memory management. This issue is fixed in iOS 16.... | | |
| CVE-2022-42830 | The issue was addressed with improved memory handling. This issue is fixed in iOS 16.1 and iPadOS 16... | | |
| CVE-2022-42831 | A race condition was addressed with improved locking. This issue is fixed in iOS 16.1 and iPadOS 16,... | | |
| CVE-2022-42832 | A race condition was addressed with improved locking. This issue is fixed in iOS 16.1 and iPadOS 16,... | | |
| CVE-2022-42833 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ven... | | |
| CVE-2022-42834 | An access issue was addressed with improved access restrictions. This issue is fixed in macOS Monter... | | |
| CVE-2022-42835 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-42837 | An issue existed in the parsing of URLs. This issue was addressed with improved input validation. Th... | | |
| CVE-2022-42838 | An issue with app access to camera data was addressed with improved logic. This issue is fixed in ma... | | |
| CVE-2022-42839 | This issue was addressed with improved redaction of sensitive information. This issue is fixed in iO... | | |
| CVE-2022-42840 | The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.2,... | | |
| CVE-2022-42841 | A type confusion issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.... | | |
| CVE-2022-42842 | The issue was addressed with improved memory handling. This issue is fixed in tvOS 16.2, macOS Monte... | | |
| CVE-2022-42843 | This issue was addressed with improved data protection. This issue is fixed in iOS 16.2 and iPadOS 1... | | |
| CVE-2022-42844 | The issue was addressed with improved memory handling. This issue is fixed in iOS 16.2 and iPadOS 16... | | |
| CVE-2022-42845 | The issue was addressed with improved memory handling. This issue is fixed in tvOS 16.2, macOS Monte... | | |
| CVE-2022-42846 | The issue was addressed with improved memory handling. This issue is fixed in iOS 16.2 and iPadOS 16... | | |
| CVE-2022-42847 | An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in ma... | | |
| CVE-2022-42848 | A logic issue was addressed with improved checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, i... | | |
| CVE-2022-42849 | An access issue existed with privileged API calls. This issue was addressed with additional restrict... | | |
| CVE-2022-42850 | The issue was addressed with improved memory handling. This issue is fixed in iOS 16.2 and iPadOS 16... | | |
| CVE-2022-42851 | The issue was addressed with improved memory handling. This issue is fixed in iOS 16.2 and iPadOS 16... | | |
| CVE-2022-42852 | The issue was addressed with improved memory handling. This issue is fixed in Safari 16.2, tvOS 16.2... | | |
| CVE-2022-42853 | An access issue was addressed with improved access restrictions. This issue is fixed in macOS Ventur... | | |
| CVE-2022-42854 | The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.2,... | | |
| CVE-2022-42855 | A logic issue was addressed with improved state management. This issue is fixed in tvOS 16.2, macOS ... | | |
| CVE-2022-42856 | A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 16.... | KEV | |
| CVE-2022-42857 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-42858 | A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS... | | |
| CVE-2022-42859 | Multiple issues were addressed by removing the vulnerable code. This issue is fixed in iOS 16.2 and ... | | |
| CVE-2022-42860 | This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed i... | | |
| CVE-2022-42861 | This issue was addressed with improved checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macO... | | |
| CVE-2022-42862 | This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 16.2 and iPadOS... | | |
| CVE-2022-42863 | A memory corruption issue was addressed with improved state management. This issue is fixed in Safar... | | |
| CVE-2022-42864 | A race condition was addressed with improved state handling. This issue is fixed in tvOS 16.2, macOS... | | |
| CVE-2022-42865 | This issue was addressed by enabling hardened runtime. This issue is fixed in iOS 16.2 and iPadOS 16... | | |
| CVE-2022-42866 | The issue was addressed with improved handling of caches. This issue is fixed in iOS 16.2 and iPadOS... | | |
| CVE-2022-42867 | A use after free issue was addressed with improved memory management. This issue is fixed in Safari ... | | |
| CVE-2022-42878 | Null pointer dereference for some Intel(R) Trace Analyzer and Collector software before version 2021... | | |
| CVE-2022-42879 | NULL pointer dereference in some Intel(R) Arc(TM) Control software before version 1.73.5335.2 may al... | | |
| CVE-2022-42880 | WordPress Auto Upload Images Plugin <= 3.3 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2022-42882 | WordPress Simple CSV/XLS Exporter Plugin <= 1.5.8 is vulnerable to CSV Injection | | |
| CVE-2022-42883 | WordPress Quiz And Survey Master plugin <= 7.3.10 - Sensitive Information Disclosure vulnerability | S | |
| CVE-2022-42884 | WordPress WIP Custom Login Plugin <= 1.2.7 is vulnerable to Broken Access Control | S | |
| CVE-2022-42885 | A use of uninitialized pointer vulnerability exists in the GRO format res functionality of Open Babe... | E | |
| CVE-2022-42888 | WordPress ARMember Plugin <= 5.5.1 is vulnerable to Privilege Escalation | S | |
| CVE-2022-42889 | Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults | M | |
| CVE-2022-42890 | Apache Batik prior to 1.16 allows RCE via scripting | | |
| CVE-2022-42891 | A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics ap... | | |
| CVE-2022-42892 | A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics ap... | | |
| CVE-2022-42893 | A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics ap... | | |
| CVE-2022-42894 | A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). An unauthenticate... | | |
| CVE-2022-42895 | Info Leak in l2cap_core in the Linux Kernel | S | |
| CVE-2022-42896 | Info Leak in l2cap_core in the Linux Kernel | S | |
| CVE-2022-42897 | Array Networks AG/vxAG with ArrayOS AG before 9.4.0.469 allows unauthenticated command injection tha... | S | |
| CVE-2022-42898 | PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflow... | E S | |
| CVE-2022-42899 | Bentley MicroStation and MicroStation-based applications may be affected by out-of-bounds read and s... | | |
| CVE-2022-42900 | Bentley MicroStation and MicroStation-based applications may be affected by out-of-bounds read issue... | | |
| CVE-2022-42901 | Bentley MicroStation and MicroStation-based applications may be affected by out-of-bounds and stack ... | | |
| CVE-2022-42902 | In Linaro Automated Validation Architecture (LAVA) before 2022.10, there is dynamic code execution i... | S | |
| CVE-2022-42903 | Zoho ManageEngine SupportCenter Plus through 11024 allows low-privileged users to view the organizat... | | |
| CVE-2022-42904 | Zoho ManageEngine ADManager Plus through 7151 allows authenticated admin users to execute the comman... | | |
| CVE-2022-42905 | In wolfSSL before 5.5.2, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a ... | | |
| CVE-2022-42906 | powerline-gitstatus (aka Powerline Gitstatus) before 1.3.2 allows arbitrary code execution. git repo... | E | |
| CVE-2022-42908 | WEPA Print Away is vulnerable to a stored XSS. It does not properly sanitize uploaded filenames, all... | S | |
| CVE-2022-42909 | WEPA Print Away does not verify that a user has authorization to access documents before generating ... | S | |
| CVE-2022-42915 | curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non... | | |
| CVE-2022-42916 | In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using it... | | |
| CVE-2022-42919 | Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a ... | | |
| CVE-2022-42920 | Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing | | |
| CVE-2022-42923 | SQL injection in Forma LMS | S | |
| CVE-2022-42924 | SQL injection in Forma LMS | S | |
| CVE-2022-42925 | Unrestricted Upload of File with Dangerous Type in Forma LMS | S | |
| CVE-2022-42927 | A same-origin policy violation could have allowed the theft of cross-origin URL entries, leaking the... | | |
| CVE-2022-42928 | Certain types of allocations were missing annotations that, if the Garbage Collector was in a specif... | | |
| CVE-2022-42929 | If a website called `window.print()` in a particular way, it could cause a denial of service of the ... | | |
| CVE-2022-42930 | If two Workers were simultaneously initializing their CacheStorage, a data race could have occurred ... | | |
| CVE-2022-42931 | Logins saved by Firefox should be managed by the Password Manager component which uses encryption to... | | |
| CVE-2022-42932 | Mozilla developers Ashley Hale and the Mozilla Fuzzing Team reported memory safety bugs present in F... | | |
| CVE-2022-42933 | A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead ... | S | |
| CVE-2022-42934 | A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead ... | S | |
| CVE-2022-42935 | A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead ... | S | |
| CVE-2022-42936 | A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead ... | S | |
| CVE-2022-42937 | A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead ... | S | |
| CVE-2022-42938 | A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory... | S | |
| CVE-2022-42939 | A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory... | S | |
| CVE-2022-42940 | A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory... | S | |
| CVE-2022-42941 | A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead t... | S | |
| CVE-2022-42942 | A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead t... | S | |
| CVE-2022-42943 | A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead t... | S | |
| CVE-2022-42944 | A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead t... | S | |
| CVE-2022-42945 | DWG TrueViewTM 2023 version has a DLL Search Order Hijacking vulnerability. Successful exploitation ... | | |
| CVE-2022-42946 | Parsing a maliciously crafted X_B and PRT file can force Autodesk Maya 2023 and 2022 to read beyond ... | | |
| CVE-2022-42947 | A maliciously crafted X_B file when parsed through Autodesk Maya 2023 and 2022 can be used to write ... | | |
| CVE-2022-42948 | Cobalt Strike 4.7.1 fails to properly escape HTML tags when they are displayed on Swing components. ... | KEV | |
| CVE-2022-42949 | Silverstripe silverstripe/subsites through 2.6.0 has Insecure Permissions.... | | |
| CVE-2022-42950 | An issue was discovered in Couchbase Server 7.x before 7.0.5 and 7.1.x before 7.1.2. A crafted HTTP ... | | |
| CVE-2022-42951 | An issue was discovered in Couchbase Server 6.5.x and 6.6.x before 6.6.6, 7.x before 7.0.5, and 7.1.... | | |
| CVE-2022-42953 | Certain ZKTeco products (ZEM500-510-560-760, ZEM600-800, ZEM720, ZMM) allow access to sensitive info... | E | |
| CVE-2022-42954 | Keyfactor EJBCA before 7.10.0 allows XSS.... | | |
| CVE-2022-42955 | The PassWork extension 5.0.9 for Chrome and other browsers allows an attacker to obtain cleartext ca... | | |
| CVE-2022-42956 | The PassWork extension 5.0.9 for Chrome and other browsers allows an attacker to obtain the cleartex... | | |
| CVE-2022-42960 | EqualWeb Accessibility Widget 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.1.10, 3.0.0, 3.0.1, 3.0.2, 4.0.0,... | | |
| CVE-2022-42961 | An issue was discovered in wolfSSL before 5.5.0. A fault injection attack on RAM via Rowhammer leads... | | |
| CVE-2022-42964 | Exponential ReDoS in pymatgen leads to denial of service | E | |
| CVE-2022-42965 | Exponential ReDoS in snowflake-connector-python leads to denial of service | E | |
| CVE-2022-42966 | Exponential ReDoS in cleo leads to denial of service | E | |
| CVE-2022-42967 | XSS in Caret markdown editor leads to remote code execution when viewing crafted Markdown files | E | |
| CVE-2022-42968 | Gitea before 1.17.3 does not sanitize and escape refs in the git backend. Arguments to git commands ... | S | |
| CVE-2022-42969 | The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS (Regular express... | E | |
| CVE-2022-42970 | A CWE-306: Missing Authentication for Critical Function The software does not perform any authentica... | S | |
| CVE-2022-42971 | A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could cause rem... | S | |
| CVE-2022-42972 | A CWE-732: Incorrect Permission Assignment for Critical Resource vulnerability exists that could cau... | S | |
| CVE-2022-42973 | A CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause local privilege escal... | S | |
| CVE-2022-42974 | In Kostal PIKO 1.5-1 MP plus HMI OEM p 1.0.1, the web application for the Solar Panel is vulnerable ... | | |
| CVE-2022-42975 | socket/transport.ex in Phoenix before 1.6.14 mishandles check_origin wildcarding. NOTE: LiveView app... | S | |
| CVE-2022-42977 | The Netic User Export add-on before 1.3.5 for Atlassian Confluence has the functionality to generate... | E | |
| CVE-2022-42978 | In the Netic User Export add-on before 1.3.5 for Atlassian Confluence, authorization is mishandled. ... | E | |
| CVE-2022-42979 | Information disclosure due to an insecure hostname validation in the RYDE application 5.8.43 for And... | | |
| CVE-2022-42980 | go-admin (aka GO Admin) 2.0.12 uses the string go-admin as a production JWT key.... | E | |
| CVE-2022-42982 | BKG Professional NtripCaster 2.0.39 allows querying information over the UDP protocol without authen... | | |
| CVE-2022-42983 | anji-plus AJ-Report 0.9.8.6 allows remote attackers to bypass login authentication by spoofing JWT T... | E | |
| CVE-2022-42984 | WoWonder Social Network Platform 4.1.4 was discovered to contain a SQL injection vulnerability via t... | | |
| CVE-2022-42985 | The ScratchLogin extension through 1.1 for MediaWiki does not escape verification failure messages, ... | S | |
| CVE-2022-42986 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-39122. Reason: This candidat... | R | |
| CVE-2022-42989 | ERP Sankhya before v4.11b81 was discovered to contain a cross-site scripting (XSS) vulnerability via... | E | |
| CVE-2022-42990 | Food Ordering Management System v1.0 was discovered to contain a SQL injection vulnerability via the... | E | |
| CVE-2022-42991 | A stored cross-site scripting (XSS) vulnerability in Simple Online Public Access Catalog v1.0 allows... | E | |
| CVE-2022-42992 | Multiple stored cross-site scripting (XSS) vulnerabilities in Train Scheduler App v1.0 allow attacke... | E | |
| CVE-2022-42993 | Password Storage Application v1.0 was discovered to contain a cross-site scripting (XSS) vulnerabili... | E | |
| CVE-2022-42998 | D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the srcip parameter at /go... | E | |
| CVE-2022-42999 | D-Link DIR-816 A2 1.10 B05 was discovered to contain multiple command injection vulnerabilities via ... | E |