| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2022-43000 | D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the wizardstep4_pskpwd par... | E | |
| CVE-2022-43001 | D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the pskValue parameter in ... | E | |
| CVE-2022-43002 | D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the wizardstep54_pskpwd pa... | E | |
| CVE-2022-43003 | D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the pskValue parameter in ... | E | |
| CVE-2022-43014 | OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via t... | E | |
| CVE-2022-43015 | OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via t... | E | |
| CVE-2022-43016 | OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via t... | E | |
| CVE-2022-43017 | OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via t... | E | |
| CVE-2022-43018 | OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via t... | E | |
| CVE-2022-43019 | OpenCATS v0.9.6 was discovered to contain a remote code execution (RCE) vulnerability via the getDat... | E | |
| CVE-2022-43020 | OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the tag_id variable in t... | E | |
| CVE-2022-43021 | OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the entriesPerPage varia... | E | |
| CVE-2022-43022 | OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the tag_id variable in t... | E | |
| CVE-2022-43023 | OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the importID parameter i... | E | |
| CVE-2022-43024 | Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to contain a stack overflow via the l... | | |
| CVE-2022-43025 | Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to contain a stack overflow via the s... | | |
| CVE-2022-43026 | Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to contain a stack overflow via the e... | | |
| CVE-2022-43027 | Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to contain a stack overflow via the f... | | |
| CVE-2022-43028 | Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to contain a stack overflow via the t... | | |
| CVE-2022-43029 | Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to contain a stack overflow via the t... | | |
| CVE-2022-43030 | Siyucms v6.1.7 was discovered to contain a remote code execution (RCE) vulnerability in the backgrou... | E | |
| CVE-2022-43031 | DedeCMS v6.1.9 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers ... | E | |
| CVE-2022-43032 | An issue was discovered in Bento4 v1.6.0-639. There is a memory leak in AP4_DescriptorFactory::Creat... | E | |
| CVE-2022-43033 | An issue was discovered in Bento4 1.6.0-639. There is a bad free in the component AP4_HdlrAtom::~AP4... | E | |
| CVE-2022-43034 | An issue was discovered in Bento4 v1.6.0-639. There is a heap buffer overflow vulnerability in the A... | E | |
| CVE-2022-43035 | An issue was discovered in Bento4 v1.6.0-639. There is a heap-buffer-overflow in AP4_Dec3Atom::AP4_D... | E | |
| CVE-2022-43037 | An issue was discovered in Bento4 1.6.0-639. There is a memory leak in the function AP4_File::ParseS... | E | |
| CVE-2022-43038 | Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP4_BitReader::ReadCache() funct... | E | |
| CVE-2022-43039 | GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the fun... | E | |
| CVE-2022-43040 | GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a heap buffer overflow via the funct... | E | |
| CVE-2022-43042 | GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a heap buffer overflow via the funct... | E | |
| CVE-2022-43043 | GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the fun... | E | |
| CVE-2022-43044 | GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the fun... | E | |
| CVE-2022-43045 | GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the fun... | E | |
| CVE-2022-43046 | Food Ordering Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerab... | E | |
| CVE-2022-43049 | Canteen Management System Project v1.0 was discovered to contain a SQL injection vulnerability via t... | E | |
| CVE-2022-43050 | Online Tours & Travels Management System v1.0 was discovered to contain an arbitrary file upload vul... | E | |
| CVE-2022-43051 | Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability... | E | |
| CVE-2022-43052 | Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability... | E | |
| CVE-2022-43058 | Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability... | | |
| CVE-2022-43061 | Online Tours & Travels Management System v1.0 was discovered to contain an arbitrary file upload vul... | E | |
| CVE-2022-43062 | Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability... | E | |
| CVE-2022-43063 | Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability... | E | |
| CVE-2022-43066 | Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability... | E | |
| CVE-2022-43068 | Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability... | E | |
| CVE-2022-43071 | A stack overflow in the Catalog::readPageLabelTree2(Object*) function of XPDF v4.04 allows attackers... | E | |
| CVE-2022-43074 | AyaCMS v3.1.2 was discovered to contain an arbitrary file upload vulnerability via the component /ad... | E | |
| CVE-2022-43076 | A cross-site scripting (XSS) vulnerability in /admin/edit-admin.php of Web-Based Student Clearance S... | E | |
| CVE-2022-43078 | A cross-site scripting (XSS) vulnerability in /admin/add-fee.php of Web-Based Student Clearance Syst... | E | |
| CVE-2022-43079 | A cross-site scripting (XSS) vulnerability in /admin/add-fee.php of Train Scheduler App v1.0 allows ... | E | |
| CVE-2022-43081 | Fast Food Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the compo... | E | |
| CVE-2022-43082 | A cross-site scripting (XSS) vulnerability in /fastfood/purchase.php of Fast Food Ordering System v1... | E | |
| CVE-2022-43083 | An arbitrary file upload vulnerability in admin-add-vehicle.php of Vehicle Booking System v1.0 allow... | E | |
| CVE-2022-43084 | A cross-site scripting (XSS) vulnerability in admin-add-vehicle.php of Vehicle Booking System v1.0 a... | E | |
| CVE-2022-43085 | An arbitrary file upload vulnerability in add_product.php of Restaurant POS System v1.0 allows attac... | E | |
| CVE-2022-43086 | Restaurant POS System v1.0 was discovered to contain a SQL injection vulnerability via update_custom... | E | |
| CVE-2022-43096 | Mediatrix 4102 before v48.5.2718 allows local attackers to gain root access via the UART port.... | E | |
| CVE-2022-43097 | Phpgurukul User Registration & User Management System v3.0 was discovered to contain multiple stored... | | |
| CVE-2022-43101 | Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the devName parameter in t... | E | |
| CVE-2022-43102 | Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the timeZone parameter in ... | E | |
| CVE-2022-43103 | Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the list parameter in the ... | E | |
| CVE-2022-43104 | Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the wpapsk_crypto paramete... | E | |
| CVE-2022-43105 | Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the shareSpeed parameter i... | E | |
| CVE-2022-43106 | Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the schedStartTime paramet... | E | |
| CVE-2022-43107 | Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the time parameter in the ... | E | |
| CVE-2022-43108 | Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the firewallEn parameter i... | E | |
| CVE-2022-43109 | D-Link DIR-823G v1.0.2 was found to contain a command injection vulnerability in the function SetNet... | E | |
| CVE-2022-43117 | Sourcecodester Password Storage Application in PHP/OOP and MySQL 1.0 was discovered to contain multi... | E | |
| CVE-2022-43118 | A cross-site scripting (XSS) vulnerability in flatCore-CMS v2.1.0 allows attackers to execute arbitr... | E | |
| CVE-2022-43119 | A cross-site scripting (XSS) vulnerability in Clansphere CMS v2011.4 allows attackers to execute arb... | E | |
| CVE-2022-43120 | A cross-site scripting (XSS) vulnerability in the /panel/fields/add component of Intelliants Subrion... | E | |
| CVE-2022-43121 | A cross-site scripting (XSS) vulnerability in the CMS Field Add page of Intelliants Subrion CMS v4.2... | E | |
| CVE-2022-43124 | Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability... | E | |
| CVE-2022-43125 | Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability... | E | |
| CVE-2022-43126 | Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability... | E | |
| CVE-2022-43127 | Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability... | E | |
| CVE-2022-43128 | Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2022-42245. Reason: This record is a du... | R | |
| CVE-2022-43135 | Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability... | E | |
| CVE-2022-43138 | Dolibarr Open Source ERP & CRM for Business before v14.0.1 allows attackers to escalate privileges v... | E | |
| CVE-2022-43140 | kkFileView v4.1.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component c... | E | |
| CVE-2022-43142 | A cross-site scripting (XSS) vulnerability in the add-fee.php component of Password Storage Applicat... | E | |
| CVE-2022-43143 | A cross-site scripting (XSS) vulnerability in Beekeeper Studio v3.6.6 allows attackers to execute ar... | E S | |
| CVE-2022-43144 | A cross-site scripting (XSS) vulnerability in Canteen Management System v1.0 allows attackers to exe... | E | |
| CVE-2022-43146 | An arbitrary file upload vulnerability in the image upload function of Canteen Management System v1.... | | |
| CVE-2022-43148 | rtf2html v0.2.0 was discovered to contain a heap overflow in the component /rtf2html/./rtf_tools.h.... | E | |
| CVE-2022-43151 | timg v1.4.4 was discovered to contain a memory leak via the function timg::QueryBackgroundColor() at... | E | |
| CVE-2022-43152 | tsMuxer v2.6.16 was discovered to contain a heap overflow via the function BitStreamWriter::flushBit... | E | |
| CVE-2022-43162 | Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability... | E | |
| CVE-2022-43163 | Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability... | E | |
| CVE-2022-43164 | A stored cross-site scripting (XSS) vulnerability in the Global Lists feature (/index.php?module=glo... | E | |
| CVE-2022-43165 | A stored cross-site scripting (XSS) vulnerability in the Global Variables feature (/index.php?module... | E | |
| CVE-2022-43166 | A stored cross-site scripting (XSS) vulnerability in the Global Entities feature (/index.php?module=... | E | |
| CVE-2022-43167 | A stored cross-site scripting (XSS) vulnerability in the Users Alerts feature (/index.php?module=use... | E | |
| CVE-2022-43168 | Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the reports_id parame... | E | |
| CVE-2022-43169 | A stored cross-site scripting (XSS) vulnerability in the Users Access Groups feature (/index.php?mod... | E | |
| CVE-2022-43170 | A stored cross-site scripting (XSS) vulnerability in the Dashboard Configuration feature (index.php?... | E | |
| CVE-2022-43171 | A heap buffer overflow in the LIEF::MachO::BinaryParser::parse_dyldinfo_generic_bind function of LIE... | E S | |
| CVE-2022-43179 | Online Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the ... | E | |
| CVE-2022-43183 | XXL-Job before v2.3.1 contains a Server-Side Request Forgery (SSRF) via the component /admin/control... | E | |
| CVE-2022-43184 | D-Link DIR878 1.30B08 Hotfix_04 was discovered to contain a command injection vulnerability via the ... | | |
| CVE-2022-43185 | A stored cross-site scripting (XSS) vulnerability in the Configuration/Holidays module of Rukovodite... | E | |
| CVE-2022-43192 | An arbitrary file upload vulnerability in the component /dede/file_manage_control.php of Dedecms v5.... | E | |
| CVE-2022-43196 | dedecmdv6 v6.1.9 is vulnerable to Arbitrary file deletion via file_manage_control.php.... | | |
| CVE-2022-43212 | Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the orderId ... | | |
| CVE-2022-43213 | Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id param... | | |
| CVE-2022-43214 | Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the orderId ... | | |
| CVE-2022-43215 | Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the endDate ... | | |
| CVE-2022-43216 | AbrhilSoft Employee's Portal before v5.6.2 was discovered to contain a SQL injection vulnerability i... | | |
| CVE-2022-43221 | open5gs v2.4.11 was discovered to contain a memory leak in the component src/upf/pfcp-path.c. This v... | E | |
| CVE-2022-43222 | open5gs v2.4.11 was discovered to contain a memory leak in the component src/smf/pfcp-path.c. This v... | E | |
| CVE-2022-43223 | open5gs v2.4.11 was discovered to contain a memory leak in the component ngap-handler.c. This vulner... | E | |
| CVE-2022-43226 | Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability... | E | |
| CVE-2022-43227 | Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability... | E | |
| CVE-2022-43228 | Barangay Management System v1.0 was discovered to contain a SQL injection vulnerability via the hidd... | E | |
| CVE-2022-43229 | Simple Cold Storage Management System v1.0 was discovered to contain a SQL injection vulnerability v... | E | |
| CVE-2022-43230 | Simple Cold Storage Management System v1.0 was discovered to contain a SQL injection vulnerability v... | E | |
| CVE-2022-43231 | Canteen Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via ... | E | |
| CVE-2022-43232 | Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the useri... | E | |
| CVE-2022-43233 | Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the useri... | E | |
| CVE-2022-43234 | An arbitrary file upload vulnerability in the /attachments component of Hoosk v1.8 allows attackers ... | E | |
| CVE-2022-43235 | Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_hevc_... | E | |
| CVE-2022-43236 | Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vulnerability via put_qpel_fallbac... | E | |
| CVE-2022-43237 | Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vulnerability via void put_epel_hv... | E | |
| CVE-2022-43238 | Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_qpel_h_3_v_3_sse in ... | E | |
| CVE-2022-43239 | Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via mc_chroma | E | |
| CVE-2022-43240 | Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_hevc_... | E | |
| CVE-2022-43241 | Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_qpel_v_3_8_sse in ss... | E | |
| CVE-2022-43242 | Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via mc_luma | E | |
| CVE-2022-43243 | Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_weigh... | E | |
| CVE-2022-43244 | Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_qpel_fallback... | E | |
| CVE-2022-43245 | Libde265 v1.0.8 was discovered to contain a segmentation violation via apply_sao_internal | E | |
| CVE-2022-43248 | Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_weighted_pred... | E | |
| CVE-2022-43249 | Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_epel_hv_fallb... | E | |
| CVE-2022-43250 | Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_qpel_0_0_fall... | E | |
| CVE-2022-43252 | Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_epel_16_fallb... | E | |
| CVE-2022-43253 | Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_unweighted_pr... | E | |
| CVE-2022-43254 | GPAC v2.1-DEV-rev368-gfd054169b-master was discovered to contain a memory leak via the component gf_... | E S | |
| CVE-2022-43255 | GPAC v2.1-DEV-rev368-gfd054169b-master was discovered to contain a memory leak via the component gf_... | E S | |
| CVE-2022-43256 | SeaCms before v12.6 was discovered to contain a SQL injection vulnerability via the component /js/pl... | E | |
| CVE-2022-43259 | Tenda AC15 V15.03.05.18 was discovered to contain a stack overflow via the timeZone parameter in the... | E | |
| CVE-2022-43260 | Tenda AC18 V15.03.05.19(6318) was discovered to contain a stack overflow via the time parameter in t... | E | |
| CVE-2022-43262 | Human Resource Management System v1.0 was discovered to contain a SQL injection vulnerability via th... | E | |
| CVE-2022-43263 | A cross-site scripting (XSS) vulnerability in Arobas Music Guitar Pro for iPad and iPhone before v1.... | E | |
| CVE-2022-43264 | Arobas Music Guitar Pro for iPad and iPhone before v1.10.2 allows attackers to perform directory tra... | E | |
| CVE-2022-43265 | An arbitrary file upload vulnerability in the component /pages/save_user.php of Canteen Management S... | | |
| CVE-2022-43271 | Inhabit Systems Pty Ltd Move CRM version 4, build 260 was discovered to contain a cross-site scripti... | | |
| CVE-2022-43272 | DCMTK v3.6.7 was discovered to contain a memory leak via the T_ASC_Association object.... | E S | |
| CVE-2022-43275 | Canteen Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via ... | E | |
| CVE-2022-43276 | Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the produ... | E | |
| CVE-2022-43277 | Canteen Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via ... | E | |
| CVE-2022-43278 | Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the categ... | E | |
| CVE-2022-43279 | LimeSurvey before v5.0.4 was discovered to contain a SQL injection vulnerability via the component /... | E | |
| CVE-2022-43280 | wasm-interp v1.0.29 was discovered to contain an out-of-bounds read via the component OnReturnCallEx... | E S | |
| CVE-2022-43281 | wasm-interp v1.0.29 was discovered to contain a heap overflow via the component std::vector | E S | |
| CVE-2022-43282 | wasm-interp v1.0.29 was discovered to contain an out-of-bounds read via the component OnReturnCallIn... | E S | |
| CVE-2022-43283 | wasm2c v1.0.29 was discovered to contain an abort in CWriter::Write.... | E | |
| CVE-2022-43284 | Nginx NJS v0.7.2 to v0.7.4 was discovered to contain a segmentation violation via njs_scope_valid_va... | E S | |
| CVE-2022-43285 | Nginx NJS v0.7.4 was discovered to contain a segmentation violation in njs_promise_reaction_job. NOT... | E S | |
| CVE-2022-43286 | Nginx NJS v0.7.2 was discovered to contain a heap-use-after-free bug caused by illegal memory copy i... | E S | |
| CVE-2022-43288 | Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the order_by paramete... | E | |
| CVE-2022-43289 | Deark v.1.6.2 was discovered to contain a stack overflow via the do_prism_read_palette() function at... | E | |
| CVE-2022-43290 | Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id pa... | E | |
| CVE-2022-43291 | Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id pa... | E | |
| CVE-2022-43292 | Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id pa... | E | |
| CVE-2022-43293 | Wacom Driver 6.3.46-1 for Windows was discovered to contain an arbitrary file write vulnerability vi... | E M | |
| CVE-2022-43294 | Tasmota before commit 066878da4d4762a9b6cb169fdf353e804d735cfd was discovered to contain a stack ove... | S | |
| CVE-2022-43295 | XPDF v4.04 was discovered to contain a stack overflow via the function FileStream::copy() at xpdf/St... | | |
| CVE-2022-43303 | The d8s-strings for python, as distributed on PyPI, included a potential code-execution backdoor ins... | | |
| CVE-2022-43304 | The d8s-timer for python, as distributed on PyPI, included a potential code-execution backdoor inser... | | |
| CVE-2022-43305 | The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inse... | | |
| CVE-2022-43306 | The d8s-timer for python, as distributed on PyPI, included a potential code-execution backdoor inser... | | |
| CVE-2022-43308 | INTELBRAS SG 2404 MR 20180928-rel64938 allows authenticated attackers to arbitrarily create Administ... | E | |
| CVE-2022-43309 | Supermicro X11SSL-CF HW Rev 1.01, BMC firmware v1.63 was discovered to contain insecure permissions.... | | |
| CVE-2022-43310 | An Uncontrolled Search Path Element in Foxit Software released Foxit Reader v11.2.118.51569 allows a... | | |
| CVE-2022-43317 | A cross-site scripting (XSS) vulnerability in /hrm/index.php?msg of Human Resource Management System... | E | |
| CVE-2022-43318 | Human Resource Management System v1.0 was discovered to contain a SQL injection vulnerability via th... | E | |
| CVE-2022-43319 | An information disclosure vulnerability in the component vcs/downloadFiles.php?download=./search.php... | E | |
| CVE-2022-43320 | FeehiCMS v2.1.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via t... | E | |
| CVE-2022-43321 | Shopwind v3.4.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in th... | E | |
| CVE-2022-43323 | EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Top Up... | E | |
| CVE-2022-43325 | An unauthenticated command injection vulnerability in the product license validation function of Tel... | E | |
| CVE-2022-43326 | An Insecure Direct Object Reference (IDOR) vulnerability in the password reset function of Telos All... | E | |
| CVE-2022-43328 | Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id pa... | | |
| CVE-2022-43329 | Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id pa... | | |
| CVE-2022-43330 | Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id pa... | | |
| CVE-2022-43331 | Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id pa... | | |
| CVE-2022-43332 | A cross-site scripting (XSS) vulnerability in Wondercms v3.3.4 allows attackers to execute arbitrary... | | |
| CVE-2022-43333 | Telenia Software s.r.l TVox before v22.0.17 was discovered to contain a remote code execution (RCE) ... | E | |
| CVE-2022-43340 | A Cross-Site Request Forgery (CSRF) in dzzoffice 2.02.1_SC_UTF8 allows attackers to arbitrarily crea... | E | |
| CVE-2022-43342 | A stored cross-site scripting (XSS) vulnerability in the Add function of Eramba GRC Software c2.8.1 ... | E | |
| CVE-2022-43343 | N-Prolog v1.91 was discovered to contain a global buffer overflow vulnerability in the function gett... | E | |
| CVE-2022-43350 | Sanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the ... | E | |
| CVE-2022-43351 | Sanitization Management System v1.0 was discovered to contain an arbitrary file deletion vulnerabili... | E | |
| CVE-2022-43352 | Sanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the ... | E | |
| CVE-2022-43353 | Sanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the ... | E | |
| CVE-2022-43354 | Sanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the ... | E | |
| CVE-2022-43355 | Sanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the ... | E | |
| CVE-2022-43357 | Stack overflow vulnerability in ast_selectors.cpp in function Sass::CompoundSelector::has_real_paren... | E | |
| CVE-2022-43358 | Stack overflow vulnerability in ast_selectors.cpp: in function Sass::ComplexSelector::has_placeholde... | E | |
| CVE-2022-43359 | Gifdec commit 1dcbae19363597314f6623010cc80abad4e47f7c was discovered to contain an out-of-bounds re... | E S | |
| CVE-2022-43361 | Senayan Library Management System v9.4.2 was discovered to contain a cross-site scripting (XSS) vuln... | E | |
| CVE-2022-43362 | Senayan Library Management System v9.4.2 was discovered to contain a SQL injection vulnerability via... | E | |
| CVE-2022-43363 | Telegram Web 15.3.1 allows XSS via a certain payload derived from a Target Corporation website. NOTE... | E | |
| CVE-2022-43364 | An access control issue in the password reset page of IP-COM EW9 V15.11.0.14(9732) allows unauthenti... | E | |
| CVE-2022-43365 | IP-COM EW9 V15.11.0.14(9732) was discovered to contain a buffer overflow in the formSetDebugCfg func... | E | |
| CVE-2022-43366 | IP-COM EW9 V15.11.0.14(9732) allows unauthenticated attackers to access sensitive information via th... | E | |
| CVE-2022-43367 | IP-COM EW9 V15.11.0.14(9732) was discovered to contain a command injection vulnerability in the form... | E | |
| CVE-2022-43369 | AutoTaxi Stand Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnera... | | |
| CVE-2022-43372 | Emlog Pro v1.7.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability at /... | E | |
| CVE-2022-43375 | Rejected reason: This CVE ID was unused by the CNA.... | R | |
| CVE-2022-43376 | A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vu... | S | |
| CVE-2022-43377 | A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that ... | S | |
| CVE-2022-43378 | A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that co... | S | |
| CVE-2022-43380 | IBM AIX denial of service | S | |
| CVE-2022-43381 | IBM AIX denial of service | S | |
| CVE-2022-43382 | IBM AIX denial of service | S | |
| CVE-2022-43384 | IBM Aspera Console cross-site scripting | | |
| CVE-2022-43389 | A buffer overflow vulnerability in the library of the web server in Zyxel NR7101 firmware prior to V... | | |
| CVE-2022-43390 | A command injection vulnerability in the CGI program of Zyxel NR7101 firmware prior to V1.15(ACCC.3)... | | |
| CVE-2022-43391 | A buffer overflow vulnerability in the parameter of the CGI program in Zyxel NR7101 firmware prior t... | | |
| CVE-2022-43392 | A buffer overflow vulnerability in the parameter of web server in Zyxel NR7101 firmware prior to V1.... | | |
| CVE-2022-43393 | An improper check for unusual or exceptional conditions in the HTTP request processing function of Z... | | |
| CVE-2022-43396 | Apache Kylin: Command injection by Useless configuration | S | |
| CVE-2022-43397 | A vulnerability has been identified in Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (... | S | |
| CVE-2022-43398 | A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.50), POWER METER SI... | S | |
| CVE-2022-43399 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2022-43400 | A vulnerability has been identified in Siveillance Video Mobile Server V2022 R2 (All versions < V22.... | | |
| CVE-2022-43401 | A sandbox bypass vulnerability involving various casts performed implicitly by the Groovy language r... | | |
| CVE-2022-43402 | A sandbox bypass vulnerability involving various casts performed implicitly by the Groovy language r... | | |
| CVE-2022-43403 | A sandbox bypass vulnerability involving casting an array-like value to an array type in Jenkins Scr... | | |
| CVE-2022-43404 | A sandbox bypass vulnerability involving crafted constructor bodies and calls to sandbox-generated s... | | |
| CVE-2022-43405 | A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Libraries Plugin 612.v84da_9c54906d and e... | | |
| CVE-2022-43406 | A sandbox bypass vulnerability in Jenkins Pipeline: Deprecated Groovy Libraries Plugin 583.vf3b_454e... | | |
| CVE-2022-43407 | Jenkins Pipeline: Input Step Plugin 451.vf1a_a_4f405289 and earlier does not restrict or sanitize th... | | |
| CVE-2022-43408 | Jenkins Pipeline: Stage View Plugin 2.26 and earlier does not correctly encode the ID of 'input' ste... | | |
| CVE-2022-43409 | Jenkins Pipeline: Supporting APIs Plugin 838.va_3a_087b_4055b and earlier does not sanitize or prope... | | |
| CVE-2022-43410 | Jenkins Mercurial Plugin 1251.va_b_121f184902 and earlier provides information about which jobs were... | | |
| CVE-2022-43411 | Jenkins GitLab Plugin 1.5.35 and earlier uses a non-constant time comparison function when checking ... | | |
| CVE-2022-43412 | Jenkins Generic Webhook Trigger Plugin 1.84.1 and earlier uses a non-constant time comparison functi... | | |
| CVE-2022-43413 | Jenkins Job Import Plugin 3.5 and earlier does not perform a permission check in an HTTP endpoint, a... | | |
| CVE-2022-43414 | Jenkins NUnit Plugin 0.27 and earlier implements an agent-to-controller message that parses files in... | | |
| CVE-2022-43415 | Jenkins REPO Plugin 1.15.0 and earlier does not configure its XML parser to prevent XML external ent... | | |
| CVE-2022-43416 | Jenkins Katalon Plugin 1.0.32 and earlier implements an agent/controller message that does not limit... | | |
| CVE-2022-43417 | Jenkins Katalon Plugin 1.0.32 and earlier does not perform permission checks in several HTTP endpoin... | | |
| CVE-2022-43418 | A cross-site request forgery (CSRF) vulnerability in Jenkins Katalon Plugin 1.0.33 and earlier allow... | | |
| CVE-2022-43419 | Jenkins Katalon Plugin 1.0.32 and earlier stores API keys unencrypted in job config.xml files on the... | | |
| CVE-2022-43420 | Jenkins Contrast Continuous Application Security Plugin 3.9 and earlier does not escape data returne... | | |
| CVE-2022-43421 | A missing permission check in Jenkins Tuleap Git Branch Source Plugin 3.2.4 and earlier allows unaut... | | |
| CVE-2022-43422 | Jenkins Compuware Topaz Utilities Plugin 1.0.8 and earlier implements an agent/controller message th... | | |
| CVE-2022-43423 | Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier implemen... | | |
| CVE-2022-43424 | Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier implements an agent/controller mes... | | |
| CVE-2022-43425 | Jenkins Custom Checkbox Parameter Plugin 1.4 and earlier does not escape the name and description of... | | |
| CVE-2022-43426 | Jenkins S3 Explorer Plugin 1.0.8 and earlier does not mask the AWS_SECRET_ACCESS_KEY form field, inc... | | |
| CVE-2022-43427 | Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier does not perform permission checks i... | | |
| CVE-2022-43428 | Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller messa... | | |
| CVE-2022-43429 | Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller messa... | | |
| CVE-2022-43430 | Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier does not configure its XML parser to... | | |
| CVE-2022-43431 | Jenkins Compuware Strobe Measurement Plugin 1.0.1 and earlier does not perform a permission check in... | | |
| CVE-2022-43432 | Jenkins XFramium Builder Plugin 1.0.22 and earlier programmatically disables Content-Security-Policy... | | |
| CVE-2022-43433 | Jenkins ScreenRecorder Plugin 0.7 and earlier programmatically disables Content-Security-Policy prot... | | |
| CVE-2022-43434 | Jenkins NeuVector Vulnerability Scanner Plugin 1.20 and earlier programmatically disables Content-Se... | | |
| CVE-2022-43435 | Jenkins 360 FireLine Plugin 1.7.2 and earlier programmatically disables Content-Security-Policy prot... | | |
| CVE-2022-43436 | HWA JIUH DIGITAL TECHNOLOGY LTD. EasyTest - Arbitrary File Upload | S | |
| CVE-2022-43437 | HWA JIUH DIGITAL TECHNOLOGY LTD. EasyTest - SQL Injection | S | |
| CVE-2022-43438 | HWA JIUH DIGITAL TECHNOLOGY LTD. EasyTest - Incorrect Authorization | S | |
| CVE-2022-43439 | A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.50), POWER METER SI... | S | |
| CVE-2022-43440 | Privilege escalation via manipulated unixcat executable | | |
| CVE-2022-43441 | A code execution vulnerability exists in the Statement Bindings functionality of Ghost Foundation no... | E | |
| CVE-2022-43442 | Plaintext storage of a password vulnerability exists in +F FS040U software versions v2.3.4 and earli... | | |
| CVE-2022-43443 | OS command injection vulnerability in Buffalo network devices allows an network-adjacent attacker to... | | |
| CVE-2022-43444 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-43446 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-43447 | Delta Electronics DIAEnergie SQL Injection | S | |
| CVE-2022-43448 | Out-of-bounds write vulnerability in V-SFT v6.1.7.0 and earlier and TELLUS v4.0.12.0 and earlier all... | | |
| CVE-2022-43449 | Arbitrary file read via download_server. | S | |
| CVE-2022-43450 | WordPress Stream Plugin <= 3.9.2 is vulnerable to Insecure Direct Object References (IDOR) | S | |
| CVE-2022-43451 | Multiple path traversal in appspawn and nwebspawn services. | S | |
| CVE-2022-43452 | Delta Electronics DIAEnergie SQL Injection | S | |
| CVE-2022-43453 | WordPress WP Tools plugin <= 3.41 - Auth. Broken Access Control vulnerability | S | |
| CVE-2022-43454 | A double free issue was addressed with improved memory management. This issue is fixed in macOS Vent... | | |
| CVE-2022-43455 | CVE-2022-43455 | S | |
| CVE-2022-43456 | Uncontrolled search path in some Intel(R) RST software before versions 16.8.5.1014.5, 17.11.3.1010.2... | | |
| CVE-2022-43457 | Delta Electronics DIAEnergie SQL Injection | S | |
| CVE-2022-43458 | WordPress Advanced Floating Content Plugin <= 1.2.1 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2022-43459 | WordPress Forms by CaptainForm Plugin <= 2.5.3 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2022-43460 | Driver Distributor v2.2.3.1 and earlier contains a vulnerability where passwords are stored in a rec... | | |
| CVE-2022-43461 | WordPress Slideshow SE Plugin <= 2.5.5 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2022-43462 | WordPress IP Blacklist Cloud Plugin <= 5.00 is vulnerable to SQL Injection (SQLi) vulnerability | | |
| CVE-2022-43463 | WordPress Custom Product Tabs for WooCommerce plugin <= 1.7.9 - Auth. Stored Cross-Site Scripting (XSS) vulnerability | S | |
| CVE-2022-43464 | Hidden functionality vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71x10.1.107... | | |
| CVE-2022-43465 | Improper authorization in the Intel(R) SCS software all versions may allow an authenticated user to ... | | |
| CVE-2022-43466 | OS command injection vulnerability in Buffalo network devices allows a network-adjacent attacker wit... | | |
| CVE-2022-43467 | An out-of-bounds write vulnerability exists in the PQS format coord_file functionality of Open Babel... | E | |
| CVE-2022-43468 | External initialization of trusted variables or data stores vulnerability exists in WordPress Popula... | | |
| CVE-2022-43469 | WordPress Corona Virus (COVID-19) Banner & Live Data Plugin <= 1.7.0.6 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2022-43470 | Cross-site request forgery (CSRF) vulnerability in +F FS040U software versions v2.3.4 and earlier, +... | | |
| CVE-2022-43472 | WordPress eRoom plugin <= 1.4.6 - Broken Access Control vulnerability | S | |
| CVE-2022-43473 | A blind XML External Entity (XXE) vulnerability exists in the Add UCS Device functionality of Manage... | E S | |
| CVE-2022-43474 | Uncontrolled search path for the DSP Builder software installer before version 22.4 for Intel(R) FPG... | | |
| CVE-2022-43475 | Insecure storage of sensitive information in the Intel(R) DCM software before version 5.1 may allow ... | S | |
| CVE-2022-43476 | WordPress Subscribe to Category Plugin <= 2.7.4 is vulnerable to Broken Access Control | | |
| CVE-2022-43477 | Incomplete cleanup for some Intel Unison software may allow an authenticated user to potentially ena... | | |
| CVE-2022-43479 | Open redirect vulnerability in SHIRASAGI v1.14.4 to v1.15.0 allows a remote unauthenticated attacker... | E | |
| CVE-2022-43480 | WordPress Homepage Pop-up Plugin <= 1.2.5 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2022-43481 | WordPress Advanced Coupons for WooCommerce Coupons plugin <= 4.5 - Cross-Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2022-43482 | WordPress Appointment Booking Calendar plugin <= 1.3.69 - Missing Authorization vulnerability | S | |
| CVE-2022-43483 | CVE-2022-43483 | S | |
| CVE-2022-43484 | TERASOLUNA Global Framework 1.0.0 (Public review version) and TERASOLUNA Server Framework for Java (... | E M | |
| CVE-2022-43485 | Insecure random number used for generating keys for signing Jwt tokens | | |
| CVE-2022-43486 | Hidden functionality vulnerability in Buffalo network devices allows a network-adjacent attacker wit... | | |
| CVE-2022-43487 | Cross-site scripting vulnerability in Salon booking system versions prior to 7.9 allows a remote una... | | |
| CVE-2022-43488 | WordPress Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.5 - Cross-Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2022-43490 | WordPress Stream Plugin <= 3.9.2 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2022-43491 | WordPress Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.5 - Cross-Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2022-43492 | WordPress Comments – wpDiscuz plugin 7.4.2 - Auth. Insecure Direct Object References (IDOR) vulnerability | S | |
| CVE-2022-43493 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-43494 | An unauthorized user could be able to read any file on the system, potentially exposing sensitive ... | S | |
| CVE-2022-43495 | An abnormal packet recieved when distributedhardware_device_manager joining a network could cause a device reboot. | S | |
| CVE-2022-43496 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-43497 | Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthentica... | | |
| CVE-2022-43498 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-43499 | Stored cross-site scripting vulnerability in SHIRASAGI versions prior to v1.16.2 allows a remote aut... | E S | |
| CVE-2022-43500 | Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthentica... | S | |
| CVE-2022-43501 | KASAGO TCP/IP stack provided by Zuken Elmic generates ISNs(Initial Sequence Number) for TCP connecti... | | |
| CVE-2022-43502 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-43503 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2022-43504 | Improper authentication vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthent... | S | |
| CVE-2022-43505 | Insufficient control flow management in the BIOS firmware for some Intel(R) Processors may allow a p... | | |
| CVE-2022-43506 | Delta Electronics DIAEnergie SQL Injection | S | |
| CVE-2022-43507 | Improper buffer restrictions in the Intel(R) QAT Engine for OpenSSL before version 0.6.16 may allow ... | | |
| CVE-2022-43508 | Use-after free vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to informati... | | |
| CVE-2022-43509 | Out-of-bounds write vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to info... | | |
| CVE-2022-43510 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-43511 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-43512 | CVE-2022-43512 | | |
| CVE-2022-43513 | A vulnerability has been identified in Automation License Manager V5 (All versions), Automation Lice... | | |
| CVE-2022-43514 | A vulnerability has been identified in Automation License Manager V5 (All versions), Automation Lice... | | |
| CVE-2022-43515 | X-Forwarded-For header is active by default causes access to Zabbix sites in maintenance mode | E S | |
| CVE-2022-43516 | Zabbix Agent installer adds “allow all TCP any any” firewall rule | E S | |
| CVE-2022-43517 | A vulnerability has been identified in Simcenter STAR-CCM+ (All versions < V2306). The affected appl... | | |
| CVE-2022-43518 | An authenticated path traversal vulnerability exists in the Aruba EdgeConnect Enterprise web interfa... | | |
| CVE-2022-43519 | Multiple vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orche... | M | |
| CVE-2022-43520 | Multiple vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orche... | M | |
| CVE-2022-43521 | Multiple vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orche... | M | |
| CVE-2022-43522 | Multiple vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orche... | M | |
| CVE-2022-43523 | Multiple vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orche... | M | |
| CVE-2022-43524 | A vulnerability in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator c... | M | |
| CVE-2022-43525 | Multiple vulnerabilities within the web-based management interface of Aruba EdgeConnect Enterprise O... | M | |
| CVE-2022-43526 | Multiple vulnerabilities within the web-based management interface of Aruba EdgeConnect Enterprise O... | M | |
| CVE-2022-43527 | Multiple vulnerabilities within the web-based management interface of Aruba EdgeConnect Enterprise O... | M | |
| CVE-2022-43528 | Under certain configurations, an attacker can login to Aruba EdgeConnect Enterprise Orchestrator wit... | M | |
| CVE-2022-43529 | A vulnerability in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator c... | M | |
| CVE-2022-43530 | Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an aut... | | |
| CVE-2022-43531 | Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an au... | | |
| CVE-2022-43532 | A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an au... | | |
| CVE-2022-43533 | A vulnerability in the ClearPass OnGuard macOS agent could allow malicious users on a macOS instanc... | | |
| CVE-2022-43534 | A vulnerability in the ClearPass OnGuard Linux agent could allow malicious users on a Linux instance... | | |
| CVE-2022-43535 | A vulnerability in the ClearPass OnGuard Windows agent could allow malicious users on a Windows inst... | | |
| CVE-2022-43536 | Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenti... | | |
| CVE-2022-43537 | Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenti... | | |
| CVE-2022-43538 | Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenti... | | |
| CVE-2022-43539 | A vulnerability exists in the ClearPass Policy Manager cluster communications that allow for an att... | | |
| CVE-2022-43540 | A vulnerability exists in the ClearPass OnGuard macOS agent that allows for an attacker with local m... | | |
| CVE-2022-43541 | Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticate... | | |
| CVE-2022-43542 | Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticate... | | |
| CVE-2022-43543 | KDDI +Message App, NTT DOCOMO +Message App, and SoftBank +Message App contain a vulnerability caused... | | |
| CVE-2022-43545 | A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.50), POWER METER SI... | S | |
| CVE-2022-43546 | A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.50), POWER METER SI... | S | |
| CVE-2022-43548 | A OS Command Injection vulnerability exists in Node.js versions <14.21.1, <16.18.1, <18.12.1, <19.0.... | S | |
| CVE-2022-43549 | Improper authentication in Veeam Backup for Google Cloud v1.0 and v3.0 allows attackers to bypass au... | | |
| CVE-2022-43550 | A command injection vulnerability exists in Jitsi before commit 8aa7be58522f4264078d54752aae5483bfd8... | S | |
| CVE-2022-43551 | A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using H... | E | |
| CVE-2022-43552 | A use after free vulnerability exists in curl <7.87.0. Curl can be asked to *tunnel* virtually all p... | E | |
| CVE-2022-43553 | A remote code execution vulnerability in EdgeRouters (Version 2.0.9-hotfix.4 and earlier) allows a m... | | |
| CVE-2022-43554 | Ivanti Avalanche Smart Device Service Missing Authentication Local Privilege Escalation Vulnerabilit... | | |
| CVE-2022-43555 | Ivanti Avalanche Printer Device Service Missing Authentication Local Privilege Escalation Vulnerabil... | | |
| CVE-2022-43556 | Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to XSS in t... | | |
| CVE-2022-43557 | BD BodyGuard™ Pumps – RS-232 Interface Vulnerability | M | |
| CVE-2022-43561 | Persistent Cross-Site Scripting in “Save Table” Dialog in Splunk Enterprise | E M | |
| CVE-2022-43562 | Host Header Injection in Splunk Enterprise | | |
| CVE-2022-43563 | Risky command safeguards bypass via rex search command field names in Splunk Enterprise | | |
| CVE-2022-43564 | Denial of Service in Splunk Enterprise through search macros | | |
| CVE-2022-43565 | Risky command safeguards bypass via ‘tstats command JSON in Splunk Enterprise | | |
| CVE-2022-43566 | Risky command safeguards bypass via Search ID query in Analytics Workspace in Splunk Enterprise | E | |
| CVE-2022-43567 | Remote Code Execution via the Splunk Secure Gateway application Mobile Alerts feature | E | |
| CVE-2022-43568 | Reflected Cross-Site Scripting via the radio template in Splunk Enterprise | E | |
| CVE-2022-43569 | Persistent Cross-Site Scripting via a Data Model object name in Splunk Enterprise | E | |
| CVE-2022-43570 | XML External Entity Injection through a custom View in Splunk Enterprise | | |
| CVE-2022-43571 | Remote Code Execution through dashboard PDF generation component in Splunk Enterprise | E | |
| CVE-2022-43572 | Indexing blockage via malformed data sent through S2S or HEC protocols in Splunk Enterprise | | |
| CVE-2022-43573 | IBM Robotic Process Automation information disclosure | S | |
| CVE-2022-43574 | "IBM Robotic Process Automation 21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5 is vulnerable to incorrec... | S | |
| CVE-2022-43575 | IBM Aspera Console cross-site scripting | | |
| CVE-2022-43578 | IBM Sterling B2B Integrator Standard Edition cross-site scripting | S | |
| CVE-2022-43579 | IBM Sterling B2B Integrator Standard Edition cross-site scripting | S | |
| CVE-2022-43581 | IBM Content Navigator code execution | S | |
| CVE-2022-43583 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2022-43584 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2022-43585 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2022-43586 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2022-43587 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2022-43588 | A null pointer dereference vulnerability exists in the handle_ioctl_83150 functionality of Callback ... | E | |
| CVE-2022-43589 | A null pointer dereference vulnerability exists in the handle_ioctl_8314C functionality of Callback ... | E | |
| CVE-2022-43590 | A null pointer dereference vulnerability exists in the handle_ioctl_0x830a0_systembuffer functionali... | E | |
| CVE-2022-43591 | A buffer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A spe... | E | |
| CVE-2022-43592 | An information disclosure vulnerability exists in the DPXOutput::close() functionality of OpenImageI... | E | |
| CVE-2022-43593 | A denial of service vulnerability exists in the DPXOutput::close() functionality of OpenImageIO Proj... | E | |
| CVE-2022-43594 | Multiple denial of service vulnerabilities exist in the image output closing functionality of OpenIm... | E | |
| CVE-2022-43595 | Multiple denial of service vulnerabilities exist in the image output closing functionality of OpenIm... | E | |
| CVE-2022-43596 | An information disclosure vulnerability exists in the IFFOutput channel interleaving functionality o... | E | |
| CVE-2022-43597 | Multiple memory corruption vulnerabilities exist in the IFFOutput alignment padding functionality of... | E | |
| CVE-2022-43598 | Multiple memory corruption vulnerabilities exist in the IFFOutput alignment padding functionality of... | E | |
| CVE-2022-43599 | Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO... | E | |
| CVE-2022-43600 | Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO... | E | |
| CVE-2022-43601 | Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO... | E | |
| CVE-2022-43602 | Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO... | E | |
| CVE-2022-43603 | A denial of service vulnerability exists in the ZfileOutput::close() functionality of OpenImageIO Pr... | E | |
| CVE-2022-43604 | An out-of-bounds write vulnerability exists in the GetAttributeList attribute_count_request function... | E | |
| CVE-2022-43605 | An out-of-bounds write vulnerability exists in the SetAttributeList attribute_count_request function... | E | |
| CVE-2022-43606 | A use-of-uninitialized-pointer vulnerability exists in the Forward Open connection_management_entry ... | E | |
| CVE-2022-43607 | An out-of-bounds write vulnerability exists in the MOL2 format attribute and value functionality of ... | E | |
| CVE-2022-43608 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat... | | |
| CVE-2022-43609 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ir... | | |
| CVE-2022-43610 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2022-43611 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2022-43612 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2022-43613 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Co... | | |
| CVE-2022-43614 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Co... | | |
| CVE-2022-43615 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2022-43616 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Co... | | |
| CVE-2022-43617 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Co... | | |
| CVE-2022-43618 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Co... | | |
| CVE-2022-43619 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat... | S | |
| CVE-2022-43620 | This vulnerability allows network-adjacent attackers to bypass authentication on affected installati... | S | |
| CVE-2022-43621 | This vulnerability allows network-adjacent attackers to bypass authentication on affected installati... | S | |
| CVE-2022-43622 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat... | S | |
| CVE-2022-43623 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat... | S | |
| CVE-2022-43624 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat... | S | |
| CVE-2022-43625 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat... | S | |
| CVE-2022-43626 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat... | S | |
| CVE-2022-43627 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat... | S | |
| CVE-2022-43628 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat... | S | |
| CVE-2022-43629 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat... | S | |
| CVE-2022-43630 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat... | S | |
| CVE-2022-43631 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat... | S | |
| CVE-2022-43632 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat... | S | |
| CVE-2022-43633 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat... | S | |
| CVE-2022-43634 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ne... | S | |
| CVE-2022-43635 | This vulnerability allows network-adjacent attackers to disclose sensitive information on affected i... | | |
| CVE-2022-43636 | This vulnerability allows network-adjacent attackers to bypass authentication on affected installati... | | |
| CVE-2022-43637 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo... | | |
| CVE-2022-43638 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo... | | |
| CVE-2022-43639 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo... | | |
| CVE-2022-43640 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2022-43641 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2022-43642 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat... | S | |
| CVE-2022-43643 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat... | S | |
| CVE-2022-43644 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat... | S | |
| CVE-2022-43645 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat... | S | |
| CVE-2022-43646 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat... | S | |
| CVE-2022-43647 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat... | S | |
| CVE-2022-43648 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat... | S | |
| CVE-2022-43649 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo... | | |
| CVE-2022-43650 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2022-43651 | Bentley View SKP File Parsing Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2022-43652 | Bentley View SKP File Parsing Use-After-Free Information Disclosure Vulnerability | | |
| CVE-2022-43653 | Bentley View SKP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2022-43654 | NETGEAR CAX30S SSO Command Injection Remote Code Execution Vulnerability | | |
| CVE-2022-43655 | Bentley View FBX File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2022-43656 | Bentley View FBX File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2022-43659 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-43660 | Improper neutralization of Server-Side Includes (SSW) within a web page in Movable Type series allow... | | |
| CVE-2022-43661 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-43662 | Kernel subsystem in kernel_liteos_a has a kernel stack overflow vulnerability when call SysTimerGettime. | | |
| CVE-2022-43663 | An integer conversion vulnerability exists in the SORBAx64.dll RecvPacket functionality of WellinTec... | E | |
| CVE-2022-43664 | A use-after-free vulnerability exists within the way Ichitaro Word Processor 2022, version 1.0.1.576... | E | |
| CVE-2022-43665 | A denial of service vulnerability exists in the malware scan functionality of ESTsoft Alyac 2.5.8.64... | E | |
| CVE-2022-43666 | Exposure of sensitive system information due to uncleared debug information for some Intel Unison so... | | |
| CVE-2022-43667 | Stack-based buffer overflow vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead... | | |
| CVE-2022-43668 | Typora versions prior to 1.4.4 fails to properly neutralize JavaScript code, which may result in exe... | S | |
| CVE-2022-43669 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-43670 | XSS in Sling CMS Reference App Taxonomy Path | M | |
| CVE-2022-43671 | Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus bef... | | |
| CVE-2022-43672 | Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus bef... | | |
| CVE-2022-43673 | Wire through 3.22.3993 on Windows advertises deletion of sent messages; nonetheless, all messages ca... | E | |
| CVE-2022-43675 | An issue was discovered in NOKIA NFM-T R19.9. Reflected XSS in the Network Element Manager exists vi... | E | |
| CVE-2022-43677 | In free5GC 3.2.1, a malformed NGAP message can crash the AMF and NGAP decoders via an index-out-of-r... | E | |
| CVE-2022-43679 | The Docker image of ownCloud Server through 10.11 contains a misconfiguration that renders the trust... | | |
| CVE-2022-43680 | In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD... | E S | |
| CVE-2022-43681 | An out-of-bounds read exists in the BGP daemon of FRRouting FRR through 8.4. When sending a malforme... | | |
| CVE-2022-43684 | ACL bypass in Reporting functionality | | |
| CVE-2022-43685 | CKAN through 2.9.6 account takeovers by unauthenticated users when an existing user id is sent via a... | | |
| CVE-2022-43686 | In Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2, the authTypeConcreteC... | S | |
| CVE-2022-43687 | Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 does not issue a new sess... | | |
| CVE-2022-43688 | Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Stored C... | | |
| CVE-2022-43689 | Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to XXE base... | | |
| CVE-2022-43690 | Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 did not use strict compar... | | |
| CVE-2022-43691 | Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 inadvertently disclose se... | | |
| CVE-2022-43692 | Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflecte... | S | |
| CVE-2022-43693 | Concrete CMS is vulnerable to CSRF due to the lack of "State" parameter for external Concrete authen... | S | |
| CVE-2022-43694 | Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflecte... | S | |
| CVE-2022-43695 | Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Stored C... | | |
| CVE-2022-43696 | OX App Suite before 7.10.6-rev20 allows XSS via upsell ads.... | | |
| CVE-2022-43697 | OX App Suite before 7.10.6-rev30 allows XSS via an activity tracking adapter defined by jslob.... | | |
| CVE-2022-43698 | OX App Suite before 7.10.6-rev30 allows SSRF because changing a POP3 account disregards the deny-lis... | | |
| CVE-2022-43699 | OX App Suite before 7.10.6-rev30 allows SSRF because e-mail account discovery disregards the deny-li... | | |
| CVE-2022-43701 | Insecure directory permissions on installer files | | |
| CVE-2022-43702 | Incomplete verification of installation file signature | | |
| CVE-2022-43703 | Incomplete verification of installation file signature | | |
| CVE-2022-43704 | The Sinilink XY-WFT1 WiFi Remote Thermostat, running firmware 1.3.6, allows an attacker to bypass th... | E | |
| CVE-2022-43705 | In Botan before 2.19.3, it is possible to forge OCSP responses due to a certificate verification err... | M | |
| CVE-2022-43706 | Cross-site scripting (XSS) vulnerability in the Web UI of StackStorm versions prior to 3.8.0 allowed... | | |
| CVE-2022-43707 | MyBB 1.8.31 has a Cross-site scripting (XSS) vulnerability in the visual MyCode editor (SCEditor) al... | S | |
| CVE-2022-43708 | MyBB 1.8.31 has a (issue 2 of 2) cross-site scripting (XSS) vulnerabilities in the post Attachments ... | S | |
| CVE-2022-43709 | MyBB 1.8.31 has a SQL injection vulnerability in the Admin CP's Users module allows remote authentic... | S | |
| CVE-2022-43710 | Interactive Forms (IAF) in GX Software XperienCentral versions 10.31.0 until 10.33.0 was vulnerable ... | | |
| CVE-2022-43711 | Interactive Forms (IAF) in GX Software XperienCentral versions 10.29.1 until 10.33.0 was vulnerable ... | | |
| CVE-2022-43712 | POST requests to /web/mvc in GX Software XperienCentral version 10.36.0 and earlier were not blocked... | | |
| CVE-2022-43713 | Interactive Forms (IAF) in GX Software XperienCentral versions 10.33.1 until 10.35.0 was vulnerable ... | | |
| CVE-2022-43716 | A vulnerability has been identified in SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0) (All versions < V3.... | | |
| CVE-2022-43717 | Apache Superset: Cross-Site Scripting on dashboards | | |
| CVE-2022-43718 | Apache Superset: Cross-Site Scripting vulnerability on upload forms | | |
| CVE-2022-43719 | Apache Superset: Cross Site Request Forgery (CSRF) on accept, request access API | | |
| CVE-2022-43720 | Apache Superset: Improper rendering of user input | | |
| CVE-2022-43721 | Apache Superset: Open Redirect Vulnerability | | |
| CVE-2022-43722 | A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0). Affected software does n... | S | |
| CVE-2022-43723 | A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0), SICAM PAS/PQS (All versi... | S | |
| CVE-2022-43724 | A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0). Affected software transm... | S | |
| CVE-2022-43740 | IBM Security Verify Access denial of service | S | |
| CVE-2022-43747 | baramundi Management Agent (bMA) in baramundi Management Suite (bMS) 2021 R1 and R2 and 2022 R1 allo... | | |
| CVE-2022-43748 | Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in file... | | |
| CVE-2022-43749 | Improper privilege management vulnerability in summary report management in Synology Presto File Ser... | | |
| CVE-2022-43750 | drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a... | S | |
| CVE-2022-43751 | McAfee Total Protection prior to version 16.0.49 contains an uncontrolled search path element vulner... | | |
| CVE-2022-43752 | Oracle Solaris version 10 1/13, when using the Common Desktop Environment (CDE), is vulnerable to a ... | E | |
| CVE-2022-43753 | SUMA/UYUNI arbitrary file disclosure vulnerability in ScapResultDownload | E | |
| CVE-2022-43754 | SUMA/UYUNI reflected cross site scripting in /rhn/audit/scap/Search.do | | |
| CVE-2022-43755 | Rancher: Non-random authentication token | S | |
| CVE-2022-43756 | Rancher/Wrangler: Denial of service when processing Git credentials | M | |
| CVE-2022-43757 | Rancher: Exposure of sensitive fields | E | |
| CVE-2022-43758 | Rancher: Command injection in Git package | | |
| CVE-2022-43759 | Rancher: Privilege escalation via promoted roles | E | |
| CVE-2022-43760 | An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerabilit... | | |
| CVE-2022-43761 | Lack of authentication when managing APROL database | | |
| CVE-2022-43762 | Memory leak when receiving messages in APROL Tbase server | | |
| CVE-2022-43763 | Lack of checking preconditions in APROL | | |
| CVE-2022-43764 | Buffer overflow when changing configuration on Tbase Server | | |
| CVE-2022-43765 | DoS in APROLs Tbase server | | |
| CVE-2022-43766 | Apache IoTDB prior to 0.13.3 allows DoS | | |
| CVE-2022-43767 | A vulnerability has been identified in SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0) (All versions < V3.... | | |
| CVE-2022-43768 | A vulnerability has been identified in SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0) (All versions < V3.... | | |
| CVE-2022-43769 | Hitachi Vantara Pentaho Business Analytics Server - Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) | KEV E | |
| CVE-2022-43770 | Hitachi Vantara Pentaho Business Analytics Server - Incorrect Authorization | | |
| CVE-2022-43771 | Hitachi Vantara Pentaho Business Analytics Server - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | | |
| CVE-2022-43772 | Hitachi Vantara Pentaho Business Analytics Server - Insertion of Sensitive Information into Log File | | |
| CVE-2022-43773 | Hitachi Vantara Pentaho Business Analytics Server - Incorrect Permission Assignment for Critical Resource | | |
| CVE-2022-43774 | The HandlerPageP_KID class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that co... | | |
| CVE-2022-43775 | The HICT_Loop class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could all... | | |
| CVE-2022-43776 | The url parameter of the /api/geojson endpoint in Metabase versions <44.5 can be used to perform Ser... | E | |
| CVE-2022-43777 | Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS ... | | |
| CVE-2022-43778 | Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS ... | E | |
| CVE-2022-43779 | A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in certain HP PC... | S | |
| CVE-2022-43780 | Certain HP ENVY, OfficeJet, and DeskJet printers may be vulnerable to a Denial of Service attack.... | | |
| CVE-2022-43781 | There is a command injection vulnerability using environment variables in Bitbucket Server and Data ... | S | |
| CVE-2022-43782 | Affected versions of Atlassian Crowd allow an attacker to authenticate as the crowd application via ... | S | |
| CVE-2022-43783 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2022-43784 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2022-43785 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2022-43786 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2022-43787 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2022-43788 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2022-43789 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2022-43790 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2022-43791 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2022-43792 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2022-43793 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2022-43794 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2022-43795 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2022-43796 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2022-43797 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2022-43798 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2022-43799 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2022-43800 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2022-43801 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2022-43802 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2022-43803 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2022-43804 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2022-43805 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2022-43806 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2022-43807 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2022-43808 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2022-43809 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2022-43810 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2022-43811 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2022-43812 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2022-43813 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2022-43814 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2022-43815 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2022-43816 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2022-43817 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2022-43818 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2022-43819 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2022-43820 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2022-43821 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2022-43822 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2022-43823 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2022-43824 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2022-43825 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2022-43826 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2022-43827 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2022-43828 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2022-43829 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2022-43830 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2022-43831 | IBM Spectrum Scale privilege escalation | | |
| CVE-2022-43840 | IBM Aspera Console XPath injection | | |
| CVE-2022-43841 | IBM Aspera Console information disclosure | | |
| CVE-2022-43842 | IBM Aspera Console SQL injection | | |
| CVE-2022-43843 | IBM Spectrum Scale information disclosure | | |
| CVE-2022-43844 | IBM Robotic Process Automation for Cloud Pak session fixation | S | |
| CVE-2022-43845 | IBM Aspera Console information disclosure | | |
| CVE-2022-43847 | IBM Aspera Console HTTP header injection | | |
| CVE-2022-43848 | IBM AIX denial of service | S | |
| CVE-2022-43849 | IBM AIX denial of service | S | |
| CVE-2022-43850 | IBM Aspera Console cross-site scripting | | |
| CVE-2022-43851 | IBM Aspera Console information disclosure | | |
| CVE-2022-43852 | IBM Aspera Console information disclosure | | |
| CVE-2022-43855 | IBM SPSS Statistics denial of service | | |
| CVE-2022-43857 | IBM Navigator for i information disclosure | S | |
| CVE-2022-43858 | IBM Navigator for i information disclosure | S | |
| CVE-2022-43859 | IBM Navigator for i SQL injection | S | |
| CVE-2022-43860 | IBM Navigator for i SQL injection | S | |
| CVE-2022-43863 | IBM QRadar SIEM privilege escalation | S | |
| CVE-2022-43864 | IBM Business Automation Workflow information disclosure | S | |
| CVE-2022-43866 | IBM Maximo Asset Management cross-site scripting | | |
| CVE-2022-43867 | IBM Spectrum Scale command execution | S | |
| CVE-2022-43868 | IBM Security Verify Access information disclosure | S | |
| CVE-2022-43869 | IBM Spectrum Scale denial of service | S | |
| CVE-2022-43870 | IBM Spectrum Virtualize information disclosure | | |
| CVE-2022-43871 | IBM Financial Transaction Manager for SWIFT Services cross-site scripting | | |
| CVE-2022-43872 | IBM Financial Transaction Manager information disclosure | S | |
| CVE-2022-43873 | IBM Spectrum Virtualize privilege escalation | | |
| CVE-2022-43874 | IBM App Connect Enterprise Certified Container | | |
| CVE-2022-43875 | IBM Financial Transaction Manager for SWIFT Services for Multiplatforms denial of service | S | |
| CVE-2022-43877 | IBM UrbanCode Deploy (UCD) information disclosure | S | |
| CVE-2022-43880 | IBM QRadar WinCollect Agent | | |
| CVE-2022-43883 | IBM Cognos Analytics data manipulation | S | |
| CVE-2022-43887 | IBM Cognos Analytics information disclosure | S | |
| CVE-2022-43889 | IBM Security Verify Privilege information disclosure | S | |
| CVE-2022-43890 | IBM Security Verify Privilege On-Premises information disclosure | | |
| CVE-2022-43891 | IBM Security Verify Privilege information disclosure | S | |
| CVE-2022-43892 | IBM Security Verify Privilege information disclosure | S | |
| CVE-2022-43893 | IBM Security Verify Privilege denial of service | S | |
| CVE-2022-43900 | IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps security bypass | S | |
| CVE-2022-43901 | IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps information disclosure | S | |
| CVE-2022-43902 | IBM MQ denial of service | | |
| CVE-2022-43903 | IBM Security Guardium denial of service | S | |
| CVE-2022-43904 | IBM Security Guardium information disclosure | S | |
| CVE-2022-43906 | IBM Security Guardium information disclosure | S | |
| CVE-2022-43907 | IBM Security Guardium command execution | S | |
| CVE-2022-43908 | IBM Security Guardium denial of service | S | |
| CVE-2022-43909 | IBM Security Guardium cross-site scripting | S | |
| CVE-2022-43910 | IBM Security Guardium privilege escalation | S | |
| CVE-2022-43914 | IBM TRIRIGA Application Platform cross-site scripting | S | |
| CVE-2022-43915 | IBM App Connect Enterprise Certified Container | | |
| CVE-2022-43916 | IBM App Connect Enterprise Certified Container improper communications restriction | | |
| CVE-2022-43917 | IBM WebSphere Application Server information disclosure | S | |
| CVE-2022-43919 | IBM MQ denial of service | S | |
| CVE-2022-43920 | IBM Sterling B2B Integrator Standard Edition privilege escalation | | |
| CVE-2022-43922 | IBM App Connect Enterprise Certified Container information disclosure | S | |
| CVE-2022-43923 | IBM Maximo Application Suite 8.8.0 and 8.9.0 stores potentially sensitive information that could be ... | | |
| CVE-2022-43927 | IBM Db2 for Linux, UNIX and Windows information disclosure | S | |
| CVE-2022-43928 | IBM Db2 Mirror for i information disclosure | S | |
| CVE-2022-43929 | IBM Db2 for Linux, UNIX and Windows denial of service | S | |
| CVE-2022-43930 | IBM Db2 for Linux, UNIX and Windows information disclosure | S | |
| CVE-2022-43931 | Out-of-bounds write vulnerability in Remote Desktop Functionality in Synology VPN Plus Server before... | | |
| CVE-2022-43932 | Improper neutralization of special elements in output used by a downstream component ('Injection') v... | | |
| CVE-2022-43933 | configuration secrets are logged in support-save | | |
| CVE-2022-43934 | Weak Key-exchange algorithms | | |
| CVE-2022-43935 | Switch passwords and authorization IDs are printed in the embedded MLS DB file | | |
| CVE-2022-43936 | Brocade Fabric OS switch passwords when debugging is enabled | | |
| CVE-2022-43937 | Brocade SANnav Information Disclosure Vulnerability | | |
| CVE-2022-43938 | Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') | | |
| CVE-2022-43939 | Hitachi Vantara Pentaho Business Analytics Server - Use of Non-Canonical URL Paths for Authorization Decisions | KEV E | |
| CVE-2022-43940 | Hitachi Vantara Pentaho Business Analytics Server - Incorrect Authorization | | |
| CVE-2022-43941 | Hitachi Vantara Pentaho Business Analytics Server - Improper Restriction of XML External Entity Reference | | |
| CVE-2022-43942 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2022-43943 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2022-43944 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2022-43945 | The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer ov... | S | |
| CVE-2022-43946 | Multiple vulnerabilities including an incorrect permission assignment for critical resource [CWE-732... | S | |
| CVE-2022-43947 | An improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet For... | S | |
| CVE-2022-43948 | A improper neutralization of special elements used in an os command ('os command injection') in Fort... | S | |
| CVE-2022-43949 | A use of a broken or risky cryptographic algorithm [CWE-327] in Fortinet FortiSIEM before 6.7.1 all... | S | |
| CVE-2022-43950 | A URL redirection to untrusted site ('Open Redirect') vulnerability [CWE-601] in FortiNAC-F version ... | S | |
| CVE-2022-43951 | An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiNAC 9.... | S | |
| CVE-2022-43952 | An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerabilit... | S | |
| CVE-2022-43953 | A use of externally-controlled format string in Fortinet FortiOS version 7.2.0 through 7.2.4, FortiO... | S | |
| CVE-2022-43954 | An insertion of sensitive information into log file vulnerability [CWE-532] in the FortiPortal manag... | S | |
| CVE-2022-43955 | An improper neutralization of input during web page generation [CWE-79] in the FortiWeb web interfac... | S | |
| CVE-2022-43958 | A vulnerability has been identified in QMS Automotive (All versions < V12.39), QMS Automotive (All v... | M | |
| CVE-2022-43959 | Insufficiently Protected Credentials in the AD/LDAP server settings in 1C-Bitrix Bitrix24 through 22... | E | |
| CVE-2022-43967 | Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflecte... | S | |
| CVE-2022-43968 | Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflecte... | S | |
| CVE-2022-43969 | Ricoh mp_c4504ex devices with firmware 1.06 mishandle credentials.... | | |
| CVE-2022-43970 | Buffer overflow in Linksys WRT54GL | E | |
| CVE-2022-43971 | Arbitrary code execution in Linksys WUMC710 | E | |
| CVE-2022-43972 | Null pointer dereference in Linksys WRT54GL | E | |
| CVE-2022-43973 | Arbitrary code execution in Linksys WRT54GL | E | |
| CVE-2022-43974 | MatrixSSL 4.0.4 through 4.5.1 has an integer overflow in matrixSslDecodeTls13. A remote attacker mig... | | |
| CVE-2022-43975 | An issue was discovered in FC46-WebBridge on GE Grid Solutions MS3000 devices before 3.7.6.25p0_3.2.... | | |
| CVE-2022-43976 | An issue was discovered in FC46-WebBridge on GE Grid Solutions MS3000 devices before 3.7.6.25p0_3.2.... | | |
| CVE-2022-43977 | An issue was discovered on GE Grid Solutions MS3000 devices before 3.7.6.25p0_3.2.2.17p0_4.7p0. The ... | | |
| CVE-2022-43978 | Limited Authentication bypass due to hardcoded secret | S | |
| CVE-2022-43979 | Path Traversal leading to Local File Inclusion | S | |
| CVE-2022-43980 | Cross-site scripting vulnerability in the network maps edit functionality | S | |
| CVE-2022-43982 | Apache Airflow prior to 2.4.2 allows reflected XSS via Origin Query Argument in URL | | |
| CVE-2022-43983 | Browsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. Thi... | E | |
| CVE-2022-43984 | Browsershot version 3.57.3 allows an external attacker to remotely obtain arbitrary local files. Thi... | E | |
| CVE-2022-43985 | Apache Airflow prior to 2.4.2 has an open redirect | S | |
| CVE-2022-43989 | Password recovery vulnerability in SICK SIM2x00 (ARM) Partnumber 1092673 and 1081902 with firmware v... | | |
| CVE-2022-43990 | Password recovery vulnerability in SICK SIM1012 Partnumber 1098146 with firmware version <2.2.0 allo... | | |
| CVE-2022-43995 | Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd... | S | |
| CVE-2022-43996 | The csaf_provider package before 0.8.2 allows XSS via a crafted CSAF document uploaded as text/html.... | | |
| CVE-2022-43997 | Incorrect access control in Aternity agent in Riverbed Aternity before 12.1.4.27 allows for local pr... | E | |
| CVE-2022-43999 | An issue was discovered in BACKCLICK Professional 5.9.63. Due to exposed CORBA management services, ... | E |