Skip to main content
CVE-2022-22202 MEDIUM POC This Month

An Improper Handling of Exceptional Conditions vulnerability on specific PTX Series devices, including the PTX1000, PTX3000 (NextGen), PTX5000, PTX10002-60C, PTX10008, and PTX10016 Series, in Juniper. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-31160 MEDIUM POC PATCH This Month

jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Jquery Ui H300s Firmware H500s Firmware H700s Firmware +6
NVD GitHub
CVSS 3.1
6.1
EPSS
1.9%
CVE-2022-34048 MEDIUM POC This Month

Wavlink WN533A8 M33A8.V5030.190716 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the login_page parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wn533A8 Firmware
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
5.1%
CVE-2022-22215 MEDIUM POC This Month

A Missing Release of File Descriptor or Handle after Effective Lifetime vulnerability in plugable authentication module (PAM) of Juniper Networks Junos OS and Junos OS Evolved allows a locally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Juniper Denial Of Service Junos Junos Os Evolved
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2022-34049 MEDIUM POC This Month

An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows unauthenticated attackers to download log files and configuration data. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Path Traversal Wl Wn530Hg4 Firmware
NVD
CVSS 3.1
5.3
EPSS
2.2%
CVE-2022-35569 MEDIUM POC This Month

Blogifier v3.0 was discovered to contain an arbitrary file upload vulnerability at /api/storage/upload/PostImage. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS File Upload Blogifier
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2022-32962 MEDIUM This Month

HiCOS’ client-side citizen certificate component has a double free vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Hicos Natural Person Credential Component Client
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2022-32961 MEDIUM This Month

HICOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for token information. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Hicos Natural Person Credential Component Client
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2022-32960 MEDIUM This Month

HiCOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for card number. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Hicos Natural Person Credential Component Client
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2022-32959 MEDIUM This Month

HiCOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for OS information. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Hicos Natural Person Credential Component Client
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2022-33944 MEDIUM This Month

The main MiCODUS MV720 GPS tracker web server has an authenticated insecure direct object references vulnerability on endpoint and POST parameter “Device ID,” which accepts arbitrary device IDs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Mv720 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-2179 MEDIUM This Month

The X-Frame-Options header in Rockwell Automation MicroLogix 1100/1400 Versions 21.007 and prior is not configured in the HTTP response, which could allow clickjacking attacks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Rockwell XSS Micrologix 1100 Firmware Micrologix 1400 Firmware
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2022-22217 MEDIUM This Month

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an adjacent unauthenticated attacker to cause a Denial. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-22214 MEDIUM This Month

An Improper Input Validation vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent attacker to cause a PFE crash and thereby a. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Junos Os Evolved
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-22210 MEDIUM This Month

A NULL Pointer Dereference vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on QFX5000 Series and MX Series allows an unauthenticated adjacent attacker to cause a. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Null Pointer Dereference Denial Of Service Junos
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-22203 MEDIUM This Month

An Incorrect Comparison vulnerability in PFE of Juniper Networks Junos OS allows an adjacent unauthenticated attacker to cause a Denial of Service (DoS). Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-36321 MEDIUM This Month

In JetBrains TeamCity before 2022.04.2 the private SSH key could be written to the build log in some cases. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2022-32958 MEDIUM This Month

A remote attacker with general user privilege can send a message to Teamplus Pro’s chat group that exceeds message size limit, to terminate other recipients’ Teamplus Pro chat process. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Team Pro
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-2199 MEDIUM This Month

The main MiCODUS MV720 GPS tracker web server has a reflected cross-site scripting vulnerability that could allow an attacker to gain control by tricking a user into making a request. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mv720 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-22213 MEDIUM This Month

A vulnerability in Handling of Undefined Values in the routing protocol daemon (RPD) process of Juniper Networks Junos OS and Junos OS Evolved may allow an unauthenticated network-based attacker to. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Juniper Denial Of Service Junos Junos Os Evolved
NVD
CVSS 3.1
5.9
EPSS
0.6%
CVE-2022-22424 MEDIUM PATCH This Month

IBM QRadar SIEM 7.3, 7.4, and 7.5 could allow a local user to obtain sensitive information from the TLS key file due to incorrect file permissions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

IBM Privilege Escalation Qradar Security Information And Event Manager
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-34150 MEDIUM This Month

The main MiCODUS MV720 GPS tracker web server has an authenticated insecure direct object reference vulnerability on endpoint and parameter device IDs, which accept arbitrary device IDs without. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Mv720 Firmware
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-22204 MEDIUM This Month

An Improper Release of Memory Before Removing Last Reference vulnerability in the Session Initiation Protocol (SIP) Application Layer Gateway (ALG) of Juniper Networks Junos OS allows unauthenticated. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-32457 MEDIUM This Month

Digiwin BPM has inadequate filtering for URL parameter. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Business Process Management
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-29923 MEDIUM This Month

Cross-site Scripting (XSS) vulnerability in ThingsForRestaurants Quick Restaurant Reservations (WordPress plugin) allows Reflected XSS.4.1. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Quick Restaurant Reservations
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2022-29454 MEDIUM PATCH This Month

Cross-Site Request Forgery (CSRF) vulnerability in WordPlus Better Messages plugin <= 1.9.9.148 at WordPress allows attackers to upload files. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF WordPress Better Messages
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2022-22216 MEDIUM This Month

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the PFE of Juniper Networks Junos OS on PTX Series and QFX10k Series allows an adjacent unauthenticated attacker to gain. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Information Disclosure Junos
NVD
CVSS 3.1
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy