Skip to main content
CVE-2022-34526 MEDIUM POC This Month

A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit v4.4.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Libtiff Fedora +3
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2022-35630 MEDIUM PATCH This Month

A cross-site scripting (XSS) issue in generating a collection report made it possible for malicious clients to inject JavaScript code into the static HTML file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Velociraptor
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-35631 MEDIUM PATCH This Month

On MacOS and Linux, it may be possible to perform a symlink attack by replacing this predictable file name with a symlink to another file and have the Velociraptor client overwrite the other file. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Apple Velociraptor
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-35629 MEDIUM This Month

Due to a bug in the handling of the communication between the client and server, it was possible for one client, already registered with their own client ID, to send messages to the server claiming. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Velociraptor
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-2579 MEDIUM This Month

A vulnerability, which was classified as problematic, was found in SourceCodester Garage Management System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS PHP Garage Management System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-23004 MEDIUM This Month

When computing a shared secret or point multiplication on the NIST P-256 curve using a public key with an X coordinate of zero, an error is returned from the library, and an invalid unreduced value. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Sweet B
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-23003 MEDIUM This Month

When computing a shared secret or point multiplication on the NIST P-256 curve that results in an X coordinate of zero, the resulting output is not properly reduced modulo the P-256 field prime and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Sweet B
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-23002 MEDIUM This Month

When compressing or decompressing a point on the NIST P-256 elliptic curve with an X coordinate of zero, the resulting output is not properly reduced modulo the P-256 field prime and is invalid. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Sweet B
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-23001 MEDIUM This Month

When compressing or decompressing elliptic curve points using the Sweet B library, an incorrect choice of sign bit is used. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Sweet B
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-36378 MEDIUM This Month

Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in PluginlySpeaking Floating Div plugin <= 3.0 at WordPress. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Floating Div
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-35632 MEDIUM This Month

The Velociraptor GUI contains an editor suggestion feature that can display the description field of a VQL function, plugin or artifact. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Velociraptor
NVD
CVSS 3.1
4.8
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy