Skip to main content
CVE-2022-32148 MEDIUM POC PATCH This Month

Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by calling httputil.ReverseProxy.ServeHTTP with a Request.Header map containing a nil value for. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Go
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2022-1705 MEDIUM POC PATCH This Month

Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Request Smuggling Go
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2022-2756 MEDIUM POC PATCH This Month

Server-Side Request Forgery (SSRF) in GitHub repository kareadita/kavita prior to 0.5.4.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SSRF Kavita
NVD GitHub
CVSS 3.1
6.5
EPSS
2.3%
CVE-2022-1962 MEDIUM POC PATCH This Month

Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Go
NVD
CVSS 3.1
5.5
EPSS
0.9%
CVE-2022-35509 MEDIUM POC This Month

An issue was discovered in EyouCMS 1.5.8. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Eyoucms
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-36325 MEDIUM CISA This Month

Affected devices do not properly sanitize data introduced by an user when rendering the web interface. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Scalance M 800 Firmware Scalance S615 Firmware Scalance Sc 600 Firmware Scalance Sc622 2C Firmware +86
NVD VulDB
CVSS 3.1
6.8
EPSS
0.3%
CVE-2022-34659 MEDIUM This Month

A vulnerability has been identified in Simcenter STAR-CCM+ (All versions only if the Power-on-Demand public license server is used). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Simcenter Star Ccm Viewer
NVD VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2022-23238 MEDIUM PATCH This Month

Linux deployments of StorageGRID (formerly StorageGRID Webscale) versions 11.6.0 through 11.6.0.2 deployed with a Linux kernel version less than 4.7.0 are susceptible to a vulnerability which could. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Linux Information Disclosure Storagegrid
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-20346 MEDIUM PATCH This Month

In updateAudioTrackInfoFromESDS_MPEG4Audio of MPEG4Extractor.cpp, there is a possible out of bounds read due to an incorrect bounds check. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Google Information Disclosure Buffer Overflow Android
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-34365 MEDIUM This Month

WMS 3.7 contains a Path Traversal Vulnerability in Device API. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Wyse Management Suite
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-33927 MEDIUM This Month

Dell Wyse Management Suite 3.6.1 and below contains a Session Fixation vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Session Fixation Dell Wyse Management Suite
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-33926 MEDIUM This Month

Dell Wyse Management Suite 3.6.1 and below contains an improper access control vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Dell Wyse Management Suite
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-33925 MEDIUM This Month

Dell Wyse Management Suite 3.6.1 and below contains an Improper Access control vulnerability in UI. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Dell Wyse Management Suite
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-29090 MEDIUM This Month

Dell Wyse Management Suite 3.6.1 and below contains a Sensitive Data Exposure vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Dell Wyse Management Suite
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-22411 MEDIUM PATCH This Month

IBM Spectrum Scale Data Access Services (DAS) 5.1.3.1 could allow an authenticated user to insert code which could allow the attacker to manipulate cluster resources due to excessive permissions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Information Disclosure IBM Spectrum Scale Data Access Services
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-20852 MEDIUM This Month

Multiple vulnerabilities in the web interface of Cisco Webex Meetings could allow a remote attacker to conduct a cross-site scripting (XSS) attack or a frame hijacking attack against a user of the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco XSS Webex Meetings
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-33929 MEDIUM This Month

Dell Wyse Management Suite 3.6.1 and below contains a Reflected Cross-Site Scripting Vulnerability in EndUserSummary page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Dell XSS Wyse Management Suite
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-20713 MEDIUM This Month

A vulnerability in the VPN web client services component of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Request Smuggling Cisco XSS Firepower Threat Defense Adaptive Security Appliance Software
NVD
CVSS 3.1
6.1
EPSS
1.3%
CVE-2022-20869 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco BroadWorks Application Delivery Platform Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco XSS Broadworks
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-36801 MEDIUM This Month

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Reflected Cross-Site Scripting (RXSS) vulnerability in the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian XSS Jira Data Center Jira Server
NVD
CVSS 3.1
6.1
EPSS
64.9%
CVE-2022-22983 MEDIUM PATCH This Month

VMware Workstation (16.x prior to 16.2.4) contains an unprotected storage of credentials vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Information Disclosure VMware Workstation
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2022-2719 MEDIUM PATCH This Month

In ImageMagick, a crafted file could trigger an assertion failure when a call to WriteImages was made in MagickWand/operation.c, due to a NULL image list. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Extra Packages For Enterprise Linux Imagemagick Fedora
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-20357 MEDIUM PATCH This Month

In writeToParcel of SurfaceControl.cpp, there is a possible information disclosure due to uninitialized data. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20355 MEDIUM PATCH This Month

In get of PacProxyService.java, there is a possible system service crash due to improper input validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Denial Of Service Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20353 MEDIUM PATCH This Month

In onSaveRingtone of DefaultRingtonePreference.java, there is a possible inappropriate file read due to improper input validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20352 MEDIUM PATCH This Month

In addProviderRequestListener of LocationManagerService.java, there is a possible way to learn which packages request location information due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20350 MEDIUM PATCH This Month

In onCreate of NotificationAccessConfirmationActivity.java, there is a possible way to trick the victim to grant notification access to the wrong app due to improper input validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-35697 MEDIUM PATCH This Month

Adobe Experience Manager Core Components version 2.20.6 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Adobe Web Content Management Core Components
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-20820 MEDIUM This Month

Multiple vulnerabilities in the web interface of Cisco Webex Meetings could allow a remote attacker to conduct a cross-site scripting (XSS) attack or a frame hijacking attack against a user of the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Webex Meetings
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-33931 MEDIUM This Month

Dell Wyse Management Suite 3.6.1 and below contains an Improper Access control vulnerability in UI. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Dell Wyse Management Suite
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2022-33924 MEDIUM This Month

Dell Wyse Management Suite 3.6.1 and below contains an Improper Access control vulnerability with which an attacker with no access to create rules could potentially exploit this vulnerability and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Dell Wyse Management Suite
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2022-38133 MEDIUM This Month

In JetBrains TeamCity before 2022.04.3 the private SSH key could be written to the server log in some cases. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2022-22490 MEDIUM PATCH This Month

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a privileged user to obtain sensitive Azure bot credential information. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure IBM Path Traversal Robotic Process Automation +2
NVD
CVSS 3.1
4.9
EPSS
0.7%
CVE-2022-20914 MEDIUM This Month

A vulnerability in the External RESTful Services (ERS) API of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to obtain sensitive information. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cisco Identity Services Engine
NVD
CVSS 3.1
4.9
EPSS
0.8%
CVE-2022-31674 MEDIUM PATCH This Month

VMware vRealize Operations contains an information disclosure vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure VMware Vrealize Operations
NVD
CVSS 3.1
4.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy