Skip to main content
CVE-2022-35434 MEDIUM POC This Month

jpeg-quantsmooth before commit 8879454 contained a floating point exception (FPE) via /jpeg-quantsmooth/jpegqs+0x4f5d6c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Jpeg Quant Smooth
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-35114 MEDIUM POC This Month

SWFTools commit 772e55a2 was discovered to contain a segmentation violation via extractFrame at /readers/swf.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Swftools
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-35113 MEDIUM POC This Month

SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via swf_DefineLosslessBitsTagToImage at /modules/swfbits.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Swftools
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-35111 MEDIUM POC This Month

SWFTools commit 772e55a2 was discovered to contain a stack overflow via __sanitizer::StackDepotNode::hash(__sanitizer::StackTrace const&) at /sanitizer_common/sanitizer_stackdepot.cpp. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Swftools
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-35110 MEDIUM POC This Month

SWFTools commit 772e55a2 was discovered to contain a memory leak via /lib/mem.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Swftools
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-35109 MEDIUM POC This Month

SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via draw_stroke at /gfxpoly/stroke.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Swftools
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-35108 MEDIUM POC This Month

SWFTools commit 772e55a2 was discovered to contain a segmentation violation via DCTStream::getChar() at /xpdf/Stream.cc. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Swftools
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-35107 MEDIUM POC This Month

SWFTools commit 772e55a2 was discovered to contain a stack overflow via vfprintf at /stdio-common/vfprintf.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Swftools
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-35106 MEDIUM POC This Month

SWFTools commit 772e55a2 was discovered to contain a segmentation violation via FoFiTrueType::computeTableChecksum(unsigned char*, int) at /xpdf/FoFiTrueType.cc. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Swftools
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-35105 MEDIUM POC This Month

SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via /bin/png2swf+0x552cea. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Swftools
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-35104 MEDIUM POC This Month

SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via DCTStream::reset() at /xpdf/Stream.cc. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Swftools
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-35101 MEDIUM POC This Month

SWFTools commit 772e55a2 was discovered to contain a segmentation violation via /multiarch/memset-vec-unaligned-erms.S. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Swftools
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-35004 MEDIUM POC This Month

JPEGDEC commit be4843c was discovered to contain a FPE via TIFFSHORT at /src/jpeg.inl. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Jpegdec
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-35002 MEDIUM POC This Month

JPEGDEC commit be4843c was discovered to contain a segmentation fault via TIFFSHORT at /src/jpeg.inl. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Jpegdec
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-35000 MEDIUM POC This Month

JPEGDEC commit be4843c was discovered to contain a segmentation fault via fseek at /libio/fseek.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Jpegdec
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-34999 MEDIUM POC This Month

JPEGDEC commit be4843c was discovered to contain a FPE via DecodeJPEG at /src/jpeg.inl. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Jpegdec
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-36308 CRITICAL Act Now

Airspan AirVelocity 1500 web management UI displays SNMP credentials in plaintext on software versions older than 15.18.00.2511, and stores SNMPv3 credentials unhashed on the filesystem, enabling. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Airvelocity 1500 Firmware
NVD GitHub
CVSS 3.1
9.1
EPSS
0.6%
CVE-2022-34255 HIGH PATCH This Week

Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Access Control vulnerability that could result in Privilege escalation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Adobe Privilege Escalation Commerce Magento
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2022-34254 HIGH PATCH This Week

Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Path Traversal Adobe Commerce Magento
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2022-2661 HIGH This Week

Sequi PortBloque S has an improper authorization vulnerability, which may allow a low-privileged user to perform administrative functions using specifically crafted requests. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Portbloque S Firmware
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-38362 HIGH PATCH This Week

Apache Airflow Docker's Provider prior to 3.0.0 shipped with an example DAG that was vulnerable to (authenticated) remote code exploit of code on the Airflow worker host. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Information Disclosure Docker Apache Airflow Providers Docker
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2022-35239 HIGH This Week

The image file management page of SolarView Compact SV-CPT-MC310 Ver.7.23 and earlier, and SV-CPT-MC310F Ver.7.23 and earlier contains an insufficient verification vulnerability when uploading files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE PHP Sv Cpt Mc310F Firmware Sv Cpt Mc310 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-36312 HIGH This Week

Airspan AirVelocity 1500 software version 15.18.00.2511 lacks CSRF protections in the eNodeB's web management UI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Airvelocity 1500 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-2846 MEDIUM POC This Month

The Calendar Event Multi View WordPress plugin before 1.4.07 does not have any authorisation and CSRF checks in place when creating an event, and is also lacking sanitisation as well as escaping in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF XSS WordPress Calendar Event Multi View
NVD WPScan Exploit-DB
CVSS 3.1
4.3
EPSS
2.2%
CVE-2022-38184 HIGH This Week

There is an improper access control vulnerability in Portal for ArcGIS versions 10.8.1 and below which could allow a remote, unauthenticated attacker to access an API that may induce Esri Portal for. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Portal For Arcgis
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-35734 HIGH This Week

'Hulu / フールー' App for Android from version 3.0.47 to the version prior to 3.1.2 uses a hard-coded API key for an external service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Hulu
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-33939 HIGH This Week

CENTUM VP / CS 3000 controller FCS (CP31, CP33, CP345, CP401, and CP451) contains an issue in processing communication packets, which may lead to resource consumption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Centum Cs 3000 Cp401 Firmware Centum Cs 3000 Cp451 Firmware Centum Cs 3000 Cp33 Firmware Centum Cs 3000 Cp345 Firmware +3
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-38216 HIGH PATCH This Week

An integer overflow exists in Mapbox's closed source gl-native library prior to version 10.6.1, which is bundled with multiple Mapbox products including open source libraries. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Maps Software Development Kit
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-34253 HIGH PATCH This Week

Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an XML Injection vulnerability in the Widgets Module. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Adobe Commerce Magento
NVD
CVSS 3.1
7.2
EPSS
4.2%
CVE-2022-36381 HIGH This Week

OS command injection vulnerability in Nintendo Wi-Fi Network Adaptor WAP-001 All versions allows an attacker with an administrative privilege to execute arbitrary OS commands via unspecified vectors. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Wi Fi Network Adaptor Wap 001 Firmware
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2022-36293 HIGH This Week

Buffer overflow vulnerability in Nintendo Wi-Fi Network Adaptor WAP-001 All versions allows an attacker with an administrative privilege to execute arbitrary code via unspecified vectors. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Buffer Overflow Wi Fi Network Adaptor Wap 001 Firmware
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-36307 MEDIUM This Month

The AirVelocity 1500 prints SNMP credentials on its physically accessible serial port during boot. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Airvelocity 1500 Firmware
NVD GitHub
CVSS 3.1
6.8
EPSS
0.3%
CVE-2022-34257 MEDIUM PATCH This Month

Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Adobe Commerce Magento
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-2844 MEDIUM This Month

A vulnerability classified as problematic has been found in MotoPress Timetable and Event Schedule up to 1.4.06. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Timetable And Event Schedule
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-2843 MEDIUM This Month

A vulnerability was found in MotoPress Timetable and Event Schedule. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Timetable And Event Schedule
NVD VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-36311 MEDIUM This Month

Airspan AirVelocity 1500 prior to software version 15.18.00.2511 is vulnerable to injection leading to XSS in the SNMP community field in the eNodeB's web management UI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Airvelocity 1500 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-37439 MEDIUM This Month

In Splunk Enterprise and Universal Forwarder versions in the following table, indexing a specially crafted ZIP file using the file monitoring input can result in a crash of the application. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Splunk Universal Forwarder
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-38194 MEDIUM This Month

In Esri Portal for ArcGIS versions 10.8.1, a system property is not properly encrypted. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Portal For Arcgis
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-29959 MEDIUM This Month

Emerson OpenBSI through 2022-04-29 mishandles credential storage. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Openbsi
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-38189 MEDIUM This Month

A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS may allow a remote, authenticated attacker to pass and store malicious strings via crafted queries which when accessed. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Portal For Arcgis
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-30576 MEDIUM This Month

The Web Console component of TIBCO Software Inc.'s TIBCO Data Science - Workbench, TIBCO Statistica, TIBCO Statistica - Estore Edition, and TIBCO Statistica Trial contains an easily exploitable. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Data Science Workbench Statistica
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-30575 MEDIUM This Month

The Web Console component of TIBCO Software Inc.'s TIBCO Data Science - Workbench, TIBCO Statistica, TIBCO Statistica - Estore Edition, and TIBCO Statistica Trial contains easily exploitable. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Data Science Workbench Statistica
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-38192 MEDIUM This Month

A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS may allow a remote, authenticated attacker to pass and store malicious strings via crafted queries which when accessed. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Portal For Arcgis
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-34259 MEDIUM PATCH This Month

Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Adobe Commerce Magento
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2022-2838 MEDIUM This Month

In Eclipse Sphinx™ before version 0.13.1, Apache Xerces XML Parser was used without disabling processing of referenced external entities allowing the injection of arbitrary definitions which is able. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache XXE Sphinx
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2022-34258 MEDIUM PATCH This Month

Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Adobe Commerce Magento
NVD
CVSS 3.1
4.8
EPSS
68.3%
CVE-2022-34156 MEDIUM This Month

'Hulu / フールー' App for iOS versions prior to 3.0.81 improperly verifies server certificates, which may allow an attacker to eavesdrop on an encrypted communication via a man-in-the-middle attack. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Apple Hulu
NVD
CVSS 3.1
4.8
EPSS
0.2%
CVE-2022-37438 LOW Monitor

In Splunk Enterprise versions in the following table, an authenticated user can craft a dashboard that could potentially leak information (for example, username, email, and real name) about Splunk. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Splunk Splunk Cloud Platform
NVD
CVSS 3.1
3.5
EPSS
0.4%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy