Skip to main content
CVE-2022-2044 HIGH This Week

MOXA NPort 5110: Firmware Versions 2.10 is vulnerable to an out-of-bounds write that may allow an attacker to overwrite values in memory, causing a denial-of-service condition or potentially bricking. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Nport 5110 Firmware
NVD
CVSS 3.1
8.2
EPSS
0.6%
CVE-2022-31233 HIGH PATCH This Week

Unisphere for PowerMax versions before 9.2.3.15 contain a privilege escalation vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity.

Privilege Escalation Evasa Provider Virtual Appliance Solutions Enabler Solutions Enabler Virtual Appliance Unisphere 360 +4
NVD
CVSS 3.1
8.0
EPSS
0.3%
CVE-2022-2897 HIGH This Week

Measuresoft ScadaPro Server and Client (All Versions) do not properly resolve links before file access; this could allow privilege escalation.. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Scadapro Client Scadapro Server
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-2896 HIGH This Week

Measuresoft ScadaPro Server (All Versions) allows use after free while processing a specific project file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Stack Overflow Buffer Overflow Scadapro Server
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-2895 HIGH This Week

Measuresoft ScadaPro Server (All Versions) uses unmaintained ActiveX controls. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Scadapro Server
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-2894 HIGH This Week

Measuresoft ScadaPro Server (All Versions) uses unmaintained ActiveX controls. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Scadapro Server
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-2892 HIGH PATCH This Week

Measuresoft ScadaPro Server (Versions prior to 6.8.0.1) uses an unmaintained ActiveX control, which may allow an out-of-bounds write condition while processing a specific project file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Memory Corruption Buffer Overflow Scadapro Server
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-34373 HIGH PATCH This Week

Dell Command | Integration Suite for System Center, versions prior to 6.2.0, contains arbitrary file write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Dell Path Traversal Command Integration Suite For System Center
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-2866 HIGH This Week

FATEK FvDesigner version 1.5.103 and prior is vulnerable to an out-of-bounds write while processing project files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Fvdesigner
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-2006 HIGH PATCH This Week

AutomationDirect DirectLOGIC has a DLL vulnerability in the install directory that may allow an attacker to execute code during the installation process. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure C More Ea9 T6Cl Firmware C More Ea9 T6Cl R Firmware C More Ea9 T7Cl Firmware C More Ea9 T7Cl R Firmware +8
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-1976 HIGH PATCH This Week

A flaw was found in the Linux kernel’s implementation of IO-URING. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Privilege Escalation Memory Corruption Buffer Overflow Linux Use After Free +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-1888 HIGH This Week

Alpha7 PC Loader (All versions) is vulnerable to a stack-based buffer overflow while processing a specifically crafted project file, which may allow an attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Stack Overflow Buffer Overflow Alpha7 Pc Loader Firmware
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-1405 HIGH PATCH This Week

CNCSoft: All versions prior to 1.01.32 does not properly sanitize input while processing a specific project file, allowing a possible stack-based buffer overflow condition. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Stack Overflow Buffer Overflow Cncsoft
NVD
CVSS 3.1
7.8
EPSS
2.2%
CVE-2022-36035 HIGH PATCH This Week

Flux is a tool for keeping Kubernetes clusters in sync with sources of configuration (like Git repositories), and automating updates to configuration when there is new code to deploy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Kubernetes Path Traversal Flux2
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-2485 HIGH PATCH This Week

Any attempt (good or bad) to log into AutomationDirect Stride Field I/O with a web browser may result in the device responding with its password in the communication packets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Sio Mb04Rtds Firmware Sio Mb04Ads Firmware Sio Mb04Thms Firmware Sio Mb08Ads 1 Firmware +6
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-2043 HIGH This Week

MOXA NPort 5110: Firmware Versions 2.10 is vulnerable to an out-of-bounds write that can cause the device to become unresponsive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Nport 5110 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-2005 HIGH PATCH This Week

AutomationDirect C-more EA9 HTTP webserver uses an insecure mechanism to transport credentials from client to web server, which may allow an attacker to obtain the login credentials and login as a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure C More Ea9 T6Cl Firmware C More Ea9 T6Cl R Firmware C More Ea9 T7Cl Firmware C More Ea9 T7Cl R Firmware +8
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-2004 HIGH PATCH This Week

AutomationDirect DirectLOGIC is vulnerable to a a specially crafted packet can be sent continuously to the PLC to prevent access from DirectSoft and other devices, causing a denial-of-service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service D0 06Dd1 Firmware D0 06Dd2 Firmware D0 06Dr Firmware D0 06Da Firmware +5
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-26330 HIGH This Week

Potential vulnerabilities have been identified in Micro Focus ArcSight Logger. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure XSS Arcsight Logger
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-1319 HIGH PATCH This Week

A flaw was found in Undertow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Openshift Application Runtimes Single Sign On Undertow Active Iq Unified Manager +3
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-1259 HIGH This Week

A flaw was found in Undertow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Build Of Quarkus Integration Camel K Jboss Enterprise Application Platform Openshift Application Runtimes +6
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-1404 HIGH PATCH This Week

Delta Electronics CNCSoft (All versions prior to 1.01.32) does not properly sanitize input while processing a specific project file, allowing a possible out-of-bounds read condition. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Buffer Overflow Cncsoft
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2022-3028 HIGH PATCH This Week

A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. Rated high severity (CVSS 7.0).

Linux Buffer Overflow Linux Kernel Fedora Debian Linux
NVD GitHub
CVSS 3.1
7.0
EPSS
0.2%
CVE-2022-2590 HIGH This Week

A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only shared memory mappings. Rated high severity (CVSS 7.0). No vendor patch available.

Linux Race Condition Information Disclosure Linux Kernel
NVD
CVSS 3.1
7.0
EPSS
0.9%
CVE-2022-37023 MEDIUM PATCH This Month

Apache Geode versions prior to 1.15.0 are vulnerable to a deserialization of untrusted data flaw when using REST API on Java 8 or Java 11. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Deserialization Java Geode
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2022-26331 MEDIUM This Month

Potential vulnerabilities have been identified in Micro Focus ArcSight Logger. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure XSS Arcsight Logger
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-1508 MEDIUM PATCH This Month

An out-of-bounds read flaw was found in the Linux kernel’s io_uring module in the way a user triggers the io_read() function with some special parameters. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity.

Linux Information Disclosure Buffer Overflow Linux Kernel
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2022-2758 MEDIUM This Month

Passwords are not adequately encrypted during the communication process between all versions of LS Industrial Systems (LSIS) Co. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Xg5000 Xgk Cpuun Firmware Xgk Cpuhn Firmware Xgk Cpusn Firmware +231
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2022-2898 MEDIUM This Month

Measuresoft ScadaPro Server and Client (All Versions) do not properly resolve links before file access; this could allow a denial-of-service condition. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Scadapro Client Scadapro Server
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-28625 MEDIUM This Month

A local disclosure of sensitive information vulnerability was discovered in HPE OneView version(s): Prior to 7.0 or 6.60.01. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Oneview
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-1975 MEDIUM PATCH This Month

There is a sleep-in-atomic bug in /net/nfc/netlink.c that allows an attacker to crash the Linux kernel by simulating a nfc device from user-space. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Denial Of Service Linux Kernel
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-1841 MEDIUM PATCH This Month

In subsys/net/ip/tcp.c , function tcp_flags , when the incoming parameter flags is ECN or CWR , the buf will out-of-bounds write a byte zero. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Memory Corruption Buffer Overflow Zephyr
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2022-36046 MEDIUM PATCH This Month

Next.js is a React framework that can provide building blocks to create web applications. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Node.js Next Js
NVD GitHub
CVSS 3.1
5.3
EPSS
1.0%
CVE-2022-27911 MEDIUM This Month

An issue was discovered in Joomla!. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Joomla
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2022-36048 MEDIUM This Month

Zulip is an open-source team collaboration tool with topic-based threading that combines email and chat. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Zulip
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-1974 MEDIUM PATCH This Month

A use-after-free flaw was found in the Linux kernel's NFC core functionality due to a race condition between kobject creation and delete. Rated medium severity (CVSS 4.1). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Information Disclosure Linux Use After Free Linux Kernel
NVD GitHub
CVSS 3.1
4.1
EPSS
0.1%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy