Skip to main content
CVE-2022-31152 HIGH PATCH This Week

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Synapse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-34369 HIGH PATCH This Week

Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3 , contain an insertion of sensitive information in log files vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Dell Emc Powerscale Onefs
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-29158 HIGH PATCH This Week

Apache OFBiz up to version 18.12.05 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles URLs provided by external, unauthenticated users. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Atlassian Denial Of Service Ofbiz
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2022-25813 HIGH PATCH This Week

In Apache OFBiz, versions 18.12.05 and earlier, an attacker acting as an anonymous user of the ecommerce plugin, can insert a malicious content in a message “Subject” field from the "Contact us". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Ssti Information Disclosure Apache Ofbiz
NVD
CVSS 3.1
7.5
EPSS
67.3%
CVE-2022-37458 HIGH This Week

Discourse through 2.8.7 allows admins to send invitations to arbitrary email addresses at an unlimited rate. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Discourse
NVD GitHub
CVSS 3.1
7.2
EPSS
1.1%
CVE-2022-35933 MEDIUM PATCH This Month

This package is a PrestaShop module that allows users to post reviews and rate products. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Productcomments
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-34378 MEDIUM PATCH This Month

Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3, contain a relative path traversal vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Dell Path Traversal Denial Of Service Emc Powerscale Onefs
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-22101 MEDIUM This Month

Denial of service in multimedia due to uncontrolled resource consumption while parsing an incoming HAB message in Snapdragon Auto. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Denial Of Service Apq8096Au Firmware Qam8295p Firmware Qca6564a Firmware +14
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-39190 MEDIUM PATCH This Month

An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel before 5.19.6. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Denial Of Service Linux Kernel Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-25370 MEDIUM This Month

Apache OFBiz uses the Birt plugin (https://eclipse.github.io/birt-website/) to create data visualizations and reports. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache XSS Ofbiz
NVD
CVSS 3.1
5.4
EPSS
2.0%
CVE-2022-38170 MEDIUM PATCH This Month

In Apache Airflow prior to 2.3.4, an insecure umask was configured for numerous Airflow components when running with the `--daemon` flag which could result in a race condition giving world-writable. Rated medium severity (CVSS 4.7). No vendor patch available.

Apache Information Disclosure Airflow
NVD
CVSS 3.1
4.7
EPSS
0.6%
CVE-2022-39188 MEDIUM PATCH This Month

An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Rated medium severity (CVSS 4.7).

Linux Race Condition Information Disclosure Linux Kernel Debian Linux
NVD GitHub
CVSS 3.1
4.7
EPSS
0.2%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy