Skip to main content
CVE-2022-32842 HIGH This Week

An out-of-bounds read issue was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Buffer Overflow Mac Os X macOS
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-32829 HIGH This Week

This issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Privilege Escalation Ipados Iphone Os +1
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-32826 HIGH This Week

An authorization issue was addressed with improved state management. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Privilege Escalation Ipados Iphone Os Mac Os X +3
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-32821 HIGH This Week

A memory corruption issue was addressed with improved validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Apple Buffer Overflow Ipados +4
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-32820 HIGH This Week

An out-of-bounds write issue was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Apple Buffer Overflow Ipados +5
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-32819 HIGH This Week

A logic issue was addressed with improved state management. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Privilege Escalation Ipados Iphone Os Mac Os X +3
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-32815 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Apple Buffer Overflow Ipados +5
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-32801 HIGH This Week

This issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Privilege Escalation macOS
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2022-32798 HIGH This Week

An out-of-bounds write issue was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Apple Buffer Overflow macOS
NVD
CVSS 3.1
7.8
EPSS
1.6%
CVE-2022-32796 HIGH This Week

A memory corruption issue was addressed with improved state management. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Apple Buffer Overflow macOS
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2022-35257 HIGH This Week

A local privilege escalation vulnerability in UI Desktop for Windows (Version 0.55.1.2 and earlier) allows a malicious actor with local access to a Windows device with UI Desktop to run arbitrary. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Desktop
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-2566 HIGH PATCH This Week

A heap out-of-bounds memory write exists in FFMPEG since version 5.1. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Heap Overflow Buffer Overflow Ffmpeg
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-35252 LOW POC Monitor

When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Curl Clustered Data Ontap Element Software Hci Management Node +9
NVD
CVSS 3.1
3.7
EPSS
1.8%
CVE-2022-40107 HIGH This Week

Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formexeCommand function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Tenda Denial Of Service Buffer Overflow I9 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-40106 HIGH This Week

Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the set_local_time function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Tenda Denial Of Service Buffer Overflow I9 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-40105 HIGH This Week

Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formWifiMacFilterGet function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Tenda Denial Of Service Buffer Overflow I9 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-40104 HIGH This Week

Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formwrlSSIDget function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Tenda Denial Of Service Buffer Overflow I9 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-40102 HIGH This Week

Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formwrlSSIDset function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Tenda Denial Of Service Buffer Overflow I9 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-40101 HIGH This Week

Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formWifiMacFilterSet function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Tenda Denial Of Service Buffer Overflow I9 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-32790 HIGH This Week

This issue was addressed with improved checks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Denial Of Service Ipados Iphone Os Mac Os X +3
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2022-40629 HIGH This Week

This vulnerability exists in Tacitine Firewall, all versions of EN6200-PRIME QUAD-35 and EN6200-PRIME QUAD-100 between 19.1.1 to 22.20.1 (inclusive), due to insecure design in the Tacitine Firewall. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure En6200 Prime Quad 35 Firmware En6200 Prime Quad 100 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-40194 HIGH This Week

Unauthenticated Sensitive Information Disclosure vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPress. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure WordPress Customer Reviews For Woocommerce
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-40188 HIGH This Week

Knot Resolver before 5.5.3 allows remote attackers to cause a denial of service (CPU consumption) because of algorithmic complexity. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Knot Resolver Fedora Debian Linux
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2022-2973 HIGH This Week

MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) uses a NULL pointer in certain situations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Libiec61850
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-2971 HIGH This Week

MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) accesses a resource using an incompatible type, which could allow an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Libiec61850
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-32853 HIGH This Week

An out-of-bounds read issue was addressed with improved input validation. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Buffer Overflow Mac Os X macOS
NVD
CVSS 3.1
7.1
EPSS
0.6%
CVE-2022-32852 HIGH This Week

An out-of-bounds read issue was addressed with improved input validation. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Buffer Overflow macOS
NVD
CVSS 3.1
7.1
EPSS
0.5%
CVE-2022-32851 HIGH This Week

An out-of-bounds read issue was addressed with improved input validation. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Buffer Overflow Mac Os X macOS
NVD
CVSS 3.1
7.1
EPSS
0.6%
CVE-2022-32843 HIGH This Week

An out-of-bounds write issue was addressed with improved bounds checking. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Apple Buffer Overflow Mac Os X macOS
NVD
CVSS 3.1
7.1
EPSS
0.6%
CVE-2022-32831 HIGH This Week

An out-of-bounds read was addressed with improved bounds checking. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Buffer Overflow Mac Os X macOS
NVD
CVSS 3.1
7.1
EPSS
0.6%
CVE-2022-32807 HIGH This Week

This issue was addressed with improved file handling. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Mac Os X macOS
NVD
CVSS 3.1
7.1
EPSS
0.7%
CVE-2022-32797 HIGH This Week

This issue was addressed with improved checks. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Mac Os X macOS
NVD
CVSS 3.1
7.1
EPSS
1.0%
CVE-2022-34348 HIGH PATCH This Week

IBM Sterling Partner Engagement Manager 6.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE IBM Sterling Partner Engagement Manager
NVD
CVSS 3.1
7.1
EPSS
1.4%
CVE-2022-2785 MEDIUM PATCH This Month

There exists an arbitrary memory read within the Linux Kernel BPF - Constants provided to fill pointers in structs passed in to bpf_sys_bpf are not verified and can point anywhere, including memory. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Linux Information Disclosure Buffer Overflow Linux Kernel
NVD VulDB
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-32832 MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Apple Ipados Iphone Os Mac Os X +3
NVD
CVSS 3.1
6.7
EPSS
1.0%
CVE-2022-30121 MEDIUM This Month

The “LANDesk(R) Management Agent” service exposes a socket and once connected, it is possible to launch commands only for signed executables. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Endpoint Manager
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2022-32816 MEDIUM This Month

The issue was addressed with improved UI handling. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os macOS +2
NVD
CVSS 3.1
6.5
EPSS
6.5%
CVE-2022-40716 MEDIUM PATCH This Month

HashiCorp Consul and Consul Enterprise up to 1.11.8, 1.12.4, and 1.13.1 do not check for multiple SAN URI values in a CSR on the internal RPC endpoint, enabling leverage of privileged access to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Hashicorp Authentication Bypass HashiCorp Consul
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-24280 MEDIUM PATCH This Month

Improper Input Validation vulnerability in Proxy component of Apache Pulsar allows an attacker to make TCP/IP connection attempts that originate from the Pulsar Proxy's IP address. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Authentication Bypass Pulsar
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2022-39230 MEDIUM PATCH This Month

fhir-works-on-aws-authz-smart is an implementation of the authorization interface from the FHIR Works interface. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Fhir Works On Aws Authz Smart
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-41320 MEDIUM This Month

Veritas System Recovery (VSR) versions 18 and 21 store a network destination password in the Windows registry during configuration of the backup configuration. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure System Recovery
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-36417 MEDIUM This Month

Multiple Stored Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability in 3D Tag Cloud plugin <= 3.8 at WordPress. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS WordPress 3D Tag Cloud
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2022-40193 MEDIUM This Month

Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability in Awesome Filterable Portfolio plugin <= 1.9.7 at WordPress. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Awesome Filterable Portfolio
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-41319 MEDIUM This Month

A Reflected Cross-Site Scripting (XSS) vulnerability affects the Veritas Desktop Laptop Option (DLO) application login page (aka the DLOServer/restore/login.jsp URI). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Desktop And Laptop Option
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-32799 MEDIUM This Month

An out-of-bounds read issue was addressed with improved bounds checking. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Apple Buffer Overflow Mac Os X macOS
NVD
CVSS 3.1
5.9
EPSS
1.3%
CVE-2022-33683 MEDIUM PATCH This Month

Apache Pulsar Brokers and Proxies create an internal Pulsar Admin Client that does not verify peer TLS certificates, even when tlsAllowInsecureConnection is disabled via configuration. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apache Information Disclosure Pulsar
NVD
CVSS 3.1
5.9
EPSS
0.6%
CVE-2022-33682 MEDIUM PATCH This Month

TLS hostname verification cannot be enabled in the Pulsar Broker's Java Client, the Pulsar Broker's Java Admin Client, the Pulsar WebSocket Proxy's Java Client, and the Pulsar Proxy's Admin Client. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apache Information Disclosure Java Pulsar
NVD
CVSS 3.1
5.9
EPSS
0.6%
CVE-2022-33681 MEDIUM PATCH This Month

Delayed TLS hostname verification in the Pulsar Java Client and the Pulsar Proxy make each client vulnerable to a man in the middle attack. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apache Information Disclosure Java Pulsar
NVD
CVSS 3.1
5.9
EPSS
0.6%
CVE-2022-38061 MEDIUM This Month

Authenticated (author+) CSV Injection vulnerability in Export Post Info plugin <= 1.2.0 at WordPress. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Code Injection Export Post Info
NVD
CVSS 3.1
5.7
EPSS
0.6%
CVE-2022-40103 MEDIUM This Month

Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formSetAutoPing function. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Tenda Denial Of Service Buffer Overflow I9 Firmware
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
Prev Page 3 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy