Skip to main content
CVE-2022-30124 MEDIUM POC This Month

An improper authentication vulnerability exists in Rocket.Chat Mobile App <4.14.1.22788 that allowed an attacker with physical access to a mobile device to bypass local authentication (PIN code). Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Rocket Chat
NVD
CVSS 3.1
6.8
EPSS
0.6%
CVE-2022-32227 MEDIUM POC This Month

A cleartext transmission of sensitive information exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 relating to Oauth tokens by having the permission "view-full-other-user-info", this could cause an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Rocket Chat
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-32220 MEDIUM POC This Month

An information disclosure vulnerability exists in Rocket.Chat <v5 due to the getUserMentionsByChannel meteor server method discloses messages from private channels and direct messages regardless of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Rocket Chat
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-3257 MEDIUM POC PATCH This Month

Mattermost version 7.1.x and earlier fails to sufficiently process a specifically crafted GIF file when it is uploaded while drafting a post, which allows authenticated users to cause resource. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Mattermost Denial Of Service Mattermost Server
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2022-40359 MEDIUM POC This Month

Cross site scripting (XSS) vulnerability in kfm through 1.4.7 via crafted GET request to /kfm/index.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Kfm
NVD
CVSS 3.1
6.1
EPSS
1.3%
CVE-2022-3278 MEDIUM POC PATCH This Month

NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0552. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Vim Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
0.8%
CVE-2022-35099 MEDIUM POC This Month

SWFTools commit 772e55a2 was discovered to contain a stack overflow via ImageStream::getPixel(unsigned char*) at /xpdf/Stream.cc. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Swftools
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-35098 MEDIUM POC This Month

SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via GfxICCBasedColorSpace::getDefaultColor(GfxColor*) at /xpdf/GfxState.cc. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Swftools
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-35097 MEDIUM POC This Month

SWFTools commit 772e55a2 was discovered to contain a segmentation violation via FoFiTrueType::writeTTF at /xpdf/FoFiTrueType.cc. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Swftools
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-35096 MEDIUM POC This Month

SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via draw_stroke at /gfxpoly/stroke.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Swftools
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-35095 MEDIUM POC This Month

SWFTools commit 772e55a2 was discovered to contain a segmentation violation via InfoOutputDev::type3D1 at /pdf/InfoOutputDev.cc. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Swftools
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-35094 MEDIUM POC This Month

SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via DCTStream::readHuffSym(DCTHuffTable*) at /xpdf/Stream.cc. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Swftools
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-35093 MEDIUM POC This Month

SWFTools commit 772e55a2 was discovered to contain a global buffer overflow via DCTStream::transformDataUnit at /xpdf/Stream.cc. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Swftools
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-35092 MEDIUM POC This Month

SWFTools commit 772e55a2 was discovered to contain a segmentation violation via convert_gfxline at /gfxpoly/convert.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Swftools
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-35091 MEDIUM POC This Month

SWFTools commit 772e55a2 was discovered to contain a floating point exception (FPE) via DCTStream::readMCURow() at /xpdf/Stream.cc.ow(). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Swftools
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-35251 MEDIUM POC This Month

A cross-site scripting vulnerability exists in Rocket.chat <v5 due to style injection in the complete chat window, an adversary is able to manipulate not only the style of it, but will also be able. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rocket Chat
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-40358 MEDIUM POC This Month

An issue was discovered in AjaXplorer 4.2.3, allows attackers to cause cross site scripting vulnerabilities via a crafted svg file upload. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS File Upload Ajaxplorer
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-32217 MEDIUM POC This Month

A cleartext storage of sensitive information exists in Rocket.Chat <v4.6.4 due to Oauth token being leaked in plaintext in Rocket.chat logs. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Rocket Chat
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-35250 MEDIUM POC This Month

A privilege escalation vulnerability exists in Rocket.chat <v5 which made it possible to elevate privileges for any authenticated user to view Direct messages without appropriate permissions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Rocket Chat
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-35249 MEDIUM POC This Month

A information disclosure vulnerability exists in Rocket.Chat <v5 where the getUserMentionsByChannel meteor server method discloses messages from private channels and direct messages regardless of the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Rocket Chat
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-35247 MEDIUM POC This Month

A information disclosure vulnerability exists in Rocket.chat <v5, <v4.8.2 and <v4.7.5 where the lack of ACL checks in the getRoomRoles Meteor method leak channel members with special roles to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Rocket Chat
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-35246 MEDIUM POC This Month

A NoSQL-Injection information disclosure vulnerability vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 in the getS3FileUrl Meteor server method that can disclose arbitrary file upload. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure File Upload Rocket Chat
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-32229 MEDIUM POC This Month

A information disclosure vulnerability exists in Rockert.Chat <v5 due to /api/v1/chat.getThreadsList lack of sanitization of user inputs and can therefore leak private thread messages to unauthorized. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Rocket Chat
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2022-32228 MEDIUM POC This Month

An information disclosure vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 since the getReadReceipts Meteor server method does not properly filter user inputs that are passed to MongoDB. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Rocket Chat
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2022-32226 MEDIUM POC This Month

An improper access control vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 due to input data in the getUsersOfRoom Meteor server method is not type validated, so that MongoDB query. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Rocket Chat
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2022-32219 MEDIUM POC This Month

An information disclosure vulnerability exists in Rocket.Chat <v4.7.5 which allowed the "users.list" REST endpoint gets a query parameter from JSON and runs Users.find(queryFromClientSide). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Rocket Chat
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2022-32218 MEDIUM POC This Month

An information disclosure vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 due to the actionLinkHandler method was found to allow Message ID Enumeration with Regex MongoDB queries. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Rocket Chat
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2022-2785 MEDIUM PATCH This Month

There exists an arbitrary memory read within the Linux Kernel BPF - Constants provided to fill pointers in structs passed in to bpf_sys_bpf are not verified and can point anywhere, including memory. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Linux Information Disclosure Buffer Overflow Linux Kernel
NVD VulDB
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-32832 MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Apple Ipados Iphone Os Mac Os X +3
NVD
CVSS 3.1
6.7
EPSS
1.0%
CVE-2022-30121 MEDIUM This Month

The “LANDesk(R) Management Agent” service exposes a socket and once connected, it is possible to launch commands only for signed executables. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Endpoint Manager
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2022-32816 MEDIUM This Month

The issue was addressed with improved UI handling. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os macOS +2
NVD
CVSS 3.1
6.5
EPSS
6.5%
CVE-2022-40716 MEDIUM PATCH This Month

HashiCorp Consul and Consul Enterprise up to 1.11.8, 1.12.4, and 1.13.1 do not check for multiple SAN URI values in a CSR on the internal RPC endpoint, enabling leverage of privileged access to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Hashicorp Authentication Bypass HashiCorp Consul
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-24280 MEDIUM PATCH This Month

Improper Input Validation vulnerability in Proxy component of Apache Pulsar allows an attacker to make TCP/IP connection attempts that originate from the Pulsar Proxy's IP address. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Authentication Bypass Pulsar
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2022-39230 MEDIUM PATCH This Month

fhir-works-on-aws-authz-smart is an implementation of the authorization interface from the FHIR Works interface. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Fhir Works On Aws Authz Smart
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-41320 MEDIUM This Month

Veritas System Recovery (VSR) versions 18 and 21 store a network destination password in the Windows registry during configuration of the backup configuration. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure System Recovery
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-36417 MEDIUM This Month

Multiple Stored Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability in 3D Tag Cloud plugin <= 3.8 at WordPress. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS WordPress 3D Tag Cloud
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2022-40193 MEDIUM This Month

Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability in Awesome Filterable Portfolio plugin <= 1.9.7 at WordPress. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Awesome Filterable Portfolio
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-41319 MEDIUM This Month

A Reflected Cross-Site Scripting (XSS) vulnerability affects the Veritas Desktop Laptop Option (DLO) application login page (aka the DLOServer/restore/login.jsp URI). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Desktop And Laptop Option
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-32799 MEDIUM This Month

An out-of-bounds read issue was addressed with improved bounds checking. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Apple Buffer Overflow Mac Os X macOS
NVD
CVSS 3.1
5.9
EPSS
1.3%
CVE-2022-33683 MEDIUM PATCH This Month

Apache Pulsar Brokers and Proxies create an internal Pulsar Admin Client that does not verify peer TLS certificates, even when tlsAllowInsecureConnection is disabled via configuration. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apache Information Disclosure Pulsar
NVD
CVSS 3.1
5.9
EPSS
0.6%
CVE-2022-33682 MEDIUM PATCH This Month

TLS hostname verification cannot be enabled in the Pulsar Broker's Java Client, the Pulsar Broker's Java Admin Client, the Pulsar WebSocket Proxy's Java Client, and the Pulsar Proxy's Admin Client. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apache Information Disclosure Java Pulsar
NVD
CVSS 3.1
5.9
EPSS
0.6%
CVE-2022-33681 MEDIUM PATCH This Month

Delayed TLS hostname verification in the Pulsar Java Client and the Pulsar Proxy make each client vulnerable to a man in the middle attack. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apache Information Disclosure Java Pulsar
NVD
CVSS 3.1
5.9
EPSS
0.6%
CVE-2022-38061 MEDIUM This Month

Authenticated (author+) CSV Injection vulnerability in Export Post Info plugin <= 1.2.0 at WordPress. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Code Injection Export Post Info
NVD
CVSS 3.1
5.7
EPSS
0.6%
CVE-2022-40103 MEDIUM This Month

Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formSetAutoPing function. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Tenda Denial Of Service Buffer Overflow I9 Firmware
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-32849 MEDIUM This Month

An information disclosure issue was addressed by removing the vulnerable code. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os Mac Os X +2
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-32848 MEDIUM This Month

A logic issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple macOS
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2022-32841 MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Buffer Overflow Ipados Iphone Os +3
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2022-32828 MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os macOS +1
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2022-32825 MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os macOS +2
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-32823 MEDIUM This Month

A memory initialization issue was addressed with improved memory handling. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os Mac Os X +3
NVD
CVSS 3.1
5.5
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy