Skip to main content
CVE-2022-32166 MEDIUM PATCH This Month

In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Open Vswitch Debian Linux
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-39054 MEDIUM This Month

Cowell enterprise travel management system has insufficient filtering for special characters within web URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cowell Enterprise Travel Management System
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-39053 MEDIUM This Month

Heimavista Rpage has insufficient filtering for platform web URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Dark Horse Rpage
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-39035 MEDIUM This Month

Smart eVision has insufficient filtering for special characters in the POST Data parameter in the specific function. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Smart Evision
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-39264 MEDIUM PATCH This Month

nheko is a desktop client for the Matrix communication application. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Nheko Fedora
NVD GitHub
CVSS 3.1
5.9
EPSS
0.6%
CVE-2022-38699 MEDIUM This Month

Armoury Crate Service’s logging function has insufficient validation to check if the log file is a symbolic link. Rated medium severity (CVSS 5.9), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Armoury Crate Service
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2022-31628 MEDIUM This Month

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service PHP Fedora Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2022-35722 MEDIUM PATCH This Month

IBM Jazz for Service Management is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Jazz For Service Management
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-22387 MEDIUM PATCH This Month

IBM Application Gateway is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Application Gateway
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-39246 MEDIUM PATCH This Month

matrix-android-sdk2 is the Matrix SDK for Android. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Google Authentication Bypass Software Development Kit
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-36781 MEDIUM This Month

ConnectWise ScreenConnect versions 22.6 and below contained a flaw allowing potential brute force attacks on custom access tokens due to inadequate rate-limiting controls in the default. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Screenconnect
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2022-23716 MEDIUM This Month

A flaw was discovered in ECE before 3.1.1 that could lead to the disclosure of the SAML signing private key used for the RBAC features, in deployment logs in the Logging and Monitoring cluster. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Elastic Cloud Enterprise
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2022-39236 MEDIUM PATCH This Month

Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Javascript Sdk
NVD GitHub
CVSS 3.1
5.3
EPSS
1.0%
CVE-2022-39031 MEDIUM This Month

Smart eVision has insufficient authorization for task acquisition function. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Smart Evision
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-29089 MEDIUM This Month

Dell Networking OS10, versions prior to October 2021 with Smart Fabric Services enabled, contains an information disclosure vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Dell Smartfabric Os10
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2022-2760 MEDIUM PATCH This Month

In affected versions of Octopus Deploy it is possible to reveal the Space ID of spaces that the user does not have access to view in an error message when a resource is part of another Space. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Octopus Server
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-34394 LOW Monitor

Dell OS10, version 10.5.3.4, contains an Improper Certificate Validation vulnerability in Support Assist. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Dell Smartfabric Os10
NVD
CVSS 3.1
3.7
EPSS
0.4%
CVE-2022-40709 LOW Monitor

An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to disclose sensitive information on affected. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Trend Micro Buffer Overflow Deep Security Agent
NVD
CVSS 3.1
3.3
EPSS
0.4%
CVE-2022-40708 LOW Monitor

An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to disclose sensitive information on affected. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Trend Micro Buffer Overflow Deep Security Agent
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2022-40707 LOW Monitor

An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to disclose sensitive information on affected. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Trend Micro Buffer Overflow Deep Security Agent
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2022-28815 LOW Monitor

In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 the Sentilo Proxy server was discovered to contain a SQL injection vulnerability allowing an attacker to query. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Cpy Car Park Server Uwp 3 0 Monitoring Gateway And Controller Firmware
NVD
CVSS 3.1
2.7
EPSS
0.4%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy