Skip to main content
CVE-2022-32540 MEDIUM This Month

Information Disclosure in Operator Client application in BVMS 10.1.1, 11.0 and 11.1.0 and VIDEOJET Decoder VJD-7513 versions 10.23 and 10.30 allows man-in-the-middle attacker to compromise. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Bosch Video Management System Videojet Decoder 7513 Firmware
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2022-28851 MEDIUM This Month

Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Adobe Experience Manager
NVD
CVSS 3.1
5.4
EPSS
36.8%
CVE-2022-21826 MEDIUM This Month

Pulse Secure version 9.115 and below may be susceptible to client-side http request smuggling, When the application receives a POST request, it ignores the request's Content-Length header and leaves. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Ivanti Request Smuggling XSS Connect Secure Pulse Connect Secure
NVD
CVSS 3.1
5.4
EPSS
45.2%
CVE-2022-20844 MEDIUM This Month

A vulnerability in authentication mechanism of Cisco Software-Defined Application Visibility and Control (SD-AVC) on Cisco vManage could allow an unauthenticated, remote attacker to access the GUI of. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Sd Wan
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2022-23726 MEDIUM This Month

PingCentral versions prior to listed versions expose Spring Boot actuator endpoints that with administrative authentication return large amounts of sensitive environmental and application information. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Java Pingcentral
NVD
CVSS 3.1
4.9
EPSS
0.6%
CVE-2022-20728 MEDIUM This Month

A vulnerability in the client forwarding code of multiple Cisco Access Points (APs) could allow an unauthenticated, adjacent attacker to inject packets from the native VLAN to clients within. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Aironet 1542D Firmware Aironet 1542I Firmware Aironet 1562I Firmware +23
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2022-41850 MEDIUM This Month

roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a. Rated medium severity (CVSS 4.7). No vendor patch available.

Linux Race Condition Information Disclosure Linux Kernel Debian Linux
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2022-40316 MEDIUM PATCH This Month

The H5P activity attempts report did not filter by groups, which in separate groups mode could reveal information to non-editing teachers about attempts/users in groups they should not have access to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Moodle Extra Packages For Enterprise Linux Fedora
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-41849 MEDIUM This Month

drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open(), aka a. Rated medium severity (CVSS 4.2), this vulnerability is no authentication required. No vendor patch available.

Linux Race Condition Information Disclosure Linux Kernel Debian Linux
NVD
CVSS 3.1
4.2
EPSS
0.3%
CVE-2022-41848 MEDIUM This Month

drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl,. Rated medium severity (CVSS 4.2), this vulnerability is no authentication required. No vendor patch available.

Linux Race Condition Information Disclosure Linux Kernel
NVD
CVSS 3.1
4.2
EPSS
0.2%
CVE-2022-34428 LOW Monitor

Dell Hybrid Client prior to version 1.8 contains a Regular Expression Denial of Service Vulnerability in the UI. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Denial Of Service Hybrid Client
NVD
CVSS 3.1
2.7
EPSS
0.5%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy