Skip to main content
CVE-2022-39233 MEDIUM POC PATCH This Month

Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Gitlab Tuleap
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-1523 CRITICAL Act Now

Fuji Electric D300win prior to version 3.7.1.17 is vulnerable to a write-what-where condition, which could allow an attacker to overwrite program memory to manipulate the flow of information. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure D300Win
NVD
CVSS 3.1
9.1
EPSS
0.5%
CVE-2022-25719 CRITICAL Act Now

Information disclosure in WLAN due to improper length check while processing authentication handshake in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity,. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Qualcomm Buffer Overflow Apq8009 Firmware Apq8009W Firmware +116
NVD
CVSS 3.1
9.1
EPSS
0.5%
CVE-2022-41835 HIGH This Week

In F5OS-A version 1.x before 1.1.0 and F5OS-C version 1.x before 1.5.0, excessive file permissions in F5OS allows an authenticated local attacker to execute limited set of commands in a container and. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation F5Os A F5Os C
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2022-1414 HIGH This Week

3scale API Management 2 does not perform adequate sanitation for user input in multiple fields. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure 3Scale Api Management
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-43416 HIGH PATCH This Week

Jenkins Katalon Plugin 1.0.32 and earlier implements an agent/controller message that does not limit where it can be executed and allows invoking Katalon with configurable arguments, allowing. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Jenkins Katalon
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-43407 HIGH PATCH This Week

Jenkins Pipeline: Input Step Plugin 451.vf1a_a_4f405289 and earlier does not restrict or sanitize the optionally specified ID of the 'input' step, which is used for the URLs that process user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Pipeline
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-23734 HIGH This Week

A deserialization of untrusted data vulnerability was identified in GitHub Enterprise Server that could potentially lead to remote code execution on the SVNBridge. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Deserialization SSRF Enterprise Server
NVD GitHub
CVSS 3.1
8.8
EPSS
1.9%
CVE-2022-39267 HIGH PATCH This Week

Bifrost is a heterogeneous middleware that synchronizes MySQL, MariaDB to Redis, MongoDB, ClickHouse, MySQL and other services for production environments. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Redis Bifrost
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-39260 HIGH This Week

Git is an open source, scalable, distributed revision control system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Heap Overflow Buffer Overflow Git Fedora +2
NVD GitHub
CVSS 3.1
8.8
EPSS
2.9%
CVE-2022-25750 HIGH PATCH This Week

Memory corruption in BTHOST due to double free while music playback and calls over bluetooth headset in Snapdragon Mobile. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Buffer Overflow Kailua Firmware Sg8275 Firmware Sg8275p Firmware +12
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2022-41708 MEDIUM POC This Month

Relatedcode's Messenger version 7bcd20b allows an authenticated external attacker to access existing chats in the workspaces of any user of the application. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Messenger
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-23241 HIGH This Week

Clustered Data ONTAP versions 9.11.1 through 9.11.1P2 with SnapLock configured FlexGroups are susceptible to a vulnerability which could allow an authenticated remote attacker to arbitrarily modify. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Clustered Data Ontap
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2022-41741 HIGH This Week

NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Nginx Buffer Overflow Nginx Ingress Controller Fedora +1
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-33217 HIGH This Week

Memory corruption in Qualcomm IPC due to buffer copy without checking the size of input while starting communication with a compromised kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Sd 8 Gen1 5g Firmware Wcd9380 Firmware Wcn6855 Firmware +5
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-33210 HIGH This Week

Memory corruption in automotive multimedia due to use of out-of-range pointer offset while parsing command request packet with a very large type value. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Apq8064au Firmware Apq8096Au Firmware Msm8996au Firmware +20
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-25723 HIGH PATCH This Week

Memory corruption in multimedia due to use after free during callback registration failure in Snapdragon Mobile. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Buffer Overflow Memory Corruption Qualcomm Use After Free +8
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-25661 HIGH This Week

Memory corruption due to untrusted pointer dereference in kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Aqt1000 Firmware Ar8035 Firmware Qam8295p Firmware +95
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-25660 HIGH This Week

Memory corruption due to double free issue in kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Aqt1000 Firmware Ar8035 Firmware Qam8295p Firmware +90
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-22077 HIGH PATCH This Week

Memory corruption in graphics due to use-after-free in graphics dispatcher logic in Snapdragon Mobile. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Buffer Overflow Qualcomm Use After Free Sd 8 Gen1 5g Firmware +7
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-33077 HIGH This Week

An access control issue in nopcommerce v4.50.2 allows attackers to arbitrarily modify any customer's address via the addressedit endpoint. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Nopcommerce
NVD VulDB
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-41836 HIGH This Week

When an 'Attack Signature False Positive Mode' enabled security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Advanced Web Application Firewall Big Ip Application Security Manager
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-41833 HIGH This Week

In all BIG-IP 13.1.x versions, when an iRule containing the HTTP::collect command is configured on a virtual server, undisclosed requests can cause Traffic Management Microkernel (TMM) to terminate. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +7
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-41832 HIGH This Week

In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x before 13.1.5.1, when a SIP profile is configured on a virtual server,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +7
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-41806 HIGH This Week

In versions 16.1.x before 16.1.3.2 and 15.1.x before 15.1.5.1, when BIG-IP AFM Network Address Translation policy with IPv6/IPv4 translation rules is configured on a virtual server, undisclosed. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Big Ip Advanced Firewall Manager
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-41787 HIGH This Week

In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x before 13.1.5.1, when DNS profile is configured on a virtual server with. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Big Ip Domain Name System Big Ip Local Traffic Manager
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-41691 HIGH This Week

When a BIG-IP Advanced WAF/ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Advanced Web Application Firewall Big Ip Application Security Manager
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-41624 HIGH This Week

In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.2, 15.1.x before 15.1.7, 14.1.x before 14.1.5.2, and 13.1.x before 13.1.5.1, when a sideband iRule is configured on a virtual server,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +7
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-36795 HIGH This Week

In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, and 14.1.x before 14.1.5.1, when an LTM TCP profile with Auto Receive Window Enabled is configured on a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +7
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-1738 HIGH This Week

Fuji Electric D300win prior to version 3.7.1.17 is vulnerable to an out-of-bounds read, which could allow an attacker to leak sensitive data from the process memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow D300Win
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-43430 HIGH PATCH This Week

Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Jenkins Compuware Topaz For Total Test
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-43429 HIGH This Week

Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Compuware Topaz For Total Test
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-43415 HIGH PATCH This Week

Jenkins REPO Plugin 1.15.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Jenkins Repo
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-25749 HIGH This Week

Transient Denial-of-Service in WLAN due to buffer over-read while parsing MDNS frames. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Qualcomm Buffer Overflow Apq8009 Firmware Apq8017 Firmware +274
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-25736 HIGH This Week

Denial of service in WLAN due to out-of-bound read happens while processing VHT action frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Qualcomm Denial Of Service Buffer Overflow Aqt1000 Firmware +242
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-25662 HIGH This Week

Information disclosure due to untrusted pointer dereference in kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Qualcomm Buffer Overflow Apq8096Au Firmware Msm8996au Firmware +76
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2022-41617 HIGH This Week

In versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x before 13.1.5.1, When the Advanced WAF / ASM module is provisioned, an authenticated remote code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Big Ip Advanced Web Application Firewall Big Ip Application Security Manager
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2022-41742 HIGH This Week

NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Nginx Buffer Overflow Nginx Ingress Controller Fedora +1
NVD
CVSS 3.1
7.1
EPSS
1.1%
CVE-2022-25665 HIGH This Week

Information disclosure due to buffer over read in kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Mobile. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Qualcomm Buffer Overflow Aqt1000 Firmware Ar8035 Firmware +82
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2022-41743 HIGH This Week

NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_hls_module that might allow a local attacker to corrupt NGINX worker memory, resulting in its crash or. Rated high severity (CVSS 7.0). No vendor patch available.

Memory Corruption Nginx Buffer Overflow Nginx Ingress Controller Nginx Plus
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2022-33214 HIGH PATCH This Week

Memory corruption in display due to time-of-check time-of-use of metadata reserved size in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile,. Rated high severity (CVSS 7.0).

Qualcomm Buffer Overflow Aqt1000 Firmware Qam8295p Firmware Qca6390 Firmware +99
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2022-25666 MEDIUM PATCH This Month

Memory corruption due to use after free in service while trying to access maps by different threads in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT,. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Denial Of Service Buffer Overflow Memory Corruption Qualcomm Use After Free +148
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-41813 MEDIUM This Month

In versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when BIG-IP is provisioned with PEM or AFM module, an undisclosed input can cause Traffic. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Advanced Firewall Manager Big Ip Policy Enforcement Manager
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-41770 MEDIUM This Month

In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ all versions of 8.x and 7.x, an authenticated. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +8
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-2805 MEDIUM This Month

A flaw was found in ovirt-engine, which leads to the logging of plaintext passwords in the log file when using otapi-style. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Virtualization
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-43419 MEDIUM PATCH This Month

Jenkins Katalon Plugin 1.0.32 and earlier stores API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Katalon
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-43408 MEDIUM PATCH This Month

Jenkins Pipeline: Stage View Plugin 2.26 and earlier does not correctly encode the ID of 'input' steps when using it to generate URLs to proceed or abort Pipeline builds, allowing attackers able to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Pipeline
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-42466 MEDIUM PATCH This Month

Prior to 2.0.0-M9, it was possible for an end-user to set the value of an editable string property of a domain object to a value that would be rendered unchanged when the value was saved. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Isis
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2022-41780 MEDIUM This Month

In F5OS-A version 1.x before 1.1.0 and F5OS-C version 1.x before 1.4.0, a directory traversal vulnerability exists in an undisclosed location of the F5OS CLI that allows an attacker to read arbitrary. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal F5Os A F5Os C
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2022-40885 MEDIUM This Month

Bento4 v1.6.0-639 has a memory allocation issue that can cause denial of service. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Bento4
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy