Skip to main content
CVE-2022-33178 HIGH This Week

A vulnerability in the radius authentication system of Brocade Fabric OS before Brocade Fabric OS 9.0 could allow a remote attacker to execute arbitrary code on the Brocade switch. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Fabric Operating System
NVD
CVSS 3.1
7.2
EPSS
1.3%
CVE-2022-34845 LOW POC Monitor

A firmware update vulnerability exists in the sysupgrade functionality of Robustel R1510 3.1.16 and 3.3.0. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure R1510 Firmware
NVD
CVSS 3.1
2.7
EPSS
0.3%
CVE-2022-28170 MEDIUM This Month

Brocade Fabric OS Web Application services before Brocade Fabric v9.1.0, v9.0.1e, v8.2.3c, v7.4.2j store server and user passwords in the debug statements. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Fabric Operating System
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2022-36454 MEDIUM This Month

A vulnerability in the MiCollab Client API of Mitel MiCollab through 9.5.0.101 could allow an authenticated attacker to modify their profile parameters due to improper authorization controls. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Micollab
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-33757 MEDIUM This Month

An authenticated attacker could read Nessus Debug Log file attachments from the web UI without having the correct privileges to do so. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Nessus
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-38162 MEDIUM This Month

Reflected cross-site scripting (XSS) vulnerabilities in WithSecure through 2022-08-10) exists within the F-Secure Policy Manager due to an unvalidated parameter in the endpoint, which allows remote. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS F Secure Policy Manager
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-31468 MEDIUM This Month

OX App Suite through 8.2 allows XSS via an attachment or OX Drive content when a client uses the len or off parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ox App Suite
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-27913 MEDIUM This Month

An issue was discovered in Joomla!. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Joomla
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-38200 MEDIUM This Month

A cross site scripting vulnerability exists in some map service configurations of ArcGIS Server versions 10.8.1 and 10.7.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Arcgis Server
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2022-38199 MEDIUM This Month

A remote file download issue can occur in some capabilities of Esri ArcGIS Server web services that may in some edge cases allow a remote, unauthenticated attacker to induce an unsuspecting victim to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Arcgis Server
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2022-38198 MEDIUM PATCH This Month

There is a reflected cross site scripting issue in the Esri ArcGIS Server services directory versions 10.9.1 and below that may allow a remote, unauthenticated attacker to convince a user to click on. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Arcgis Server
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-38197 MEDIUM This Month

Esri ArcGIS Server versions 10.9.1 and below have an unvalidated redirect issue that may allow a remote, unauthenticated attacker to phish a user into accessing an attacker controlled website via a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Arcgis Server
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-38195 MEDIUM This Month

There is as reflected cross site scripting issue in Esri ArcGIS Server versions 10.9.1 and below which may allow a remote unauthorized attacker able to convince a user to click on a crafted link. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Arcgis Server
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-33181 MEDIUM This Month

An information disclosure vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a local authenticated attacker to read sensitive files. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Fabric Operating System
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-33180 MEDIUM This Month

A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5 could allow a local authenticated attacker to export out sensitive files with “seccryptocfg”,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Fabric Operating System
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-3344 MEDIUM PATCH This Month

A flaw was found in the KVM's AMD nested virtualization (SVM). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Amd Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-39349 MEDIUM PATCH This Month

The Tasks.org Android app is an open-source app for to-do lists and reminders. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Information Disclosure Tasks
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-39350 MEDIUM PATCH This Month

@dependencytrack/frontend is a Single Page Application (SPA) used in Dependency-Track, an open source Component Analysis platform that allows organizations to identify and reduce risk in the software. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Dependency Track Frontend
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-36783 MEDIUM This Month

AlgoSec - FireFlow Reflected Cross-Site-Scripting (RXSS) A malicious user injects JavaScript code into a parameter called IntersectudRule on the search/result.html page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Fireflow
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-34870 MEDIUM PATCH This Month

Apache Geode versions up to 1.15.0 are vulnerable to a Cross-Site Scripting (XSS) via data injection when using Pulse web application to view Region entries. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache XSS Geode
NVD
CVSS 3.1
5.4
EPSS
1.1%
CVE-2022-27912 MEDIUM This Month

An issue was discovered in Joomla!. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Joomla
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2022-39340 MEDIUM PATCH This Month

OpenFGA is an authorization/permission engine. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Openfga
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-39315 MEDIUM PATCH This Month

Kirby is a Content Management System. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Kirby
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-39351 MEDIUM This Month

Dependency-Track is a Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dependency Track
NVD GitHub
CVSS 3.1
4.4
EPSS
0.2%
CVE-2022-27622 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Package Center functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote authenticated users to access intranet resources. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Synology Diskstation Manager
NVD
CVSS 3.1
4.3
EPSS
0.7%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy