Skip to main content
CVE-2022-43253 MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_unweighted_pred_16_fallback in fallback-motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Libde265 Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-43252 MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_epel_16_fallback in fallback-motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Libde265 Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-43250 MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_qpel_0_0_fallback_16 in fallback-motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Libde265 Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-43249 MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_epel_hv_fallback<unsigned short> in fallback-motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Libde265 Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-43248 MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_weighted_pred_avg_16_fallback in fallback-motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Libde265 Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-43245 MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain a segmentation violation via apply_sao_internal<unsigned short> in sao.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Libde265 Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-43244 MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_qpel_fallback<unsigned short> in fallback-motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Libde265 Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-43243 MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_weighted_pred_avg_8_sse in sse-motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Libde265 Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-43242 MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via mc_luma<unsigned char> in motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Libde265 Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-43241 MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_qpel_v_3_8_sse in sse-motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Libde265 Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-43240 MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_hevc_qpel_h_2_v_1_sse in sse-motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Libde265 Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-43239 MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via mc_chroma<unsigned short> in motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Libde265 Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-43238 MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_qpel_h_3_v_3_sse in sse-motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libde265 Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-43237 MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vulnerability via void put_epel_hv_fallback<unsigned short> in fallback-motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Libde265 Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-43236 MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vulnerability via put_qpel_fallback<unsigned short> in fallback-motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Libde265 Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-43235 MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_hevc_epel_pixels_8_sse in sse-motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Libde265 Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-3826 MEDIUM POC This Month

A vulnerability was found in Huaxia ERP. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Huaxia Erp
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-3825 MEDIUM POC This Month

A vulnerability was found in Huaxia ERP 2.3 and classified as critical. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Huaxia Erp
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-3810 MEDIUM POC PATCH This Month

A vulnerability was found in Axiomatic Bento4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Bento4
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-3809 MEDIUM POC This Month

A vulnerability was found in Axiomatic Bento4 and classified as problematic. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Bento4
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-40840 MEDIUM POC This Month

ndk design NdkAdvancedCustomizationFields 3.5.0 is vulnerable to Cross Site Scripting (XSS) via createPdf.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Ndkadvancedcustomizationfields
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-39381 MEDIUM POC PATCH This Month

Muhammara is a node module with c/cpp bindings to modify PDF with js for node or electron (based/replacement on/of galkhana/hummusjs). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Muhammarajs Hummusjs
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2022-43255 MEDIUM POC This Month

GPAC v2.1-DEV-rev368-gfd054169b-master was discovered to contain a memory leak via the component gf_odf_new_iod at odf/odf_code.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-43254 MEDIUM POC This Month

GPAC v2.1-DEV-rev368-gfd054169b-master was discovered to contain a memory leak via the component gf_list_new at utils/list.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-38372 MEDIUM This Month

A hidden functionality vulnerability [CWE-1242] in FortiTester CLI 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow a local, privileged user to obtain a root shell on the. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Fortitester
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2022-39945 MEDIUM This Month

An improper access control vulnerability [CWE-284] in FortiMail 7.2.0, 7.0.0 through 7.0.3, 6.4 all versions, 6.2 all versions, 6.0 all versions may allow an authenticated admin user assigned to a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Fortimail
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-3845 MEDIUM PATCH This Month

A vulnerability has been found in phpipam and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS PHP Phpipam
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-3844 MEDIUM PATCH This Month

A vulnerability, which was classified as problematic, was found in Webmin 2.001. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Webmin
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-43985 MEDIUM PATCH This Month

In Apache Airflow versions prior to 2.4.2, there was an open redirect in the webserver's `/confirm` endpoint. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Open Redirect Airflow
NVD GitHub
CVSS 3.1
6.1
EPSS
1.5%
CVE-2022-43982 MEDIUM PATCH This Month

In Apache Airflow versions prior to 2.4.2, the "Trigger DAG with config" screen was susceptible to XSS attacks via the `origin` query argument. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache XSS Airflow
NVD GitHub
CVSS 3.1
6.1
EPSS
1.4%
CVE-2022-38374 MEDIUM This Month

A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiADC 7.0.0 - 7.0.2 and 6.2.0 - 6.2.4 allows an attacker to execute unauthorized code or commands. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Fortinet XSS Fortiadc
NVD
CVSS 3.1
6.1
EPSS
1.7%
CVE-2022-42473 MEDIUM This Month

A missing authentication for a critical function vulnerability in Fortinet FortiSOAR 6.4.0 - 6.4.4 and 7.0.0 - 7.0.3 and 7.2.0 allows an attacker to disclose information via logging into the database. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Fortinet Authentication Bypass Fortisoar
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-39949 MEDIUM This Month

An improper control of a resource through its lifetime vulnerability [CWE-664] in FortiEDR CollectorWindows 4.0.0 through 4.1, 5.0.0 through 5.0.3.751, 5.1.0 may allow a privileged user to terminate. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Fortiedr
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-33878 MEDIUM PATCH This Month

An exposure of sensitive information to an unauthorized actor vulnerabiltiy [CWE-200] in FortiClient for Mac versions 7.0.0 through 7.0.5 may allow a local authenticated attacker to obtain the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Fortinet Information Disclosure Forticlient
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-2904 MEDIUM This Month

A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions starting from 15.2 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab XSS
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-43670 MEDIUM PATCH This Month

An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.0 and prior may allow an authenticated remote attacker to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Sling Cms
NVD
CVSS 3.1
5.4
EPSS
1.4%
CVE-2022-39950 MEDIUM This Month

An improper neutralization of input during web page generation vulnerability [CWE-79] exists in FortiManager and FortiAnalyzer 6.0.0 all versions, 6.2.0 all versions, 6.4.0 through 6.4.8, and 7.0.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Fortianalyzer Fortimanager
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-38373 MEDIUM This Month

An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiDeceptor management interface 4.2.0, 4.1.0 through 4.1.1, 4.0.2 may allow an authenticated user to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Fortideceptor
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-35851 MEDIUM This Month

An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiADC management interface 7.1.0 may allow a remote and authenticated attacker to trigger a stored cross. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Fortiadc
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-39378 MEDIUM This Month

Discourse is a platform for community discussion. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Discourse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2022-39241 MEDIUM This Month

Discourse is a platform for community discussion. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Discourse
NVD GitHub
CVSS 3.1
4.9
EPSS
0.5%
CVE-2022-44586 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Am Hili
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2022-44576 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Agenteasy Properties
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2022-38380 MEDIUM This Month

An improper access control [CWE-284] vulnerability in FortiOS version 7.2.0 and versions 7.0.0 through 7.0.7 may allow a remote authenticated read-only user to modify the interface settings via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Information Disclosure Fortios
NVD
CVSS 3.1
4.3
EPSS
23.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy