Skip to main content
CVE-2022-44557 HIGH This Week

The SmartTrimProcessEvent module has a vulnerability of obtaining the read and write permissions on arbitrary system files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Harmonyos Emui
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-44555 HIGH This Week

The DDMP/ODMF module has a service hijacking vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos Emui
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-44554 HIGH This Week

The power module has a vulnerability in permission verification. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Harmonyos Emui
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-44552 HIGH This Week

The lock screen module has defects introduced in the design process. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-44550 HIGH This Week

The graphics display module has a UAF vulnerability when traversing graphic layers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Use After Free Memory Corruption Harmonyos Emui
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-44549 HIGH This Week

The LBS module has a vulnerability in geofencing API access. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Harmonyos Emui
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-44547 HIGH This Week

The Display Service module has a UAF vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Use After Free Memory Corruption Harmonyos Emui
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-44546 HIGH This Week

The kernel module has the vulnerability that the mapping is not cleared after the memory is automatically released. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos Emui
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-27674 HIGH This Week

Insufficient validation in the IOCTL input/output buffer in AMD μProf may allow an attacker to bypass bounds checks potentially leading to a Windows kernel crash resulting in denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Amd Microsoft Denial Of Service Amd Uprof
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-27673 HIGH This Week

Insufficient access controls in the AMD Link Android app may potentially result in information disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Amd Authentication Bypass Google Amd Link
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-23831 HIGH This Week

Insufficient validation of the IOCTL input buffer in AMD μProf may allow an attacker to send an arbitrary buffer leading to a potential Windows kernel crash resulting in denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Amd Microsoft Denial Of Service Amd Uprof
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-45060 HIGH This Week

An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Varnish Cache Varnish Cache Plus Fedora Debian Linux
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-45059 HIGH This Week

An issue was discovered in Varnish Cache 7.x before 7.1.2 and 7.2.x before 7.2.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Request Smuggling Varnish Cache Fedora
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-37967 HIGH PATCH This Week

Windows Kerberos Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Microsoft Windows Server 2008 Windows Server 2012 Windows Server 2016 +6
NVD
CVSS 3.1
7.2
EPSS
4.5%
CVE-2022-41114 HIGH This Week

Windows Bind Filter Driver Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Information Disclosure Microsoft Windows 10 Windows 11 +1
NVD
CVSS 3.1
7.0
EPSS
0.5%
CVE-2022-38014 HIGH This Week

Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Information Disclosure Linux Microsoft Azure Iot Edge For Linux +1
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2022-0031 MEDIUM This Month

A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system allows a local attacker with shell access to the engine to. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Paloalto Privilege Escalation Cortex Xsoar
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-41122 MEDIUM This Month

Microsoft SharePoint Server Spoofing Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2022-41097 MEDIUM This Month

Network Policy Server (NPS) RADIUS Protocol Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Windows 10 Windows 11 Windows 7 Windows 8 1 +6
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2022-38015 MEDIUM This Month

Windows Hyper-V Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Denial Of Service Windows 10 Windows 11 Windows Server 2016 +2
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-41978 MEDIUM This Month

Auth. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zoho Privilege Escalation WordPress Zoho Crm Lead Magnet
NVD
CVSS 3.1
6.5
EPSS
3.0%
CVE-2022-44590 MEDIUM This Month

Auth. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Simple Video Embedder
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2022-41086 MEDIUM This Month

Windows Group Policy Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.4). No vendor patch available.

Race Condition Information Disclosure Microsoft Windows 10 Windows 11 +7
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2022-3486 MEDIUM This Month

An open redirect vulnerability in GitLab EE/CE affecting all versions from 9.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2, allows an attacker to redirect users to an arbitrary. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Open Redirect
NVD VulDB
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-3280 MEDIUM This Month

An open redirect in GitLab CE/EE affecting all versions from 10.1 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to trick users into visiting a trustworthy URL and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Open Redirect
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-31688 MEDIUM PATCH This Month

VMware Workspace ONE Assist prior to 22.10 contains a Reflected cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

VMware XSS Workspace One Assist
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-41104 MEDIUM This Month

Microsoft Excel Security Feature Bypass Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass 365 Apps Excel Office +1
NVD VulDB
CVSS 3.1
5.5
EPSS
2.5%
CVE-2022-41116 MEDIUM This Month

Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Microsoft Denial Of Service Windows 7 Windows Server 2008
NVD
CVSS 3.1
5.9
EPSS
1.0%
CVE-2022-41090 MEDIUM This Month

Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Microsoft Denial Of Service Windows 10 Windows 11 +7
NVD
CVSS 3.1
5.9
EPSS
1.0%
CVE-2022-44563 MEDIUM This Month

There is a race condition vulnerability in SD upgrade mode. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Information Disclosure Harmonyos Emui
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2022-41105 MEDIUM This Month

Microsoft Excel Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure 365 Apps Office Office Long Term Servicing Channel
NVD VulDB
CVSS 3.1
5.5
EPSS
1.7%
CVE-2022-41060 MEDIUM This Month

Microsoft Word Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure 365 Apps Office Office Long Term Servicing Channel +5
NVD VulDB
CVSS 3.1
5.5
EPSS
1.7%
CVE-2022-41103 MEDIUM This Month

Microsoft Word Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure 365 Apps Office Office Long Term Servicing Channel +5
NVD VulDB
CVSS 3.1
5.5
EPSS
1.6%
CVE-2022-41064 MEDIUM PATCH This Month

.NET Framework Information Disclosure Vulnerability. Rated medium severity (CVSS 5.8).

Information Disclosure Net Framework Nuget
NVD
CVSS 3.1
5.8
EPSS
0.7%
CVE-2022-41098 MEDIUM PATCH This Month

Windows GDI+ Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Microsoft Windows 10 Windows 11 Windows 7 +6
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2022-41055 MEDIUM This Month

Windows Human Interface Device Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 Windows 11 Windows Server 2019 +1
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2022-23824 MEDIUM PATCH This Month

IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Xen Athlon X4 750 Firmware Athlon X4 760K Firmware Athlon X4 830 Firmware +165
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2022-3483 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.1 before 15.3.5, all versions starting from 15.4 before 15.4.4, all versions starting from 15.5 before 15.5.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD VulDB
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-3265 MEDIUM This Month

A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab XSS
NVD
CVSS 3.1
5.4
EPSS
86.3%
CVE-2022-41091 MEDIUM KEV PATCH THREAT This Month

Windows Mark of the Web Security Feature Bypass Vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +9
NVD
CVSS 3.1
5.4
EPSS
2.0%
CVE-2022-41049 MEDIUM KEV PATCH THREAT This Month

Windows Mark of the Web Security Feature Bypass Vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Authentication Bypass Windows 10 1507 Windows 10 1607 Windows 10 1809 +9
NVD
CVSS 3.1
5.4
EPSS
2.5%
CVE-2022-39307 MEDIUM PATCH This Month

Grafana is an open-source platform for monitoring and observability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Grafana
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-2761 MEDIUM This Month

An information disclosure issue in GitLab CE/EE affecting all versions from 14.4 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to use GitLab Flavored Markdown. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure Atlassian
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-44560 MEDIUM This Month

The launcher module has an Intent redirection vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Emui Harmonyos
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2022-44553 MEDIUM This Month

The HiView module has a vulnerability of not filtering third-party apps out when the HiView module traverses to invoke the system provider. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos Emui
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2022-41099 MEDIUM This Month

BitLocker Security Feature Bypass Vulnerability. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Windows 10 Windows 11
NVD
CVSS 3.1
4.6
EPSS
3.6%
CVE-2022-41066 MEDIUM This Month

Microsoft Business Central Information Disclosure Vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Microsoft Dynamics 365 Business Central 2019 Dynamics 365 Business Central 2021 Dynamics 365 Business Central 2022 +1
NVD
CVSS 3.1
4.4
EPSS
1.1%
CVE-2022-44548 MEDIUM This Month

There is a vulnerability in permission verification during the Bluetooth pairing process. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Harmonyos Emui
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2022-29836 MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability was discovered via an HTTP API on Western Digital My Cloud Home; My Cloud Home Duo; and SanDisk ibi. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal My Cloud Home Firmware My Cloud Home Duo Firmware Sandisk Ibi Firmware
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2022-3447 MEDIUM This Month

Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 106.0.5249.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Buffer Overflow Chrome
NVD VulDB
CVSS 3.1
4.3
EPSS
0.5%
Prev Page 3 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy