Skip to main content
CVE-2022-30773 MEDIUM This Month

DMA attacks on the parameter buffer used by the IhisiSmm driver could change the contents after parameter values have been checked but before they are used (a TOCTOU attack). Rated medium severity (CVSS 6.4). No vendor patch available.

Information Disclosure Kernel
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2022-43690 MEDIUM PATCH This Month

Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 did not use strict comparison for the legacy_salt so that limited authentication bypass could occur if using this. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Concrete Cms
NVD GitHub
CVSS 3.1
6.3
EPSS
0.6%
CVE-2022-43968 MEDIUM PATCH This Month

Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS in the dashboard icons due to un-sanitized output. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Concrete Cms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-43967 MEDIUM PATCH This Month

Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS in the multilingual report due to un-sanitized output. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Concrete Cms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-38167 MEDIUM This Month

The Nintex Workflow plugin 5.2.2.30 for SharePoint allows XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft XSS Workflow
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-43694 MEDIUM PATCH This Month

Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS in the image manipulation library due to un-sanitized output. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Concrete Cms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-43692 MEDIUM PATCH This Month

Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS - user can cause an administrator to trigger reflected XSS with a url if the targeted. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Concrete Cms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-38705 MEDIUM PATCH This Month

IBM CICS TX 11.1 Standard and Advanced could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Authentication Bypass Cics Tx
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-3992 MEDIUM This Month

A vulnerability classified as problematic was found in SourceCodester Sanitization Management System. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Sanitization Management System
NVD VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-3988 MEDIUM PATCH This Month

A vulnerability was found in Frappe. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Frappe
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-43295 MEDIUM This Month

XPDF v4.04 was discovered to contain a stack overflow via the function FileStream::copy() at xpdf/Stream.cc:795. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Xpdf
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-35719 MEDIUM PATCH This Month

IBM MQ Internet Pass-Thru 2.1, 9.2 LTS and 9.2 CD stores potentially sensitive information in trace files that could be read by a local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure IBM Mq Internet Pass Thru
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-43687 MEDIUM PATCH This Month

Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 does not issue a new session ID upon successful OAuth authentication. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Session Fixation Concrete Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-41913 MEDIUM PATCH This Month

Discourse-calendar is a plugin for the Discourse messaging platform which adds the ability to create a dynamic calendar in the first post of a topic. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Calendar
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-44390 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in EyouCMS V1.5.9-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Public Security Record Number. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Eyoucms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2022-34317 MEDIUM PATCH This Month

IBM CICS TX 11.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Cics Tx
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-34315 MEDIUM PATCH This Month

IBM CICS TX 11.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Cics Tx
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-43691 MEDIUM PATCH This Month

Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 inadvertently disclose server-side sensitive information (secrets in environment variables and server information) when. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Concrete Cms
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2022-43689 MEDIUM PATCH This Month

Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to XXE based DNS requests leading to IP disclosure. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Concrete Cms
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-34316 MEDIUM PATCH This Month

IBM CICS TX 11.1 does not neutralize or incorrectly neutralizes web scripting syntax in HTTP headers that can be used by web browser components that can process raw headers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Cics Tx
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-34329 MEDIUM PATCH This Month

IBM CICS TX 11.7 could allow an attacker to obtain sensitive information from HTTP response headers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure IBM Cics Tx
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-43695 MEDIUM PATCH This Month

Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Stored Cross-Site Scripting (XSS) in dashboard/system/express/entities/associations because Concrete CMS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Concrete Cms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-43688 MEDIUM PATCH This Month

Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Stored Cross-Site Scripting (XSS) in icons since the Microsoft application tile color is not sanitized. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft XSS Concrete Cms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-3903 MEDIUM This Month

An incorrect read request flaw was found in the Infrared Transceiver USB driver in the Linux kernel. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Linux Denial Of Service Memory Corruption Linux Kernel
NVD
CVSS 3.1
4.6
EPSS
0.5%
CVE-2022-28764 LOW Monitor

The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.6 is susceptible to a local information exposure vulnerability. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Microsoft Google Meetings +2
NVD
CVSS 3.1
3.3
EPSS
0.3%
CVE-2022-34314 LOW PATCH Monitor

IBM CICS TX 11.1 could disclose sensitive information to a local user due to insecure permission settings. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure IBM Cics Tx
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2022-34312 LOW PATCH Monitor

IBM CICS TX 11.1 allows web pages to be stored locally which can be read by another user on the system. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure IBM Cics Tx
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2022-34313 LOW PATCH Monitor

IBM CICS TX 11.1 does not set the secure attribute on authorization tokens or session cookies. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure IBM Cics Tx
NVD
CVSS 3.1
3.1
EPSS
0.6%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy