Skip to main content
CVE-2022-42125 HIGH PATCH This Week

Zip slip vulnerability in FileUtil.unzip in Liferay Portal 7.4.3.5 through 7.4.3.35 and Liferay DXP 7.4 update 1 through update 34 allows attackers to create or overwrite existing files on the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Digital Experience Platform Liferay Portal
NVD VulDB
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-42123 HIGH PATCH This Week

A Zip slip vulnerability in the Elasticsearch Connector in Liferay Portal 7.3.3 through 7.4.3.18, and Liferay DXP 7.3 before update 6, and 7.4 before update 19 allows attackers to create or overwrite. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Elastic Digital Experience Platform Liferay Portal
NVD VulDB
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-41916 HIGH This Week

Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Heimdal Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-30283 HIGH This Week

In UsbCoreDxe, tampering with the contents of the USB working buffer using DMA while certain USB transactions are in process leads to a TOCTOU problem that could be used by an attacker to cause SMRAM. Rated high severity (CVSS 7.5). No vendor patch available.

Intel Privilege Escalation Kernel
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2022-20947 HIGH This Week

A vulnerability in dynamic access policies (DAP) functionality of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Buffer Overflow Adaptive Security Appliance Software Firepower Threat Defense
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-20946 HIGH This Week

A vulnerability in the generic routing encapsulation (GRE) tunnel decapsulation feature of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Cisco Denial Of Service Buffer Overflow Firepower Threat Defense
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-20918 HIGH This Week

A vulnerability in the Simple Network Management Protocol (SNMP) access controls for Cisco FirePOWER Software for Adaptive Security Appliance (ASA) FirePOWER module, Cisco Firepower Management Center. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Firepower Services Software For Asa Secure Firewall Management Center
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-20854 HIGH This Week

A vulnerability in the processing of SSH connections of Cisco Firepower Management Center (FMC) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Secure Firewall Management Center Firepower Threat Defense
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-45391 HIGH PATCH This Week

Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier globally and unconditionally disables SSL/TLS certificate and hostname validation for the entire Jenkins controller JVM. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Ns Nd Integration Performance Publisher
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-45388 HIGH This Week

Jenkins Config Rotator Plugin 2.0.1 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing unauthenticated attackers to read arbitrary files with '.xml' extension on. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Jenkins Config Rotator
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-45385 HIGH PATCH This Week

A missing permission check in Jenkins CloudBees Docker Hub/Registry Notification Plugin 2.6.2 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Authentication Bypass Jenkins Cloudbees Docker Hub Registry Notification
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-45379 HIGH PATCH This Week

Jenkins Script Security Plugin 1189.vb_a_b_7c8fd5fde and earlier stores whole-script approvals as the SHA-1 hash of the script, making it vulnerable to collision attacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Script Security
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-38666 HIGH This Week

Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.146 and earlier unconditionally disables SSL/TLS certificate and hostname validation for several features. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Ns Nd Integration Performance Publisher
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-27895 HIGH This Week

Information Exposure Through Log Files vulnerability discovered in Foundry when logs were captured using an underlying library known as Build2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Foundry Build2
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-40308 HIGH PATCH This Week

If anonymous read enabled, it's possible to read the database file directly without logging in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Archiva
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-3480 HIGH This Week

A remote, unauthenticated attacker could cause a denial-of-service of PHOENIX CONTACT FL MGUARD and TC MGUARD devices below version 8.9.0 by sending a larger number of unauthenticated HTTPS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Fl Mguard Centerport Firmware Fl Mguard Centerport Vpn 1000 Firmware Fl Mguard Core Tx Firmware Fl Mguard Core Tx Vpn Firmware +27
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-33239 HIGH This Week

Transient DOS due to loop with unreachable exit condition in WLAN firmware while parsing IPV6 extension header. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Denial Of Service Apq8009 Firmware Apq8017 Firmware Apq8096Au Firmware +231
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-33237 HIGH This Week

Transient DOS due to buffer over-read in WLAN firmware while processing PPE threshold. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Qualcomm Buffer Overflow Aqt1000 Firmware Ar8031 Firmware +236
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-33236 HIGH This Week

Transient DOS due to buffer over-read in WLAN firmware while parsing cipher suite info attributes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Qualcomm Buffer Overflow Ar8035 Firmware Csr8811 Firmware +76
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-25742 HIGH This Week

Denial of service in modem due to infinite loop while parsing IGMPv2 packet from server in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Denial Of Service Ar8031 Firmware Csra6620 Firmware Csra6640 Firmware +18
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-25741 HIGH PATCH This Week

Denial of service in WLAN due to potential null pointer dereference while accessing the memory location in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Qualcomm Denial Of Service Aqt1000 Firmware Ar8035 Firmware +123
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-25710 HIGH This Week

Denial of service due to null pointer dereference when GATT is disconnected in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Qualcomm Denial Of Service Apq8009 Firmware Apq8017 Firmware +60
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-25671 HIGH This Week

Denial of service in MODEM due to reachable assertion in Snapdragon Mobile. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Denial Of Service Ar8035 Firmware Qca8081 Firmware Qca8337 Firmware +11
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-25667 HIGH This Week

Information disclosure in kernel due to improper handling of ICMP requests in Snapdragon Wired Infrastructure and Networking. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass Qualcomm Ar9380 Firmware Csr8811 Firmware +67
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2022-40405 HIGH This Week

WoWonder Social Network Platform v4.1.2 was discovered to contain a SQL injection vulnerability via the offset parameter at requests.php?f=load-my-blogs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Wowonder
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-20925 HIGH This Week

A vulnerability in the web management interface of the Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Cisco Secure Firewall Management Center
NVD
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-33985 HIGH This Week

DMA transactions which are targeted at input buffers used for the NvmExpressDxe software SMI handler could cause SMRAM corruption through a TOCTOU attack. Rated high severity (CVSS 7.0). No vendor patch available.

Intel Information Disclosure Kernel
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2022-33984 HIGH This Week

DMA transactions which are targeted at input buffers used for the SdMmcDevice software SMI handler could cause SMRAM corruption through a TOCTOU attack. Rated high severity (CVSS 7.0). No vendor patch available.

Intel Information Disclosure Kernel
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2022-33983 HIGH This Week

DMA transactions which are targeted at input buffers used for the NvmExpressLegacy software SMI handler could cause SMRAM corruption through a TOCTOU attack. Rated high severity (CVSS 7.0). No vendor patch available.

Intel Information Disclosure Kernel
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2022-33909 HIGH This Week

DMA transactions which are targeted at input buffers used for the HddPassword software SMI handler could cause SMRAM corruption through a TOCTOU attack. Rated high severity (CVSS 7.0). No vendor patch available.

Intel Information Disclosure Kernel
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2022-33908 HIGH This Week

DMA transactions which are targeted at input buffers used for the SdHostDriver software SMI handler could cause SMRAM corruption through a TOCTOU attack. Rated high severity (CVSS 7.0). No vendor patch available.

Intel Information Disclosure Kernel
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2022-33905 HIGH This Week

DMA transactions which are targeted at input buffers used for the AhciBusDxe software SMI handler could cause SMRAM corruption (a TOCTOU attack). Rated high severity (CVSS 7.0). No vendor patch available.

Intel Information Disclosure Kernel
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2022-20826 MEDIUM This Month

A vulnerability in the secure boot implementation of Cisco Secure Firewalls 3100 Series that are running Cisco Adaptive Security Appliance (ASA) Software or Cisco Firepower Threat Defense (FTD). Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Adaptive Security Appliance Software Firepower Threat Defense
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2022-20934 MEDIUM This Month

A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software and Cisco FXOS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Cisco Firepower Threat Defense Firepower Extensible Operating System
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2022-20922 MEDIUM This Month

Multiple vulnerabilities in the Server Message Block Version 2 (SMB2) processor of the Snort detection engine on multiple Cisco products could allow an unauthenticated, remote attacker to bypass the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Firepower Threat Defense Umbrella Virtual Appliance Cyber Vision
NVD VulDB
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-20927 MEDIUM This Month

A vulnerability in the SSL/TLS client of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Buffer Overflow Adaptive Security Appliance Software Firepower Threat Defense +1
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-20924 MEDIUM This Month

A vulnerability in the Simple Network Management Protocol (SNMP) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Adaptive Security Appliance Software Firepower Threat Defense
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-45392 MEDIUM PATCH This Month

Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by attackers with. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Ns Nd Integration Performance Publisher
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-45384 MEDIUM PATCH This Month

Jenkins Reverse Proxy Auth Plugin 1.7.3 and earlier stores the LDAP manager password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by attackers with. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Reverse Proxy Auth
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-45383 MEDIUM PATCH This Month

An incorrect permission check in Jenkins Support Core Plugin 1206.v14049fa_b_d860 and earlier allows attackers with Support/DownloadBundle permission to download a previously created support bundle. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Support Core
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-33986 MEDIUM This Month

DMA attacks on the parameter buffer used by the VariableRuntimeDxe software SMI handler could lead to a TOCTOU attack. Rated medium severity (CVSS 6.4). No vendor patch available.

Information Disclosure Kernel
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2022-33906 MEDIUM This Month

DMA transactions which are targeted at input buffers used for the FwBlockServiceSmm software SMI handler could cause SMRAM corruption through a TOCTOU attack. Rated medium severity (CVSS 6.4). No vendor patch available.

Intel Information Disclosure Kernel
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2022-32267 MEDIUM This Month

DMA transactions which are targeted at input buffers used for the SmmResourceCheckDxe software SMI handler cause SMRAM corruption (a TOCTOU attack) DMA transactions which are targeted at input. Rated medium severity (CVSS 6.4). No vendor patch available.

Information Disclosure Kernel
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2022-31243 MEDIUM This Month

Update description and links DMA transactions which are targeted at input buffers used for the software SMI handler used by the FvbServicesRuntimeDxe driver could cause SMRAM corruption through a. Rated medium severity (CVSS 6.4). No vendor patch available.

Intel Information Disclosure Kernel
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2022-30774 MEDIUM This Month

DMA attacks on the parameter buffer used by the PnpSmm driver could change the contents after parameter values have been checked but before they are used (a TOCTOU attack) DMA attacks on the. Rated medium severity (CVSS 6.4). No vendor patch available.

Information Disclosure Kernel
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2022-41918 MEDIUM PATCH This Month

OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Elastic Opensearch
NVD GitHub
CVSS 3.1
6.3
EPSS
0.4%
CVE-2022-38201 MEDIUM This Month

An unvalidated redirect vulnerability exists in Esri Portal for ArcGIS Quick Capture Web Designer versions 10.8.1 to 10.9.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Arcgis Quickcapture
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-3895 MEDIUM This Month

Some UI elements of the Common User Interface Component are not properly sanitizing output and therefore prone to output arbitrary HTML (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Bluespice Common User Interface
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2022-45402 MEDIUM PATCH This Month

In Apache Airflow versions prior to 2.4.3, there was an open redirect in the webserver's `/login` endpoint. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Open Redirect Airflow
NVD GitHub
CVSS 3.1
6.1
EPSS
81.8%
CVE-2022-42110 MEDIUM PATCH This Month

A Cross-site scripting (XSS) vulnerability in the Announcements module in Liferay Portal 7.1.0 through 7.4.2, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3 before service. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Liferay Portal Digital Experience Platform Dxp
NVD
CVSS 3.1
6.1
EPSS
0.6%
Prev Page 2 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy