Skip to main content
CVE-2022-23511 MEDIUM PATCH This Month

A privilege escalation issue exists within the Amazon CloudWatch Agent for Windows, software for collecting metrics and logs from Amazon EC2 instances and on-premises servers, in versions up to and. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.

Apple Microsoft Privilege Escalation Cloudwatch Agent
NVD GitHub
CVSS 3.1
6.8
EPSS
0.5%
CVE-2022-4311 MEDIUM This Month

An insertion of sensitive information into log file vulnerability exists in PcVue versions 15 through 15.2.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Pcvue
NVD VulDB
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-44532 MEDIUM This Month

An authenticated path traversal vulnerability exists in the Aruba EdgeConnect Enterprise command line interface. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Aruba Edgeconnect Enterprise
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-43518 MEDIUM This Month

An authenticated path traversal vulnerability exists in the Aruba EdgeConnect Enterprise web interface. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Aruba Edgeconnect Enterprise
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-42446 MEDIUM This Month

Starting with Sametime 12, anonymous users are enabled by default. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Sametime
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-37928 MEDIUM This Month

Insufficient Verification of Data Authenticity vulnerability in Hewlett Packard Enterprise HPE Nimble Storage Hybrid Flash Arrays and Nimble Storage Secondary Flash Arrays. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure HP Sf100 Firmware Sf300 Firmware Hf60C Firmware +6
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-37910 MEDIUM This Month

A buffer overflow vulnerability exists in the ArubaOS command line interface. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Sd Wan Arubaos
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-37908 MEDIUM This Month

An authenticated attacker can impact the integrity of the ArubaOS bootloader on 7xxx series controllers. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Sd Wan Arubaos
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2022-46688 MEDIUM PATCH This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins Sonar Gerrit Plugin 377.v8f3808963dc5 and earlier allows attackers to have Jenkins connect to Gerrit servers (previously configured by. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Sonar Gerrit
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-20691 MEDIUM This Month

A vulnerability in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Adaptive Telephone Adapter firmware could allow an unauthenticated, adjacent attacker to cause a DoS condition of. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Ata 190 Firmware Ata 191 Firmware Ata 192 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-41262 MEDIUM This Month

Due to insufficient input validation, SAP NetWeaver AS Java (HTTP Provider Service) - version 7.50, allows an unauthenticated attacker to inject a script into a web request header. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Java XSS Netweaver Application Server Java
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-46905 MEDIUM This Month

Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows an unauthenticated attacker to inject arbitrary HTML tags into the page processed by the user's browser, including scripts in. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Websoft Hcm
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-4421 MEDIUM PATCH This Month

A vulnerability was found in rAthena FluxCP. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP XSS Fluxcp
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-37927 MEDIUM This Month

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Hewlett Packard Enterprise HPE OneView Global Dashboard (OVGD). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect HP Oneview Global Dashboard
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-37925 MEDIUM This Month

A vulnerability within the web-based management interface of Aruba EdgeConnect Enterprise could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Aruba XSS Edgeconnect Enterprise
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-34318 MEDIUM PATCH This Month

IBM CICS TX 11.1 could allow a remote attacker to hijack the clicking action of the victim. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM XSS Cics Tx
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-46683 MEDIUM PATCH This Month

Jenkins Google Login Plugin 1.4 through 1.6 (both inclusive) improperly determines that a redirect URL after login is legitimately pointing to Jenkins. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Jenkins Open Redirect Google Login
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-45756 MEDIUM This Month

SENS v1.0 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Sens
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2022-44637 MEDIUM This Month

Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization in Redcloth3 Textile-formatted fields. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Redmine
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-44031 MEDIUM This Month

Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization of the blockquote syntax in Textile-formatted fields. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Redmine
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-4414 MEDIUM PATCH This Month

Cross-site Scripting (XSS) - DOM in GitHub repository nuxt/framework prior to v3.0.0-rc.13. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Framework
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-31596 MEDIUM This Month

Under certain conditions, an attacker authenticated as a CMS administrator and with high privileges access to the Network in SAP BusinessObjects Business Intelligence Platform (Monitoring DB) -. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Business Objects Business Intelligence Platform
NVD
CVSS 3.1
6.0
EPSS
0.7%
CVE-2022-4312 MEDIUM This Month

A cleartext storage of sensitive information vulnerability exists in PcVue versions 8.10 through 15.2.3. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Pcvue
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-41261 MEDIUM This Month

SAP Solution Manager (Diagnostic Agent) - version 7.20, allows an authenticated attacker on Windows system to access a file containing sensitive data which can be used to access a configuration file. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

SAP Information Disclosure Authentication Bypass Microsoft Solution Manager
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-44648 MEDIUM This Month

An Out-of-bounds read vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information on affected installations. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Trend Micro Buffer Overflow Apex One
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2022-44647 MEDIUM This Month

An Out-of-bounds read vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information on affected installations. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Trend Micro Buffer Overflow Apex One
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2022-37930 MEDIUM This Month

A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays and HPE Nimble Storage Secondary Flash Arrays which could potentially allow local disclosure of sensitive. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Sf100 Firmware Sf300 Firmware Hf60C Firmware Hf40C Firmware +5
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-37929 MEDIUM This Month

Improper Privilege Management vulnerability in Hewlett Packard Enterprise Nimble Storage Hybrid Flash Arrays and Nimble Storage Secondary Flash Arrays. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation HP Sf100 Firmware Sf300 Firmware Hf60C Firmware +6
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-37911 MEDIUM This Month

Due to improper restrictions on XML entities multiple vulnerabilities exist in the command line interface of ArubaOS. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service XXE Sd Wan Arubaos
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2022-46906 MEDIUM This Month

Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows an authenticated attacker to inject arbitrary HTML tags into the page processed by the user's browser, including scripts in. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Websoft Hcm
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2022-46904 MEDIUM This Month

Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows an authenticated attacker to inject arbitrary HTML tags into the page processed by the user's browser, including scripts in. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Websoft Hcm
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2022-46903 MEDIUM This Month

Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows an authenticated attacker to inject arbitrary HTML tags into the page processed by the user's browser, including scripts in. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Websoft Hcm
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2022-3853 MEDIUM This Month

Cross-site Scripting (XSS) is a client-side code injection attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF XSS Supra Csv Parser
NVD WPScan
CVSS 3.1
5.4
EPSS
0.2%
CVE-2022-37926 MEDIUM This Month

A vulnerability within the web-based management interface of EdgeConnect Enterprise could allow a remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Aruba XSS Edgeconnect Enterprise
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-46687 MEDIUM PATCH This Month

Jenkins Spring Config Plugin 2.0.0 and earlier does not escape build display names shown on the Spring Config view, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins XSS Spring Config
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-46686 MEDIUM PATCH This Month

Jenkins Custom Build Properties Plugin 2.79.vc095ccc85094 and earlier does not escape property values and build display names on the Custom Build Properties and Build Summary pages, resulting in a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Custom Build Properties
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-46684 MEDIUM PATCH This Month

Jenkins Checkmarx Plugin 2022.3.3 and earlier does not escape values returned from the Checkmarx service API before inserting them into HTML reports, resulting in a stored cross-site scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Checkmarx
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-37909 MEDIUM This Month

Aruba has identified certain configurations of ArubaOS that can lead to sensitive information disclosure from the configured ESSIDs. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Aruba Sd Wan Arubaos
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2022-20688 MEDIUM This Month

A vulnerability in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to execute arbitrary code on an. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure RCE Cisco Buffer Overflow Ata 190 Firmware +2
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2022-20687 MEDIUM This Month

Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to execute. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Cisco Denial Of Service Buffer Overflow Ata 190 Firmware +2
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2022-20686 MEDIUM This Month

Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to execute. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Cisco Denial Of Service Ata 190 Firmware Ata 191 Firmware +1
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2022-42445 MEDIUM This Month

HCL Launch could allow a user with administrative privileges, including "Manage Security" permissions, the ability to recover a credential previously saved for performing authenticated LDAP searches. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Hcl Launch
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2022-22488 MEDIUM This Month

IBM OpenBMC OP910 and OP940 could allow a privileged user to cause a denial of service by uploading or deleting too many CA certificates in a short period of time. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service Power System Ac922 8335 Gtg Firmware Power System Ac922 8335 Gth Firmware Power System Ac922 8335 Gtx Firmware
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2022-32537 MEDIUM This Month

A vulnerability exists which could allow an unauthorized user to learn aspects of the communication protocol used to pair system components while the pump is being paired with other system. Rated medium severity (CVSS 4.8). No vendor patch available.

Authentication Bypass Guardian Link 2 Transmitter Mmt 7730 Firmware Guardian Link 2 Transmitter Mmt 7731 Firmware Guardian Link 2 Transmitter Mmt 7738 Firmware Guardian Link 2 Transmitter Mmt 7775 Firmware +24
NVD
CVSS 3.1
4.8
EPSS
0.1%
CVE-2022-3906 MEDIUM This Month

The Easy Form Builder WordPress plugin before 3.4.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Easy Form Builder
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2022-3609 MEDIUM This Month

The GetYourGuide Ticketing WordPress plugin before 1.0.4 does not sanitise and escape some parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Getyourguide Ticketing
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2022-41263 MEDIUM This Month

Due to a missing authentication check, SAP Business Objects Business Intelligence Platform (Web Intelligence) - versions 420, 430, allows an authenticated non-administrator attacker to modify the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP CSRF Authentication Bypass Business Objects Business Intelligence Platform
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2022-46685 MEDIUM PATCH This Month

In Jenkins Gitea Plugin 1.4.4 and earlier, the implementation of Gitea personal access tokens did not support credentials masking, potentially exposing them through the build log. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gitea Jenkins
NVD
CVSS 3.1
4.3
EPSS
0.3%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy