Skip to main content
CVE-2022-46912 HIGH This Week

An issue in the firmware update process of TP-Link TL-WR841N / TL-WA841ND V7 3.13.9 and earlier allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE TP-Link Denial Of Service Tl Wr841n Firmware Tl Wr841Nd V7 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-46910 HIGH This Week

An issue in the firmware update process of TP-Link TL-WA901ND V1 up to v3.11.2 and TL-WA901N V2 up to v3.12.16 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE TP-Link Denial Of Service Tl Wa901N Firmware Tl Wa901Nd V1 Firmware +1
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-46435 HIGH This Week

An issue in the firmware update process of TP-Link TL-WR941ND V2/V3 up to 3.13.9 and TL-WR941ND V4 up to 3.12.8 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE TP-Link Denial Of Service Tl Wr941Nd V2 Firmware Tl Wr941Nd V3 Firmware +1
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-44643 HIGH PATCH This Week

A vulnerability in the label-based access control of Grafana Labs Grafana Enterprise Metrics allows an attacker more access than intended. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Grafana Enterprise Metrics
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-39304 MEDIUM POC PATCH This Month

ghinstallation provides transport, which implements http.RoundTripper to provide authentication as an installation for GitHub Apps. Rated medium severity (CVSS 4.7). Public exploit code available.

Information Disclosure Ghinstallation
NVD GitHub
CVSS 3.1
4.7
EPSS
0.4%
CVE-2022-38733 HIGH This Week

OnCommand Insight versions 7.3.1 through 7.3.14 are susceptible to an authentication bypass vulnerability in the Data Warehouse component. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oncommand Insight
NVD
CVSS 3.1
8.6
EPSS
0.5%
CVE-2022-46424 HIGH This Week

An exploitable firmware modification vulnerability was discovered on the Netgear XWN5001 Powerline 500 WiFi Access Point. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Denial Of Service Netgear Xwn5001 Firmware
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2022-46423 HIGH This Week

An exploitable firmware modification vulnerability was discovered on the Netgear WNR2000v1 router. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Denial Of Service Netgear Wnr2000 Firmware
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2022-46328 HIGH PATCH This Week

Some smartphones have the input validation vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Harmonyos Emui
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-46322 HIGH PATCH This Week

Some smartphones have the out-of-bounds write vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Memory Corruption Buffer Overflow Harmonyos Emui
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-46321 HIGH PATCH This Week

The Wi-Fi module has a vulnerability in permission verification. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Harmonyos Emui
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-46317 HIGH PATCH This Week

The power consumption module has an out-of-bounds read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Buffer Overflow Harmonyos Emui
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-46315 HIGH PATCH This Week

The ProfileSDK has defects introduced in the design process. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-46314 HIGH PATCH This Week

The IPC module has defects introduced in the design process. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-46312 HIGH PATCH This Week

The application management module has a vulnerability in permission verification. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Harmonyos Emui
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2022-46311 HIGH PATCH This Week

The contacts component has a free (undefined) provider vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Information Disclosure Use After Free Memory Corruption Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2022-46310 HIGH PATCH This Week

The TelephonyProvider module has a vulnerability in obtaining values.Successful exploitation of this vulnerability may affect data confidentiality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-41599 HIGH PATCH This Week

The system service has a vulnerability that causes incorrect return values. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Harmonyos Emui
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-41596 HIGH PATCH This Week

The system tool has inconsistent serialization and deserialization. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Harmonyos Emui
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-41591 HIGH This Week

The backup module has a path traversal vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Authentication Bypass Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-38391 HIGH PATCH This Week

IBM Spectrum Control 5.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Spectrum Control
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2022-46434 HIGH This Week

An issue in the firmware update process of TP-Link TL-WA7510N v1 v3.12.6 and earlier allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE TP-Link Denial Of Service Tl Wa7510N V1 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-46432 HIGH This Week

An exploitable firmware modification vulnerability was discovered on TP-Link TL-WR743ND V1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE TP-Link Denial Of Service Tl Wr743Nd V1 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-46139 MEDIUM This Month

TP-Link TL-WR940N V4 3.16.9 and earlier allows authenticated attackers to cause a Denial of Service (DoS) via uploading a crafted firmware image during the firmware update process. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

TP-Link Denial Of Service Tl Wr940N V4 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-47551 MEDIUM PATCH This Month

Apiman 1.5.7 through 2.2.3.Final has insufficient checks for read permissions within the Apiman Manager REST API. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Apiman
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-4619 MEDIUM This Month

The Sidebar Widgets by CodeLights plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Extra CSS class’ parameter in versions up to, and including, 1.4 due to insufficient input. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Codelights Shortcodes And Widgets
NVD VulDB
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-41590 MEDIUM This Month

Some smartphones have authentication-related (including session management) vulnerabilities as the setup wizard is bypassed. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Harmonyos
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-43875 MEDIUM PATCH This Month

IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 could allow an authenticated user to lock additional RM authorizations, resulting in a denial of service on displaying or. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

IBM Denial Of Service Financial Transaction Manager
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-46318 MEDIUM PATCH This Month

The HAware module has a function logic error. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Harmonyos Emui
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2022-46313 MEDIUM PATCH This Month

The sensor privacy module has an authentication vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Harmonyos
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2022-43872 MEDIUM PATCH This Month

IBM Financial Transaction Manager 3.2.4 authorization checks are done incorrectly for some HTTP requests which allows getting unauthorized technical information (e.g. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass IBM Financial Transaction Manager
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2022-39166 MEDIUM PATCH This Month

IBM Security Guardium 11.4 could allow a privileged user to obtain sensitive information inside of an HTTP response. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure IBM Security Guardium
NVD
CVSS 3.1
4.9
EPSS
0.6%
CVE-2022-46430 MEDIUM This Month

TP-Link TL-WR740N V1 and V2 v3.12.4 and earlier allows authenticated attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware image during the firmware. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE TP-Link Denial Of Service Tl Wr740N V1 Firmware Tl Wr740N V2 Firmware +2
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2022-46428 MEDIUM This Month

TP-Link TL-WR1043ND V1 3.13.15 and earlier allows authenticated attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware image during the firmware. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE TP-Link Denial Of Service Tl Wr1043Nd V1 Firmware
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2022-46422 MEDIUM This Month

An issue in Netgear WNR2000 v1 1.2.3.7 and earlier allows authenticated attackers to cause a Denial of Service (DoS) via uploading a crafted firmware image during the firmware update process. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Netgear Wnr2000 Firmware
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2022-46771 MEDIUM PATCH This Month

IBM UrbanCode Deploy (UCD) 6.2.0.0 through 6.2.7.18, 7.0.5.0 through 7.0.5.13, 7.1.0.0 through 7.1.2.9, 7.2.0.0 through 7.2.3.2 and 7.3.0.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Urbancode Deploy
NVD
CVSS 3.1
4.6
EPSS
0.4%
CVE-2022-43382 MEDIUM PATCH This Month

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a local user with elevated privileges to exploit a vulnerability in the lpd daemon to cause a denial of service. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

IBM Denial Of Service Vios Aix
NVD
CVSS 3.1
4.4
EPSS
0.2%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy