All CVEs — 2022 (Page 1/183)

Browse all CVEs by publication year. Use filters to refine.

CVSS ≥ 0.0

2022-12-31

Medium

CVE-2018-25061

A vulnerability was found in rgb2hex up to 0.1.5. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to inefficient regular expression complexity. Th…

CVSS: 4.3 CWE: CWE-1333

Medium

CVE-2017-20160

A vulnerability was found in flitto express-param up to 0.x. It has been classified as critical. This affects an unknown part of the file lib/fetchParams.js. The manipulation leads to improper handli…

CVSS: 6.3 CWE: CWE-235

Medium

CVE-2014-125028

A vulnerability was found in valtech IDP Test Client and classified as problematic. Affected by this issue is some unknown functionality of the file python-flask/main.py. The manipulation leads to cr…

CVSS: 4.3 CWE: CWE-352

Low

CVE-2014-125027

A vulnerability has been found in Yuna Scatari TBDev up to 2.1.17 and classified as problematic. Affected by this vulnerability is the function get_user_icons of the file usersearch.php. The manipula…

CVSS: 3.5 CWE: CWE-79

Low

CVE-2017-20159

A vulnerability was found in rf Keynote up to 0.x on Rails. It has been rated as problematic. Affected by this issue is some unknown functionality of the file lib/keynote/rumble.rb. The manipulation…

CVSS: 3.5 CWE: CWE-79

Low

CVE-2017-20158

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in vova07 Yii2 FileAPI Widget up to 0.1.8. It has been declared as problematic. Affected by this vulnerability is the function run of the fil…

CVSS: 3.5 CWE: CWE-79

Medium

CVE-2022-4868

Improper Authorization in GitHub repository froxlor/froxlor prior to 2.0.0-beta1.

CVSS: 4.3 CWE: CWE-285

Medium

CVE-2017-20157

A vulnerability was found in Ariadne Component Library up to 2.x. It has been classified as critical. Affected is an unknown function of the file src/url/Url.php. The manipulation leads to server-sid…

CVSS: 5.5 CWE: CWE-918

Medium

CVE-2017-20156

A vulnerability was found in Exciting Printer and classified as critical. This issue affects some unknown processing of the file lib/printer/jobs/prepare_page.rb of the component Argument Handler. Th…

CVSS: 5.5 CWE: CWE-77

Medium

CVE-2022-4867

Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor prior to 2.0.0-beta1.

CVSS: 4.3 CWE: CWE-352

Critical

CVE-2022-4866

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.

CVSS: 9.0 CWE: CWE-79

Critical

CVE-2022-4865

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.

CVSS: 9.0 CWE: CWE-79

Critical

CVE-2022-48195

An issue was discovered in Mellium mellium.im/sasl before 0.3.1. When performing SCRAM-based SASL authentication, if the remote end advertises support for channel binding, no random nonce is generate…

CVSS: 9.8 CWE: CWE-287

2022-12-30

Medium

CVE-2022-4864

Argument Injection in GitHub repository froxlor/froxlor prior to 2.0.0-beta1.

CVSS: 5.4 CWE: CWE-88

High

CVE-2022-42270

NVIDIA distributions of Linux contain a vulnerability in nvdla_emu_task_submit, where unvalidated input may allow a local attacker to cause stack-based buffer overflow in kernel code, which may lead…

CVSS: 7.8 CWE: CWE-121

High

CVE-2022-42269

NVIDIA Trusted OS contains a vulnerability in an SMC call handler, where failure to validate untrusted input may allow a highly privileged local attacker to cause information disclosure and compromis…

CVSS: 7.9 CWE: CWE-20

High

CVE-2022-42267

NVIDIA GPU Display Driver for Windows contains a vulnerability where a regular user can cause an out-of-bounds read, which may lead to code execution, denial of service, escalation of privileges, inf…

CVSS: 7.0 CWE: CWE-345

Medium

CVE-2022-42266

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where an unprivileged regular user can cause exposure of sensitive in…

CVSS: 5.5 CWE: CWE-200

Medium

CVE-2022-42265

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to information disclosure or data tampering.

CVSS: 5.3 CWE: CWE-190

High

CVE-2022-42264

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause the use of an out-of-range pointer offset, which may lead to data t…

CVSS: 7.1 CWE: CWE-823

High

CVE-2022-42263

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an Integer overflow may lead to denial of service or information disclosure.

CVSS: 7.1 CWE: CWE-190

High

CVE-2022-42262

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where an input index is not validated, which may lead to buffer overrun, which in turn may cause data tampering…

CVSS: 7.1 CWE: CWE-787

High

CVE-2022-42261

CVSS: 7.8 CWE: CWE-120

High

CVE-2022-42260

NVIDIA vGPU Display Driver for Linux guest contains a vulnerability in a D-Bus configuration file, where an unauthorized user in the guest VM can impact protected D-Bus endpoints, which may lead to c…

CVSS: 7.8 CWE: CWE-281

Medium

CVE-2022-42259

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to denial of service.

CVSS: 4.4 CWE: CWE-190

Medium

CVE-2022-42258

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to denial of service, data tampering, or information disclosure.

CVSS: 5.3 CWE: CWE-190

Medium

CVE-2022-42257

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to information disclosure, data tampering or denial of service.

CVSS: 5.3 CWE: CWE-190

Medium

CVE-2022-42256

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow in index validation may lead to denial of service, information disclosure,…

CVSS: 5.3 CWE: CWE-190

Medium

CVE-2022-42255

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an out-of-bounds array access may lead to denial of service, information disclosure, or data t…

CVSS: 5.3 CWE: CWE-787

Medium

CVE-2022-42254

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an out-of-bounds array access may lead to denial of service, data tampering, or information di…

CVSS: 5.3 CWE: CWE-125

Medium

CVE-2022-34684

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an off-by-one error may lead to data tampering or information disclosure.

CVSS: 5.3 CWE: CWE-125

Medium

CVE-2022-34683

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a null-pointer dereference occurs, which may lead to denial of…

CVSS: 5.5 CWE: CWE-476

Medium

CVE-2022-34682

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause a null-pointer dereference, which may lead to denial of service.

CVSS: 5.5 CWE: CWE-476

Medium

CVE-2022-34681

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler, where improper input validation of a display-related data structure may lead to denial…

CVSS: 5.5 CWE: CWE-20

Medium

CVE-2022-34680

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an integer truncation can lead to an out-of-bounds read, which may lead to denial of service.

CVSS: 5.5 CWE: CWE-197

Medium

CVE-2022-34679

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an unhandled return value can lead to a null-pointer dereference, which may lead to denial of serv…

CVSS: 5.5 CWE: CWE-476

Medium

CVE-2022-34678

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged user can cause a null-pointer dereference, which may lead to denial of service.

CVSS: 6.5 CWE: CWE-476

Medium

CVE-2022-34677

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged regular user can cause an integer to be truncated, which may lead to denial of ser…

CVSS: 5.5 CWE: CWE-125

High

CVE-2022-34676

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds read may lead to denial of service, information disclosure, or data tampering.

CVSS: 7.1 CWE: CWE-197

Medium

CVE-2022-34675

NVIDIA Display Driver for Linux contains a vulnerability in the Virtual GPU Manager, where it does not check the return value from a null-pointer dereference, which may lead to denial of service.

CVSS: 5.5 CWE: CWE-476

Medium

CVE-2022-34674

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where a helper function maps more physical pages than were requested, which may lead to undefined behavi…

CVSS: 6.8 CWE: CWE-200

Medium

CVE-2022-34673

CVSS: 4.4 CWE: CWE-190

High

CVE-2022-34672

NVIDIA Control Panel for Windows contains a vulnerability where an unauthorized user or an unprivileged regular user can compromise the security of the software by gaining privileges, reading sensiti…

CVSS: 7.8 CWE: CWE-284

High

CVE-2022-34671

NVIDIA GPU Display Driver for Windows contains a vulnerability in the user-mode layer, where an unprivileged user can cause an out-of-bounds write, which may lead to code execution, information discl…

CVSS: 8.5 CWE: CWE-787

High

CVE-2022-34670

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged regular user can cause truncation errors when casting a primitive to a primitive o…

CVSS: 7.8 CWE: CWE-197

High

CVE-2022-34669

NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can access or modify system files or other files that are critical to the app…

CVSS: 8.8 CWE: CWE-73

Low

CVE-2017-20155

A vulnerability was found in Sterc Google Analytics Dashboard for MODX up to 1.0.5. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file core/co…

CVSS: 3.5 CWE: CWE-79

Critical

CVE-2022-47128

Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the wepkey2 parameter at /goform/WifiBasicSet.

CVSS: 9.8 CWE: CWE-787

Critical

CVE-2022-47127

Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the wrlPwd parameter at /goform/WifiBasicSet.

CVSS: 9.8 CWE: CWE-787

Critical

CVE-2022-47126

Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the wrlEn parameter at /goform/WifiBasicSet.

CVSS: 9.8 CWE: CWE-787

Critical

CVE-2022-47125

Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the wrlEn_5g parameter at /goform/WifiBasicSet.

CVSS: 9.8 CWE: CWE-787

Critical

CVE-2022-47124

Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the wepkey4 parameter at /goform/WifiBasicSet.

CVSS: 9.8 CWE: CWE-787

Critical

CVE-2022-47123

Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the wepkey3 parameter at /goform/WifiBasicSet.

CVSS: 9.8 CWE: CWE-787

Critical

CVE-2022-47122

Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the wrlPwd_5g parameter at /goform/WifiBasicSet.

CVSS: 9.8 CWE: CWE-787

Critical

CVE-2022-47121

Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the wepkey parameter at /goform/WifiBasicSet.

CVSS: 9.8 CWE: CWE-787

Critical

CVE-2022-47120

Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the security_5g parameter at /goform/WifiBasicSet.

CVSS: 9.8 CWE: CWE-787

Critical

CVE-2022-47119

Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the ssid parameter at /goform/WifiBasicSet.

CVSS: 9.8 CWE: CWE-787

Critical

CVE-2022-47118

Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the wepkey1 parameter at /goform/WifiBasicSet.

CVSS: 9.8 CWE: CWE-787

Critical

CVE-2022-47117

Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the security parameter at /goform/WifiBasicSet.

CVSS: 9.8 CWE: CWE-787

High

CVE-2022-47116

Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the SYSPS parameter at /goform/SysToolChangePwd.

CVSS: 7.5 CWE: CWE-787

Critical

CVE-2022-47115

Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the wepauth parameter at /goform/WifiBasicSet.

CVSS: 9.8 CWE: CWE-787

Critical

CVE-2022-46601

TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the setbg_num parameter in the icp_setbg_img (sub_41DD68) function.

CVSS: 9.8 CWE: CWE-787

Critical

CVE-2022-46600

TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the wps_sta_enrollee_pin parameter in the action set_sta_enrollee_pin_24g function.

CVSS: 9.8 CWE: CWE-787

Critical

CVE-2022-46599

TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the setlogo_num parameter in the icp_setlogo_img (sub_41DBF4) function.

CVSS: 9.8 CWE: CWE-787

Critical

CVE-2022-46598

TRENDnet TEW755AP 1.13B01 was discovered to contain a command injection vulnerability via the wps_sta_enrollee_pin parameter in the action set_sta_enrollee_pin_5g function.

CVSS: 9.8 CWE: CWE-78

Critical

CVE-2022-46597

TRENDnet TEW755AP 1.13B01 was discovered to contain a command injection vulnerability via the sys_service parameter in the setup_wizard_mydlink (sub_4104B8) function.

CVSS: 9.8 CWE: CWE-78

Critical

CVE-2022-46596

TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the del_num parameter in the icp_delete_img (sub_41DEDC) function.

CVSS: 9.8 CWE: CWE-787

Critical

CVE-2022-46594

TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the update_file_name parameter in the auto_up_fw (sub_420A04) function.

CVSS: 9.8 CWE: CWE-787

Critical

CVE-2022-46593

TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the wps_sta_enrollee_pin parameter in the do_sta_enrollee_wifi function.

CVSS: 9.8 CWE: CWE-787

Critical

CVE-2022-46592

TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the wps_sta_enrollee_pin parameter in the set_sta_enrollee_pin_5g function.

CVSS: 9.8 CWE: CWE-787

Critical

CVE-2022-46591

TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the reject_url parameter in the reject (sub_41BD60) function.

CVSS: 9.8 CWE: CWE-787

Critical

CVE-2022-46590

TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the cameo.cameo.netstat_rsname parameter in the tools_netstat (sub_41E730) function.

CVSS: 9.8 CWE: CWE-787

Critical

CVE-2022-46589

TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the cameo.cameo.netstat_option parameter in the tools_netstat (sub_41E730) function.

CVSS: 9.8 CWE: CWE-787

Critical

CVE-2022-46588

TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the sys_service parameter in the setup_wizard_mydlink (sub_4104B8) function.

CVSS: 9.8 CWE: CWE-787

Critical

CVE-2022-46586

TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the qcawifi.wifi%d_vap%d.maclist parameter in the kick_ban_wifi_mac_allow (sub_415B00) function.

CVSS: 9.8 CWE: CWE-787

Critical

CVE-2022-46585

TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the REMOTE_USER parameter in the get_access (sub_45AC2C) function.

CVSS: 9.8 CWE: CWE-787

Critical

CVE-2022-46584

TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the qcawifi.wifi%d_vap%d.maclist parameter in the kick_ban_wifi_mac_deny (sub_415D7C) function.

CVSS: 9.8 CWE: CWE-787

Critical

CVE-2022-46583

TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the reboot_type parameter in the wizard_ipv6 (sub_41C380) function.

CVSS: 9.8 CWE: CWE-787

Critical

CVE-2022-46582

TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the login_name parameter in the do_graph_auth (sub_4061E0) function.

CVSS: 9.8 CWE: CWE-787

Critical

CVE-2022-46581

TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the cameo.cameo.nslookup_target parameter in the tools_nslookup function.

CVSS: 9.8 CWE: CWE-787

Critical

CVE-2022-46580

TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the user_edit_page parameter in the wifi_captive_portal function.

CVSS: 9.8 CWE: CWE-787

Low

CVE-2017-20154

A vulnerability was found in ghostlander Phoenixcoin. It has been classified as problematic. Affected is the function CTxMemPool::accept of the file src/main.cpp. The manipulation leads to denial of…

CVSS: 3.5 CWE: CWE-404

Medium

CVE-2022-4863

Improper Handling of Insufficient Permissions or Privileges in GitHub repository usememos/memos prior to 0.9.1.

CVSS: 6.5 CWE: CWE-280

Medium

CVE-2022-4861

Incorrect implementation in authentication protocol in M-Files Client before 22.5.11356.0 allows high privileged user to get other users tokens to another resource.

CVSS: 4.8 CWE: CWE-303

Medium

CVE-2022-4860

A vulnerability was found in KBase Metrics. It has been classified as critical. This affects the function upload_user_data of the file source/daily_cron_jobs/methods_upload_user_stats.py. The manipul…

CVSS: 5.5 CWE: CWE-89

Low

CVE-2022-4859

A vulnerability, which was classified as problematic, has been found in Joget up to 7.0.33. This issue affects the function submitForm of the file wflow-core/src/main/java/org/joget/plugin/enterprise…

CVSS: 3.5 CWE: CWE-79

Medium

CVE-2022-4858

Insertion of Sensitive Information into Log Files in M-Files Server before 22.10.11846.0 could allow to obtain sensitive tokens from logs, if specific configurations were set.

CVSS: 4.4 CWE: CWE-532

Low

CVE-2020-36638

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Chris92de AdminServ. It has been rated as problematic. This issue affects some unknown processing of the file resources/core/adminserv.php…

CVSS: 3.5 CWE: CWE-79

Low

CVE-2020-36637

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Chris92de AdminServ. It has been declared as problematic. This vulnerability affects unknown code of the file resources/core/adminserv.php…

CVSS: 3.5 CWE: CWE-79

Low

CVE-2018-25060

A vulnerability was found in Macaron csrf and classified as problematic. Affected by this issue is some unknown functionality of the file csrf.go. The manipulation of the argument Generate leads to s…

CVSS: 3.7 CWE: CWE-614

Low

CVE-2017-20153

A vulnerability has been found in aerouk imageserve and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument REQUEST_URI leads to cr…

CVSS: 2.6 CWE: CWE-79

Low

CVE-2017-20152

A vulnerability, which was classified as problematic, was found in aerouk imageserve. Affected is an unknown function of the file public/viewer.php of the component File Handler. The manipulation of…

CVSS: 3.1 CWE: CWE-22

Medium

CVE-2017-20151

A vulnerability classified as problematic was found in iText RUPS. This vulnerability affects unknown code of the file src/main/java/com/itextpdf/rups/model/XfaFile.java. The manipulation leads to xm…

CVSS: 5.5 CWE: CWE-611

Critical

CVE-2022-44621

Diagnosis Controller miss parameter validation, so user may attacked by command injection via HTTP Request.

CVSS: 9.8 CWE: CWE-77

High

CVE-2022-43396

In the fix for CVE-2022-24697, a blacklist is used to filter user input commands. But there is a risk of being bypassed. The user can control the command by controlling the kylin.engine.spark-cmd par…

CVSS: 8.8 CWE: CWE-184

Low

CVE-2018-25059

A vulnerability was found in pastebinit up to 0.2.2 and classified as problematic. Affected by this issue is the function pasteHandler of the file server.go. The manipulation of the argument r.URL.Pa…

CVSS: 3.5 CWE: CWE-22

Medium

CVE-2022-4857

A vulnerability was found in Modbus Tools Modbus Poll up to 9.10.0 and classified as critical. Affected by this issue is some unknown functionality of the file mbpoll.exe of the component mbp File Ha…

CVSS: 6.3 CWE: CWE-120

Medium

CVE-2022-4856

A vulnerability has been found in Modbus Tools Modbus Slave up to 7.5.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file mbslave.exe of the component…

CVSS: 6.3 CWE: CWE-120

High

CVE-2022-4855

A vulnerability, which was classified as critical, was found in SourceCodester Lead Management System 1.0. Affected is an unknown function of the file login.php. The manipulation of the argument user…

CVSS: 7.3 CWE: CWE-89

High

CVE-2022-48196

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects RAX40 before 1.0.2.60, RAX35 before 1.0.2.60, R6400v2 before 1.0.4.122, R6700v3 before 1.0.4.122…

CVSS: 7.4 CWE: CWE-120

High

CVE-2022-48194

TP-Link TL-WR902AC devices through V3 0.9.1 allow remote authenticated attackers to execute arbitrary code or cause a Denial of Service (DoS) by uploading a crafted firmware update because the signat…

CVSS: 8.8 CWE: CWE-434

High

CVE-2022-44137

SourceCodester Sanitization Management System 1.0 is vulnerable to SQL Injection.

CVSS: 7.2 CWE: CWE-89

2022-12-29

Critical

CVE-2022-36437

The Connection handler in Hazelcast and Hazelcast Jet allows a remote unauthenticated attacker to access and manipulate data in the cluster with the identity of another already authenticated connecti…

CVSS: 9.1 CWE: CWE-384

Medium

CVE-2022-30519

XSS in signing form in Reprise Software RLM License Administration v14.2BL4 allows remote attacker to inject arbitrary code via password field.

CVSS: 6.1 CWE: CWE-79

High

CVE-2022-38212

Protections against potential Server-Side Request Forgery (SSRF) vulnerabilities in Esri Portal for ArcGIS versions 10.8.1 and below were not fully honored and may allow a remote, unauthenticated att…

CVSS: 7.5 CWE: CWE-918

High

CVE-2022-38211

Protections against potential Server-Side Request Forgery (SSRF) vulnerabilities in Esri Portal for ArcGIS versions 10.9.1 and below were not fully honored and may allow a remote, unauthenticated att…

CVSS: 7.5 CWE: CWE-918

Medium

CVE-2022-38210

There is a reflected HTML injection vulnerability in Esri Portal for ArcGIS versions 10.9.1 and below that may allow a remote, unauthenticated attacker to create a crafted link which when clicked cou…

CVSS: 6.1 CWE: CWE-80

Medium

CVE-2022-38209

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 and below which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could execute…

CVSS: 6.1 CWE: CWE-79

Medium

CVE-2022-38208

There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary web…

CVSS: 6.1 CWE: CWE-601

Medium

CVE-2022-38207

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.8.1 and 10.7.1 which may allow a remote remote, unauthenticated attacker to create a crafted link which when clicked which…

CVSS: 6.1 CWE: CWE-79

Medium

CVE-2022-38206

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 and below which may allow a remote remote, unauthenticated attacker to create a crafted link which when clicked could…

CVSS: 6.1 CWE: CWE-79

High

CVE-2022-38205

In some non-default installations of Esri Portal for ArcGIS versions 10.9.1 and below, a directory traversal issue may allow a remote, unauthenticated attacker to traverse the file system and lead to…

CVSS: 8.6 CWE: CWE-23

Medium

CVE-2022-38204

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.8.1 and 10.7.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potent…

CVSS: 6.1 CWE: CWE-79

High

CVE-2022-38203

CVSS: 7.5 CWE: CWE-918

Medium

CVE-2022-46181

Gotify server is a simple server for sending and receiving messages in real-time per WebSocket. Versions prior to 2.2.2 contain an XSS vulnerability that allows authenticated users to upload .html fi…

CVSS: 6.1 CWE: CWE-79

High

CVE-2022-46178

MeterSphere is a one-stop open source continuous testing platform, covering test management, interface testing, UI testing and performance testing. Versions prior to 2.5.1 allow users to upload a fil…

CVSS: 7.4 CWE: CWE-22

Medium

CVE-2022-4851

Improper Handling of Values in GitHub repository usememos/memos prior to 0.9.1.

CVSS: 5.3 CWE: CWE-229

Medium

CVE-2022-4850

Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.

CVSS: 6.5 CWE: CWE-352

Medium

CVE-2022-4849

Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.

CVSS: 6.5 CWE: CWE-352

Medium

CVE-2022-4848

Improper Verification of Source of a Communication Channel in GitHub repository usememos/memos prior to 0.9.1.

CVSS: 5.7 CWE: CWE-940