The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date | Fixed Release |
---|---|---|---|---|
CVE-2022-23270 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | HIGH | May 11, 2022 | n/a |
CVE-2022-23271 | Microsoft Dynamics GP Elevation Of Privilege Vulnerability | HIGH | Feb 9, 2022 | n/a |
CVE-2022-23272 | Microsoft Dynamics GP Elevation Of Privilege Vulnerability | HIGH | Feb 9, 2022 | n/a |
CVE-2022-23273 | Microsoft Dynamics GP Elevation Of Privilege Vulnerability | HIGH | Feb 9, 2022 | n/a |
CVE-2022-23274 | Microsoft Dynamics GP Remote Code Execution Vulnerability | MEDIUM | Feb 9, 2022 | n/a |
CVE-2022-23276 | SQL Server for Linux Containers Elevation of Privilege Vulnerability | MEDIUM | Feb 9, 2022 | n/a |
CVE-2022-23277 | Microsoft Exchange Server Remote Code Execution Vulnerability | MEDIUM | Mar 14, 2022 | n/a |
CVE-2022-23278 | Microsoft Defender for Endpoint Spoofing Vulnerability | MEDIUM | Mar 14, 2022 | n/a |
CVE-2022-23279 | Windows ALPC Elevation of Privilege Vulnerability | MEDIUM | May 11, 2022 | n/a |
CVE-2022-23280 | Microsoft Outlook for Mac Security Feature Bypass Vulnerability | MEDIUM | Feb 10, 2022 | n/a |
CVE-2022-23281 | Windows Common Log File System Driver Information Disclosure Vulnerability | LOW | Mar 14, 2022 | n/a |
CVE-2022-23282 | Paint 3D Remote Code Execution Vulnerability | MEDIUM | Mar 14, 2022 | n/a |
CVE-2022-23283 | Windows ALPC Elevation of Privilege Vulnerability | MEDIUM | Mar 14, 2022 | n/a |
CVE-2022-23284 | Windows Print Spooler Elevation of Privilege Vulnerability | HIGH | Mar 14, 2022 | n/a |
CVE-2022-23285 | Remote Desktop Client Remote Code Execution Vulnerability | MEDIUM | Mar 14, 2022 | n/a |
CVE-2022-23286 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | MEDIUM | Mar 14, 2022 | n/a |
CVE-2022-23287 | Windows ALPC Elevation of Privilege Vulnerability | MEDIUM | Mar 14, 2022 | n/a |
CVE-2022-23288 | Windows DWM Core Library Elevation of Privilege Vulnerability | MEDIUM | Mar 14, 2022 | n/a |
CVE-2022-23290 | Windows Inking COM Elevation of Privilege Vulnerability | HIGH | Mar 14, 2022 | n/a |
CVE-2022-23291 | Windows DWM Core Library Elevation of Privilege Vulnerability | HIGH | Mar 14, 2022 | n/a |
CVE-2022-23292 | Microsoft Power BI Spoofing Vulnerability | MEDIUM | Apr 15, 2022 | n/a |
CVE-2022-23293 | Windows Fast FAT File System Driver Elevation of Privilege Vulnerability | HIGH | Mar 14, 2022 | n/a |
CVE-2022-23294 | Windows Event Tracing Remote Code Execution Vulnerability | MEDIUM | Mar 14, 2022 | n/a |
CVE-2022-23295 | Raw Image Extension Remote Code Execution Vulnerability | MEDIUM | Mar 14, 2022 | n/a |
CVE-2022-23296 | Windows Installer Elevation of Privilege Vulnerability | HIGH | Mar 14, 2022 | n/a |
CVE-2022-23297 | Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability | LOW | Mar 14, 2022 | n/a |
CVE-2022-23298 | Windows NT OS Kernel Elevation of Privilege Vulnerability | MEDIUM | Mar 14, 2022 | n/a |
CVE-2022-23299 | Windows PDEV Elevation of Privilege Vulnerability | HIGH | Mar 14, 2022 | n/a |
CVE-2022-23300 | Raw Image Extension Remote Code Execution Vulnerability | MEDIUM | Mar 14, 2022 | n/a |
CVE-2022-23301 | HEVC Video Extensions Remote Code Execution Vulnerability | MEDIUM | Mar 14, 2022 | n/a |
CVE-2022-23302 | JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configuration causing JMSSink to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-4104. Note this issue only affects Log4j 1.x when specifically configured to use JMSSink, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions. | MEDIUM | Jan 18, 2022 | n/a |
CVE-2022-23303 | The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9494. | MEDIUM | Jan 18, 2022 | n/a |
CVE-2022-23304 | The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495. | MEDIUM | Jan 18, 2022 | n/a |
CVE-2022-23305 | By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings into input fields or headers of an application that are logged allowing unintended SQL queries to be executed. Note this issue only affects Log4j 1.x when specifically configured to use the JDBCAppender, which is not the default. Beginning in version 2.0-beta8, the JDBCAppender was re-introduced with proper support for parameterized SQL queries and further customization over the columns written to in logs. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions. | MEDIUM | Jan 18, 2022 | n/a |
CVE-2022-23307 | CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists. | HIGH | Jan 18, 2022 | n/a |
CVE-2022-23308 | valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. | MEDIUM | Feb 21, 2022 | n/a |
CVE-2022-23312 | A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP9 Security Patch 1). The integrated web application Online Help in affected product contains a Cross-Site Scripting (XSS) vulnerability that could be exploited if unsuspecting users are tricked into accessing a malicious link. | MEDIUM | Feb 9, 2022 | n/a |
CVE-2022-23314 | MCMS v5.2.4 was discovered to contain a SQL injection vulnerability via /ms/mdiy/model/importJson.do. | HIGH | Jan 21, 2022 | n/a |
CVE-2022-23315 | MCMS v5.2.4 was discovered to contain an arbitrary file upload vulnerability via the component /ms/template/writeFileContent.do. | HIGH | Jan 21, 2022 | n/a |
CVE-2022-23316 | An issue was discovered in taoCMS v3.0.2. There is an arbitrary file read vulnerability that can read any files via admin.php?action=file&ctrl=download&path=../../1.txt. | MEDIUM | Feb 8, 2022 | n/a |
CVE-2022-23317 | CobaltStrike <=4.5 HTTP(S) listener does not determine whether the request URL begins with /, and attackers can obtain relevant information by specifying the URL. | MEDIUM | Feb 15, 2022 | n/a |
CVE-2022-23318 | A heap-buffer-overflow in pcf2bdf, versions >= 1.05 allows an attacker to trigger unsafe memory access via a specially crafted PCF font file. This out-of-bound read may lead to an application crash, information disclosure via program memory or other context-dependent impact. | MEDIUM | Feb 18, 2022 | n/a |
CVE-2022-23319 | A segmentation fault during PCF file parsing in pcf2bdf versions >=1.05 allows an attacker to trigger a program crash via a specially crafted PCF font file. This crash affects the availability of the software and dependent downstream components. | MEDIUM | Feb 18, 2022 | n/a |
CVE-2022-23320 | XMPie uStore 12.3.7244.0 allows for administrators to generate reports based on raw SQL queries. Since the application ships with default administrative credentials, an attacker may authenticate into the application and exfiltrate sensitive information from the database. | MEDIUM | Feb 7, 2022 | n/a |
CVE-2022-23321 | A persistent cross-site scripting (XSS) vulnerability exists on two input fields within the administrative panel when editing users in the XMPie UStore application on version 12.3.7244.0. | LOW | Feb 10, 2022 | n/a |
CVE-2022-23327 | A design flaw in Go-Ethereum 1.10.12 and older versions allows an attacker node to send 5120 future transactions with a high gas price in one message, which can purge all of pending transactions in a victim node\'s memory pool, causing a denial of service (DoS). | MEDIUM | Mar 4, 2022 | n/a |
CVE-2022-23328 | A design flaw in all versions of Go-Ethereum allows an attacker node to send 5120 pending transactions of a high gas price from one account that all fully spend the full balance of the account to a victim Geth node, which can purge all of pending transactions in a victim node\'s memory pool and then occupy the memory pool to prevent new transactions from entering the pool, resulting in a denial of service (DoS). | MEDIUM | Mar 4, 2022 | n/a |
CVE-2022-23329 | A vulnerability in ${freemarker.template.utility.Execute?new() of UJCMS Jspxcms v10.2.0 allows attackers to execute arbitrary commands via uploading malicious files. | HIGH | Feb 9, 2022 | n/a |
CVE-2022-23330 | A remote code execution (RCE) vulnerability in HelloWorldAddonController.java of jpress v4.2.0 allows attackers to execute arbitrary code via a crafted JAR package. | MEDIUM | Feb 9, 2022 | n/a |
CVE-2022-23331 | In DataEase v1.6.1, an authenticated user can gain unauthorized access to all user information and can change the administrator password. | MEDIUM | Feb 11, 2022 | n/a |