The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2022-23261 | Microsoft Edge (Chromium-based) Tampering Vulnerability | MEDIUM | Feb 7, 2022 | n/a |
| CVE-2022-23262 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | MEDIUM | Feb 7, 2022 | n/a |
| CVE-2022-23263 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | MEDIUM | Feb 7, 2022 | n/a |
| CVE-2022-23264 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | -- | Jun 29, 2023 | n/a |
| CVE-2022-23265 | Microsoft Defender for IoT Remote Code Execution Vulnerability | MEDIUM | Mar 14, 2022 | n/a |
| CVE-2022-23266 | Microsoft Defender for IoT Elevation of Privilege Vulnerability | HIGH | Mar 14, 2022 | n/a |
| CVE-2022-23267 | .NET and Visual Studio Denial of Service Vulnerability | MEDIUM | May 11, 2022 | n/a |
| CVE-2022-23268 | Windows Hyper-V Denial of Service Vulnerability | LOW | Apr 15, 2022 | n/a |
| CVE-2022-23269 | Microsoft Dynamics GP Spoofing Vulnerability | MEDIUM | Feb 9, 2022 | n/a |
| CVE-2022-23270 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | HIGH | May 11, 2022 | n/a |
| CVE-2022-23271 | Microsoft Dynamics GP Elevation Of Privilege Vulnerability | HIGH | Feb 9, 2022 | n/a |
| CVE-2022-23272 | Microsoft Dynamics GP Elevation Of Privilege Vulnerability | HIGH | Feb 9, 2022 | n/a |
| CVE-2022-23273 | Microsoft Dynamics GP Elevation Of Privilege Vulnerability | HIGH | Feb 9, 2022 | n/a |
| CVE-2022-23274 | Microsoft Dynamics GP Remote Code Execution Vulnerability | MEDIUM | Feb 9, 2022 | n/a |
| CVE-2022-23276 | SQL Server for Linux Containers Elevation of Privilege Vulnerability | MEDIUM | Feb 9, 2022 | n/a |
| CVE-2022-23277 | Microsoft Exchange Server Remote Code Execution Vulnerability | MEDIUM | Mar 14, 2022 | n/a |
| CVE-2022-23278 | Microsoft Defender for Endpoint Spoofing Vulnerability | MEDIUM | Mar 14, 2022 | n/a |
| CVE-2022-23279 | Windows ALPC Elevation of Privilege Vulnerability | MEDIUM | May 11, 2022 | n/a |
| CVE-2022-23280 | Microsoft Outlook for Mac Security Feature Bypass Vulnerability | MEDIUM | Feb 10, 2022 | n/a |
| CVE-2022-23281 | Windows Common Log File System Driver Information Disclosure Vulnerability | LOW | Mar 14, 2022 | n/a |
| CVE-2022-23282 | Paint 3D Remote Code Execution Vulnerability | MEDIUM | Mar 14, 2022 | n/a |
| CVE-2022-23283 | Windows ALPC Elevation of Privilege Vulnerability | MEDIUM | Mar 14, 2022 | n/a |
| CVE-2022-23284 | Windows Print Spooler Elevation of Privilege Vulnerability | HIGH | Mar 14, 2022 | n/a |
| CVE-2022-23285 | Remote Desktop Client Remote Code Execution Vulnerability | MEDIUM | Mar 14, 2022 | n/a |
| CVE-2022-23286 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | MEDIUM | Mar 14, 2022 | n/a |
| CVE-2022-23287 | Windows ALPC Elevation of Privilege Vulnerability | MEDIUM | Mar 14, 2022 | n/a |
| CVE-2022-23288 | Windows DWM Core Library Elevation of Privilege Vulnerability | MEDIUM | Mar 14, 2022 | n/a |
| CVE-2022-23290 | Windows Inking COM Elevation of Privilege Vulnerability | HIGH | Mar 14, 2022 | n/a |
| CVE-2022-23291 | Windows DWM Core Library Elevation of Privilege Vulnerability | HIGH | Mar 14, 2022 | n/a |
| CVE-2022-23292 | Microsoft Power BI Spoofing Vulnerability | MEDIUM | Apr 15, 2022 | n/a |
| CVE-2022-23293 | Windows Fast FAT File System Driver Elevation of Privilege Vulnerability | HIGH | Mar 14, 2022 | n/a |
| CVE-2022-23294 | Windows Event Tracing Remote Code Execution Vulnerability | MEDIUM | Mar 14, 2022 | n/a |
| CVE-2022-23295 | Raw Image Extension Remote Code Execution Vulnerability | MEDIUM | Mar 14, 2022 | n/a |
| CVE-2022-23296 | Windows Installer Elevation of Privilege Vulnerability | HIGH | Mar 14, 2022 | n/a |
| CVE-2022-23297 | Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability | LOW | Mar 14, 2022 | n/a |
| CVE-2022-23298 | Windows NT OS Kernel Elevation of Privilege Vulnerability | MEDIUM | Mar 14, 2022 | n/a |
| CVE-2022-23299 | Windows PDEV Elevation of Privilege Vulnerability | HIGH | Mar 14, 2022 | n/a |
| CVE-2022-23300 | Raw Image Extension Remote Code Execution Vulnerability | MEDIUM | Mar 14, 2022 | n/a |
| CVE-2022-23301 | HEVC Video Extensions Remote Code Execution Vulnerability | MEDIUM | Mar 14, 2022 | n/a |
| CVE-2022-23302 | JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configuration causing JMSSink to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-4104. Note this issue only affects Log4j 1.x when specifically configured to use JMSSink, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions. | MEDIUM | Jan 18, 2022 | n/a |
| CVE-2022-23303 | The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9494. | MEDIUM | Jan 18, 2022 | n/a |
| CVE-2022-23304 | The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495. | MEDIUM | Jan 18, 2022 | n/a |
| CVE-2022-23305 | By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings into input fields or headers of an application that are logged allowing unintended SQL queries to be executed. Note this issue only affects Log4j 1.x when specifically configured to use the JDBCAppender, which is not the default. Beginning in version 2.0-beta8, the JDBCAppender was re-introduced with proper support for parameterized SQL queries and further customization over the columns written to in logs. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions. | MEDIUM | Jan 18, 2022 | n/a |
| CVE-2022-23307 | CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists. | HIGH | Jan 18, 2022 | n/a |
| CVE-2022-23308 | valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. | MEDIUM | Feb 21, 2022 | n/a |
| CVE-2022-23312 | A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP9 Security Patch 1). The integrated web application Online Help in affected product contains a Cross-Site Scripting (XSS) vulnerability that could be exploited if unsuspecting users are tricked into accessing a malicious link. | MEDIUM | Feb 9, 2022 | n/a |
| CVE-2022-23314 | MCMS v5.2.4 was discovered to contain a SQL injection vulnerability via /ms/mdiy/model/importJson.do. | HIGH | Jan 21, 2022 | n/a |
| CVE-2022-23315 | MCMS v5.2.4 was discovered to contain an arbitrary file upload vulnerability via the component /ms/template/writeFileContent.do. | HIGH | Jan 21, 2022 | n/a |
| CVE-2022-23316 | An issue was discovered in taoCMS v3.0.2. There is an arbitrary file read vulnerability that can read any files via admin.php?action=file&ctrl=download&path=../../1.txt. | MEDIUM | Feb 8, 2022 | n/a |
| CVE-2022-23317 | CobaltStrike <=4.5 HTTP(S) listener does not determine whether the request URL begins with /, and attackers can obtain relevant information by specifying the URL. | MEDIUM | Feb 15, 2022 | n/a |
