The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2022-37926 | A vulnerability within the web-based management interface of EdgeConnect Enterprise could allow a remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface by uploading a specially crafted file. A successful exploit could allow an attacker to execute arbitrary script code in a victim\'s browser in the context of the affected interface in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below. | -- | Dec 13, 2022 | n/a |
| CVE-2022-37927 | URL Redirection to Untrusted Site (\'Open Redirect\') vulnerability in Hewlett Packard Enterprise HPE OneView Global Dashboard (OVGD). | -- | Dec 13, 2022 | n/a |
| CVE-2022-37928 | Insufficient Verification of Data Authenticity vulnerability in Hewlett Packard Enterprise HPE Nimble Storage Hybrid Flash Arrays and Nimble Storage Secondary Flash Arrays. | -- | Dec 14, 2022 | n/a |
| CVE-2022-37929 | Improper Privilege Management vulnerability in Hewlett Packard Enterprise Nimble Storage Hybrid Flash Arrays and Nimble Storage Secondary Flash Arrays. | -- | Dec 13, 2022 | n/a |
| CVE-2022-37930 | A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays and HPE Nimble Storage Secondary Flash Arrays which could potentially allow local disclosure of sensitive information. | -- | Dec 14, 2022 | n/a |
| CVE-2022-37931 | A vulnerability in NetBatch-Plus software allows unauthorized access to the application. HPE has provided a workaround and fix. Please refer to HPE Security Bulletin HPESBNS04388 for details. | -- | Nov 22, 2022 | n/a |
| CVE-2022-37932 | A potential security vulnerability has been identified in Hewlett Packard Enterprise OfficeConnect 1820, 1850, and 1920S Network switches. The vulnerability could be remotely exploited to allow authentication bypass. HPE has made the following software updates to resolve the vulnerability in Hewlett Packard Enterprise OfficeConnect 1820, 1850 and 1920S Network switches versions: Prior to PT.02.14; Prior to PC.01.22; Prior to PO.01.21; Prior to PD.02.22; | -- | Dec 15, 2022 | n/a |
| CVE-2022-37933 | A potential security vulnerability has been identified in HPE Superdome Flex and Superdome Flex 280 servers. The vulnerability could be exploited to allow local unauthorized data injection. HPE has made the following software updates to resolve the vulnerability in HPE Superdome Flex firmware 3.60.50 and below and Superdome Flex 280 servers firmware 1.40.60 and below. | -- | Jan 5, 2023 | n/a |
| CVE-2022-37934 | A potential security vulnerability has been identified in HPE OfficeConnect 1820, and 1850 switch series. The vulnerability could be remotely exploited to allow remote directory traversal in HPE OfficeConnect 1820 switch series version PT.02.17 and below, HPE OfficeConnect 1850 switch series version PC.01.23 and below, and HPE OfficeConnect 1850 (10G aggregator) switch version PO.01.22 and below. | -- | Jan 5, 2023 | n/a |
| CVE-2022-37935 | HPE OneView for VMware vCenter, in certain circumstances, may disclose the “HPE OneView” Username and Password. | -- | Mar 1, 2023 | n/a |
| CVE-2022-37936 | Unauthenticated Java deserialization vulnerability in Serviceguard Manager | -- | Mar 1, 2023 | n/a |
| CVE-2022-37937 | Pre-auth memory corruption in HPE Serviceguard | -- | Mar 1, 2023 | n/a |
| CVE-2022-37938 | Unauthenticated server side request forgery in HPE Serviceguard Manager | -- | Mar 1, 2023 | n/a |
| CVE-2022-37939 | A potential security vulnerability has been identified in HPE Superdome Flex and Superdome Flex 280 servers. The vulnerability could be locally exploited to allow disclosure of information. HPE has made the following software to resolve the vulnerability in HPE Superdome Flex Servers v3.65.8 and Superdome Flex 280 Servers v1.45.8. | -- | Mar 11, 2023 | n/a |
| CVE-2022-37940 | Potential security vulnerabilities have been identified in the HPE FlexFabric 5700 Switch Series. These vulnerabilities could be remotely exploited to allow host header injection and URL redirection. HPE has made the following software to resolve the vulnerability in HPE FlexFabric 5700 Switch Series version R2432P61 or later. | -- | Mar 22, 2023 | n/a |
| CVE-2022-37941 | Rejected reason: Not used in 2022 | -- | Mar 14, 2023 | n/a |
| CVE-2022-37942 | Rejected reason: Not used in 2022 | -- | Mar 14, 2023 | n/a |
| CVE-2022-37943 | Rejected reason: Not used in 2022 | -- | Mar 14, 2023 | n/a |
| CVE-2022-37944 | Rejected reason: Not used in 2022 | -- | Mar 14, 2023 | n/a |
| CVE-2022-37945 | Rejected reason: Not used in 2022 | -- | Mar 14, 2023 | n/a |
| CVE-2022-37946 | Rejected reason: Not used in 2022 | -- | Mar 14, 2023 | n/a |
| CVE-2022-37947 | Rejected reason: Not used in 2022 | -- | Mar 14, 2023 | n/a |
| CVE-2022-37948 | Rejected reason: Not used in 2022 | -- | Mar 14, 2023 | n/a |
| CVE-2022-37949 | Rejected reason: Not used in 2022 | -- | Mar 14, 2023 | n/a |
| CVE-2022-37950 | Rejected reason: Not used in 2022 | -- | Mar 14, 2023 | n/a |
| CVE-2022-37951 | Rejected reason: Not used in 2022 | -- | Mar 14, 2023 | n/a |
| CVE-2022-37952 | A reflected cross-site scripting (XSS) vulnerability exists in the iHistorian Data Display of WorkstationST (<v07.09.15) could allow an attacker to compromise a victim\'s browser. WorkstationST is only deployed in specific, controlled environments rendering attack complexity significantly higher than if the attack were conducted on the software in isolation. WorkstationST v07.09.15 can be found in ControlST v07.09.07 SP8 and greater. | -- | Aug 25, 2022 | n/a |
| CVE-2022-37953 | An HTTP response splitting vulnerability exists in the AM Gateway Challenge-Response dialog of WorkstationST (<v07.09.15) and could allow an attacker to compromise a victim\'s browser/session. WorkstationST is only deployed in specific, controlled environments rendering attack complexity significantly higher than if the attack were conducted on the software in isolation. WorkstationST v07.09.15 can be found in ControlST v07.09.07 SP8 and greater. | -- | Aug 25, 2022 | n/a |
| CVE-2022-37954 | DirectX Graphics Kernel Elevation of Privilege Vulnerability | -- | Sep 17, 2022 | n/a |
| CVE-2022-37955 | Windows Group Policy Elevation of Privilege Vulnerability | -- | Sep 16, 2022 | n/a |
| CVE-2022-37956 | Windows Kernel Elevation of Privilege Vulnerability | -- | Sep 16, 2022 | n/a |
| CVE-2022-37957 | Windows Kernel Elevation of Privilege Vulnerability | -- | Sep 16, 2022 | n/a |
| CVE-2022-37958 | SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability | -- | Sep 16, 2022 | n/a |
| CVE-2022-37959 | Network Device Enrollment Service (NDES) Security Feature Bypass Vulnerability | -- | Sep 16, 2022 | n/a |
| CVE-2022-37961 | Microsoft SharePoint Server Remote Code Execution Vulnerability | -- | Sep 16, 2022 | n/a |
| CVE-2022-37962 | Microsoft PowerPoint Remote Code Execution Vulnerability | -- | Sep 16, 2022 | n/a |
| CVE-2022-37963 | Microsoft Office Visio Remote Code Execution Vulnerability | -- | Sep 16, 2022 | n/a |
| CVE-2022-37964 | Windows Kernel Elevation of Privilege Vulnerability | -- | Sep 16, 2022 | n/a |
| CVE-2022-37965 | Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability | -- | Oct 12, 2022 | n/a |
| CVE-2022-37966 | Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability | -- | Nov 10, 2022 | n/a |
| CVE-2022-37967 | Windows Kerberos Elevation of Privilege Vulnerability | -- | Nov 10, 2022 | n/a |
| CVE-2022-37968 | <p>Microsoft has identified a vulnerability affecting the cluster connect feature of Azure Arc-enabled Kubernetes clusters. This vulnerability could allow an unauthenticated user to elevate their privileges and potentially gain administrative control over the Kubernetes cluster. Additionally, because Azure Stack Edge allows customers to deploy Kubernetes workloads on their devices via Azure Arc, Azure Stack Edge devices are also vulnerable to this vulnerability.</p> | -- | Oct 12, 2022 | n/a |
| CVE-2022-37969 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | -- | Sep 16, 2022 | n/a |
| CVE-2022-37970 | Windows DWM Core Library Elevation of Privilege Vulnerability | -- | Oct 12, 2022 | n/a |
| CVE-2022-37971 | Microsoft Windows Defender Elevation of Privilege Vulnerability | -- | Oct 12, 2022 | n/a |
| CVE-2022-37972 | Microsoft Endpoint Configuration Manager Spoofing Vulnerability | -- | Sep 22, 2022 | n/a |
| CVE-2022-37973 | Windows Local Session Manager (LSM) Denial of Service Vulnerability | -- | Oct 12, 2022 | n/a |
| CVE-2022-37974 | Windows Mixed Reality Developer Tools Information Disclosure Vulnerability | -- | Oct 12, 2022 | n/a |
| CVE-2022-37975 | Windows Group Policy Elevation of Privilege Vulnerability | -- | Oct 12, 2022 | n/a |
| CVE-2022-37976 | Active Directory Certificate Services Elevation of Privilege Vulnerability | -- | Oct 12, 2022 | n/a |
