The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2022-38030 | Windows USB Serial Driver Information Disclosure Vulnerability | -- | Oct 12, 2022 | n/a |
| CVE-2022-38031 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | -- | Oct 12, 2022 | n/a |
| CVE-2022-38032 | Windows Portable Device Enumerator Service Security Feature Bypass Vulnerability | -- | Oct 12, 2022 | n/a |
| CVE-2022-38033 | Windows Server Remotely Accessible Registry Keys Information Disclosure Vulnerability | -- | Oct 12, 2022 | n/a |
| CVE-2022-38034 | Windows Workstation Service Elevation of Privilege Vulnerability | -- | Oct 12, 2022 | n/a |
| CVE-2022-38036 | Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability | -- | Oct 12, 2022 | n/a |
| CVE-2022-38037 | Windows Kernel Elevation of Privilege Vulnerability | -- | Oct 12, 2022 | n/a |
| CVE-2022-38038 | Windows Kernel Elevation of Privilege Vulnerability | -- | Oct 12, 2022 | n/a |
| CVE-2022-38039 | Windows Kernel Elevation of Privilege Vulnerability | -- | Oct 12, 2022 | n/a |
| CVE-2022-38040 | Microsoft ODBC Driver Remote Code Execution Vulnerability | -- | Oct 12, 2022 | n/a |
| CVE-2022-38041 | Windows Secure Channel Denial of Service Vulnerability | -- | Oct 12, 2022 | n/a |
| CVE-2022-38042 | Active Directory Domain Services Elevation of Privilege Vulnerability | -- | Oct 12, 2022 | n/a |
| CVE-2022-38043 | Windows Security Support Provider Interface Information Disclosure Vulnerability | -- | Oct 12, 2022 | n/a |
| CVE-2022-38044 | Windows CD-ROM File System Driver Remote Code Execution Vulnerability | -- | Oct 12, 2022 | n/a |
| CVE-2022-38045 | Windows Server Service Elevation of Privilege Vulnerability | -- | Oct 12, 2022 | n/a |
| CVE-2022-38046 | Web Account Manager Information Disclosure Vulnerability | -- | Oct 12, 2022 | n/a |
| CVE-2022-38047 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | -- | Oct 13, 2022 | n/a |
| CVE-2022-38048 | Microsoft Office Remote Code Execution Vulnerability | -- | Oct 12, 2022 | n/a |
| CVE-2022-38049 | Microsoft Office Graphics Remote Code Execution Vulnerability | -- | Oct 13, 2022 | n/a |
| CVE-2022-38050 | Win32k Elevation of Privilege Vulnerability | -- | Oct 13, 2022 | n/a |
| CVE-2022-38051 | Windows Graphics Component Elevation of Privilege Vulnerability | -- | Oct 13, 2022 | n/a |
| CVE-2022-38053 | Microsoft SharePoint Server Remote Code Execution Vulnerability | -- | Oct 13, 2022 | n/a |
| CVE-2022-38054 | In Apache Airflow versions 2.2.4 through 2.3.3, the `database` webserver session backend was susceptible to session fixation. | -- | Sep 2, 2022 | n/a |
| CVE-2022-38056 | Improper neutralization in the Intel(R) EMA software before version 1.8.1.0 may allow a privileged user to potentially enable escalation of privilege via network access. | -- | Feb 17, 2023 | n/a |
| CVE-2022-38057 | Missing Authorization vulnerability in ThemeHunk Advance WordPress Search Plugin.This issue affects Advance WordPress Search Plugin: from n/a through 1.2.1. | -- | Mar 25, 2024 | n/a |
| CVE-2022-38058 | Authenticated (subscriber+) Plugin Setting change vulnerability in WP Shamsi plugin <= 4.1.1 at WordPress. | -- | Sep 10, 2022 | n/a |
| CVE-2022-38059 | Cross-Site Request Forgery (CSRF) vulnerability in Alexey Trofimov\'s Access Code Feeder plugin <= 1.0.3 at WordPress. | -- | Sep 10, 2022 | n/a |
| CVE-2022-38060 | A privilege escalation vulnerability exists in the sudo functionality of OpenStack Kolla git master 05194e7618. A misconfiguration in /etc/sudoers within a container can lead to increased privileges. | -- | Dec 21, 2022 | n/a |
| CVE-2022-38061 | Authenticated (author+) CSV Injection vulnerability in Export Post Info plugin <= 1.2.0 at WordPress. | -- | Sep 23, 2022 | n/a |
| CVE-2022-38062 | Cross-Site Request Forgery (CSRF) vulnerability in Metagauss Download Theme plugin <= 1.0.9 versions. | -- | Jul 17, 2023 | n/a |
| CVE-2022-38063 | Cross-Site Request Forgery (CSRF) vulnerability in Social Login WP plugin <= 5.0.0.0 versions. | -- | Mar 16, 2023 | n/a |
| CVE-2022-38064 | OpenHarmony-v3.1.2 and prior versions have a permission bypass vulnerability. Local attackers can bypass permission control and get sensitive information. | -- | Sep 10, 2022 | n/a |
| CVE-2022-38065 | A privilege escalation vulnerability exists in the oslo.privsep functionality of OpenStack git master 05194e7618 and prior. Overly permissive functionality within tools leveraging this library within a container can lead increased privileges. | -- | Dec 21, 2022 | n/a |
| CVE-2022-38066 | An OS command injection vulnerability exists in the httpd SNMP functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP response can lead to arbitrary command execution. An attacker can send a network request to trigger this vulnerability. | -- | Jan 27, 2023 | n/a |
| CVE-2022-38067 | Unauthenticated Event Deletion vulnerability in Totalsoft Event Calendar – Calendar plugin <= 1.4.6 at WordPress. | -- | Sep 9, 2022 | n/a |
| CVE-2022-38068 | Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Apasionados Export Post Info plugin <= 1.1.0 at WordPress. | -- | Sep 10, 2022 | n/a |
| CVE-2022-38069 | Multiple globally default credentials exist across all CMS8000 devices, that once exposed, allow a threat actor with momentary physical access to gain privileged access to any device. Privileged credential access enables the extraction of sensitive patient information or modification of device parameters | -- | Sep 14, 2022 | n/a |
| CVE-2022-38070 | Privilege Escalation (subscriber+) vulnerability in Pop-up plugin <= 1.1.5 at WordPress. | -- | Sep 10, 2022 | n/a |
| CVE-2022-38072 | An improper array index validation vulnerability exists in the stl_fix_normal_directions functionality of ADMesh Master Commit 767a105 and v0.98.4. A specially-crafted stl file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. | -- | Apr 3, 2023 | n/a |
| CVE-2022-38073 | Multiple Authenticated (custom specific plugin role) Persistent Cross-Site Scripting (XSS) vulnerability in Awesome Support plugin <= 6.0.7 at WordPress. | -- | Sep 23, 2022 | n/a |
| CVE-2022-38074 | SQL Injection vulnerability in VeronaLabs WP Statistics plugin <= 13.2.10 versions. | -- | Mar 16, 2023 | n/a |
| CVE-2022-38075 | Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) in Mantenimiento web plugin <= 0.13 on WordPress. | -- | Nov 18, 2022 | n/a |
| CVE-2022-38076 | Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an authenticated user to potentially enable escalation of privilege via local access. | -- | Aug 11, 2023 | n/a |
| CVE-2022-38077 | Cross-Site Request Forgery (CSRF) vulnerability in WP OnlineSupport, Essential Plugin Popup Anything – A Marketing Popup and Lead Generation Conversions plugin <= 2.2.1 versions. | -- | Apr 1, 2023 | n/a |
| CVE-2022-38078 | Movable Type XMLRPC API provided by Six Apart Ltd. contains a command injection vulnerability. Sending a specially crafted message by POST method to Movable Type XMLRPC API may allow arbitrary Perl script execution, and an arbitrary OS command may be executed through it. Affected products and versions are as follows: Movable Type 7 r.5202 and earlier, Movable Type Advanced 7 r.5202 and earlier, Movable Type 6.8.6 and earlier, Movable Type Advanced 6.8.6 and earlier, Movable Type Premium 1.52 and earlier, and Movable Type Premium Advanced 1.52 and earlier. Note that all versions of Movable Type 4.0 or later including unsupported (End-of-Life, EOL) versions are also affected by this vulnerability. | -- | Aug 24, 2022 | n/a |
| CVE-2022-38079 | Cross-Site Request Forgery (CSRF) vulnerability Backup Scheduler plugin <= 1.5.13 at WordPress. | -- | Sep 23, 2022 | n/a |
| CVE-2022-38080 | Reflected cross-site scripting vulnerability in Exment ((PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier) allows a remote authenticated attacker to inject an arbitrary script. | -- | Aug 24, 2022 | n/a |
| CVE-2022-38081 | OpenHarmony-v3.1.2 and prior versions have a permission bypass vulnerability. LAN attackers can bypass the distributed permission control.To take advantage of this weakness, attackers need another vulnerability to obtain system. | -- | Sep 9, 2022 | n/a |
| CVE-2022-38083 | Improper initialization in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access. | -- | Aug 11, 2023 | n/a |
| CVE-2022-38085 | Cross-Site Request Forgery (CSRF) vulnerability in Read more By Adam plugin <= 1.1.8 at WordPress. | -- | Sep 23, 2022 | n/a |
