The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2022-38712 | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Web services could allow a man-in-the-middle attacker to conduct SOAPAction spoofing to execute unwanted or unauthorized operations. IBM X-Force ID: 234762. | -- | Nov 4, 2022 | n/a |
| CVE-2022-38710 | IBM Robotic Process Automation 21.0.1 and 21.0.2 could disclose sensitive version information that could aid in further attacks against the system. IBM X-Force ID: 234292. | -- | Nov 4, 2022 | n/a |
| CVE-2022-38709 | IBM Robotic Process Automation 21.0.1, 21.0.2, and 21.0.3 for Cloud Pak is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 234291. | -- | Oct 7, 2022 | n/a |
| CVE-2022-38708 | IBM Cognos Analytics 11.1.7 11.2.0, and 11.2.1 could be vulnerable to a Server-Side Request Forgery Attack (SSRF) attack by constructing URLs from user-controlled data. This could enable attackers to make arbitrary requests to the internal network or to the local file system. IBM X-Force ID: 234180. | -- | Dec 23, 2022 | n/a |
| CVE-2022-38707 | IBM Cognos Command Center 10.2.4.1 could allow a local attacker to obtain sensitive information due to insufficient session expiration. IBM X-Force ID: 234179. | -- | May 11, 2023 | n/a |
| CVE-2022-38705 | IBM CICS TX 11.1 Standard and Advanced could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a victim to a phishing site. IBM X-Force ID: 234172. | -- | Nov 16, 2022 | n/a |
| CVE-2022-38704 | Cross-Site Request Forgery (CSRF) vulnerability in SEO Redirection plugin <= 8.9 at WordPress, leading to deletion of 404 errors and redirection history. | -- | Sep 23, 2022 | n/a |
| CVE-2022-38703 | Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Max Foundry Button Plugin MaxButtons plugin <= 9.2 at WordPress | -- | Sep 23, 2022 | n/a |
| CVE-2022-38702 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Nakashima Masahiro WP CSV Exporter.This issue affects WP CSV Exporter: from n/a through 2.0. | -- | Nov 7, 2023 | n/a |
| CVE-2022-38701 | OpenHarmony-v3.1.2 and prior versions have a heap overflow vulnerability. Local attackers can trigger a heap overflow and get network sensitive information. | -- | Sep 9, 2022 | n/a |
| CVE-2022-38700 | OpenHarmony-v3.1.1 and prior versions have a permission bypass vulnerability. LAN attackers can bypass permission control and get control of camera service. | -- | Sep 9, 2022 | n/a |
| CVE-2022-38699 | Armoury Crate Service’s logging function has insufficient validation to check if the log file is a symbolic link. A physical attacker with general user privilege can modify the log file property to a symbolic link that points to arbitrary system file, causing the logging function to overwrite the system file and disrupt the system. | -- | Sep 30, 2022 | n/a |
| CVE-2022-38698 | In messaging service, there is a missing permission check. This could lead to elevation of privilege in contacts service with no additional execution privileges needed. | -- | Oct 14, 2022 | n/a |
| CVE-2022-38697 | In messaging service, there is a missing permission check. This could lead to access unexpected provider in contacts service with no additional execution privileges needed. | -- | Oct 14, 2022 | n/a |
| CVE-2022-38690 | In camera driver, there is a possible memory corruption due to improper locking. This could lead to local denial of service in kernel. | -- | Oct 14, 2022 | n/a |
| CVE-2022-38689 | In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | -- | Oct 14, 2022 | n/a |
| CVE-2022-38688 | In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | -- | Oct 14, 2022 | n/a |
| CVE-2022-38687 | In messaging service, there is a missing permission check. This could lead to local denial of service in messaging service with no additional execution privileges needed. | -- | Oct 14, 2022 | n/a |
| CVE-2022-38686 | In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services. | -- | Feb 12, 2023 | n/a |
| CVE-2022-38685 | In bluetooth service, there is a possible missing permission check. This could lead to local denial of service in bluetooth service with no additional execution privileges needed. | -- | May 9, 2023 | n/a |
| CVE-2022-38684 | In contacts service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed. | -- | Jan 4, 2023 | n/a |
| CVE-2022-38683 | In contacts service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed. | -- | Jan 4, 2023 | n/a |
| CVE-2022-38682 | In contacts service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed. | -- | Jan 4, 2023 | n/a |
| CVE-2022-38681 | In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services. | -- | Feb 12, 2023 | n/a |
| CVE-2022-38680 | In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services. | -- | Feb 12, 2023 | n/a |
| CVE-2022-38679 | In music service, there is a missing permission check. This could lead to local denial of service in music service with no additional execution privileges needed. | -- | Oct 14, 2022 | n/a |
| CVE-2022-38678 | In contacts service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed. | -- | Jan 4, 2023 | n/a |
| CVE-2022-38677 | In cell service, there is a missing permission check. This could lead to local denial of service in cell service with no additional execution privileges needed. | -- | Oct 14, 2022 | n/a |
| CVE-2022-38676 | In gpu driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel. | -- | Oct 14, 2022 | n/a |
| CVE-2022-38675 | In gpu driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel. | -- | Feb 12, 2023 | n/a |
| CVE-2022-38674 | In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services. | -- | Feb 12, 2023 | n/a |
| CVE-2022-38673 | In face detect driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel. | -- | Oct 14, 2022 | n/a |
| CVE-2022-38672 | In face detect driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel. | -- | Oct 14, 2022 | n/a |
| CVE-2022-38671 | In camera driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel. | -- | Oct 14, 2022 | n/a |
| CVE-2022-38670 | In soundrecorder service, there is a missing permission check. This could lead to elevation of privilege in contacts service with no additional execution privileges needed. | -- | Oct 14, 2022 | n/a |
| CVE-2022-38669 | In soundrecorder service, there is a missing permission check. This could lead to elevation of privilege in contacts service with no additional execution privileges needed. | -- | Oct 14, 2022 | n/a |
| CVE-2022-38668 | HTTP applications (servers) based on Crow through 1.0+4 may reveal potentially sensitive uninitialized data from stack memory when fulfilling a request for a static file smaller than 16 KB. | -- | Aug 25, 2022 | n/a |
| CVE-2022-38667 | HTTP applications (servers) based on Crow through 1.0+4 may allow a Use-After-Free and code execution when HTTP pipelining is used. The HTTP parser supports HTTP pipelining, but the asynchronous Connection layer is unaware of HTTP pipelining. Specifically, the Connection layer is unaware that it has begun processing a later request before it has finished processing an earlier request. | -- | Aug 24, 2022 | n/a |
| CVE-2022-38666 | Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.146 and earlier unconditionally disables SSL/TLS certificate and hostname validation for several features. | -- | Nov 18, 2022 | n/a |
| CVE-2022-38665 | Jenkins CollabNet Plugins Plugin 2.0.8 and earlier stores a RabbitMQ password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | -- | Aug 25, 2022 | n/a |
| CVE-2022-38664 | Jenkins Job Configuration History Plugin 1165.v8cc9fd1f4597 and earlier does not escape the job name on the System Configuration History page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure job names. | -- | Aug 25, 2022 | n/a |
| CVE-2022-38663 | Jenkins Git Plugin 4.11.4 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log provided by the Git Username and Password (`gitUsernamePassword`) credentials binding. | -- | Aug 25, 2022 | n/a |
| CVE-2022-38662 | In HCL Digital Experience, URLs can be constructed to redirect users to untrusted sites. | -- | Dec 23, 2022 | n/a |
| CVE-2022-38661 | HCL Workload Automation could allow a local user to overwrite key system files which would cause the system to crash. | -- | Dec 14, 2022 | n/a |
| CVE-2022-38660 | HCL XPages applications are susceptible to a Cross Site Request Forgery (CSRF) vulnerability. An unauthenticated attacker could exploit this vulnerability to perform actions in the application on behalf of the logged in user. | -- | Nov 5, 2022 | n/a |
| CVE-2022-38659 | In specific scenarios, on Windows the operator credentials may be encrypted in a manner that is not completely machine-dependent. | -- | Dec 23, 2022 | n/a |
| CVE-2022-38658 | BigFix deployments that have installed the Notification Service on Windows are susceptible to disclosing SMTP BigFix operator\'s sensitive data in clear text. Operators who use Notification Service related content from BES Support are at risk of leaving their SMTP sensitive data exposed. | -- | Dec 25, 2022 | n/a |
| CVE-2022-38657 | An open redirect to malicious sites can occur when accessing the Feedback action on the manager page. | -- | Feb 12, 2023 | n/a |
| CVE-2022-38656 | HCL Commerce, when using Elasticsearch, can allow a remote attacker to cause a denial of service attack on the site and make administrative changes. | -- | Dec 14, 2022 | n/a |
| CVE-2022-38655 | BigFix WebUI non-master operators are missing controls that prevent them from being able to modify the relevance of fixlets or to deploy fixlets from the BES Support external site. | -- | Dec 21, 2022 | n/a |
