The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2022-35463 | OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6b0478. | -- | Aug 17, 2022 | n/a |
| CVE-2022-35462 | OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6c0bc3. | -- | Aug 17, 2022 | n/a |
| CVE-2022-35461 | OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6c0a32. | -- | Aug 17, 2022 | n/a |
| CVE-2022-35460 | OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x61731f. | -- | Aug 17, 2022 | n/a |
| CVE-2022-35459 | OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6e412a. | -- | Aug 17, 2022 | n/a |
| CVE-2022-35458 | OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6b05ce. | -- | Aug 17, 2022 | n/a |
| CVE-2022-35456 | OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x617087. | -- | Aug 17, 2022 | n/a |
| CVE-2022-35455 | OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6b0d63. | -- | Aug 17, 2022 | n/a |
| CVE-2022-35454 | OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6b05aa. | -- | Aug 17, 2022 | n/a |
| CVE-2022-35453 | OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6c08a6. | -- | Aug 17, 2022 | n/a |
| CVE-2022-35452 | OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6b0b2c. | -- | Aug 17, 2022 | n/a |
| CVE-2022-35451 | OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6b03b5. | -- | Aug 17, 2022 | n/a |
| CVE-2022-35450 | OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6b84b1. | -- | Aug 17, 2022 | n/a |
| CVE-2022-35449 | OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6b0466. | -- | Aug 17, 2022 | n/a |
| CVE-2022-35448 | OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6b55af. | -- | Aug 17, 2022 | n/a |
| CVE-2022-35447 | OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6b04de. | -- | Aug 17, 2022 | n/a |
| CVE-2022-35434 | jpeg-quantsmooth before commit 8879454 contained a floating point exception (FPE) via /jpeg-quantsmooth/jpegqs+0x4f5d6c. | -- | Aug 18, 2022 | n/a |
| CVE-2022-35433 | ffjpeg commit caade60a69633d74100bd3c2528bddee0b6a1291 was discovered to contain a memory leak via /src/jfif.c. | -- | Aug 18, 2022 | n/a |
| CVE-2022-35426 | UCMS 1.6 is vulnerable to arbitrary file upload via ucms/sadmin/file PHP file. | -- | Aug 12, 2022 | n/a |
| CVE-2022-35422 | Web Based Quiz System v1.0 was discovered to contain a SQL injection vulnerability via the qid parameter at update.php. | -- | Aug 4, 2022 | n/a |
| CVE-2022-35421 | Online Tours And Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the pname parameter at /admin/operations/packages.php. | -- | Aug 4, 2022 | n/a |
| CVE-2022-35416 | H3C SSL VPN through 2022-07-10 allows wnm/login/login.json svpnlang cookie XSS. | MEDIUM | Jul 15, 2022 | n/a |
| CVE-2022-35415 | An improper input validation in NI System Configuration Manager before 22.5 may allow a privileged user to potentially enable escalation of privilege via local access. | -- | Sep 17, 2022 | n/a |
| CVE-2022-35414 | softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translate_fail path, leading to an io_readx or io_writex crash. NOTE: a third party states that the Non-virtualization Use Case in the qemu.org reference applies here, i.e., Bugs affecting the non-virtualization use case are not considered security bugs at this time. | MEDIUM | Jul 11, 2022 | n/a |
| CVE-2022-35413 | WAPPLES through 6.0 has a hardcoded systemi account. A threat actor could use this account to access the system configuration and confidential information (such as SSL keys) via an HTTPS request to the /webapi/ URI on port 443 or 5001. | -- | Sep 17, 2022 | n/a |
| CVE-2022-35412 | Digital Guardian Agent 7.7.4.0042 allows an administrator (who ordinarily does not have a supported way to uninstall the product) to disable some of the agent functionality and then exfiltrate files to an external USB device. | LOW | Jul 8, 2022 | n/a |
| CVE-2022-35411 | rpc.py through 0.6.0 allows Remote Code Execution because an unpickle occurs when the serializer: pickle HTTP header is sent. In other words, although JSON (not Pickle) is the default data format, an unauthenticated client can cause the data to be processed with unpickle. | HIGH | Jul 8, 2022 | n/a |
| CVE-2022-35410 | mat2 (aka metadata anonymisation toolkit) before 0.13.0 allows ../ directory traversal during the ZIP archive cleaning process. This primarily affects mat2 web instances, in which clients could obtain sensitive information via a crafted archive. | MEDIUM | Jul 8, 2022 | n/a |
| CVE-2022-35409 | An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. In some configurations, an unauthenticated attacker can send an invalid ClientHello message to a DTLS server that causes a heap-based buffer over-read of up to 255 bytes. This can cause a server crash or possibly information disclosure based on error responses. Affected configurations have MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE enabled and MBEDTLS_SSL_IN_CONTENT_LEN less than a threshold that depends on the configuration: 258 bytes if using mbedtls_ssl_cookie_check, and possibly up to 571 bytes with a custom cookie check function. | -- | Jul 15, 2022 | n/a |
| CVE-2022-35408 | An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM callout vulnerability in the SMM driver in UsbLegacyControlSmm leads to possible arbitrary code execution in SMM and escalation of privileges. An attacker could overwrite the function pointers in the EFI_BOOT_SERVICES table before the USB SMI handler triggers. (This is not exploitable from code running in the operating system.) | -- | Sep 23, 2022 | n/a |
| CVE-2022-35407 | An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. A stack buffer overflow leads to arbitrary code execution in the SetupUtility driver on Intel platforms. An attacker can change the values of certain UEFI variables. If the size of the second variable exceeds the size of the first, then the buffer will be overwritten. This issue affects the SetupUtility driver of InsydeH2O. | -- | Nov 22, 2022 | n/a |
| CVE-2022-35406 | A URL disclosure issue was discovered in Burp Suite before 2022.6. If a user views a crafted response in the Repeater or Intruder, it may be incorrectly interpreted as a redirect. | MEDIUM | Jul 8, 2022 | n/a |
| CVE-2022-35405 | Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to unauthenticated remote code execution. (This also affects ManageEngine Access Manager Plus before 4303 with authentication.) | -- | Jul 19, 2022 | n/a |
| CVE-2022-35404 | ManageEngine Password Manager Pro 12100 and prior and OPManager 126100 and prior are vulnerable to unauthorized file and directory creation on a server machine. | -- | Jul 18, 2022 | n/a |
| CVE-2022-35403 | Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP before 10606, and SupportCenter Plus before 11022 are affected by an unauthenticated local file disclosure vulnerability via ticket-creation email. (This also affects Asset Explorer before 6977 with authentication.) | MEDIUM | Jul 13, 2022 | n/a |
| CVE-2022-35401 | An authentication bypass vulnerability exists in the get_IFTTTTtoken.cgi functionality of Asus RT-AX82U 3.0.0.4.386_49674-ge182230. A specially-crafted HTTP request can lead to full administrative access to the device. An attacker would need to send a series of HTTP requests to exploit this vulnerability. | -- | Jan 14, 2023 | n/a |
| CVE-2022-35399 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2022-35398 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2022-35397 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2022-35396 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2022-35395 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2022-35394 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2022-35393 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2022-35392 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2022-35391 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2022-35390 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2022-35389 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2022-35388 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2022-35387 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2022-35386 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none | -- | Nov 7, 2023 | n/a |
