The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2022-23903 | A Cross Site Scripting (XSS) vulnerability exists in pearadmin pear-admin-think <=5.0.6, which allows a login account to access arbitrary functions and cause stored XSS through a fake User-Agent. | LOW | Apr 4, 2022 |
| CVE-2022-23904 | Rainworx Auctionworx < 3.1R2 is vulnerable to a Cross-Site Request Forgery (CSRF) attack that allows an authenticated user to upgrade his account to admin and gain access to the auctionworx admin control panel. This vulnerability affects AuctionWorx Enterprise and AuctionWorx: Events Edition. | MEDIUM | May 2, 2022 |
| CVE-2022-23906 | CMS Made Simple v2.2.15 was discovered to contain a Remote Command Execution (RCE) vulnerability via the upload avatar function. This vulnerability is exploited via a crafted image file. | MEDIUM | Mar 1, 2022 |
| CVE-2022-23907 | CMS Made Simple v2.2.15 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the parameter m1_fmmessage. | MEDIUM | Mar 1, 2022 |
| CVE-2022-23909 | There is an unquoted service path in Sherpa Connector Service (SherpaConnectorService.exe) 2020.2.20328.2050. This might allow a local user to escalate privileges by creating a C:\\Program Files\\Sherpa Software\\Sherpa.exe file. | HIGH | Apr 5, 2022 |
| CVE-2022-23911 | The Testimonial WordPress Plugin WordPress plugin before 1.4.7 does not validate and escape the id parameter before using it in a SQL statement when retrieving a testimonial to edit, leading to a SQL Injection | MEDIUM | Feb 28, 2022 |
| CVE-2022-23912 | The Testimonial WordPress Plugin WordPress plugin before 1.4.7 does not sanitise and escape the id parameter before outputting it back in an attribute, leading to a Reflected cross-Site Scripting | MEDIUM | Feb 28, 2022 |
| CVE-2022-23913 | In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory. | MEDIUM | Feb 10, 2022 |
| CVE-2022-23915 | The package weblate from 0 and before 4.11.1 are vulnerable to Remote Code Execution (RCE) via argument injection when using git or mercurial repositories. Authenticated users, can change the behavior of the application in an unintended way, leading to command execution. | MEDIUM | Mar 5, 2022 |
| CVE-2022-23916 | Cross-site scripting vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42, and Ver.3.0.x series versions prior to Ver.3.0.1 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. This vulnerability is different from CVE-2022-24374. | MEDIUM | Feb 24, 2022 |
| CVE-2022-23918 | A stack-based buffer overflow vulnerability exists in the confsrv set_mf_rule functionality of TCL LinkHub Mesh Wifi MS1G_00_01.00_14. A specially-crafted network packet can lead to stack-based buffer overflow. An attacker can send a malicious packet to trigger this vulnerability.This vulnerability leverages the ethAddr field within the protobuf message to cause a buffer overflow. | -- | Aug 6, 2022 |
| CVE-2022-23919 | A stack-based buffer overflow vulnerability exists in the confsrv set_mf_rule functionality of TCL LinkHub Mesh Wifi MS1G_00_01.00_14. A specially-crafted network packet can lead to stack-based buffer overflow. An attacker can send a malicious packet to trigger this vulnerability.This vulnerability leverages the name field within the protobuf message to cause a buffer overflow. | -- | Aug 6, 2022 |
| CVE-2022-23921 | Exploitation of this vulnerability may result in local privilege escalation and code execution. GE maintains exploitation of this vulnerability is only possible if the attacker has login access to a machine actively running CIMPLICITY, the CIMPLICITY server is not already running a project, and the server is licensed for multiple projects. | LOW | Feb 26, 2022 |
| CVE-2022-23922 | WIN-911 2021 R1 and R2 are vulnerable to a permissions misconfiguration that may allow an attacker to locally write files to the Program Announcer directory and elevate permissions whenever the program is executed. | MEDIUM | Feb 25, 2022 |
| CVE-2022-23923 | All versions of package jailed are vulnerable to Sandbox Bypass via an exported alert() method which can access the main application. Exported methods are stored in the application.remote object. | HIGH | May 2, 2022 |
| CVE-2022-23924 | Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure. | HIGH | Mar 11, 2022 |
| CVE-2022-23925 | Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure. | HIGH | Mar 11, 2022 |
| CVE-2022-23926 | Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure. | HIGH | Mar 11, 2022 |
| CVE-2022-23927 | Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure. | HIGH | Mar 11, 2022 |
| CVE-2022-23928 | Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure. | HIGH | Mar 11, 2022 |
| CVE-2022-23929 | Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure. | HIGH | Mar 11, 2022 |
| CVE-2022-23930 | Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure. | HIGH | Mar 11, 2022 |
| CVE-2022-23931 | Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure. | HIGH | Mar 11, 2022 |
| CVE-2022-23932 | Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure. | HIGH | Mar 11, 2022 |
| CVE-2022-23933 | Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure. | HIGH | Mar 11, 2022 |
| CVE-2022-23934 | Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure. | HIGH | Mar 11, 2022 |
| CVE-2022-23935 | lib/Image/ExifTool.pm in ExifTool before 12.38 mishandles a $file =~ /\\|$/ check, leading to command injection. | HIGH | Jan 28, 2022 |
| CVE-2022-23937 | In Wind River VxWorks 6.9 and 7, a specific crafted packet may lead to an out-of-bounds read during an IKE initial exchange scenario. | MEDIUM | Apr 5, 2022 |
| CVE-2022-23940 | SuiteCRM through 7.12.1 and 8.x through 8.0.1 allows Remote Code Execution. Authenticated users with access to the Scheduled Reports module can achieve this by leveraging PHP deserialization in the email_recipients property. By using a crafted request, they can create a malicious report, containing a PHP-deserialization payload in the email_recipients field. Once someone accesses this report, the backend will deserialize the content of the email_recipients field and the payload gets executed. Project dependencies include a number of interesting PHP deserialization gadgets (e.g., Monolog/RCE1 from phpggc) that can be used for Code Execution. | MEDIUM | Mar 10, 2022 |
| CVE-2022-23942 | Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure. | MEDIUM | May 6, 2022 |
| CVE-2022-23943 | Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions. | HIGH | Mar 14, 2022 |
| CVE-2022-23944 | User can access /plugin api without authentication. This issue affected Apache ShenYu 2.4.0 and 2.4.1. | MEDIUM | Feb 1, 2022 |
| CVE-2022-23945 | Missing authentication on ShenYu Admin when register by HTTP. This issue affected Apache ShenYu 2.4.0 and 2.4.1. | MEDIUM | Feb 1, 2022 |
| CVE-2022-23946 | A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon GCodeNumber parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | MEDIUM | Feb 11, 2022 |
| CVE-2022-23947 | A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon DCodeNumber parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | MEDIUM | Feb 11, 2022 |
| CVE-2022-23948 | A flaw was found in Keylime before 6.3.0. The logic in the Keylime agent for checking for a secure mount can be fooled by previously created unprivileged mounts allowing secrets to be leaked to other processes on the host. | -- | Sep 22, 2022 |
| CVE-2022-23949 | In Keylime before 6.3.0, unsanitized UUIDs can be passed by a rogue agent and can lead to log spoofing on the verifier and registrar. | -- | Sep 22, 2022 |
| CVE-2022-23950 | In Keylime before 6.3.0, Revocation Notifier uses a fixed /tmp path for UNIX domain socket which can allow unprivileged users a method to prohibit keylime operations. | -- | Sep 22, 2022 |
| CVE-2022-23951 | In Keylime before 6.3.0, quote responses from the agent can contain possibly untrusted ZIP data which can lead to zip bombs. | -- | Sep 22, 2022 |
| CVE-2022-23952 | In Keylime before 6.3.0, current keylime installer installs the keylime.conf file, which can contain sensitive data, as world-readable. | -- | Sep 22, 2022 |
| CVE-2022-23953 | Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service. | MEDIUM | Mar 3, 2022 |
| CVE-2022-23954 | Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service. | LOW | Mar 3, 2022 |
| CVE-2022-23955 | Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service. | LOW | Mar 3, 2022 |
| CVE-2022-23956 | Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service. | MEDIUM | Mar 3, 2022 |
| CVE-2022-23957 | Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service. | LOW | Mar 3, 2022 |
| CVE-2022-23958 | Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service. | LOW | Mar 3, 2022 |
| CVE-2022-23959 | In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise (Cache Plus) 4.1.x before 4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can occur for HTTP/1 connections. | MEDIUM | Feb 7, 2022 |
| CVE-2022-23960 | Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive information. | LOW | Mar 14, 2022 |
| CVE-2022-23967 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-15679. Reason: This candidate is a duplicate of CVE-2019-15679. Notes: All CVE users should reference CVE-2019-15679 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | HIGH | Feb 2, 2022 |
| CVE-2022-23968 | Xerox VersaLink devices on specific versions of firmware before 2022-01-26 allow remote attackers to brick the device via a crafted TIFF file in an unauthenticated HTTP POST request. There is a permanent denial of service because image parsing causes a reboot, but image parsing is restarted as soon as the boot process finishes. However, this boot loop can be resolved by a field technician. The TIFF file must have an incomplete Image Directory. Affected firmware versions include xx.42.01 and xx.50.61. NOTE: the 2022-01-24 NeoSmart article included believed to affect all previous and later versions as of the date of this posting but a 2022-01-26 vendor statement reports the latest versions of firmware are not vulnerable to this issue. | HIGH | Feb 3, 2022 |
