The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2022-0129 | Uncontrolled search path element vulnerability in McAfee TechCheck prior to 4.0.0.2 allows a local administrator to load their own Dynamic Link Library (DLL) gaining elevation of privileges to system user. This was achieved through placing the malicious DLL in the same directory that the process was run from. | HIGH | Jan 11, 2022 | n/a |
| CVE-2022-0130 | Tenable.sc versions 5.14.0 through 5.19.1 were found to contain a remote code execution vulnerability which could allow a remote, unauthenticated attacker to execute code under special circumstances. An attacker would first have to stage a specific file type in the web server root of the Tenable.sc host prior to remote exploitation. | MEDIUM | Jan 14, 2022 | n/a |
| CVE-2022-0131 | Jimoty App for Android versions prior to 3.7.42 uses a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app. | LOW | Jan 18, 2022 | n/a |
| CVE-2022-0132 | peertube is vulnerable to Server-Side Request Forgery (SSRF) | MEDIUM | Jan 14, 2022 | n/a |
| CVE-2022-0133 | peertube is vulnerable to Improper Access Control | MEDIUM | Jan 14, 2022 | n/a |
| CVE-2022-0134 | The AnyComment WordPress plugin before 0.2.18 does not have CSRF checks in the Import and Revert HyperComments features, allowing attackers to make logged in admin perform such actions via a CSRF attack | MEDIUM | Feb 22, 2022 | n/a |
| CVE-2022-0135 | An out-of-bounds write issue was found in the VirGL virtual OpenGL renderer (virglrenderer). This flaw allows a malicious guest to create a specially crafted virgil resource and then issue a VIRTGPU_EXECBUFFER ioctl, leading to a denial of service or possible code execution. | -- | Feb 2, 2022 | n/a |
| CVE-2022-0136 | A vulnerability was discovered in GitLab versions 10.5 to 14.5.4, 14.6 to 14.6.4, and 14.7 to 14.7.1. GitLab was vulnerable to a blind SSRF attack through the Project Import feature. | MEDIUM | Apr 4, 2022 | n/a |
| CVE-2022-0137 | A heap buffer overflow in image_set_mask function of HTMLDOC before 1.9.15 allows an attacker to write outside the buffer boundaries. | -- | Nov 17, 2022 | n/a |
| CVE-2022-0138 | MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 has a deserialization function that does not validate or check the data, allowing arbitrary classes to be created. | MEDIUM | Feb 18, 2022 | n/a |
| CVE-2022-0139 | Use After Free in GitHub repository radareorg/radare2 prior to 5.6.0. | HIGH | Feb 11, 2022 | n/a |
| CVE-2022-0140 | The Visual Form Builder WordPress plugin before 3.0.6 does not perform access control on entry form export, allowing unauthenticated users to see the form entries or export it as a CSV File using the vfb-export endpoint. | MEDIUM | Apr 12, 2022 | n/a |
| CVE-2022-0141 | The Visual Form Builder WordPress plugin before 3.0.8 does not enforce nonce checks which could allow attackers to make a logged in admin or editor delete and restore arbitrary form entries via CSRF attacks | MEDIUM | Apr 12, 2022 | n/a |
| CVE-2022-0142 | The Visual Form Builder WordPress plugin before 3.0.8 is vulnerable to CSV injection allowing a user with low level or no privileges to inject a command that will be included in the exported CSV file, leading to possible code execution. | HIGH | Apr 12, 2022 | n/a |
| CVE-2022-0143 | When the LDAP connector is started with StartTLS configured, unauthenticated access is granted. This issue affects: all versions of the LDAP connector prior to 1.5.20.9. The LDAP connector is bundled with Identity Management (IDM) and Remote Connector Server (RCS) | -- | Sep 21, 2022 | n/a |
| CVE-2022-0144 | shelljs is vulnerable to Improper Privilege Management | LOW | Jan 11, 2022 | n/a |
| CVE-2022-0145 | Cross-site Scripting (XSS) - Stored in GitHub repository forkcms/forkcms prior to 5.11.1. | LOW | Mar 24, 2022 | n/a |
| CVE-2022-0147 | The Cookie Information | Free GDPR Consent Solution WordPress plugin before 2.0.8 does not escape user data before outputting it back in attributes in the admin dashboard, leading to a Reflected Cross-Site Scripting issue | MEDIUM | Mar 14, 2022 | n/a |
| CVE-2022-0148 | The All-in-one Floating Contact Form, Call, Chat, and 50+ Social Icon Tabs WordPress plugin before 2.0.4 was vulnerable to reflected XSS on the my-sticky-elements-leads admin page. | LOW | Feb 10, 2022 | n/a |
| CVE-2022-0149 | The WooCommerce Stored Exporter WordPress plugin before 2.7.1 was affected by a Reflected Cross-Site Scripting (XSS) vulnerability in the woo_ce admin page. | MEDIUM | Feb 10, 2022 | n/a |
| CVE-2022-0150 | The WP Accessibility Helper (WAH) WordPress plugin before 0.6.0.7 does not sanitise and escape the wahi parameter before outputting back its base64 decode value in the page, leading to a Reflected Cross-Site Scripting issue | MEDIUM | Feb 28, 2022 | n/a |
| CVE-2022-0151 | An issue has been discovered in GitLab affecting all versions starting from 12.10 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was not correctly handling requests to delete existing packages which could result in a Denial of Service under specific conditions. | MEDIUM | Jan 18, 2022 | n/a |
| CVE-2022-0152 | An issue has been discovered in GitLab affecting all versions starting from 13.10 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was vulnerable to unauthorized access to some particular fields through the GraphQL API. | MEDIUM | Jan 18, 2022 | n/a |
| CVE-2022-0153 | SQL Injection in GitHub repository forkcms/forkcms prior to 5.11.1. | MEDIUM | Mar 24, 2022 | n/a |
| CVE-2022-0154 | An issue has been discovered in GitLab affecting all versions starting from 7.7 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was vulnerable to a Cross-Site Request Forgery attack that allows a malicious user to have their GitHub project imported on another GitLab user account. | MEDIUM | Jan 18, 2022 | n/a |
| CVE-2022-0155 | follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor | MEDIUM | Jan 10, 2022 | n/a |
| CVE-2022-0156 | vim is vulnerable to Use After Free | MEDIUM | Jan 15, 2022 | n/a |
| CVE-2022-0157 | phoronix-test-suite is vulnerable to Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') | LOW | Jan 14, 2022 | n/a |
| CVE-2022-0158 | vim is vulnerable to Heap-based Buffer Overflow | MEDIUM | Jan 15, 2022 | n/a |
| CVE-2022-0159 | orchardcore is vulnerable to Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') | LOW | Jan 12, 2022 | n/a |
| CVE-2022-0161 | The ARI Fancy Lightbox WordPress plugin before 1.3.9 does not sanitise and escape the msg parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting | MEDIUM | Mar 14, 2022 | n/a |
| CVE-2022-0162 | The vulnerability exists in TP-Link TL-WR841N V11 3.16.9 Build 160325 Rel.62500n wireless router due to transmission of authentication information in cleartextbase64 format. Successful exploitation of this vulnerability could allow a remote attacker to intercept credentials and subsequently perform administrative operations on the affected device through web-based management interface. | HIGH | Feb 10, 2022 | n/a |
| CVE-2022-0163 | The Smart Forms WordPress plugin before 2.6.71 does not have authorisation in its rednao_smart_forms_entries_list AJAX action, allowing any authenticated users, such as subscriber, to download arbitrary form\'s data, which could include sensitive information such as PII depending on the form. | MEDIUM | Mar 7, 2022 | n/a |
| CVE-2022-0164 | The Coming soon and Maintenance mode WordPress plugin before 3.5.3 does not have authorisation and CSRF checks in its coming_soon_send_mail AJAX action, allowing any authenticated users, with a role as low as subscriber to send arbitrary emails to all subscribed users | MEDIUM | Feb 22, 2022 | n/a |
| CVE-2022-0165 | The Page Builder KingComposer WordPress plugin through 2.9.6 does not validate the id parameter before redirecting the user to it via the kc_get_thumbn AJAX action available to both unauthenticated and authenticated users | MEDIUM | Mar 14, 2022 | n/a |
| CVE-2022-0166 | A privilege escalation vulnerability in the McAfee Agent prior to 5.7.5. McAfee Agent uses openssl.cnf during the build process to specify the OPENSSLDIR variable as a subdirectory within the installation directory. A low privilege user could have created subdirectories and executed arbitrary code with SYSTEM privileges by creating the appropriate pathway to the specifically created malicious openssl.cnf file. | HIGH | Jan 21, 2022 | n/a |
| CVE-2022-0167 | An issue has been discovered in GitLab affecting all versions starting from 14.0 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was not disabling the Autocomplete attribute of fields related to sensitive information making it possible to be retrieved under certain conditions. | MEDIUM | Jul 1, 2022 | n/a |
| CVE-2022-0168 | A denial of service (DOS) issue was found in the Linux kernel’s smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_user function. This flaw allows a local, privileged (CAP_SYS_ADMIN) attacker to crash the system. | -- | Mar 25, 2022 | n/a |
| CVE-2022-0169 | The Photo Gallery by 10Web WordPress plugin before 1.6.0 does not validate and escape the bwg_tag_id_bwg_thumbnails_0 parameter before using it in a SQL statement via the bwg_frontend_data AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL injection | HIGH | Mar 14, 2022 | n/a |
| CVE-2022-0170 | peertube is vulnerable to Improper Access Control | MEDIUM | Jan 11, 2022 | n/a |
| CVE-2022-0171 | A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root (host) user-level application to crash the host kernel by creating a confidential guest VM instance in AMD CPU that supports Secure Encrypted Virtualization (SEV). | -- | May 14, 2022 | n/a |
| CVE-2022-0172 | An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.3. Under certain conditions it was possible to bypass the IP restriction for public projects through GraphQL allowing unauthorised users to read titles of issues, merge requests and milestones. | MEDIUM | Jan 18, 2022 | n/a |
| CVE-2022-0173 | radare2 is vulnerable to Out-of-bounds Read | MEDIUM | Jan 11, 2022 | n/a |
| CVE-2022-0174 | Improper Validation of Specified Quantity in Input vulnerability in dolibarr dolibarr/dolibarr. | MEDIUM | Jan 10, 2022 | n/a |
| CVE-2022-0175 | A flaw was found in the VirGL virtual OpenGL renderer (virglrenderer). The virgl did not properly initialize memory when allocating a host-backed memory resource. A malicious guest could use this flaw to mmap from the guest kernel and read this uninitialized memory from the host, possibly leading to information disclosure. | -- | Jan 26, 2022 | n/a |
| CVE-2022-0176 | The PowerPack Lite for Beaver Builder WordPress plugin before 1.2.9.3 does not sanitise and escape the tab parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting | MEDIUM | Feb 19, 2022 | n/a |
| CVE-2022-0177 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: This CVE has been rejected as it was incorrectly assigned. All references and descriptions in this candidate have been removed to prevent accidental usage | -- | Nov 7, 2023 | n/a |
| CVE-2022-0178 | Missing Authorization vulnerability in snipe snipe/snipe-it.This issue affects snipe/snipe-i before 5.3.8. | MEDIUM | Jan 14, 2022 | n/a |
| CVE-2022-0179 | snipe-it is vulnerable to Missing Authorization | MEDIUM | Jan 14, 2022 | n/a |
| CVE-2022-0180 | Cross-site request forgery (CSRF) vulnerability in Quiz And Survey Master versions prior to 7.3.7 allows a remote attacker to hijack the authentication of administrators and conduct arbitrary operations via a specially crafted web page. | MEDIUM | Jan 18, 2022 | n/a |
