| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-1999-0612 |
|
|
|
1997-03-01 |
2022-08-17 |
0.0 |
None |
Remote |
Low |
Not required |
None |
None |
None |
|
A version of finger is running that exposes valid user information to any entity on the network. |
|
2 |
CVE-2021-4287 |
61 |
|
|
2022-12-27 |
2023-01-18 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A vulnerability, which was classified as problematic, was found in ReFirm Labs binwalk up to 2.3.2. Affected is an unknown function of the file src/binwalk/modules/extractor.py of the component Archive Extraction Handler. The manipulation leads to symlink following. It is possible to launch the attack remotely. Upgrading to version 2.3.3 is able to address this issue. The name of the patch is fa0c0bd59b8588814756942fe4cb5452e76c1dcd. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216876. |
|
3 |
CVE-2022-2170 |
79 |
|
XSS |
2022-08-01 |
2022-08-05 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
The Microsoft Advertising Universal Event Tracking (UET) WordPress plugin before 1.0.4 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. Due to the nature of this plugin, well crafted XSS can also leak into the frontpage. |
|
4 |
CVE-2022-4135 |
787 |
|
Overflow |
2022-11-25 |
2023-05-03 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) |
|
5 |
CVE-2022-4510 |
22 |
|
Exec Code Dir. Trav. |
2023-01-26 |
2023-02-06 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A path traversal vulnerability was identified in ReFirm Labs binwalk from version 2.1.2b through 2.3.3 included. By crafting a malicious PFS filesystem file, an attacker can get binwalk's PFS extractor to extract files at arbitrary locations when binwalk is run in extraction mode (-e option). Remote code execution can be achieved by building a PFS filesystem that, upon extraction, would extract a malicious binwalk module into the folder .config/binwalk/plugins. This vulnerability is associated with program files src/binwalk/plugins/unpfs.py. This issue affects binwalk from 2.1.2b through 2.3.3 included. |
|
6 |
CVE-2022-21979 |
|
|
|
2022-08-09 |
2023-06-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Microsoft Exchange Server Information Disclosure Vulnerability |
|
7 |
CVE-2022-21980 |
|
|
|
2022-08-09 |
2023-06-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Microsoft Exchange Server Elevation of Privilege Vulnerability |
|
8 |
CVE-2022-22035 |
362 |
|
Exec Code |
2022-10-11 |
2022-10-13 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24504, CVE-2022-30198, CVE-2022-33634, CVE-2022-38000, CVE-2022-38047, CVE-2022-41081. |
|
9 |
CVE-2022-23551 |
|
|
Bypass |
2022-12-21 |
2023-01-04 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
aad-pod-identity assigns Azure Active Directory identities to Kubernetes applications and has now been deprecated as of 24 October 2022. The NMI component in AAD Pod Identity intercepts and validates token requests based on regex. In this case, a token request made with backslash in the request (example: `/metadata/identity\oauth2\token/`) would bypass the NMI validation and be sent to IMDS allowing a pod in the cluster to access identities that it shouldn't have access to. This issue has been fixed and has been included in AAD Pod Identity release version 1.8.13. If using the AKS pod-managed identities add-on, no action is required. The clusters should now be running the version 1.8.13 release. |
|
10 |
CVE-2022-24477 |
|
|
|
2022-08-09 |
2023-06-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Microsoft Exchange Server Elevation of Privilege Vulnerability |
|
11 |
CVE-2022-24480 |
|
|
|
2022-12-13 |
2023-04-17 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Outlook for Android Elevation of Privilege Vulnerability. |
|
12 |
CVE-2022-24504 |
362 |
|
Exec Code |
2022-10-11 |
2022-10-13 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22035, CVE-2022-30198, CVE-2022-33634, CVE-2022-38000, CVE-2022-38047, CVE-2022-41081. |
|
13 |
CVE-2022-24516 |
|
|
|
2022-08-09 |
2023-06-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Microsoft Exchange Server Elevation of Privilege Vulnerability |
|
14 |
CVE-2022-26804 |
|
|
Exec Code |
2022-12-13 |
2023-03-10 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Microsoft Office Graphics Remote Code Execution Vulnerability |
|
15 |
CVE-2022-26805 |
|
|
Exec Code |
2022-12-13 |
2023-03-10 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Microsoft Office Graphics Remote Code Execution Vulnerability |
|
16 |
CVE-2022-26806 |
|
|
Exec Code |
2022-12-13 |
2023-03-10 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Microsoft Office Graphics Remote Code Execution Vulnerability |
|
17 |
CVE-2022-26928 |
362 |
|
|
2022-09-13 |
2023-04-11 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Windows Photo Import API Elevation of Privilege Vulnerability |
|
18 |
CVE-2022-29799 |
22 |
|
Dir. Trav. |
2022-09-21 |
2022-09-23 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A vulnerability was found in networkd-dispatcher. This flaw exists because no functions are sanitized by the OperationalState or the AdministrativeState of networkd-dispatcher. This attack leads to a directory traversal to escape from the “/etc/networkd-dispatcher” base directory. |
|
19 |
CVE-2022-29800 |
367 |
|
|
2022-09-21 |
2022-09-23 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A time-of-check-time-of-use (TOCTOU) race condition vulnerability was found in networkd-dispatcher. This flaw exists because there is a certain time between the scripts being discovered and them being run. An attacker can abuse this vulnerability to replace scripts that networkd-dispatcher believes to be owned by root with ones that are not. |
|
20 |
CVE-2022-30133 |
|
|
Exec Code |
2022-08-09 |
2023-05-31 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability |
|
21 |
CVE-2022-30134 |
|
|
|
2022-08-09 |
2023-05-31 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Microsoft Exchange Server Information Disclosure Vulnerability |
|
22 |
CVE-2022-30144 |
|
|
Exec Code |
2022-08-09 |
2023-05-31 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Windows Bluetooth Service Remote Code Execution Vulnerability |
|
23 |
CVE-2022-30170 |
|
|
|
2022-09-13 |
2023-04-11 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Windows Credential Roaming Service Elevation of Privilege Vulnerability |
|
24 |
CVE-2022-30175 |
|
|
Exec Code |
2022-08-09 |
2023-05-31 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Azure RTOS GUIX Studio Remote Code Execution Vulnerability |
|
25 |
CVE-2022-30176 |
|
|
Exec Code |
2022-08-09 |
2023-05-31 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Azure RTOS GUIX Studio Remote Code Execution Vulnerability |
|
26 |
CVE-2022-30194 |
|
|
Exec Code |
2022-08-09 |
2023-05-31 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Windows WebBrowser Control Remote Code Execution Vulnerability |
|
27 |
CVE-2022-30196 |
|
|
DoS |
2022-09-13 |
2023-04-11 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Windows Secure Channel Denial of Service Vulnerability |
|
28 |
CVE-2022-30197 |
|
|
|
2022-08-09 |
2023-05-31 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Windows Kernel Information Disclosure Vulnerability |
|
29 |
CVE-2022-30198 |
362 |
|
Exec Code |
2022-10-11 |
2022-10-13 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22035, CVE-2022-24504, CVE-2022-33634, CVE-2022-38000, CVE-2022-38047, CVE-2022-41081. |
|
30 |
CVE-2022-30200 |
|
|
Exec Code |
2022-09-13 |
2023-04-11 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability |
|
31 |
CVE-2022-33631 |
|
|
Bypass |
2022-08-09 |
2023-05-31 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Microsoft Excel Security Feature Bypass Vulnerability |
|
32 |
CVE-2022-33634 |
362 |
|
Exec Code |
2022-10-11 |
2022-10-13 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22035, CVE-2022-24504, CVE-2022-30198, CVE-2022-38000, CVE-2022-38047, CVE-2022-41081. |
|
33 |
CVE-2022-33635 |
|
|
Exec Code |
2022-10-11 |
2022-10-12 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Windows GDI+ Remote Code Execution Vulnerability. |
|
34 |
CVE-2022-33636 |
362 |
|
Exec Code |
2022-08-09 |
2023-05-31 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |
|
35 |
CVE-2022-33640 |
|
|
|
2022-08-09 |
2023-05-31 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
System Center Operations Manager: Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability |
|
36 |
CVE-2022-33645 |
400 |
|
DoS |
2022-10-11 |
2022-10-12 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Windows TCP/IP Driver Denial of Service Vulnerability. |
|
37 |
CVE-2022-33646 |
|
|
|
2022-08-09 |
2023-06-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Azure Batch Node Agent Elevation of Privilege Vulnerability |
|
38 |
CVE-2022-33647 |
|
|
|
2022-09-13 |
2023-04-11 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Windows Kerberos Elevation of Privilege Vulnerability |
|
39 |
CVE-2022-33648 |
|
|
Exec Code |
2022-08-09 |
2023-05-31 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Microsoft Excel Remote Code Execution Vulnerability |
|
40 |
CVE-2022-33649 |
|
|
Bypass |
2022-08-09 |
2023-05-31 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability |
|
41 |
CVE-2022-33670 |
|
|
|
2022-08-09 |
2023-05-31 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Windows Partition Management Driver Elevation of Privilege Vulnerability |
|
42 |
CVE-2022-33679 |
|
|
|
2022-09-13 |
2023-04-11 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Windows Kerberos Elevation of Privilege Vulnerability |
|
43 |
CVE-2022-34301 |
|
|
Exec Code Bypass |
2022-08-26 |
2022-09-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media. |
|
44 |
CVE-2022-34302 |
|
|
Exec Code Bypass |
2022-08-26 |
2022-09-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media. |
|
45 |
CVE-2022-34303 |
|
|
Exec Code Bypass |
2022-08-26 |
2022-09-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media. |
|
46 |
CVE-2022-34685 |
|
|
|
2022-08-09 |
2023-06-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Azure RTOS GUIX Studio Information Disclosure Vulnerability |
|
47 |
CVE-2022-34686 |
|
|
|
2022-08-09 |
2023-06-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Azure RTOS GUIX Studio Information Disclosure Vulnerability |
|
48 |
CVE-2022-34687 |
|
|
Exec Code |
2022-08-09 |
2023-05-31 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Azure RTOS GUIX Studio Remote Code Execution Vulnerability |
|
49 |
CVE-2022-34689 |
290 |
|
|
2022-10-11 |
2022-10-12 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Windows CryptoAPI Spoofing Vulnerability. |
|
50 |
CVE-2022-34690 |
|
|
|
2022-08-09 |
2023-05-31 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Windows Fax Service Elevation of Privilege Vulnerability |
