CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2022-33908 DMA transactions which are targeted at input buffers used for the SdHostDriver software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input b... | 7.0 | HIGH | — | 0 |
| CVE-2022-42132 The Test LDAP Users functionality in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.0 fix pack 102 and earlier, 7.1 before fix pack 27, 7.2 before fix pack 17, 7.3 before update 4, and DXP 7.... | 5.9 | MEDIUM | — | 0 |
| CVE-2022-33909 DMA transactions which are targeted at input buffers used for the HddPassword software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input bu... | 7.0 | HIGH | — | 0 |
| CVE-2022-33983 DMA transactions which are targeted at input buffers used for the NvmExpressLegacy software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at inp... | 7.0 | HIGH | — | 0 |
| CVE-2022-33984 DMA transactions which are targeted at input buffers used for the SdMmcDevice software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input bu... | 7.0 | HIGH | — | 0 |
| CVE-2022-33985 DMA transactions which are targeted at input buffers used for the NvmExpressDxe software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input ... | 7.0 | HIGH | — | 0 |
| CVE-2022-41395 Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a command injection vulnerability via the dmzHost parameter in the setDMZ function. | 7.8 | HIGH | — | 0 |
| CVE-2022-33986 DMA attacks on the parameter buffer used by the VariableRuntimeDxe software SMI handler could lead to a TOCTOU attack. DMA attacks on the parameter buffer used by the software SMI handler used by the ... | 6.4 | MEDIUM | — | 0 |
| CVE-2022-35613 Konker v2.3.9 was to discovered to contain a Cross-Site Request Forgery (CSRF). | 8.8 | HIGH | — | 0 |
| CVE-2022-40405 WoWonder Social Network Platform v4.1.2 was discovered to contain a SQL injection vulnerability via the offset parameter at requests.php?f=load-my-blogs. | 7.5 | HIGH | — | 0 |
| CVE-2022-42110 A Cross-site scripting (XSS) vulnerability in the Announcements module in Liferay Portal 7.1.0 through 7.4.2, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3 before service pac... | 6.1 | MEDIUM | — | 0 |
| CVE-2022-42984 WoWonder Social Network Platform 4.1.4 was discovered to contain a SQL injection vulnerability via the offset parameter at requests.php?f=search&s=recipients. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-42111 A Cross-site scripting (XSS) vulnerability in the Sharing module's user notification in Liferay Portal 7.2.1 through 7.4.2, and Liferay DXP 7.2 before fix pack 19, and 7.3 before update 4 allows remot... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-42118 A Cross-site scripting (XSS) vulnerability in the Portal Search module in Liferay Portal 7.1.0 through 7.4.2, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 15, and 7.3 before service pac... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-20108 Uncontrolled search path element for some Intel(R) Network Adapter Driver installers for Windows 11 before version 29.4 may allow an authenticated user to potentially enable escalation of privilege vi... | 6.7 | MEDIUM | — | 0 |
| CVE-2022-42119 Certain Liferay products are vulnerable to Cross Site Scripting (XSS) via the Commerce module. This affects Liferay Portal 7.3.5 through 7.4.2 and Liferay DXP 7.3 before update 8. | 5.4 | MEDIUM | — | 0 |
| CVE-2022-42125 Zip slip vulnerability in FileUtil.unzip in Liferay Portal 7.4.3.5 through 7.4.3.35 and Liferay DXP 7.4 update 1 through update 34 allows attackers to create or overwrite existing files on the filesys... | 7.5 | HIGH | — | 0 |
| CVE-2022-42126 The Asset Libraries module in Liferay Portal 7.3.5 through 7.4.3.28, and Liferay DXP 7.3 before update 8, and DXP 7.4 before update 29 does not properly check permissions of asset libraries, which all... | 4.3 | MEDIUM | — | 0 |
| CVE-2022-42127 The Friendly Url module in Liferay Portal 7.4.3.5 through 7.4.3.36, and Liferay DXP 7.4 update 1 though 36 does not properly check user permissions, which allows remote attackers to obtain the history... | 5.3 | MEDIUM | — | 0 |
| CVE-2022-42128 The Hypermedia REST APIs module in Liferay Portal 7.4.1 through 7.4.3.4, and Liferay DXP 7.4 GA does not properly check permissions, which allows remote attackers to obtain a WikiNode object via the W... | 5.3 | MEDIUM | — | 0 |
| CVE-2022-42977 The Netic User Export add-on before 1.3.5 for Atlassian Confluence has the functionality to generate a list of users in the application, and export it. During export, the HTTP request has a fileName p... | 7.5 | HIGH | — | 0 |
| CVE-2022-42978 In the Netic User Export add-on before 1.3.5 for Atlassian Confluence, authorization is mishandled. An unauthenticated attacker could access files on the remote system. | 7.5 | HIGH | — | 0 |
| CVE-2022-42129 An Insecure direct object reference (IDOR) vulnerability in the Dynamic Data Mapping module in Liferay Portal 7.3.2 through 7.4.3.4, and Liferay DXP 7.3 before update 4, and 7.4 GA allows remote authe... | 4.3 | MEDIUM | — | 0 |
| CVE-2022-42130 The Dynamic Data Mapping module in Liferay Portal 7.1.0 through 7.4.3.4, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 19, 7.3 before update 4, and 7.4 GA does not properly check permiss... | 4.3 | MEDIUM | — | 0 |
| CVE-2022-42131 Certain Liferay products are affected by: Missing SSL Certificate Validation in the Dynamic Data Mapping module's REST data providers. This affects Liferay Portal 7.1.0 through 7.4.2 and Liferay DXP 7... | 4.8 | MEDIUM | — | 0 |
| CVE-2022-41396 Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain multiple command injection vulnerabilities in the function setIPsecTunnelList via the IPsecLocalNet and IPsecRemoteNet para... | 7.8 | HIGH | — | 0 |
| CVE-2022-42058 Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a stack overflow via the setRemoteWebManage function. This vulnerability allows attackers to cause a Denial of Service (DoS... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-42060 Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a stack overflow via the setWanPpoe function. This vulnerability allows attackers to cause a Denial of Service (DoS) via cr... | 7.5 | HIGH | — | 0 |
| CVE-2022-45402 In Apache Airflow versions prior to 2.4.3, there was an open redirect in the webserver's `/login` endpoint. | 6.1 | MEDIUM | — | 0 |
| CVE-2022-40308 If anonymous read enabled, it's possible to read the database file directly without logging in. | 7.5 | HIGH | — | 0 |
| CVE-2022-40309 Users with write permissions to a repository can delete arbitrary directories. | 4.3 | MEDIUM | — | 0 |
| CVE-2022-43071 A stack overflow in the Catalog::readPageLabelTree2(Object*) function of XPDF v4.04 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. | 5.5 | MEDIUM | — | 0 |
| CVE-2022-41558 The Visualizations component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analyst, TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Desk... | 9.0 | CRITICAL | — | 0 |
| CVE-2022-38666 Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.146 and earlier unconditionally disables SSL/TLS certificate and hostname validation for several features. | 7.5 | HIGH | — | 0 |
| CVE-2022-45380 Jenkins JUnit Plugin 1159.v0b_396e1e07dd and earlier converts HTTP(S) URLs in test report output to clickable links in an unsafe manner, resulting in a stored cross-site scripting (XSS) vulnerability ... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-45381 Jenkins Pipeline Utility Steps Plugin 2.13.1 and earlier does not restrict the set of enabled prefix interpolators and bundles versions of Apache Commons Configuration library that enable the 'file:' ... | 8.1 | HIGH | — | 0 |
| CVE-2022-45382 Jenkins Naginator Plugin 1.18.1 and earlier does not escape display names of source builds in builds that were triggered via Retry action, resulting in a stored cross-site scripting (XSS) vulnerabilit... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-45383 An incorrect permission check in Jenkins Support Core Plugin 1206.v14049fa_b_d860 and earlier allows attackers with Support/DownloadBundle permission to download a previously created support bundle co... | 6.5 | MEDIUM | — | 0 |
| CVE-2022-45384 Jenkins Reverse Proxy Auth Plugin 1.7.3 and earlier stores the LDAP manager password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by attackers with access... | 6.5 | MEDIUM | — | 0 |
| CVE-2022-45385 A missing permission check in Jenkins CloudBees Docker Hub/Registry Notification Plugin 2.6.2 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-speci... | 7.5 | HIGH | — | 0 |
| CVE-2022-45386 Jenkins Violations Plugin 0.7.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 5.5 | MEDIUM | — | 0 |
| CVE-2022-45387 Jenkins BART Plugin 1.0.3 and earlier does not escape the parsed content of build logs before rendering it on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability. | 5.4 | MEDIUM | — | 0 |
| CVE-2022-45388 Jenkins Config Rotator Plugin 2.0.1 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing unauthenticated attackers to read arbitrary files with '.xml' extension on t... | 7.5 | HIGH | — | 0 |
| CVE-2022-45389 A missing permission check in Jenkins XP-Dev Plugin 1.0 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to an attacker-specified repository. | 5.3 | MEDIUM | — | 0 |
| CVE-2022-29277 Incorrect pointer checks within the the FwBlockServiceSmm driver can allow arbitrary RAM modifications During review of the FwBlockServiceSmm driver, certain instances of SpiAccessLib could be tricked... | 8.8 | HIGH | — | 0 |
| CVE-2022-45390 A missing permission check in Jenkins loader.io Plugin 1.0.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 4.3 | MEDIUM | — | 0 |
| CVE-2022-45391 Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier globally and unconditionally disables SSL/TLS certificate and hostname validation for the entire Jenkins controller JVM. | 7.5 | HIGH | — | 0 |
| CVE-2022-45392 Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by attackers with E... | 6.5 | MEDIUM | — | 0 |
| CVE-2022-45393 A cross-site request forgery (CSRF) vulnerability in Jenkins Delete log Plugin 1.0 and earlier allows attackers to delete build logs. | 3.5 | LOW | — | 0 |
| CVE-2022-45394 A missing permission check in Jenkins Delete log Plugin 1.0 and earlier allows attackers with Item/Read permission to delete build logs. | 4.3 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.