NVD

2022-23 Change Timeline

Icon for CISA Known Exploited Vulnerabilities Catalog Announcement

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

CVE-2022-37235 - Netgear Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router R7000-V1.0.11.134_10.2.119 is vulnerable to Buffer Overflow via the wl binary in firmware. There is a stack overflow vulnerability caused by strncat
Published: September 22, 2022; 9:15:08 PM -0400

V3.1: 9.8 CRITICAL
CVE-2022-40250 - An attacker can exploit this vulnerability to elevate privileges from ring 0 to ring -2, execute arbitrary code in System Management Mode - an environment more privileged than operating system (OS) and completely isolated from it. Running arbitrar... read CVE-2022-40250
Published: September 20, 2022; 2:15:10 PM -0400

V3.1: 8.8 HIGH
CVE-2022-40705 - ** UNSUPPORTED WHEN ASSIGNED ** An Improper Restriction of XML External Entity Reference vulnerability in RPCRouterServlet of Apache SOAP allows an attacker to read arbitrary files over HTTP. This issue affects Apache SOAP version 2.2 and later ve... read CVE-2022-40705
Published: September 22, 2022; 5:15:09 AM -0400

V3.1: 7.5 HIGH
CVE-2022-34026 - ICEcoder v8.1 allows attackers to execute a directory traversal.
Published: September 22, 2022; 2:15:09 PM -0400

V3.1: 7.5 HIGH
CVE-2021-27774 - User input included in error response, which could be used in a phishing attack.
Published: September 22, 2022; 5:15:09 PM -0400

V3.1: 5.4 MEDIUM
CVE-2022-23458 - Toast UI Grid is a component to display and edit data. Versions prior to 4.21.3 are vulnerable to cross-site scripting attacks when pasting specially crafted content into editable cells. This issue was fixed in version 4.21.3. There are no known w... read CVE-2022-23458
Published: September 22, 2022; 6:15:09 PM -0400

V3.1: 6.1 MEDIUM
CVE-2022-31937 - Netgear N300 wireless router wnr2000v4-V1.0.0.70 was discovered to contain a stack overflow via strcpy in uhttpd.
Published: September 22, 2022; 6:15:09 PM -0400

V3.1: 9.8 CRITICAL
CVE-2022-36934 - An integer overflow in WhatsApp could result in remote code execution in an established video call.
Published: September 22, 2022; 6:15:09 PM -0400

V3.1: 9.8 CRITICAL
CVE-2022-38573 - 10-Strike Network Inventory Explorer v9.3 was discovered to contain a buffer overflow via the Add Computers function.
Published: September 22, 2022; 8:15:09 PM -0400

V3.1: 9.8 CRITICAL
CVE-2022-40298 - Crestron AirMedia for Windows before 5.5.1.84 has insecure inherited permissions, which leads to a privilege escalation vulnerability found in the AirMedia Windows Application, version 4.3.1.39. A low privileged user can initiate a repair of the s... read CVE-2022-40298
Published: September 22, 2022; 8:15:10 PM -0400

V3.1: 8.8 HIGH
CVE-2021-41803 - HashiCorp Consul 1.8.1 up to 1.11.8, 1.12.4, and 1.13.1 do not properly validate the node or segment names prior to interpolation and usage in JWT claim assertions with the auto config RPC. Fixed in 1.11.9, 1.12.5, and 1.13.2."
Published: September 22, 2022; 9:15:08 PM -0400

V3.1: 7.1 HIGH
CVE-2022-37232 - Netgear N300 wireless router wnr2000v4-V1.0.0.70 is vulnerable to Buffer Overflow via uhttpd. There is a stack overflow vulnerability caused by strcpy.
Published: September 22, 2022; 9:15:08 PM -0400

V3.1: 9.8 CRITICAL
CVE-2022-40851 - Tenda AC15 V15.03.05.19 contained a stack overflow via the function fromAddressNat.
Published: September 23, 2022; 11:15:14 AM -0400

V3.1: 9.8 CRITICAL
CVE-2022-40853 - Tenda AC15 router V15.03.05.19 contains a stack overflow via the list parameter at /goform/fast_setting_wifi_set
Published: September 23, 2022; 10:15:13 AM -0400

V3.1: 9.8 CRITICAL
CVE-2022-40860 - Tenda AC15 router V15.03.05.19 contains a stack overflow vulnerability in the function formSetQosBand->FUN_0007dd20 with request /goform/SetNetControlList
Published: September 23, 2022; 10:15:13 AM -0400

V3.1: 9.8 CRITICAL
CVE-2022-40862 - Tenda AC15 and AC18 router V15.03.05.19 contains stack overflow vulnerability in the function fromNatStaticSetting with the request /goform/NatStaticSetting
Published: September 23, 2022; 10:15:13 AM -0400

V3.1: 9.8 CRITICAL
CVE-2022-40864 - Tenda AC15 and AC18 routers V15.03.05.19 contain stack overflow vulnerabilities in the function setSmartPowerManagement with the request /goform/PowerSaveSet
Published: September 23, 2022; 10:15:13 AM -0400

V3.1: 9.8 CRITICAL
CVE-2022-40865 - Tenda AC15 and AC18 routers V15.03.05.19 contain heap overflow vulnerabilities in the function setSchedWifi with the request /goform/openSchedWifi/
Published: September 23, 2022; 10:15:13 AM -0400

V3.1: 9.8 CRITICAL
CVE-2022-40869 - Tenda AC15 and AC18 routers V15.03.05.19 contain stack overflow vulnerabilities in the function fromDhcpListClient with a combined parameter "list*" ("%s%d","list").
Published: September 23, 2022; 10:15:13 AM -0400

V3.1: 9.8 CRITICAL
CVE-2022-35238 - Unauthenticated Plugin Settings Change vulnerability in Awesome Filterable Portfolio plugin <= 1.9.7 at WordPress.
Published: September 23, 2022; 11:15:13 AM -0400

V3.1: 5.3 MEDIUM

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database