Home / 2022 Advisories Archive

2022 Advisories Archive

Severity	Date Published	Date Updated	Check Point Reference	Source	Industry Reference	Description
High	31 Oct 2022	3 Jun 2024	CPAI-2022-0771		CVE-2022-27908	Zoho ManageEngine SQL Injection (CVE-2022-27908)
High	20 Apr 2022	3 Jun 2024	CPAI-2022-0204		CVE-2022-24734	MyBB Remote Code Execution (CVE-2022-24734)
High	26 Oct 2022	2 Jun 2024	CPAI-2022-0736		CVE-2022-30287	Horde Groupware Webmail Edition Insecure Deserialization (CVE-2022-30287)
High	25 Aug 2022	2 Jun 2024	CPAI-2022-0530		CVE-2022-28451	nopCommerce BackupAction Directory Traversal (CVE-2022-28451)
Critical	3 Jul 2022	2 Jun 2024	CPAI-2022-0334		CVE-2022-29535	Zoho ManageEngine OPManager SQL Injection (CVE-2022-29535)
Critical	6 Nov 2022	30 May 2024	CPAI-2022-0683		CVE-2022-35914	GLPI Remote Code Execution (CVE-2022-35914)
Critical	20 Nov 2022	30 May 2024	CPAI-2022-0862		CVE-2022-23900 CVE-2023-3380	Wavlink Devices Command Injection (CVE-2022-23900; CVE-2023-3380)
High	14 Nov 2022	30 May 2024	CPAI-2022-0814		CVE-2022-32572	WWBN AVideo Command Injection (CVE-2022-32572)
Critical	29 Nov 2022	28 May 2024	CPAI-2022-0983		CVE-2022-40300	Zoho ManageEngine Password Manager SQL Injection (CVE-2022-40300)
High	31 Oct 2022	28 May 2024	CPAI-2022-0615		CVE-2022-36804	Atlassian Bitbucket Command Injection (CVE-2022-36804)
High	30 May 2022	28 May 2024	CPAI-2021-1186		CVE-2021-25094	WordPress BrandExponents Tatsu Plugin Arbitrary File Upload (CVE-2021-25094)
High	13 Oct 2022	28 May 2024	CPAI-2022-0656	Adobe APSB22-44	CVE-2022-38418	Adobe ColdFusion Improper Access to a Restricted Directory (APSB22-44: CVE-2022-38418)
Critical	4 Dec 2022	27 May 2024	CPAI-2022-0982		CVE-2022-37055	D-Link GO-RT-AC750 Buffer Overflow (CVE-2022-37055)
High	20 Dec 2022	19 May 2024	CPAI-2021-1497		CVE-2021-40655	D-Link DIR-605 Authentication Bypass (CVE-2021-40655)
Critical	6 Feb 2022	9 May 2024	CPAI-2021-1065		CVE-2021-20038	SonicWall SMA Buffer Overflow (CVE-2021-20038)
Critical	30 Nov 2022	5 May 2024	CPAI-2021-1379		CVE-2021-42342	Embedthis GoAhead Remote Code Execution (CVE-2021-42342)
Critical	8 Dec 2022	1 May 2024	CPAI-2022-0978		CVE-2022-35559 CVE-2023-51097 CVE-2023-51101 CVE-2023-51102	Tenda W Series Stack Overflow (CVE-2022-35559; CVE-2023-51097; CVE-2023-51101; CVE-2023-51102)
Critical	31 Oct 2022	7 Apr 2024	CPAI-2022-0739		CVE-2022-24170 CVE-2022-24171 CVE-2022-28572 CVE-2022-34595 CVE-2022-34596 CVE-2022-34597 CVE-2022-46538 CVE-2023-30135 CVE-2023-31587 CVE-2023-49040	Tenda Routers Command Injection (CVE-2022-24170; CVE-2022-24171; CVE-2022-28572; CVE-2022-34595; CVE-2022-34596; CVE-2022-34597; CVE-2022-46538; CVE-2023-30135; CVE-2023-31587; CVE-2023-49040)
Critical	13 Jun 2022	31 Mar 2024	CPAI-2022-0279		CVE-2022-24706	Apache CouchDB Remote Code Execution (CVE-2022-24706)
Critical	15 Dec 2022	28 Mar 2024	CPAI-2022-1076		CVE-2022-29321 CVE-2022-29322 CVE-2022-29323 CVE-2022-29324 CVE-2022-29325 CVE-2022-29326 CVE-2022-29327 CVE-2023-43236 CVE-2023-43237 CVE-2023-43238 CVE-2023-43239 CVE-2023-43240 CVE-2023-43242	D-Link DIR-816 Stack Overflow (CVE-2022-29321; CVE-2022-29322; CVE-2022-29323; CVE-2022-29324; CVE-2022-29325; CVE-2022-29326; CVE-2022-29327; CVE-2023-43236; CVE-2023-43237; CVE-2023-43238; CVE-2023-43239; CVE-2023-43240; CVE-2023-43242)
Critical	6 Dec 2022	28 Mar 2024	CPAI-2022-1020		CVE-2022-40942 CVE-2023-40802 CVE-2023-45482 CVE-2023-45483	Tenda Routers Stack Overflow (CVE-2022-40942; CVE-2023-40802; CVE-2023-45482; CVE-2023-45483)
Critical	28 Nov 2022	27 Mar 2024	CPAI-2022-0904		CVE-2022-28557 CVE-2024-2851 CVE-2024-2853 CVE-2024-2854	Tenda AC Routers Command Injection (CVE-2022-28557; CVE-2024-2851; CVE-2024-2853; CVE-2024-2854)
Critical	2 Nov 2022	27 Mar 2024	CPAI-2022-0738		CVE-2022-33171	TypeORM FindOne SQL Injection (CVE-2022-33171)
Critical	11 Dec 2022	24 Mar 2024	CPAI-2022-0991		CVE-2022-40866 CVE-2022-40867 CVE-2022-40868 CVE-2023-26805 CVE-2023-26806	Tenda W20E Stack Overflow (CVE-2022-40866; CVE-2022-40867; CVE-2022-40868; CVE-2023-26805; CVE-2023-26806)
Critical	24 May 2022	24 Mar 2024	CPAI-2022-0243		CVE-2022-1040	Sophos MR3 Firewall Remote Code Execution (CVE-2022-1040)
Critical	31 Mar 2022	24 Mar 2024	CPAI-2022-0104		CVE-2022-22965	Spring Core Remote Code Execution (CVE-2022-22965)
Critical	4 Dec 2022	12 Mar 2024	CPAI-2022-0967		CVE-2022-25445 CVE-2022-25446 CVE-2022-25447 CVE-2022-25448 CVE-2022-25449 CVE-2022-25452 CVE-2022-25453 CVE-2022-25456 CVE-2022-25458 CVE-2023-24166	Tenda AC6 Stack Overflow (CVE-2022-25445; CVE-2022-25446; CVE-2022-25447; CVE-2022-25448; CVE-2022-25449; CVE-2022-25452; CVE-2022-25453; CVE-2022-25456; CVE-2022-25458; CVE-2023-24166)
High	13 Jun 2022	28 Feb 2024	CPAI-2022-0315			Null Byte HTTP Encodings
Critical	13 Nov 2022	26 Feb 2024	CPAI-2022-0820		CVE-2022-37149 CVE-2023-38861	Wavlink WL-WN575A3 Command Injection (CVE-2022-37149; CVE-2023-38861)
Critical	4 Apr 2022	25 Feb 2024	CPAI-2022-0086		CVE-2022-24995 CVE-2023-24212	Tenda AX3 Buffer Overflow (CVE-2022-24995; CVE-2023-24212)
Critical	4 Dec 2022	11 Feb 2024	CPAI-2022-0949		CVE-2022-23178	Crestron HD-MD4X2-4K-E Authentication Bypass (CVE-2022-23178)
Critical	23 Feb 2022	11 Feb 2024	CPAI-2021-1066		CVE-2021-21975	VMware Multiple Products Server Side Request Forgery (CVE-2021-21975)
High	10 May 2022	11 Feb 2024	CPAI-2022-0235	Microsoft CVE-2022-29104	CVE-2022-29104	Microsoft Windows Print Spooler Elevation of Privilege (CVE-2022-29104)
High	13 Nov 2022	8 Feb 2024	CPAI-2021-1341		CVE-2021-39144 CVE-2022-31678	XStream Insecure Deserialization (CVE-2021-39144; CVE-2022-31678)
Critical	7 Nov 2022	28 Jan 2024	CPAI-2022-0790		CVE-2022-37070 CVE-2023-33629	H3C Routers Command Injection (CVE-2022-37070; CVE-2023-33629)
High	6 Nov 2022	28 Jan 2024	CPAI-2022-0782		CVE-2022-33891	Apache Spark UI Command Injection (CVE-2022-33891)
High	16 Jan 2022	28 Jan 2024	CPAI-2021-0952		CVE-2021-21224	Google Chrome Remote Code Execution (CVE-2021-21224)
Critical	17 Feb 2022	22 Jan 2024	CPAI-2022-0042		CVE-2022-22536	SAP Multiple Products Remote Code Execution (CVE-2022-22536)
Critical	30 Aug 2022	21 Jan 2024	CPAI-2022-0516		CVE-2022-31656	VMware Multiple Products Authentication Bypass (CVE-2022-31656)
High	24 Nov 2022	15 Jan 2024	CPAI-2021-1381		CVE-2021-21924 CVE-2021-21925 CVE-2021-21926 CVE-2021-21927 CVE-2021-21928 CVE-2021-21929 CVE-2021-21930 CVE-2021-21931 CVE-2021-21932 CVE-2021-21933 CVE-2021-21934 CVE-2021-21935 CVE-2021-21936 CVE-2021-21937	Advantech R-SeeNet SQL Injection (CVE-2021-21924; CVE-2021-21925; CVE-2021-21926; CVE-2021-21927; CVE-2021-21928; CVE-2021-21929; CVE-2021-21930; CVE-2021-21931; CVE-2021-21932; CVE-2021-21933; CVE-2021-21934; CVE-2021-21935; CVE-2021-21936; CVE-2021-21937)
Critical	18 Sep 2022	15 Jan 2024	CPAI-2020-3589		CVE-2020-35846 CVE-2020-35847 CVE-2020-35848	Agentejo Cockpit NoSQL Injection (CVE-2020-35846; CVE-2020-35847; CVE-2020-35848)
Medium	30 May 2022	11 Jan 2024	CPAI-2019-2530		CVE-2019-8451	Atlassian Jira Server-Side Request Forgery (CVE-2019-8451)
High	27 Apr 2022	11 Jan 2024	CPAI-2021-1165		CVE-2021-42278 CVE-2021-42287	Microsoft Windows Active Directory Privilege Escalation (CVE-2021-42278; CVE-2021-42287)
Critical	20 Dec 2022	4 Jan 2024	CPAI-2022-1085		CVE-2022-41352	Zimbra Collaboration Arbitrary File Upload (CVE-2022-41352)
Critical	17 Apr 2022	4 Jan 2024	CPAI-2021-1113		CVE-2021-20016	SonicWall SSLVPN SMA100 Authentication Bypass (CVE-2021-20016)
High	20 Jul 2022	3 Jan 2024	CPAI-2022-0339		CVE-2022-23642	Sourcegraph Command Injection (CVE-2022-23642)
Critical	24 Nov 2022	1 Jan 2024	CPAI-2022-0704		CVE-2022-24637	Open Web Analytics Authentication Bypass (CVE-2022-24637)
High	9 Jun 2022	1 Jan 2024	CPAI-2021-1187		CVE-2021-20039	SonicWall SMA 100 Command Injection (CVE-2021-20039)
Critical	21 Nov 2022	28 Dec 2023	CPAI-2022-0897		CVE-2022-37061	FLIR AX8 Thermal Camera Command Injection (CVE-2022-37061)
Medium	22 Dec 2022	25 Dec 2023	CPAI-2018-2223		CVE-2018-13383	Fortinet FortiOS SSL VPN Heap Buffer Overflow (CVE-2018-13383)