Skip to main content
CVE-2022-20106 MEDIUM This Month

In MM service, there is a possible out of bounds write due to a heap-based buffer overflow. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Memory Corruption Buffer Overflow Android Linux Kernel
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-20105 MEDIUM This Month

In MM service, there is a possible out of bounds write due to a stack-based buffer overflow. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Memory Corruption Buffer Overflow Android Linux Kernel
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-28781 MEDIUM This Month

Improper input validation in Settings prior to SMR-May-2022 Release 1 allows attackers to launch arbitrary activity with system privilege. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-20095 MEDIUM This Month

In imgsensor, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Memory Corruption Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-20094 MEDIUM This Month

In imgsensor, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Memory Corruption Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-20089 MEDIUM This Month

In aee driver, there is a possible memory corruption due to active debug code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-20087 MEDIUM This Month

In ccu, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Memory Corruption Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-20085 MEDIUM This Month

In netdiag, there is a possible symbolic link following due to an improper link resolution. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-20744 MEDIUM This Month

A vulnerability in the input protection mechanisms of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to view data without proper authorization. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Secure Firewall Management Center
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-20091 MEDIUM This Month

In aee driver, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Privilege Escalation Race Condition Denial Of Service Android
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2022-20090 MEDIUM This Month

In aee driver, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Privilege Escalation Race Condition Denial Of Service Android
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2022-20740 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco XSS Secure Firewall Management Center
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-1434 MEDIUM PATCH This Month

The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

OpenSSL Information Disclosure Active Iq Unified Manager Clustered Data Ontap Clustered Data Ontap Antivirus Connector +22
NVD
CVSS 3.1
5.9
EPSS
1.0%
CVE-2022-20104 MEDIUM This Month

In aee daemon, there is a possible information disclosure due to improper access control. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20101 MEDIUM This Month

In aee daemon, there is a possible information disclosure due to a path traversal. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Path Traversal Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-28791 MEDIUM This Month

Improper input validation vulnerability in InstallAgent in Galaxy Store prior to version 4.5.41.8 allows attacker to overwrite files stored in a specific path. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Galaxy Store
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-28789 MEDIUM This Month

Unprotected activities in Voice Note prior to version 21.3.51.11 allows attackers to record voice without user interaction. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Voice Note
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-28788 MEDIUM This Month

Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-28787 MEDIUM This Month

Improper buffer size check logic in wmfextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-28786 MEDIUM This Month

Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-28785 MEDIUM This Month

Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-28780 MEDIUM This Month

Improper access control vulnerability in Weather prior to SMR May-2022 Release 1 allows that attackers can access location information that set in Weather without permission. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20092 MEDIUM This Month

In alac decoder, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-1331 MEDIUM This Month

In four instances DMARS (All versions prior to v2.1.10.24) does not properly restrict references of XML external entities while processing specific project files, which may allow unauthorized. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure XXE Dmars
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2022-20629 MEDIUM This Month

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Secure Firewall Management Center
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-20628 MEDIUM This Month

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Secure Firewall Management Center
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-20627 MEDIUM This Month

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Secure Firewall Management Center
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-1343 MEDIUM PATCH This Month

The function `OCSP_basic_verify` verifies the signer certificate on an OCSP response. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

OpenSSL Information Disclosure Active Iq Unified Manager Clustered Data Ontap Clustered Data Ontap Antivirus Connector +22
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2022-20748 MEDIUM This Month

A vulnerability in the local malware analysis process of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Firepower Threat Defense
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2022-20097 MEDIUM This Month

In aee daemon, there is a possible information disclosure due to a race condition. Rated medium severity (CVSS 4.7). No vendor patch available.

Race Condition Information Disclosure Android
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2022-28782 MEDIUM This Month

Improper access control vulnerability in Contents To Window prior to SMR May-2022 Release 1 allows physical attacker to install package before completion of Setup wizard. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
4.6
EPSS
0.1%
CVE-2022-20107 MEDIUM This Month

In subtitle service, there is a possible application crash due to an integer overflow. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Integer Overflow Android Linux Kernel
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2022-20103 MEDIUM This Month

In aee daemon, there is a possible information disclosure due to symbolic link following. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2022-20102 MEDIUM This Month

In aee daemon, there is a possible information disclosure due to a missing permission check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2022-28793 MEDIUM This Month

Given the TEE is compromised and controlled by the attacker, improper state maintenance in StrongBox allows attackers to change Android ROT during device boot cycle after compromising TEE. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Galaxy S22 Firmware
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2022-20100 MEDIUM This Month

In aee daemon, there is a possible information disclosure due to a missing permission check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2022-20098 MEDIUM This Month

In aee daemon, there is a possible information disclosure due to a missing permission check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2022-20096 MEDIUM This Month

In camera, there is a possible information disclosure due to uninitialized data. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2022-28790 LOW Monitor

Improper authentication in Link to Windows Service prior to version 2.3.04.1 allows attacker to lock the device. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Link To Windows Service
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2022-28784 LOW Monitor

Path traversal vulnerability in Galaxy Themes prior to SMR May-2022 Release 1 allows attackers to list file names in arbitrary directory as system user. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy