Skip to main content
CVE-2022-20347 HIGH PATCH This Week

In onAttach of ConnectedDeviceDashboardFragment.java, there is a possible permission bypass due to a confused deputy. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Google Privilege Escalation Android
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-20345 HIGH This Week

In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google RCE Buffer Overflow Android
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-33928 HIGH This Week

Dell Wyse Management Suite 3.6.1 and below contains an Plain-text Password Storage Vulnerability in UI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Dell Wyse Management Suite
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-0028 HIGH KEV THREAT This Week

A PAN-OS URL filtering policy misconfiguration could allow a network-based attacker to conduct reflected and amplified TCP denial-of-service (RDoS) attacks. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Paloalto Information Disclosure Pan Os
NVD
CVSS 3.1
8.6
EPSS
2.0%
CVE-2022-32245 HIGH This Week

SAP BusinessObjects Business Intelligence Platform (Open Document) - versions 420, 430, allows an unauthenticated attacker to retrieve sensitive information plain text over the network. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure SAP Businessobjects Business Intelligence
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2022-2458 HIGH This Week

XML external entity injection(XXE) is a vulnerability that allows an attacker to interfere with an application's processing of XML data. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Process Automation Manager
NVD
CVSS 3.1
8.2
EPSS
0.7%
CVE-2022-20816 HIGH This Week

A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Path Traversal Unified Communications Manager
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2022-30580 HIGH PATCH This Week

Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 allows execution of any binaries in the working directory named either "..com" or "..exe" by calling Cmd.Run, Cmd.Start,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

RCE Code Injection Go
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-25793 HIGH This Week

A Stack-based Buffer Overflow Vulnerability in Autodesk 3ds Max 2022, 2021, and 2020 may lead to code execution through the lack of proper validation of the length of user-supplied data prior to. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow 3ds Max
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-20360 HIGH PATCH This Week

In setChecked of SecureNfcPreferenceController.java, there is a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google Authentication Bypass Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-20356 HIGH PATCH This Week

In shouldAllowFgsWhileInUsePermissionLocked of ActiveServices.java, there is a possible way to start foreground service from background due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-20354 HIGH PATCH This Week

In onDefaultNetworkChanged of Vpn.java, there is a possible way to disable VPN due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-20349 HIGH PATCH This Week

In WifiScanningPreferenceController and BluetoothScanningPreferenceController, there is a possible admin restriction bypass due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google Authentication Bypass Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-20348 HIGH PATCH This Week

In updateState of LocationServicesWifiScanningPreferenceController.java, there is a possible admin restriction bypass due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google Authentication Bypass Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-20792 HIGH This Week

A vulnerability in the regex module used by the signature database load module of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Information Disclosure Buffer Overflow Clamav
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-37008 HIGH This Week

The recovery module has a vulnerability of bypassing the verification of an update package before use. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Emui Harmonyos Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2022-37007 HIGH This Week

The chinadrm module has an out-of-bounds read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Emui Harmonyos Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-37006 HIGH This Week

Permission control vulnerability in the network module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-37005 HIGH This Week

The Settings application has an argument injection vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Emui Harmonyos Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-37004 HIGH This Week

The Settings application has a vulnerability of bypassing the out-of-box experience (OOBE). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Emui Harmonyos Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-37001 HIGH This Week

The diag-router module has a vulnerability in intercepting excessive long and short instructions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-35290 HIGH This Week

Under certain conditions SAP Authenticator for Android allows an attacker to access information which would otherwise be restricted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure SAP Authenticator
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-31675 HIGH PATCH This Week

VMware vRealize Operations contains an authentication bypass vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass VMware Vrealize Operations
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-30635 HIGH PATCH This Week

Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a message which contains deeply nested. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Go
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-30633 HIGH PATCH This Week

Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Go
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2022-30632 HIGH PATCH This Week

Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path containing a large number of path separators. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Go
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2022-30631 HIGH PATCH This Week

Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via an archive containing a large number of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Go
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2022-30630 HIGH PATCH This Week

Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path which contains a large number of path separators. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Go
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2022-29804 HIGH PATCH This Week

Incorrect conversion of certain invalid paths to valid, absolute paths in Clean in path/filepath before Go 1.17.11 and Go 1.18.3 on Windows allows potential directory traversal attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Path Traversal Go
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2022-28881 HIGH This Week

A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the aerdl.dll component used in certain WithSecure products unpacker function crashes which leads to scanning engine. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Elements Endpoint Detection And Response Elements Endpoint Protection Atlant Cloud Protection For Salesforce +4
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-28131 HIGH PATCH This Week

Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Go Fedora Cloud Insights Telegraf
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2022-35715 HIGH This Week

IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in a stack trace. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Infosphere Information Server
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-33930 HIGH This Week

Dell Wyse Management Suite 3.6.1 and below contains Information Disclosure in Devices error pages. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Dell Wyse Management Suite
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-20866 HIGH This Week

A vulnerability in the handling of RSA keys on devices running Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cisco Adaptive Security Appliance Software Firepower Threat Defense
NVD
CVSS 3.1
7.5
EPSS
16.6%
CVE-2022-34661 HIGH This Week

A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.15), Teamcenter V13.0 (All versions < V13.0.0.10), Teamcenter V13.1 (All versions < V13.1.0.10), Teamcenter V13.2 (All. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Teamcenter
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-31780 HIGH This Week

Improper Input Validation vulnerability in HTTP/2 frame handling of Apache Traffic Server allows an attacker to smuggle requests.0.0 to 9.1.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Traffic Server Debian Linux Fedora
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2022-31779 HIGH This Week

Improper Input Validation vulnerability in HTTP/2 header parsing of Apache Traffic Server allows an attacker to smuggle requests.0.0 to 9.1.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Traffic Server Debian Linux Fedora
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2022-31778 HIGH This Week

Improper Input Validation vulnerability in handling the Transfer-Encoding header of Apache Traffic Server allows an attacker to poison the cache.0.0 to 9.0.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Traffic Server Debian Linux
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2022-28129 HIGH This Week

Improper Input Validation vulnerability in HTTP/1.1 header parsing of Apache Traffic Server allows an attacker to send invalid headers.0.0 to 9.1.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Traffic Server Debian Linux Fedora
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2022-25763 HIGH This Week

Improper Input Validation vulnerability in HTTP/2 request validation of Apache Traffic Server allows an attacker to create smuggle or cache poison attacks.0.0 to 9.1.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Request Smuggling Traffic Server Debian Linux +1
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2022-31672 HIGH PATCH This Week

VMware vRealize Operations contains a privilege escalation vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

VMware Privilege Escalation Vrealize Operations
NVD
CVSS 3.1
7.2
EPSS
0.6%
CVE-2022-30629 LOW POC PATCH Monitor

Non-random values for ticket_age_add in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes to correlate successive connections by. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Go
NVD
CVSS 3.1
3.1
EPSS
0.9%
CVE-2022-22369 HIGH This Week

IBM Workload Scheduler 9.4 and 9.5 could allow a local user to overwrite key system files which would cause the system to crash. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

IBM Denial Of Service Workload Scheduler
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2022-34659 MEDIUM This Month

A vulnerability has been identified in Simcenter STAR-CCM+ (All versions only if the Power-on-Demand public license server is used). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Simcenter Star Ccm Viewer
NVD VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2022-20344 HIGH PATCH This Week

In stealReceiveChannel of EventThread.cpp, there is a possible way to interfere with process communication due to a race condition. Rated high severity (CVSS 7.0).

Google Race Condition Privilege Escalation Android
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2022-23238 MEDIUM PATCH This Month

Linux deployments of StorageGRID (formerly StorageGRID Webscale) versions 11.6.0 through 11.6.0.2 deployed with a Linux kernel version less than 4.7.0 are susceptible to a vulnerability which could. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Linux Information Disclosure Storagegrid
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-20346 MEDIUM PATCH This Month

In updateAudioTrackInfoFromESDS_MPEG4Audio of MPEG4Extractor.cpp, there is a possible out of bounds read due to an incorrect bounds check. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Google Information Disclosure Buffer Overflow Android
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-34365 MEDIUM This Month

WMS 3.7 contains a Path Traversal Vulnerability in Device API. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Wyse Management Suite
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-33927 MEDIUM This Month

Dell Wyse Management Suite 3.6.1 and below contains a Session Fixation vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Session Fixation Dell Wyse Management Suite
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-33926 MEDIUM This Month

Dell Wyse Management Suite 3.6.1 and below contains an improper access control vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Dell Wyse Management Suite
NVD
CVSS 3.1
6.5
EPSS
0.4%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy