Skip to main content
CVE-2022-36862 HIGH This Week

A heap-based overflow vulnerability in HWR::EngineCJK::Impl::Construct() in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Samsung Heap Overflow Buffer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-36860 HIGH This Week

A heap-based overflow vulnerability in LoadEnvironment function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Samsung Heap Overflow Buffer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-36858 HIGH This Week

A heap-based overflow vulnerability in GetCorrectDbLanguageTypeEsPKc() function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Samsung Heap Overflow Buffer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-36855 HIGH This Week

A use after free vulnerability in iva_ctl driver prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-36849 HIGH This Week

Use after free vulnerability in sdp_mm_set_process_sensitive function of sdpmm driver prior to SMR Sep-2022 Release 1 allows attackers to perform malicious actions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-36847 HIGH This Week

Use after free vulnerability in mtp_send_signal function of MTP driver prior to SMR Sep-2022 Release 1 allows attackers to perform malicious actions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-36846 HIGH This Week

A heap-based overflow vulnerability in ConstructDictionary function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Samsung Heap Overflow Buffer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-36845 HIGH This Week

A heap-based overflow vulnerability in MHW_RECOG_LIB_INFO function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Samsung Heap Overflow Buffer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-36844 HIGH This Week

A heap-based overflow vulnerability in HWR::EngJudgeModel::Construct() in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Samsung Heap Overflow Buffer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-36843 HIGH This Week

A heap-based overflow vulnerability in MHW_RECOG_LIB_INFO function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Samsung Heap Overflow Buffer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-36842 HIGH This Week

A heap-based overflow vulnerability in prepareRecogLibrary function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Samsung Heap Overflow Buffer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-36841 HIGH This Week

A heap-based overflow vulnerability in PrepareRecogLibrary_Part function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Samsung Heap Overflow Buffer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-2964 HIGH PATCH This Week

A flaw was found in the Linux kernel’s driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Linux Buffer Overflow Linux Kernel Enterprise Linux H300s Firmware +4
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-31006 HIGH PATCH This Week

indy-node is the server portion of Hyperledger Indy, a distributed ledger purpose-built for decentralized identity. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Indy Node
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-28742 HIGH This Week

aEnrich eHRD Learning Management Key Performance Indicator System 5+ has Improper Access Control. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure A Hrd
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-28740 HIGH This Week

aEnrich eHRD Learning Management Key Performance Indicator System 5+ exposes Sensitive Information to an Unauthorized Actor. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure A Hrd
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-36853 HIGH This Week

Intent redirection in Photo Editor prior to SMR Sep-2022 Release 1 allows attacker to get sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2022-36423 HIGH This Week

OpenHarmony-v3.1.2 and prior versions have an incorrect configuration of the cJSON library, which leads a Stack overflow vulnerability during recursive parsing. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Openharmony
NVD
CVSS 3.1
7.4
EPSS
0.3%
CVE-2022-29061 HIGH This Week

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSOAR before 7.2.1 allows an authenticated attacker to execute. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Command Injection Fortisoar
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2022-39845 HIGH This Week

Improper validation of integrity check vulnerability in Samsung Kies prior to version 2.6.4.22074 allows local attackers to delete arbitrary directory using directory junction. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Samsung Kies
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2022-39844 HIGH This Week

Improper validation of integrity check vulnerability in Smart Switch PC prior to version 4.3.22083 allows local attackers to delete arbitrary directory using directory junction. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Smart Switch Pc
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2022-3147 MEDIUM This Month

Mattermost version 7.0.x and earlier fails to sufficiently limit the in-memory sizes of concurrently uploaded JPEG images, which allows authenticated users to cause resource exhaustion on specific. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mattermost Denial Of Service Mattermost Server
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-36873 MEDIUM This Month

Improper restriction of broadcasting Intent in GalaxyStoreBridgePageLinker of?Waterplugin prior to version 2.2.11.22081151 leaks MAC address of the connected Bluetooth device. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Galaxy Watch Plugin
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2022-36872 MEDIUM This Month

Pending Intent hijacking vulnerability in SpayNotification in Samsung Pay prior to version 5.0.63 for KR and 5.1.47 for Global allows attackers to access files without permission via implicit Intent. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Samsung Samsung Pay Samsung Pay Kr
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2022-36871 MEDIUM This Month

Pending Intent hijacking vulnerability in NotiCenterUtils in Samsung Pay prior to version 5.0.63 for KR and 5.1.47 for Global allows attackers to access files without permission via implicit Intent. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Samsung Samsung Pay Samsung Pay Kr
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2022-36870 MEDIUM This Month

Pending Intent hijacking vulnerability in MTransferNotificationManager in Samsung Pay prior to version 5.0.63 for KR and 5.1.47 for Global allows attackers to access files without permission via. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Samsung Samsung Pay Samsung Pay Kr
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2022-26392 MEDIUM This Month

The Baxter Spectrum WBM (v16, v16D38) and Baxter Spectrum WBM (v17, v17D19, v20D29 to v20D32) when in superuser mode is susceptible to format string attacks via application messaging. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Spectrum Wireless Battery Module Firmware Sigma Spectrum 35700Bax Firmware Sigma Spectrum 35700Bax2 Firmware Baxter Spectrum Iq 35700Bax3 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-2528 MEDIUM This Month

In affected versions of Octopus Deploy it is possible to upload a package to built-in feed with insufficient permissions after re-indexing packages. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Octopus Server
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-38096 MEDIUM This Month

A NULL pointer dereference vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
6.3
EPSS
0.0%
CVE-2022-36109 MEDIUM PATCH This Month

Moby is an open-source project created by Docker to enable software containerization. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Docker Moby Fedora
NVD GitHub
CVSS 3.1
6.3
EPSS
0.8%
CVE-2022-36874 MEDIUM This Month

Improper Handling of Insufficient Permissions or Privileges vulnerability in Waterplugin prior to 2.2.11.22040751 allows attacker to access device IMEI and Serial number. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Galaxy Watch Plugin
NVD
CVSS 3.1
6.2
EPSS
0.2%
CVE-2022-39810 MEDIUM This Month

An issue was discovered in WSO2 Enterprise Integrator 6.4.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Enterprise Integrator
NVD
CVSS 3.1
6.1
EPSS
57.3%
CVE-2022-39809 MEDIUM This Month

An issue was discovered in WSO2 Enterprise Integrator 6.4.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Enterprise Integrator
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-36869 MEDIUM This Month

Improper access control vulnerability in ContactsDumpActivity of?Contacts Provider prior to version 12.7.59 allows attacker to access the file without permission. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Contacts Provider
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2022-40133 MEDIUM This Month

A use-after-free(UAF) vulnerability was found in function 'vmw_execbuf_tie_context' in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128 (or. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Linux Denial Of Service Use After Free Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2022-3169 MEDIUM This Month

A flaw was found in the Linux kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Linux Denial Of Service Linux Kernel Fedora Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-3077 MEDIUM PATCH This Month

A buffer overflow vulnerability was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way it handled the I2C_SMBUS_BLOCK_PROC_CALL case (via the ioctl I2C_SMBUS) with. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Linux Intel Buffer Overflow Linux Kernel
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-38457 MEDIUM This Month

A use-after-free(UAF) vulnerability was found in function 'vmw_cmd_res_check' in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128 (or Dxxx)'. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Linux Denial Of Service Use After Free Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2022-38081 MEDIUM This Month

OpenHarmony-v3.1.2 and prior versions have a permission bypass vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Openharmony
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-38064 MEDIUM This Month

OpenHarmony-v3.1.2 and prior versions have a permission bypass vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Openharmony
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-36875 MEDIUM This Month

Improper restriction of broadcasting Intent in SaWebViewRelayActivity of?Waterplugin prior to version 2.2.11.22081151 allows attacker to access the file without permission. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Galaxy Watch Plugin
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-36867 MEDIUM This Month

Improper access control vulnerability in Editor Lite prior to version 4.0.40.14 allows attackers to access sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Editor Lite
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-36854 MEDIUM This Month

Out of bound read in libapexjni.media.samsung.so prior to SMR Sep-2022 Release 1 allows attacker access unauthorized information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Samsung Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-36848 MEDIUM This Month

Improper Authorization vulnerability in setDualDARPolicyCmd prior to SMR Sep-2022 Release 1 allows local attackers to cause local permanent denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Denial Of Service Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-36280 MEDIUM This Month

An out-of-bounds(OOB) memory access vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_kms.c in GPU component in the Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Linux Denial Of Service Buffer Overflow Linux Kernel Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2022-34165 MEDIUM PATCH This Month

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.9 are vulnerable to HTTP header injection, caused by improper validation. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM XSS Websphere Application Server
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-40191 MEDIUM This Month

Authenticated (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in Ali Khallad's Contact Form By Mega Forms plugin <= 1.2.4 at WordPress. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Contact Form By Mega Forms
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-37407 MEDIUM This Month

Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities in WPChill Gallery PhotoBlocks plugin <= 1.2.6 at WordPress. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Gallery Photoblocks
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-26394 MEDIUM This Month

The Baxter Spectrum WBM does not perform mutual authentication with the gateway server host. Rated medium severity (CVSS 5.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Spectrum Wireless Battery Module Firmware Sigma Spectrum 35700Bax Firmware Sigma Spectrum 35700Bax2 Firmware Baxter Spectrum Iq 35700Bax3 Firmware
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2022-38067 MEDIUM This Month

Unauthenticated Event Deletion vulnerability in Totalsoft Event Calendar - Calendar plugin <= 1.4.6 at WordPress. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Privilege Escalation Event Calendar
NVD
CVSS 3.1
5.3
EPSS
0.6%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy