Skip to main content
CVE-2022-26471 HIGH This Week

In telephony, there is a possible escalation of privilege due to a parcel format mismatch. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Deserialization Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-37893 HIGH This Week

An authenticated command injection vulnerability exists in the Aruba InstantOS and ArubaOS 10 command line interface. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Aruba Command Injection Arubaos Instant Scalance W1750D Firmware
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-39858 HIGH This Week

Path traversal vulnerability in AtBroadcastReceiver in FactoryCamera prior to version 3.5.51 allows attackers to write arbitrary file as FactoryCamera privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Factorycamera
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-39854 HIGH This Week

Improper protection in IOMMU prior to SMR Oct-2022 Release 1 allows unauthorized access to secure memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-39853 HIGH This Week

A use after free vulnerability in perf-mgr driver prior to SMR Oct-2022 Release 1 allows attacker to cause memory access fault. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-39852 HIGH This Week

A heap-based overflow vulnerability in makeContactAGIF in libagifencoder.quram.so library prior to SMR Oct-2022 Release 1 allows attacker to perform code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Heap Overflow Buffer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-41574 HIGH This Week

An access-control vulnerability in Gradle Enterprise 2022.4 through 2022.3.1 allows remote attackers to prevent backups from occurring, and send emails with arbitrary text content to the configured. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Enterprise
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-32591 HIGH This Week

In ril, there is a possible system crash due to an incorrect bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Android
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-32589 HIGH This Week

In Wi-Fi driver, there is a possible way to disconnect Wi-Fi due to an improper resource release. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Yocto Android
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-22480 HIGH PATCH This Week

IBM QRadar SIEM 7.4 and 7.5 data node rebalancing does not function correctly when using encrypted hosts which could result in information disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Qradar Security Information And Event Manager
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-39871 HIGH This Week

Improper access control vulnerability cloudNotificationManager.java in SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcasts. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Java Smartthings
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2022-39870 HIGH This Week

Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via PUSH_MESSAGE_RECEIVED broadcast. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Java Smartthings
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2022-39869 HIGH This Week

Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via REMOVE_PERSISTENT_BANNER broadcast. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Java Smartthings
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2022-39868 HIGH This Week

Improper access control vulnerability in GedSamsungAccount.kt SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Smartthings
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2022-39867 HIGH This Week

Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via SHOW_PERSISTENT_BANNER broadcast. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Java Smartthings
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2022-39866 HIGH This Week

Improper access control vulnerability in RegisteredEventMediator.kt SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Smartthings
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2022-39865 HIGH This Week

Improper access control vulnerability in ContentsSharingActivity.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Java Smartthings
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2022-39864 HIGH This Week

Improper access control vulnerability in WifiSetupLaunchHelper in SmartThings prior to version 1.7.89.25 allows attackers to access sensitive information via implicit intent. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Smartthings
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2022-32593 MEDIUM This Month

In vowe, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-32592 MEDIUM This Month

In cpu dvfs, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Privilege Escalation Buffer Overflow Yocto Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-32590 MEDIUM This Month

In wlan, there is a possible use after free due to an incorrect status check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Yocto Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-26475 MEDIUM This Month

In wlan, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Privilege Escalation Buffer Overflow Yocto Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-26474 MEDIUM This Month

In sensorhub, there is a possible out of bounds write due to an incorrect calculation of buffer size. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-26473 MEDIUM This Month

In vdec fmt, there is a possible use after free due to improper locking. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-26452 MEDIUM This Month

In isp, there is a possible use after free due to improper locking. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-31681 MEDIUM PATCH This Month

VMware ESXi contains a null-pointer deference vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

VMware Null Pointer Dereference Denial Of Service Cloud Foundation ESXi
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2022-39287 MEDIUM PATCH This Month

tiny-csrf is a Node.js cross site request forgery (CSRF) protection middleware. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Node.js Tiny Csrf
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-37894 MEDIUM This Month

An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Aruba Denial Of Service Arubaos Instant Scalance W1750D Firmware
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-21936 MEDIUM This Month

On Metasys ADX Server version 12.0 running MVE, an Active Directory user could execute validated actions without providing a valid password when using MVE SMP UI. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Metasys Extended Application And Data Server
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-41291 MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure IBM Infosphere Information Server
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-36772 MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information that should only be available to a privileged user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure IBM Infosphere Information Server
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-2929 MEDIUM This Month

In ISC DHCP 1.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1 a system with access to a DHCP server, sending DHCP packets crafted to include fqdn labels longer than 63 bytes, could eventually cause. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Dhcp Debian Linux Fedora
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-2928 MEDIUM This Month

In ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1, when the function option_code_hash_lookup() is called from add_option(), it increases the option's refcount field. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Dhcp Debian Linux Fedora
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-37896 MEDIUM This Month

A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Aruba XSS Arubaos Instant Scalance W1750D Firmware
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-34308 MEDIUM PATCH This Month

IBM CICS TX 11.1 could allow a local user to cause a denial of service due to improper load handling. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

IBM Denial Of Service Cics Tx
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-30613 MEDIUM PATCH This Month

IBM QRadar SIEM 7.4 and 7.5 could disclose sensitive information via a local service to a privileged user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure IBM Qradar Security Information And Event Manager
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-39878 MEDIUM This Month

Improper access control vulnerability in Samsung Checkout prior to version 5.0.55.3 allows attackers to access sensitive information via implicit intent broadcast. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Samsung Checkout
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-39874 MEDIUM This Month

Sensitive log information leakage vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Samsung Account
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-39857 MEDIUM This Month

Improper access control vulnerability in CameraTestActivity in FactoryCameraFB prior to version 3.5.51 allows attackers to access broadcasting Intent as system uid privilege. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Factorycamerafb
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-37892 MEDIUM This Month

A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Aruba XSS Arubaos Instant Scalance W1750D Firmware
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-41414 MEDIUM PATCH This Month

An insecure default in the component auth.login.prompt.enabled of Liferay Portal v7.0.0 through v7.4.2 allows attackers to enumerate usernames, site names, and pages. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Liferay Portal
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2022-39877 MEDIUM This Month

Improper access control vulnerability in ProfileSharingAccount in Group Sharing prior to versions 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below allows attackers to identify the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Group Sharing
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2022-39847 MEDIUM This Month

Use after free vulnerability in set_nft_pid and signal_handler function of NFC driver prior to SMR Oct-2022 Release 1 allows attackers to perform malicious actions. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Android
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2022-37895 MEDIUM This Month

An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Aruba Denial Of Service Arubaos Instant Scalance W1750D Firmware
NVD
CVSS 3.1
4.9
EPSS
0.7%
CVE-2022-39863 MEDIUM This Month

Intent redirection vulnerability in Samsung Account prior to version 13.5.01.3 allows attackers to access content providers without permission. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Samsung Account
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2022-39873 MEDIUM This Month

Improper authorization vulnerability in Samsung Internet prior to version 18.0.4.14 allows physical attackers to add bookmarks in secret mode without user authentication. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Samsung Internet
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2022-39875 MEDIUM This Month

Improper component protection vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Samsung Account
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2022-39855 MEDIUM This Month

Improper access control vulnerability in FACM application prior to SMR Oct-2022 Release 1 allows a local attacker to connect arbitrary AP and Bluetooth devices. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2022-39860 LOW Monitor

Improper access control vulnerability in QuickShare prior to version 13.2.3.5 allows attackers to access sensitive information via implicit broadcast. Rated low severity (CVSS 3.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Quick Share
NVD
CVSS 3.1
3.5
EPSS
0.2%
CVE-2022-39876 LOW Monitor

Insertion of Sensitive Information into Log in PushRegIdUpdateClient of SReminder prior to 8.2.01.13 allows attacker to access device IMEI. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Reminder
NVD
CVSS 3.1
3.3
EPSS
0.2%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy