Skip to main content
CVE-2022-37916 HIGH This Week

Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack of proper access controls. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Aruba Airwave
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2022-46828 HIGH This Week

In JetBrains IntelliJ IDEA before 2022.3 a DYLIB injection on macOS was possible. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Code Injection Intellij Idea
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-46824 HIGH This Week

In JetBrains IntelliJ IDEA before 2022.2.4 a buffer overflow in the fsnotifier daemon on macOS was possible. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Buffer Overflow Intellij Idea
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-44455 HIGH This Week

The appspawn and nwebspawn services within OpenHarmony-v3.1.2 and prior versions were found to be vulnerable to buffer overflow vulnerability due to insufficient input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Buffer Overflow Openharmony
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-39907 HIGH This Week

Integer overflow vulnerability in Samsung decoding library for video thumbnails prior to SMR Dec-2022 Release 1 allows local attacker to perform Out-Of-Bounds Write. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Samsung Buffer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-3092 HIGH This Week

GE CIMPICITY versions 2022 and prior is vulnerable to an out-of-bounds write, which could allow an attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Cimplicity
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-3084 HIGH This Week

GE CIMPICITY versions 2022 and prior is vulnerable when data from a faulting address controls code flow starting at gmmiObj!CGmmiRootOptionTable, which could allow an attacker to execute arbitrary. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption Cimplicity
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-23496 HIGH PATCH This Week

Yet Another UserAgent Analyzer (Yauaa) is a java library that tries to parse and analyze the useragent string and extract as many relevant attributes as possible. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Denial Of Service Yet Another Useragent Analyzer
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-23495 HIGH PATCH This Week

go-merkledag implements the 'DAGService' interface and adds two ipld node types, Protobuf and Raw for the ipfs project. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Go Merkledag
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-39902 HIGH This Week

Improper authorization in Exynos baseband prior to SMR DEC-2022 Release 1 allows remote attacker to get sensitive information including IMEI via emergency call. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Samsung Exynos Firmware
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-23476 HIGH PATCH This Week

Nokogiri is an open source XML and HTML library for the Ruby programming language. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Nokogiri
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2022-23492 HIGH PATCH This Week

go-libp2p is the offical libp2p implementation in the Go programming language. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Libp2P
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-39908 HIGH This Week

TOCTOU vulnerability in Samsung decoding library for video thumbnails prior to SMR Dec-2022 Release 1 allows local attacker to perform Out-Of-Bounds Write. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

Samsung Buffer Overflow Android
NVD
CVSS 3.1
7.4
EPSS
0.1%
CVE-2022-41948 HIGH This Week

DHIS 2 is an open source information system for data capture, management, validation, analytics and visualization. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Dhis 2
NVD GitHub
CVSS 3.1
7.2
EPSS
0.6%
CVE-2022-39911 MEDIUM This Month

Improper check or handling of exceptional conditions vulnerability in Samsung Pass prior to version 4.0.06.1 allows attacker to access Samsung Pass. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Samsung Pass
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2022-46153 MEDIUM PATCH This Month

Traefik is an open source HTTP reverse proxy and load balancer. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Traefik
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-39901 MEDIUM This Month

Improper authentication in Exynos baseband prior to SMR DEC-2022 Release 1 allows remote attacker to disable the network traffic encryption between UE and gNodeB. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Samsung Exynos Firmware
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2022-23494 MEDIUM PATCH This Month

tinymce is an open source rich text editor. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Tinymce
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-46827 MEDIUM This Month

In JetBrains IntelliJ IDEA before 2022.3 an XXE attack leading to SSRF via requests to custom plugin repositories was possible. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

SSRF XXE Intellij Idea
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-46826 MEDIUM This Month

In JetBrains IntelliJ IDEA before 2022.3 the built-in web server allowed an arbitrary file to be read by exploiting a path traversal vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Intellij Idea
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-45118 MEDIUM This Month

OpenHarmony-v3.1.2 and prior versions had a vulnerability that telephony in communication subsystem sends public events with personal data, but the permission is not set. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Openharmony
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-39915 MEDIUM This Month

Improper access control vulnerability in Calendar prior to versions 11.6.08.0 in Android Q(10), 12.2.11.3000 in Android R(11), 12.3.07.2000 in Android S(12), and 12.4.02.0 in Android T(13) allows. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Google Calendar
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-39909 MEDIUM This Month

Insufficient verification of data authenticity vulnerability in Samsung Gear IconX PC Manager prior to version 2.1.221019.51 allows local attackers to create arbitrary file using symbolic link. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Samsung Gear Iconx Pc Manager
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-39905 MEDIUM This Month

Implicit intent hijacking vulnerability in Telecom application prior to SMR Dec-2022 Release 1 allows attacker to access sensitive information via implicit intent. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-39897 MEDIUM This Month

Exposure of Sensitive Information vulnerability in kernel prior to SMR Dec-2022 Release 1 allows attackers to access the kernel address information via log. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-41947 MEDIUM This Month

DHIS 2 is an open source information system for data capture, management, validation, analytics and visualization. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Dhis 2
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-38754 MEDIUM This Month

A potential vulnerability has been identified in Micro Focus Operations Bridge - Containerized. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java XSS Operations Bridge Operations Bridge Manager
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-41717 MEDIUM PATCH This Month

An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Go Http2 Fedora
NVD
CVSS 3.1
5.3
EPSS
5.6%
CVE-2022-46830 MEDIUM This Month

In JetBrains TeamCity between 2022.10 and 2022.10.1 a custom STS endpoint allowed internal port scanning. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Teamcity
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2022-4122 MEDIUM PATCH This Month

A vulnerability was found in buildah. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Podman Fedora
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%
CVE-2022-45877 MEDIUM This Month

OpenHarmony-v3.1.4 and prior versions had an vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass Openharmony
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2022-46831 MEDIUM This Month

In JetBrains TeamCity between 2022.10 and 2022.10.1 connecting to AWS using the "Default Credential Provider Chain" allowed TeamCity project administrators to access AWS resources normally limited to. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
4.9
EPSS
0.4%
CVE-2022-39900 MEDIUM This Month

Improper access control vulnerability in Nice Catch prior to SMR Dec-2022 Release 1 allows physical attackers to access contents of all toast generated in the application installed in Secure Folder. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
4.6
EPSS
0.1%
CVE-2022-46158 MEDIUM PATCH This Month

PrestaShop is an open-source e-commerce solution. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Prestashop
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-41949 MEDIUM PATCH This Month

DHIS 2 is an open source information system for data capture, management, validation, analytics and visualization. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Dhis 2
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-39899 MEDIUM This Month

Improper authentication vulnerability in Samsung WindowManagerService prior to SMR Dec-2022 Release 1 allows attacker to send the input event using S Pen gesture. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Samsung Android
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2022-39910 MEDIUM This Month

Improper access control vulnerability in Samsung Pass prior to version 4.0.06.7 allow physical attackers to access data of Samsung Pass on a certain state of an unlocked device using pop-up view. Rated medium severity (CVSS 4.2), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass Samsung Pass
NVD
CVSS 3.1
4.2
EPSS
0.3%
CVE-2022-46825 LOW Monitor

In JetBrains IntelliJ IDEA before 2022.3 the built-in web server leaked information about open projects. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Intellij Idea
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2022-4123 LOW Monitor

A flaw was found in Buildah. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Podman Fedora
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2022-41802 LOW Monitor

Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGetres. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Openharmony
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2022-39914 LOW Monitor

Exposure of Sensitive Information from an Unauthorized Actor vulnerability in Samsung DisplayManagerService prior to Android T(13) allows local attacker to access connected DLNA device information. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Samsung Google Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2022-39913 LOW Monitor

Exposure of Sensitive Information to an Unauthorized Actor in Persona Manager prior to Android T(13) allows local attacker to access user profiles information. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Google Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2022-39912 LOW Monitor

Improper handling of insufficient permissions vulnerability in setSecureFolderPolicy in PersonaManagerService prior to Android T(13) allows local attackers to set some setting value in Secure folder. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Google Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2022-39906 LOW Monitor

Improper access control vulnerability in SecTelephonyProvider prior to SMR Dec-2022 Release 1 allows attackers to access message information. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2022-39904 LOW Monitor

Exposure of Sensitive Information vulnerability in Samsung Settings prior to SMR Dec-2022 Release 1 allows local attackers to access the Network Access Identifier via log. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Samsung Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2022-39903 LOW Monitor

Improper access control vulnerability in RCS call prior to SMR Dec-2022 Release 1 allows local attackers to access RCS incoming call number. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2022-39898 LOW Monitor

Improper access control vulnerability in IIccPhoneBook prior to SMR Dec-2022 Release 1 allows attackers to access some information of usim. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2022-39896 LOW Monitor

Improper access control vulnerabilities in Contacts prior to SMR Dec-2022 Release 1 allows to access sensitive information via implicit intent. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2022-39895 LOW Monitor

Improper access control vulnerability in ContactListUtils in Phone prior to SMR Dec-2022 Release 1 allows to access contact group information via implicit intent. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2022-39894 LOW Monitor

Improper access control vulnerability in ContactListStartActivityHelper in Phone prior to SMR Dec-2022 Release 1 allows to access sensitive information via implicit intent. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy