Skip to main content
CVE-2022-20557 MEDIUM PATCH This Month

In MessageQueueBase of MessageQueueBase.h, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Google Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2022-20554 MEDIUM PATCH This Month

In removeEventHubDevice of InputDevice.cpp, there is a possible OOB read due to a use after free. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Privilege Escalation Denial Of Service Google Use After Free Memory Corruption +1
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2022-20549 MEDIUM PATCH This Month

In authToken2AidlVec of KeyMintUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Google Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-20546 MEDIUM PATCH This Month

In getCurrentConfigImpl of Effect.cpp, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Google Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-20539 MEDIUM PATCH This Month

In parameterToHal of Effect.cpp, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Google Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-20514 MEDIUM PATCH This Month

In acquireFabricatedOverlayIterator, nextFabricatedOverlayInfos, and releaseFabricatedOverlayIterator of Idmap2Service.cpp, there is a possible out of bounds write due to a use after free. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Privilege Escalation Denial Of Service Google Buffer Overflow Use After Free +2
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2022-20509 MEDIUM PATCH This Month

In mapGrantorDescr of MessageQueueBase.h, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Google Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2022-20505 MEDIUM PATCH This Month

In openFile of CallLogProvider.java, there is a possible permission bypass due to a path traversal error. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Path Traversal Google Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-20504 MEDIUM PATCH This Month

In multiple locations of DreamManagerService.java, there is a missing permission check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Google Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2022-4555 MEDIUM This Month

The WP Shamsi plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the deactivate() function hooked via init() in versions up to, and including, 4.1.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Wp Shamsi
NVD VulDB
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-41972 MEDIUM PATCH This Month

Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Contiki Ng
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2022-42343 MEDIUM This Month

Adobe Campaign version 7.3.1 (and earlier) and 8.3.9 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Adobe Campaign
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2022-20553 MEDIUM PATCH This Month

In onCreate of LogAccessDialogActivity.java, there is a possible way to bypass a permission check due to a tapjacking/overlay attack. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Google Privilege Escalation XSS Android
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2022-20567 MEDIUM PATCH This Month

In pppol2tp_create of l2tp_ppp.c, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.4).

Race Condition Google Privilege Escalation Denial Of Service Android
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2022-46670 MEDIUM This Month

Rockwell Automation was made aware of a vulnerability by a security researcher from Georgia Institute of Technology that the MicroLogix 1100 and 1400 controllers contain a vulnerability that may give. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Rockwell XSS Micrologix 1400 Firmware Micrologix 1100 Firmware +3
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-4561 MEDIUM PATCH This Month

A vulnerability classified as problematic has been found in SemanticDrilldown Extension. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP XSS Semantic Drilldown
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-4560 MEDIUM PATCH This Month

A vulnerability was found in Joget up to 7.0.31. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Java XSS Joget Dx
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-4559 MEDIUM PATCH This Month

A vulnerability was found in INEX IPX-Manager up to 6.2.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP XSS Ixp Manager
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-4558 MEDIUM PATCH This Month

A vulnerability was found in Alinto SOGo up to 5.7.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Sogo
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-4556 MEDIUM PATCH This Month

A vulnerability was found in Alinto SOGo up to 5.7.1 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Sogo
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-36223 MEDIUM This Month

In Emby Server 4.6.7.0, the playlist name field is vulnerable to XSS stored where it is possible to steal the administrator access token and flip or steal the media server administrator account. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Emby
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-26579 MEDIUM This Month

PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allow a root privileged attacker to install unsigned packages. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Paydroid
NVD GitHub
CVSS 3.1
6.0
EPSS
0.2%
CVE-2022-4326 MEDIUM This Month

Improper preservation of permissions vulnerability in Trellix Endpoint Agent (xAgent) prior to V35.31.22 on Windows allows a local user with administrator privileges to bypass the product protection. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Endpoint Security
NVD
CVSS 3.1
6.0
EPSS
0.2%
CVE-2022-41964 MEDIUM PATCH This Month

BigBlueButton is an open source web conferencing system. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Bigbluebutton
NVD GitHub
CVSS 3.1
5.7
EPSS
0.6%
CVE-2022-44502 MEDIUM PATCH This Month

Adobe Illustrator versions 26.5.1 (and earlier), and 27.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Adobe Buffer Overflow Illustrator
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2022-44500 MEDIUM PATCH This Month

Adobe Illustrator versions 26.5.1 (and earlier), and 27.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Adobe Buffer Overflow Illustrator
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2022-44499 MEDIUM PATCH This Month

Adobe Illustrator versions 26.5.1 (and earlier), and 27.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Adobe Buffer Overflow Illustrator
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2022-44498 MEDIUM PATCH This Month

Adobe Illustrator versions 26.5.1 (and earlier), and 27.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Adobe Buffer Overflow Illustrator
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2022-42535 MEDIUM PATCH This Month

In a query in MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure SQLi Google Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-20609 MEDIUM This Month

In Pixel cellular firmware, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Google Buffer Overflow Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20608 MEDIUM This Month

In Pixel cellular firmware, there is a possible out of bounds read due to an incorrect bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Google Buffer Overflow Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20604 MEDIUM This Month

In SAECOMM_SetDcnIdForPlmn of SAECOMM_DbManagement.c, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Google Buffer Overflow Android
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-20592 MEDIUM This Month

In ppmp_validate_secbuf of drm_fw.c, there is a possible information disclosure due to improper input validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Google Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-20591 MEDIUM This Month

In ppmpu_set of ppmpu.c, there is a possible information disclosure due to a logic error in the code. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Google Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-20590 MEDIUM This Month

In valid_va_sec_mfc_check of drm_access_control.c, there is a possible information disclosure due to improper input validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Google Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-20575 MEDIUM This Month

In read_ppmpu_info of drm_fw.c, there is a possible out of bounds read due to an incorrect bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Google Buffer Overflow Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-20574 MEDIUM This Month

In sec_sysmmu_info of drm_fw.c, there is a possible out of bounds read due to improper input validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Google Buffer Overflow Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-20570 MEDIUM This Month

Product: AndroidVersions: Android kernelAndroid ID: A-230660904References: N/A. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Buffer Overflow Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-20552 MEDIUM PATCH This Month

In btif_a2dp_sink_command_ready of btif_a2dp_sink.cc, there is a possible out of bounds read due to a use after free. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Google Buffer Overflow Information Disclosure Use After Free +2
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20538 MEDIUM PATCH This Month

In getSmsRoleHolder of RoleService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Google Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20531 MEDIUM This Month

In Telecom, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20527 MEDIUM This Month

In HalCoreCallback of halcore.cc, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Google Buffer Overflow Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20523 MEDIUM PATCH This Month

In IncFs_GetFilledRangesStartingFrom of incfs.cpp, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Google Buffer Overflow Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-20518 MEDIUM PATCH This Month

In query of MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure SQLi Google Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-20517 MEDIUM PATCH This Month

In getMessagesByPhoneNumber of MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure SQLi Google Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-20515 MEDIUM PATCH This Month

In onPreferenceClick of AccountTypePreferenceLoader.java, there is a possible way to retrieve protected files from the Settings app due to a confused deputy. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Google Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-20511 MEDIUM PATCH This Month

In getNearbyAppStreamingPolicy of DevicePolicyManagerService.java, there is a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Information Disclosure Authentication Bypass Google Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-20510 MEDIUM PATCH This Month

In getNearbyNotificationStreamingPolicy of DevicePolicyManagerService.java, there is a possible way to learn about the notification streaming policy of other users due to a permissions bypass. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Information Disclosure Authentication Bypass Google Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20199 MEDIUM PATCH This Month

In multiple locations of NfcService.java, there is a possible disclosure of NFC tags due to a confused deputy. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Google Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-44473 MEDIUM This Month

Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Experience Manager Experience Manager Cloud Service
NVD
CVSS 3.1
5.4
EPSS
0.7%
Prev Page 3 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy