Uncategorized CVEs — 2022 (Page 5/27)

CVEs without a recognized CWE (not present in the CWE map or marked as N/A).

CVSS ≥ 0.0

2022-10-11

High

CVE-2022-20420

In getBackgroundRestrictionExemptionReason of AppRestrictionController.java, there is a possible way to bypass device policy restrictions due to a logic error in the code. This could lead to local es…

CVSS: 7.8CWE: N/A

High

CVE-2022-20419

In setOptions of ActivityRecord.java, there is a possible load any arbitrary Java code into launcher process due to a logic error in the code. This could lead to local escalation of privilege with no…

CVSS: 7.8CWE: N/A

High

CVE-2022-20415

In handleFullScreenIntent of StatusBarNotificationActivityStarter.java, there is a possible bypass of the restriction of starting activity from background due to a logic error in the code. This could…

CVSS: 7.8CWE: N/A

Medium

CVE-2022-20413

In start of Threads.cpp, there is a possible way to record audio during a phone call due to a logic error in the code. This could lead to local information disclosure with User execution privileges n…

CVSS: 5.5CWE: N/A

Critical

CVE-2020-14131

The Xiaomi Security Center expresses heartfelt thanks to ADLab of VenusTech ! At the same time, we also welcome more outstanding and professional security experts and security teams to join the Mi Se…

CVSS: 9.8CWE: N/A

Critical

CVE-2020-14129

A logic vulnerability exists in a Xiaomi product. The vulnerability is caused by an identity verification failure, which can be exploited by an attacker who can obtain a brief elevation of privilege.

CVSS: 9.8CWE: N/A

High

CVE-2022-41083

Visual Studio Code Elevation of Privilege Vulnerability

CVSS: 7.8CWE: N/A

High

CVE-2022-41081

Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability

CVSS: 8.1CWE: N/A

Low

CVE-2022-41043

Microsoft Office Information Disclosure Vulnerability

CVSS: 3.3CWE: N/A

High

CVE-2022-41042

Visual Studio Code Information Disclosure Vulnerability

CVSS: 7.4CWE: N/A

High

CVE-2022-41038

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 8.8CWE: N/A

High

CVE-2022-41037

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 8.8CWE: N/A

High

CVE-2022-41036

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 8.8CWE: N/A

High

CVE-2022-41034

Visual Studio Code Remote Code Execution Vulnerability

CVSS: 7.8CWE: N/A

High

CVE-2022-41031

Microsoft Word Remote Code Execution Vulnerability

CVSS: 7.8CWE: N/A

High

CVE-2022-38053

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 8.8CWE: N/A

High

CVE-2022-38051

Windows Graphics Component Elevation of Privilege Vulnerability

CVSS: 7.8CWE: N/A

High

CVE-2022-38050

Win32k Elevation of Privilege Vulnerability

CVSS: 7.8CWE: N/A

High

CVE-2022-38049

Microsoft Office Graphics Remote Code Execution Vulnerability

CVSS: 7.8CWE: N/A

High

CVE-2022-38048

Microsoft Office Remote Code Execution Vulnerability

CVSS: 7.8CWE: N/A

High

CVE-2022-38046

Web Account Manager Information Disclosure Vulnerability

CVSS: 7.5CWE: N/A

High

CVE-2022-38045

Windows Server Service Elevation of Privilege Vulnerability

CVSS: 8.8CWE: N/A

High

CVE-2022-38044

Windows CD-ROM File System Driver Remote Code Execution Vulnerability

CVSS: 7.8CWE: N/A

Medium

CVE-2022-38043

Windows Security Support Provider Interface Information Disclosure Vulnerability

CVSS: 5.5CWE: N/A

High

CVE-2022-38042

Active Directory Domain Services Elevation of Privilege Vulnerability

CVSS: 7.1CWE: N/A

High

CVE-2022-38041

Windows Secure Channel Denial of Service Vulnerability

CVSS: 7.5CWE: N/A

High

CVE-2022-38040

Microsoft ODBC Driver Remote Code Execution Vulnerability

CVSS: 8.8CWE: N/A

High

CVE-2022-38039

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.8CWE: N/A

High

CVE-2022-38038

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.8CWE: N/A

High

CVE-2022-38037

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.8CWE: N/A

High

CVE-2022-38036

Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability

CVSS: 7.5CWE: N/A

High

CVE-2022-38034

Windows Workstation Service Elevation of Privilege Vulnerability

CVSS: 8.8CWE: N/A

Medium

CVE-2022-38033

Windows Server Remotely Accessible Registry Keys Information Disclosure Vulnerability

CVSS: 6.5CWE: N/A

Medium

CVE-2022-38032

Windows Portable Device Enumerator Service Security Feature Bypass Vulnerability

CVSS: 6.6CWE: N/A

High

CVE-2022-38031

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVSS: 8.8CWE: N/A

Medium

CVE-2022-38030

Windows USB Serial Driver Information Disclosure Vulnerability

CVSS: 4.3CWE: N/A

High

CVE-2022-38028

Windows Print Spooler Elevation of Privilege Vulnerability

CVSS: 7.8CWE: N/A

Medium

CVE-2022-38026

Windows DHCP Client Information Disclosure Vulnerability

CVSS: 5.5CWE: N/A

Medium

CVE-2022-38025

Windows Distributed File System (DFS) Information Disclosure Vulnerability

CVSS: 5.5CWE: N/A

Low

CVE-2022-38022

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 3.3CWE: N/A

Medium

CVE-2022-38017

StorSimple 8000 Series Elevation of Privilege Vulnerability

CVSS: 6.8CWE: N/A

High

CVE-2022-38016

Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability

CVSS: 8.8CWE: N/A

High

CVE-2022-38003

Windows Resilient File System Elevation of Privilege

CVSS: 7.8CWE: N/A

Medium

CVE-2022-38001

Microsoft Office Spoofing Vulnerability

CVSS: 6.5CWE: N/A

High

CVE-2022-37999

Windows Group Policy Preference Client Elevation of Privilege Vulnerability

CVSS: 7.8CWE: N/A

High

CVE-2022-37998

Windows Local Session Manager (LSM) Denial of Service Vulnerability

CVSS: 7.7CWE: N/A

High

CVE-2022-37997

Windows Graphics Component Elevation of Privilege Vulnerability

CVSS: 7.8CWE: N/A

Medium

CVE-2022-37996

Windows Kernel Memory Information Disclosure Vulnerability

CVSS: 5.5CWE: N/A

High

CVE-2022-37995

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.8CWE: N/A

High

CVE-2022-37994

Windows Group Policy Preference Client Elevation of Privilege Vulnerability

CVSS: 7.8CWE: N/A

High

CVE-2022-37993

Windows Group Policy Preference Client Elevation of Privilege Vulnerability

CVSS: 7.8CWE: N/A

High

CVE-2022-37991

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.8CWE: N/A

High

CVE-2022-37990

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.8CWE: N/A

High

CVE-2022-37989

Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability

CVSS: 7.8CWE: N/A

High

CVE-2022-37988

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.8CWE: N/A

High

CVE-2022-37987

Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability

CVSS: 7.8CWE: N/A

High

CVE-2022-37986

Windows Win32k Elevation of Privilege Vulnerability

CVSS: 7.8CWE: N/A

Medium

CVE-2022-37985

Windows Graphics Component Information Disclosure Vulnerability

CVSS: 5.5CWE: N/A

High

CVE-2022-37984

Windows WLAN Service Elevation of Privilege Vulnerability

CVSS: 7.8CWE: N/A

High

CVE-2022-37983

Microsoft DWM Core Library Elevation of Privilege Vulnerability

CVSS: 7.8CWE: N/A

High

CVE-2022-37982

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVSS: 8.8CWE: N/A

Medium

CVE-2022-37981

Windows Event Logging Service Denial of Service Vulnerability

CVSS: 4.3CWE: N/A

High

CVE-2022-37980

Windows DHCP Client Elevation of Privilege Vulnerability

CVSS: 7.8CWE: N/A

High

CVE-2022-37979

Windows Hyper-V Elevation of Privilege Vulnerability

CVSS: 7.8CWE: N/A

High

CVE-2022-37978

Windows Active Directory Certificate Services Security Feature Bypass

CVSS: 7.5CWE: N/A

Medium

CVE-2022-37977

Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability

CVSS: 6.5CWE: N/A

High

CVE-2022-37976

Active Directory Certificate Services Elevation of Privilege Vulnerability

CVSS: 8.8CWE: N/A

High

CVE-2022-37975

Windows Group Policy Elevation of Privilege Vulnerability

CVSS: 8.8CWE: N/A

Medium

CVE-2022-37974

Windows Mixed Reality Developer Tools Information Disclosure Vulnerability

CVSS: 6.5CWE: N/A

High

CVE-2022-37973

Windows Local Session Manager (LSM) Denial of Service Vulnerability

CVSS: 7.7CWE: N/A

High

CVE-2022-37971

Microsoft Windows Defender Elevation of Privilege Vulnerability

CVSS: 7.1CWE: N/A

High

CVE-2022-37970

Windows DWM Core Library Elevation of Privilege Vulnerability

CVSS: 7.8CWE: N/A

Critical

CVE-2022-37968

Microsoft has identified a vulnerability affecting the cluster connect feature of Azure Arc-enabled Kubernetes clusters. This vulnerability could allow an unauthenticated user to elevate their privil…

CVSS: 10.0CWE: N/A

Medium

CVE-2022-37965

Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability

CVSS: 5.9CWE: N/A

Medium

CVE-2022-35829

Service Fabric Explorer Spoofing Vulnerability

CVSS: 6.2CWE: N/A

High

CVE-2022-33645

Windows TCP/IP Driver Denial of Service Vulnerability

CVSS: 7.5CWE: N/A

High

CVE-2022-33635

Windows GDI+ Remote Code Execution Vulnerability

CVSS: 7.8CWE: N/A

2022-10-07

Critical

CVE-2022-42075

Wedding Planner v1.0 is vulnerable to arbitrary code execution.

CVSS: 9.8CWE: N/A

Medium

CVE-2022-37895

An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the…

CVSS: 4.9CWE: N/A

Medium

CVE-2022-37894

CVSS: 6.5CWE: N/A

Medium

CVE-2022-36772

IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information that should only be available to a privileged user.

CVSS: 6.5CWE: N/A

Medium

CVE-2022-30613

IBM QRadar SIEM 7.4 and 7.5 could disclose sensitive information via a local service to a privileged user. IBM X-Force ID: 227366.

CVSS: 5.5CWE: N/A

High

CVE-2022-22480

IBM QRadar SIEM 7.4 and 7.5 data node rebalancing does not function correctly when using encrypted hosts which could result in information disclosure. IBM X-Force ID: 225889.

CVSS: 7.5CWE: N/A

2022-10-06

Critical

CVE-2022-42457

Generex CS141 through 2.10 allows remote command execution by administrators via a web interface that reaches run_update in /usr/bin/gxserve-update.sh (e.g., command execution can occur via a reverse…

CVSS: 9.1CWE: N/A

Medium

CVE-2022-36774

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to man in the middle attacks through manipulation of the client proxy configuration. IBM X-Force ID: 233575.

CVSS: 5.3CWE: N/A

2022-10-03

Critical

CVE-2022-33882

Under certain conditions, an attacker could create an unintended sphere of control through a vulnerability present in file delete operation in Autodesk desktop app (ADA). An attacker could leverage t…

CVSS: 9.8CWE: N/A

Medium

CVE-2022-42300

An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server nbars process can be crashed resulting in a denial of service. (Note: the watc…

CVSS: 4.3CWE: N/A

Medium

CVE-2022-42299

An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to a denial of service attack through the DiscoveryService servi…

CVSS: 5.3CWE: N/A

Medium

CVE-2022-41425

Bento4 v1.6.0-639 was discovered to contain a segmentation violation via the AP4_Processor::ProcessFragments function in mp4decrypt.

CVSS: 6.5CWE: N/A

Medium

CVE-2022-41423

Bento4 v1.6.0-639 was discovered to contain a segmentation violation in the mp4fragment component.

CVSS: 6.5CWE: N/A

Medium

CVE-2022-40922

A vulnerability in the LIEF::MachO::BinaryParser::init_and_parse function of LIEF v0.12.1 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted MachO file.

CVSS: 6.5CWE: N/A

2022-09-30

High

CVE-2022-20848

A vulnerability in the UDP processing functionality of Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst 9100 Series Access Points could allow an unauthenticated, remote attacker to…

CVSS: 8.6CWE: CWE-399

High

CVE-2022-20847

A vulnerability in the DHCP processing functionality of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an unauthenticated, remote attacker to cause a denial of ser…

CVSS: 8.6CWE: CWE-399

Critical

CVE-2022-2778

In affected versions of Octopus Deploy it is possible to bypass rate limiting on login using null bytes.

CVSS: 9.8CWE: N/A

2022-09-29

Medium

CVE-2021-45789

An arbitrary file read vulnerability was found in Metersphere v1.15.4, where authenticated users can read any file on the server via the file download function.

CVSS: 6.5CWE: N/A

Medium

CVE-2021-43403

An issue was discovered in FusionPBX before 4.5.30. The log_viewer.php Log View page allows an authenticated user to choose an arbitrary filename for download (i.e., not necessarily freeswitch.log in…

CVSS: 6.5CWE: N/A

Medium

CVE-2021-42049

An issue was discovered in the Translate extension in MediaWiki through 1.36.2. Oversighters cannot undo revisions or oversight on pages where they suppressed information (such as PII). This allows o…

CVSS: 6.5CWE: N/A

Medium

CVE-2021-40695

It was possible for a student to view their quiz grade before it had been released, using a quiz web service.

CVSS: 4.3CWE: N/A

Medium

CVE-2021-40691

A session hijack risk was identified in the Shibboleth authentication plugin.

CVSS: 4.3CWE: N/A

Medium

CVE-2020-15334

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows escape-sequence injection into the /var/log/axxmpp.log file.

CVSS: 5.3CWE: N/A

Medium

CVE-2012-4818

IBM InfoSphere Information Server 8.1, 8.5, and 8,7 could allow a remote authenticated attacker to obtain sensitive information, caused by improper restrictions on directories. An attacker could expl…

CVSS: 6.5CWE: N/A

High

CVE-2012-2201

IBM WebSphere MQ 7.1 is vulnerable to a denial of service, caused by an error when handling user ids. A remote attacker could exploit this vulnerability to bypass the security configuration setup on…

CVSS: 7.5CWE: N/A

Medium

CVE-2011-4820

IBM Rational Asset Manager 7.5 could allow a remote attacker to bypass security restrictions. An attacker could exploit this vulnerability using the UID parameter to modify another user's preferences.

CVSS: 4.3CWE: N/A

2022-09-27

Critical

CVE-2022-41571

An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Local file inclusion can occur.

CVSS: 9.8CWE: N/A

2022-09-26

Medium

CVE-2022-3054

Insufficient policy enforcement in DevTools in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 6.5CWE: N/A

Medium

CVE-2022-3053

Inappropriate implementation in Pointer Lock in Google Chrome on Mac prior to 105.0.5195.52 allowed a remote attacker to restrict user navigation via a crafted HTML page.

CVSS: 4.3CWE: N/A

Medium

CVE-2022-2860

Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to bypass cookie prefix restrictions via a crafted HTML page.

CVSS: 6.5CWE: N/A

High

CVE-2021-28052

A tenant administrator Hitachi Content Platform (HCP) may modify the configuration in another tenant without authorization, potentially allowing unauthorized access to data in the other tenant. Also,…

CVSS: 7.5CWE: CWE-264

Critical

CVE-2022-28721

Certain HP Print Products are potentially vulnerable to Remote Code Execution.

CVSS: 9.8CWE: N/A

High

CVE-2022-41347

An issue was discovered in Zimbra Collaboration (ZCS) 8.8.x and 9.x (e.g., 8.8.15). The Sudo configuration permits the zimbra user to execute the NGINX binary as root with arbitrary parameters. As pa…

CVSS: 7.8CWE: N/A

2022-09-23

Medium

CVE-2022-32832

The issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Cat…

CVSS: 6.7CWE: N/A

Medium

CVE-2022-32828

The issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, tvOS 15.6, macOS Monterey 12.5. An app may be able to disclose kernel memory.

CVSS: 5.5CWE: N/A

High

CVE-2022-32807

This issue was addressed with improved file handling. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. An app may be able to overwrite arbitrary fi…

CVSS: 7.1CWE: N/A

High

CVE-2022-36338

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM callout vulnerability in the SMM driver FwBlockServiceSmm, creating SMM, leads to arbitrary code execution. An attacker…

CVSS: 8.2CWE: N/A

Medium

CVE-2022-38134

Authenticated (subscriber+) Broken Access Control vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPress.

CVSS: 4.3CWE: CWE-264

Medium

CVE-2022-35238

Unauthenticated Plugin Settings Change vulnerability in Awesome Filterable Portfolio plugin <= 1.9.7 at WordPress.

CVSS: 6.5CWE: CWE-264

Critical

CVE-2022-23144

There is a broken access control vulnerability in ZTE ZXvSTB product. Due to improper permission control, attackers could use this vulnerability to delete the default application type, which affects…

CVSS: 9.1CWE: N/A

Medium

CVE-2022-3144

The Wordfence Security – Firewall & Malware Scan plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 7.6.0 via a setting on the options page due to insuf…

CVSS: 4.4CWE: N/A

2022-09-21

Low

CVE-2022-31679

Applications that allow HTTP PATCH access to resources exposed by Spring Data REST in versions 3.6.0 - 3.5.5, 3.7.0 - 3.7.2, and older unsupported versions, if an attacker knows about the structure o…

CVSS: 3.7CWE: N/A

Critical

CVE-2022-37026

In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before 25.0.2, there is a Client Authentication Bypass in certain client-certification situations for SSL, TLS, and DTLS.

CVSS: 9.8CWE: N/A