CVE Daily
← All years

Uncategorized 2022

Page 6/27.

CVEs without a recognized CWE (not present in the CWE map or marked as N/A).

CVSS ≥ 0.0
2022-09-21
Medium

CVE-2022-2795

By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution…

CVSS: 5.3CWE: N/A
Read more
2022-09-20
Critical

CVE-2022-32882

This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. An app may be able to bypass Privacy preferences.

CVSS: 9.8CWE: N/A
Read more
Low

CVE-2022-32872

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16, iOS 15.7 and iPadOS 15.7. A person with physical access to an iOS device may be able to access photos from the l…

CVSS: 2.4CWE: N/A
Read more
Medium

CVE-2022-32868

A logic issue was addressed with improved state management. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. A website may be able to track users through Safari web extensions.

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2022-32864

The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An app may be able to disclose kernel memory.

CVSS: 5.5CWE: N/A
Read more
Medium

CVE-2022-32861

A logic issue was addressed with improved state management. This issue is fixed in Safari 15.6, macOS Monterey 12.5. A user may be tracked through their IP address.

CVSS: 5.3CWE: N/A
Read more
Medium

CVE-2022-32854

This issue was addressed with improved checks. This issue is fixed in iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An app may be able to bypass Privacy preferences.

CVSS: 5.5CWE: N/A
Read more
Medium

CVE-2022-32795

This issue was addressed with improved checks. This issue is fixed in iOS 16, iOS 15.7 and iPadOS 15.7. Visiting a malicious website may lead to address bar spoofing.

CVSS: 4.3CWE: N/A
Read more
High

CVE-2022-28637

A local Denial of Service (DoS) and local arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability were discovered in HPE Integrate…

CVSS: 7.8CWE: N/A
Read more
High

CVE-2022-37877

A vulnerability in the ClearPass OnGuard macOS agent could allow malicious users on a macOS instance to elevate their user privileges. A successful exploit could allow these users to execute arbitrar…

CVSS: 7.8CWE: N/A
Read more
High

CVE-2022-37972

Microsoft Endpoint Configuration Manager Spoofing Vulnerability

CVSS: 7.5CWE: N/A
Read more
2022-09-19
High

CVE-2022-38532

Micro-Star International Co., Ltd MSI Center 1.0.50.0 was discovered to contain a vulnerability in the component C_Features of MSI.CentralServer.exe. This vulnerability allows attackers to escalate p…

CVSS: 7.8CWE: N/A
Read more
Critical

CVE-2022-40980

A potential unathenticated file deletion vulnerabilty on Trend Micro Mobile Security for Enterprise 9.8 SP5 could allow an attacker with access to the Management Server to delete files. This issue wa…

CVSS: 9.1CWE: N/A
Read more
High

CVE-2022-40141

A vulnerability in Trend Micro Apex One and Apex One as a Service could allow an attacker to intercept and decode certain communication strings that may contain some identification attributes of a pa…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2022-40139

Improper validation of some components used by the rollback mechanism in Trend Micro Apex One and Trend Micro Apex One as a Service clients could allow a Apex One server administrator to instruct aff…

CVSS: 7.2CWE: N/A
Read more
Critical

CVE-2022-40812

The d8s-pdfs for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.…

CVSS: 9.8CWE: N/A
Read more
Critical

CVE-2022-40810

The d8s-ip-addresses for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected versio…

CVSS: 9.8CWE: N/A
Read more
Critical

CVE-2022-40809

The d8s-dicts for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.…

CVSS: 9.8CWE: N/A
Read more
Critical

CVE-2022-40430

The d8s-utility for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is…

CVSS: 9.8CWE: N/A
Read more
Critical

CVE-2022-40429

The d8s-ip-addresses for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected versio…

CVSS: 9.8CWE: N/A
Read more
Critical

CVE-2022-40428

The d8s-mpeg for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1…

CVSS: 9.8CWE: N/A
Read more
Critical

CVE-2022-40426

The d8s-asns for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1…

CVSS: 9.8CWE: N/A
Read more
Critical

CVE-2022-40425

The d8s-html for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1…

CVSS: 9.8CWE: N/A
Read more
Critical

CVE-2022-40811

The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.…

CVSS: 9.8CWE: N/A
Read more
Critical

CVE-2022-40808

The d8s-dates for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.…

CVSS: 9.8CWE: N/A
Read more
Critical

CVE-2022-40807

The d8s-domains for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is…

CVSS: 9.8CWE: N/A
Read more
Critical

CVE-2022-40806

The d8s-uuids for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.…

CVSS: 9.8CWE: N/A
Read more
Critical

CVE-2022-40805

The d8s-urls for python 0.1.0, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the dem…

CVSS: 9.8CWE: N/A
Read more
Critical

CVE-2022-40427

The d8s-domains for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is…

CVSS: 9.8CWE: N/A
Read more
Critical

CVE-2022-40424

The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritu…

CVSS: 9.8CWE: N/A
Read more
Critical

CVE-2022-38880

The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The affected version is 0.1.0.

CVSS: 9.8CWE: N/A
Read more
High

CVE-2022-38341

Safe Software FME Server v2021.2.5 and below does not employ server-side validation.

CVSS: 7.1CWE: N/A
Read more
2022-09-16
High

CVE-2022-3217

When logging in to a VBASE runtime project via Web-Remote, the product uses XOR with a static initial key to obfuscate login messages. An unauthenticated remote attacker with the ability to capture a…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2022-38611

Incorrect access control in Watchdog Anti-Virus v1.4.158 allows attackers to perform a DLL hijacking attack and execute arbitrary code via a crafted binary.

CVSS: 7.8CWE: N/A
Read more
Critical

CVE-2022-38621

Doufox v0.0.4 was discovered to contain a remote code execution (RCE) vulnerability via the edit file page. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.

CVSS: 9.8CWE: N/A
Read more
High

CVE-2022-39010

The HwChrService module has a vulnerability in permission control. Successful exploitation of this vulnerability may cause disclosure of user network information.

CVSS: 7.5CWE: N/A
Read more
Critical

CVE-2022-39000

The iAware module has a vulnerability in managing malicious apps.Successful exploitation of this vulnerability will cause malicious apps to automatically start upon system startup.

CVSS: 9.8CWE: N/A
Read more
Critical

CVE-2022-38999

The AOD module has the improper update of reference count vulnerability. Successful exploitation of this vulnerability may affect data integrity, confidentiality, and availability.

CVSS: 9.8CWE: N/A
Read more
High

CVE-2022-38997

The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2022-38996

The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system availability.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2022-38995

The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system availability.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2022-38994

The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2022-38993

The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system availability.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2022-38992

The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2022-38991

The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2022-38990

The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system availability.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2022-38989

The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system availability.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2022-38988

The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2022-38987

The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system availability.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2022-38979

The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2022-38978

The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2021-46836

Implementation of the WLAN module interfaces has the information disclosure vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2021-40024

Implementation of the WLAN module interfaces has the information disclosure vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2021-40023

Configuration defects in the secure OS module. Successful exploitation of this vulnerability will affect confidentiality.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2022-40337

OASES (aka Open Aviation Strategic Engineering System) 8.8.0.2 allows attackers to execute arbitrary code via the Open Print Folder menu.

CVSS: 8.8CWE: N/A
Read more
High

CVE-2022-35195

TestLink 1.9.20 Raijin was discovered to contain a broken access control vulnerability at /lib/attachments/attachmentdownload.php

CVSS: 7.2CWE: N/A
Read more
High

CVE-2022-22091

Improper authorization of a replayed LTE security mode command can lead to a denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Ind…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2022-36534

Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x and below was discovered to contain multiple remote code execution (RCE) vulnerabilities via the Job_ExecuteBefore and Job_ExecuteAf…

CVSS: 8.8CWE: N/A
Read more
High

CVE-2022-36532

Bolt CMS contains a vulnerability in version 5.1.12 and below that allows an authenticated user with the ROLE_EDITOR privileges to upload and rename a malicious file to achieve remote code execution.

CVSS: 8.8CWE: N/A
Read more
2022-09-15
Critical

CVE-2022-37861

There is a remote code execution (RCE) vulnerability in Tenhot TWS-100 V4.0-201809201424 router device. It is necessary to know that the device account password is allowed to escape the execution sys…

CVSS: 9.8CWE: N/A
Read more
Medium

CVE-2022-40306

The login form /Login in ECi Printanista Hub (formerly FMAudit Printscout) before 5.5.2 (July 2023) performs expensive RSA key-generation operations, which allows attackers to cause a denial of servi…

CVSS: 5.9CWE: N/A
Read more
Medium

CVE-2022-38788

An issue was discovered in Nokia FastMile 5G Receiver 5G14-B 1.2104.00.0281. Bluetooth on the Nokia ODU uses outdated pairing mechanisms, allowing an attacker to passively intercept a paring handshak…

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2022-40736

An issue was discovered in Bento4 1.6.0-639. There ie excessive memory consumption in AP4_CttsAtom::Create in Core/Ap4CttsAtom.cpp.

CVSS: 6.5CWE: N/A
Read more
2022-09-14
Critical

CVE-2022-37661

SmartRG SR506n 2.5.15 and SR510n 2.6.13 routers are vulnerable to Remote Code Execution (RCE) via the ping host feature.

CVSS: 9.8CWE: N/A
Read more
2022-09-13
Medium

CVE-2022-38770

The mobile application in Transtek Mojodat FAM (Fixed Asset Management) 2.4.6 allows remote attackers to fetch other users' data upon a successful login request.

CVSS: 5.3CWE: N/A
Read more
High

CVE-2022-38769

The mobile application in Transtek Mojodat FAM (Fixed Asset Management) 2.4.6 allows remote attackers to fetch cleartext passwords upon a successful login request.

CVSS: 7.5CWE: N/A
Read more
Critical

CVE-2022-38768

The mobile application in Transtek Mojodat FAM (Fixed Asset Management) 2.4.6 allows remote attackers to bypass authorization.

CVSS: 9.8CWE: N/A
Read more
High

CVE-2022-37190

CuppaCMS 1.0 is vulnerable to Remote Code Execution (RCE). An authenticated user can control both parameters (action and function) from "/api/index.php.

CVSS: 8.8CWE: N/A
Read more
High

CVE-2022-34102

Insufficient access control vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a user can pause the uninstallation of an executable to gain a SYSTEM…

CVSS: 8.8CWE: N/A
Read more
High

CVE-2022-36768

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the invscout command to obtain root privileges. IBM X-Force ID: 232014.

CVSS: 7.8CWE: N/A
Read more
Medium

CVE-2022-35637

IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service after entering a malformed SQL statement into the Db2expln tool. IBM X-Force ID: 230823.

CVSS: 6.5CWE: N/A
Read more
High

CVE-2022-34356

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to obtain root privileges. IBM X-Force ID: 230502.

CVSS: 7.8CWE: N/A
Read more
Medium

CVE-2022-22329

IBM Control Desk 7.6.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting…

CVSS: 4.3CWE: N/A
Read more
Critical

CVE-2022-20391

Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238257000

CVSS: 9.8CWE: N/A
Read more
Critical

CVE-2022-20390

Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238257002

CVSS: 9.8CWE: N/A
Read more
Critical

CVE-2022-20389

Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238257004

CVSS: 9.8CWE: N/A
Read more
Critical

CVE-2022-20388

Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238227323

CVSS: 9.8CWE: N/A
Read more
Critical

CVE-2022-20387

Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238227324

CVSS: 9.8CWE: N/A
Read more
Critical

CVE-2022-20386

Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238227328

CVSS: 9.8CWE: N/A
Read more
High

CVE-2022-38020

Visual Studio Code Elevation of Privilege Vulnerability

CVSS: 7.3CWE: N/A
Read more
High

CVE-2022-38019

AV1 Video Extension Remote Code Execution Vulnerability

CVSS: 7.8CWE: N/A
Read more
High

CVE-2022-38013

.NET Core and Visual Studio Denial of Service Vulnerability

CVSS: 7.5CWE: N/A
Read more
High

CVE-2022-38012

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

CVSS: 7.7CWE: N/A
Read more
High

CVE-2022-38011

Raw Image Extension Remote Code Execution Vulnerability

CVSS: 7.3CWE: N/A
Read more
High

CVE-2022-38010

Microsoft Office Visio Remote Code Execution Vulnerability

CVSS: 7.8CWE: N/A
Read more
High

CVE-2022-38009

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 8.8CWE: N/A
Read more
High

CVE-2022-38008

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 8.8CWE: N/A
Read more
High

CVE-2022-38007

Azure Guest Configuration and Azure Arc-enabled servers Elevation of Privilege Vulnerability

CVSS: 7.8CWE: N/A
Read more
Medium

CVE-2022-38006

Windows Graphics Component Information Disclosure Vulnerability

CVSS: 6.5CWE: N/A
Read more
High

CVE-2022-38005

Windows Print Spooler Elevation of Privilege Vulnerability

CVSS: 7.8CWE: N/A
Read more
High

CVE-2022-38004

Windows Fax Service Remote Code Execution Vulnerability

CVSS: 7.8CWE: N/A
Read more
High

CVE-2022-37964

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.8CWE: N/A
Read more
High

CVE-2022-37963

Microsoft Office Visio Remote Code Execution Vulnerability

CVSS: 7.8CWE: N/A
Read more
High

CVE-2022-37962

Microsoft PowerPoint Remote Code Execution Vulnerability

CVSS: 7.8CWE: N/A
Read more
High

CVE-2022-37961

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 8.8CWE: N/A
Read more
Medium

CVE-2022-37959

Network Device Enrollment Service (NDES) Security Feature Bypass Vulnerability

CVSS: 6.5CWE: N/A
Read more
High

CVE-2022-37958

SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability

CVSS: 8.1CWE: N/A
Read more
High

CVE-2022-37957

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.8CWE: N/A
Read more
High

CVE-2022-37956

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.8CWE: N/A
Read more
High

CVE-2022-37955

Windows Group Policy Elevation of Privilege Vulnerability

CVSS: 7.8CWE: N/A
Read more
High

CVE-2022-37954

DirectX Graphics Kernel Elevation of Privilege Vulnerability

CVSS: 7.8CWE: N/A
Read more
High

CVE-2022-35841

Windows Enterprise App Management Service Remote Code Execution Vulnerability

CVSS: 8.8CWE: N/A
Read more
High

CVE-2022-35840

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVSS: 8.8CWE: N/A
Read more
High

CVE-2022-35838

HTTP V3 Denial of Service Vulnerability

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2022-35837

Windows Graphics Component Information Disclosure Vulnerability

CVSS: 6.5CWE: N/A
Read more
High

CVE-2022-35836

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVSS: 8.8CWE: N/A
Read more
High

CVE-2022-35835

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVSS: 8.8CWE: N/A
Read more
High

CVE-2022-35834

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVSS: 8.8CWE: N/A
Read more
High

CVE-2022-35833

Windows Secure Channel Denial of Service Vulnerability

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2022-35832

Windows Event Tracing Denial of Service Vulnerability

CVSS: 5.5CWE: N/A
Read more
High

CVE-2022-35830

Remote Procedure Call Runtime Remote Code Execution Vulnerability

CVSS: 8.1CWE: N/A
Read more
High

CVE-2022-35828

Microsoft Defender for Endpoint for Mac Elevation of Privilege Vulnerability

CVSS: 7.8CWE: N/A
Read more
High

CVE-2022-35823

Microsoft SharePoint Remote Code Execution Vulnerability

CVSS: 8.8CWE: N/A
Read more
High

CVE-2022-35805

Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerability

CVSS: 8.8CWE: N/A
Read more
High

CVE-2022-35803

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVSS: 7.8CWE: N/A
Read more
High

CVE-2022-34734

Microsoft ODBC Driver Remote Code Execution Vulnerability

CVSS: 8.8CWE: N/A
Read more
High

CVE-2022-34733

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVSS: 8.8CWE: N/A
Read more
High

CVE-2022-34732

Microsoft ODBC Driver Remote Code Execution Vulnerability

CVSS: 8.8CWE: N/A
Read more
High

CVE-2022-34731

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVSS: 8.8CWE: N/A
Read more
High

CVE-2022-34730

Microsoft ODBC Driver Remote Code Execution Vulnerability

CVSS: 8.8CWE: N/A
Read more
>