Total
3320 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-36422 | 1 Wp-postratings Project | 1 Wp-postratings | 2023-12-10 | N/A | 3.1 LOW |
Rating increase/decrease via race condition in Lester 'GaMerZ' Chan WP-PostRatings plugin <= 1.89 at WordPress. | |||||
CVE-2022-41603 | 1 Huawei | 2 Emui, Harmonyos | 2023-12-10 | N/A | 3.4 LOW |
The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service. | |||||
CVE-2021-42948 | 1 Digitaldruid | 1 Hoteldruid | 2023-12-10 | N/A | 3.7 LOW |
HotelDruid Hotel Management Software v3.0.3 and below was discovered to have exposed session tokens in multiple links via GET parameters, allowing attackers to access user session id's. | |||||
CVE-2022-21535 | 1 Oracle | 1 Mysql Shell | 2023-12-10 | N/A | 2.5 LOW |
Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell: General/Core Client). Supported versions that are affected are 8.0.28 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Shell executes to compromise MySQL Shell. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Shell. CVSS 3.1 Base Score 2.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L). | |||||
CVE-2022-22326 | 1 Ibm | 5 Datapower Gateway, Mq Appliance M2001, Mq Appliance M2001 Firmware and 2 more | 2023-12-10 | N/A | 3.3 LOW |
IBM Datapower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.5, and 2018.4.1.0 through 2018.4.1.18 could allow unauthorized viewing of logs and files due to insufficient authorization checks. IBM X-Force ID: 218856. | |||||
CVE-2022-36868 | 1 Google | 1 Android | 2023-12-10 | N/A | 3.3 LOW |
Improper restriction of broadcasting Intent in MouseNKeyHidDevice prior to SMR Oct-2022 Release 1 leaks MAC address of the connected Bluetooth device. | |||||
CVE-2022-20342 | 1 Google | 1 Android | 2023-12-10 | N/A | 3.3 LOW |
In WiFi, there is a possible disclosure of WiFi password to the end user due to an insecure default value. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-143534321 | |||||
CVE-2022-39893 | 1 Samsung | 1 Galaxy Buds Pro Manage | 2023-12-10 | N/A | 3.3 LOW |
Sensitive information exposure vulnerability in FmmBaseModel in Galaxy Buds Pro Manage prior to version 4.1.22092751 allows local attackers with log access permission to get device identifier data through device log. | |||||
CVE-2022-35903 | 1 Bentley | 2 Microstation, View | 2023-12-10 | N/A | 3.3 LOW |
An issue was discovered in Bentley MicroStation before 10.17.0.x and Bentley View before 10.17.0.x. Using an affected version of MicroStation or MicroStation-based application to open a 3DS file containing crafted data can force an out-of-bounds read. Exploitation of these vulnerabilities within the parsing of 3DS files could enable an attacker to read information in the context of the current process. | |||||
CVE-2022-39872 | 1 Samsung | 1 Sharelive | 2023-12-10 | N/A | 3.3 LOW |
Improper restriction of broadcasting Intent in ShareLive prior to version 13.2.03.5 leaks MAC address of the connected Bluetooth device. | |||||
CVE-2022-20339 | 1 Google | 1 Android | 2023-12-10 | N/A | 3.3 LOW |
In Android, there is a possible access of network neighbor table information due to an insecure SEpolicy configuration. This could lead to local information disclosure of network topography with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-171572148 | |||||
CVE-2022-34845 | 1 Robustel | 2 R1510, R1510 Firmware | 2023-12-10 | N/A | 2.7 LOW |
A firmware update vulnerability exists in the sysupgrade functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network packet can lead to arbitrary firmware update. An attacker can send a sequence of requests to trigger this vulnerability. | |||||
CVE-2022-41593 | 1 Huawei | 2 Emui, Harmonyos | 2023-12-10 | N/A | 3.4 LOW |
The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service. | |||||
CVE-2022-39388 | 1 Istio | 1 Istio | 2023-12-10 | N/A | 3.5 LOW |
Istio is an open platform to connect, manage, and secure microservices. In versions on the 1.15.x branch prior to 1.15.3, a user can impersonate any workload identity within the service mesh if they have localhost access to the Istiod control plane. Version 1.15.3 contains a patch for this issue. There are no known workarounds. | |||||
CVE-2022-40199 | 1 Ec-cube | 1 Ec-cube | 2023-12-10 | N/A | 2.7 LOW |
Directory traversal vulnerability in EC-CUBE 3 series (EC-CUBE 3.0.0 to 3.0.18-p4 ) and EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.1.2) allows a remote authenticated attacker with an administrative privilege to obtain the product's directory structure information. | |||||
CVE-2022-31221 | 1 Dell | 50 Chengming 3900, Chengming 3900 Firmware, Inspiron 14 Plus 7420 and 47 more | 2023-12-10 | N/A | 2.3 LOW |
Dell BIOS versions contain an Information Exposure vulnerability. A local authenticated administrator user could potentially exploit this vulnerability in order access sensitive state information on the system. | |||||
CVE-2022-20310 | 1 Google | 1 Android | 2023-12-10 | N/A | 3.3 LOW |
In Telecomm, there is a possible disclosure of registered self managed phone accounts due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-192663798 | |||||
CVE-2022-33724 | 1 Google | 1 Android | 2023-12-10 | N/A | 3.3 LOW |
Exposure of Sensitive Information in Samsung Dialer application?prior to SMR Aug-2022 Release 1 allows local attackers to access ICCID via log. | |||||
CVE-2022-34771 | 1 Tabit | 1 Tabit | 2023-12-10 | N/A | 3.5 LOW |
Tabit - arbitrary SMS send on Tabits behalf. The resend OTP API of tabit allows an adversary to send messages on tabits behalf to anyone registered on the system - the API receives the parameters: phone number, and CustomMessage, We can use that API to craft malicious messages to any user of the system. In addition, the API probably has some kind of template injection potential. When entering {{OTP}} in the custom message field it is formatted into an OTP. | |||||
CVE-2022-39409 | 1 Oracle | 1 Transportation Management | 2023-12-10 | N/A | 2.7 LOW |
Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain (component: Business Process Automation). Supported versions that are affected are 6.4.3 and 6.5.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Transportation Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Transportation Management. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L). |