‼ CVE-2022-41174 ‼
📖 Read
via "National Vulnerability Database".
Due to lack of proper memory management, when a victim opens manipulated Right Hemisphere Material (.rhm, rh.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20431 ‼
📖 Read
via "National Vulnerability Database".
There is an missing authorization issue in the system service. Since the component does not have permission check , resulting in Local Elevation of privilege.Product: AndroidVersions: Android SoCAndroid ID: A-242221238📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20409 ‼
📖 Read
via "National Vulnerability Database".
In io_identity_cow of io_uring.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238177383References: Upstream kernel📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20421 ‼
📖 Read
via "National Vulnerability Database".
In binder_inc_ref_for_node of binder.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239630375References: Upstream kernel📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20412 ‼
📖 Read
via "National Vulnerability Database".
In fdt_next_tag of fdt.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-230794395📖 Read
via "National Vulnerability Database".
‼ CVE-2022-39803 ‼
📖 Read
via "National Vulnerability Database".
Due to lack of proper memory management, when a victim opens a manipulated ACIS Part and Assembly (.sat, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41182 ‼
📖 Read
via "National Vulnerability Database".
Due to lack of proper memory management, when a victim opens manipulated Parasolid Part and Assembly (.x_b, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41178 ‼
📖 Read
via "National Vulnerability Database".
Due to lack of proper memory management, when a victim opens manipulated Iges Part and Assembly (.igs, .iges, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41191 ‼
📖 Read
via "National Vulnerability Database".
Due to lack of proper memory management, when a victim opens a manipulated Jupiter Tesselation (.jt, JTReader.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20432 ‼
📖 Read
via "National Vulnerability Database".
There is an missing authorization issue in the system service. Since the component does not have permission check and permission protection,, resulting in Local Elevation of privilege.Product: AndroidVersions: Android SoCAndroid ID: A-242221899📖 Read
via "National Vulnerability Database".
‼ CVE-2022-38086 ‼
📖 Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Shortcodes Ultimate plugin <= 5.12.0 at WordPress leading to plugin preset settings change.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-39804 ‼
📖 Read
via "National Vulnerability Database".
Due to lack of proper memory management, when a victim opens a manipulated SolidWorks Part (.sldprt, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-0696 ‼
📖 Read
via "National Vulnerability Database".
In dllist_remove_node of TBD, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-242344778📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41404 ‼
📖 Read
via "National Vulnerability Database".
An issue in the fetch() method in the BasicProfile class of org.ini4j before v0.5.4 allows attackers to cause a Denial of Service (DoS) via unspecified vectors.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41385 ‼
📖 Read
via "National Vulnerability Database".
The d8s-html package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42041 ‼
📖 Read
via "National Vulnerability Database".
The d8s-file-system package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hashes package. The affected version is 0.1.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42036 ‼
📖 Read
via "National Vulnerability Database".
The d8s-urls package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42042 ‼
📖 Read
via "National Vulnerability Database".
The d8s-networking package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hashes package. The affected version is 0.1.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41384 ‼
📖 Read
via "National Vulnerability Database".
The d8s-domains package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42038 ‼
📖 Read
via "National Vulnerability Database".
The d8s-ip-addresses package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42037 ‼
📖 Read
via "National Vulnerability Database".
The d8s-asns package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0.📖 Read
via "National Vulnerability Database".