‼ CVE-2022-46140 ‼
📖 Read
via "National Vulnerability Database".
Affected devices use a weak encryption scheme to encrypt the debug zip file. This could allow an authenticated attacker to decrypt the contents of the file and retrieve debug information about the system.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20497 ‼
📖 Read
via "National Vulnerability Database".
In updatePublicMode of NotificationLockscreenUserManagerImpl.java, there is a possible way to reveal sensitive notifications on the lockscreen due to an incorrect state transition. This could lead to local information disclosure with physical access required and an app that runs above the lockscreen, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-246301979📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20496 ‼
📖 Read
via "National Vulnerability Database".
In setDataSource of initMediaExtractor.cpp, there is a possibility of arbitrary code execution due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-245242273📖 Read
via "National Vulnerability Database".
‼ CVE-2022-46143 ‼
📖 Read
via "National Vulnerability Database".
Affected devices do not check the TFTP blocksize correctly. This could allow an authenticated attacker to read from an uninitialized buffer that potentially contains previously allocated data.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41284 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in JT2Go (All versions), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains an out of bounds read vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-46051 ‼
📖 Read
via "National Vulnerability Database".
The approve parameter from the AeroCMS-v0.0.1 CMS system is vulnerable to SQL injection attacks.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-46144 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in SCALANCE SC622-2C (All versions < V2.3), SCALANCE SC622-2C (All versions >= 2.3 < V3.0), SCALANCE SC626-2C (All versions < V2.3), SCALANCE SC626-2C (All versions >= 2.3 < V3.0), SCALANCE SC632-2C (All versions < V2.3), SCALANCE SC632-2C (All versions >= 2.3 < V3.0), SCALANCE SC636-2C (All versions < V2.3), SCALANCE SC636-2C (All versions >= 2.3 < V3.0), SCALANCE SC642-2C (All versions < V2.3), SCALANCE SC642-2C (All versions >= 2.3 < V3.0), SCALANCE SC646-2C (All versions < V2.3), SCALANCE SC646-2C (All versions >= 2.3 < V3.0). Affected devices do not properly process CLI commands after a user forcefully quitted the SSH connection. This could allow an authenticated attacker to make the CLI via SSH or serial interface irresponsive.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20480 ‼
📖 Read
via "National Vulnerability Database".
In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-241764350📖 Read
via "National Vulnerability Database".
‼ CVE-2022-46346 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.264), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.170). The affected applications contain an out of bounds write past the end of an allocated structure while parsing specially crafted X_B files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19071)📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20491 ‼
📖 Read
via "National Vulnerability Database".
In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242703556📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20500 ‼
📖 Read
via "National Vulnerability Database".
In loadFromXml of ShortcutPackage.java, there is a possible crash on boot due to an uncaught exception. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-246540168📖 Read
via "National Vulnerability Database".
‼ CVE-2022-45936 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in Mendix Email Connector (All versions < V2.0.0). Affected versions of the module improperly handle access control for some module entities. This could allow authenticated remote attackers to read and manipulate sensitive information.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41281 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in JT2Go (All versions), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains an out of bounds read vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20488 ‼
📖 Read
via "National Vulnerability Database".
In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242703217📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41282 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in JT2Go (All versions), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains an out of bounds read vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-45693 ‼
📖 Read
via "National Vulnerability Database".
Jettison before v1.5.2 was discovered to contain a stack overflow via the map parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-46059 ‼
📖 Read
via "National Vulnerability Database".
AeroCMS v0.0.1 is vulnerable to Cross Site Request Forgery (CSRF).📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41279 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in JT2Go (All versions), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41285 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in JT2Go (All versions), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains a use-after-free vulnerability that could be triggered while parsing specially crafted CGM files. An attacker could leverage this vulnerability to execute code in the context of the current process.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-46142 ‼
📖 Read
via "National Vulnerability Database".
Affected devices store the CLI user passwords encrypted in flash memory. Attackers with physical access to the device could retrieve the file and decrypt the CLI user passwords.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-31696 ‼
📖 Read
via "National Vulnerability Database".
VMware ESXi contains a memory corruption vulnerability that exists in the way it handles a network socket. A malicious actor with local access to ESXi may exploit this issue to corrupt memory leading to an escape of the ESXi sandbox.📖 Read
via "National Vulnerability Database".