‼ CVE-2022-20491 ‼
📖 Read
via "National Vulnerability Database".
In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242703556📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20500 ‼
📖 Read
via "National Vulnerability Database".
In loadFromXml of ShortcutPackage.java, there is a possible crash on boot due to an uncaught exception. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-246540168📖 Read
via "National Vulnerability Database".
‼ CVE-2022-45936 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in Mendix Email Connector (All versions < V2.0.0). Affected versions of the module improperly handle access control for some module entities. This could allow authenticated remote attackers to read and manipulate sensitive information.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41281 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in JT2Go (All versions), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains an out of bounds read vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20488 ‼
📖 Read
via "National Vulnerability Database".
In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242703217📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41282 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in JT2Go (All versions), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains an out of bounds read vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-45693 ‼
📖 Read
via "National Vulnerability Database".
Jettison before v1.5.2 was discovered to contain a stack overflow via the map parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-46059 ‼
📖 Read
via "National Vulnerability Database".
AeroCMS v0.0.1 is vulnerable to Cross Site Request Forgery (CSRF).📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41279 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in JT2Go (All versions), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41285 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in JT2Go (All versions), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains a use-after-free vulnerability that could be triggered while parsing specially crafted CGM files. An attacker could leverage this vulnerability to execute code in the context of the current process.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-46142 ‼
📖 Read
via "National Vulnerability Database".
Affected devices store the CLI user passwords encrypted in flash memory. Attackers with physical access to the device could retrieve the file and decrypt the CLI user passwords.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-31696 ‼
📖 Read
via "National Vulnerability Database".
VMware ESXi contains a memory corruption vulnerability that exists in the way it handles a network socket. A malicious actor with local access to ESXi may exploit this issue to corrupt memory leading to an escape of the ESXi sandbox.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-33235 ‼
📖 Read
via "National Vulnerability Database".
Information disclosure due to buffer over-read in WLAN firmware while parsing security context info attributes. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20477 ‼
📖 Read
via "National Vulnerability Database".
In shouldHideNotification of KeyguardNotificationVisibilityProvider.kt, there is a possible way to show hidden notifications due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-241611867📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20486 ‼
📖 Read
via "National Vulnerability Database".
In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242703118📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4223 ‼
📖 Read
via "National Vulnerability Database".
The pgAdmin server includes an HTTP API that is intended to be used to validate the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. The utility is executed by the server to determine what PostgreSQL version it is from. Versions of pgAdmin prior to 6.17 failed to properly secure this API, which could allow an unauthenticated user to call it with a path of their choosing, such as a UNC path to a server they control on a Windows machine. This would cause an appropriately named executable in the target path to be executed by the pgAdmin server.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20474 ‼
📖 Read
via "National Vulnerability Database".
In readLazyValue of Parcel.java, there is a possible loading of arbitrary code into the System Settings app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-240138294📖 Read
via "National Vulnerability Database".
‼ CVE-2022-45937 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in APOGEE PXC Series (BACnet) (All versions < V3.5.5), APOGEE PXC Series (P2 Ethernet) (All versions < V2.8.20), TALON TC Series (BACnet) (All versions < V3.5.5). A low privilege authenticated attacker with network access to the integrated web server could download sensitive information from the device containing user account credentials.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-44636 ‼
📖 Read
via "National Vulnerability Database".
The Samsung TV (2021 and 2022 model) smart remote control allows attackers to enable microphone access via Bluetooth spoofing when a user is activating remote control by pressing a button. This is fixed in xxx72510, E9172511 for 2021 models, xxxA1000, 4x2A0200 for 2022 models.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43517 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in Simcenter STAR-CCM+ (All versions). The affected application improperly assigns file permissions to installation folders. This could allow a local attacker with an unprivileged account to override or modify the service executables and subsequently gain elevated privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20483 ‼
📖 Read
via "National Vulnerability Database".
In several functions that parse avrc response in avrc_pars_ct.cc and related files, there are possible out of bounds reads due to integer overflows. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242459126📖 Read
via "National Vulnerability Database".