Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2372 | 1 Yaycommerce | 1 Yaysmtp | 2022-08-12 | N/A | 4.8 MEDIUM |
| The YaySMTP WordPress plugin before 2.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2022-2729 | 1 Open-emr | 1 Openemr | 2022-08-12 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - DOM in GitHub repository openemr/openemr prior to 7.0.0.1. | |||||
| CVE-2022-2386 | 1 Automattic | 1 Crowdsignal Dashboard | 2022-08-12 | N/A | 6.1 MEDIUM |
| The Crowdsignal Dashboard WordPress plugin before 3.0.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-2731 | 1 Open-emr | 1 Openemr | 2022-08-12 | N/A | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.1. | |||||
| CVE-2022-2730 | 1 Open-emr | 1 Openemr | 2022-08-12 | N/A | 6.5 MEDIUM |
| Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.1. | |||||
| CVE-2022-2732 | 1 Open-emr | 1 Openemr | 2022-08-12 | N/A | 8.3 HIGH |
| Improper Privilege Management in GitHub repository openemr/openemr prior to 7.0.0.1. | |||||
| CVE-2022-2734 | 1 Open-emr | 1 Openemr | 2022-08-12 | N/A | 5.4 MEDIUM |
| Improper Restriction of Rendered UI Layers or Frames in GitHub repository openemr/openemr prior to 7.0.0.1. | |||||
| CVE-2022-2391 | 1 Wpzoom | 1 Inspiro Pro | 2022-08-12 | N/A | 5.4 MEDIUM |
| The Inspiro PRO WordPress plugin does not sanitize the portfolio slider description, allowing users with privileges as low as Contributor to inject JavaScript into the description. | |||||
| CVE-2022-2733 | 1 Open-emr | 1 Openemr | 2022-08-12 | N/A | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.1. | |||||
| CVE-2022-2269 | 1 Wpwhitesecurity | 1 Website File Changes Monitor | 2022-08-12 | N/A | 9.8 CRITICAL |
| The Website File Changes Monitor WordPress plugin before 1.8.3 does not sanitise and escape user input before using it in a SQL statement via an action available to users with the manage_options capability (by default admins), leading to an SQL injection | |||||
| CVE-2022-2699 | 1 Simple E-learning System Project | 1 Simple E-learning System | 2022-08-12 | N/A | 7.5 HIGH |
| A vulnerability was found in SourceCodester Simple E-Learning System. It has been rated as critical. Affected by this issue is some unknown functionality of the file /claire_blake. The manipulation of the argument phoneNumber leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205820. | |||||
| CVE-2022-20344 | 1 Google | 1 Android | 2022-08-12 | N/A | 7.0 HIGH |
| In stealReceiveChannel of EventThread.cpp, there is a possible way to interfere with process communication due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-232541124 | |||||
| CVE-2022-33732 | 1 Google | 1 Android | 2022-08-12 | N/A | 7.1 HIGH |
| Improper access control vulnerability in Samsung Dex for PC prior to SMR Aug-2022 Release 1 allows local attackers to scan and connect to PC by unprotected binder call. | |||||
| CVE-2022-20349 | 1 Google | 1 Android | 2022-08-12 | N/A | 7.8 HIGH |
| In WifiScanningPreferenceController and BluetoothScanningPreferenceController, there is a possible admin restriction bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-228315522 | |||||
| CVE-2022-20348 | 1 Google | 1 Android | 2022-08-12 | N/A | 7.8 HIGH |
| In updateState of LocationServicesWifiScanningPreferenceController.java, there is a possible admin restriction bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-228315529 | |||||
| CVE-2022-20347 | 1 Google | 1 Android | 2022-08-12 | N/A | 8.8 HIGH |
| In onAttach of ConnectedDeviceDashboardFragment.java, there is a possible permission bypass due to a confused deputy. This could lead to remote escalation of privilege in Bluetooth settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-228450811 | |||||
| CVE-2022-20346 | 1 Google | 1 Android | 2022-08-12 | N/A | 6.5 MEDIUM |
| In updateAudioTrackInfoFromESDS_MPEG4Audio of MPEG4Extractor.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-230493653 | |||||
| CVE-2022-20345 | 1 Google | 1 Android | 2022-08-12 | N/A | 8.8 HIGH |
| In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-230494481 | |||||
| CVE-2022-20355 | 1 Google | 1 Android | 2022-08-12 | N/A | 5.5 MEDIUM |
| In get of PacProxyService.java, there is a possible system service crash due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-219498290 | |||||
| CVE-2022-20354 | 1 Google | 1 Android | 2022-08-12 | N/A | 7.8 HIGH |
| In onDefaultNetworkChanged of Vpn.java, there is a possible way to disable VPN due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-219546241 | |||||