Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-20133 | 1 Google | 1 Android | 2022-06-24 | 7.2 HIGH | 7.8 HIGH |
| In setDiscoverableTimeout of AdapterService.java, there is a possible bypass of user interaction due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-206807679 | |||||
| CVE-2021-34604 | 2022-06-24 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. It is a duplicate of CVE-2022-22514. Notes: none. | |||||
| CVE-2022-32302 | 1 Theme Park Ticketing System Project | 1 Theme Park Ticketing System | 2022-06-23 | 6.5 MEDIUM | 8.8 HIGH |
| Theme Park Ticketing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at edit_ticket.php. | |||||
| CVE-2022-32992 | 1 Online Tours And Travels Management System Project | 1 Online Tours And Travels Management System | 2022-06-23 | 6.5 MEDIUM | 7.2 HIGH |
| Online Tours And Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the tname parameter at /admin/operations/tax.php. | |||||
| CVE-2022-32991 | 1 Web Based Quiz System Project | 1 Web Based Quiz System | 2022-06-23 | 6.5 MEDIUM | 8.8 HIGH |
| Web Based Quiz System v1.0 was discovered to contain a SQL injection vulnerability via the eid parameter at welcome.php. | |||||
| CVE-2022-32375 | 1 Advanced School Management System Project | 1 Advanced School Management System | 2022-06-23 | 6.5 MEDIUM | 7.2 HIGH |
| itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_timetable.php?id=. | |||||
| CVE-2022-32378 | 1 Advanced School Management System Project | 1 Advanced School Management System | 2022-06-23 | 6.5 MEDIUM | 7.2 HIGH |
| itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_teacher_profile.php?my_index=. | |||||
| CVE-2022-32377 | 1 Advanced School Management System Project | 1 Advanced School Management System | 2022-06-23 | 6.5 MEDIUM | 7.2 HIGH |
| itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_exam_timetable.php?id=. | |||||
| CVE-2022-32376 | 1 Advanced School Management System Project | 1 Advanced School Management System | 2022-06-23 | 6.5 MEDIUM | 7.2 HIGH |
| itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_events.php?event_id=. | |||||
| CVE-2022-32380 | 1 Advanced School Management System Project | 1 Advanced School Management System | 2022-06-23 | 6.5 MEDIUM | 7.2 HIGH |
| itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_student_subject.php?index=. | |||||
| CVE-2022-32379 | 1 Advanced School Management System Project | 1 Advanced School Management System | 2022-06-23 | 6.5 MEDIUM | 7.2 HIGH |
| itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_parents_profile.php?my_index=. | |||||
| CVE-2022-32381 | 1 Advanced School Management System Project | 1 Advanced School Management System | 2022-06-23 | 6.5 MEDIUM | 7.2 HIGH |
| itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_admin_profile.php?my_index=. | |||||
| CVE-2022-32433 | 1 Advanced School Management System Project | 1 Advanced School Management System | 2022-06-23 | 6.5 MEDIUM | 7.2 HIGH |
| itsourcecode Advanced School Management System v1.0 is vulnerable to Arbitrary code execution via ip/school/view/all_teacher.php. | |||||
| CVE-2021-41415 | 1 Subscription-manager Project | 1 Subscription-manager | 2022-06-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| Subscription-Manager v1.0 /main.js has a cross-site scripting (XSS) vulnerability in the machineDetail parameter. | |||||
| CVE-2021-36891 | 1 Supsystic | 1 Photo Gallery | 2022-06-23 | 4.3 MEDIUM | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Photo Gallery by Supsystic plugin <= 1.15.5 at WordPress allows changing the plugin settings. | |||||
| CVE-2022-29439 | 1 Nextcode | 1 Image Slider By Nextcode | 2022-06-23 | 4.3 MEDIUM | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Image Slider by NextCode plugin <= 1.1.2 at WordPress allows deleting slides. | |||||
| CVE-2022-20233 | 1 Google | 1 Android | 2022-06-23 | 7.2 HIGH | 6.7 MEDIUM |
| In param_find_digests_internal and related functions of the Titan-M source, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-222472803References: N/A | |||||
| CVE-2022-20210 | 1 Google | 1 Android | 2022-06-23 | 10.0 HIGH | 9.8 CRITICAL |
| The UE and the EMM communicate with each other using NAS messages. When a new NAS message arrives from the EMM, the modem parses it and fills in internal objects based on the received data. A bug in the parsing code could be used by an attacker to remotely crash the modem, which could lead to DoS or RCE.Product: AndroidVersions: Android SoCAndroid ID: A-228868888 | |||||
| CVE-2022-20209 | 1 Google | 1 Android | 2022-06-23 | 5.0 MEDIUM | 7.5 HIGH |
| In hme_add_new_node_to_a_sorted_array of hme_utils.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-207502397 | |||||
| CVE-2022-20208 | 1 Google | 1 Android | 2022-06-23 | 2.1 LOW | 4.4 MEDIUM |
| In parseRecursively of cppbor_parse.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-192743373 | |||||