Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-42770 | 2 Google, Unisoc | 14 Android, S8019, Sc7731e and 11 more | 2022-12-07 | N/A | 4.7 MEDIUM |
| In wlan driver, there is a race condition, This could lead to local denial of service in wlan services. | |||||
| CVE-2022-39129 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2022-12-07 | N/A | 5.5 MEDIUM |
| In face detect driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel. | |||||
| CVE-2022-39106 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2022-12-07 | N/A | 5.5 MEDIUM |
| In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel. | |||||
| CVE-2022-44009 | 1 Stackstorm | 1 Stackstorm | 2022-12-07 | N/A | 7.5 HIGH |
| Improper access control in Key-Value RBAC in StackStorm version 3.7.0 didn't check the permissions in Jinja filters, allowing attackers to access K/V pairs of other users, potentially leading to the exposure of sensitive Information. | |||||
| CVE-2022-39132 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2022-12-07 | N/A | 5.5 MEDIUM |
| In camera driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel. | |||||
| CVE-2022-39131 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2022-12-07 | N/A | 5.5 MEDIUM |
| In camera driver, there is a possible memory corruption due to improper locking. This could lead to local denial of service in kernel. | |||||
| CVE-2022-4173 | 1 Avast | 2 Avast, Avg Antivirus | 2022-12-07 | N/A | 8.8 HIGH |
| A vulnerability within the malware removal functionality of Avast and AVG Antivirus allowed an attacker with write access to the filesystem, to escalate his privileges in certain scenarios. The issue was fixed with Avast and AVG Antivirus version 22.10. | |||||
| CVE-2022-39130 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2022-12-07 | N/A | 5.5 MEDIUM |
| In face detect driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel. | |||||
| CVE-2022-46151 | 1 Pinterest | 1 Querybook | 2022-12-07 | N/A | 6.1 MEDIUM |
| Querybook is an open source data querying UI. In affected versions user provided data is not escaped in the error field of the auth callback url in `querybook/server/app/auth/oauth_auth.py` and `querybook/server/app/auth/okta_auth.py`. This may allow attackers to perform reflected cross site scripting (XSS) if Content Security Policy (CSP) is not enabled or `unsafe-inline` is allowed. Users are advised to upgrade to the latest, patched version of querybook (version 3.14.2 or greater). Users unable to upgrade may enable CSP and not allow unsafe-inline or manually escape query parameters in a reverse proxy. | |||||
| CVE-2022-42754 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2022-12-07 | N/A | 5.5 MEDIUM |
| In npu driver, there is a memory corruption due to a use after free. This could lead to local denial of service in kernel. | |||||
| CVE-2022-43556 | 1 Concretecms | 1 Concrete Cms | 2022-12-07 | N/A | 6.1 MEDIUM |
| Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to XSS in the text input field since the result dashboard page output is not sanitized. The Concrete CMS security team has ranked this 4.2 with CVSS v3.1 vector AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N Thanks @_akbar_jafarli_ for reporting. Remediate by updating to Concrete CMS 8.5.10 and Concrete CMS 9.1.3. | |||||
| CVE-2022-39134 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2022-12-07 | N/A | 4.7 MEDIUM |
| In audio driver, there is a use after free due to a race condition. This could lead to local denial of service in kernel. | |||||
| CVE-2022-39133 | 2 Google, Unisoc | 14 Android, S8022, Sc7731e and 11 more | 2022-12-07 | N/A | 5.5 MEDIUM |
| In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. | |||||
| CVE-2022-42759 | 2 Google, Unisoc | 14 Android, S8017, Sc7731e and 11 more | 2022-12-07 | N/A | 5.5 MEDIUM |
| In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. | |||||
| CVE-2022-42756 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2022-12-07 | N/A | 5.5 MEDIUM |
| In sensor driver, there is a possible buffer overflow due to a missing bounds check. This could lead to local denial of service in kernel. | |||||
| CVE-2022-42755 | 2 Google, Unisoc | 14 Android, S8023, Sc7731e and 11 more | 2022-12-07 | N/A | 5.5 MEDIUM |
| In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. | |||||
| CVE-2022-2969 | 1 Deltaww | 1 Dialink | 2022-12-07 | N/A | 7.5 HIGH |
| Delta Industrial Automation DIALink versions prior to v1.5.0.0 Beta 4 uses an external input to construct a pathname intended to identify a file or directory located underneath a restricted parent directory. However, the software does not properly neutralize special elements within the pathname, which can cause the pathname to resolve to a location outside of the restricted directory. | |||||
| CVE-2022-35508 | 1 Proxmox | 3 Proxmox Mail Gateway, Pve Http Server, Virtual Environment | 2022-12-07 | N/A | 9.8 CRITICAL |
| Proxmox Virtual Environment (PVE) and Proxmox Mail Gateway (PMG) are vulnerable to SSRF when proxying HTTP requests between pve(pmg)proxy and pve(pmg)daemon. An attacker with an unprivileged account can craft an HTTP request to achieve SSRF and file disclosure of any files on the server. Also, in Proxmox Mail Gateway, privilege escalation to the root@pam account is possible if the backup feature has ever been used, because backup files such as pmg-backup_YYYY_MM_DD_*.tgz have 0644 permissions and contain an authkey value. This is fixed in pve-http-server 4.1-3. | |||||
| CVE-2022-43549 | 1 Veeam | 1 Veeam Backup For Google Cloud | 2022-12-07 | N/A | 9.8 CRITICAL |
| Improper authentication in Veeam Backup for Google Cloud v1.0 and v3.0 allows attackers to bypass authentication mechanisms. | |||||
| CVE-2020-35588 | 2022-12-07 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn. Further investigation showed that it was not a vulnerability. Notes: none. | |||||