Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-3694 | 1 Syncee | 1 Syncee - Global Dropshipping | 2022-12-06 | N/A | 7.5 HIGH |
| The Syncee WordPress plugin before 1.0.10 leaks the administrator token that can be used to take over the administrator's account. | |||||
| CVE-2022-3846 | 1 Amentotech | 1 Workreap | 2022-12-06 | N/A | 7.5 HIGH |
| The Workreap WordPress theme before 2.6.3 has a vulnerability with the notifications feature as it's possible to read any user's notification (employer or freelancer) as the notification ID is brute-forceable. | |||||
| CVE-2022-41297 | 1 Ibm | 3 Db2 On Cloud Pak For Data, Db2 Warehouse On Cloud Pak For Data, Db2u | 2022-12-06 | N/A | 6.5 MEDIUM |
| IBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 237212. | |||||
| CVE-2022-3856 | 1 Inksplat | 1 Comic Book Management System | 2022-12-06 | N/A | 7.2 HIGH |
| The Comic Book Management System WordPress plugin before 2.2.0 does not sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin. | |||||
| CVE-2022-32624 | 2 Google, Mediatek | 8 Android, Mt6789, Mt6855 and 5 more | 2022-12-06 | N/A | 6.7 MEDIUM |
| In throttling, there is a possible out of bounds write due to an incorrect calculation of buffer size. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07405923; Issue ID: ALPS07405923. | |||||
| CVE-2022-3858 | 1 Premio | 1 Chaty | 2022-12-06 | N/A | 7.2 HIGH |
| The Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line, WeChat, Email, SMS, Call Button WordPress plugin before 3.0.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin. | |||||
| CVE-2022-32622 | 2 Google, Mediatek | 7 Android, Mt6789, Mt6855 and 4 more | 2022-12-06 | N/A | 6.7 MEDIUM |
| In gz, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07363786; Issue ID: ALPS07363786. | |||||
| CVE-2022-32621 | 2 Google, Mediatek | 3 Android, Mt6895, Mt6983 | 2022-12-06 | N/A | 6.4 MEDIUM |
| In isp, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310829; Issue ID: ALPS07310829. | |||||
| CVE-2022-32620 | 2 Google, Mediatek | 9 Android, Mt6781, Mt6789 and 6 more | 2022-12-06 | N/A | 6.7 MEDIUM |
| In mpu, there is a possible memory corruption due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07541753; Issue ID: ALPS07541753. | |||||
| CVE-2022-32630 | 2 Google, Mediatek | 6 Android, Mt6789, Mt6855 and 3 more | 2022-12-06 | N/A | 6.7 MEDIUM |
| In throttling, there is a possible out of bounds write due to an incorrect calculation of buffer size. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07405966; Issue ID: ALPS07405966. | |||||
| CVE-2022-32626 | 2 Google, Mediatek | 25 Android, Mt6761, Mt6765 and 22 more | 2022-12-06 | N/A | 6.7 MEDIUM |
| In display, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07326239; Issue ID: ALPS07326239. | |||||
| CVE-2022-32625 | 2 Google, Mediatek | 26 Android, Mt6761, Mt6765 and 23 more | 2022-12-06 | N/A | 6.7 MEDIUM |
| In display, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07326216; Issue ID: ALPS07326216. | |||||
| CVE-2022-3677 | 1 Addonspress | 1 Advanced Import | 2022-12-06 | N/A | 6.5 MEDIUM |
| The Advanced Import WordPress plugin before 1.3.8 does not have CSRF check when installing and activating plugins, which could allow attackers to make a logged in admin install arbitrary plugins from WordPress.org, and activate arbitrary ones from the blog via CSRF attacks | |||||
| CVE-2022-3426 | 1 Advanced Wp Columns Project | 1 Advanced Wp Columns | 2022-12-06 | N/A | 4.8 MEDIUM |
| The Advanced WP Columns WordPress plugin through 2.0.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2022-3249 | 1 Wp Csv Exporter Project | 1 Wp Csv Exporter | 2022-12-06 | N/A | 7.2 HIGH |
| The WP CSV Exporter WordPress plugin before 1.3.7 does not properly sanitise and escape some parameters before using them in a SQL statement, allowing high privilege users such as admin to perform SQL injection attacks | |||||
| CVE-2022-1540 | 1 Postmagthemes | 1 Postmagthemes Demo Import | 2022-12-06 | N/A | 7.2 HIGH |
| The PostmagThemes Demo Import WordPress plugin through 1.0.7 does not validate the imported file, allowing high-privilege users such as admin to upload arbitrary files (such as PHP) leading to RCE. | |||||
| CVE-2022-43900 | 1 Ibm | 1 Websphere Automation For Ibm Cloud Pak For Watson Aiops | 2022-12-06 | N/A | 6.5 MEDIUM |
| IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps 1.4.2 could provide a weaker than expected security. A local attacker can create an outbound network connection to another system. IBM X-Force ID: 240827. | |||||
| CVE-2022-43901 | 1 Ibm | 1 Websphere Automation For Ibm Cloud Pak For Watson Aiops | 2022-12-06 | N/A | 5.5 MEDIUM |
| IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps 1.4.3 could disclose sensitive information. An authenticated local attacker could exploit this vulnerability to possibly gain information to other IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps components. IBM X-Force ID: 240829. | |||||
| CVE-2022-32634 | 2 Google, Mediatek | 31 Android, Mt6761, Mt6765 and 28 more | 2022-12-06 | N/A | 6.7 MEDIUM |
| In ccci, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07138646; Issue ID: ALPS07138646. | |||||
| CVE-2022-32596 | 2 Google, Mediatek | 33 Android, Mt6762, Mt6765 and 30 more | 2022-12-06 | N/A | 6.7 MEDIUM |
| In widevine, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07446213; Issue ID: ALPS07446213. | |||||