Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-39884 | 1 Google | 1 Android | 2022-11-10 | N/A | 3.3 LOW |
| Improper access control vulnerability in IImsService prior to SMR Nov-2022 Release 1 allows local attacker to access to Call information. | |||||
| CVE-2022-39883 | 1 Google | 1 Android | 2022-11-10 | N/A | 7.8 HIGH |
| Improper authorization vulnerability in StorageManagerService prior to SMR Nov-2022 Release 1 allows local attacker to call privileged API. | |||||
| CVE-2022-29888 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2022-11-10 | N/A | 8.1 HIGH |
| A leftover debug code vulnerability exists in the httpd port 4444 upload.cgi functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted HTTP request can lead to arbitrary file deletion. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2022-39879 | 1 Google | 1 Android | 2022-11-10 | N/A | 3.3 LOW |
| Improper authorization vulnerability in?CallBGProvider prior to SMR Nov-2022 Release 1 allows local attacker to grant permission for accessing information with phone uid. | |||||
| CVE-2022-39882 | 1 Google | 1 Android | 2022-11-10 | N/A | 7.8 HIGH |
| Heap overflow vulnerability in sflacf_fal_bytes_peek function in libsmat.so library prior to SMR Nov-2022 Release 1 allows local attacker to execute arbitrary code. | |||||
| CVE-2022-39880 | 1 Google | 1 Android | 2022-11-10 | N/A | 7.8 HIGH |
| Improper input validation vulnerability in DualOutFocusViewer prior to SMR Nov-2022 Release 1 allows local attacker to perform an arbitrary code execution. | |||||
| CVE-2022-43320 | 1 Feehi | 1 Feehicms | 2022-11-10 | N/A | 6.1 MEDIUM |
| FeehiCMS v2.1.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the id parameter at /web/admin/index.php?r=log%2Fview-layer. | |||||
| CVE-2022-39881 | 1 Samsung | 2 Exynos, Exynos Firmware | 2022-11-10 | N/A | 9.1 CRITICAL |
| Improper input validation vulnerability for processing SIB12 PDU in Exynos modems prior to SMR Sep-2022 Release allows remote attacker to read out of bounds memory. | |||||
| CVE-2022-40159 | 1 Apache | 1 Commons Jxpath | 2022-11-10 | N/A | 6.5 MEDIUM |
| ** DISPUTED ** This record was originally reported by the oss-fuzz project who failed to consider the security context in which JXPath is intended to be used and failed to contact the JXPath maintainers prior to requesting the CVE allocation. The CVE was then allocated by Google in breach of the CNA rules. After review by the JXPath maintainers, the original report was found to be invalid. | |||||
| CVE-2022-43321 | 1 Shopwind | 1 Shopwind | 2022-11-10 | N/A | 6.1 MEDIUM |
| Shopwind v3.4.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the component /common/library/Page.php. | |||||
| CVE-2022-32615 | 2 Google, Mediatek | 4 Android, Mt6983, Mt8871 and 1 more | 2022-11-10 | N/A | 6.7 MEDIUM |
| In ccd, there is a possible out of bounds write due to uninitialized data. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07326559; Issue ID: ALPS07326559. | |||||
| CVE-2022-43290 | 1 Canteen Management System Project | 1 Canteen Management System | 2022-11-10 | N/A | 7.2 HIGH |
| Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /youthappam/editcategory.php. | |||||
| CVE-2022-43292 | 1 Canteen Management System Project | 1 Canteen Management System | 2022-11-10 | N/A | 7.2 HIGH |
| Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /youthappam/editfood.php. | |||||
| CVE-2022-43291 | 1 Canteen Management System Project | 1 Canteen Management System | 2022-11-10 | N/A | 7.2 HIGH |
| Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /youthappam/editclient.php. | |||||
| CVE-2022-38014 | 1 Microsoft | 2 Azure Iot Edge For Linux, Windows Subsystem For Linux | 2022-11-10 | N/A | 7.0 HIGH |
| Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability. | |||||
| CVE-2022-39886 | 1 Google | 1 Android | 2022-11-10 | N/A | 3.3 LOW |
| Improper access control vulnerability in IpcRxServiceModeBigDataInfo in RIL prior to SMR Nov-2022 Release 1 allows local attacker to access Device information. | |||||
| CVE-2022-32614 | 2 Google, Mediatek | 10 Android, M6789, Mt6855 and 7 more | 2022-11-10 | N/A | 6.7 MEDIUM |
| In audio, there is a possible memory corruption due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310571; Issue ID: ALPS07310571. | |||||
| CVE-2022-32616 | 2 Google, Mediatek | 4 Android, Mt6983, Mt8871 and 1 more | 2022-11-10 | N/A | 6.7 MEDIUM |
| In isp, there is a possible out of bounds write due to uninitialized data. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07341258; Issue ID: ALPS07341258. | |||||
| CVE-2022-42964 | 1 Pymatgen | 1 Pymatgen | 2022-11-10 | N/A | 7.5 HIGH |
| An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the pymatgen PyPI package, when an attacker is able to supply arbitrary input to the GaussianInput.from_string method | |||||
| CVE-2022-42966 | 1 Python-poetry | 1 Cleo | 2022-11-10 | N/A | 7.5 HIGH |
| An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the cleo PyPI package, when an attacker is able to supply arbitrary input to the Table.set_rows method | |||||