Total
210374 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-43031 | 1 Dedecms | 1 Dedecms | 2022-11-10 | N/A | 8.8 HIGH |
DedeCMS v6.1.9 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add Administrator accounts and modify Admin passwords. | |||||
CVE-2022-43058 | 1 Online Diagnostic Lab Management System Project | 1 Online Diagnostic Lab Management System | 2022-11-10 | N/A | 9.8 CRITICAL |
Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms//classes/Master.php?f=delete_activity. | |||||
CVE-2022-35279 | 1 Ibm | 1 Business Automation Workflow | 2022-11-10 | N/A | 4.3 MEDIUM |
"IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3, and 22.0.1 could disclose sensitive version information to authenticated users which could be used in further attacks against the system. IBM X-Force ID: 230537." | |||||
CVE-2022-44563 | 1 Huawei | 2 Emui, Harmonyos | 2022-11-10 | N/A | 5.9 MEDIUM |
There is a race condition vulnerability in SD upgrade mode. Successful exploitation of this vulnerability may affect data confidentiality. | |||||
CVE-2022-32603 | 2 Google, Mediatek | 7 Android, Mt6879, Mt6893 and 4 more | 2022-11-10 | N/A | 6.7 MEDIUM |
In gpu drm, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310704; Issue ID: ALPS07310704. | |||||
CVE-2022-44548 | 1 Huawei | 2 Emui, Harmonyos | 2022-11-10 | N/A | 4.3 MEDIUM |
There is a vulnerability in permission verification during the Bluetooth pairing process. Successful exploitation of this vulnerability may cause the dialog box for confirming the pairing not to be displayed during Bluetooth pairing. | |||||
CVE-2022-32607 | 2 Google, Mediatek | 49 Android, Mt6580, Mt6739 and 46 more | 2022-11-10 | N/A | 6.7 MEDIUM |
In aee, there is a possible use after free due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07202891; Issue ID: ALPS07202891. | |||||
CVE-2022-32605 | 2 Google, Mediatek | 4 Android, Mt6879, Mt6895 and 1 more | 2022-11-10 | N/A | 6.7 MEDIUM |
In isp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07213898; Issue ID: ALPS07213898. | |||||
CVE-2022-32608 | 2 Google, Mediatek | 3 Android, Mt6893, Mt6895 | 2022-11-10 | N/A | 6.4 MEDIUM |
In jpeg, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07388753; Issue ID: ALPS07388753. | |||||
CVE-2022-44546 | 1 Huawei | 2 Emui, Harmonyos | 2022-11-10 | N/A | 7.5 HIGH |
The kernel module has the vulnerability that the mapping is not cleared after the memory is automatically released. Successful exploitation of this vulnerability may cause a system restart. | |||||
CVE-2022-44547 | 1 Huawei | 2 Emui, Harmonyos | 2022-11-10 | N/A | 7.5 HIGH |
The Display Service module has a UAF vulnerability. Successful exploitation of this vulnerability may affect the display service availability. | |||||
CVE-2022-32609 | 2 Google, Mediatek | 32 Android, Mt6762, Mt6768 and 29 more | 2022-11-10 | N/A | 6.4 MEDIUM |
In vcu, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07203410; Issue ID: ALPS07203410. | |||||
CVE-2022-32611 | 2 Google, Mediatek | 4 Android, Mt6879, Mt6895 and 1 more | 2022-11-10 | N/A | 6.7 MEDIUM |
In isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07340373; Issue ID: ALPS07340373. | |||||
CVE-2022-32610 | 2 Google, Mediatek | 33 Android, Mt6762, Mt6768 and 30 more | 2022-11-10 | N/A | 6.4 MEDIUM |
In vcu, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07203476; Issue ID: ALPS07203476. | |||||
CVE-2022-32612 | 2 Google, Mediatek | 33 Android, Mt6762, Mt6768 and 30 more | 2022-11-10 | N/A | 6.4 MEDIUM |
In vcu, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07203500; Issue ID: ALPS07203500. | |||||
CVE-2022-32613 | 2 Google, Mediatek | 33 Android, Mt6762, Mt6768 and 30 more | 2022-11-10 | N/A | 6.4 MEDIUM |
In vcu, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07206340; Issue ID: ALPS07206340. | |||||
CVE-2022-3536 | 1 Addify | 1 Role Based Pricing For Woocommerce | 2022-11-09 | N/A | 8.8 HIGH |
The Role Based Pricing for WooCommerce WordPress plugin before 1.6.3 does not have authorisation and proper CSRF checks, as well as does not validate path given via user input, allowing any authenticated users like subscriber to perform PHAR deserialization attacks when they can upload a file, and a suitable gadget chain is present on the blog | |||||
CVE-2022-32588 | 1 Accusoft | 1 Imagegear | 2022-11-09 | N/A | 7.8 HIGH |
An out-of-bounds write vulnerability exists in the PICT parsing pctwread_14841 functionality of Accusoft ImageGear 20.0. A specially-crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. | |||||
CVE-2022-44544 | 2 Canonical, Mahara | 2 Ubuntu Linux, Mahara | 2022-11-09 | N/A | 9.8 CRITICAL |
Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04.3, and 22.10 before 22.10.0 potentially allow a PDF export to trigger a remote shell if the site is running on Ubuntu and the flag -dSAFER is not set with Ghostscript. | |||||
CVE-2022-41123 | 1 Microsoft | 1 Exchange Server | 2022-11-09 | N/A | 7.8 HIGH |
Microsoft Exchange Server Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41080. |