Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Total 210374 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-43031 1 Dedecms 1 Dedecms 2022-11-10 N/A 8.8 HIGH
DedeCMS v6.1.9 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add Administrator accounts and modify Admin passwords.
CVE-2022-43058 1 Online Diagnostic Lab Management System Project 1 Online Diagnostic Lab Management System 2022-11-10 N/A 9.8 CRITICAL
Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms//classes/Master.php?f=delete_activity.
CVE-2022-35279 1 Ibm 1 Business Automation Workflow 2022-11-10 N/A 4.3 MEDIUM
"IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3, and 22.0.1 could disclose sensitive version information to authenticated users which could be used in further attacks against the system. IBM X-Force ID: 230537."
CVE-2022-44563 1 Huawei 2 Emui, Harmonyos 2022-11-10 N/A 5.9 MEDIUM
There is a race condition vulnerability in SD upgrade mode. Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2022-32603 2 Google, Mediatek 7 Android, Mt6879, Mt6893 and 4 more 2022-11-10 N/A 6.7 MEDIUM
In gpu drm, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310704; Issue ID: ALPS07310704.
CVE-2022-44548 1 Huawei 2 Emui, Harmonyos 2022-11-10 N/A 4.3 MEDIUM
There is a vulnerability in permission verification during the Bluetooth pairing process. Successful exploitation of this vulnerability may cause the dialog box for confirming the pairing not to be displayed during Bluetooth pairing.
CVE-2022-32607 2 Google, Mediatek 49 Android, Mt6580, Mt6739 and 46 more 2022-11-10 N/A 6.7 MEDIUM
In aee, there is a possible use after free due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07202891; Issue ID: ALPS07202891.
CVE-2022-32605 2 Google, Mediatek 4 Android, Mt6879, Mt6895 and 1 more 2022-11-10 N/A 6.7 MEDIUM
In isp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07213898; Issue ID: ALPS07213898.
CVE-2022-32608 2 Google, Mediatek 3 Android, Mt6893, Mt6895 2022-11-10 N/A 6.4 MEDIUM
In jpeg, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07388753; Issue ID: ALPS07388753.
CVE-2022-44546 1 Huawei 2 Emui, Harmonyos 2022-11-10 N/A 7.5 HIGH
The kernel module has the vulnerability that the mapping is not cleared after the memory is automatically released. Successful exploitation of this vulnerability may cause a system restart.
CVE-2022-44547 1 Huawei 2 Emui, Harmonyos 2022-11-10 N/A 7.5 HIGH
The Display Service module has a UAF vulnerability. Successful exploitation of this vulnerability may affect the display service availability.
CVE-2022-32609 2 Google, Mediatek 32 Android, Mt6762, Mt6768 and 29 more 2022-11-10 N/A 6.4 MEDIUM
In vcu, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07203410; Issue ID: ALPS07203410.
CVE-2022-32611 2 Google, Mediatek 4 Android, Mt6879, Mt6895 and 1 more 2022-11-10 N/A 6.7 MEDIUM
In isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07340373; Issue ID: ALPS07340373.
CVE-2022-32610 2 Google, Mediatek 33 Android, Mt6762, Mt6768 and 30 more 2022-11-10 N/A 6.4 MEDIUM
In vcu, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07203476; Issue ID: ALPS07203476.
CVE-2022-32612 2 Google, Mediatek 33 Android, Mt6762, Mt6768 and 30 more 2022-11-10 N/A 6.4 MEDIUM
In vcu, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07203500; Issue ID: ALPS07203500.
CVE-2022-32613 2 Google, Mediatek 33 Android, Mt6762, Mt6768 and 30 more 2022-11-10 N/A 6.4 MEDIUM
In vcu, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07206340; Issue ID: ALPS07206340.
CVE-2022-3536 1 Addify 1 Role Based Pricing For Woocommerce 2022-11-09 N/A 8.8 HIGH
The Role Based Pricing for WooCommerce WordPress plugin before 1.6.3 does not have authorisation and proper CSRF checks, as well as does not validate path given via user input, allowing any authenticated users like subscriber to perform PHAR deserialization attacks when they can upload a file, and a suitable gadget chain is present on the blog
CVE-2022-32588 1 Accusoft 1 Imagegear 2022-11-09 N/A 7.8 HIGH
An out-of-bounds write vulnerability exists in the PICT parsing pctwread_14841 functionality of Accusoft ImageGear 20.0. A specially-crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2022-44544 2 Canonical, Mahara 2 Ubuntu Linux, Mahara 2022-11-09 N/A 9.8 CRITICAL
Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04.3, and 22.10 before 22.10.0 potentially allow a PDF export to trigger a remote shell if the site is running on Ubuntu and the flag -dSAFER is not set with Ghostscript.
CVE-2022-41123 1 Microsoft 1 Exchange Server 2022-11-09 N/A 7.8 HIGH
Microsoft Exchange Server Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41080.