Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-32617 | 2 Google, Mediatek | 6 Android, Mt6789, Mt6855 and 3 more | 2022-11-09 | N/A | 6.8 MEDIUM |
| In typec, there is a possible out of bounds write due to an incorrect calculation of buffer size. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07262364; Issue ID: ALPS07262364. | |||||
| CVE-2022-41203 | 1 Sap | 1 Businessobjects Business Intelligence | 2022-11-09 | N/A | 8.8 HIGH |
| In some workflow of SAP BusinessObjects BI Platform (Central Management Console and BI LaunchPad), an authenticated attacker with low privileges can intercept a serialized object in the parameters and substitute with another malicious serialized object, which leads to deserialization of untrusted data vulnerability. This could highly compromise the Confidentiality, Integrity, and Availability of the system. | |||||
| CVE-2022-20446 | 1 Google | 1 Android | 2022-11-09 | N/A | 3.3 LOW |
| In AlwaysOnHotwordDetector of AlwaysOnHotwordDetector.java, there is a possible way to access the microphone from the background due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-229793943 | |||||
| CVE-2022-41207 | 1 Sap | 1 Biller Direct | 2022-11-09 | N/A | 6.1 MEDIUM |
| SAP Biller Direct allows an unauthenticated attacker to craft a legitimate looking URL. When clicked by an unsuspecting victim, it will use an unsensitized parameter to redirect the victim to a malicious site of the attacker's choosing which can result in disclosure or modification of the victim's information. | |||||
| CVE-2022-20414 | 1 Google | 1 Android | 2022-11-09 | N/A | 5.5 MEDIUM |
| In setImpl of AlarmManagerService.java, there is a possible way to put a device into a boot loop due to an uncaught exception. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-234441463 | |||||
| CVE-2021-39661 | 1 Google | 1 Android | 2022-11-09 | N/A | 7.8 HIGH |
| In _PMRLogicalOffsetToPhysicalOffset of the PowerVR kernel driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-246824784 | |||||
| CVE-2022-41212 | 1 Sap | 1 Netweaver Application Server Abap | 2022-11-09 | N/A | 4.9 MEDIUM |
| Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a remote enabled function to read a file which is otherwise restricted. On successful exploitation an attacker can completely compromise the confidentiality of the application. | |||||
| CVE-2022-41259 | 1 Sap | 1 Sql Anywhere | 2022-11-09 | N/A | 6.5 MEDIUM |
| SAP SQL Anywhere - version 17.0, allows an authenticated attacker to prevent legitimate users from accessing a SQL Anywhere database server by crashing the server with some queries that use an ARRAY constructor. | |||||
| CVE-2022-20445 | 1 Google | 1 Android | 2022-11-09 | N/A | 7.5 HIGH |
| In process_service_search_rsp of sdp_discovery.cc, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-225876506 | |||||
| CVE-2022-40128 | 1 Algolplus | 1 Advanced Order Export | 2022-11-09 | N/A | 6.5 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Advanced Order Export For WooCommerce plugin <= 3.3.2 on WordPress leading to export file download. | |||||
| CVE-2022-20441 | 1 Google | 1 Android | 2022-11-09 | N/A | 7.8 HIGH |
| In navigateUpTo of Task.java, there is a possible way to launch an unexported intent handler due to a logic error in the code. This could lead to local escalation of privilege if the targeted app has an intent trampoline, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-238605611 | |||||
| CVE-2022-20426 | 1 Google | 1 Android | 2022-11-09 | N/A | 5.5 MEDIUM |
| In multiple functions of many files, there is a possible obstruction of the user's ability to select a phone account due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-236263294 | |||||
| CVE-2022-38137 | 1 Analytify | 1 Analytify - Google Analytics Dashboard | 2022-11-09 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Analytify plugin <= 4.2.2 on WordPress. | |||||
| CVE-2022-20452 | 1 Google | 1 Android | 2022-11-09 | N/A | 7.8 HIGH |
| In initializeFromParcelLocked of BaseBundle.java, there is a possible method arbitrary code execution due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-240138318 | |||||
| CVE-2022-32587 | 1 Codeandmore | 1 Wp Page Widget | 2022-11-09 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in CodeAndMore WP Page Widget plugin <= 3.9 on WordPress leading to plugin settings change. | |||||
| CVE-2022-32776 | 1 Wpadvancedads | 1 Advanced Ads - Ad Manager \& Adsense | 2022-11-09 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Advanced Ads GmbH Advanced Ads – Ad Manager & AdSense plugin <= 1.31.1 on WordPress. | |||||
| CVE-2022-20451 | 1 Google | 1 Android | 2022-11-09 | N/A | 7.8 HIGH |
| In onCallRedirectionComplete of CallsManager.java, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-235098883 | |||||
| CVE-2022-20450 | 1 Google | 1 Android | 2022-11-09 | N/A | 7.8 HIGH |
| In restorePermissionState of PermissionManagerServiceImpl.java, there is a possible way to bypass user consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-210065877 | |||||
| CVE-2022-27858 | 1 Activity Log Project | 1 Activity Log | 2022-11-09 | N/A | 9.8 CRITICAL |
| CSV Injection vulnerability in Activity Log Team Activity Log <= 2.8.3 on WordPress. | |||||
| CVE-2022-27855 | 1 Fatcatapps | 1 Analytics Cat | 2022-11-09 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Fatcat Apps Analytics Cat plugin <= 1.0.9 on WordPress allows Plugin Settings Change. | |||||