CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2022-39860 Improper access control vulnerability in QuickShare prior to version 13.2.3.5 allows attackers to access sensitive information via implicit broadcast. | 4.4 | MEDIUM | — | 0 |
| CVE-2022-39861 Unprotected Receiver in AtBroadcastReceiver in FactoryCamera prior to version 3.5.51 allows attackers to record video without camera privilege. | 5.9 | MEDIUM | — | 0 |
| CVE-2022-39862 Improper authorization in Dynamic Lockscreen prior to SMR Sep-2022 Release 1 in Android R(11) and 3.3.03.66 in Android S(12) allows unauthorized use of javascript interface api. | 5.3 | MEDIUM | — | 0 |
| CVE-2022-39863 Intent redirection vulnerability in Samsung Account prior to version 13.5.01.3 allows attackers to access content providers without permission. | 3.6 | LOW | — | 0 |
| CVE-2022-39864 Improper access control vulnerability in WifiSetupLaunchHelper in SmartThings prior to version 1.7.89.25 allows attackers to access sensitive information via implicit intent. | 3.3 | LOW | — | 0 |
| CVE-2022-39865 Improper access control vulnerability in ContentsSharingActivity.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast. | 4.0 | MEDIUM | — | 0 |
| CVE-2022-39866 Improper access control vulnerability in RegisteredEventMediator.kt SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast. | 4.0 | MEDIUM | — | 0 |
| CVE-2022-39867 Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via SHOW_PERSISTENT_BANNER broadcast. | 4.0 | MEDIUM | — | 0 |
| CVE-2022-39868 Improper access control vulnerability in GedSamsungAccount.kt SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast. | 4.0 | MEDIUM | — | 0 |
| CVE-2022-39869 Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via REMOVE_PERSISTENT_BANNER broadcast. | 4.0 | MEDIUM | — | 0 |
| CVE-2022-39870 Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via PUSH_MESSAGE_RECEIVED broadcast. | 4.0 | MEDIUM | — | 0 |
| CVE-2022-39871 Improper access control vulnerability cloudNotificationManager.java in SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcasts. | 4.0 | MEDIUM | — | 0 |
| CVE-2022-39872 Improper restriction of broadcasting Intent in ShareLive prior to version 13.2.03.5 leaks MAC address of the connected Bluetooth device. | 5.9 | MEDIUM | — | 0 |
| CVE-2022-39873 Improper authorization vulnerability in Samsung Internet prior to version 18.0.4.14 allows physical attackers to add bookmarks in secret mode without user authentication. | 4.3 | MEDIUM | — | 0 |
| CVE-2022-39874 Sensitive log information leakage vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout. | 4.0 | MEDIUM | — | 0 |
| CVE-2022-39875 Improper component protection vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout. | 5.1 | MEDIUM | — | 0 |
| CVE-2022-39876 Insertion of Sensitive Information into Log in PushRegIdUpdateClient of SReminder prior to 8.2.01.13 allows attacker to access device IMEI. | 5.9 | MEDIUM | — | 0 |
| CVE-2022-39877 Improper access control vulnerability in ProfileSharingAccount in Group Sharing prior to versions 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below allows attackers to identify the devi... | 4.0 | MEDIUM | — | 0 |
| CVE-2022-22480 IBM QRadar SIEM 7.4 and 7.5 data node rebalancing does not function correctly when using encrypted hosts which could result in information disclosure. IBM X-Force ID: 225889. | 7.5 | HIGH | — | 0 |
| CVE-2022-22493 IBM WebSphere Automation for Cloud Pak for Watson AIOps 1.4.2 is vulnerable to cross-site request forgery, caused by improper cookie attribute setting. IBM X-Force ID: 226449. | 8.8 | HIGH | — | 0 |
| CVE-2022-30613 IBM QRadar SIEM 7.4 and 7.5 could disclose sensitive information via a local service to a privileged user. IBM X-Force ID: 227366. | 5.5 | MEDIUM | — | 0 |
| CVE-2022-34308 IBM CICS TX 11.1 could allow a local user to cause a denial of service due to improper load handling. IBM X-Force ID: 229437. | 5.5 | MEDIUM | — | 0 |
| CVE-2022-36772 IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information that should only be available to a privileged user. | 6.5 | MEDIUM | — | 0 |
| CVE-2022-41291 IBM InfoSphere Information Server 11.7 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 236699. | 6.5 | MEDIUM | — | 0 |
| CVE-2020-15855 Two cross-site scripting vulnerabilities were fixed in Bodhi 5.6.1. | 6.1 | MEDIUM | — | 0 |
| CVE-2021-40162 A maliciously crafted TIF, PICT, TGA, or RLC files in Autodesk Image Processing component may be forced to read beyond allocated boundaries when parsing the TIFF, PICT, TGA, or RLC files. This vulnera... | 7.8 | HIGH | — | 0 |
| CVE-2021-40163 A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through Autodesk Image Processing component. | 7.8 | HIGH | — | 0 |
| CVE-2021-40164 A heap-based buffer overflow could occur while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code. | 7.8 | HIGH | — | 0 |
| CVE-2021-40165 A maliciously crafted TIFF, PICT, TGA, or RLC file in Autodesk Image Processing component may be used to write beyond the allocated buffer while parsing TIFF, PICT, TGA, or RLC files. This vulnerabili... | 7.8 | HIGH | — | 0 |
| CVE-2022-41377 Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /pet_shop/admin/?page=maintenance/manage_category. | 7.2 | HIGH | — | 0 |
| CVE-2021-40166 A maliciously crafted PNG file in Autodesk Image Processing component may be used to attempt to free an object that has already been freed while parsing them. This vulnerability may be exploited by at... | 7.8 | HIGH | — | 0 |
| CVE-2022-21936 On Metasys ADX Server version 12.0 running MVE, an Active Directory user could execute validated actions without providing a valid password when using MVE SMP UI. | 8.1 | HIGH | — | 0 |
| CVE-2022-37885 There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Netw... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-37886 There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Netw... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-41378 Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /pet_shop/admin/?page=inventory/manage_inventory. | 7.2 | HIGH | — | 0 |
| CVE-2023-21789 3D Builder Remote Code Execution Vulnerability | 7.8 | HIGH | — | 0 |
| CVE-2022-37887 There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Netw... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-37889 There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Netw... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-37890 Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Successful exploitation results in the execution of arbitrary commands on the ... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-37891 Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Successful exploitation results in the execution of arbitrary commands on the ... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-37892 A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of th... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-41414 An insecure default in the component auth.login.prompt.enabled of Liferay Portal v7.0.0 through v7.4.2 allows attackers to enumerate usernames, site names, and pages. | 5.3 | MEDIUM | — | 0 |
| CVE-2022-41512 An arbitrary file upload vulnerability in the component /php_action/editFile.php of Online Diagnostic Lab Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | 7.2 | HIGH | — | 0 |
| CVE-2022-41513 Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /diagnostic/edittest.php. | 7.2 | HIGH | — | 0 |
| CVE-2022-41514 Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/ajax.php?action=delete_loan. | 7.2 | HIGH | — | 0 |
| CVE-2022-41515 Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/ajax.php?action=delete_payment. | 7.2 | HIGH | — | 0 |
| CVE-2022-42092 Backdrop CMS 1.22.0 has Unrestricted File Upload vulnerability via 'themes' that allows attackers to Remote Code Execution. Note: Third parties dispute this and argue that advanced permissions are req... | 7.2 | HIGH | — | 0 |
| CVE-2022-37893 An authenticated command injection vulnerability exists in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of this vulnerability results in the ability to execute ar... | 7.8 | HIGH | — | 0 |
| CVE-2022-37894 An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ... | 6.5 | MEDIUM | — | 0 |
| CVE-2022-37895 An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ... | 4.9 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.