Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2022-31047 TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, system internal credentials or keys (e.g. database credentials) ca... | 5.3 | MEDIUM | — | 0 |
| CVE-2022-31048 TYPO3 is an open source web content management system. Prior to versions 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, the Form Designer backend module of the Form Framework is vulnerable to cross-s... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-32359 Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/classes/Master.php?f=delete_category. | 7.2 | HIGH | — | 0 |
| CVE-2022-31049 TYPO3 is an open source web content management system. Prior to versions 9.5.34 ELTS, 10.4.29, and 11.5.11, user submitted content was used without being properly encoded in HTML emails sent to users.... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-31050 TYPO3 is an open source web content management system. Prior to versions 9.5.34 ELTS, 10.4.29, and 11.5.11, Admin Tool sessions initiated via the TYPO3 backend user interface had not been revoked even... | 6.0 | MEDIUM | — | 0 |
| CVE-2022-31060 Discourse is an open-source discussion platform. Prior to version 2.8.4 in the `stable` branch and version `2.9.0.beta5` in the `beta` and `tests-passed` branches, banner topic data is exposed on logi... | 5.3 | MEDIUM | — | 0 |
| CVE-2022-32353 Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/categories/manage_field_order.php?id=. | 7.2 | HIGH | — | 0 |
| CVE-2022-32354 Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/?page=user/manage_user&id=. | 7.2 | HIGH | — | 0 |
| CVE-2022-32355 Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/?page=products/view_product&id=. | 7.2 | HIGH | — | 0 |
| CVE-2022-32363 Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/categories/view_category.php?id=. | 7.2 | HIGH | — | 0 |
| CVE-2022-31066 EdgeX Foundry is an open source project for building a common open framework for Internet of Things edge computing. Prior to version 2.1.1, the /api/v2/config endpoint exposes message bus credentials ... | 5.9 | MEDIUM | — | 0 |
| CVE-2022-32230 Microsoft Windows SMBv3 suffers from a null pointer dereference in versions of Windows prior to the April, 2022 patch set. By sending a malformed FileNormalizedNameInformation SMBv3 request over a nam... | 7.5 | HIGH | — | 0 |
| CVE-2022-32240 When a user opens manipulated Jupiter Tesselation (.jt, JTReader.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavaila... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-32241 When a user opens manipulated Portable Document Format (.pdf, PDFView.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily una... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-32242 When a user opens manipulated Radiance Picture (.hdr, hdr.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to ... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-32243 When a user opens manipulated Scalable Vector Graphics (.svg, svg.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavail... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-1958 A vulnerability classified as critical has been found in FileCloud. Affected is an unknown function of the component NTFS Handler. The manipulation leads to improper access controls. It is possible to... | 6.3 | MEDIUM | — | 0 |
| CVE-2021-40212 An exploitable out-of-bounds write vulnerability in PotPlayer 1.7.21523 build 210729 may lead to code execution, information disclosure, and denial of service. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-41413 ok-file-formats master 2021-9-12 is affected by a buffer overflow in ok_jpg_convert_data_unit_grayscale and ok_jpg_convert_YCbCr_to_RGB. | 7.8 | HIGH | — | 0 |
| CVE-2021-39691 In WindowManager, there is a possible tapjacking attack due to an incorrect window flag when processing user input. This could lead to local escalation of privilege with no additional execution privil... | 7.3 | HIGH | — | 0 |
| CVE-2022-20123 In phNciNfc_RecvMfResp of phNxpExtns_MifareStd.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution ... | 7.5 | HIGH | — | 0 |
| CVE-2022-20124 In deletePackageX of DeletePackageHelper.java, there is a possible way for a Guest user to reset pre-loaded applications for other users due to a permissions bypass. This could lead to local escalatio... | 7.8 | HIGH | — | 0 |
| CVE-2022-20125 In GBoard, there is a possible way to bypass factory reset protections due to a sandbox escape. This could lead to local escalation of privilege if an attacker has physical access to the device, with ... | 6.8 | MEDIUM | — | 0 |
| CVE-2022-20126 In setScanMode of AdapterService.java, there is a possible way to enable Bluetooth discovery mode without user interaction due to a missing permission check. This could lead to local escalation of pri... | 7.3 | HIGH | — | 0 |
| CVE-2022-20127 In ce_t4t_data_cback of ce_t4t.cc, there is a possible out of bounds write due to a double free. This could lead to remote code execution with no additional execution privileges needed. User interacti... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-20129 In registerPhoneAccount of PhoneAccountRegistrar.java, there is a possible way to prevent the user from selecting a phone account due to improper input validation. This could lead to local denial of s... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-32302 Theme Park Ticketing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at edit_ticket.php. | 8.8 | HIGH | — | 0 |
| CVE-2022-20130 In transportDec_OutOfBandConfig of tpdec_lib.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privilege... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-20131 In nci_proc_rf_management_ntf of nci_hrcv.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privil... | 7.5 | HIGH | — | 0 |
| CVE-2022-20132 In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if a mal... | 4.6 | MEDIUM | — | 0 |
| CVE-2022-20133 In setDiscoverableTimeout of AdapterService.java, there is a possible bypass of user interaction due to a missing permission check. This could lead to local escalation of privilege with User execution... | 7.8 | HIGH | — | 0 |
| CVE-2022-20134 In readArguments of CallSubjectDialog.java, there is a possible way to trick the user to call the wrong phone number due to improper input validation. This could lead to local escalation of privilege ... | 7.8 | HIGH | — | 0 |
| CVE-2022-20135 In writeToParcel of GateKeeperResponse.java, there is a possible parcel format mismatch. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not... | 7.8 | HIGH | — | 0 |
| CVE-2022-20137 In onCreateContextMenu of NetworkProviderSettings.java, there is a possible way for non-owner users to change WiFi settings due to a missing permission check. This could lead to local escalation of pr... | 7.3 | HIGH | — | 0 |
| CVE-2022-2086 A vulnerability, which was classified as critical, has been found in SourceCodester Bank Management System 1.0. Affected by this issue is login.php. The manipulation of the argument password with the ... | 6.3 | MEDIUM | — | 0 |
| CVE-2022-2087 A vulnerability, which was classified as problematic, was found in SourceCodester Bank Management System 1.0. This affects the file /mnotice.php?id=2. The manipulation of the argument notice with the ... | 3.5 | LOW | — | 0 |
| CVE-2021-36901 Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability in Phil Baker's Age Gate plugin <= 2.17.0 at WordPress. | 6.1 | MEDIUM | — | 0 |
| CVE-2021-39806 In closef of label_backends_android.c, there is a possible way to corrupt memory due to a double free. This could lead to local escalation of privilege during startup of servicemanager, if an attacker... | 7.8 | HIGH | — | 0 |
| CVE-2022-20138 In ACTION_MANAGED_PROFILE_PROVISIONED of DevicePolicyManagerService.java, there is a possible way for unprivileged app to send MANAGED_PROFILE_PROVISIONED intent due to a missing permission check. Thi... | 7.8 | HIGH | — | 0 |
| CVE-2024-47006 Uncontrolled search path for the Intel(R) RealSense D400 Series Universal Windows Platform (UWP) Driver for Windows(R) 10 all versions may allow an authenticated user to potentially enable escalation ... | 6.7 | MEDIUM | — | 0 |
| CVE-2022-20140 In read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additional execution privileges nee... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-20141 In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege when opening and closing inet sockets with no additional exec... | 7.0 | HIGH | — | 0 |
| CVE-2022-20142 In createFromParcel of GeofenceHardwareRequestParcelable.java, there is a possible arbitrary code execution due to parcel mismatch. This could lead to local escalation of privilege with no additional ... | 7.8 | HIGH | — | 0 |
| CVE-2022-20143 In addAutomaticZenRule of ZenModeHelper.java, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with User execution privileges need... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-20144 In multiple functions of AvatarPhotoController.java, there is a possible access to content owned by system content providers due to a confused deputy. This could lead to local escalation of privilege ... | 7.8 | HIGH | — | 0 |
| CVE-2022-20145 In startLegacyVpnPrivileged of Vpn.java, there is a possible way to retrieve VPN credentials due to a protocol downgrade attack. This could lead to remote escalation of privilege if a malicious Wi-Fi ... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-20146 In uploadFile of FileUploadServiceImpl.java, there is a possible incorrect file access due to a confused deputy. This could lead to local information disclosure of private files with no additional exe... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-20147 In nfa_dm_check_set_config of nfa_dm_main.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privi... | 7.8 | HIGH | — | 0 |
| CVE-2022-20148 In TBD of TBD, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is n... | 6.4 | MEDIUM | — | 0 |
| CVE-2022-20149 Product: AndroidVersions: Android kernelAndroid ID: A-211685939References: N/A | 7.5 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.