Detections
Analytics

Updated CVEs

IDDescriptionSeverity
CVE-2022-38687In messaging service, there is a missing permission check. This could lead to local denial of service in messaging service with no additional execution privileges needed.
medium
CVE-2022-38679In music service, there is a missing permission check. This could lead to local denial of service in music service with no additional execution privileges needed.
medium
CVE-2022-38677In cell service, there is a missing permission check. This could lead to local denial of service in cell service with no additional execution privileges needed.
medium
CVE-2022-38676In gpu driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.
medium
CVE-2022-38673In face detect driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.
medium
CVE-2022-38672In face detect driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.
medium
CVE-2022-38670In soundrecorder service, there is a missing permission check. This could lead to elevation of privilege in contacts service with no additional execution privileges needed.
high
CVE-2022-38669In soundrecorder service, there is a missing permission check. This could lead to elevation of privilege in contacts service with no additional execution privileges needed.
high
CVE-2022-38388IBM Navigator Mobile Android 3.4.1.1 and 3.4.1.2 app could allow a local user to obtain sensitive information due to improper access control. IBM X-Force ID: 233968.
medium
CVE-2022-37614Prototype pollution vulnerability in function enable in mockery.js in mfncooper mockery commit 822f0566fd6d72af8c943ae5ca2aa92e516aa2cf via the key variable in mockery.js.
critical
CVE-2022-37611Prototype pollution vulnerability in tschaub gh-pages 3.1.0 via the partial variable in util.js.
critical
CVE-2022-37603A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the url variable in interpolateName.js.
high
CVE-2022-37602Prototype pollution vulnerability in karma-runner grunt-karma 4.0.1 via the key variable in grunt-karma.js.
critical
CVE-2022-37208JFinal CMS 5.1.0 is vulnerable to SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection.
high
CVE-2022-35612A cross-site scripting (XSS) vulnerability in MQTTRoute v3.3 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the dashboard name text field.
medium
CVE-2022-35611A Cross-Site Request Forgery (CSRF) in MQTTRoute v3.3 and below allows attackers to create and remove dashboards.
medium
CVE-2022-35136Boodskap IoT Platform v4.4.9-02 allows attackers to make unauthenticated API requests.
medium
CVE-2022-35135Boodskap IoT Platform v4.4.9-02 allows attackers to escalate privileges via a crafted request sent to /api/user/upsert/<uuid>.
high
CVE-2022-35134Boodskap IoT Platform v4.4.9-02 contains a cross-site scripting (XSS) vulnerability.
medium
CVE-2022-35081SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via png_read_header at /src/png2swf.c.
medium
CVE-2022-35080SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via png_load at /lib/png.c.
medium
CVE-2022-35059OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6c0414.
medium
CVE-2022-35058OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b05ce.
medium
CVE-2022-35056OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b0478.
medium
CVE-2022-35055OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6c0473.
medium
CVE-2022-35054OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6171b2.
medium
CVE-2022-35053OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x61731f.
medium
CVE-2022-35052OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b84b1.
medium
CVE-2022-35050OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b04de.
medium
CVE-2022-35049OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b03b5.
medium
CVE-2022-35048OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b0b2c.
medium
CVE-2022-35047OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b05aa.
medium
CVE-2022-35046OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b0466.
medium
CVE-2022-35045OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b0d63.
medium
CVE-2022-35044OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x617087.
medium
CVE-2022-35043OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6c08a6.
medium
CVE-2022-35042OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x4adb11.
medium
CVE-2022-35041OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b558f.
medium
CVE-2022-35040OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b5567.
medium
CVE-2022-34022SQL injection vulnerability in ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 via a crafted POST request to /ResiotQueryDBActive.
high
CVE-2022-32931This issue was addressed with improved data protection. This issue is fixed in macOS Ventura 13. An app with root privileges may be able to access private information.
medium
CVE-2022-32149An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.
high
CVE-2022-2985In music service, there is a missing permission check. This could lead to elevation of privilege in contacts service with no additional execution privileges needed.
high
CVE-2022-2984In jpg driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.
medium
CVE-2022-2963A vulnerability found in jasper. This security vulnerability happens because of a memory leak bug in function cmdopts_parse that can cause a crash or segmentation fault.
high
CVE-2022-28887Multiple Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aerdl.dll unpacker handler function crashes. This can lead to a possible scanning engine crash.
high
CVE-2022-2850A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. This CVE is assigned against an incomplete fix of CVE-2021-3514.
medium
CVE-2022-2828In affected versions of Octopus Server it is possible to reveal information about teams via the API due to an Insecure Direct Object Reference (IDOR) vulnerability
medium
CVE-2022-2780In affected versions of Octopus Server it is possible to use the Git Connectivity test function on the VCS project to initiate an SMB request resulting in the potential for an NTLM relay attack.
high
CVE-2022-25665Information disclosure due to buffer over read in kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Mobile
high