Export limit exceeded: 35214 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (35214 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-48517 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 7.5 High |
| Unauthorized service access vulnerability in the DSoftBus module. Successful exploitation of this vulnerability will affect availability. | ||||
| CVE-2022-48516 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 7.5 High |
| Vulnerability that a unique value can be obtained by a third-party app in the DSoftBus module. Successful exploitation of this vulnerability will affect confidentiality. | ||||
| CVE-2022-48515 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 7.5 High |
| Vulnerability of inappropriate permission control in Nearby. Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2022-48514 | 1 Huawei | 1 Harmonyos | 2024-11-21 | 7.5 High |
| The Sepolicy module has inappropriate permission control on the use of Netlink.Successful exploitation of this vulnerability may affect confidentiality. | ||||
| CVE-2022-48510 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 9.8 Critical |
| Input verification vulnerability in the AMS module. Successful exploitation of this vulnerability will cause unauthorized operations. | ||||
| CVE-2022-48487 | 1 Huawei | 1 Emui | 2024-11-21 | 7.5 High |
| Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability. | ||||
| CVE-2022-48460 | 2 Google, Unisoc | 13 Android, Sc7731e, Sc9832e and 10 more | 2024-11-21 | 5.5 Medium |
| In setting service, there is a possible undefined behavior due to incorrect error handling. This could lead to local denial of service with no additional execution privileges needed | ||||
| CVE-2022-48450 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-11-21 | 4.4 Medium |
| In bluetooth service, there is a possible missing params check. This could lead to local denial of service with System execution privileges needed. | ||||
| CVE-2022-48217 | 1 Tradr-project | 1 Tf Remapper | 2024-11-21 | 8.1 High |
| The tf_remapper_node component 1.1.1 for Robot Operating System (ROS) allows attackers, who control the source code of a different node in the same ROS application, to change a robot's behavior. This occurs because a topic name depends on the attacker-controlled old_tf_topic_name and/or new_tf_topic_name parameter. NOTE: the vendor's position is "it is the responsibility of the programmer to make sure that only known and required parameters are set and unexpected parameters are not." | ||||
| CVE-2022-48189 | 1 Lenovo | 170 Thinkpad E14, Thinkpad E14 Firmware, Thinkpad E14 Gen 2 and 167 more | 2024-11-21 | 6.7 Medium |
| An SMM driver input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code. | ||||
| CVE-2022-48074 | 1 Nomachine | 1 Nomachine | 2024-11-21 | 5.3 Medium |
| An issue in NoMachine before v8.2.3 allows attackers to execute arbitrary commands via a crafted .nxs file. | ||||
| CVE-2022-47696 | 1 Gnu | 1 Binutils | 2024-11-21 | 7.8 High |
| An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function compare_symbols. | ||||
| CVE-2022-47695 | 1 Gnu | 1 Binutils | 2024-11-21 | 7.8 High |
| An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function bfd_mach_o_get_synthetic_symtab in match-o.c. | ||||
| CVE-2022-47578 | 1 Zohocorp | 1 Manageengine Device Control Plus | 2024-11-21 | 7.1 High |
| An issue was discovered in the endpoint protection agent in Zoho ManageEngine Device Control Plus 10.1.2228.15. Despite configuring complete restrictions on USB pendrives, USB HDD devices, memory cards, USB connections to mobile devices, etc., it is still possible to bypass the USB restrictions by booting into Safe Mode. This allows a file to be exchanged outside the laptop/system. Safe Mode can be launched by any user (even without admin rights). Data exfiltration can occur, and also malware might be introduced onto the system. NOTE: the vendor's position is "it's not a vulnerability in our product." | ||||
| CVE-2022-47577 | 1 Zohocorp | 1 Manageengine Device Control Plus | 2024-11-21 | 7.1 High |
| An issue was discovered in the endpoint protection agent in Zoho ManageEngine Device Control Plus 10.1.2228.15. Despite configuring complete restrictions on USB pendrives, USB HDD devices, memory cards, USB connections to mobile devices, etc., it is still possible to bypass the USB restrictions by making use of a virtual machine (VM). This allows a file to be exchanged outside the laptop/system. VMs can be created by any user (even without admin rights). The data exfiltration can occur without any record in the audit trail of Windows events on the host machine. NOTE: the vendor's position is "it's not a vulnerability in our product." | ||||
| CVE-2022-47554 | 1 Ormazabal | 4 Ekorccp, Ekorccp Firmware, Ekorrci and 1 more | 2024-11-21 | 8.2 High |
| Exposure of sensitive information in ekorCCP and ekorRCI, potentially allowing a remote attacker to obtain critical information from various .xml files, including .xml files containing credentials, without being authenticated within the web server. | ||||
| CVE-2022-47531 | 1 Ericsson | 1 Evolved Packet Gateway | 2024-11-21 | 8.8 High |
| An issue was discovered in Ericsson Evolved Packet Gateway (EPG) versions 3.x before 3.25 and 2.x before 2.16, allows authenticated users to bypass system CLI and execute commands they are authorized to execute directly in the UNIX shell. | ||||
| CVE-2022-47085 | 1 Ostree Project | 1 Ostree | 2024-11-21 | 7.5 High |
| An issue was discovered in ostree before 2022.7 allows attackers to cause a denial of service or other unspecified impacts via the print_panic function in repo_checkout_filter.rs. | ||||
| CVE-2022-46782 | 1 Stormshield | 1 Ssl Vpn Client | 2024-11-21 | 7.8 High |
| An issue was discovered in Stormshield SSL VPN Client before 3.2.0. A logged-in user, able to only launch the VPNSSL Client, can use the OpenVPN instance to execute malicious code as administrator on the local machine. | ||||
| CVE-2022-46724 | 1 Apple | 2 Ipados, Iphone Os | 2024-11-21 | 2.4 Low |
| This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 16.4 and iPadOS 16.4. A person with physical access to an iOS device may be able to view the last image used in Magnifier from the lock screen. | ||||