The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2021-0697 | In PVRSRVRGXSubmitTransferKM of rgxtransfer.c, there is a possible user after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-238918403 | -- | Sep 16, 2022 |
| CVE-2020-36603 | The HoYoVerse (formerly miHoYo) Genshin Impact mhyprot2.sys 1.0.0.0 anti-cheat driver does not adequately restrict unprivileged function calls, allowing local, unprivileged users to execute arbitrary code with SYSTEM privileges on Microsoft Windows systems. The mhyprot2.sys driver must first be installed by a user with administrative privileges. | -- | Sep 14, 2022 |
| CVE-2020-36601 | Out-of-bounds write vulnerability in the kernel modules. Successful exploitation of this vulnerability may cause a panic reboot. | -- | Sep 16, 2022 |
| CVE-2020-36600 | Out-of-bounds write vulnerability in the power consumption module. Successful exploitation of this vulnerability may cause the system to restart. | -- | Sep 16, 2022 |
| CVE-2020-25491 | 6Kare Emakin 5.0.341.0 is affected by Cross Site Scripting (XSS) via the /rpc/membership/setProfile DisplayName field, which is mishandled when rendering the Activity Stream page. | -- | Sep 16, 2022 |
| CVE-2020-23560 | IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x000000000001bcab. | -- | Sep 16, 2022 |
| CVE-2020-23559 | IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x0000000000007d7f. | -- | Sep 16, 2022 |
| CVE-2020-23558 | IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x0000000000007f4b. | -- | Sep 16, 2022 |
| CVE-2020-23557 | IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x000000000000755d. | -- | Sep 16, 2022 |
| CVE-2020-23556 | IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e28. | -- | Sep 16, 2022 |
| CVE-2020-23555 | IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e6e. | -- | Sep 16, 2022 |
| CVE-2020-23554 | IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e20. | -- | Sep 16, 2022 |
| CVE-2020-23553 | IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007d33. | -- | Sep 16, 2022 |
| CVE-2020-23552 | IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e62. | -- | Sep 16, 2022 |
| CVE-2020-23551 | IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e30. | -- | Sep 16, 2022 |
| CVE-2020-23550 | IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e82. | -- | Sep 16, 2022 |
| CVE-2020-19587 | Cross Site Scripting (XSS) vulnerability in configMap parameters in Yellowfin Business Intelligence 7.3 allows remote attackers to run arbitrary code via MIAdminStyles.i4 Admin UI. | -- | Sep 17, 2022 |
| CVE-2020-19586 | Incorrect Access Control issue in Yellowfin Business Intelligence 7.3 allows remote attackers to escalate privilege via MIAdminStyles.i4 Admin UI. | -- | Sep 17, 2022 |
| CVE-2018-25047 | In Smarty before 3.1.47 and 4.x before 4.2.1, libs/plugins/function.mailto.php allows XSS. A web page that uses smarty_function_mailto, and that could be parameterized using GET or POST input parameters, could allow injection of JavaScript code by a user. | -- | Sep 16, 2022 |
| CVE-2022-40325 | SysAid Help Desk before 22.1.65 allows XSS via the Asset Dashboard, aka FR# 67262. | -- | Sep 12, 2022 |
| CVE-2022-40324 | SysAid Help Desk before 22.1.65 allows XSS via the Linked SRs field, aka FR# 67258. | -- | Sep 12, 2022 |
| CVE-2022-40323 | SysAid Help Desk before 22.1.65 allows XSS in the Password Services module, aka FR# 67241. | -- | Sep 12, 2022 |
| CVE-2022-40322 | SysAid Help Desk before 22.1.65 allows XSS, aka FR# 66542 and 65579. | -- | Sep 12, 2022 |
| CVE-2022-40320 | cfg_tilde_expand in confuse.c in libConfuse 3.3 has a heap-based buffer over-read. | -- | Sep 10, 2022 |
| CVE-2022-40317 | OpenKM 6.3.11 allows stored XSS related to the javascript: substring in an A element. | -- | Sep 10, 2022 |
| CVE-2022-40307 | An issue was discovered in the Linux kernel through 5.19.8. drivers/firmware/efi/capsule-loader.c has a race condition with a resultant use-after-free. | -- | Sep 9, 2022 |
| CVE-2022-40305 | A Server-Side Request Forgery issue in Canto Cumulus through 11.1.3 allows attackers to enumerate the internal network, overload network resources, and possibly have unspecified other impact via the server parameter to the /cwc/login login form. | -- | Sep 10, 2022 |
| CVE-2022-40299 | In Singular before 4.3.1, a predictable /tmp pathname is used (e.g., by sdb.cc), which allows local users to gain the privileges of other users via a procedure in a file under /tmp. NOTE: this CVE Record is about sdb.cc and similar files in the Singular interface that have predictable /tmp pathnames; this CVE Record is not about the lack of a safe temporary-file creation capability in the Singular language. | -- | Sep 10, 2022 |
| CVE-2022-40297 | UBports Ubuntu Touch 16.04 allows the screen-unlock passcode to be used for a privileged shell via Sudo. This passcode is only four digits, far below typical length/complexity for a user account\'s password. NOTE: a third party states The described attack cannot be executed as demonstrated. | -- | Sep 9, 2022 |
| CVE-2022-40281 | An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). cyassl_connect_step2 in curl/vtls/cyassl.c has a missing X509_free after SSL_get_peer_certificate, leading to information disclosure. | -- | Sep 9, 2022 |
| CVE-2022-40280 | An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). createDB in security/provisioning/src/provisioningdatabasemanager.c has a missing sqlite3_close after sqlite3_open_v2, leading to a denial of service. | -- | Sep 9, 2022 |
| CVE-2022-40191 | Authenticated (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in Ali Khallad\'s Contact Form By Mega Forms plugin <= 1.2.4 at WordPress. | -- | Sep 10, 2022 |
| CVE-2022-40133 | A use-after-free(UAF) vulnerability was found in function \'vmw_execbuf_tie_context\' in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel\'s vmwgfx driver with device file \'/dev/dri/renderD128 (or Dxxx)\'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS). | -- | Sep 9, 2022 |
| CVE-2022-40112 | TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 is vulnerable Buffer Overflow via the hostname parameter in binary /bin/boa. | -- | Sep 9, 2022 |
| CVE-2022-40111 | In TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 in the shadow.sample file, root is hardcoded in the firmware. | -- | Sep 9, 2022 |
| CVE-2022-40110 | TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 is vulnerable to Buffer Overflow via /bin/boa. | -- | Sep 8, 2022 |
| CVE-2022-40109 | TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 is vulnerable to Insecure Permissions via binary /bin/boa. | -- | Sep 9, 2022 |
| CVE-2022-40023 | Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. This also affects babelplugin and linguaplugin. | -- | Sep 10, 2022 |
| CVE-2022-39846 | DLL hijacking vulnerability in Smart Switch PC prior to version 4.3.22083_3 allows attacker to execute arbitrary code. | -- | Sep 9, 2022 |
| CVE-2022-39845 | Improper validation of integrity check vulnerability in Samsung Kies prior to version 2.6.4.22074 allows local attackers to delete arbitrary directory using directory junction. | -- | Sep 9, 2022 |
| CVE-2022-39844 | Improper validation of integrity check vulnerability in Smart Switch PC prior to version 4.3.22083 allows local attackers to delete arbitrary directory using directory junction. | -- | Sep 9, 2022 |
| CVE-2022-39843 | 123elf Lotus 1-2-3 before 1.0.0rc3 for Linux, and Lotus 1-2-3 R3 for UNIX and other platforms through 9.8.2, allow attackers to execute arbitrary code via a crafted worksheet. This occurs because of a stack-based buffer overflow in the cell format processing routines, as demonstrated by a certain function call from process_fmt() that can be reached via a w3r_format element in a wk3 document. | -- | Sep 9, 2022 |
| CVE-2022-39842 | An issue was discovered in the Linux kernel before 5.19. In pxa3xx_gcu_write in drivers/video/fbdev/pxa3xx-gcu.c, the count parameter has a type conflict of size_t versus int, causing an integer overflow and bypassing the size check. After that, because it is used as the third argument to copy_from_user(), a heap overflow may occur. NOTE: the original discoverer disputes that the overflow can actually happen. | -- | Sep 9, 2022 |
| CVE-2022-39840 | Cotonti Siena 0.9.20 allows admins to conduct stored XSS attacks via a direct message (DM). | -- | Sep 8, 2022 |
| CVE-2022-39839 | Cotonti Siena 0.9.20 allows admins to conduct stored XSS attacks via a forum post. | -- | Sep 8, 2022 |
| CVE-2022-39838 | Systematic FIX Adapter (ALFAFX) 2.4.0.25 13/09/2017 allows remote file inclusion via a UNC share pathname, and also allows absolute path traversal to local pathnames. | -- | Sep 9, 2022 |
| CVE-2022-39832 | An issue was discovered in PSPP 1.6.2. There is a heap-based buffer overflow at the function read_string in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact. | -- | Sep 9, 2022 |
| CVE-2022-39831 | An issue was discovered in PSPP 1.6.2. There is a heap-based buffer overflow at the function read_bytes_internal in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact. This issue is different from CVE-2018-20230. | -- | Sep 9, 2022 |
| CVE-2022-39830 | sign_pFwInfo in Samsung mTower through 0.3.0 has a missing check on the return value of EC_KEY_set_public_key_affine_coordinates, leading to a denial of service. | -- | Sep 8, 2022 |
| CVE-2022-39829 | There is a NULL pointer dereference in aes256_encrypt in Samsung mTower through 0.3.0 due to a missing check on the return value of EVP_CIPHER_CTX_new. | -- | Sep 8, 2022 |
