CVE List - 2022 / October
Showing 301 - 400 of 1849 CVEs for October 2022 (Page 4 of 19)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-20416 | 2022-10-11 | In audioTransportsToHal of HidlUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution... |
| CVE-2022-20417 | 2022-10-11 | In audioTransportsToHal of HidlUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution... |
| CVE-2022-20418 | 2022-10-11 | In pickStartSeq of AAVCAssembler.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges... |
| CVE-2022-20419 | 2022-10-11 | In setOptions of ActivityRecord.java, there is a possible load any arbitrary Java code into launcher process due to a logic error in the code. This could lead to local escalation... |
| CVE-2022-20420 | 2022-10-11 | In getBackgroundRestrictionExemptionReason of AppRestrictionController.java, there is a possible way to bypass device policy restrictions due to a logic error in the code. This could lead to local escalation of privilege... |
| CVE-2022-20421 | 2022-10-11 | In binder_inc_ref_for_node of binder.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution... |
| CVE-2022-20422 | 2022-10-11 | In emulation_proc_handler of armv8_deprecated.c, there is a possible way to corrupt memory due to a race condition. This could lead to local escalation of privilege with no additional execution privileges... |
| CVE-2022-20423 | 2022-10-11 | In rndis_set_response of rndis.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege if a malicious USB device... |
| CVE-2022-20425 | 2022-10-11 | In addAutomaticZenRule of ZenModeHelper.java, there is a possible permanent degradation of performance due to resource exhaustion. This could lead to local denial of service with User execution privileges needed. User... |
| CVE-2022-20429 | 2022-10-11 | In CarSettings of app packages, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege in Bluetooth settings with no additional... |
| CVE-2022-20430 | 2022-10-11 | There is an missing authorization issue in the system service. Since the component does not have permission check , resulting in Local Elevation of privilege.Product: AndroidVersions: Android SoCAndroid ID: A-242221233 |
| CVE-2022-20431 | 2022-10-11 | There is an missing authorization issue in the system service. Since the component does not have permission check , resulting in Local Elevation of privilege.Product: AndroidVersions: Android SoCAndroid ID: A-242221238 |
| CVE-2022-20432 | 2022-10-11 | There is an missing authorization issue in the system service. Since the component does not have permission check and permission protection,, resulting in Local Elevation of privilege.Product: AndroidVersions: Android SoCAndroid... |
| CVE-2022-20433 | 2022-10-11 | There is an missing authorization issue in the system service. Since the component does not have permission check , resulting in Local Elevation of privilege.Product: AndroidVersions: Android SoCAndroid ID: A-242221901 |
| CVE-2022-20434 | 2022-10-11 | There is an missing authorization issue in the system service. Since the component does not have permission check , resulting in Local Elevation of privilege.Product: AndroidVersions: Android SoCAndroid ID: A-242244028 |
| CVE-2022-20435 | 2022-10-11 | There is a Unauthorized service in the system service, may cause the system reboot. Since the component does not have permission check and permission protection, resulting in EoP problem.Product: AndroidVersions:... |
| CVE-2022-20436 | 2022-10-11 | There is an unauthorized service in the system service. Since the component does not have permission check, resulting in Local Elevation of privilege.Product: AndroidVersions: Android SoCAndroid ID: A-242248369 |
| CVE-2022-20437 | 2022-10-11 | In Messaging, There has unauthorized broadcast, this could cause Local Deny of Service.Product: AndroidVersions: Android SoCAndroid ID: A-242258929 |
| CVE-2022-20438 | 2022-10-11 | In Messaging, There has unauthorized broadcast, this could cause Local Deny of Service.Product: AndroidVersions: Android SoCAndroid ID: A-242259920 |
| CVE-2022-20439 | 2022-10-11 | In Messaging, There has unauthorized provider, this could cause Local Deny of Service.Product: AndroidVersions: Android SoCAndroid ID: A-242266172 |
| CVE-2022-20440 | 2022-10-11 | In Messaging, There has unauthorized broadcast, this could cause Local Deny of Service.Product: AndroidVersions: Android SoCAndroid ID: A-242259918 |
| CVE-2022-22035 | 2022-10-11 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability |
| CVE-2022-24504 | 2022-10-11 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability |
| CVE-2022-28866 | 2022-10-11 | Multiple Improper Access Control was discovered in Nokia AirFrame BMC Web GUI < R18 Firmware v4.13.00. It does not properly validate requests for access to (or editing of) data and... |
| CVE-2022-30198 | 2022-10-11 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability |
| CVE-2022-3140 | 2022-10-11 | Macro URL arbitrary script execution |
| CVE-2022-31682 | 2022-10-11 | VMware Aria Operations contains an arbitrary file read vulnerability. A malicious actor with administrative privileges may be able to read arbitrary files containing sensitive data. |
| CVE-2022-32234 | 2022-10-11 | An out of bounds write in hermes, while handling large arrays, prior to commit 06eaec767e376bfdb883d912cb15e987ddf2bda1 allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only... |
| CVE-2022-33634 | 2022-10-11 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability |
| CVE-2022-33635 | 2022-10-11 | Windows GDI+ Remote Code Execution Vulnerability |
| CVE-2022-33645 | 2022-10-11 | Windows TCP/IP Driver Denial of Service Vulnerability |
| CVE-2022-33746 | 2022-10-11 | P2M pool freeing may take excessively long The P2M pool backing second level address translation for guests may be of significant size. Therefore its freeing may take more time than... |
| CVE-2022-33747 | 2022-10-11 | Arm: unbounded memory consumption for 2nd-level page tables Certain actions require e.g. removing pages from a guest's P2M (Physical-to-Machine) mapping. When large pages are in use to map guest pages... |
| CVE-2022-33748 | 2022-10-11 | lock order inversion in transitive grant copy handling As part of XSA-226 a missing cleanup call was inserted on an error handling path. While doing so, locking requirements were not... |
| CVE-2022-33749 | 2022-10-11 | XAPI open file limit DoS It is possible for an unauthenticated client on the network to cause XAPI to hit its file-descriptor limit. This causes XAPI to be unable to... |
| CVE-2022-34689 | 2022-10-11 | Windows CryptoAPI Spoofing Vulnerability |
| CVE-2022-35226 | 2022-10-11 | SAP Data Services Management allows an attacker to copy the data from a request and echoed into the application's immediate response, it will lead to a Cross-Site Scripting vulnerability. The... |
| CVE-2022-35289 | 2022-10-11 | A write-what-where condition in hermes caused by an integer overflow, prior to commit 5b6255ae049fa4641791e47fad994e8e8c4da374 allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable... |
| CVE-2022-35296 | 2022-10-11 | Under certain conditions, the application SAP BusinessObjects Business Intelligence Platform (Version Management System) exposes sensitive information to an actor over the network with high privileges that is not explicitly authorized... |
| CVE-2022-35297 | 2022-10-11 | The application SAP Enable Now does not sufficiently encode user-controlled inputs over the network before it is placed in the output being served to other users, thereby expanding the attack... |
| CVE-2022-35299 | 2022-10-11 | SAP SQL Anywhere - version 17.0, and SAP IQ - version 16.1, allows an attacker to leverage logical errors in memory management to cause a memory corruption, such as Stack-based... |
| CVE-2022-35770 | 2022-10-11 | Windows NTLM Spoofing Vulnerability |
| CVE-2022-35829 | 2022-10-11 | Service Fabric Explorer Spoofing Vulnerability |
| CVE-2022-36360 | 2022-10-11 | A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Affected devices load firmware updates without checking the authenticity. Furthermore the integrity of the... |
| CVE-2022-36361 | 2022-10-11 | A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA1) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA1) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA1) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA1) (All... |
| CVE-2022-36362 | 2022-10-11 | A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions), LOGO! 12/24RCE (6ED1052-1MD08-0BA2) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA1) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA2) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA1) (All... |
| CVE-2022-36363 | 2022-10-11 | A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA1) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA1) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA1) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA1) (All... |
| CVE-2022-37609 | 2022-10-11 | Prototype pollution vulnerability in beautify-web js-beautify 1.13.7 via the name variable in options.js. |
| CVE-2022-37616 | 2022-10-11 | A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom (published as @xmldom/xmldom) package before 0.8.3 for Node.js via the p variable. NOTE: the vendor states... |
| CVE-2022-37617 | 2022-10-11 | Prototype pollution vulnerability in function resolveShims in resolve-shims.js in thlorenz browserify-shim 3.8.15 via the k variable in resolve-shims.js. |
| CVE-2022-37864 | 2022-10-11 | A vulnerability has been identified in Solid Edge (All Versions < SE2022MP9). The affected application contains an out of bounds write past the fixed-length heap-based buffer while parsing specially crafted... |
| CVE-2022-37965 | 2022-10-11 | Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability |
| CVE-2022-37968 | 2022-10-11 | Azure Arc-enabled Kubernetes cluster Connect Elevation of Privilege Vulnerability |
| CVE-2022-37970 | 2022-10-11 | Windows DWM Core Library Elevation of Privilege Vulnerability |
| CVE-2022-37971 | 2022-10-11 | Microsoft Windows Defender Elevation of Privilege Vulnerability |
| CVE-2022-37973 | 2022-10-11 | Windows Local Session Manager (LSM) Denial of Service Vulnerability |
| CVE-2022-37974 | 2022-10-11 | Windows Mixed Reality Developer Tools Information Disclosure Vulnerability |
| CVE-2022-37975 | 2022-10-11 | Windows Group Policy Elevation of Privilege Vulnerability |
| CVE-2022-37976 | 2022-10-11 | Active Directory Certificate Services Elevation of Privilege Vulnerability |
| CVE-2022-37977 | 2022-10-11 | Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability |
| CVE-2022-37978 | 2022-10-11 | Windows Active Directory Certificate Services Security Feature Bypass |
| CVE-2022-37979 | 2022-10-11 | Windows Hyper-V Elevation of Privilege Vulnerability |
| CVE-2022-37980 | 2022-10-11 | Windows DHCP Client Elevation of Privilege Vulnerability |
| CVE-2022-37981 | 2022-10-11 | Windows Event Logging Service Denial of Service Vulnerability |
| CVE-2022-37982 | 2022-10-11 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
| CVE-2022-37983 | 2022-10-11 | Microsoft DWM Core Library Elevation of Privilege Vulnerability |
| CVE-2022-37984 | 2022-10-11 | Windows WLAN Service Elevation of Privilege Vulnerability |
| CVE-2022-37985 | 2022-10-11 | Windows Graphics Component Information Disclosure Vulnerability |
| CVE-2022-37986 | 2022-10-11 | Windows Win32k Elevation of Privilege Vulnerability |
| CVE-2022-37987 | 2022-10-11 | Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability |
| CVE-2022-37988 | 2022-10-11 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2022-37989 | 2022-10-11 | Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability |
| CVE-2022-37990 | 2022-10-11 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2022-37991 | 2022-10-11 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2022-37993 | 2022-10-11 | Windows Group Policy Preference Client Elevation of Privilege Vulnerability |
| CVE-2022-37994 | 2022-10-11 | Windows Group Policy Preference Client Elevation of Privilege Vulnerability |
| CVE-2022-37995 | 2022-10-11 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2022-37996 | 2022-10-11 | Windows Kernel Memory Information Disclosure Vulnerability |
| CVE-2022-37997 | 2022-10-11 | Windows Graphics Component Elevation of Privilege Vulnerability |
| CVE-2022-37998 | 2022-10-11 | Windows Local Session Manager (LSM) Denial of Service Vulnerability |
| CVE-2022-37999 | 2022-10-11 | Windows Group Policy Preference Client Elevation of Privilege Vulnerability |
| CVE-2022-38000 | 2022-10-11 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability |
| CVE-2022-38001 | 2022-10-11 | Microsoft Office Spoofing Vulnerability |
| CVE-2022-38003 | 2022-10-11 | Windows Resilient File System Elevation of Privilege |
| CVE-2022-38016 | 2022-10-11 | Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability |
| CVE-2022-38017 | 2022-10-11 | StorSimple 8000 Series Elevation of Privilege Vulnerability |
| CVE-2022-38021 | 2022-10-11 | Connected User Experiences and Telemetry Elevation of Privilege Vulnerability |
| CVE-2022-38022 | 2022-10-11 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2022-38025 | 2022-10-11 | Windows Distributed File System (DFS) Information Disclosure Vulnerability |
| CVE-2022-38026 | 2022-10-11 | Windows DHCP Client Information Disclosure Vulnerability |
| CVE-2022-38027 | 2022-10-11 | Windows Storage Elevation of Privilege Vulnerability |
| CVE-2022-38029 | 2022-10-11 | Windows ALPC Elevation of Privilege Vulnerability |
| CVE-2022-38030 | 2022-10-11 | Windows USB Serial Driver Information Disclosure Vulnerability |
| CVE-2022-38031 | 2022-10-11 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
| CVE-2022-38032 | 2022-10-11 | Windows Portable Device Enumerator Service Security Feature Bypass Vulnerability |
| CVE-2022-38033 | 2022-10-11 | Windows Server Remotely Accessible Registry Keys Information Disclosure Vulnerability |
| CVE-2022-38034 | 2022-10-11 | Windows Workstation Service Elevation of Privilege Vulnerability |
| CVE-2022-38036 | 2022-10-11 | Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability |
| CVE-2022-38037 | 2022-10-11 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2022-38038 | 2022-10-11 | Windows Kernel Elevation of Privilege Vulnerability |