Search Results (363090 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-25817 1 Google 1 Android 2024-11-21 4 Medium
Improper authentication in One UI Home prior to SMR Mar-2022 Release 1 allows attacker to generate pinned-shortcut without user consent.
CVE-2022-25816 1 Google 1 Android 2024-11-21 4.1 Medium
Improper authentication in Samsung Lock and mask apps setting prior to SMR Mar-2022 Release 1 allows attacker to change enable/disable without authentication
CVE-2022-25815 1 Google 1 Android 2024-11-21 5.5 Medium
PendingIntent hijacking vulnerability in Weather application prior to SMR Mar-2022 Release 1 allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent.
CVE-2022-25814 1 Google 1 Android 2024-11-21 5.5 Medium
PendingIntent hijacking vulnerability in Wearable Manager Installer prior to SMR Mar-2022 Release 1 allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent.
CVE-2022-25813 1 Apache 1 Ofbiz 2024-11-21 7.5 High
In Apache OFBiz, versions 18.12.05 and earlier, an attacker acting as an anonymous user of the ecommerce plugin, can insert a malicious content in a message “Subject” field from the "Contact us" page. Then a party manager needs to list the communications in the party component to activate the SSTI. A RCE is then possible.
CVE-2022-25812 1 Transposh 1 Transposh Wordpress Translation 2024-11-21 7.2 High
The Transposh WordPress Translation WordPress plugin before 1.0.8 does not validate its debug settings, which could allow allowing high privilege users such as admin to perform RCE
CVE-2022-25811 1 Transposh 1 Transposh Wordpress Translation 2024-11-21 7.2 High
The Transposh WordPress Translation WordPress plugin through 1.0.8 does not sanitise and escape the order and orderby parameters before using them in a SQL statement, leading to a SQL injection
CVE-2022-25810 1 Transposh 1 Transposh Wordpress Translation 2024-11-21 6.5 Medium
The Transposh WordPress Translation WordPress plugin through 1.0.8 exposes a couple of sensitive actions such has “tp_reset” under the Utilities tab (/wp-admin/admin.php?page=tp_utils), which can be used/executed as the lowest-privileged user. Basically all Utilities functionalities are vulnerable this way, which involves resetting configurations and backup/restore operations.
CVE-2022-25809 1 Amazon 2 Echo Dot, Echo Dot Firmware 2024-11-21 9.8 Critical
Improper Neutralization of audio output from 3rd and 4th Generation Amazon Echo Dot devices allows arbitrary voice command execution on these devices via a malicious skill (in the case of remote attackers) or by pairing a malicious Bluetooth device (in the case of physically proximate attackers), aka an "Alexa versus Alexa (AvA)" attack.
CVE-2022-25807 1 Igel 1 Universal Management Suite 2024-11-21 5.5 Medium
An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. A hardcoded DES key in the LDAPDesPWEncrypter class allows an attacker, who has discovered encrypted LDAP bind credentials, to decrypt those credentials using a static 8-byte DES key.
CVE-2022-25806 1 Igel 1 Universal Management Suite 2024-11-21 8.8 High
An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. A hardcoded DES key in the PrefDBCredentials class allows an attacker, who has discovered encrypted superuser credentials, to decrypt those credentials using a static 8-byte DES key.
CVE-2022-25805 1 Igel 1 Universal Management Suite 2024-11-21 6.5 Medium
An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. The transmission of cleartext LDAP bind credentials by the cmd_mgt_load_mgt_tree command allows an attacker (who can intercept or inspect traffic between an authenticated UMS client and server) to compromise those LDAP bind credentials.
CVE-2022-25804 1 Igel 1 Universal Management Suite 2024-11-21 5.5 Medium
An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. Insecure permissions for the serverconfig registry key (under JavaSoft\Prefs\de\igel\rm\config in HKEY_LOCAL_MACHINE\SOFTWARE) allow an unprivileged local attacker to read the encrypted dbuser and dbpassword values for the UMS superuser.
CVE-2022-25803 1 Bestpractical 1 Request Tracker 2024-11-21 6.1 Medium
Best Practical Request Tracker (RT) before 5.0.3 has an Open Redirect via a ticket search.
CVE-2022-25802 1 Bestpractical 1 Request Tracker 2024-11-21 6.1 Medium
Best Practical Request Tracker (RT) before 4.4.6 and 5.x before 5.0.3 allows XSS via a crafted content type for an attachment.
CVE-2022-25801 1 Bestpractical 1 Request Tracker For Incident Response 2024-11-21 9.1 Critical
Best Practical RT for Incident Response (RTIR) before 4.0.3 and 5.x before 5.0.3 allows SSRF via Scripted Action tools.
CVE-2022-25800 1 Bestpractical 1 Request Tracker For Incident Response 2024-11-21 9.1 Critical
Best Practical RT for Incident Response (RTIR) before 4.0.3 and 5.x before 5.0.3 allows SSRF via the whois lookup tool.
CVE-2022-25799 1 Cert 1 Vince 2024-11-21 6.1 Medium
An open redirect vulnerability exists in CERT/CC VINCE software prior to 1.50.0. An attacker could send a link that has a specially crafted URL and convince the user to click the link. When an authenticated user clicks the link, the authenticated user's browser could be redirected to a malicious site that is designed to impersonate a legitimate website. The attacker could trick the user and potentially acquire sensitive information such as the user's credentials.
CVE-2022-25797 1 Autodesk 1 Dwg Trueview 2024-11-21 7.8 High
A maliciously crafted PDF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to dereference for a write beyond the allocated buffer while parsing PDF files. The vulnerability exists because the application fails to handle a crafted PDF file, which causes an unhandled exception.
CVE-2022-25796 1 Autodesk 1 Navisworks 2024-11-21 7.8 High
A Double Free vulnerability allows remote malicious actors to execute arbitrary code on DWF file in Autodesk Navisworks 2022 within affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.