Vulnerabilities (CVE)

Filtered by CWE-755
Total 479 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-32658 1 Mediatek 20 Mt7603, Mt7603 Firmware, Mt7613 and 17 more 2024-11-21 N/A 6.7 MEDIUM
In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220705059; Issue ID: GN20220705059.
CVE-2022-32657 1 Mediatek 20 Mt7603, Mt7603 Firmware, Mt7613 and 17 more 2024-11-21 N/A 6.7 MEDIUM
In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220705042; Issue ID: GN20220705042.
CVE-2022-32655 1 Mediatek 60 Mt5221, Mt5221 Firmware, Mt7603 and 57 more 2024-11-21 N/A 6.7 MEDIUM
In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220705028; Issue ID: GN20220705028.
CVE-2022-32264 1 Freebsd 1 Freebsd 2024-11-21 N/A 7.5 HIGH
** UNSUPPORTED WHEN ASSIGNED ** sys/netinet/tcp_timer.h in FreeBSD before 7.0 contains a denial-of-service (DoS) vulnerability due to improper handling of TSopt on TCP connections. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2022-31799 3 Bottlepy, Debian, Fedoraproject 3 Bottle, Debian Linux, Fedora 2024-11-21 7.5 HIGH 9.8 CRITICAL
Bottle before 0.12.20 mishandles errors during early request binding.
CVE-2022-31152 1 Matrix 1 Synapse 2024-11-21 N/A 6.4 MEDIUM
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix specification specifies a list of [event authorization rules](https://spec.matrix.org/v1.2/rooms/v9/#authorization-rules) which must be checked when determining if an event should be accepted into a room. In versions of Synapse up to and including version 1.61.0, some of these rules are not correctly applied. An attacker could craft events which would be accepted by Synapse but not a spec-conformant server, potentially causing divergence in the room state between servers. Administrators of homeservers with federation enabled are advised to upgrade to version 1.62.0 or higher. Federation can be disabled by setting [`federation_domain_whitelist`](https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#federation_domain_whitelist) to an empty list (`[]`) as a workaround.
CVE-2022-30727 1 Google 1 Android 2024-11-21 2.1 LOW 6.2 MEDIUM
Improper handling of insufficient permissions vulnerability in addAppPackageNameToAllowList in PersonaManagerService prior to SMR Jun-2022 Release 1 allows local attackers to set some setting value in work space.
CVE-2022-30725 1 Google 1 Android 2024-11-21 3.3 LOW 4.0 MEDIUM
Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in sendIntentSessionError function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device.
CVE-2022-30724 1 Google 1 Android 2024-11-21 3.3 LOW 4.0 MEDIUM
Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in sendIntentSessionCompleted function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device.
CVE-2022-30723 1 Google 1 Android 2024-11-21 3.3 LOW 4.0 MEDIUM
Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in activateVoiceRecognitionWithDevice function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device.
CVE-2022-30716 1 Google 1 Android 2024-11-21 5.0 MEDIUM 4.0 MEDIUM
Unprotected broadcast in sendIntentForToastDumpLog in DisplayToast prior to SMR Jun-2022 Release 1 allows untrusted applications to access toast message information from device.
CVE-2022-29617 1 Sap 1 Contributor License Agreement Assistant 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
Due to improper error handling an authenticated user can crash CLA assistant instance. This could impact the availability of the application.
CVE-2022-29493 1 Intel 248 Baseboard Management Controller Firmware, C252, C256 and 245 more 2024-11-21 N/A 4.5 MEDIUM
Uncaught exception in webserver for the Integrated BMC in some Intel(R) platforms before versions 2.86, 2.09 and 2.78 may allow a privileged user to potentially enable denial of service via network access.
CVE-2022-29017 1 Axiosys 1 Bento4 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
Bento4 v1.6.0.0 was discovered to contain a segmentation fault via the component /x86_64/multiarch/strlen-avx2.S.
CVE-2022-27978 1 Tooljet 1 Tooljet 2024-11-21 N/A 7.5 HIGH
Tooljet v1.6 does not properly handle missing values in the API, allowing attackers to arbitrarily reset passwords via a crafted HTTP request.
CVE-2022-27872 1 Autodesk 1 Navisworks 2024-11-21 6.8 MEDIUM 7.8 HIGH
A maliciously crafted PDF file may be used to dereference a pointer for read or write operation while parsing PDF files in Autodesk Navisworks 2022. The vulnerability exists because the application fails to handle a crafted PDF file, which causes an unhandled exception. An attacker can leverage this vulnerability to cause a crash or read sensitive data or execute arbitrary code.
CVE-2022-27841 1 Samsung 1 Samsung Pass 2024-11-21 1.9 LOW 4.3 MEDIUM
Improper exception handling in Samsung Pass prior to version 3.7.07.5 allows physical attacker to view the screen that is previously running without authentication
CVE-2022-27167 1 Eset 9 Endpoint Antivirus, Endpoint Security, File Security and 6 more 2024-11-21 3.6 LOW 7.1 HIGH
Privilege escalation vulnerability in Windows products of ESET, spol. s r.o. allows attacker to exploit "Repair" and "Uninstall" features what may lead to arbitrary file deletion. This issue affects: ESET, spol. s r.o. ESET NOD32 Antivirus 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Internet Security 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Smart Security Premium 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Endpoint Antivirus 6.0 versions prior to 9.0.2046.0. ESET, spol. s r.o. ESET Endpoint Security 6.0 versions prior to 9.0.2046.0. ESET, spol. s r.o. ESET Server Security for Microsoft Windows Server 8.0 versions prior to 9.0.12012.0. ESET, spol. s r.o. ESET File Security for Microsoft Windows Server 8.0.12013.0. ESET, spol. s r.o. ESET Mail Security for Microsoft Exchange Server 6.0 versions prior to 8.0.10020.0. ESET, spol. s r.o. ESET Mail Security for IBM Domino 6.0 versions prior to 8.0.14011.0. ESET, spol. s r.o. ESET Security for Microsoft SharePoint Server 6.0 versions prior to 8.0.15009.0.
CVE-2022-26509 3 Intel, Linux, Microsoft 3 Sgx Sdk, Linux Kernel, Windows 2024-11-21 N/A 2.5 LOW
Improper conditions check in the Intel(R) SGX SDK software may allow a privileged user to potentially enable information disclosure via local access.
CVE-2022-25917 1 Intel 5 M50cyp, M50cyp1ur204 Firmware, M50cyp1ur212 Firmware and 2 more 2024-11-21 N/A 6.0 MEDIUM
Uncaught exception in the firmware for some Intel(R) Server Board M50CYP Family before version R01.01.0005 may allow a privileged user to potentially enable a denial of service via local access.