| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2022-33981 |
416 |
|
DoS |
2022-06-18 |
2022-07-04 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function. |
|
2 |
CVE-2022-33953 |
522 |
|
+Info |
2022-06-24 |
2022-07-05 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
IBM Robotic Process Automation 21.0.1 and 21.0.2 could allow a user with psychical access to the system to obtain sensitive information due to insufficiently protected access tokens. IBM X-Force ID: 229198. |
|
3 |
CVE-2022-32296 |
203 |
|
|
2022-06-05 |
2022-07-04 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. |
|
4 |
CVE-2022-31759 |
824 |
|
|
2022-06-13 |
2022-06-18 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
AppLink has a vulnerability of accessing uninitialized pointers. Successful exploitation of this vulnerability may affect system availability. |
|
5 |
CVE-2022-31756 |
|
|
|
2022-06-13 |
2022-06-18 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The fingerprint sensor module has design defects. Successful exploitation of this vulnerability may affect data confidentiality. |
|
6 |
CVE-2022-31755 |
281 |
|
|
2022-06-13 |
2022-06-18 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The communication module has a vulnerability of improper permission preservation. Successful exploitation of this vulnerability may affect system availability. |
|
7 |
CVE-2022-31752 |
862 |
|
|
2022-06-13 |
2022-06-18 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Missing authorization vulnerability in the system components. Successful exploitation of this vulnerability will affect confidentiality. |
|
8 |
CVE-2022-31624 |
404 |
|
DoS |
2022-05-25 |
2022-05-31 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock. |
|
9 |
CVE-2022-31623 |
667 |
|
DoS |
2022-05-25 |
2022-05-31 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (i.e., going to the err label) while executing the method create_worker_threads, the held lock thd->ctrl_mutex is not released correctly, which allows local users to trigger a denial of service due to the deadlock. |
|
10 |
CVE-2022-31622 |
404 |
|
DoS |
2022-05-25 |
2022-05-31 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock. |
|
11 |
CVE-2022-31621 |
667 |
|
DoS |
2022-05-25 |
2022-05-31 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_xbstream.cc, when an error occurs (stream_ctxt->dest_file == NULL) while executing the method xbstream_open, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock. |
|
12 |
CVE-2022-31072 |
276 |
|
|
2022-06-15 |
2022-06-27 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
Octokit is a Ruby toolkit for the GitHub API. Versions 4.23.0 and 4.24.0 of the octokit gem were published containing world-writeable files. Specifically, the gem was packed with files having their permissions set to `-rw-rw-rw-` (i.e. 0666) instead of `rw-r--r--` (i.e. 0644). This means everyone who is not the owner (Group and Public) with access to the instance where this release had been installed could modify the world-writable files from this gem. This issue is patched in Octokit 4.25.0. Two workarounds are available. Users can use the previous version of the gem, v4.22.0. Alternatively, users can modify the file permissions manually until they are able to upgrade to the latest version. |
|
13 |
CVE-2022-31071 |
276 |
|
|
2022-06-15 |
2022-06-27 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
Octopoller is a micro gem for polling and retrying. Version 0.2.0 of the octopoller gem was published containing world-writeable files. Specifically, the gem was packed with files having their permissions set to `-rw-rw-rw-` (i.e. 0666) instead of `rw-r--r--` (i.e. 0644). This means everyone who is not the owner (Group and Public) with access to the instance where this release had been installed could modify the world-writable files from this gem. This issue is patched in Octopoller 0.3.0. Two workarounds are available. Users can use the previous version of the gem, v0.1.0. Alternatively, users can modify the file permissions manually until they are able to upgrade to the latest version. |
|
14 |
CVE-2022-31059 |
79 |
|
XSS |
2022-06-14 |
2022-06-23 |
2.1 |
None |
Remote |
High |
??? |
None |
Partial |
None |
|
Discourse Calendar is a calendar plugin for Discourse, an open-source messaging app. Prior to version 1.0.1, parsing and rendering of Event names can be susceptible to cross-site scripting (XSS) attacks. This vulnerability only affects sites which have modified or disabled Discourse’s default Content Security Policy. This issue is patched in version 1.0.1 of the Discourse Calendar plugin. As a workaround, ensure that the Content Security Policy is enabled, and has not been modified in a way which would make it more vulnerable to XSS attacks. |
|
15 |
CVE-2022-31030 |
400 |
|
|
2022-06-09 |
2022-06-16 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
containerd is an open source container runtime. A bug was found in the containerd's CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the `ExecSync` API. This can cause containerd to consume all available memory on the computer, denying service to other legitimate workloads. Kubernetes and crictl can both be configured to use containerd's CRI implementation; `ExecSync` may be used when running probes or when executing processes via an "exec" facility. This bug has been fixed in containerd 1.6.6 and 1.5.13. Users should update to these versions to resolve the issue. Users unable to upgrade should ensure that only trusted images and commands are used. |
|
16 |
CVE-2022-31022 |
306 |
|
|
2022-06-01 |
2022-06-09 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
Bleve is a text indexing library for go. Bleve includes HTTP utilities under bleve/http package, that are used by its sample application. These HTTP methods pave way for exploitation of a node’s filesystem where the bleve index resides, if the user has used bleve’s own HTTP (bleve/http) handlers for exposing the access to the indexes. For instance, the CreateIndexHandler (`http/index_create.go`) and DeleteIndexHandler (`http/index_delete.go`) enable an attacker to create a bleve index (directory structure) anywhere where the user running the server has the write permissions and to delete recursively any directory owned by the same user account. Users who have used the bleve/http package for exposing access to bleve index without the explicit handling for the Role Based Access Controls(RBAC) of the index assets would be impacted by this issue. There is no patch for this issue because the http package is purely intended to be used for demonstration purposes. Bleve was never designed handle the RBACs, nor it was ever advertised to be used in that way. The collaborators of this project have decided to stay away from adding any authentication or authorization to bleve project at the moment. The bleve/http package is mainly for demonstration purposes and it lacks exhaustive validation of the user inputs as well as any authentication and authorization measures. It is recommended to not use bleve/http in production use cases. |
|
17 |
CVE-2022-30973 |
|
|
DoS |
2022-05-31 |
2022-06-28 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
|
We failed to apply the fix for CVE-2022-30126 to the 1.x branch in the 1.28.2 release. In Apache Tika, a regular expression in the StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only affects users who are running the StandardsExtractingContentHandler, which is a non-standard handler. This is fixed in 1.28.3. |
|
18 |
CVE-2022-30748 |
|
|
|
2022-06-07 |
2022-06-14 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Unprotected dynamic receiver in Samsung Members prior to version 4.2.005 allows attacker to launch arbitrary activity. |
|
19 |
CVE-2022-30747 |
276 |
|
|
2022-06-07 |
2022-06-14 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
PendingIntent hijacking vulnerability in Smart Things prior to 1.7.85.25 allows local attackers to access files without permission via implicit Intent. |
|
20 |
CVE-2022-30745 |
863 |
|
|
2022-06-07 |
2022-06-14 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Improper access control vulnerability in Quick Share prior to version 13.1.2.4 allows attacker to access internal files in Quick Share. |
|
21 |
CVE-2022-30742 |
532 |
|
|
2022-06-07 |
2022-06-13 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Sensitive information exposure vulnerability in FmmExtraOperation of Find My Mobile prior to 7.2.24.12 allows local attackers with log access permissio to get sim card information through device log. |
|
22 |
CVE-2022-30741 |
532 |
|
|
2022-06-07 |
2022-06-13 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Sensitive information exposure vulnerability in SimChangeAlertManger of Find My Mobile prior to 7.2.24.12 allows local attackers with log access permission to get sim card information through device log. |
|
23 |
CVE-2022-30740 |
922 |
|
|
2022-06-07 |
2022-06-13 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Improper auto-fill algorithm in Samsung Internet prior to version 17.0.1.69 allows physical attackers to guess stored credit card numbers. |
|
24 |
CVE-2022-30731 |
862 |
|
|
2022-06-07 |
2022-06-13 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Improper access control vulnerability in My Files prior to version 13.1.00.193 allows attackers to access arbitrary private files in My Files application. |
|
25 |
CVE-2022-30730 |
863 |
|
|
2022-06-07 |
2022-06-14 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Improper authorization in Samsung Pass prior to 1.0.00.33 allows physical attackers to acess account list without authentication. |
|
26 |
CVE-2022-30729 |
|
|
|
2022-06-07 |
2022-06-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Implicit Intent hijacking vulnerability in Settings prior to SMR Jun-2022 Release 1 allows attackers to get Wi-Fi SSID and password via a malicious QR code scanner. |
|
27 |
CVE-2022-30728 |
668 |
|
|
2022-06-07 |
2022-06-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Information exposure vulnerability in ScanPool prior to SMR Jun-2022 Release 1 allows local attackers to get MAC address information. |
|
28 |
CVE-2022-30727 |
755 |
|
|
2022-06-07 |
2022-06-11 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
Improper handling of insufficient permissions vulnerability in addAppPackageNameToAllowList in PersonaManagerService prior to SMR Jun-2022 Release 1 allows local attackers to set some setting value in work space. |
|
29 |
CVE-2022-30714 |
668 |
|
|
2022-06-07 |
2022-06-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Information exposure vulnerability in SemIWCMonitor prior to SMR Jun-2022 Release 1 allows local attackers to get MAC address information. |
|
30 |
CVE-2022-30702 |
125 |
|
|
2022-06-09 |
2022-06-16 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Trend Micro Security 2022 and 2021 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure vulnerability that could allow an attacker to disclose sensitive information on an affected machine. |
|
31 |
CVE-2022-30552 |
120 |
|
Overflow |
2022-06-08 |
2022-06-16 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Das U-Boot 2022.01 has a Buffer Overflow. |
|
32 |
CVE-2022-30503 |
|
|
|
2022-06-02 |
2022-06-10 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_set_number at src/njs_value.h. |
|
33 |
CVE-2022-30162 |
|
|
|
2022-06-15 |
2022-06-25 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Windows Kernel Information Disclosure Vulnerability. |
|
34 |
CVE-2022-30154 |
269 |
|
|
2022-06-15 |
2022-06-24 |
2.1 |
None |
Remote |
High |
??? |
None |
Partial |
None |
|
Microsoft File Server Shadow Copy Agent Service (RVSS) Elevation of Privilege Vulnerability. |
|
35 |
CVE-2022-30148 |
532 |
|
|
2022-06-15 |
2022-06-27 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Windows Desired State Configuration (DSC) Information Disclosure Vulnerability. |
|
36 |
CVE-2022-29948 |
|
|
Bypass |
2022-06-10 |
2022-06-20 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Due to an insecure design, the Lepin EP-KP001 flash drive through KP001_V19 is vulnerable to an authentication bypass attack that enables an attacker to gain access to the stored encrypted data. Normally, the encrypted disk partition with this data is unlocked by entering the correct passcode (6 to 14 digits) via the keypad and pressing the Unlock button. This authentication is performed by an unknown microcontroller. By replacing this microcontroller on a target device with one from an attacker-controlled Lepin EP-KP001 whose passcode is known, it is possible to successfully unlock the target device and read the stored data in cleartext. |
|
37 |
CVE-2022-29868 |
312 |
|
Bypass |
2022-05-09 |
2022-05-18 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
1Password for Mac 7.2.4 through 7.9.x before 7.9.3 is vulnerable to a process validation bypass. Malicious software running on the same computer can exfiltrate secrets from 1Password provided that 1Password is running and is unlocked. Affected secrets include vault items and derived values used for signing in to 1Password. |
|
38 |
CVE-2022-29816 |
74 |
|
|
2022-04-28 |
2022-05-05 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
In JetBrains IntelliJ IDEA before 2022.1 HTML injection into IDE messages was possible |
|
39 |
CVE-2022-29812 |
|
|
|
2022-04-28 |
2022-05-05 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
In JetBrains IntelliJ IDEA before 2022.1 notification mechanisms about using Unicode directionality formatting characters were insufficient |
|
40 |
CVE-2022-29810 |
532 |
|
|
2022-04-27 |
2022-05-10 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The Hashicorp go-getter library before 1.5.11 does not redact an SSH key from a URL query parameter. |
|
41 |
CVE-2022-29780 |
|
|
|
2022-06-02 |
2022-06-09 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_array_prototype_sort at src/njs_array.c. |
|
42 |
CVE-2022-29779 |
|
|
|
2022-06-02 |
2022-06-09 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_value_own_enumerate at src/njs_value.c. |
|
43 |
CVE-2022-29302 |
552 |
|
|
2022-05-12 |
2022-05-20 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
SolarView Compact ver.6.00 was discovered to contain a local file disclosure via /html/Solar_Ftp.php. |
|
44 |
CVE-2022-29213 |
20 |
|
|
2022-05-21 |
2022-06-07 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the `tf.compat.v1.signal.rfft2d` and `tf.compat.v1.signal.rfft3d` lack input validation and under certain condition can result in crashes (due to `CHECK`-failures). Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. |
|
45 |
CVE-2022-29212 |
20 |
|
|
2022-05-21 |
2022-06-03 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, certain TFLite models that were created using TFLite model converter would crash when loaded in the TFLite interpreter. The culprit is that during quantization the scale of values could be greater than 1 but code was always assuming sub-unit scaling. Thus, since code was calling `QuantizeMultiplierSmallerThanOneExp`, the `TFLITE_CHECK_LT` assertion would trigger and abort the process. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. |
|
46 |
CVE-2022-29211 |
20 |
|
|
2022-05-21 |
2022-06-03 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.histogram_fixed_width` is vulnerable to a crash when the values array contain `Not a Number` (`NaN`) elements. The implementation assumes that all floating point operations are defined and then converts a floating point result to an integer index. If `values` contains `NaN` then the result of the division is still `NaN` and the cast to `int32` would result in a crash. This only occurs on the CPU implementation. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. |
|
47 |
CVE-2022-29210 |
120 |
|
|
2022-05-21 |
2022-06-03 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
TensorFlow is an open source platform for machine learning. In version 2.8.0, the `TensorKey` hash function used total estimated `AllocatedBytes()`, which (a) is an estimate per tensor, and (b) is a very poor hash function for constants (e.g. `int32_t`). It also tried to access individual tensor bytes through `tensor.data()` of size `AllocatedBytes()`. This led to ASAN failures because the `AllocatedBytes()` is an estimate of total bytes allocated by a tensor, including any pointed-to constructs (e.g. strings), and does not refer to contiguous bytes in the `.data()` buffer. The discoverers could not use this byte vector anyway because types such as `tstring` include pointers, whereas they needed to hash the string values themselves. This issue is patched in Tensorflow versions 2.9.0 and 2.8.1. |
|
48 |
CVE-2022-29209 |
843 |
|
|
2022-05-21 |
2022-06-03 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the macros that TensorFlow uses for writing assertions (e.g., `CHECK_LT`, `CHECK_GT`, etc.) have an incorrect logic when comparing `size_t` and `int` values. Due to type conversion rules, several of the macros would trigger incorrectly. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. |
|
49 |
CVE-2022-29207 |
20 |
|
|
2022-05-20 |
2022-06-02 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, multiple TensorFlow operations misbehave in eager mode when the resource handle provided to them is invalid. In graph mode, it would have been impossible to perform these API calls, but migration to TF 2.x eager mode opened up this vulnerability. If the resource handle is empty, then a reference is bound to a null pointer inside TensorFlow codebase (various codepaths). This is undefined behavior. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. |
|
50 |
CVE-2022-29206 |
20 |
|
|
2022-05-20 |
2022-06-02 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.SparseTensorDenseAdd` does not fully validate the input arguments. In this case, a reference gets bound to a `nullptr` during kernel execution. This is undefined behavior. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. |
