CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2022-33981 416 DoS 2022-06-18 2022-07-01
2.1
None Local Low Not required None None Partial
drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.
2 CVE-2022-32296 203 2022-06-05 2022-07-01
2.1
None Local Low Not required Partial None None
The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used.
3 CVE-2022-31759 824 2022-06-13 2022-06-18
2.1
None Local Low Not required None None Partial
AppLink has a vulnerability of accessing uninitialized pointers. Successful exploitation of this vulnerability may affect system availability.
4 CVE-2022-31756 2022-06-13 2022-06-18
2.1
None Local Low Not required Partial None None
The fingerprint sensor module has design defects. Successful exploitation of this vulnerability may affect data confidentiality.
5 CVE-2022-31755 281 2022-06-13 2022-06-18
2.1
None Local Low Not required None None Partial
The communication module has a vulnerability of improper permission preservation. Successful exploitation of this vulnerability may affect system availability.
6 CVE-2022-31752 862 2022-06-13 2022-06-18
2.1
None Local Low Not required Partial None None
Missing authorization vulnerability in the system components. Successful exploitation of this vulnerability will affect confidentiality.
7 CVE-2022-31624 404 DoS 2022-05-25 2022-05-31
2.1
None Local Low Not required None None Partial
MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock.
8 CVE-2022-31623 667 DoS 2022-05-25 2022-05-31
2.1
None Local Low Not required None None Partial
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (i.e., going to the err label) while executing the method create_worker_threads, the held lock thd->ctrl_mutex is not released correctly, which allows local users to trigger a denial of service due to the deadlock.
9 CVE-2022-31622 404 DoS 2022-05-25 2022-05-31
2.1
None Local Low Not required None None Partial
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock.
10 CVE-2022-31621 667 DoS 2022-05-25 2022-05-31
2.1
None Local Low Not required None None Partial
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_xbstream.cc, when an error occurs (stream_ctxt->dest_file == NULL) while executing the method xbstream_open, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock.
11 CVE-2022-31072 276 2022-06-15 2022-06-27
2.1
None Local Low Not required None Partial None
Octokit is a Ruby toolkit for the GitHub API. Versions 4.23.0 and 4.24.0 of the octokit gem were published containing world-writeable files. Specifically, the gem was packed with files having their permissions set to `-rw-rw-rw-` (i.e. 0666) instead of `rw-r--r--` (i.e. 0644). This means everyone who is not the owner (Group and Public) with access to the instance where this release had been installed could modify the world-writable files from this gem. This issue is patched in Octokit 4.25.0. Two workarounds are available. Users can use the previous version of the gem, v4.22.0. Alternatively, users can modify the file permissions manually until they are able to upgrade to the latest version.
12 CVE-2022-31071 276 2022-06-15 2022-06-27
2.1
None Local Low Not required None Partial None
Octopoller is a micro gem for polling and retrying. Version 0.2.0 of the octopoller gem was published containing world-writeable files. Specifically, the gem was packed with files having their permissions set to `-rw-rw-rw-` (i.e. 0666) instead of `rw-r--r--` (i.e. 0644). This means everyone who is not the owner (Group and Public) with access to the instance where this release had been installed could modify the world-writable files from this gem. This issue is patched in Octopoller 0.3.0. Two workarounds are available. Users can use the previous version of the gem, v0.1.0. Alternatively, users can modify the file permissions manually until they are able to upgrade to the latest version.
13 CVE-2022-31059 79 XSS 2022-06-14 2022-06-23
2.1
None Remote High ??? None Partial None
Discourse Calendar is a calendar plugin for Discourse, an open-source messaging app. Prior to version 1.0.1, parsing and rendering of Event names can be susceptible to cross-site scripting (XSS) attacks. This vulnerability only affects sites which have modified or disabled Discourse’s default Content Security Policy. This issue is patched in version 1.0.1 of the Discourse Calendar plugin. As a workaround, ensure that the Content Security Policy is enabled, and has not been modified in a way which would make it more vulnerable to XSS attacks.
14 CVE-2022-31030 400 2022-06-09 2022-06-16
2.1
None Local Low Not required None None Partial
containerd is an open source container runtime. A bug was found in the containerd's CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the `ExecSync` API. This can cause containerd to consume all available memory on the computer, denying service to other legitimate workloads. Kubernetes and crictl can both be configured to use containerd's CRI implementation; `ExecSync` may be used when running probes or when executing processes via an "exec" facility. This bug has been fixed in containerd 1.6.6 and 1.5.13. Users should update to these versions to resolve the issue. Users unable to upgrade should ensure that only trusted images and commands are used.
15 CVE-2022-31022 306 2022-06-01 2022-06-09
2.1
None Local Low Not required None Partial None
Bleve is a text indexing library for go. Bleve includes HTTP utilities under bleve/http package, that are used by its sample application. These HTTP methods pave way for exploitation of a node’s filesystem where the bleve index resides, if the user has used bleve’s own HTTP (bleve/http) handlers for exposing the access to the indexes. For instance, the CreateIndexHandler (`http/index_create.go`) and DeleteIndexHandler (`http/index_delete.go`) enable an attacker to create a bleve index (directory structure) anywhere where the user running the server has the write permissions and to delete recursively any directory owned by the same user account. Users who have used the bleve/http package for exposing access to bleve index without the explicit handling for the Role Based Access Controls(RBAC) of the index assets would be impacted by this issue. There is no patch for this issue because the http package is purely intended to be used for demonstration purposes. Bleve was never designed handle the RBACs, nor it was ever advertised to be used in that way. The collaborators of this project have decided to stay away from adding any authentication or authorization to bleve project at the moment. The bleve/http package is mainly for demonstration purposes and it lacks exhaustive validation of the user inputs as well as any authentication and authorization measures. It is recommended to not use bleve/http in production use cases.
16 CVE-2022-30973 DoS 2022-05-31 2022-06-28
2.6
None Remote High Not required None None Partial
We failed to apply the fix for CVE-2022-30126 to the 1.x branch in the 1.28.2 release. In Apache Tika, a regular expression in the StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only affects users who are running the StandardsExtractingContentHandler, which is a non-standard handler. This is fixed in 1.28.3.
17 CVE-2022-30748 2022-06-07 2022-06-14
2.1
None Local Low Not required Partial None None
Unprotected dynamic receiver in Samsung Members prior to version 4.2.005 allows attacker to launch arbitrary activity.
18 CVE-2022-30747 276 2022-06-07 2022-06-14
2.1
None Local Low Not required Partial None None
PendingIntent hijacking vulnerability in Smart Things prior to 1.7.85.25 allows local attackers to access files without permission via implicit Intent.
19 CVE-2022-30745 863 2022-06-07 2022-06-14
2.1
None Local Low Not required Partial None None
Improper access control vulnerability in Quick Share prior to version 13.1.2.4 allows attacker to access internal files in Quick Share.
20 CVE-2022-30742 532 2022-06-07 2022-06-13
2.1
None Local Low Not required Partial None None
Sensitive information exposure vulnerability in FmmExtraOperation of Find My Mobile prior to 7.2.24.12 allows local attackers with log access permissio to get sim card information through device log.
21 CVE-2022-30741 532 2022-06-07 2022-06-13
2.1
None Local Low Not required Partial None None
Sensitive information exposure vulnerability in SimChangeAlertManger of Find My Mobile prior to 7.2.24.12 allows local attackers with log access permission to get sim card information through device log.
22 CVE-2022-30740 922 2022-06-07 2022-06-13
2.1
None Local Low Not required Partial None None
Improper auto-fill algorithm in Samsung Internet prior to version 17.0.1.69 allows physical attackers to guess stored credit card numbers.
23 CVE-2022-30731 862 2022-06-07 2022-06-13
2.1
None Local Low Not required Partial None None
Improper access control vulnerability in My Files prior to version 13.1.00.193 allows attackers to access arbitrary private files in My Files application.
24 CVE-2022-30730 863 2022-06-07 2022-06-14
2.1
None Local Low Not required Partial None None
Improper authorization in Samsung Pass prior to 1.0.00.33 allows physical attackers to acess account list without authentication.
25 CVE-2022-30729 2022-06-07 2022-06-11
2.1
None Local Low Not required Partial None None
Implicit Intent hijacking vulnerability in Settings prior to SMR Jun-2022 Release 1 allows attackers to get Wi-Fi SSID and password via a malicious QR code scanner.
26 CVE-2022-30728 668 2022-06-07 2022-06-11
2.1
None Local Low Not required Partial None None
Information exposure vulnerability in ScanPool prior to SMR Jun-2022 Release 1 allows local attackers to get MAC address information.
27 CVE-2022-30727 755 2022-06-07 2022-06-11
2.1
None Local Low Not required None Partial None
Improper handling of insufficient permissions vulnerability in addAppPackageNameToAllowList in PersonaManagerService prior to SMR Jun-2022 Release 1 allows local attackers to set some setting value in work space.
28 CVE-2022-30714 668 2022-06-07 2022-06-11
2.1
None Local Low Not required Partial None None
Information exposure vulnerability in SemIWCMonitor prior to SMR Jun-2022 Release 1 allows local attackers to get MAC address information.
29 CVE-2022-30702 125 2022-06-09 2022-06-16
2.1
None Local Low Not required Partial None None
Trend Micro Security 2022 and 2021 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure vulnerability that could allow an attacker to disclose sensitive information on an affected machine.
30 CVE-2022-30552 120 Overflow 2022-06-08 2022-06-16
2.1
None Local Low Not required None None Partial
Das U-Boot 2022.01 has a Buffer Overflow.
31 CVE-2022-30503 2022-06-02 2022-06-10
2.1
None Local Low Not required None None Partial
Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_set_number at src/njs_value.h.
32 CVE-2022-30162 2022-06-15 2022-06-25
2.1
None Local Low Not required Partial None None
Windows Kernel Information Disclosure Vulnerability.
33 CVE-2022-30154 269 2022-06-15 2022-06-24
2.1
None Remote High ??? None Partial None
Microsoft File Server Shadow Copy Agent Service (RVSS) Elevation of Privilege Vulnerability.
34 CVE-2022-30148 532 2022-06-15 2022-06-27
2.1
None Local Low Not required Partial None None
Windows Desired State Configuration (DSC) Information Disclosure Vulnerability.
35 CVE-2022-29948 Bypass 2022-06-10 2022-06-20
2.1
None Local Low Not required Partial None None
Due to an insecure design, the Lepin EP-KP001 flash drive through KP001_V19 is vulnerable to an authentication bypass attack that enables an attacker to gain access to the stored encrypted data. Normally, the encrypted disk partition with this data is unlocked by entering the correct passcode (6 to 14 digits) via the keypad and pressing the Unlock button. This authentication is performed by an unknown microcontroller. By replacing this microcontroller on a target device with one from an attacker-controlled Lepin EP-KP001 whose passcode is known, it is possible to successfully unlock the target device and read the stored data in cleartext.
36 CVE-2022-29868 312 Bypass 2022-05-09 2022-05-18
2.1
None Local Low Not required Partial None None
1Password for Mac 7.2.4 through 7.9.x before 7.9.3 is vulnerable to a process validation bypass. Malicious software running on the same computer can exfiltrate secrets from 1Password provided that 1Password is running and is unlocked. Affected secrets include vault items and derived values used for signing in to 1Password.
37 CVE-2022-29816 74 2022-04-28 2022-05-05
2.1
None Local Low Not required None Partial None
In JetBrains IntelliJ IDEA before 2022.1 HTML injection into IDE messages was possible
38 CVE-2022-29812 2022-04-28 2022-05-05
2.1
None Local Low Not required None Partial None
In JetBrains IntelliJ IDEA before 2022.1 notification mechanisms about using Unicode directionality formatting characters were insufficient
39 CVE-2022-29810 532 2022-04-27 2022-05-10
2.1
None Local Low Not required Partial None None
The Hashicorp go-getter library before 1.5.11 does not redact an SSH key from a URL query parameter.
40 CVE-2022-29780 2022-06-02 2022-06-09
2.1
None Local Low Not required None None Partial
Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_array_prototype_sort at src/njs_array.c.
41 CVE-2022-29779 2022-06-02 2022-06-09
2.1
None Local Low Not required None None Partial
Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_value_own_enumerate at src/njs_value.c.
42 CVE-2022-29302 552 2022-05-12 2022-05-20
2.1
None Local Low Not required Partial None None
SolarView Compact ver.6.00 was discovered to contain a local file disclosure via /html/Solar_Ftp.php.
43 CVE-2022-29213 20 2022-05-21 2022-06-07
2.1
None Local Low Not required None None Partial
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the `tf.compat.v1.signal.rfft2d` and `tf.compat.v1.signal.rfft3d` lack input validation and under certain condition can result in crashes (due to `CHECK`-failures). Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.
44 CVE-2022-29212 20 2022-05-21 2022-06-03
2.1
None Local Low Not required None None Partial
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, certain TFLite models that were created using TFLite model converter would crash when loaded in the TFLite interpreter. The culprit is that during quantization the scale of values could be greater than 1 but code was always assuming sub-unit scaling. Thus, since code was calling `QuantizeMultiplierSmallerThanOneExp`, the `TFLITE_CHECK_LT` assertion would trigger and abort the process. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.
45 CVE-2022-29211 20 2022-05-21 2022-06-03
2.1
None Local Low Not required None None Partial
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.histogram_fixed_width` is vulnerable to a crash when the values array contain `Not a Number` (`NaN`) elements. The implementation assumes that all floating point operations are defined and then converts a floating point result to an integer index. If `values` contains `NaN` then the result of the division is still `NaN` and the cast to `int32` would result in a crash. This only occurs on the CPU implementation. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.
46 CVE-2022-29210 120 2022-05-21 2022-06-03
2.1
None Local Low Not required None None Partial
TensorFlow is an open source platform for machine learning. In version 2.8.0, the `TensorKey` hash function used total estimated `AllocatedBytes()`, which (a) is an estimate per tensor, and (b) is a very poor hash function for constants (e.g. `int32_t`). It also tried to access individual tensor bytes through `tensor.data()` of size `AllocatedBytes()`. This led to ASAN failures because the `AllocatedBytes()` is an estimate of total bytes allocated by a tensor, including any pointed-to constructs (e.g. strings), and does not refer to contiguous bytes in the `.data()` buffer. The discoverers could not use this byte vector anyway because types such as `tstring` include pointers, whereas they needed to hash the string values themselves. This issue is patched in Tensorflow versions 2.9.0 and 2.8.1.
47 CVE-2022-29209 843 2022-05-21 2022-06-03
2.1
None Local Low Not required None None Partial
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the macros that TensorFlow uses for writing assertions (e.g., `CHECK_LT`, `CHECK_GT`, etc.) have an incorrect logic when comparing `size_t` and `int` values. Due to type conversion rules, several of the macros would trigger incorrectly. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.
48 CVE-2022-29207 20 2022-05-20 2022-06-02
2.1
None Local Low Not required None None Partial
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, multiple TensorFlow operations misbehave in eager mode when the resource handle provided to them is invalid. In graph mode, it would have been impossible to perform these API calls, but migration to TF 2.x eager mode opened up this vulnerability. If the resource handle is empty, then a reference is bound to a null pointer inside TensorFlow codebase (various codepaths). This is undefined behavior. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.
49 CVE-2022-29206 20 2022-05-20 2022-06-02
2.1
None Local Low Not required None None Partial
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.SparseTensorDenseAdd` does not fully validate the input arguments. In this case, a reference gets bound to a `nullptr` during kernel execution. This is undefined behavior. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.
50 CVE-2022-29205 476 DoS 2022-05-20 2022-06-02
2.1
None Local Low Not required None None Partial
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, there is a potential for segfault / denial of service in TensorFlow by calling `tf.compat.v1.*` ops which don't yet have support for quantized types, which was added after migration to TensorFlow 2.x. In these scenarios, since the kernel is missing, a `nullptr` value is passed to `ParseDimensionValue` for the `py_value` argument. Then, this is dereferenced, resulting in segfault. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.