Filtered by CWE-755
Filtered by vendor Subscriptions
Total 527 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-39885 1 Google 1 Android 2024-11-21 5.9 Medium
Improper access control vulnerability in BootCompletedReceiver_CMCC in DeviceManagement prior to SMR Nov-2022 Release 1 allows local attacker to access to Device information.
CVE-2022-39872 1 Samsung 1 Sharelive 2024-11-21 5.9 Medium
Improper restriction of broadcasting Intent in ShareLive prior to version 13.2.03.5 leaks MAC address of the connected Bluetooth device.
CVE-2022-39380 1 Wire 1 Wire-webapp 2024-11-21 5.3 Medium
Wire web-app is part of Wire communications. Versions prior to 2022-11-02 are subject to Improper Handling of Exceptional Conditions. In the wire-webapp, certain combinations of Markdown formatting can trigger an unhandled error in the conversion to HTML representation. The error makes it impossible to display the affected chat history, other conversations are not affected. The issue has been fixed in version 2022-11-02 and is already deployed on all Wire managed services. On-premise instances of wire-webapp need to be updated to docker tag 2022-11-02-production.0-v0.31.9-0-337e400 or wire-server 2022-11-03 (chart/4.26.0), so that their applications are no longer affected. As a workaround, you may use an iOS or Android client and delete the corresponding message from the history OR write 30 or more messages into the affected conversation to prevent the client from further rendering of the corresponding message. When attempting to retrieve messages from the conversation history, the error will continue to occur once the malformed message is part of the result.
CVE-2022-39271 1 Traefik 1 Traefik 2024-11-21 7.5 High
Traefik (pronounced traffic) is a modern HTTP reverse proxy and load balancer that assists in deploying microservices. There is a potential vulnerability in Traefik managing HTTP/2 connections. A closing HTTP/2 server connection could hang forever because of a subsequent fatal error. This failure mode could be exploited to cause a denial of service. There has been a patch released in versions 2.8.8 and 2.9.0-rc5. There are currently no known workarounds.
CVE-2022-36923 1 Zohocorp 7 Manageengine Firewall Analyzer, Manageengine Netflow Analyzer, Manageengine Network Configuration Manager and 4 more 2024-11-21 7.5 High
Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27 through 2022-07-28 (125657, 126002, 126104, and 126118) allow unauthenticated attackers to obtain a user's API key, and then access external APIs.
CVE-2022-36874 1 Samsung 1 Galaxy Watch Plugin 2024-11-21 5.9 Medium
Improper Handling of Insufficient Permissions or Privileges vulnerability in Waterplugin prior to 2.2.11.22040751 allows attacker to access device IMEI and Serial number.
CVE-2022-36287 1 Intel 1 Field Programmable Gate Array Crypto Service Server 2024-11-21 4 Medium
Uncaught exception in the FCS Server software maintained by Intel before version 1.1.79.3 may allow a privileged user to potentially enable denial of service via physical access.
CVE-2022-36031 1 Monospace 1 Directus 2024-11-21 6.5 Medium
Directus is a free and open-source data platform for headless content management. The Directus process can be aborted by having an authorized user update the `filename_disk` value to a folder and accessing that file through the `/assets` endpoint. This vulnerability has been patched and release v9.15.0 contains the fix. Users are advised to upgrade. Users unable to upgrade may prevent this problem by making sure no (untrusted) non-admin users have permissions to update the `filename_disk` field on `directus_files`.
CVE-2022-35295 1 Sap 1 Host Agent 2024-11-21 4.9 Medium
In SAP Host Agent (SAPOSCOL) - version 7.22, an attacker may use files created by saposcol to escalate privileges for themselves.
CVE-2022-35268 1 Robustel 2 R1510, R1510 Firmware 2024-11-21 7.5 High
A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_sdk_file/` API.
CVE-2022-34849 2 Intel, Microsoft 2 Iris Xe Max Dedicated Graphics, Windows 2024-11-21 4.4 Medium
Uncaught exception in the Intel(R) Iris(R) Xe MAX drivers for Windows before version 100.0.5.1436(v2) may allow a privileged user to potentially enable denial of service via local access.
CVE-2022-34643 1 Riscv 1 Spike Risc-v Isa Simulator 2024-11-21 5.5 Medium
RISCV ISA Sim commit ac466a21df442c59962589ba296c702631e041b5 implements the incorrect exception priotrity when accessing memory.
CVE-2022-34641 2 Boom-core, Openhwgroup 2 Riscvc-boom, Cva6 2024-11-21 5.5 Medium
CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a and RISCV-Boom commit ad64c5419151e5e886daee7084d8399713b46b4b implements the incorrect exception type when a PMP violation occurs during address translation.
CVE-2022-34639 1 Openhwgroup 1 Cva6 2024-11-21 5.5 Medium
CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a treats non-standard fence instructions as illegal which can affect the function of the application.
CVE-2022-34637 1 Openhwgroup 1 Cva6 2024-11-21 5.5 Medium
CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a implements an incorrect exception type when an illegal virtual address is loaded.
CVE-2022-34636 1 Openhwgroup 1 Cva6 2024-11-21 5.5 Medium
CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a and RISCV-Boom commit ad64c5419151e5e886daee7084d8399713b46b4b implements the incorrect exception type when a PMA violation occurs during address translation.
CVE-2022-34634 1 Openhwgroup 1 Cva6 2024-11-21 5.5 Medium
CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a executes crafted or incorrectly formatted det instructions rather create an exception.
CVE-2022-34633 1 Openhwgroup 1 Cva6 2024-11-21 5.5 Medium
CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a executes crafted or incorrectly formatted sfence.vma instructions rather create an exception.
CVE-2022-34368 1 Dell 1 Emc Networker 2024-11-21 6.1 Medium
Dell EMC NetWorker 19.2.1.x 19.3.x, 19.4.x, 19.5.x, 19.6.x and 19.7.0.0 contain an Improper Handling of Insufficient Permissions or Privileges vulnerability. Authenticated non admin user could exploit this vulnerability and gain access to restricted resources.
CVE-2022-33887 1 Autodesk 10 Autocad, Autocad Advance Steel, Autocad Architecture and 7 more 2024-11-21 7.8 High
A maliciously crafted PDF file when parsed through Autodesk AutoCAD 2023 causes an unhandled exception. An attacker can leverage this vulnerability to cause a crash or read sensitive data or execute arbitrary code in the context of the current process.