Export limit exceeded: 35583 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (35583 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-48619 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2024-11-21 5.5 Medium
An issue was discovered in drivers/input/input.c in the Linux kernel before 5.17.10. An attacker can cause a denial of service (panic) because input_set_capability mishandles the situation in which an event code falls outside of a bitmap.
CVE-2022-48605 1 Huawei 2 Emui, Harmonyos 2024-11-21 9.8 Critical
Input verification vulnerability in the fingerprint module. Successful exploitation of this vulnerability will affect confidentiality, integrity, and availability.
CVE-2022-48521 1 Opendkim 1 Opendkim 2024-11-21 5.3 Medium
An issue was discovered in OpenDKIM through 2.10.3, and 2.11.x through 2.11.0-Beta2. It fails to keep track of ordinal numbers when removing fake Authentication-Results header fields, which allows a remote attacker to craft an e-mail message with a fake sender address such that programs that rely on Authentication-Results from OpenDKIM will treat the message as having a valid DKIM signature when in fact it has none.
CVE-2022-48520 1 Huawei 2 Emui, Harmonyos 2024-11-21 7.5 High
Unauthorized access vulnerability in the SystemUI module. Successful exploitation of this vulnerability may affect confidentiality.
CVE-2022-48519 1 Huawei 2 Emui, Harmonyos 2024-11-21 7.5 High
Unauthorized access vulnerability in the SystemUI module. Successful exploitation of this vulnerability may affect confidentiality.
CVE-2022-48517 1 Huawei 2 Emui, Harmonyos 2024-11-21 7.5 High
Unauthorized service access vulnerability in the DSoftBus module. Successful exploitation of this vulnerability will affect availability.
CVE-2022-48516 1 Huawei 2 Emui, Harmonyos 2024-11-21 7.5 High
Vulnerability that a unique value can be obtained by a third-party app in the DSoftBus module. Successful exploitation of this vulnerability will affect confidentiality.
CVE-2022-48515 1 Huawei 2 Emui, Harmonyos 2024-11-21 7.5 High
Vulnerability of inappropriate permission control in Nearby. Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2022-48514 1 Huawei 1 Harmonyos 2024-11-21 7.5 High
The Sepolicy module has inappropriate permission control on the use of Netlink.Successful exploitation of this vulnerability may affect confidentiality.
CVE-2022-48510 1 Huawei 2 Emui, Harmonyos 2024-11-21 9.8 Critical
Input verification vulnerability in the AMS module. Successful exploitation of this vulnerability will cause unauthorized operations.
CVE-2022-48487 1 Huawei 1 Emui 2024-11-21 7.5 High
Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.
CVE-2022-48460 2 Google, Unisoc 13 Android, Sc7731e, Sc9832e and 10 more 2024-11-21 5.5 Medium
In setting service, there is a possible undefined behavior due to incorrect error handling. This could lead to local denial of service with no additional execution privileges needed
CVE-2022-48450 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2024-11-21 4.4 Medium
In bluetooth service, there is a possible missing params check. This could lead to local denial of service with System execution privileges needed.
CVE-2022-48217 1 Tradr-project 1 Tf Remapper 2024-11-21 8.1 High
The tf_remapper_node component 1.1.1 for Robot Operating System (ROS) allows attackers, who control the source code of a different node in the same ROS application, to change a robot's behavior. This occurs because a topic name depends on the attacker-controlled old_tf_topic_name and/or new_tf_topic_name parameter. NOTE: the vendor's position is "it is the responsibility of the programmer to make sure that only known and required parameters are set and unexpected parameters are not."
CVE-2022-48189 1 Lenovo 170 Thinkpad E14, Thinkpad E14 Firmware, Thinkpad E14 Gen 2 and 167 more 2024-11-21 6.7 Medium
An SMM driver input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code.
CVE-2022-48074 1 Nomachine 1 Nomachine 2024-11-21 5.3 Medium
An issue in NoMachine before v8.2.3 allows attackers to execute arbitrary commands via a crafted .nxs file.
CVE-2022-47696 1 Gnu 1 Binutils 2024-11-21 7.8 High
An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function compare_symbols.
CVE-2022-47695 1 Gnu 1 Binutils 2024-11-21 7.8 High
An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function bfd_mach_o_get_synthetic_symtab in match-o.c.
CVE-2022-47578 1 Zohocorp 1 Manageengine Device Control Plus 2024-11-21 7.1 High
An issue was discovered in the endpoint protection agent in Zoho ManageEngine Device Control Plus 10.1.2228.15. Despite configuring complete restrictions on USB pendrives, USB HDD devices, memory cards, USB connections to mobile devices, etc., it is still possible to bypass the USB restrictions by booting into Safe Mode. This allows a file to be exchanged outside the laptop/system. Safe Mode can be launched by any user (even without admin rights). Data exfiltration can occur, and also malware might be introduced onto the system. NOTE: the vendor's position is "it's not a vulnerability in our product."
CVE-2022-47577 1 Zohocorp 1 Manageengine Device Control Plus 2024-11-21 7.1 High
An issue was discovered in the endpoint protection agent in Zoho ManageEngine Device Control Plus 10.1.2228.15. Despite configuring complete restrictions on USB pendrives, USB HDD devices, memory cards, USB connections to mobile devices, etc., it is still possible to bypass the USB restrictions by making use of a virtual machine (VM). This allows a file to be exchanged outside the laptop/system. VMs can be created by any user (even without admin rights). The data exfiltration can occur without any record in the audit trail of Windows events on the host machine. NOTE: the vendor's position is "it's not a vulnerability in our product."