CVE-2022-22817

PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method.

Source: CVE-2022-22817

CVE-2022-22821

NVIDIA NeMo before 1.6.0 contains a vulnerability in ASR WebApp, in which ../ Path Traversal may lead to deletion of any directory when admin privileges are available.

Source: CVE-2022-22821

CVE-2022-22816

path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path.

Source: CVE-2022-22816

CVE-2022-22815

path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path.

Source: CVE-2022-22815

CVE-2022-22701

PartKeepr versions up to v1.4.0, loads attachments using a URL while creating a part and allows the use of the ‘file://’ URI scheme, allowing an authenticated user to read local files.

Source: CVE-2022-22701

CVE-2022-22702

PartKeepr versions up to v1.4.0, in the functionality to upload attachments using a URL when creating a part does not validate that requests can be made to local ports, allowing an authenticated user to carry out SSRF attacks and port enumeration.

Source: CVE-2022-22702

CVE-2022-22288

Improper authorization vulnerability in Galaxy Store prior to 4.5.36.5 allows remote app installation of the allowlist.

Source: CVE-2022-22288

CVE-2022-22289

Improper access control vulnerability in S Assistant prior to version 7.5 allows attacker to remotely get senstive information.

Source: CVE-2022-22289

CVE-2022-22287

Abitrary file access vulnerability in Samsung Email prior to 6.1.60.16 allows attacker to read isolated data in sandbox.

Source: CVE-2022-22287

CVE-2022-22286

A vulnerability using PendingIntent in Bixby Routines prior to version 3.1.21.8 in Android R(11.0) and 2.6.30.5 in Android Q(10.0) allows attackers to execute privileged action by hijacking and modifying the intent.

Source: CVE-2022-22286