CVE-2022-38093
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in All in One SEO plugin <= 4.2.3.1 at WordPress.
Source: CVE-2022-38093
[월:] 2022년 09월
CVE-2022-38067
CVE-2022-38067
Unauthenticated Event Deletion vulnerability in Totalsoft Event Calendar – Calendar plugin <= 1.4.6 at WordPress.
Source: CVE-2022-38067
CVE-2022-38068
CVE-2022-38068
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Apasionados Export Post Info plugin <= 1.1.0 at WordPress.
Source: CVE-2022-38068
CVE-2022-38081
CVE-2022-38081
OpenHarmony-v3.1.2 and prior versions have a permission bypass vulnerability. LAN attackers can bypass the distributed permission control.To take advantage of this weakness, attackers need another vulnerability to obtain system.
Source: CVE-2022-38081
CVE-2022-38457
CVE-2022-38457
A use-after-free(UAF) vulnerability was found in function ‘vmw_cmd_res_check’ in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel’s vmwgfx driver with device file ‘/dev/dri/renderD128 (or Dxxx)’. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).
Source: CVE-2022-38457
CVE-2022-3077
CVE-2022-3077
A buffer overflow vulnerability was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way it handled the I2C_SMBUS_BLOCK_PROC_CALL case (via the ioctl I2C_SMBUS) with malicious input data. This flaw could allow a local user to crash the system.
Source: CVE-2022-3077
CVE-2022-39846
CVE-2022-39846
DLL hijacking vulnerability in Smart Switch PC prior to version 4.3.22083_3 allows attacker to execute arbitrary code.
Source: CVE-2022-39846
CVE-2022-39845
CVE-2022-39845
Improper validation of integrity check vulnerability in Samsung Kies prior to version 2.6.4.22074 allows local attackers to delete arbitrary directory using directory junction.
Source: CVE-2022-39845
CVE-2022-39844
CVE-2022-39844
Improper validation of integrity check vulnerability in Smart Switch PC prior to version 4.3.22083 allows local attackers to delete arbitrary directory using directory junction.
Source: CVE-2022-39844
CVE-2022-39119
CVE-2022-39119
In network service, there is a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed
Source: CVE-2022-39119