CVE-2022-38701

OpenHarmony-v3.1.2 and prior versions have a heap overflow vulnerability. Local attackers can trigger a heap overflow and get network sensitive information.

Source: CVE-2022-38701

CVE-2022-38700

OpenHarmony-v3.1.1 and prior versions have a permission bypass vulnerability. LAN attackers can bypass permission control and get control of camera service.

Source: CVE-2022-38700

CVE-2022-36875

Improper restriction of broadcasting Intent in SaWebViewRelayActivity of?Waterplugin prior to version 2.2.11.22081151 allows attacker to access the file without permission.

Source: CVE-2022-36875

CVE-2022-36878

Exposure of Sensitive Information in Find My Mobile prior to version 7.2.25.14 allows local attacker to access IMEI via log.

Source: CVE-2022-36878

CVE-2022-36874

Improper Handling of Insufficient Permissions or Privileges vulnerability in Waterplugin prior to 2.2.11.22040751 allows attacker to access device IMEI and Serial number.

Source: CVE-2022-36874

CVE-2022-36877

Exposure of Sensitive Information in FaqSymptomCardViewModel in Samsung Members prior to versions 4.3.00.11 in Global and 14.0.02.4 in China allows local attackers to access device identification via log.

Source: CVE-2022-36877

CVE-2022-37407

Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities in WPChill Gallery PhotoBlocks plugin <= 1.2.6 at WordPress.

Source: CVE-2022-37407

CVE-2022-37405

Cross-Site Request Forgery (CSRF) vulnerability in Mickey Kay’s Better Font Awesome plugin <= 2.0.1 at WordPress.

Source: CVE-2022-37405

CVE-2022-37299

An issue was discovered in Shirne CMS 1.2.0. There is a Path Traversal vulnerability which could cause arbitrary file read via /static/ueditor/php/controller.php

Source: CVE-2022-37299

CVE-2022-37335

Authenticated (author+) Stored Cross-Site Scripting (XSS) vulnerability in WHA’s Word Search Puzzles game plugin <= 2.0.1 at WordPress.

Source: CVE-2022-37335