CVE-2022-36423
OpenHarmony-v3.1.2 and prior versions have an incorrect configuration of the cJSON library, which leads a Stack overflow vulnerability during recursive parsing. LAN attackers can lead a DoS attack to all network devices.
Source: CVE-2022-36423
CVE-2022-36376
Server-Side Request Forgery (SSRF) vulnerability in Rank Math SEO plugin <= 1.0.95 at WordPress.
Source: CVE-2022-36376
CVE-2022-36422
Rating increase/decrease via race condition in Lester ‘GaMerZ’ Chan WP-PostRatings plugin <= 1.89 at WordPress.
Source: CVE-2022-36422
CVE-2022-35725
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Hans Matzen’s wp-forecast plugin <= 7.5 at WordPress.
Source: CVE-2022-35725
CVE-2022-36356
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Liam Gladdy / Thirty8 Digital Culture Object plugin <= 4.0.1 at WordPress.
Source: CVE-2022-36356
CVE-2022-36793
Unauthenticated Plugin Settings Change & Data Deletion vulnerabilities in WP Shop plugin <= 3.9.6 at WordPress.
Source: CVE-2022-36793
CVE-2022-36280
An out-of-bounds(OOB) memory access vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_kms.c in GPU component in the Linux kernel with device file ‘/dev/dri/renderD128 (or Dxxx)’. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).
Source: CVE-2022-36280
CVE-2022-36841
A heap-based overflow vulnerability in PrepareRecogLibrary_Part function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault.
Source: CVE-2022-36841
CVE-2022-35277
Cross-Site Request Forgery (CSRF) vulnerability in GetResponse plugin <= 5.5.20 at WordPress.
Source: CVE-2022-35277
CVE-2022-2526
A use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() function and dns_stream_complete() function in ‘resolved-dns-stream.c’ not incrementing the reference counting for the DnsStream object. Therefore, other functions and callbacks called can dereference the DNSStream object, causing the use-after-free when the reference is still used later.
Source: CVE-2022-2526