CVE-2022-39176

BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate params_len.

Source: CVE-2022-39176

CVE-2022-36593

kkFileView v4.0.0 was discovered to contain an arbitrary file deletion vulnerability via the fileName parameter at /controller/FileController.java.

Source: CVE-2022-36593

CVE-2022-39170

libdwarf 0.4.1 has a double free in _dwarf_exec_frame_instr in dwarf_frame.c.

Source: CVE-2022-39170

CVE-2022-36759

Online Food Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the component /dishes.php?res_id=.

Source: CVE-2022-36759

CVE-2021-25657

A privilege escalation vulnerability was discovered in Avaya IP Office Admin Lite and USB Creator that may potentially allow a local user to escalate privileges. This issue affects Admin Lite and USB Creator 11.1 Feature Pack 2 Service Pack 1 and earlier versions.

Source: CVE-2021-25657

CVE-2022-3078

An issue was discovered in the Linux kernel through 5.16-rc6. There is a lack of check after calling vzalloc() and lack of free after allocation in drivers/media/test-drivers/vidtv/vidtv_s302m.c.

Source: CVE-2022-3078

CVE-2022-36601

The Eclipse TCF debug interface in JasMiner-X4-Server-20220621-090907 and below is open on port 1534. This issue allows unauthenticated attackers to gain root privileges on the affected device and access sensitive data or execute arbitrary commands.

Source: CVE-2022-36601

CVE-2022-36602

InnoSilicon A10 a10_20200924_120556 was discovered to contain a remote code execution (RCE) vulnerability in the setPlatformAPI function.

Source: CVE-2022-36602

CVE-2022-36603

InnoSilicon T3T+ t2t+_soc_20190911_151433.swu was discovered to contain a remote code execution (RCE) vulnerability in the checkUrl function.

Source: CVE-2022-36603

CVE-2022-36621

Samsung Electronics mTower v0.3.0 and earlier was discovered to contain a NULL pointer dereference via the function TEE_AllocateTransientObject.

Source: CVE-2022-36621