Security Vulnerabilities - CVEs Published In 2022
An unauthenticated user can access Identity Manager’s management console specific page URLs. However, the system doesn’t allow the user to carry out server side tasks without a valid web session.
CVSS Score
5.3
EPSS Score
0.006
Published
2022-12-16
An authenticated administrator who has physical access to the environment can carry out Remote Command Execution on Management Console in Symantec Identity Manager 14.4
CVSS Score
6.7
EPSS Score
0.007
Published
2022-12-16
An authenticated user can perform XML eXternal Entity injection in Management Console in Symantec Identity Manager 14.4
CVSS Score
8.8
EPSS Score
0.001
Published
2022-12-16
vRealize Operations (vROps) contains a privilege escalation vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.2.
CVSS Score
7.2
EPSS Score
0.003
Published
2022-12-16
vRealize Operations (vROps) contains a broken access control vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.4.
CVSS Score
4.9
EPSS Score
0.004
Published
2022-12-16
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
CVSS Score
5.4
EPSS Score
0.006
Published
2022-12-16
In RadioImpl::setCdmaBroadcastConfig of ril_service_legacy.cpp, there is a possible stack clash leading to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243510139References: N/A
CVSS Score
6.7
EPSS Score
0.0
Published
2022-12-16
In ufdt_do_one_fixup of ufdt_overlay.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243629453References: N/A
CVSS Score
6.7
EPSS Score
0.0
Published
2022-12-16
In the Pixel camera driver, there is a possible use after free due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-245916120References: N/A
CVSS Score
6.7
EPSS Score
0.0
Published
2022-12-16
In ppmp_unprotect_mfcfw_buf of drm_fw.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-233645166References: N/A
CVSS Score
7.8
EPSS Score
0.0
Published
2022-12-16