CVE-2022-22272

Improper authorization in TelephonyManager prior to SMR Jan-2022 Release 1 allows attackers to get IMSI without READPRIVILEGEDPHONESTATE permission...

CVE-2025-22272

creationtimestamp| type| source ---|---|--- 2025-02-28 13:49:07+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ljakcxumyi2p 2025-02-28 13:49:10+00:00| seen| https://bsky.app/profile/potato.software/post/3ljakcys4iv2z 2025-02-28 15:21:28+00:00| seen| https://t.me/cvedetector/19154...

CVE-2025-22272 Self Reflected XSS in CyberArk Endpoint Privilege Manager

In the "/EPMUI/ModalDlgHandler.ashx?value=showReadonlyDlg" endpoint, it is possible to inject code in the "modalDlgMsgInternal" parameter via POST, which is then executed in the browser. The risk of exploiting vulnerability is reduced due to the required additional bypassing the...

CVE-2025-22272 Self Reflected XSS in CyberArk Endpoint Privilege Manager

In the "/EPMUI/ModalDlgHandler.ashx?value=showReadonlyDlg" endpoint, it is possible to inject code in the "modalDlgMsgInternal" parameter via POST, which is then executed in the browser. The risk of exploiting vulnerability is reduced due to the required additional bypassing the...

CVE-2024-7227 Avast Free Antivirus AvastSvc Link Following Local Privilege Escalation Vulnerability

Avast Free Antivirus AvastSvc Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Free Antivirus. An attacker must first obtain the ability to execute low-privileged code on the target system ...

CVE-2024-7227 Avast Free Antivirus AvastSvc Link Following Local Privilege Escalation Vulnerability

Avast Free Antivirus AvastSvc Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Free Antivirus. An attacker must first obtain the ability to execute low-privileged code on the target system ...

CVE-2024-22272

VMware Cloud Director contains an Improper Privilege Management vulnerability. An authenticated tenant administrator for a given organization within VMware Cloud Director may be able to accidentally disable their organization leading to a Denial of Service for active sessions within their own...

Adobe RoboHelp Server < 11.5 Multiple Vulnerabilities (APSB23-53)

Adobe RoboHelp Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:adobe:robohelpserver"...

CVE-2023-22272

Summary: CVE-2023-22272 affects Adobe RoboHelp Server (versions 11.4 and earlier). The issue is an Improper Input Validation vulnerability that enables information disclosure by an unauthenticated attacker, with no user interaction required. Connected sources corroborate an information-disclosure...

CVE-2022-22272

creationtimestamp| type| source ---|---|--- 2022-01-10 16:14:51+00:00| seen| https://t.me/cibsecurity/35140...

CVE-2022-22272

Improper authorization in TelephonyManager prior to SMR Jan-2022 Release 1 allows attackers to get IMSI without READPRIVILEGEDPHONESTATE permission...

CVE-2022-22272

CVE-2022-22272 affects TelephonyManager in Samsung/Android prior to the SMR Jan-2022 Release 1. The issue is improper authorization that allows an attacker to obtain the IMSI without READ_PRIVILEGED_PHONE_STATE permission. Root cause is insufficient access control in TelephonyManager’s handling o...

CVE-2021-22272

creationtimestamp| type| source ---|---|--- 2021-09-27 18:34:56+00:00| seen| https://t.me/cibsecurity/29478...

CVE-2021-22272 ControlTouch Cloud Service vulnerability: Serial Number can be misused during commissioning phase.

The vulnerability origins in the commissioning process where an attacker of the ControlTouch can enter a serial number in a specific way to transfer the device virtually into her/his my.busch-jaeger.de or mybuildings.abb.com profile. A successful attacker can observe and control a ControlTouch...

CVE-2021-22272

The CVE-2021-22272 entry concerns ABB/Busch-Jaeger ControlTouch cloud service. The root cause is in the commissioning flow, where an attacker could enter a serial number in a specific way to transfer the device virtually into the attacker’s my.busch-jaeger.de or mybuildings.abb.com profile, enabl...

Kernel update: Virtuozzo ReadyKernel patch 78.0 for Virtuozzo 7.0 Updates 9, 10 and Virtuozzo Infrastructure Platform 2.5

The cumulative Virtuozzo ReadyKernel patch was updated with stability fixes. The patch applies to the kernels 3.10.0-862.20.2.vz7.73.24 and 3.10.0-862.20.2.vz7.73.29 Virtuozzo 7.0 Update 9 and Virtuozzo Infrastructure Platform 2.5 and 3.10.0-957.10.1.vz7.85.17 Virtuozzo 7.0 Update 10. Vulnerabili...