Total
3301 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-39340 | 1 Openfga | 1 Openfga | 2024-08-03 | 5.3 Medium |
| OpenFGA is an authorization/permission engine. Prior to version 0.2.4, the `streamed-list-objects` endpoint was not validating the authorization header, resulting in disclosure of objects in the store. Users `openfga/openfga` versions 0.2.3 and prior who are exposing the OpenFGA service to the internet are vulnerable. Version 0.2.4 contains a patch for this issue. | ||||
| CVE-2022-39289 | 1 Zoneminder | 1 Zoneminder | 2024-08-03 | 9.1 Critical |
| ZoneMinder is a free, open source Closed-circuit television software application. In affected versions the ZoneMinder API Exposes Database Log contents to user without privileges, allows insertion, modification, deletion of logs without System Privileges. Users are advised yo upgrade as soon as possible. Users unable to upgrade should disable database logging. | ||||
| CVE-2022-39233 | 1 Enalean | 1 Tuleap | 2024-08-03 | 4.3 Medium |
| Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions 12.9.99.228 and above, prior to 14.0.99.24, authorizations are not properly verified when updating the branch prefix used by the GitLab repository integration. Authenticated users can change the branch prefix of any of the GitLab repository integration they can see vie the REST endpoint `PATCH /gitlab_repositories/{id}`. This action should be restricted to Git administrators. This issue is patched in Tuleap Community Edition 14.0.99.24 and Tuleap Enterprise Edition 14.0-3. There are no known workarounds. | ||||
| CVE-2022-39222 | 2 Linuxfoundation, Redhat | 2 Dex, Advanced Cluster Security | 2024-08-03 | 9.3 Critical |
| Dex is an identity service that uses OpenID Connect to drive authentication for other apps. Dex instances with public clients (and by extension, clients accepting tokens issued by those Dex instances) are affected by this vulnerability if they are running a version prior to 2.35.0. An attacker can exploit this vulnerability by making a victim navigate to a malicious website and guiding them through the OIDC flow, stealing the OAuth authorization code in the process. The authorization code then can be exchanged by the attacker for a token, gaining access to applications accepting that token. Version 2.35.0 has introduced a fix for this issue. Users are advised to upgrade. There are no known workarounds for this issue. | ||||
| CVE-2022-39091 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-08-03 | 7.8 High |
| In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. | ||||
| CVE-2022-39099 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-08-03 | 7.8 High |
| In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. | ||||
| CVE-2022-39098 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-08-03 | 7.8 High |
| In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. | ||||
| CVE-2022-39114 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-08-03 | 5.5 Medium |
| In Music service, there is a missing permission check. This could lead to local denial of service in Music service with no additional execution privileges needed. | ||||
| CVE-2022-39117 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-08-03 | 5.5 Medium |
| In messaging service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | ||||
| CVE-2022-39087 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-08-03 | 6.7 Medium |
| In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. | ||||
| CVE-2022-39112 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-08-03 | 5.5 Medium |
| In Music service, there is a missing permission check. This could lead to local denial of service in Music service with no additional execution privileges needed. | ||||
| CVE-2022-39111 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-08-03 | 7.8 High |
| In Music service, there is a missing permission check. This could lead to elevation of privilege in Music service with no additional execution privileges needed. | ||||
| CVE-2022-39104 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-08-03 | 5.5 Medium |
| In contacts service, there is a missing permission check. This could lead to local denial of service in Contacts service with no additional execution privileges needed. | ||||
| CVE-2022-39094 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-08-03 | 7.8 High |
| In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. | ||||
| CVE-2022-39119 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-08-03 | 7.8 High |
| In network service, there is a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed | ||||
| CVE-2022-39103 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-08-03 | 5.5 Medium |
| In Gallery service, there is a missing permission check. This could lead to local denial of service in Gallery service with no additional execution privileges needed. | ||||
| CVE-2022-39081 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-08-03 | 6.7 Medium |
| In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. | ||||
| CVE-2022-39113 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-08-03 | 5.5 Medium |
| In Music service, there is a missing permission check. This could lead to local denial of service in Music service with no additional execution privileges needed. | ||||
| CVE-2022-39083 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-08-03 | 6.7 Medium |
| In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. | ||||
| CVE-2022-39092 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-08-03 | 7.8 High |
| In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. | ||||