Total
2818 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-36875 | 1 Samsung | 1 Galaxy Watch Plugin | 2024-08-03 | 6.6 Medium |
Improper restriction of broadcasting Intent in SaWebViewRelayActivity of?Waterplugin prior to version 2.2.11.22081151 allows attacker to access the file without permission. | ||||
CVE-2022-36867 | 1 Samsung | 1 Editor Lite | 2024-08-03 | 5.9 Medium |
Improper access control vulnerability in Editor Lite prior to version 4.0.40.14 allows attackers to access sensitive information. | ||||
CVE-2022-36866 | 2 Google, Samsung | 2 Android, Group Sharing | 2024-08-03 | 4 Medium |
Improper access control vulnerability in Broadcaster in Group Sharing prior to versions 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below allows attackers to identify the device. | ||||
CVE-2022-36865 | 2 Google, Samsung | 2 Android, Group Sharing | 2024-08-03 | 4 Medium |
Improper access control in Group Sharing prior to versions 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below allows attackers to access device information. | ||||
CVE-2022-36851 | 1 Samsung | 1 Samsung Pass | 2024-08-03 | 3.9 Low |
Improper access control vulnerability in Samsung pass prior to version 4.0.03.1 allow physical attackers to access data of Samsung pass on a certain state of an unlocked device. | ||||
CVE-2022-36832 | 1 Samsung | 1 Cameralyzer | 2024-08-03 | 4 Medium |
Improper access control vulnerability in WebApp in Cameralyzer prior to versions 3.2.22, 3.3.22, 3.4.22 and 3.5.51 allows attackers to access external storage as Cameralyzer privilege. | ||||
CVE-2022-36396 | 3 Intel, Linux, Microsoft | 3 Aptio V Uefi Firmware Integrator Tools, Linux Kernel, Windows | 2024-08-03 | 8.2 High |
Improper access control in some Intel(R) Aptio* V UEFI Firmware Integrator Tools before version iDmiEdit-Linux-5.27.06.0017 may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
CVE-2022-36369 | 2 Intel, Redhat | 3 Qatzip, Enterprise Linux, Rhel Eus | 2024-08-03 | 7.8 High |
Improper access control in some QATzip software maintained by Intel(R) before version 1.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
CVE-2022-36088 | 2 Microsoft, Thoughtworks | 2 Windows, Gocd | 2024-08-03 | 5 Medium |
GoCD is a continuous delivery server. Windows installations via either the server or agent installers for GoCD prior to 22.2.0 do not adequately restrict permissions when installing outside of the default location. This could allow a malicious user with local access to the server GoCD Server or Agent are installed on to modify executables or components of the installation. This does not affect zip file-based installs, installations to other platforms, or installations inside `Program Files` or `Program Files (x86)`. This issue is fixed in GoCD 22.2.0 installers. As a workaround, if the server or agent is installed outside of `Program Files (x86)`, verify the the permission of the Server or Agent installation directory to ensure the `Everyone` user group does not have `Full Control`, `Modify` or `Write` permissions. | ||||
CVE-2022-36024 | 1 Pycord Development | 1 Pycord | 2024-08-03 | 7.5 High |
py-cord is a an API wrapper for Discord written in Python. Bots creating using py-cord version 2.0.0 are vulnerable to remote shutdown if they are added to the server with the `application.commands` scope without the `bot` scope. Currently, it appears that all public bots that use slash commands are affected. This issue has been patched in version 2.0.1. There are currently no recommended workarounds - please upgrade to a patched version. | ||||
CVE-2022-35843 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-08-03 | 7.7 High |
An authentication bypass by assumed-immutable data vulnerability [CWE-302] in the FortiOS SSH login component 7.2.0, 7.0.0 through 7.0.7, 6.4.0 through 6.4.9, 6.2 all versions, 6.0 all versions and FortiProxy SSH login component 7.0.0 through 7.0.5, 2.0.0 through 2.0.10, 1.2.0 all versions may allow a remote and unauthenticated attacker to login into the device via sending specially crafted Access-Challenge response from the Radius server. | ||||
CVE-2022-34894 | 1 Jetbrains | 1 Hub | 2024-08-03 | 3.5 Low |
In JetBrains Hub before 2022.2.14799, insufficient access control allowed the hijacking of untrusted services | ||||
CVE-2022-34672 | 2 Microsoft, Nvidia | 3 Windows, Cloud Gaming, Virtual Gpu | 2024-08-03 | 7.8 High |
NVIDIA Control Panel for Windows contains a vulnerability where an unauthorized user or an unprivileged regular user can compromise the security of the software by gaining privileges, reading sensitive information, or executing commands. | ||||
CVE-2022-34457 | 1 Dell | 1 Command\|configure | 2024-08-03 | 7.3 High |
Dell command configuration, version 4.8 and prior, contains improper folder permission when installed not to default path but to non-secured path which leads to privilege escalation. This is critical severity vulnerability as it allows non-admin to modify the files inside installed directory and able to make application unavailable for all users. | ||||
CVE-2022-34453 | 1 Dell | 2 Xtremio X2, Xtremio X2 Firmware | 2024-08-03 | 7.6 High |
Dell XtremIO X2 XMS versions prior to 6-4-1.11 contain an improper access control vulnerability. A remote read only user could potentially exploit this vulnerability to perform add/delete QoS policies which are disabled by default. | ||||
CVE-2022-34270 | 2024-08-03 | 9.8 Critical | ||
An issue was discovered in RWS WorldServer before 11.7.3. Regular users can create users with the Administrator role via UserWSUserManager. | ||||
CVE-2022-33714 | 1 Google | 1 Android | 2024-08-03 | 6.2 Medium |
Improper access control vulnerability in SemWifiApBroadcastReceiver prior to SMR Aug-2022 Release 1 allows attacker to reset a setting value related to mobile hotspot. | ||||
CVE-2022-33720 | 1 Google | 1 Android | 2024-08-03 | 2.4 Low |
Improper authentication vulnerability in AppLock prior to SMR Aug-2022 Release 1 allows physical attacker to access Chrome locked by AppLock via new tap shortcut. | ||||
CVE-2022-33706 | 1 Samsung | 1 Samsung Gallery | 2024-08-03 | 2.4 Low |
Improper access control vulnerability in Samsung Gallery prior to version 13.1.05.8 allows physical attackers to access the pictures using S Pen air gesture. | ||||
CVE-2022-33731 | 1 Google | 1 Android | 2024-08-03 | 5.1 Medium |
Improper access control vulnerability in DesktopSystemUI prior to SMR Aug-2022 Release 1 allows attackers to enable and disable arbitrary components. |