Search Results (363397 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-28790 1 Samsung 1 Link To Windows Service 2024-11-21 4 Medium
Improper authentication in Link to Windows Service prior to version 2.3.04.1 allows attacker to lock the device. The patch adds proper caller signature check logic.
CVE-2022-28789 1 Samsung 1 Voice Note 2024-11-21 6.2 Medium
Unprotected activities in Voice Note prior to version 21.3.51.11 allows attackers to record voice without user interaction. The patch adds proper permission for vulnerable activities.
CVE-2022-28788 1 Google 1 Android 2024-11-21 4 Medium
Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic.
CVE-2022-28787 1 Google 1 Android 2024-11-21 4 Medium
Improper buffer size check logic in wmfextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic.
CVE-2022-28786 1 Google 1 Android 2024-11-21 4 Medium
Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic.
CVE-2022-28785 1 Google 1 Android 2024-11-21 4 Medium
Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic.
CVE-2022-28784 1 Google 1 Android 2024-11-21 4 Medium
Path traversal vulnerability in Galaxy Themes prior to SMR May-2022 Release 1 allows attackers to list file names in arbitrary directory as system user. The patch addresses incorrect implementation of file path validation check logic.
CVE-2022-28783 1 Google 1 Android 2024-11-21 6.2 Medium
Improper validation of removing package name in Galaxy Themes prior to SMR May-2022 Release 1 allows attackers to uninstall arbitrary packages without permission. The patch adds proper validation logic for removing package name.
CVE-2022-28782 1 Google 1 Android 2024-11-21 4.6 Medium
Improper access control vulnerability in Contents To Window prior to SMR May-2022 Release 1 allows physical attacker to install package before completion of Setup wizard. The patch blocks entry point of the vulnerability.
CVE-2022-28781 1 Google 1 Android 2024-11-21 7.7 High
Improper input validation in Settings prior to SMR-May-2022 Release 1 allows attackers to launch arbitrary activity with system privilege. The patch adds proper validation logic to check the caller.
CVE-2022-28780 1 Google 1 Android 2024-11-21 5 Medium
Improper access control vulnerability in Weather prior to SMR May-2022 Release 1 allows that attackers can access location information that set in Weather without permission. The patch adds proper protection to prevent access to location information.
CVE-2022-28779 1 Samsung 1 Android Usb Driver Windows Installer 2024-11-21 5.3 Medium
Uncontrolled search path element vulnerability in Samsung Android USB Driver windows installer program prior to version 1.7.50 allows attacker to execute arbitrary code.
CVE-2022-28778 1 Samsung 1 Samsung Security Supporter 2024-11-21 4.4 Medium
Improper access control vulnerability in Samsung Security Supporter prior to version 1.2.40.0 allows attacker to set the arbitrary folder as Secret Folder without Samsung Security Supporter permission
CVE-2022-28777 1 Samsung 1 Members 2024-11-21 4.3 Medium
Improper access control vulnerability in Samsung Members prior to version 13.6.08.5 allows local attacker to execute call function without CALL_PHONE permission.
CVE-2022-28776 1 Samsung 1 Galaxy Store 2024-11-21 5.9 Medium
Improper access control vulnerability in Galaxy Store prior to version 4.5.36.4 allows attacker to install applications from Galaxy Store without user interactions.
CVE-2022-28775 1 Samsung 1 Samsung Flow 2024-11-21 5.1 Medium
Improper access control vulnerability in Samsung Flow prior to version 4.8.06.5 allows attacker to write the file without Samsung Flow permission.
CVE-2022-28774 1 Sap 1 Host Agent 2024-11-21 5.5 Medium
Under certain conditions, the SAP Host Agent logfile shows information which would otherwise be restricted.
CVE-2022-28772 1 Sap 2 Netweaver, Web Dispatcher 2024-11-21 7.5 High
By overlong input values an attacker may force overwrite of the internal program stack in SAP Web Dispatcher - versions 7.53, 7.77, 7.81, 7.85, 7.86, or Internet Communication Manager - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, which makes these programs unavailable, leading to denial of service.
CVE-2022-28770 1 Sap 1 Sapui5 Library 2024-11-21 6.1 Medium
Due to insufficient input validation, SAPUI5 library(vbm) - versions 750, 753, 754, 755, 75, allows an unauthenticated attacker to inject a script into the URL and execute code. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.
CVE-2022-28758 1 Zoom 1 Zoom On-premise Meeting Connector Mmr 2024-11-21 8.2 High
Zoom On-Premise Meeting Connector MMR before version 4.8.20220815.130 contains an improper access control vulnerability. As a result, a malicious actor could obtain the audio and video feed of a meeting they were not authorized to join and cause other meeting disruptions.