Total
690 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-39340 | 1 Openfga | 1 Openfga | 2024-08-03 | 5.3 Medium |
| OpenFGA is an authorization/permission engine. Prior to version 0.2.4, the `streamed-list-objects` endpoint was not validating the authorization header, resulting in disclosure of objects in the store. Users `openfga/openfga` versions 0.2.3 and prior who are exposing the OpenFGA service to the internet are vulnerable. Version 0.2.4 contains a patch for this issue. | ||||
| CVE-2022-36857 | 2 Google, Samsung | 2 Android, Photo Editor | 2024-08-03 | 1.9 Low |
| Improper Authorization vulnerability in Photo Editor prior to SMR Sep-2022 Release 1 allows physical attackers to read internal application data. | ||||
| CVE-2022-36871 | 1 Samsung | 2 Samsung Pay, Samsung Pay Kr | 2024-08-03 | 5 Medium |
| Pending Intent hijacking vulnerability in NotiCenterUtils in Samsung Pay prior to version 5.0.63 for KR and 5.1.47 for Global allows attackers to access files without permission via implicit Intent. | ||||
| CVE-2022-36852 | 1 Google | 1 Android | 2024-08-03 | 1.9 Low |
| Improper Authorization vulnerability in Video Editor prior to SMR Sep-2022 Release 1 allows local attacker to access internal application data. | ||||
| CVE-2022-36876 | 1 Samsung | 1 Samsung Pass | 2024-08-03 | 1.8 Low |
| Improper authorization in UPI payment in Samsung Pass prior to version 4.0.04.10 allows physical attackers to access account list without authentication. | ||||
| CVE-2022-36872 | 1 Samsung | 2 Samsung Pay, Samsung Pay Kr | 2024-08-03 | 5 Medium |
| Pending Intent hijacking vulnerability in SpayNotification in Samsung Pay prior to version 5.0.63 for KR and 5.1.47 for Global allows attackers to access files without permission via implicit Intent. | ||||
| CVE-2022-36870 | 1 Samsung | 2 Samsung Pay, Samsung Pay Kr | 2024-08-03 | 5 Medium |
| Pending Intent hijacking vulnerability in MTransferNotificationManager in Samsung Pay prior to version 5.0.63 for KR and 5.1.47 for Global allows attackers to access files without permission via implicit Intent. | ||||
| CVE-2022-36837 | 1 Samsung | 1 Samsung Email | 2024-08-03 | 6.2 Medium |
| Intent redirection vulnerability using implicit intent in Samsung email prior to version 6.1.70.20 allows attacker to get sensitive information. | ||||
| CVE-2022-36838 | 1 Samsung | 1 Galaxy Wearable | 2024-08-03 | 4 Medium |
| Implicit Intent hijacking vulnerability in Galaxy Wearable prior to version 2.2.50 allows attacker to get sensitive information. | ||||
| CVE-2022-36848 | 1 Google | 1 Android | 2024-08-03 | 5.1 Medium |
| Improper Authorization vulnerability in setDualDARPolicyCmd prior to SMR Sep-2022 Release 1 allows local attackers to cause local permanent denial of service. | ||||
| CVE-2022-36090 | 1 Xwiki | 1 Xwiki | 2024-08-03 | 8.1 High |
| XWiki Platform Old Core is a core package for XWiki Platform, a generic wiki platform. Prior to versions 13.1.0.5 and 14.3-rc-1, some resources are missing a check for inactive (not yet activated or disabled) users in XWiki, including the REST service. This means a disabled user can enable themselves using a REST call. On the same way some resources handler created by extensions are not protected by default, so an inactive user could perform actions for such extensions. This issue has existed since at least version 1.1 of XWiki for instance configured with the email activation required for new users. Now it's more critical for versions 11.3-rc-1 and later since the maintainers provided the capability to disable user without deleting them and encouraged using that feature. XWiki 14.3-rc-1 and XWiki 13.10.5 contain a patch. There is no workaround for this other than upgrading XWiki. | ||||
| CVE-2022-36110 | 1 Gravitl | 1 Netmaker | 2024-08-03 | 8.8 High |
| Netmaker makes networks with WireGuard. Prior to version 0.15.1, Improper Authorization functions lead to non-privileged users running privileged API calls. If someone adds users to the Netmaker platform who do not have admin privileges, they can use their auth tokens to run admin-level functions via the API. This problem has been patched in v0.15.1. | ||||
| CVE-2022-34446 | 1 Dell | 1 Powerpath Management Appliance | 2024-08-03 | 8.8 High |
| PowerPath Management Appliance with versions 3.3 & 3.2* contains Authorization Bypass vulnerability. An authenticated remote user with limited privileges (e.g., of role Monitoring) can exploit this issue and gain access to sensitive information, and modify the configuration. | ||||
| CVE-2022-34405 | 1 Dell | 34 Alienware Area 51m R1, Alienware Area 51m R2, Alienware Aurora R10 and 31 more | 2024-08-03 | 7.3 High |
| An improper access control vulnerability was identified in the Realtek audio driver. A local authenticated malicious user may potentially exploit this vulnerability by waiting for an administrator to launch the application and attach to the process to elevate privileges on the system. | ||||
| CVE-2022-33722 | 1 Google | 1 Android | 2024-08-03 | 4 Medium |
| Implicit Intent hijacking vulnerability in Smart View prior to SMR Aug-2022 Release 1 allows attacker to access connected device MAC address. | ||||
| CVE-2022-33702 | 1 Google | 1 Android | 2024-08-03 | 6.2 Medium |
| Improper authorization vulnerability in Knoxguard prior to SMR Jul-2022 Release 1 allows local attacker to disable keyguard and bypass Knoxguard lock by factory reset. | ||||
| CVE-2022-33713 | 1 Samsung | 1 Cloud | 2024-08-03 | 7.5 High |
| Implicit Intent hijacking vulnerability in Samsung Cloud prior to version 5.2.0 allows attacker to get sensitive information. | ||||
| CVE-2022-33712 | 2 Google, Samsung | 2 Android, Camera | 2024-08-03 | 5.3 Medium |
| Intent redirection vulnerability using implict intent in Camera prior to versions 12.0.01.64 ,12.0.3.23, 12.0.0.98, 12.0.6.11, 12.0.3.19 in Android S(12) allows attacker to get sensitive information. | ||||
| CVE-2022-33705 | 1 Samsung | 1 Calendar | 2024-08-03 | 3.3 Low |
| Information exposure in Calendar prior to version 12.3.05.10000 allows attacker to access calendar schedule without READ_CALENDAR permission. | ||||
| CVE-2022-31609 | 1 Nvidia | 1 Virtual Gpu | 2024-08-03 | 7.8 High |
| NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it allows the guest VM to allocate resources for which the guest is not authorized. This vulnerability may lead to loss of data integrity and confidentiality, denial of service, or information disclosure. | ||||