Total
2002 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-24077 | 1 Naver | 1 Cloud Explorer | 2024-08-03 | 7.8 High |
| Naver Cloud Explorer Beta allows the attacker to execute arbitrary code as System privilege via malicious DLL injection. | ||||
| CVE-2022-24072 | 1 Navercorp | 1 Whale | 2024-08-03 | 6.1 Medium |
| The devtools API in Whale browser before 3.12.129.18 allowed extension developers to inject arbitrary JavaScript into the extension store web page via devtools.inspectedWindow, leading to extensions downloading and uploading when users open the developer tool. | ||||
| CVE-2022-23737 | 1 Github | 1 Enterprise Server | 2024-08-03 | 6.5 Medium |
| An improper privilege management vulnerability was identified in GitHub Enterprise Server that allowed users with improper privileges to create or delete pages via the API. To exploit this vulnerability, an attacker would need to be added to an organization's repo with write permissions. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.7 and was fixed in versions 3.2.20, 3.3.15, 3.4.10, 3.5.7, and 3.6.3. This vulnerability was reported via the GitHub Bug Bounty program. | ||||
| CVE-2022-23720 | 1 Pingidentity | 1 Pingid Integration For Windows Login | 2024-08-03 | 7.5 High |
| PingID Windows Login prior to 2.8 does not alert or halt operation if it has been provisioned with the full permissions PingID properties file. An IT administrator could mistakenly deploy administrator privileged PingID API credentials, such as those typically used by PingFederate, into PingID Windows Login user endpoints. Using sensitive full permissions properties file outside of a privileged trust boundary leads to an increased risk of exposure or discovery, and an attacker could leverage these credentials to perform administrative actions against PingID APIs or endpoints. | ||||
| CVE-2022-23743 | 1 Checkpoint | 1 Zonealarm | 2024-08-03 | 7.8 High |
| Check Point ZoneAlarm before version 15.8.200.19118 allows a local actor to escalate privileges during the upgrade process. In addition, weak permissions in the ProgramData\CheckPoint\ZoneAlarm\Data\Updates directory allow a local attacker the ability to execute an arbitrary file write, leading to execution of code as local system, in ZoneAlarm versions before v15.8.211.192119 | ||||
| CVE-2022-23604 | 1 X26-cogs Project | 1 X26-cogs | 2024-08-03 | 8.8 High |
| x26-Cogs is a repository of cogs made by Twentysix for the Red Discord bot. Among these cogs is the Defender cog, a tool for Discord server moderation. A vulnerability in the Defender cog prior to version 1.10.0 allows users with admin privileges to issue commands as other users who share the same server. If a bot owner shares the same server as the attacker, it is possible for the attacker to issue bot-owner restricted commands. The issue has been patched in version 1.10.0. One may unload the Defender cog as a workaround. | ||||
| CVE-2022-23485 | 1 Sentry | 1 Sentry | 2024-08-03 | 6.4 Medium |
| Sentry is an error tracking and performance monitoring platform. In versions of the sentry python library prior to 22.11.0 an attacker with a known valid invite link could manipulate a cookie to allow the same invite link to be reused on multiple accounts when joining an organization. As a result an attacker with a valid invite link can create multiple users and join an organization they may not have been originally invited to. This issue was patched in version 22.11.0. Sentry SaaS customers do not need to take action. Self-hosted Sentry installs on systems which can not upgrade can disable the invite functionality until they are ready to deploy the patched version by editing their `sentry.conf.py` file (usually located at `~/.sentry/`). | ||||
| CVE-2022-23296 | 1 Microsoft | 23 Windows 10, Windows 10 1507, Windows 10 1607 and 20 more | 2024-08-03 | 7.8 High |
| Windows Installer Elevation of Privilege Vulnerability | ||||
| CVE-2022-22263 | 1 Google | 1 Android | 2024-08-03 | 4 Medium |
| Unprotected dynamic receiver in SecSettings prior to SMR Jan-2022 Release 1 allows untrusted applications to launch arbitrary activity. | ||||
| CVE-2022-22266 | 1 Google | 1 Android | 2024-08-03 | 4 Medium |
| (Applicable to China models only) Unprotected WifiEvaluationService in TencentWifiSecurity application prior to SMR Jan-2022 Release 1 allows untrusted applications to get WiFi information without proper permission. | ||||
| CVE-2022-22257 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-08-03 | 7.5 High |
| The customization framework has a vulnerability of improper permission control.Successful exploitation of this vulnerability may affect data integrity. | ||||
| CVE-2022-22141 | 1 Yokogawa | 9 Centum Cs 3000, Centum Cs 3000 Entry, Centum Cs 3000 Entry Firmware and 6 more | 2024-08-03 | 7.8 High |
| 'Long-term Data Archive Package' service implemented in the following Yokogawa Electric products creates some named pipe with imporper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00. | ||||
| CVE-2022-21827 | 1 Citrix | 1 Gateway Plug-in | 2024-08-03 | 7.1 High |
| An improper privilege vulnerability has been discovered in Citrix Gateway Plug-in for Windows (Citrix Secure Access for Windows) <21.9.1.2 what could allow an attacker who has gained local access to a computer with Citrix Gateway Plug-in installed, to corrupt or delete files as SYSTEM. | ||||
| CVE-2022-21699 | 3 Debian, Fedoraproject, Ipython | 3 Debian Linux, Fedora, Ipython | 2024-08-03 | 8.2 High |
| IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Affected versions are subject to an arbitrary code execution vulnerability achieved by not properly managing cross user temporary files. This vulnerability allows one user to run code as another on the same machine. All users are advised to upgrade. | ||||
| CVE-2022-20112 | 1 Google | 1 Android | 2024-08-03 | 5.5 Medium |
| In getAvailabilityStatus of PrivateDnsPreferenceController.java, there is a possible way for a guest user to change private DNS settings due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-206987762 | ||||
| CVE-2022-20114 | 1 Google | 1 Android | 2024-08-03 | 7.8 High |
| In placeCall of TelecomManager.java, there is a possible way for an application to keep itself running with foreground service importance due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-211114016 | ||||
| CVE-2022-20051 | 2 Google, Mediatek | 63 Android, Mt6731, Mt6732 and 60 more | 2024-08-03 | 5.5 Medium |
| In ims service, there is a possible unexpected application behavior due to incorrect privilege assignment. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06219127; Issue ID: ALPS06219127. | ||||
| CVE-2022-4808 | 1 Usememos | 1 Memos | 2024-08-03 | 8.8 High |
| Improper Privilege Management in GitHub repository usememos/memos prior to 0.9.1. | ||||
| CVE-2022-4687 | 1 Usememos | 1 Memos | 2024-08-03 | 8.1 High |
| Incorrect Use of Privileged APIs in GitHub repository usememos/memos prior to 0.9.0. | ||||
| CVE-2022-4441 | 1 Hitachi | 1 Storage Plug-in | 2024-08-03 | 7.6 High |
| Incorrect Privilege Assignment vulnerability in Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation. This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.9.0 before 04.9.1. | ||||