Total
3659 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-33701 | 1 Google | 1 Android | 2024-11-21 | 3.3 Low |
| Improper access control vulnerability in KnoxCustomManagerService prior to SMR Jul-2022 Release 1 allows attacker to call PowerManaer.goToSleep method which is protected by system permission by sending braodcast intent. | ||||
| CVE-2022-33243 | 1 Qualcomm | 314 Apq8096au, Apq8096au Firmware, Aqt1000 and 311 more | 2024-11-21 | 8.4 High |
| Memory corruption due to improper access control in Qualcomm IPC. | ||||
| CVE-2022-32257 | 1 Siemens | 1 Sinema Remote Connect Server | 2024-11-21 | 9.8 Critical |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2). The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to unauthorized access to resources and potentially lead to code execution. | ||||
| CVE-2022-32256 | 1 Siemens | 1 Sinema Remote Connect Server | 2024-11-21 | 4.3 Medium |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to low privileged users accessing privileged information. | ||||
| CVE-2022-32255 | 1 Siemens | 1 Sinema Remote Connect Server | 2024-11-21 | 5.3 Medium |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to unauthorized access to limited information. | ||||
| CVE-2022-32158 | 1 Splunk | 1 Splunk | 2024-11-21 | 9 Critical |
| Splunk Enterprise deployment servers in versions before 8.1.10.1, 8.2.6.1, and 9.0 let clients deploy forwarder bundles to other deployment clients through the deployment server. An attacker that compromised a Universal Forwarder endpoint could use the vulnerability to execute arbitrary code on all other Universal Forwarder endpoints subscribed to the deployment server. | ||||
| CVE-2022-31257 | 1 Mendix | 1 Mendix | 2024-11-21 | 7.5 High |
| A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.31), Mendix Applications using Mendix 8 (All versions < V8.18.18), Mendix Applications using Mendix 9 (All versions < V9.14.0), Mendix Applications using Mendix 9 (V9.12) (All versions < V9.12.2), Mendix Applications using Mendix 9 (V9.6) (All versions < V9.6.12). In case of access to an active user session in an application that is built with an affected version, it’s possible to change that user’s password bypassing password validations within a Mendix application. This could allow to set weak passwords. | ||||
| CVE-2022-30752 | 1 Google | 1 Android | 2024-11-21 | 3.3 Low |
| Improper access control vulnerability in sendDHCPACKBroadcast function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected by using WIFI_AP_STA_STATE_CHANGED action. | ||||
| CVE-2022-30751 | 1 Google | 1 Android | 2024-11-21 | 3.3 Low |
| Improper access control vulnerability in sendDHCPACKBroadcast function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected by using WIFI_AP_STA_DHCPACK_EVENT action. | ||||
| CVE-2022-30750 | 1 Google | 1 Android | 2024-11-21 | 3.3 Low |
| Improper access control vulnerability in updateLastConnectedClientInfo function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected. | ||||
| CVE-2022-30745 | 1 Samsung | 1 Quick Share | 2024-11-21 | 4 Medium |
| Improper access control vulnerability in Quick Share prior to version 13.1.2.4 allows attacker to access internal files in Quick Share. | ||||
| CVE-2022-30715 | 1 Google | 1 Android | 2024-11-21 | 4 Medium |
| Improper access control vulnerability in DofViewer prior to SMR Jun-2022 Release 1 allows attackers to control floating system alert window. | ||||
| CVE-2022-2631 | 1 Tooljet | 1 Tooljet | 2024-11-21 | 8.8 High |
| Improper Access Control in GitHub repository tooljet/tooljet prior to v1.19.0. | ||||
| CVE-2022-2225 | 1 Cloudflare | 1 Warp | 2024-11-21 | 8.1 High |
| By using warp-cli subcommands (disable-ethernet, disable-wifi), it was possible for a user without admin privileges to bypass configured Zero Trust security policies (e.g. Secure Web Gateway policies) and features such as 'Lock WARP switch'. | ||||
| CVE-2022-29946 | 2024-11-21 | 6.3 Medium | ||
| NATS.io NATS Server before 2.8.2 and Streaming Server before 0.24.6 could allow a remote attacker to bypass security restrictions, caused by the failure to enforce negative user permissions in one scenario. By using a queue subscription on the wildcard, an attacker could exploit this vulnerability to allow denied subjects. | ||||
| CVE-2022-28780 | 1 Google | 1 Android | 2024-11-21 | 5 Medium |
| Improper access control vulnerability in Weather prior to SMR May-2022 Release 1 allows that attackers can access location information that set in Weather without permission. The patch adds proper protection to prevent access to location information. | ||||
| CVE-2022-28778 | 1 Samsung | 1 Samsung Security Supporter | 2024-11-21 | 4.4 Medium |
| Improper access control vulnerability in Samsung Security Supporter prior to version 1.2.40.0 allows attacker to set the arbitrary folder as Secret Folder without Samsung Security Supporter permission | ||||
| CVE-2022-28777 | 1 Samsung | 1 Members | 2024-11-21 | 4.3 Medium |
| Improper access control vulnerability in Samsung Members prior to version 13.6.08.5 allows local attacker to execute call function without CALL_PHONE permission. | ||||
| CVE-2022-28775 | 1 Samsung | 1 Samsung Flow | 2024-11-21 | 5.1 Medium |
| Improper access control vulnerability in Samsung Flow prior to version 4.8.06.5 allows attacker to write the file without Samsung Flow permission. | ||||
| CVE-2022-28758 | 1 Zoom | 1 Zoom On-premise Meeting Connector Mmr | 2024-11-21 | 8.2 High |
| Zoom On-Premise Meeting Connector MMR before version 4.8.20220815.130 contains an improper access control vulnerability. As a result, a malicious actor could obtain the audio and video feed of a meeting they were not authorized to join and cause other meeting disruptions. | ||||