Filtered by CWE-668
Total 657 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-40523 1 Qualcomm 370 9205 Lte Modem, 9205 Lte Modem Firmware, Aqt1000 and 367 more 2024-11-21 7.1 High
Information disclosure in Kernel due to indirect branch misprediction.
CVE-2022-40234 1 Ibm 1 Spectrum Protect Plus 2024-11-21 5.9 Medium
Versions of IBM Spectrum Protect Plus prior to 10.1.12 (excluding 10.1.12) include the private key information for a certificate inside the generated .crt file when uploading a TLS certificate to IBM Spectrum Protect Plus. If this generated .crt file is shared, an attacker can obtain the private key information for the uploaded certificate. IBM X-Force ID: 235718.
CVE-2022-39952 1 Fortinet 1 Fortinac 2024-11-21 9.8 Critical
A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP request.
CVE-2022-39871 1 Samsung 1 Smartthings 2024-11-21 4 Medium
Improper access control vulnerability cloudNotificationManager.java in SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcasts.
CVE-2022-39870 1 Samsung 1 Smartthings 2024-11-21 4 Medium
Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via PUSH_MESSAGE_RECEIVED broadcast.
CVE-2022-39869 1 Samsung 1 Smartthings 2024-11-21 4 Medium
Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via REMOVE_PERSISTENT_BANNER broadcast.
CVE-2022-39015 1 Sap 1 Business Objects Business Intelligence Platform 2024-11-21 6.5 Medium
Under certain conditions, BOE AdminTools/ BOE SDK allows an attacker to access information which would otherwise be restricted.
CVE-2022-34765 1 Schneider-electric 4 Opc Ua Module For M580, Opc Ua Module For M580 Firmware, X80 Advanced Rtu Module and 1 more 2024-11-21 5.5 Medium
A CWE-73: External Control of File Name or Path vulnerability exists that could cause loading of unauthorized firmware images when user-controlled data is written to the file path. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V2.01 and later), OPC UA Modicon Communication Module (BMENUA0100) (V1.10 and prior)
CVE-2022-34464 1 Siemens 4 Sicam Gridedge Essential Arm, Sicam Gridedge Essential Gds Arm, Sicam Gridedge Essential Gds Intel and 1 more 2024-11-21 5.5 Medium
A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions), SICAM GridEdge Essential Intel (All versions < V2.7.3), SICAM GridEdge Essential with GDS ARM (All versions), SICAM GridEdge Essential with GDS Intel (All versions < V2.7.3). Affected software uses an improperly protected file to import SSH keys. Attackers with access to the filesystem of the host on which SICAM GridEdge runs, are able to inject a custom SSH key to that file.
CVE-2022-34364 1 Dell 1 Bsafe Ssl-j 2024-11-21 4.4 Medium
Dell BSAFE SSL-J, versions before 6.5 and version 7.0 contain a debug message revealing unnecessary information vulnerability. This may lead to disclosing sensitive information to a locally privileged user. .
CVE-2022-34047 1 Wavlink 2 Wl-wn530hg4, Wl-wn530hg4 Firmware 2024-11-21 7.5 High
An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows attackers to obtain usernames and passwords via view-source:http://IP_ADDRESS/set_safety.shtml?r=52300 and searching for [var syspasswd].
CVE-2022-33700 1 Google 1 Android 2024-11-21 2 Low
Exposure of Sensitive Information in putDsaSimImsi in TelephonyUI prior to SMR Jul-2022 Release 1 allows local attacker to access imsi via log.
CVE-2022-33699 1 Google 1 Android 2024-11-21 2 Low
Exposure of Sensitive Information in getDsaSimImsi in TelephonyUI prior to SMR Jul-2022 Release 1 allows local attacker to access imsi via log.
CVE-2022-33698 1 Google 1 Android 2024-11-21 3.3 Low
Exposure of Sensitive Information in Telecom application prior to SMR Jul-2022 Release 1 allows local attackers to access ICCID via log.
CVE-2022-33696 1 Google 1 Android 2024-11-21 4 Medium
Exposure of Sensitive Information in Telephony service prior to SMR Jul-2022 Release 1 allows local attacker to access imsi and iccid via log.
CVE-2022-33694 1 Google 1 Android 2024-11-21 4 Medium
Exposure of Sensitive Information in CSC application prior to SMR Jul-2022 Release 1 allows local attacker to access wifi information via unprotected intent broadcasting.
CVE-2022-33692 1 Google 1 Android 2024-11-21 4 Medium
Exposure of Sensitive Information in Messaging application prior to SMR Jul-2022 Release 1 allows local attacker to access imsi and iccid via log.
CVE-2022-32530 1 Schneider-electric 1 Geo Scada Mobile 2024-11-21 4.8 Medium
A CWE-668 Exposure of Resource to Wrong Sphere vulnerability exists that could cause users to be misled, hiding alarms, showing the wrong server connection option or the wrong control request when a mobile device has been compromised by a malicious application. Affected Product: Geo SCADA Mobile (Build 222 and prior)
CVE-2022-32249 1 Sap 1 Business One 2024-11-21 7.5 High
Under special integration scenario of SAP Business one and SAP HANA - version 10.0, an attacker can exploit HANA cockpit�s data volume to gain access to highly sensitive information (e.g., high privileged account credentials)
CVE-2022-32221 6 Apple, Debian, Haxx and 3 more 16 Macos, Debian Linux, Curl and 13 more 2024-11-21 9.8 Critical
When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST.