Total
29572 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-44544 | 2 Canonical, Mahara | 2 Ubuntu Linux, Mahara | 2025-05-02 | 9.8 Critical |
| Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04.3, and 22.10 before 22.10.0 potentially allow a PDF export to trigger a remote shell if the site is running on Ubuntu and the flag -dSAFER is not set with Ghostscript. | ||||
| CVE-2022-42707 | 1 Mahara | 1 Mahara | 2025-05-02 | 7.5 High |
| In Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04.3, and 22.10 before 22.10.0, embedded images are accessible without a sufficient permission check under certain conditions. | ||||
| CVE-2022-38582 | 1 Watchdog | 1 Anti-virus | 2025-05-02 | 6.5 Medium |
| Incorrect access control in the anti-virus driver wsdkd.sys of Watchdog Antivirus v1.4.158 allows attackers to write arbitrary files. | ||||
| CVE-2004-0230 | 7 Juniper, Mcafee, Microsoft and 4 more | 12 Junos, Network Data Loss Prevention, Windows 2000 and 9 more | 2025-05-02 | N/A |
| TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP. | ||||
| CVE-2022-24309 | 1 Mendix | 1 Mendix | 2025-05-02 | 6.8 Medium |
| A vulnerability has been identified in Mendix Runtime V7 (All versions < V7.23.29), Mendix Runtime V8 (All versions < V8.18.16), Mendix Runtime V9 (All versions < V9.13 only with Runtime Custom Setting *DataStorage.UseNewQueryHandler* set to False). If an entity has an association readable by the user, then in some cases, Mendix Runtime may not apply checks for XPath constraints that parse said associations, within apps running on affected versions. A malicious user could use this to dump and manipulate sensitive data. | ||||
| CVE-2022-44622 | 1 Jetbrains | 1 Teamcity | 2025-05-02 | 2.7 Low |
| In JetBrains TeamCity version between 2021.2 and 2022.10 access permissions for secure token health items were excessive | ||||
| CVE-2022-39879 | 1 Google | 1 Android | 2025-05-01 | 5.9 Medium |
| Improper authorization vulnerability in?CallBGProvider prior to SMR Nov-2022 Release 1 allows local attacker to grant permission for accessing information with phone uid. | ||||
| CVE-2022-39883 | 1 Google | 1 Android | 2025-05-01 | 4 Medium |
| Improper authorization vulnerability in StorageManagerService prior to SMR Nov-2022 Release 1 allows local attacker to call privileged API. | ||||
| CVE-2022-39887 | 1 Google | 1 Android | 2025-05-01 | 4.3 Medium |
| Improper access control vulnerability in clearAllGlobalProxy in MiscPolicy prior to SMR Nov-2022 Release 1 allows local attacker to configure EDM setting. | ||||
| CVE-2022-39889 | 1 Samsung | 1 Galaxywatch4plugin | 2025-05-01 | 4 Medium |
| Improper access control vulnerability in GalaxyWatch4Plugin prior to versions 2.2.11.22101351 and 2.2.12.22101351 allows attackers to access wearable device information. | ||||
| CVE-2022-39890 | 1 Samsung | 1 Billing | 2025-05-01 | 6.2 Medium |
| Improper Authorization in Samsung Billing prior to version 5.0.56.0 allows attacker to get sensitive information. | ||||
| CVE-2022-3285 | 1 Gitlab | 1 Gitlab | 2025-05-01 | 5.3 Medium |
| Bypass of healthcheck endpoint allow list affecting all versions from 12.0 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an unauthorized attacker to prevent access to GitLab | ||||
| CVE-2022-3706 | 1 Gitlab | 1 Gitlab | 2025-05-01 | 3.1 Low |
| Improper authorization in GitLab CE/EE affecting all versions from 7.14 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a user retrying a job in a downstream pipeline to take ownership of the retried jobs in the upstream pipeline even if the user doesn't have access to that project. | ||||
| CVE-2022-3793 | 1 Gitlab | 1 Gitlab | 2025-05-01 | 4.3 Medium |
| An improper authorization issue in GitLab CE/EE affecting all versions from 14.4 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to read variables set directly in a GitLab CI/CD configuration file they don't have access to. | ||||
| CVE-2022-31687 | 1 Vmware | 1 Workspace One Assist | 2025-05-01 | 9.8 Critical |
| VMware Workspace ONE Assist prior to 22.10 contains a Broken Access Control vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application. | ||||
| CVE-2022-20452 | 1 Google | 1 Android | 2025-05-01 | 7.8 High |
| In initializeFromParcelLocked of BaseBundle.java, there is a possible method arbitrary code execution due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-240138318 | ||||
| CVE-2022-39884 | 1 Google | 1 Android | 2025-05-01 | 4.3 Medium |
| Improper access control vulnerability in IImsService prior to SMR Nov-2022 Release 1 allows local attacker to access to Call information. | ||||
| CVE-2021-33193 | 6 Apache, Debian, Fedoraproject and 3 more | 9 Http Server, Debian Linux, Fedora and 6 more | 2025-05-01 | 7.5 High |
| A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48. | ||||
| CVE-2022-30556 | 4 Apache, Fedoraproject, Netapp and 1 more | 5 Http Server, Fedora, Clustered Data Ontap and 2 more | 2025-05-01 | 7.5 High |
| Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer. | ||||
| CVE-2022-44560 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-01 | 5.3 Medium |
| The launcher module has an Intent redirection vulnerability. Successful exploitation of this vulnerability may cause launcher module data to be modified. | ||||