Total
835 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-36838 | 1 Samsung | 1 Galaxy Wearable | 2024-11-21 | 4 Medium |
| Implicit Intent hijacking vulnerability in Galaxy Wearable prior to version 2.2.50 allows attacker to get sensitive information. | ||||
| CVE-2022-36837 | 1 Samsung | 1 Samsung Email | 2024-11-21 | 6.2 Medium |
| Intent redirection vulnerability using implicit intent in Samsung email prior to version 6.1.70.20 allows attacker to get sensitive information. | ||||
| CVE-2022-34434 | 1 Dell | 1 Cloud Mobility For Dell Emc Storage | 2024-11-21 | 6.7 Medium |
| Cloud Mobility for Dell Storage versions 1.3.0 and earlier contains an Improper Access Control vulnerability within the Postgres database. A threat actor with root level access to either the vApp or containerized versions of Cloud Mobility may potentially exploit this vulnerability, leading to the modification or deletion of tables that are required for many of the core functionalities of Cloud Mobility. Exploitation may lead to the compromise of integrity and availability of the normal functionality of the Cloud Mobility application. | ||||
| CVE-2022-33722 | 1 Google | 1 Android | 2024-11-21 | 4 Medium |
| Implicit Intent hijacking vulnerability in Smart View prior to SMR Aug-2022 Release 1 allows attacker to access connected device MAC address. | ||||
| CVE-2022-33713 | 1 Samsung | 1 Cloud | 2024-11-21 | 7.5 High |
| Implicit Intent hijacking vulnerability in Samsung Cloud prior to version 5.2.0 allows attacker to get sensitive information. | ||||
| CVE-2022-33712 | 2 Google, Samsung | 2 Android, Camera | 2024-11-21 | 5.3 Medium |
| Intent redirection vulnerability using implict intent in Camera prior to versions 12.0.01.64 ,12.0.3.23, 12.0.0.98, 12.0.6.11, 12.0.3.19 in Android S(12) allows attacker to get sensitive information. | ||||
| CVE-2022-33705 | 1 Samsung | 1 Calendar | 2024-11-21 | 3.3 Low |
| Information exposure in Calendar prior to version 12.3.05.10000 allows attacker to access calendar schedule without READ_CALENDAR permission. | ||||
| CVE-2022-33702 | 1 Google | 1 Android | 2024-11-21 | 6.2 Medium |
| Improper authorization vulnerability in Knoxguard prior to SMR Jul-2022 Release 1 allows local attacker to disable keyguard and bypass Knoxguard lock by factory reset. | ||||
| CVE-2022-32170 | 1 Bytebase | 1 Bytebase | 2024-11-21 | N/A |
| The “Bytebase” application does not restrict low privilege user to access admin “projects“ for which an unauthorized user can view the “projects“ created by “Admin” and the affected endpoint is “/api/project?user=${userId}”. | ||||
| CVE-2022-32169 | 1 Bytebase | 1 Bytebase | 2024-11-21 | N/A |
| The “Bytebase” application does not restrict low privilege user to access “admin issues“ for which an unauthorized user can view the “OPEN” and “CLOSED” issues by “Admin” and the affected endpoint is “/issue”. | ||||
| CVE-2022-31609 | 1 Nvidia | 1 Virtual Gpu | 2024-11-21 | 7.8 High |
| NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it allows the guest VM to allocate resources for which the guest is not authorized. This vulnerability may lead to loss of data integrity and confidentiality, denial of service, or information disclosure. | ||||
| CVE-2022-31247 | 1 Suse | 1 Rancher | 2024-11-21 | 9.1 Critical |
| An Improper Authorization vulnerability in SUSE Rancher, allows any user who has permissions to create/edit cluster role template bindings or project role template bindings (such as cluster-owner, manage cluster members, project-owner and manage project members) to gain owner permission in another project in the same cluster or in another project on a different downstream cluster. This issue affects: SUSE Rancher Rancher versions prior to 2.6.7; Rancher versions prior to 2.5.16. | ||||
| CVE-2022-30757 | 1 Google | 1 Android | 2024-11-21 | 4 Medium |
| Improper authorization in isemtelephony prior to SMR Jul-2022 Release 1 allows attacker to obtain CID without ACCESS_FINE_LOCATION permission. | ||||
| CVE-2022-30746 | 1 Samsung | 1 Smartthings | 2024-11-21 | 7.5 High |
| Missing caller check in Smart Things prior to version 1.7.85.12 allows attacker to access senstive information remotely using javascript interface API. | ||||
| CVE-2022-30730 | 1 Samsung | 1 Samsung Pass | 2024-11-21 | 4.6 Medium |
| Improper authorization in Samsung Pass prior to 1.0.00.33 allows physical attackers to acess account list without authentication. | ||||
| CVE-2022-30722 | 1 Google | 1 Android | 2024-11-21 | 6.2 Medium |
| Implicit Intent hijacking vulnerability in Samsung Account prior to SMR Jun-2022 Release 1 allows attackers to bypass user confirmation of Samsung Account. | ||||
| CVE-2022-30717 | 1 Google | 1 Android | 2024-11-21 | 4 Medium |
| Improper caller check in AR Emoji prior to SMR Jun-2022 Release 1 allows untrusted applications to use some camera functions via deeplink. | ||||
| CVE-2022-30670 | 2 Adobe, Microsoft | 2 Robohelp Server, Windows | 2024-11-21 | 8.8 High |
| RoboHelp Server earlier versions than RHS 11 Update 3 are affected by an Improper Authorization vulnerability which could lead to privilege escalation. An authenticated attacker could leverage this vulnerability to achieve full administrator privileges. Exploitation of this issue does not require user interaction. | ||||
| CVE-2022-2901 | 1 Chatwoot | 1 Chatwoot | 2024-11-21 | 7.1 High |
| Improper Authorization in GitHub repository chatwoot/chatwoot prior to 2.8. | ||||
| CVE-2022-2675 | 1 Unitree | 2 Go 1, Go 1 Firmware | 2024-11-21 | 6.5 Medium |
| Using off-the-shelf commodity hardware, the Unitree Go 1 robotics platform version H0.1.7 and H0.1.9 (using firmware version 0.1.35) can be powered down by an attacker within normal RF range without authentication. Other versions may be affected, such as the A1. | ||||