Total
121 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-30738 | 1 Samsung | 1 Internet | 2024-11-21 | 4.3 Medium |
| Improper check in Loader in Samsung Internet prior to 17.0.1.69 allows attackers to spoof address bar via executing script. | ||||
| CVE-2022-27841 | 1 Samsung | 1 Samsung Pass | 2024-11-21 | 4.3 Medium |
| Improper exception handling in Samsung Pass prior to version 3.7.07.5 allows physical attacker to view the screen that is previously running without authentication | ||||
| CVE-2022-23004 | 1 Westerndigital | 1 Sweet B | 2024-11-21 | 5.3 Medium |
| When computing a shared secret or point multiplication on the NIST P-256 curve using a public key with an X coordinate of zero, an error is returned from the library, and an invalid unreduced value is written to the output buffer. This may be leveraged by an attacker to cause an error scenario, resulting in a limited denial of service for an individual user. The scope of impact cannot extend to other components. | ||||
| CVE-2022-23003 | 1 Westerndigital | 1 Sweet B | 2024-11-21 | 5.3 Medium |
| When computing a shared secret or point multiplication on the NIST P-256 curve that results in an X coordinate of zero, the resulting output is not properly reduced modulo the P-256 field prime and is invalid. The resulting output may cause an error when used in other operations. This may be leveraged by an attacker to cause an error scenario or incorrect choice of session key in applications which use the library, resulting in a limited denial of service for an individual user. The scope of impact cannot extend to other components. | ||||
| CVE-2022-23002 | 1 Westerndigital | 1 Sweet B | 2024-11-21 | 5.3 Medium |
| When compressing or decompressing a point on the NIST P-256 elliptic curve with an X coordinate of zero, the resulting output is not properly reduced modulo the P-256 field prime and is invalid. The resulting output will cause an error when used in other operations. This may be leveraged by an attacker to cause an error scenario in applications which use the library, resulting in a limited denial of service for an individual user. The scope of impact cannot extend to other components. | ||||
| CVE-2022-22290 | 1 Samsung | 1 Internet | 2024-11-21 | 6.5 Medium |
| Incorrect download source UI in Downloads in Samsung Internet prior to 16.0.6.23 allows attackers to perform domain spoofing via a crafted HTML page. | ||||
| CVE-2022-20924 | 1 Cisco | 2 Adaptive Security Appliance Software, Firepower Threat Defense | 2024-11-21 | 7.7 High |
| A vulnerability in the Simple Network Management Protocol (SNMP) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. | ||||
| CVE-2022-0016 | 3 Apple, Microsoft, Paloaltonetworks | 3 Macos, Windows, Globalprotect | 2024-11-21 | 7.4 High |
| An improper handling of exceptional conditions vulnerability exists within the Connect Before Logon feature of the Palo Alto Networks GlobalProtect app that enables a local attacker to escalate to SYSTEM or root privileges when authenticating with Connect Before Logon under certain circumstances. This issue impacts GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.9 on Windows and MacOS. This issue does not affect the GlobalProtect app on other platforms. | ||||
| CVE-2021-3433 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | 4 Medium |
| Invalid channel map in CONNECT_IND results to Deadlock. Zephyr versions >= v2.5.0 Improper Check or Handling of Exceptional Conditions (CWE-703). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3c2f-w4v6-qxrp | ||||
| CVE-2021-25525 | 1 Samsung | 1 Pay | 2024-11-21 | 2 Low |
| Improper check or handling of exception conditions vulnerability in Samsung Pay (US only) prior to version 4.0.65 allows attacker to use NFC without user recognition. | ||||
| CVE-2021-25516 | 1 Google | 1 Android | 2024-11-21 | 6.4 Medium |
| An improper check or handling of exceptional conditions in Exynos baseband prior to SMR Dec-2021 Release 1 allows attackers to track locations. | ||||
| CVE-2021-25425 | 1 Samsung | 1 Health | 2024-11-21 | 5.3 Medium |
| Improper check vulnerability in Samsung Health prior to version 6.17 allows attacker to read internal cache data via exported component. | ||||
| CVE-2021-25419 | 1 Samsung | 1 Internet | 2024-11-21 | 6.5 Medium |
| Non-compliance of recommended secure coding scheme in Samsung Internet prior to version 14.0.1.62 allows attackers to display fake URL in address bar via phising URL link. | ||||
| CVE-2021-25409 | 1 Google | 1 Android | 2024-11-21 | 2.4 Low |
| Improper access in Notification setting prior to SMR JUN-2021 Release 1 allows physically proximate attackers to set arbitrary notification via physically configuring device. | ||||
| CVE-2021-25380 | 1 Samsung | 1 Bixby | 2024-11-21 | 5.8 Medium |
| Improper handling of exceptional conditions in Bixby prior to version 3.0.53.02 allows attacker to execute the actions registered by the user. | ||||
| CVE-2021-25366 | 1 Samsung | 1 Internet | 2024-11-21 | 3.2 Low |
| Improper access control in Samsung Internet prior to version 13.2.1.70 allows physically proximate attackers to bypass the secret mode's authentication. | ||||
| CVE-2021-25348 | 1 Samsung | 1 Internet | 2024-11-21 | 2.1 Low |
| Improper permission grant check in Samsung Internet prior to version 13.0.1.60 allows access to files in internal storage without authorized STORAGE permission. | ||||
| CVE-2021-25335 | 2 Google, Samsung | 2 Android, One Ui | 2024-11-21 | 2.5 Low |
| Improper lockscreen status check in cocktailbar service in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows unauthenticated users to access hidden notification contents over the lockscreen in specific condition. | ||||
| CVE-2021-23859 | 1 Bosch | 9 Access Easy Controller, Access Easy Controller Firmware, Access Professional Edition and 6 more | 2024-11-21 | 9.1 Critical |
| An unauthenticated attacker is able to send a special HTTP request, that causes a service to crash. In case of a standalone VRM or BVMS with VRM installation this crash also opens the possibility to send further unauthenticated commands to the service. On some products the interface is only local accessible lowering the CVSS base score. For a list of modified CVSS scores, please see the official Bosch Advisory Appendix chapter Modified CVSS Scores for CVE-2021-23859 | ||||
| CVE-2021-23261 | 1 Craftercms | 1 Crafter Cms | 2024-11-21 | 4.5 Medium |
| Authenticated administrators may override the system configuration file and cause a denial of service. | ||||