Total
3244 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-33973 | 2 Intel, Microsoft | 3 Wlan Authentication And Privacy Infrastructure, Windows 10, Windows 11 | 2023-12-10 | N/A | 3.3 LOW |
| Improper access control in the Intel(R) WAPI Security software for Windows 10/11 before version 22.2150.0.1 may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2022-30750 | 1 Google | 1 Android | 2023-12-10 | 2.1 LOW | 3.3 LOW |
| Improper access control vulnerability in updateLastConnectedClientInfo function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected. | |||||
| CVE-2022-38163 | 1 F-secure | 1 Safe | 2023-12-10 | N/A | 3.5 LOW |
| A Drag and Drop spoof vulnerability was discovered in F-Secure SAFE Browser for Android and iOS version 19.0 and below. Drag and drop operation by user on address bar could lead to a spoofing of the address bar. | |||||
| CVE-2022-2556 | 1 Mailchimp | 1 Mailchimp For Woocommerce | 2023-12-10 | N/A | 2.7 LOW |
| The Mailchimp for WooCommerce WordPress plugin before 2.7.2 has an AJAX action that allows high privilege users to perform a POST request on behalf of the server to the internal network/LAN, the body of the request is also appended to the response so it can be used to scan private network for example | |||||
| CVE-2022-20280 | 1 Google | 1 Android | 2023-12-10 | N/A | 3.3 LOW |
| In MMSProvider, there is a possible read of protected data due to improper input validationSQL injection. This could lead to local information disclosure of sms/mms data with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-204117261 | |||||
| CVE-2022-36866 | 2 Google, Samsung | 2 Android, Group Sharing | 2023-12-10 | N/A | 3.3 LOW |
| Improper access control vulnerability in Broadcaster in Group Sharing prior to versions 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below allows attackers to identify the device. | |||||
| CVE-2022-39884 | 1 Google | 1 Android | 2023-12-10 | N/A | 3.3 LOW |
| Improper access control vulnerability in IImsService prior to SMR Nov-2022 Release 1 allows local attacker to access to Call information. | |||||
| CVE-2020-14394 | 3 Fedoraproject, Qemu, Redhat | 5 Extra Packages For Enterprise Linux, Fedora, Qemu and 2 more | 2023-12-10 | N/A | 3.2 LOW |
| An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block (TRB) Ring. This flaw allows a privileged guest user to hang the QEMU process on the host, resulting in a denial of service. | |||||
| CVE-2022-30629 | 1 Golang | 1 Go | 2023-12-10 | N/A | 3.1 LOW |
| Non-random values for ticket_age_add in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption. | |||||
| CVE-2022-3624 | 1 Linux | 1 Linux Kernel | 2023-12-10 | N/A | 3.3 LOW |
| A vulnerability was found in Linux Kernel and classified as problematic. Affected by this issue is the function rlb_arp_xmit of the file drivers/net/bonding/bond_alb.c of the component IPsec. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211928. | |||||
| CVE-2022-31014 | 1 Nextcloud | 1 Nextcloud Server | 2023-12-10 | 3.5 LOW | 3.5 LOW |
| Nextcloud server is an open source personal cloud server. Affected versions were found to be vulnerable to SMTP command injection. The impact varies based on which commands are supported by the backend SMTP server. However, the main risk here is that the attacker can then hijack an already-authenticated SMTP session and run arbitrary SMTP commands as the email user, such as sending emails to other users, changing the FROM user, and so on. As before, this depends on the configuration of the server itself, but newlines should be sanitized to mitigate such arbitrary SMTP command injection. It is recommended that the Nextcloud Server is upgraded to 22.2.8 , 23.0.5 or 24.0.1. There are no known workarounds for this issue. | |||||
| CVE-2022-39860 | 1 Samsung | 1 Quick Share | 2023-12-10 | N/A | 3.5 LOW |
| Improper access control vulnerability in QuickShare prior to version 13.2.3.5 allows attackers to access sensitive information via implicit broadcast. | |||||
| CVE-2022-39879 | 1 Google | 1 Android | 2023-12-10 | N/A | 3.3 LOW |
| Improper authorization vulnerability in?CallBGProvider prior to SMR Nov-2022 Release 1 allows local attacker to grant permission for accessing information with phone uid. | |||||
| CVE-2022-30757 | 1 Google | 1 Android | 2023-12-10 | 2.1 LOW | 3.3 LOW |
| Improper authorization in isemtelephony prior to SMR Jul-2022 Release 1 allows attacker to obtain CID without ACCESS_FINE_LOCATION permission. | |||||
| CVE-2022-2256 | 1 Redhat | 1 Single Sign-on | 2023-12-10 | N/A | 3.8 LOW |
| A Stored Cross-site scripting (XSS) vulnerability was found in keycloak as shipped in Red Hat Single Sign-On 7. This flaw allows a privileged attacker to execute malicious scripts in the admin console, abusing the default roles functionality. | |||||
| CVE-2022-41598 | 1 Huawei | 2 Emui, Harmonyos | 2023-12-10 | N/A | 3.4 LOW |
| The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service. | |||||
| CVE-2022-33718 | 1 Google | 1 Android | 2023-12-10 | N/A | 3.3 LOW |
| An improper access control vulnerability in Wi-Fi Service prior to SMR AUG-2022 Release 1 allows untrusted applications to manipulate the list of apps that can use mobile data. | |||||
| CVE-2022-35648 | 1 Nautilus | 4 T616, T616 Firmware, T618 and 1 more | 2023-12-10 | 2.1 LOW | 2.4 LOW |
| Nautilus treadmills T616 S/N 100672PRO21140001 through 100672PRO21171980 and T618 S/N 100647PRO21130111 through 100647PRO21183960 with software before 2022-06-09 allow physically proximate attackers to cause a denial of service (fall) by connecting the power cord to a 120V circuit (which may lead to self-starting at an inopportune time). | |||||
| CVE-2022-36876 | 1 Samsung | 1 Samsung Pass | 2023-12-10 | N/A | 2.4 LOW |
| Improper authorization in UPI payment in Samsung Pass prior to version 4.0.04.10 allows physical attackers to access account list without authentication. | |||||
| CVE-2022-31120 | 1 Nextcloud | 1 Nextcloud Server | 2023-12-10 | N/A | 2.7 LOW |
| Nextcloud server is an open source personal cloud solution. The audit log is used to get a full trail of the actions which has been incompletely populated. In affected versions federated share events were not properly logged which would allow brute force attacks to go unnoticed. This behavior exacerbates the impact of CVE-2022-31118. It is recommended that the Nextcloud Server is upgraded to 22.2.7, 23.0.4 or 24.0.0. There are no workarounds available. | |||||