Total
2209 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-39861 | 1 Samsung | 1 Factorycamera | 2023-12-10 | N/A | 3.3 LOW |
Unprotected Receiver in AtBroadcastReceiver in FactoryCamera prior to version 3.5.51 allows attackers to record video without camera privilege. | |||||
CVE-2022-35249 | 1 Rocket.chat | 1 Rocket.chat | 2023-12-10 | N/A | 4.3 MEDIUM |
A information disclosure vulnerability exists in Rocket.Chat <v5 where the getUserMentionsByChannel meteor server method discloses messages from private channels and direct messages regardless of the users access permission to the room. | |||||
CVE-2022-39115 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-12-10 | N/A | 5.5 MEDIUM |
In Music service, there is a missing permission check. This could lead to local denial of service in Music service with no additional execution privileges needed. | |||||
CVE-2022-20340 | 1 Google | 1 Android | 2023-12-10 | N/A | 3.3 LOW |
In SELinux policy, there is a possible way of inferring which websites are being opened in the browser due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-166269532 | |||||
CVE-2022-3538 | 1 Webmaster Tools Verification Project | 1 Webmaster Tools Verification | 2023-12-10 | N/A | 6.5 MEDIUM |
The Webmaster Tools Verification WordPress plugin through 1.2 does not have authorisation and CSRF checks when disabling plugins, allowing unauthenticated users to disable arbitrary plugins | |||||
CVE-2022-31597 | 1 Sap | 2 S\/4hana, Sapscore | 2023-12-10 | 5.5 MEDIUM | 5.4 MEDIUM |
Within SAP S/4HANA - versions S4CORE 101, 102, 103, 104, 105, 106, SAPSCORE 127, the application business partner extension for Spain/Slovakia does not perform necessary authorization checks for a low privileged authenticated user over the network, resulting in escalation of privileges leading to low impact on confidentiality and integrity of the data. | |||||
CVE-2022-3337 | 1 Cloudflare | 1 Warp Mobile Client | 2023-12-10 | N/A | 8.5 HIGH |
It was possible for a user to delete a VPN profile from WARP mobile client on iOS platform despite the Lock WARP switch https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/#lock-warp-switch feature being enabled on Zero Trust Platform. This led to bypassing policies and restrictions enforced for enrolled devices by the Zero Trust platform. | |||||
CVE-2022-36912 | 1 Jenkins | 1 Openstack Heat | 2023-12-10 | N/A | 4.3 MEDIUM |
A missing permission check in Jenkins Openstack Heat Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. | |||||
CVE-2022-41250 | 1 Jenkins | 1 Scm Httpclient | 2023-12-10 | N/A | 6.5 MEDIUM |
A missing permission check in Jenkins SCM HttpClient Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
CVE-2022-20348 | 1 Google | 1 Android | 2023-12-10 | N/A | 7.8 HIGH |
In updateState of LocationServicesWifiScanningPreferenceController.java, there is a possible admin restriction bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-228315529 | |||||
CVE-2022-43421 | 1 Jenkins | 1 Tuleap Git Branch Source | 2023-12-10 | N/A | 5.3 MEDIUM |
A missing permission check in Jenkins Tuleap Git Branch Source Plugin 3.2.4 and earlier allows unauthenticated attackers to trigger Tuleap projects whose configured repository matches the attacker-specified value. | |||||
CVE-2022-40673 | 2 Fedoraproject, Kdiskmark Project | 2 Fedora, Kdiskmark | 2023-12-10 | N/A | 7.8 HIGH |
KDiskMark before 3.1.0 lacks authorization checking for D-Bus methods such as Helper::flushPageCache. | |||||
CVE-2022-20330 | 1 Google | 1 Android | 2023-12-10 | N/A | 3.5 LOW |
In Bluetooth, there is a possible way to connect or disconnect bluetooth devices without user awareness due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-181962588 | |||||
CVE-2022-39329 | 1 Nextcloud | 2 Nextcloud Enterprise Server, Nextcloud Server | 2023-12-10 | N/A | 5.3 MEDIUM |
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server and Nextcloud Enterprise Server prior to versions 23.0.9 and 24.0.5 are vulnerable to exposure of information that cannot be controlled by administrators without direct database access. Versions 23.0.9 and 24.0.5 contains patches for this issue. No known workarounds are available. | |||||
CVE-2022-36891 | 1 Jenkins | 1 Deployer Framework | 2023-12-10 | N/A | 4.3 MEDIUM |
A missing permission check in Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier allows attackers with Item/Read permission but without Deploy Now/Deploy permission to read deployment logs. | |||||
CVE-2022-32769 | 1 Wwbn | 1 Avideo | 2023-12-10 | N/A | 5.0 MEDIUM |
Multiple authentication bypass vulnerabilities exist in the objects id handling functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request by an authenticated user can lead to unauthorized access and takeover of resources. An attacker can send an HTTP request to trigger this vulnerability.This vulnerability exists in the Playlists plugin, allowing an attacker to bypass authentication by guessing a sequential ID, allowing them to take over the another user's playlists. | |||||
CVE-2022-39117 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-12-10 | N/A | 5.5 MEDIUM |
In messaging service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | |||||
CVE-2022-20261 | 1 Google | 1 Android | 2023-12-10 | N/A | 2.3 LOW |
In LocationManager, there is a possible way to get location information due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-219835125 | |||||
CVE-2022-21764 | 2 Google, Mediatek | 45 Android, Mt6739, Mt6761 and 42 more | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
In telecom service, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07044717; Issue ID: ALPS07044717. | |||||
CVE-2022-20255 | 1 Google | 1 Android | 2023-12-10 | N/A | 4.4 MEDIUM |
In SettingsProvider, there is a possible way to read or change the default ringtone due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-222687217 |