Total
2223 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-3337 | 1 Cloudflare | 1 Warp Mobile Client | 2023-12-10 | N/A | 8.5 HIGH |
| It was possible for a user to delete a VPN profile from WARP mobile client on iOS platform despite the Lock WARP switch https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/#lock-warp-switch feature being enabled on Zero Trust Platform. This led to bypassing policies and restrictions enforced for enrolled devices by the Zero Trust platform. | |||||
| CVE-2022-36912 | 1 Jenkins | 1 Openstack Heat | 2023-12-10 | N/A | 4.3 MEDIUM |
| A missing permission check in Jenkins Openstack Heat Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. | |||||
| CVE-2022-41250 | 1 Jenkins | 1 Scm Httpclient | 2023-12-10 | N/A | 6.5 MEDIUM |
| A missing permission check in Jenkins SCM HttpClient Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2022-20348 | 1 Google | 1 Android | 2023-12-10 | N/A | 7.8 HIGH |
| In updateState of LocationServicesWifiScanningPreferenceController.java, there is a possible admin restriction bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-228315529 | |||||
| CVE-2022-43421 | 1 Jenkins | 1 Tuleap Git Branch Source | 2023-12-10 | N/A | 5.3 MEDIUM |
| A missing permission check in Jenkins Tuleap Git Branch Source Plugin 3.2.4 and earlier allows unauthenticated attackers to trigger Tuleap projects whose configured repository matches the attacker-specified value. | |||||
| CVE-2022-40673 | 2 Fedoraproject, Kdiskmark Project | 2 Fedora, Kdiskmark | 2023-12-10 | N/A | 7.8 HIGH |
| KDiskMark before 3.1.0 lacks authorization checking for D-Bus methods such as Helper::flushPageCache. | |||||
| CVE-2022-20330 | 1 Google | 1 Android | 2023-12-10 | N/A | 3.5 LOW |
| In Bluetooth, there is a possible way to connect or disconnect bluetooth devices without user awareness due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-181962588 | |||||
| CVE-2022-39329 | 1 Nextcloud | 2 Nextcloud Enterprise Server, Nextcloud Server | 2023-12-10 | N/A | 5.3 MEDIUM |
| Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server and Nextcloud Enterprise Server prior to versions 23.0.9 and 24.0.5 are vulnerable to exposure of information that cannot be controlled by administrators without direct database access. Versions 23.0.9 and 24.0.5 contains patches for this issue. No known workarounds are available. | |||||
| CVE-2022-36891 | 1 Jenkins | 1 Deployer Framework | 2023-12-10 | N/A | 4.3 MEDIUM |
| A missing permission check in Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier allows attackers with Item/Read permission but without Deploy Now/Deploy permission to read deployment logs. | |||||
| CVE-2022-32769 | 1 Wwbn | 1 Avideo | 2023-12-10 | N/A | 5.0 MEDIUM |
| Multiple authentication bypass vulnerabilities exist in the objects id handling functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request by an authenticated user can lead to unauthorized access and takeover of resources. An attacker can send an HTTP request to trigger this vulnerability.This vulnerability exists in the Playlists plugin, allowing an attacker to bypass authentication by guessing a sequential ID, allowing them to take over the another user's playlists. | |||||
| CVE-2022-39117 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-12-10 | N/A | 5.5 MEDIUM |
| In messaging service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | |||||
| CVE-2022-20261 | 1 Google | 1 Android | 2023-12-10 | N/A | 2.3 LOW |
| In LocationManager, there is a possible way to get location information due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-219835125 | |||||
| CVE-2022-21764 | 2 Google, Mediatek | 45 Android, Mt6739, Mt6761 and 42 more | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
| In telecom service, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07044717; Issue ID: ALPS07044717. | |||||
| CVE-2022-20255 | 1 Google | 1 Android | 2023-12-10 | N/A | 4.4 MEDIUM |
| In SettingsProvider, there is a possible way to read or change the default ringtone due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-222687217 | |||||
| CVE-2022-45390 | 1 Jenkins | 1 Loader.io | 2023-12-10 | N/A | 4.3 MEDIUM |
| A missing permission check in Jenkins loader.io Plugin 1.0.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | |||||
| CVE-2022-20294 | 1 Google | 1 Android | 2023-12-10 | N/A | 5.5 MEDIUM |
| In Content, there is a possible way to learn about an account present on the device due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-202160705 | |||||
| CVE-2022-39103 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-12-10 | N/A | 5.5 MEDIUM |
| In Gallery service, there is a missing permission check. This could lead to local denial of service in Gallery service with no additional execution privileges needed. | |||||
| CVE-2022-2450 | 1 Resmush.it | 1 Resmush.it Image Optimizer | 2023-12-10 | N/A | 4.3 MEDIUM |
| The reSmush.it : the only free Image Optimizer & compress plugin WordPress plugin before 0.4.4 lacks authorization in various AJAX actions, allowing any logged-in users, such as subscribers to call them. | |||||
| CVE-2022-41233 | 1 Jenkins | 1 Rundeck | 2023-12-10 | N/A | 4.3 MEDIUM |
| Jenkins Rundeck Plugin 3.6.11 and earlier does not perform Run/Artifacts permission checks in multiple HTTP endpoints, allowing attackers with Item/Read permission to obtain information about build artifacts of a given job, if the optional Run/Artifacts permission is enabled. | |||||
| CVE-2022-24669 | 1 Forgerock | 1 Access Management | 2023-12-10 | N/A | 6.5 MEDIUM |
| It may be possible to gain some details of the deployment through a well-crafted attack. This may allow that data to be used to probe internal network services. | |||||