Total
29058 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-39867 | 1 Samsung | 1 Smartthings | 2024-11-21 | N/A | 4.0 MEDIUM |
| Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via SHOW_PERSISTENT_BANNER broadcast. | |||||
| CVE-2022-39866 | 1 Samsung | 1 Smartthings | 2024-11-21 | N/A | 4.0 MEDIUM |
| Improper access control vulnerability in RegisteredEventMediator.kt SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast. | |||||
| CVE-2022-39865 | 1 Samsung | 1 Smartthings | 2024-11-21 | N/A | 4.0 MEDIUM |
| Improper access control vulnerability in ContentsSharingActivity.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast. | |||||
| CVE-2022-39864 | 1 Samsung | 1 Smartthings | 2024-11-21 | N/A | 3.3 LOW |
| Improper access control vulnerability in WifiSetupLaunchHelper in SmartThings prior to version 1.7.89.25 allows attackers to access sensitive information via implicit intent. | |||||
| CVE-2022-39862 | 2 Google, Samsung | 2 Android, Dynamic Lockscreen | 2024-11-21 | N/A | 5.3 MEDIUM |
| Improper authorization in Dynamic Lockscreen prior to SMR Sep-2022 Release 1 in Android R(11) and 3.3.03.66 in Android S(12) allows unauthorized use of javascript interface api. | |||||
| CVE-2022-39860 | 1 Samsung | 1 Quick Share | 2024-11-21 | N/A | 4.4 MEDIUM |
| Improper access control vulnerability in QuickShare prior to version 13.2.3.5 allows attackers to access sensitive information via implicit broadcast. | |||||
| CVE-2022-39857 | 1 Samsung | 1 Factorycamerafb | 2024-11-21 | N/A | 7.3 HIGH |
| Improper access control vulnerability in CameraTestActivity in FactoryCameraFB prior to version 3.5.51 allows attackers to access broadcasting Intent as system uid privilege. | |||||
| CVE-2022-39856 | 1 Google | 1 Android | 2024-11-21 | N/A | 4.0 MEDIUM |
| Improper access control vulnerability in imsservice application prior to SMR Oct-2022 Release 1 allows local attackers to access call information. | |||||
| CVE-2022-39855 | 1 Google | 1 Android | 2024-11-21 | N/A | 5.1 MEDIUM |
| Improper access control vulnerability in FACM application prior to SMR Oct-2022 Release 1 allows a local attacker to connect arbitrary AP and Bluetooth devices. | |||||
| CVE-2022-39854 | 2 Google, Samsung | 2 Android, Exynos | 2024-11-21 | N/A | 6.4 MEDIUM |
| Improper protection in IOMMU prior to SMR Oct-2022 Release 1 allows unauthorized access to secure memory. | |||||
| CVE-2022-39851 | 1 Google | 1 Android | 2024-11-21 | N/A | 4.0 MEDIUM |
| Improper access control vulnerability in CocktailBarService prior to SMR Oct-2022 Release 1 allows local attacker to bind service that require BIND_REMOTEVIEWS permission. | |||||
| CVE-2022-39850 | 1 Google | 1 Android | 2024-11-21 | N/A | 3.3 LOW |
| Improper access control in mum_container_policy service prior to SMR Oct-2022 Release 1 allows allows unauthorized read of configuration data. | |||||
| CVE-2022-39849 | 1 Google | 1 Android | 2024-11-21 | N/A | 3.3 LOW |
| Improper access control in knox_vpn_policy service prior to SMR Oct-2022 Release 1 allows allows unauthorized read of configuration data. | |||||
| CVE-2022-39397 | 1 Aliyun-oss-client Project | 1 Aliyun-oss-client | 2024-11-21 | N/A | 5.6 MEDIUM |
| aliyun-oss-client is a rust client for Alibaba Cloud OSS. Users of this library will be affected, the incoming secret will be disclosed unintentionally. This issue has been patched in version 0.8.1. | |||||
| CVE-2022-39370 | 1 Glpi-project | 1 Glpi | 2024-11-21 | N/A | 4.3 MEDIUM |
| GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Connected users may gain access to debug panel through the GLPI update script. This issue has been patched, please upgrade to 10.0.4. As a workaround, delete the `install/update.php` script. | |||||
| CVE-2022-39362 | 1 Metabase | 1 Metabase | 2024-11-21 | N/A | 8.8 HIGH |
| Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, unsaved SQL queries are auto-executed, which could pose a possible attack vector. This issue is patched in versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9. Metabase no longer automatically executes ad-hoc native queries. Now the native editor shows the query and gives the user the option to manually run the query if they want. | |||||
| CVE-2022-39356 | 1 Discourse | 1 Discourse | 2024-11-21 | N/A | 8.9 HIGH |
| Discourse is a platform for community discussion. Users who receive an invitation link that is not scoped to a single email address can enter any non-admin user's email and gain access to their account when accepting the invitation. All users should upgrade to the latest version. A workaround is temporarily disabling invitations with `SiteSetting.max_invites_per_day = 0` or scope them to individual email addresses. | |||||
| CVE-2022-39342 | 1 Openfga | 1 Openfga | 2024-11-21 | N/A | 5.9 MEDIUM |
| OpenFGA is an authorization/permission engine. Versions prior to version 0.2.4 are vulnerable to authorization bypass under certain conditions. Users whose model has a relation defined as a tupleset (the right hand side of a ‘from’ statement) that involves anything other than a direct relationship (e.g. ‘as self’) are vulnerable. Version 0.2.4 contains a patch for this issue. | |||||
| CVE-2022-39341 | 1 Openfga | 1 Openfga | 2024-11-21 | N/A | 5.9 MEDIUM |
| OpenFGA is an authorization/permission engine. Versions prior to version 0.2.4 are vulnerable to authorization bypass under certain conditions. Users who have wildcard (`*`) defined on tupleset relations in their authorization model are vulnerable. Version 0.2.4 contains a patch for this issue. | |||||
| CVE-2022-39310 | 1 Thoughtworks | 1 Gocd | 2024-11-21 | N/A | 4.9 MEDIUM |
| GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions prior to 21.1.0 can allow one authenticated agent to impersonate another agent, and thus receive work packages for other agents due to broken access control and incorrect validation of agent tokens within the GoCD server. Since work packages can contain sensitive information such as credentials intended only for a given job running against a specific agent environment, this can cause accidental information disclosure. Exploitation requires knowledge of agent identifiers and ability to authenticate as an existing agent with the GoCD server. This issue is fixed in GoCD version 21.1.0. There are currently no known workarounds. | |||||