Total
29059 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-29054 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-11-21 | N/A | 3.3 LOW |
| A missing cryptographic steps vulnerability [CWE-325] in the functions that encrypt the DHCP and DNS keys in Fortinet FortiOS version 7.2.0, 7.0.0 through 7.0.5, 6.4.0 through 6.4.9, 6.2.x and 6.0.x may allow an attacker in possession of the encrypted key to decipher it. | |||||
| CVE-2022-29053 | 1 Fortinet | 1 Fortios | 2024-11-21 | N/A | 2.3 LOW |
| A missing cryptographic steps vulnerability [CWE-325] in the functions that encrypt the keytab files in FortiOS version 7.2.0, 7.0.0 through 7.0.5 and below 7.0.0 may allow an attacker in possession of the encrypted file to decipher it. | |||||
| CVE-2022-28946 | 1 Openpolicyagent | 1 Open Policy Agent | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue in the component ast/parser.go of Open Policy Agent v0.39.0 causes the application to incorrectly interpret every expression, causing a Denial of Service (DoS) via triggering out-of-range memory access. | |||||
| CVE-2022-28860 | 2 Axis, Citilog | 2 M1125, Citilog | 2024-11-21 | N/A | 5.9 MEDIUM |
| An authentication downgrade in the server in Citilog 8.0 allows an attacker (in a man in the middle position between the server and its smart camera Axis M1125) to achieve HTTP access to the camera. | |||||
| CVE-2022-28782 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
| Improper access control vulnerability in Contents To Window prior to SMR May-2022 Release 1 allows physical attacker to install package before completion of Setup wizard. The patch blocks entry point of the vulnerability. | |||||
| CVE-2022-28780 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.0 MEDIUM |
| Improper access control vulnerability in Weather prior to SMR May-2022 Release 1 allows that attackers can access location information that set in Weather without permission. The patch adds proper protection to prevent access to location information. | |||||
| CVE-2022-28778 | 1 Samsung | 1 Samsung Security Supporter | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
| Improper access control vulnerability in Samsung Security Supporter prior to version 1.2.40.0 allows attacker to set the arbitrary folder as Secret Folder without Samsung Security Supporter permission | |||||
| CVE-2022-28777 | 1 Samsung | 1 Members | 2024-11-21 | 2.1 LOW | 4.3 MEDIUM |
| Improper access control vulnerability in Samsung Members prior to version 13.6.08.5 allows local attacker to execute call function without CALL_PHONE permission. | |||||
| CVE-2022-28776 | 1 Samsung | 1 Galaxy Store | 2024-11-21 | 4.6 MEDIUM | 5.9 MEDIUM |
| Improper access control vulnerability in Galaxy Store prior to version 4.5.36.4 allows attacker to install applications from Galaxy Store without user interactions. | |||||
| CVE-2022-28775 | 1 Samsung | 1 Samsung Flow | 2024-11-21 | 2.1 LOW | 5.1 MEDIUM |
| Improper access control vulnerability in Samsung Flow prior to version 4.8.06.5 allows attacker to write the file without Samsung Flow permission. | |||||
| CVE-2022-28761 | 1 Zoom | 1 Zoom On-premise Meeting Connector Mmr | 2024-11-21 | N/A | 6.5 MEDIUM |
| Zoom On-Premise Meeting Connector MMR before version 4.8.20220916.131 contains an improper access control vulnerability. As a result, a malicious actor in a meeting or webinar they are authorized to join could prevent participants from receiving audio and video causing meeting disruptions. | |||||
| CVE-2022-28760 | 1 Zoom | 1 Zoom On-premise Meeting Connector Mmr | 2024-11-21 | N/A | 6.5 MEDIUM |
| Zoom On-Premise Meeting Connector MMR before version 4.8.20220815.130 contains an improper access control vulnerability. As a result, a malicious actor could obtain the audio and video feed of a meeting they were not authorized to join and cause other meeting disruptions. | |||||
| CVE-2022-28759 | 1 Zoom | 1 Zoom On-premise Meeting Connector Mmr | 2024-11-21 | N/A | 8.2 HIGH |
| Zoom On-Premise Meeting Connector MMR before version 4.8.20220815.130 contains an improper access control vulnerability. As a result, a malicious actor could obtain the audio and video feed of a meeting they were not authorized to join and cause other meeting disruptions. | |||||
| CVE-2022-28758 | 1 Zoom | 1 Zoom On-premise Meeting Connector Mmr | 2024-11-21 | N/A | 8.2 HIGH |
| Zoom On-Premise Meeting Connector MMR before version 4.8.20220815.130 contains an improper access control vulnerability. As a result, a malicious actor could obtain the audio and video feed of a meeting they were not authorized to join and cause other meeting disruptions. | |||||
| CVE-2022-28754 | 1 Zoom | 1 Meeting Connector | 2024-11-21 | N/A | 7.1 HIGH |
| Zoom On-Premise Meeting Connector MMR before version 4.8.129.20220714 contains an improper access control vulnerability. As a result, a malicious actor can join a meeting which they are authorized to join without appearing to the other participants, can admit themselves into the meeting from the waiting room, and can become host and cause other meeting disruptions. | |||||
| CVE-2022-28753 | 1 Zoom | 1 Meeting Connector | 2024-11-21 | N/A | 7.1 HIGH |
| Zoom On-Premise Meeting Connector MMR before version 4.8.129.20220714 contains an improper access control vulnerability. As a result, a malicious actor can join a meeting which they are authorized to join without appearing to the other participants, can admit themselves into the meeting from the waiting room, and can become host and cause other meeting disruptions. | |||||
| CVE-2022-28749 | 1 Zoom | 1 On-premise Meeting Connector Multimedia Router | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Zooms On-Premise Meeting Connector MMR before version 4.8.113.20220526 fails to properly check the permissions of a Zoom meeting attendee. As a result, a threat actor in the Zooms waiting room can join the meeting without the consent of the host. | |||||
| CVE-2022-28742 | 1 Aenrich | 1 A\+hrd | 2024-11-21 | N/A | 7.5 HIGH |
| aEnrich eHRD Learning Management Key Performance Indicator System 5+ has Improper Access Control. The web application does not validate user session when accessing many application pages. This can allow an attacker to gain unauthenticated access to sensitive functionalities in the application | |||||
| CVE-2022-28718 | 1 Cybozu | 1 Garoon | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Operation restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.5.1 allow a remote authenticated attacker to alter the data of Bulletin. | |||||
| CVE-2022-28709 | 1 Intel | 2 Ethernet Controller E810, Ethernet Controller E810 Firmware | 2024-11-21 | N/A | 4.4 MEDIUM |
| Improper access control in the firmware for some Intel(R) E810 Ethernet Controllers before version 1.6.1.9 may allow a privileged user to potentially enable denial of service via local access. | |||||