Total
28982 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-40811 | 1 Democritus Urls Project | 1 Democritus Urls | 2024-02-28 | N/A | 9.8 CRITICAL |
The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0. | |||||
CVE-2022-36875 | 1 Samsung | 1 Galaxy Watch Plugin | 2024-02-28 | N/A | 5.5 MEDIUM |
Improper restriction of broadcasting Intent in SaWebViewRelayActivity of?Waterplugin prior to version 2.2.11.22081151 allows attacker to access the file without permission. | |||||
CVE-2022-37953 | 1 Ge | 1 Workstationst | 2024-02-28 | N/A | 6.1 MEDIUM |
An HTTP response splitting vulnerability exists in the AM Gateway Challenge-Response dialog of WorkstationST (<v07.09.15) and could allow an attacker to compromise a victim's browser/session. WorkstationST is only deployed in specific, controlled environments rendering attack complexity significantly higher than if the attack were conducted on the software in isolation. WorkstationST v07.09.15 can be found in ControlST v07.09.07 SP8 and greater. | |||||
CVE-2022-36088 | 2 Microsoft, Thoughtworks | 2 Windows, Gocd | 2024-02-28 | N/A | 5.5 MEDIUM |
GoCD is a continuous delivery server. Windows installations via either the server or agent installers for GoCD prior to 22.2.0 do not adequately restrict permissions when installing outside of the default location. This could allow a malicious user with local access to the server GoCD Server or Agent are installed on to modify executables or components of the installation. This does not affect zip file-based installs, installations to other platforms, or installations inside `Program Files` or `Program Files (x86)`. This issue is fixed in GoCD 22.2.0 installers. As a workaround, if the server or agent is installed outside of `Program Files (x86)`, verify the the permission of the Server or Agent installation directory to ensure the `Everyone` user group does not have `Full Control`, `Modify` or `Write` permissions. | |||||
CVE-2021-40013 | 1 Huawei | 2 Emui, Magic Ui | 2024-02-28 | 3.3 LOW | 6.5 MEDIUM |
Improper permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability will affect integrity. | |||||
CVE-2022-23144 | 1 Zte | 30 Zxa10 B700v7, Zxa10 B700v7 Firmware, Zxa10 B710c-a12 and 27 more | 2024-02-28 | N/A | 9.1 CRITICAL |
There is a broken access control vulnerability in ZTE ZXvSTB product. Due to improper permission control, attackers could use this vulnerability to delete the default application type, which affects normal use of system. | |||||
CVE-2022-37959 | 1 Microsoft | 4 Windows Server 2012, Windows Server 2016, Windows Server 2019 and 1 more | 2024-02-28 | N/A | 6.5 MEDIUM |
Network Device Enrollment Service (NDES) Security Feature Bypass Vulnerability | |||||
CVE-2022-41715 | 1 Golang | 1 Go | 2024-02-28 | N/A | 7.5 HIGH |
Programs which compile regular expressions from untrusted sources may be vulnerable to memory exhaustion or denial of service. The parsed regexp representation is linear in the size of the input, but in some cases the constant factor can be as high as 40,000, making relatively small regexps consume much larger amounts of memory. After fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Normal use of regular expressions is unaffected. | |||||
CVE-2022-39850 | 1 Google | 1 Android | 2024-02-28 | N/A | 3.3 LOW |
Improper access control in mum_container_policy service prior to SMR Oct-2022 Release 1 allows allows unauthorized read of configuration data. | |||||
CVE-2022-3044 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-02-28 | N/A | 6.5 MEDIUM |
Inappropriate implementation in Site Isolation in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. | |||||
CVE-2022-26051 | 1 Cybozu | 1 Garoon | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
Operation restriction bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Portal. | |||||
CVE-2022-36851 | 1 Samsung | 1 Samsung Pass | 2024-02-28 | N/A | 4.6 MEDIUM |
Improper access control vulnerability in Samsung pass prior to version 4.0.03.1 allow physical attackers to access data of Samsung pass on a certain state of an unlocked device. | |||||
CVE-2022-26461 | 2 Google, Mediatek | 15 Android, Mt6833, Mt6853 and 12 more | 2024-02-28 | N/A | 6.7 MEDIUM |
In vow, there is a possible undefined behavior due to an API misuse. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07032604; Issue ID: ALPS07032604. | |||||
CVE-2022-38705 | 1 Ibm | 1 Cics Tx | 2024-02-28 | N/A | 6.1 MEDIUM |
IBM CICS TX 11.1 Standard and Advanced could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a victim to a phishing site. IBM X-Force ID: 234172. | |||||
CVE-2022-40089 | 1 Simple College Website Project | 1 Simple College Website | 2024-02-28 | N/A | 9.8 CRITICAL |
A remote file inclusion (RFI) vulnerability in Simple College Website v1.0 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is exploitable when the directive allow_url_include is set to On. | |||||
CVE-2022-30752 | 1 Google | 1 Android | 2024-02-28 | 2.1 LOW | 3.3 LOW |
Improper access control vulnerability in sendDHCPACKBroadcast function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected by using WIFI_AP_STA_STATE_CHANGED action. | |||||
CVE-2022-36542 | 1 Edoc-doctor-appointment-system Project | 1 Edoc-doctor-appointment-system | 2024-02-28 | N/A | 6.5 MEDIUM |
An access control issue in the component /ip/admin/ of Edoc-doctor-appointment-system v1.0.1 allows attackers to arbitrarily edit, read, and delete Administrator data. | |||||
CVE-2022-30757 | 1 Google | 1 Android | 2024-02-28 | 2.1 LOW | 3.3 LOW |
Improper authorization in isemtelephony prior to SMR Jul-2022 Release 1 allows attacker to obtain CID without ACCESS_FINE_LOCATION permission. | |||||
CVE-2022-27660 | 1 Tcl | 1 Linkhub Mesh Wifi Ac1200 | 2024-02-28 | N/A | 7.5 HIGH |
A denial of service vulnerability exists in the confctl_set_guest_wlan functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to denial of service. An attacker can send packets to trigger this vulnerability. | |||||
CVE-2022-42042 | 1 Democritus | 1 D8s-networking | 2024-02-28 | N/A | 9.8 CRITICAL |
The d8s-networking package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hashes package. The affected version is 0.1.0. |