ReportizFlow
Filtered by vendor
Subscriptions
Total
718 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-39340 | 1 Openfga | 1 Openfga | 2024-11-21 | 5.3 Medium |
| OpenFGA is an authorization/permission engine. Prior to version 0.2.4, the `streamed-list-objects` endpoint was not validating the authorization header, resulting in disclosure of objects in the store. Users `openfga/openfga` versions 0.2.3 and prior who are exposing the OpenFGA service to the internet are vulnerable. Version 0.2.4 contains a patch for this issue. | ||||
| CVE-2022-39329 | 1 Nextcloud | 2 Nextcloud Enterprise Server, Nextcloud Server | 2024-11-21 | 3.5 Low |
| Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server and Nextcloud Enterprise Server prior to versions 23.0.9 and 24.0.5 are vulnerable to exposure of information that cannot be controlled by administrators without direct database access. Versions 23.0.9 and 24.0.5 contains patches for this issue. No known workarounds are available. | ||||
| CVE-2022-39322 | 1 Keystonejs | 1 Keystone | 2024-11-21 | 9.1 Critical |
| @keystone-6/core is a core package for Keystone 6, a content management system for Node.js. Starting with version 2.2.0 and prior to version 2.3.1, users who expected their `multiselect` fields to use the field-level access control - if configured - are vulnerable to their field-level access control not being used. List-level access control is not affected. Field-level access control for fields other than `multiselect` are not affected. Version 2.3.1 contains a fix for this issue. As a workaround, stop using the `multiselect` field. | ||||
| CVE-2022-38375 | 1 Fortinet | 2 Fortinac, Fortinac-f | 2024-11-21 | 8.6 High |
| An improper authorization vulnerability [CWE-285] in Fortinet FortiNAC version 9.4.0 through 9.4.1 and before 9.2.6 allows an unauthenticated user to perform some administrative operations over the FortiNAC instance via crafted HTTP POST requests. | ||||
| CVE-2022-36876 | 1 Samsung | 1 Samsung Pass | 2024-11-21 | 1.8 Low |
| Improper authorization in UPI payment in Samsung Pass prior to version 4.0.04.10 allows physical attackers to access account list without authentication. | ||||
| CVE-2022-36872 | 1 Samsung | 2 Samsung Pay, Samsung Pay Kr | 2024-11-21 | 5 Medium |
| Pending Intent hijacking vulnerability in SpayNotification in Samsung Pay prior to version 5.0.63 for KR and 5.1.47 for Global allows attackers to access files without permission via implicit Intent. | ||||
| CVE-2022-36871 | 1 Samsung | 2 Samsung Pay, Samsung Pay Kr | 2024-11-21 | 5 Medium |
| Pending Intent hijacking vulnerability in NotiCenterUtils in Samsung Pay prior to version 5.0.63 for KR and 5.1.47 for Global allows attackers to access files without permission via implicit Intent. | ||||
| CVE-2022-36870 | 1 Samsung | 2 Samsung Pay, Samsung Pay Kr | 2024-11-21 | 5 Medium |
| Pending Intent hijacking vulnerability in MTransferNotificationManager in Samsung Pay prior to version 5.0.63 for KR and 5.1.47 for Global allows attackers to access files without permission via implicit Intent. | ||||
| CVE-2022-36857 | 2 Google, Samsung | 2 Android, Photo Editor | 2024-11-21 | 1.9 Low |
| Improper Authorization vulnerability in Photo Editor prior to SMR Sep-2022 Release 1 allows physical attackers to read internal application data. | ||||
| CVE-2022-36852 | 1 Google | 1 Android | 2024-11-21 | 1.9 Low |
| Improper Authorization vulnerability in Video Editor prior to SMR Sep-2022 Release 1 allows local attacker to access internal application data. | ||||
| CVE-2022-36848 | 1 Google | 1 Android | 2024-11-21 | 5.1 Medium |
| Improper Authorization vulnerability in setDualDARPolicyCmd prior to SMR Sep-2022 Release 1 allows local attackers to cause local permanent denial of service. | ||||
| CVE-2022-36838 | 1 Samsung | 1 Galaxy Wearable | 2024-11-21 | 4 Medium |
| Implicit Intent hijacking vulnerability in Galaxy Wearable prior to version 2.2.50 allows attacker to get sensitive information. | ||||
| CVE-2022-36837 | 1 Samsung | 1 Samsung Email | 2024-11-21 | 6.2 Medium |
| Intent redirection vulnerability using implicit intent in Samsung email prior to version 6.1.70.20 allows attacker to get sensitive information. | ||||
| CVE-2022-36110 | 1 Gravitl | 1 Netmaker | 2024-11-21 | 8.8 High |
| Netmaker makes networks with WireGuard. Prior to version 0.15.1, Improper Authorization functions lead to non-privileged users running privileged API calls. If someone adds users to the Netmaker platform who do not have admin privileges, they can use their auth tokens to run admin-level functions via the API. This problem has been patched in v0.15.1. | ||||
| CVE-2022-36090 | 1 Xwiki | 1 Xwiki | 2024-11-21 | 8.1 High |
| XWiki Platform Old Core is a core package for XWiki Platform, a generic wiki platform. Prior to versions 13.1.0.5 and 14.3-rc-1, some resources are missing a check for inactive (not yet activated or disabled) users in XWiki, including the REST service. This means a disabled user can enable themselves using a REST call. On the same way some resources handler created by extensions are not protected by default, so an inactive user could perform actions for such extensions. This issue has existed since at least version 1.1 of XWiki for instance configured with the email activation required for new users. Now it's more critical for versions 11.3-rc-1 and later since the maintainers provided the capability to disable user without deleting them and encouraged using that feature. XWiki 14.3-rc-1 and XWiki 13.10.5 contain a patch. There is no workaround for this other than upgrading XWiki. | ||||
| CVE-2022-34446 | 1 Dell | 1 Powerpath Management Appliance | 2024-11-21 | 8.8 High |
| PowerPath Management Appliance with versions 3.3 & 3.2* contains Authorization Bypass vulnerability. An authenticated remote user with limited privileges (e.g., of role Monitoring) can exploit this issue and gain access to sensitive information, and modify the configuration. | ||||
| CVE-2022-34434 | 1 Dell | 1 Cloud Mobility For Dell Emc Storage | 2024-11-21 | 6.7 Medium |
| Cloud Mobility for Dell Storage versions 1.3.0 and earlier contains an Improper Access Control vulnerability within the Postgres database. A threat actor with root level access to either the vApp or containerized versions of Cloud Mobility may potentially exploit this vulnerability, leading to the modification or deletion of tables that are required for many of the core functionalities of Cloud Mobility. Exploitation may lead to the compromise of integrity and availability of the normal functionality of the Cloud Mobility application. | ||||
| CVE-2022-34405 | 1 Dell | 34 Alienware Area 51m R1, Alienware Area 51m R2, Alienware Aurora R10 and 31 more | 2024-11-21 | 7.3 High |
| An improper access control vulnerability was identified in the Realtek audio driver. A local authenticated malicious user may potentially exploit this vulnerability by waiting for an administrator to launch the application and attach to the process to elevate privileges on the system. | ||||
| CVE-2022-34256 | 2 Adobe, Magento | 2 Commerce, Magento | 2024-11-21 | 7.5 High |
| Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Authorization vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to access other user's data. Exploitation of this issue does not require user interaction. | ||||
| CVE-2022-33722 | 1 Google | 1 Android | 2024-11-21 | 4 Medium |
| Implicit Intent hijacking vulnerability in Smart View prior to SMR Aug-2022 Release 1 allows attacker to access connected device MAC address. | ||||