ReportizFlow
Filtered by vendor
Subscriptions
Total
4191 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-32256 | 1 Siemens | 1 Sinema Remote Connect Server | 2024-11-21 | 4.3 Medium |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to low privileged users accessing privileged information. | ||||
| CVE-2022-32255 | 1 Siemens | 1 Sinema Remote Connect Server | 2024-11-21 | 5.3 Medium |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to unauthorized access to limited information. | ||||
| CVE-2022-32158 | 1 Splunk | 1 Splunk | 2024-11-21 | 9 Critical |
| Splunk Enterprise deployment servers in versions before 8.1.10.1, 8.2.6.1, and 9.0 let clients deploy forwarder bundles to other deployment clients through the deployment server. An attacker that compromised a Universal Forwarder endpoint could use the vulnerability to execute arbitrary code on all other Universal Forwarder endpoints subscribed to the deployment server. | ||||
| CVE-2022-31257 | 1 Mendix | 1 Mendix | 2024-11-21 | 7.5 High |
| A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.31), Mendix Applications using Mendix 8 (All versions < V8.18.18), Mendix Applications using Mendix 9 (All versions < V9.14.0), Mendix Applications using Mendix 9 (V9.12) (All versions < V9.12.2), Mendix Applications using Mendix 9 (V9.6) (All versions < V9.6.12). In case of access to an active user session in an application that is built with an affected version, it’s possible to change that user’s password bypassing password validations within a Mendix application. This could allow to set weak passwords. | ||||
| CVE-2022-30752 | 1 Google | 1 Android | 2024-11-21 | 3.3 Low |
| Improper access control vulnerability in sendDHCPACKBroadcast function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected by using WIFI_AP_STA_STATE_CHANGED action. | ||||
| CVE-2022-30751 | 1 Google | 1 Android | 2024-11-21 | 3.3 Low |
| Improper access control vulnerability in sendDHCPACKBroadcast function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected by using WIFI_AP_STA_DHCPACK_EVENT action. | ||||
| CVE-2022-30750 | 1 Google | 1 Android | 2024-11-21 | 3.3 Low |
| Improper access control vulnerability in updateLastConnectedClientInfo function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected. | ||||
| CVE-2022-30745 | 1 Samsung | 1 Quick Share | 2024-11-21 | 4 Medium |
| Improper access control vulnerability in Quick Share prior to version 13.1.2.4 allows attacker to access internal files in Quick Share. | ||||
| CVE-2022-30715 | 1 Google | 1 Android | 2024-11-21 | 4 Medium |
| Improper access control vulnerability in DofViewer prior to SMR Jun-2022 Release 1 allows attackers to control floating system alert window. | ||||
| CVE-2022-2631 | 1 Tooljet | 1 Tooljet | 2024-11-21 | 8.8 High |
| Improper Access Control in GitHub repository tooljet/tooljet prior to v1.19.0. | ||||
| CVE-2022-2225 | 1 Cloudflare | 1 Warp | 2024-11-21 | 8.1 High |
| By using warp-cli subcommands (disable-ethernet, disable-wifi), it was possible for a user without admin privileges to bypass configured Zero Trust security policies (e.g. Secure Web Gateway policies) and features such as 'Lock WARP switch'. | ||||
| CVE-2022-28780 | 1 Google | 1 Android | 2024-11-21 | 5 Medium |
| Improper access control vulnerability in Weather prior to SMR May-2022 Release 1 allows that attackers can access location information that set in Weather without permission. The patch adds proper protection to prevent access to location information. | ||||
| CVE-2022-28778 | 1 Samsung | 1 Samsung Security Supporter | 2024-11-21 | 4.4 Medium |
| Improper access control vulnerability in Samsung Security Supporter prior to version 1.2.40.0 allows attacker to set the arbitrary folder as Secret Folder without Samsung Security Supporter permission | ||||
| CVE-2022-28777 | 1 Samsung | 1 Members | 2024-11-21 | 4.3 Medium |
| Improper access control vulnerability in Samsung Members prior to version 13.6.08.5 allows local attacker to execute call function without CALL_PHONE permission. | ||||
| CVE-2022-28775 | 1 Samsung | 1 Samsung Flow | 2024-11-21 | 5.1 Medium |
| Improper access control vulnerability in Samsung Flow prior to version 4.8.06.5 allows attacker to write the file without Samsung Flow permission. | ||||
| CVE-2022-28758 | 1 Zoom | 1 Zoom On-premise Meeting Connector Mmr | 2024-11-21 | 8.2 High |
| Zoom On-Premise Meeting Connector MMR before version 4.8.20220815.130 contains an improper access control vulnerability. As a result, a malicious actor could obtain the audio and video feed of a meeting they were not authorized to join and cause other meeting disruptions. | ||||
| CVE-2022-28754 | 1 Zoom | 1 Meeting Connector | 2024-11-21 | 7.1 High |
| Zoom On-Premise Meeting Connector MMR before version 4.8.129.20220714 contains an improper access control vulnerability. As a result, a malicious actor can join a meeting which they are authorized to join without appearing to the other participants, can admit themselves into the meeting from the waiting room, and can become host and cause other meeting disruptions. | ||||
| CVE-2022-28753 | 1 Zoom | 1 Meeting Connector | 2024-11-21 | 7.1 High |
| Zoom On-Premise Meeting Connector MMR before version 4.8.129.20220714 contains an improper access control vulnerability. As a result, a malicious actor can join a meeting which they are authorized to join without appearing to the other participants, can admit themselves into the meeting from the waiting room, and can become host and cause other meeting disruptions. | ||||
| CVE-2022-28542 | 1 Samsung | 1 Galaxy Store | 2024-11-21 | 6.8 Medium |
| Improper sanitization of incoming intent in Galaxy Store prior to version 4.5.40.5 allows local attackers to access privileged content providers as Galaxy Store permission. | ||||
| CVE-2022-28184 | 1 Nvidia | 2 Gpu Display Driver, Virtual Gpu | 2024-11-21 | 7.1 High |
| NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where an unprivileged regular user can access administrator- privileged registers, which may lead to denial of service, information disclosure, and data tampering. | ||||