Total
9127 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-30740 | 1 Samsung | 1 Internet | 2024-11-21 | 2.1 LOW | 4.1 MEDIUM |
| Improper auto-fill algorithm in Samsung Internet prior to version 17.0.1.69 allows physical attackers to guess stored credit card numbers. | |||||
| CVE-2022-30737 | 1 Samsung | 1 Account | 2024-11-21 | 5.0 MEDIUM | 4.0 MEDIUM |
| Implicit Intent hijacking vulnerability in Samsung Account prior to version 13.2.00.6 allows attackers to get email ID. | |||||
| CVE-2022-30736 | 1 Samsung | 1 Account | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get the data of contact and gallery without permission. | |||||
| CVE-2022-30735 | 1 Samsung | 1 Account | 2024-11-21 | 5.0 MEDIUM | 5.9 MEDIUM |
| Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get the access_token without permission. | |||||
| CVE-2022-30734 | 1 Samsung | 1 Account | 2024-11-21 | 5.0 MEDIUM | 4.0 MEDIUM |
| Sensitive information exposure in Sign-out log in Samsung Account prior to version 13.2.00.6 allows attackers to get an user email or phone number without permission. | |||||
| CVE-2022-30733 | 1 Samsung | 1 Account | 2024-11-21 | 5.0 MEDIUM | 4.0 MEDIUM |
| Sensitive information exposure in Sign-in log in Samsung Account prior to version 13.2.00.6 allows attackers to get an user email or phone number without permission. | |||||
| CVE-2022-30732 | 1 Samsung | 1 Account | 2024-11-21 | 5.0 MEDIUM | 5.5 MEDIUM |
| Exposure of Sensitive Information vulnerability in Samsung Account prior to version 13.2.00.6 allows attacker to access sensitive information via onActivityResult. | |||||
| CVE-2022-30693 | 1 Cybozu | 1 Office | 2024-11-21 | N/A | 5.3 MEDIUM |
| Information disclosure vulnerability in the system configuration of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to obtain the data of the product via unspecified vectors. | |||||
| CVE-2022-30625 | 1 Chcnav | 2 P5e Gnss, P5e Gnss Firmware | 2024-11-21 | N/A | 5.7 MEDIUM |
| Directory listing is a web server function that displays the directory contents when there is no index file in a specific website directory. A directory listing provides an attacker with the complete index of all the resources located inside of the directory. The specific risks and consequences vary depending on which files are listed and accessible. | |||||
| CVE-2022-30607 | 2 Ibm, Microsoft | 2 Robotic Process Automation, Windows | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Robotic Process Automation 20.10.0, 20.12.5, 21.0.0, 21.0.1, and 21.0.2 contains a vulnerability that could allow a user to obtain sensitive information due to information properly masked in the control center UI. IBM X-Force ID: 227294. | |||||
| CVE-2022-30598 | 3 Fedoraproject, Moodle, Redhat | 3 Fedora, Moodle, Enterprise Linux | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A flaw was found in moodle where global search results could include author information on some activities where a user may not otherwise have access to it. | |||||
| CVE-2022-30586 | 1 Gradle | 1 Gradle | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| Gradle Enterprise through 2022.2.2 has Incorrect Access Control that leads to code execution. | |||||
| CVE-2022-30334 | 1 Brave | 1 Brave | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Brave before 1.34, when a Private Window with Tor Connectivity is used, leaks .onion URLs in Referer and Origin headers. NOTE: although this was fixed by Brave, the Brave documentation still advises "Note that Private Windows with Tor Connectivity in Brave are just regular private windows that use Tor as a proxy. Brave does NOT implement most of the privacy protections from Tor Browser." | |||||
| CVE-2022-2939 | 1 Cerber | 1 Wp Cerber Security\, Anti-spam \& Malware Scan | 2024-11-21 | N/A | 5.3 MEDIUM |
| The WP Cerber Security plugin for WordPress is vulnerable to security protection bypass in versions up to, and including 9.0, that makes user enumeration possible. This is due to improper validation on the value supplied through the 'author' parameter found in the ~/cerber-load.php file. In vulnerable versions, the plugin only blocks requests if the value supplied is numeric, making it possible for attackers to supply additional non-numeric characters to bypass the protection. The non-numeric characters are stripped and the user requested is displayed. This can be used by unauthenticated attackers to gather information about users that can targeted in further attacks. | |||||
| CVE-2022-2827 | 1 Ami | 1 Megarac Sp-x | 2024-11-21 | N/A | 7.5 HIGH |
| AMI MegaRAC User Enumeration Vulnerability | |||||
| CVE-2022-2806 | 2 Ovirt, Sos Project | 2 Log Collector, Sos | 2024-11-21 | N/A | 5.5 MEDIUM |
| It was found that the ovirt-log-collector/sosreport collects the RHV admin password unfiltered. Fixed in: sos-4.2-20.el8_6, ovirt-log-collector-4.4.7-2.el8ev | |||||
| CVE-2022-2739 | 2 Podman Project, Redhat | 3 Podman, Enterprise Linux Server, Enterprise Linux Workstation | 2024-11-21 | N/A | 5.3 MEDIUM |
| The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-14370, which was previously fixed via RHSA-2020:5056. This issue could possibly allow an attacker to gain access to sensitive information stored in environment variables. | |||||
| CVE-2022-2704 | 1 Simple E-learning System Project | 1 Simple E-learning System | 2024-11-21 | N/A | 4.3 MEDIUM |
| A vulnerability was found in SourceCodester Simple E-Learning System. It has been declared as problematic. This vulnerability affects unknown code of the file downloadFiles.php. The manipulation of the argument download leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205828. | |||||
| CVE-2022-2558 | 1 Presstigers | 1 Simple Job Board | 2024-11-21 | N/A | 5.3 MEDIUM |
| The Simple Job Board WordPress plugin before 2.10.0 is susceptible to Directory Listing which allows the public listing of uploaded resumes in certain configurations. | |||||
| CVE-2022-2462 | 1 Transposh | 1 Transposh Wordpress Translation | 2024-11-21 | N/A | 5.3 MEDIUM |
| The Transposh WordPress Translation plugin for WordPress is vulnerable to sensitive information disclosure to unauthenticated users in versions up to, and including, 1.0.8.1. This is due to insufficient permissions checking on the 'tp_history' AJAX action and insufficient restriction on the data returned in the response. This makes it possible for unauthenticated users to exfiltrate usernames of individuals who have translated text. | |||||