Total
4017 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-38546 | 1 Zyxel | 2 Nbg7510, Nbg7510 Firmware | 2024-11-21 | N/A | 5.3 MEDIUM |
| A DNS misconfiguration was found in Zyxel NBG7510 firmware versions prior to V1.00(ABZY.3)C0, which could allow an unauthenticated attacker to access the DNS server when the device is switched to the AP mode. | |||||
| CVE-2022-38466 | 1 Siemens | 1 Coreshield One-way Gateway | 2024-11-21 | N/A | 7.8 HIGH |
| A vulnerability has been identified in CoreShield One-Way Gateway (OWG) Software (All versions < V2.2). The default installation sets insecure file permissions that could allow a local attacker to escalate privileges to local administrator. | |||||
| CVE-2022-38377 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2024-11-21 | N/A | 4.3 MEDIUM |
| An improper access control vulnerability [CWE-284] in FortiManager 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11 and FortiAnalyzer 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.0 through 6.0.12 may allow a remote and authenticated admin user assigned to a specific ADOM to access other ADOMs information such as device information and dashboard information. | |||||
| CVE-2022-38355 | 1 Daikinlatam | 2 Svmpc1, Svmpc2 | 2024-11-21 | N/A | 7.5 HIGH |
| Daikin SVMPC1 version 2.1.22 and prior and SVMPC2 version 1.2.3 and prior are vulnerable to attackers with access to the local area network (LAN) to disclose sensitive information stored by the affected product without requiring authentication. | |||||
| CVE-2022-38184 | 1 Esri | 1 Portal For Arcgis | 2024-11-21 | N/A | 7.5 HIGH |
| There is an improper access control vulnerability in Portal for ArcGIS versions 10.8.1 and below which could allow a remote, unauthenticated attacker to access an API that may induce Esri Portal for ArcGIS to read arbitrary URLs. | |||||
| CVE-2022-37410 | 2024-11-21 | N/A | 7.0 HIGH | ||
| Improper access control for some Intel(R) Thunderbolt driver software before version 89 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-37393 | 1 Zimbra | 1 Collaboration | 2024-11-21 | N/A | 7.8 HIGH |
| Zimbra's sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root. | |||||
| CVE-2022-37343 | 1 Intel | 228 Atom C3308, Atom C3308 Firmware, Atom C3336 and 225 more | 2024-11-21 | N/A | 7.2 HIGH |
| Improper access control in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-37341 | 2024-11-21 | N/A | 7.2 HIGH | ||
| Improper access control in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-36875 | 1 Samsung | 1 Galaxy Watch Plugin | 2024-11-21 | N/A | 6.6 MEDIUM |
| Improper restriction of broadcasting Intent in SaWebViewRelayActivity of?Waterplugin prior to version 2.2.11.22081151 allows attacker to access the file without permission. | |||||
| CVE-2022-36869 | 1 Samsung | 1 Contacts Provider | 2024-11-21 | N/A | 6.6 MEDIUM |
| Improper access control vulnerability in ContactsDumpActivity of?Contacts Provider prior to version 12.7.59 allows attacker to access the file without permission. | |||||
| CVE-2022-36867 | 1 Samsung | 1 Editor Lite | 2024-11-21 | N/A | 5.9 MEDIUM |
| Improper access control vulnerability in Editor Lite prior to version 4.0.40.14 allows attackers to access sensitive information. | |||||
| CVE-2022-36866 | 2 Google, Samsung | 2 Android, Group Sharing | 2024-11-21 | N/A | 4.0 MEDIUM |
| Improper access control vulnerability in Broadcaster in Group Sharing prior to versions 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below allows attackers to identify the device. | |||||
| CVE-2022-36865 | 2 Google, Samsung | 2 Android, Group Sharing | 2024-11-21 | N/A | 4.0 MEDIUM |
| Improper access control in Group Sharing prior to versions 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below allows attackers to access device information. | |||||
| CVE-2022-36864 | 1 Samsung | 1 Samsung Email | 2024-11-21 | N/A | 4.0 MEDIUM |
| Improper access control and intent redirection in Samsung Email prior to 6.1.70.20 allows attacker to access specific formatted file and execute privileged behavior. | |||||
| CVE-2022-36856 | 1 Google | 1 Android | 2024-11-21 | N/A | 4.0 MEDIUM |
| Improper access control vulnerability in Telecom application prior to SMR Sep-2022 Release 1 allows attacker to start emergency calls via undefined permission. | |||||
| CVE-2022-36851 | 1 Samsung | 1 Samsung Pass | 2024-11-21 | N/A | 3.9 LOW |
| Improper access control vulnerability in Samsung pass prior to version 4.0.03.1 allow physical attackers to access data of Samsung pass on a certain state of an unlocked device. | |||||
| CVE-2022-36832 | 1 Samsung | 1 Cameralyzer | 2024-11-21 | N/A | 4.0 MEDIUM |
| Improper access control vulnerability in WebApp in Cameralyzer prior to versions 3.2.22, 3.3.22, 3.4.22 and 3.5.51 allows attackers to access external storage as Cameralyzer privilege. | |||||
| CVE-2022-36396 | 3 Intel, Linux, Microsoft | 3 Aptio V Uefi Firmware Integrator Tools, Linux Kernel, Windows | 2024-11-21 | N/A | 8.2 HIGH |
| Improper access control in some Intel(R) Aptio* V UEFI Firmware Integrator Tools before version iDmiEdit-Linux-5.27.06.0017 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-36385 | 1 Contechealth | 2 Cms8000, Cms8000 Firmware | 2024-11-21 | N/A | 6.8 MEDIUM |
| A threat actor with momentary access to the device can plug in a USB drive and perform a malicious firmware update, resulting in permanent changes to device functionality. No authentication or controls are in place to prevent a threat actor from maliciously modifying firmware and performing a drive-by attack to load the firmware on any CMS8000 device. | |||||