Total
542 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-28776 | 1 Samsung | 1 Galaxy Store | 2023-06-28 | 7.8 High |
| Improper access control vulnerability in Galaxy Store prior to version 4.5.36.4 allows attacker to install applications from Galaxy Store without user interactions. | ||||
| CVE-2022-2661 | 1 Sequi | 2 Portbloque S, Portbloque S Firmware | 2023-06-28 | 8.8 High |
| Sequi PortBloque S has an improper authorization vulnerability, which may allow a low-privileged user to perform administrative functions using specifically crafted requests. | ||||
| CVE-2022-26857 | 1 Dell | 1 Openmanage Enterprise | 2023-06-28 | 8.8 High |
| Dell OpenManage Enterprise Versions 3.8.3 and prior contain an improper authorization vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to bypass blocked functionalities and perform unauthorized actions. | ||||
| CVE-2022-2675 | 1 Unitree | 2 Go 1, Go 1 Firmware | 2023-06-28 | 6.5 Medium |
| Using off-the-shelf commodity hardware, the Unitree Go 1 robotics platform version H0.1.7 and H0.1.9 (using firmware version 0.1.35) can be powered down by an attacker within normal RF range without authentication. Other versions may be affected, such as the A1. | ||||
| CVE-2022-36110 | 1 Gravitl | 1 Netmaker | 2023-06-27 | 8.8 High |
| Netmaker makes networks with WireGuard. Prior to version 0.15.1, Improper Authorization functions lead to non-privileged users running privileged API calls. If someone adds users to the Netmaker platform who do not have admin privileges, they can use their auth tokens to run admin-level functions via the API. This problem has been patched in v0.15.1. | ||||
| CVE-2022-22272 | 1 Google | 1 Android | 2023-06-27 | 3.3 Low |
| Improper authorization in TelephonyManager prior to SMR Jan-2022 Release 1 allows attackers to get IMSI without READ_PRIVILEGED_PHONE_STATE permission | ||||
| CVE-2022-22288 | 1 Samsung | 1 Galaxy Store | 2023-06-27 | 7.5 High |
| Improper authorization vulnerability in Galaxy Store prior to 4.5.36.5 allows remote app installation of the allowlist. | ||||
| CVE-2022-36876 | 1 Samsung | 1 Samsung Pass | 2023-06-27 | 2.4 Low |
| Improper authorization in UPI payment in Samsung Pass prior to version 4.0.04.10 allows physical attackers to access account list without authentication. | ||||
| CVE-2022-36857 | 2 Google, Samsung | 2 Android, Photo Editor | 2023-06-27 | 2.4 Low |
| Improper Authorization vulnerability in Photo Editor prior to SMR Sep-2022 Release 1 allows physical attackers to read internal application data. | ||||
| CVE-2022-36852 | 1 Google | 1 Android | 2023-06-27 | 3.3 Low |
| Improper Authorization vulnerability in Video Editor prior to SMR Sep-2022 Release 1 allows local attacker to access internal application data. | ||||
| CVE-2022-36848 | 1 Google | 1 Android | 2023-06-27 | 5.5 Medium |
| Improper Authorization vulnerability in setDualDARPolicyCmd prior to SMR Sep-2022 Release 1 allows local attackers to cause local permanent denial of service. | ||||
| CVE-2022-39356 | 1 Discourse | 1 Discourse | 2023-06-27 | 8.8 High |
| Discourse is a platform for community discussion. Users who receive an invitation link that is not scoped to a single email address can enter any non-admin user's email and gain access to their account when accepting the invitation. All users should upgrade to the latest version. A workaround is temporarily disabling invitations with `SiteSetting.max_invites_per_day = 0` or scope them to individual email addresses. | ||||
| CVE-2022-39341 | 1 Openfga | 1 Openfga | 2023-06-27 | 9.8 Critical |
| OpenFGA is an authorization/permission engine. Versions prior to version 0.2.4 are vulnerable to authorization bypass under certain conditions. Users who have wildcard (`*`) defined on tupleset relations in their authorization model are vulnerable. Version 0.2.4 contains a patch for this issue. | ||||
| CVE-2022-39340 | 1 Openfga | 1 Openfga | 2023-06-27 | 5.3 Medium |
| OpenFGA is an authorization/permission engine. Prior to version 0.2.4, the `streamed-list-objects` endpoint was not validating the authorization header, resulting in disclosure of objects in the store. Users `openfga/openfga` versions 0.2.3 and prior who are exposing the OpenFGA service to the internet are vulnerable. Version 0.2.4 contains a patch for this issue. | ||||
| CVE-2022-39902 | 1 Samsung | 2 Exynos, Exynos Firmware | 2023-06-27 | 7.5 High |
| Improper authorization in Exynos baseband prior to SMR DEC-2022 Release 1 allows remote attacker to get sensitive information including IMEI via emergency call. | ||||
| CVE-2022-39879 | 1 Google | 1 Android | 2023-06-27 | 3.3 Low |
| Improper authorization vulnerability in?CallBGProvider prior to SMR Nov-2022 Release 1 allows local attacker to grant permission for accessing information with phone uid. | ||||
| CVE-2022-39862 | 2 Google, Samsung | 2 Android, Dynamic Lockscreen | 2023-06-27 | 9.8 Critical |
| Improper authorization in Dynamic Lockscreen prior to SMR Sep-2022 Release 1 in Android R(11) and 3.3.03.66 in Android S(12) allows unauthorized use of javascript interface api. | ||||
| CVE-2022-2019 | 1 Prison Management System Project | 1 Prison Management System | 2023-06-27 | 7.5 High |
| A vulnerability classified as critical was found in SourceCodester Prison Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /classes/Users.php?f=save of the component New User Creation. The manipulation leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2022-0027 | 1 Paloaltonetworks | 1 Cortex Xsoar | 2023-06-26 | 4.3 Medium |
| An improper authorization vulnerability in Palo Alto Network Cortex XSOAR software enables authenticated users in non-Read-Only groups to generate an email report that contains summary information about all incidents in the Cortex XSOAR instance, including incidents to which the user does not have access. This issue impacts: All versions of Cortex XSOAR 6.1; All versions of Cortex XSOAR 6.2; All versions of Cortex XSOAR 6.5; Cortex XSOAR 6.6 versions earlier than Cortex XSOAR 6.6.0 build 6.6.0.2585049. | ||||
| CVE-2022-24002 | 1 Samsung | 1 Link Sharing | 2023-06-23 | 5.3 Medium |
| Improper Authorization vulnerability in Link Sharing prior to version 12.4.00.3 allows attackers to open protected activity via PreconditionActivity. | ||||