Total
542 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-25417 | 1 Google | 1 Android | 2022-07-14 | 7.5 High |
| Improper authorization in SDP SDK prior to SMR JUN-2021 Release 1 allows access to internal storage. | ||||
| CVE-2021-25374 | 2 Google, Samsung | 2 Android, Members | 2022-07-14 | 7.5 High |
| An improper authorization vulnerability in Samsung Members "samsungrewards" scheme for deeplink in versions 2.4.83.9 in Android O(8.1) and below, and 3.9.00.9 in Android P(9.0) and above allows remote attackers to access a user data related with Samsung Account. | ||||
| CVE-2018-9867 | 1 Sonicwall | 2 Sonicos, Sonicosv | 2022-06-16 | 5.5 Medium |
| In SonicWall SonicOS, administrators without full permissions can download imported certificates. Occurs when administrators who are not in the SonicWall Administrators user group attempt to download imported certificates. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8, 6.0.5.3-86o and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V). | ||||
| CVE-2022-30722 | 1 Google | 1 Android | 2022-06-11 | 9.8 Critical |
| Implicit Intent hijacking vulnerability in Samsung Account prior to SMR Jun-2022 Release 1 allows attackers to bypass user confirmation of Samsung Account. | ||||
| CVE-2022-29233 | 1 Bigbluebutton | 1 Bigbluebutton | 2022-06-09 | 4.3 Medium |
| BigBlueButton is an open source web conferencing system. In BigBlueButton starting with 2.2 but before 2.3.18 and 2.4-rc-1, an attacker can circumvent access controls to gain access to all breakout rooms of the meeting they are in. The permission checks rely on knowledge of internal ids rather than on verification of the role of the user. Versions 2.3.18 and 2.4-rc-1 contain a patch for this issue. There are currently no known workarounds. | ||||
| CVE-2022-0829 | 1 Webmin | 1 Webmin | 2022-05-13 | 8.1 High |
| Improper Authorization in GitHub repository webmin/webmin prior to 1.990. | ||||
| CVE-2021-21511 | 1 Dell | 2 Emc Avamar Server, Emc Integrated Data Protection Appliance | 2022-04-26 | 8.1 High |
| Dell EMC Avamar Server, versions 19.3 and 19.4 contain an Improper Authorization vulnerability in the web UI. A remote low privileged attacker could potentially exploit this vulnerability, to gain unauthorized read or modification access to other users' backup data. | ||||
| CVE-2021-23140 | 1 Gallagher | 1 Command Centre | 2022-04-26 | 8.8 High |
| Improper Authorization vulnerability in Gallagher Command Centre Server allows command line macros to be modified by an unauthorised Command Centre Operator. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); version 8.10 and prior versions. | ||||
| CVE-2021-23136 | 1 Gallagher | 1 Command Centre | 2022-04-26 | 6.5 Medium |
| Improper Authorization vulnerability in Gallagher Command Centre Server allows macro overrides to be performed by an unprivileged Command Centre Operator. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); version 8.10 and prior versions. | ||||
| CVE-2021-36276 | 1 Dell | 1 Dbutildrv2.sys Firmware | 2022-04-25 | 7.8 High |
| Dell DBUtilDrv2.sys driver (versions 2.5 and 2.6) contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required. | ||||
| CVE-2021-36037 | 1 Adobe | 2 Adobe Commerce, Magento Open Source | 2022-04-25 | 6.5 Medium |
| Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper improper authorization vulnerability. An authenticated attacker could leverage this vulnerability to achieve sensitive information disclosure. | ||||
| CVE-2021-28626 | 1 Adobe | 1 Experience Manager | 2022-04-25 | 7.5 High |
| Adobe Experience Manager Cloud Service offering, as well as versions 6.5.8.0 (and below) is affected by an Improper Authorization vulnerability allowing users to create nodes under a location. An unauthenticated attacker could leverage this vulnerability to cause an application denial-of-service. Exploitation of this issue does not require user interaction. | ||||
| CVE-2021-36311 | 1 Dell | 1 Emc Networker | 2022-04-25 | 7.8 High |
| Dell EMC Networker versions prior to 19.5 contain an Improper Authorization vulnerability. Any local malicious user with networker user privileges may exploit this vulnerability to upload malicious file to unauthorized locations and execute it. | ||||
| CVE-2018-14662 | 4 Canonical, Debian, Opensuse and 1 more | 6 Ubuntu Linux, Debian Linux, Leap and 3 more | 2022-04-19 | 5.7 Medium |
| It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption. | ||||
| CVE-2022-1224 | 1 Phpipam | 1 Phpipam | 2022-04-11 | 6.5 Medium |
| Improper Authorization in GitHub repository phpipam/phpipam prior to 1.4.6. | ||||
| CVE-2022-0406 | 1 Calibre-web Project | 1 Calibre-web | 2022-04-09 | 4.3 Medium |
| Improper Authorization in GitHub repository janeczku/calibre-web prior to 0.6.16. | ||||
| CVE-2022-0587 | 1 Librenms | 1 Librenms | 2022-02-22 | 6.5 Medium |
| Improper Authorization in Packagist librenms/librenms prior to 22.2.0. | ||||
| CVE-2020-9061 | 4 Aeotec, Samsung, Silabs and 1 more | 6 Zw090-a, Sth-eth-200, 500 Series Firmware and 3 more | 2022-01-18 | 6.5 Medium |
| Z-Wave devices using Silicon Labs 500 and 700 series chipsets, including but not likely limited to the SiLabs UZB-7 version 7.00, ZooZ ZST10 version 6.04, Aeon Labs ZW090-A version 3.95, and Samsung STH-ETH-200 version 6.04, are susceptible to denial of service via malformed routing messages. | ||||
| CVE-2022-22269 | 1 Google | 1 Android | 2022-01-15 | 3.3 Low |
| Keeping sensitive data in unprotected BluetoothSettingsProvider prior to SMR Jan-2022 Release 1 allows untrusted applications to get a local Bluetooth MAC address. | ||||
| CVE-2022-22268 | 1 Google | 1 Android | 2022-01-14 | 6.1 Medium |
| Incorrect implementation of Knox Guard prior to SMR Jan-2022 Release 1 allows physically proximate attackers to temporary unlock the Knox Guard via Samsung DeX mode. | ||||