Total
2377 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-28778 | 1 Samsung | 1 Samsung Security Supporter | 2023-06-28 | 2.1 LOW | 3.3 LOW |
| Improper access control vulnerability in Samsung Security Supporter prior to version 1.2.40.0 allows attacker to set the arbitrary folder as Secret Folder without Samsung Security Supporter permission | |||||
| CVE-2022-28777 | 1 Samsung | 1 Members | 2023-06-28 | 2.1 LOW | 3.3 LOW |
| Improper access control vulnerability in Samsung Members prior to version 13.6.08.5 allows local attacker to execute call function without CALL_PHONE permission. | |||||
| CVE-2022-28775 | 1 Samsung | 1 Samsung Flow | 2023-06-28 | 2.1 LOW | 3.3 LOW |
| Improper access control vulnerability in Samsung Flow prior to version 4.8.06.5 allows attacker to write the file without Samsung Flow permission. | |||||
| CVE-2023-3304 | 1 Admidio | 1 Admidio | 2023-06-28 | N/A | 5.4 MEDIUM |
| Improper Access Control in GitHub repository admidio/admidio prior to 4.2.9. | |||||
| CVE-2023-3303 | 1 Admidio | 1 Admidio | 2023-06-28 | N/A | 3.5 LOW |
| Improper Access Control in GitHub repository admidio/admidio prior to 4.2.9. | |||||
| CVE-2022-2792 | 1 Emerson | 1 Electric\'s Proficy | 2023-06-28 | N/A | 7.5 HIGH |
| Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-284 Improper Access Control, and stores project data in a directory with improper access control lists. | |||||
| CVE-2022-27660 | 1 Tcl | 1 Linkhub Mesh Wifi Ac1200 | 2023-06-28 | N/A | 7.5 HIGH |
| A denial of service vulnerability exists in the confctl_set_guest_wlan functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to denial of service. An attacker can send packets to trigger this vulnerability. | |||||
| CVE-2022-27838 | 1 Samsung | 1 Factorycamera | 2023-06-28 | 7.2 HIGH | 7.8 HIGH |
| Improper access control vulnerability in FactoryCamera prior to version 2.1.96 allows attacker to access the file with system privilege. | |||||
| CVE-2022-38184 | 1 Esri | 1 Portal For Arcgis | 2023-06-27 | N/A | 7.5 HIGH |
| There is an improper access control vulnerability in Portal for ArcGIS versions 10.8.1 and below which could allow a remote, unauthenticated attacker to access an API that may induce Esri Portal for ArcGIS to read arbitrary URLs. | |||||
| CVE-2022-21825 | 1 Citrix | 1 Workspace | 2023-06-27 | 4.6 MEDIUM | 7.8 HIGH |
| An Improper Access Control vulnerability exists in Citrix Workspace App for Linux 2012 - 2111 with App Protection installed that can allow an attacker to perform local privilege escalation. | |||||
| CVE-2022-23433 | 2 Google, Samsung | 2 Android, Reminder | 2023-06-27 | 5.0 MEDIUM | 5.3 MEDIUM |
| Improper access control vulnerability in Reminder prior to versions 12.3.01.3000 in Android S(12), 12.2.05.6000 in Android R(11) and 11.6.08.6000 in Andoid Q(10) allows attackers to register reminders or execute exporeted activities remotely. | |||||
| CVE-2022-22183 | 1 Juniper | 1 Junos Os Evolved | 2023-06-27 | 7.8 HIGH | 7.5 HIGH |
| An Improper Access Control vulnerability in Juniper Networks Junos OS Evolved allows a network-based unauthenticated attacker who is able to connect to a specific open IPv4 port, which in affected releases should otherwise be unreachable, to cause the CPU to consume all resources as more traffic is sent to the port to create a Denial of Service (DoS) condition. Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS Evolved 20.4 versions prior to 20.4R3-S2-EVO; 21.1 versions prior to 21.1R3-S1-EVO; 21.2 versions prior to 21.2R3-EVO; 21.3 versions prior to 21.3R2-EVO; 21.4 versions prior to 21.4R2-EVO. This issue does not affect Junos OS. | |||||
| CVE-2022-22190 | 1 Juniper | 1 Paragon Active Assurance Control Center | 2023-06-27 | 4.3 MEDIUM | 7.5 HIGH |
| An Improper Access Control vulnerability in the Juniper Networks Paragon Active Assurance Control Center allows an unauthenticated attacker to leverage a crafted URL to generate PDF reports, potentially containing sensitive configuration information. A feature was introduced in version 3.1 of the Paragon Active Assurance Control Center which allows users to selective share account data using a unique identifier. Knowing the proper format of the URL and the identifier of an existing object in an application it is possible to get access to that object without being logged in, even if the object is not shared, resulting in the opportunity for malicious exfiltration of user data. Note that the Paragon Active Assurance Control Center SaaS offering is not affected by this issue. This issue affects Juniper Networks Paragon Active Assurance version 3.1.0. | |||||
| CVE-2022-22282 | 1 Sonicwall | 10 Sma 6200, Sma 6200 Firmware, Sma 6210 and 7 more | 2023-06-27 | 7.5 HIGH | 9.8 CRITICAL |
| SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions incorrectly restricts access to a resource using HTTP connections from an unauthorized actor leading to Improper Access Control vulnerability. | |||||
| CVE-2022-2088 | 1 Smartics | 1 Smartics | 2023-06-27 | 6.8 MEDIUM | 4.9 MEDIUM |
| An authenticated user with admin privileges may be able to terminate any process on the system running Elcomplus SmartICS v2.3.4.0. | |||||
| CVE-2022-0732 | 1 1byte | 9 Copy9, Exactspy, Fonetracker and 6 more | 2023-06-27 | 5.0 MEDIUM | 7.5 HIGH |
| The backend infrastructure shared by multiple mobile device monitoring services does not adequately authenticate or authorize API requests, creating an IDOR (Insecure Direct Object Reference) vulnerability. | |||||
| CVE-2022-36832 | 1 Samsung | 1 Cameralyzer | 2023-06-27 | N/A | 3.3 LOW |
| Improper access control vulnerability in WebApp in Cameralyzer prior to versions 3.2.22, 3.3.22, 3.4.22 and 3.5.51 allows attackers to access external storage as Cameralyzer privilege. | |||||
| CVE-2022-39370 | 1 Glpi-project | 1 Glpi | 2023-06-27 | N/A | 4.3 MEDIUM |
| GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Connected users may gain access to debug panel through the GLPI update script. This issue has been patched, please upgrade to 10.0.4. As a workaround, delete the `install/update.php` script. | |||||
| CVE-2022-39877 | 2 Google, Samsung | 2 Android, Group Sharing | 2023-06-27 | N/A | 5.3 MEDIUM |
| Improper access control vulnerability in ProfileSharingAccount in Group Sharing prior to versions 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below allows attackers to identify the device. | |||||
| CVE-2022-39868 | 1 Samsung | 1 Smartthings | 2023-06-27 | N/A | 7.5 HIGH |
| Improper access control vulnerability in GedSamsungAccount.kt SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast. | |||||