Total
2747 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-20121 | 1 Google | 1 Android | 2022-05-17 | 2.1 LOW | 5.5 MEDIUM |
| In getNodeValue of USCCDMPlugin.java, there is a possible disclosure of ICCID due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-212573046References: N/A | |||||
| CVE-2022-20011 | 1 Google | 1 Android | 2022-05-16 | 2.1 LOW | 5.5 MEDIUM |
| In getArray of NotificationManagerService.java , there is a possible leak of one user notifications to another due to missing check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-214999128 | |||||
| CVE-2022-20115 | 1 Google | 1 Android | 2022-05-16 | 2.1 LOW | 5.5 MEDIUM |
| In broadcastServiceStateChanged of TelephonyRegistry.java, there is a possible way to learn base station information without location permission due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-210118427 | |||||
| CVE-2019-18790 | 2 Debian, Digium | 3 Debian Linux, Asterisk, Certified Asterisk | 2022-05-13 | 5.8 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13.x before 13.29.2, 16.x before 16.6.2, and 17.x before 17.0.1, and Certified Asterisk 13.21 before cert5. A SIP request can be sent to Asterisk that can change a SIP peer's IP address. A REGISTER does not need to occur, and calls can be hijacked as a result. The only thing that needs to be known is the peer's name; authentication details such as passwords do not need to be known. This vulnerability is only exploitable when the nat option is set to the default, or auto_force_rport. | |||||
| CVE-2020-10701 | 1 Redhat | 1 Libvirt | 2022-05-13 | 4.0 MEDIUM | 6.5 MEDIUM |
| A missing authorization flaw was found in the libvirt API responsible for changing the QEMU agent response timeout. This flaw allows read-only connections to adjust the time that libvirt waits for the QEMU guest agent to respond to agent commands. Depending on the timeout value that is set, this flaw can make guest agent commands fail because the agent cannot respond in time. Unprivileged users with a read-only connection could abuse this flaw to set the response timeout for all guest agent messages to zero, potentially leading to a denial of service. This flaw affects libvirt versions before 6.2.0. | |||||
| CVE-2021-44055 | 1 Qnap | 1 Video Station | 2022-05-13 | 7.5 HIGH | 9.8 CRITICAL |
| An missing authorization vulnerability has been reported to affect QNAP device running Video Station. If exploited, this vulnerability allows remote attackers to access data or perform actions that they should not be allowed to perform. We have already fixed this vulnerability in the following versions of Video Station: Video Station 5.5.9 ( 2022/02/16 ) and later | |||||
| CVE-2022-26546 | 1 Hospital Management System Project | 1 Hospital Management System | 2022-05-12 | 6.4 MEDIUM | 9.1 CRITICAL |
| Hospital Management System v1.0 was discovered to lack an authorization component, allowing attackers to access sensitive information and obtain the admin password. | |||||
| CVE-2022-20102 | 2 Google, Mediatek | 45 Android, Mt6580, Mt6739 and 42 more | 2022-05-12 | 2.1 LOW | 4.4 MEDIUM |
| In aee daemon, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06296442; Issue ID: ALPS06296405. | |||||
| CVE-2022-28789 | 1 Samsung | 1 Voice Note | 2022-05-11 | 2.1 LOW | 5.5 MEDIUM |
| Unprotected activities in Voice Note prior to version 21.3.51.11 allows attackers to record voice without user interaction. The patch adds proper permission for vulnerable activities. | |||||
| CVE-2022-20098 | 2 Google, Mediatek | 45 Android, Mt6580, Mt6739 and 42 more | 2022-05-11 | 2.1 LOW | 4.4 MEDIUM |
| In aee daemon, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06419017; Issue ID: ALPS06419017. | |||||
| CVE-2022-20100 | 2 Google, Mediatek | 45 Android, Mt6580, Mt6739 and 42 more | 2022-05-11 | 2.1 LOW | 4.4 MEDIUM |
| In aee daemon, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06383944; Issue ID: ALPS06270804. | |||||
| CVE-2022-20084 | 2 Google, Mediatek | 55 Android, Mt6731, Mt6732 and 52 more | 2022-05-11 | 4.6 MEDIUM | 7.8 HIGH |
| In telephony, there is a possible way to disable receiving emergency broadcasts due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06498874; Issue ID: ALPS06498874. | |||||
| CVE-2022-20093 | 2 Google, Mediatek | 57 Android, Mt6731, Mt6732 and 54 more | 2022-05-10 | 4.6 MEDIUM | 7.8 HIGH |
| In telephony, there is a possible way to disable receiving SMS messages due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06498868; Issue ID: ALPS06498868. | |||||
| CVE-2022-1020 | 1 Codeastrology | 1 Woo Product Table | 2022-05-10 | 7.5 HIGH | 9.8 CRITICAL |
| The Product Table for WooCommerce (wooproducttable) WordPress plugin before 3.1.2 does not have authorisation and CSRF checks in the wpt_admin_update_notice_option AJAX action (available to both unauthenticated and authenticated users), as well as does not validate the callback parameter, allowing unauthenticated attackers to call arbitrary functions with either none or one user controlled argument | |||||
| CVE-2021-20834 | 1 Nike | 1 Nike | 2022-05-03 | 5.8 MEDIUM | 6.1 MEDIUM |
| Improper authorization in handler for custom URL scheme vulnerability in Nike App for Android versions prior to 2.177 and Nike App for iOS versions prior to 2.177.1 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App. | |||||
| CVE-2021-36232 | 1 Unit4 | 1 Mik.starlight | 2022-05-03 | 6.5 MEDIUM | 8.8 HIGH |
| Improper Authorization in multiple functions in MIK.starlight 7.9.5.24363 allows an authenticated attacker to escalate privileges. | |||||
| CVE-2021-36124 | 1 Echobh | 1 Sharecare | 2022-05-03 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Echo ShareCare 8.15.5. It does not perform authentication or authorization checks when accessing a subset of sensitive resources, leading to the ability for unauthenticated users to access pages that are vulnerable to attacks such as SQL injection. | |||||
| CVE-2021-20835 | 1 Mercari | 1 Mercari | 2022-05-03 | 5.0 MEDIUM | 7.5 HIGH |
| Improper authorization in handler for custom URL scheme vulnerability in Android App 'Mercari (Merpay) - Marketplace and Mobile Payments App' (Japan version) versions prior to 4.49.1 allows a remote attacker to lead a user to access an arbitrary website and the website launches an arbitrary Activity of the app via the vulnerable App, which may result in Mercari account's access token being obtained. | |||||
| CVE-2021-20777 | 1 Gu-global | 1 Gu | 2022-05-03 | 4.3 MEDIUM | 4.3 MEDIUM |
| Improper authorization in handler for custom URL scheme vulnerability in GU App for Android versions from 4.8.0 to 5.0.2 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App. | |||||
| CVE-2020-14944 | 1 Globalradar | 1 Bsa Radar | 2022-05-03 | 7.5 HIGH | 9.8 CRITICAL |
| Global RADAR BSA Radar 1.6.7234.24750 and earlier lacks valid authorization controls in multiple functions. This can allow for manipulation and takeover of user accounts if successfully exploited. The following vulnerable functions are exposed: ChangePassword, SaveUserProfile, and GetUser. | |||||