Total
2747 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-0390 | 1 Gitlab | 1 Gitlab | 2023-08-08 | 2.1 LOW | 4.3 MEDIUM |
| Improper access control in Gitlab CE/EE versions 12.7 to 14.5.4, 14.6 to 14.6.4, and 14.7 to 14.7.1 allowed for project non-members to retrieve issue details when it was linked to an item from the vulnerability dashboard. | |||||
| CVE-2022-47367 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-08-08 | N/A | 5.5 MEDIUM |
| In bluetooth driver, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | |||||
| CVE-2022-47357 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-08-08 | N/A | 5.5 MEDIUM |
| In log service, there is a missing permission check. This could lead to local denial of service in log service. | |||||
| CVE-2022-41417 | 1 Blogengine | 1 Blogengine.net | 2023-08-08 | N/A | 9.8 CRITICAL |
| BlogEngine.NET v3.3.8.0 allows an attacker to create any folder with "files" prefix under ~/App_Data/. | |||||
| CVE-2022-47327 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-08-08 | N/A | 5.5 MEDIUM |
| In wlan driver, there is a possible missing permission check. This could lead to local information disclosure. | |||||
| CVE-2022-20529 | 1 Google | 1 Android | 2023-08-08 | N/A | 2.4 LOW |
| In multiple locations of WifiDialogActivity.java, there is a possible limited lockscreen bypass due to a logic error in the code. This could lead to local escalation of privilege in wifi settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-231583603 | |||||
| CVE-2022-3482 | 1 Gitlab | 1 Gitlab | 2023-08-08 | N/A | 5.3 MEDIUM |
| An improper access control issue in GitLab CE/EE affecting all versions from 11.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allowed an unauthorized user to see release names even when releases we set to be restricted to project members only | |||||
| CVE-2022-1423 | 1 Gitlab | 1 Gitlab | 2023-08-08 | 6.5 MEDIUM | 8.8 HIGH |
| Improper access control in the CI/CD cache mechanism in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 before 14.10.1 allows a malicious actor with Developer privileges to perform cache poisoning leading to arbitrary code execution in protected branches | |||||
| CVE-2022-32560 | 1 Couchbase | 1 Couchbase Server | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Couchbase Server before 7.0.4. XDCR lacks role checking when changing internal settings. | |||||
| CVE-2022-47360 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-08-08 | N/A | 5.5 MEDIUM |
| In log service, there is a missing permission check. This could lead to local denial of service in log service. | |||||
| CVE-2022-40316 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2023-08-08 | N/A | 4.3 MEDIUM |
| The H5P activity attempts report did not filter by groups, which in separate groups mode could reveal information to non-editing teachers about attempts/users in groups they should not have access to. | |||||
| CVE-2021-0978 | 1 Google | 1 Android | 2023-08-08 | 2.1 LOW | 3.3 LOW |
| In getSerialForPackage of DeviceIdentifiersPolicyService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-192587406 | |||||
| CVE-2022-38183 | 1 Gitea | 1 Gitea | 2023-08-08 | N/A | 6.5 MEDIUM |
| In Gitea before 1.16.9, it was possible for users to add existing issues to projects. Due to improper access controls, an attacker could assign any issue to any project in Gitea (there was no permission check for fetching the issue). As a result, the attacker would get access to private issue titles. | |||||
| CVE-2022-47332 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-08-08 | N/A | 5.5 MEDIUM |
| In wlan driver, there is a possible missing permission check. This could lead to local information disclosure. | |||||
| CVE-2022-20299 | 1 Google | 1 Android | 2023-08-08 | N/A | 5.5 MEDIUM |
| In ContentService, there is a possible way to check if the given account exists on the device due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-201415895 | |||||
| CVE-2022-20284 | 1 Google | 1 Android | 2023-08-08 | N/A | 5.5 MEDIUM |
| In Telephony, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure of phone accounts with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-231986341 | |||||
| CVE-2022-20281 | 1 Google | 1 Android | 2023-08-08 | N/A | 7.8 HIGH |
| In Core, there is a possible way to start an activity from the background due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-204083967 | |||||
| CVE-2022-47339 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-08-08 | N/A | 6.7 MEDIUM |
| In cmd services, there is a OS command injection issue due to missing permission check. This could lead to local escalation of privilege with system execution privileges needed. | |||||
| CVE-2021-21978 | 1 Vmware | 1 View Planner | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remote code execution vulnerability. Improper input validation and lack of authorization leading to arbitrary file upload in logupload web application. An unauthorized attacker with network access to View Planner Harness could upload and execute a specially crafted file leading to remote code execution within the logupload container. | |||||
| CVE-2022-20349 | 1 Google | 1 Android | 2023-08-08 | N/A | 7.8 HIGH |
| In WifiScanningPreferenceController and BluetoothScanningPreferenceController, there is a possible admin restriction bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-228315522 | |||||