Total
2747 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-39093 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2022-12-07 | N/A | 7.8 HIGH |
| In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. | |||||
| CVE-2022-39091 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2022-12-07 | N/A | 7.8 HIGH |
| In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. | |||||
| CVE-2022-39090 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2022-12-07 | N/A | 7.8 HIGH |
| In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. | |||||
| CVE-2022-44009 | 1 Stackstorm | 1 Stackstorm | 2022-12-07 | N/A | 7.5 HIGH |
| Improper access control in Key-Value RBAC in StackStorm version 3.7.0 didn't check the permissions in Jinja filters, allowing attackers to access K/V pairs of other users, potentially leading to the exposure of sensitive Information. | |||||
| CVE-2022-41807 | 1 Kyocera | 80 Ecosys M2535dn, Ecosys M2535dn Firmware, Ecosys M6526cdn and 77 more | 2022-12-06 | N/A | 6.5 MEDIUM |
| Missing authorization vulnerability exists in Kyocera Document Solutions MFPs and printers, which may allow a network-adjacent attacker to alter the product settings without authentication by sending a specially crafted request. Affected products/versions are as follows: TASKalfa 7550ci/6550ci, TASKalfa 5550ci/4550ci/3550ci/3050ci, TASKalfa 255c/205c, TASKalfa 256ci/206ci, ECOSYS M6526cdn/M6526cidn, FS-C2126MFP/C2126MFP+/C2026MFP/C2026MFP+, TASKalfa 8000i/6500i, TASKalfa 5500i/4500i/3500i, TASKalfa 305/255, TASKalfa 306i/256i, LS-3140MFP/3140MFP+/3640MFP, ECOSYS M2535dn, LS-1135MFP/1035MFP, LS-C8650DN/C8600DN, ECOSYS P6026cdn, FS-C5250DN, LS-4300DN/4200DN/2100DN, ECOSYS P4040dn, ECOSYS P2135dn, and FS-1370DN. | |||||
| CVE-2019-4158 | 1 Ibm | 1 Security Access Manager | 2022-12-03 | 5.5 MEDIUM | 5.4 MEDIUM |
| IBM Security Access Manager 9.0.1 through 9.0.6 does not prove that a user's identity is correct which can lead to the exposure of resources or functionality to unintended actors. IBM X-Force ID: 158574. | |||||
| CVE-2021-32472 | 1 Moodle | 1 Moodle | 2022-12-02 | 2.6 LOW | 4.3 MEDIUM |
| Teachers exporting a forum in CSV format could receive a CSV of forums from all courses in some circumstances. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6 and 3.8 to 3.8.8 are affected. | |||||
| CVE-2022-41930 | 1 Xwiki | 1 Xwiki | 2022-11-30 | N/A | 8.2 HIGH |
| org.xwiki.platform:xwiki-platform-user-profile-ui is missing authorization to enable or disable users. Any user (logged in or not) with access to the page XWiki.XWikiUserProfileSheet can enable or disable any user profile. This might allow to a disabled user to re-enable themselves, or to an attacker to disable any user of the wiki. The problem has been patched in XWiki 13.10.7, 14.5RC1 and 14.4.2. Workarounds: The problem can be patched immediately by editing the page `XWiki.XWikiUserProfileSheet` in the wiki and by performing the changes contained in https://github.com/xwiki/xwiki-platform/commit/5be1cc0adf917bf10899c47723fa451e950271fa. | |||||
| CVE-2022-41929 | 1 Xwiki | 1 Xwiki | 2022-11-30 | N/A | 4.9 MEDIUM |
| org.xwiki.platform:xwiki-platform-oldcore is missing authorization in User#setDisabledStatus, which may allow an incorrectly authorized user with only Script rights to enable or disable a user. This operation is meant to only be available for users with admin rights. This problem has been patched in XWiki 13.10.7, 14.4.2 and 14.5RC1. | |||||
| CVE-2022-32966 | 1 Realtek | 2 Rtl8111fp-cg, Rtl8111fp-cg Firmware | 2022-11-30 | N/A | 6.5 MEDIUM |
| RTL8168FP-CG Dash remote management function has missing authorization. An unauthenticated attacker within the adjacent network can connect to DASH service port to disrupt service. | |||||
| CVE-2022-41937 | 1 Xwiki | 1 Xwiki | 2022-11-28 | N/A | 8.1 HIGH |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The application allows anyone with view access to modify any page of the wiki by importing a crafted XAR package. The problem has been patched in XWiki 14.6RC1, 14.6 and 13.10.8. As a workaround, setting the right of the page Filter.WebHome and making sure only the main wiki administrators can view the application installed on main wiki or edit the page and apply the changed described in commit fb49b4f. | |||||
| CVE-2022-41692 | 1 Dwbooster | 1 Appointment Hour Booking | 2022-11-21 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in Appointment Hour Booking plugin <= 1.3.71 on WordPress. | |||||
| CVE-2022-43482 | 1 Codepeople | 1 Appointment Booking Calendar | 2022-11-21 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in Appointment Booking Calendar plugin <= 1.3.69 on WordPress. | |||||
| CVE-2022-3920 | 1 Hashicorp | 1 Consul | 2022-11-18 | N/A | 7.5 HIGH |
| HashiCorp Consul and Consul Enterprise 1.13.0 up to 1.13.3 do not filter cluster filtering's imported nodes and services for HTTP or RPC endpoints used by the UI. Fixed in 1.14.0. | |||||
| CVE-2022-2450 | 1 Resmush.it | 1 Resmush.it Image Optimizer | 2022-11-16 | N/A | 4.3 MEDIUM |
| The reSmush.it : the only free Image Optimizer & compress plugin WordPress plugin before 0.4.4 lacks authorization in various AJAX actions, allowing any logged-in users, such as subscribers to call them. | |||||
| CVE-2020-25711 | 3 Infinispan, Netapp, Redhat | 3 Infinispan, Active Iq Unified Manager, Data Grid | 2022-11-10 | 4.9 MEDIUM | 6.5 MEDIUM |
| A flaw was found in infinispan 10 REST API, where authorization permissions are not checked while performing some server management operations. When authz is enabled, any user with authentication can perform operations like shutting down the server without the ADMIN role. | |||||
| CVE-2021-24730 | 1 Infornweb | 1 Logo Showcase With Slick Slider | 2022-11-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| The Logo Showcase with Slick Slider WordPress plugin before 1.2.5 does not have CSRF and authorisation checks in the lswss_save_attachment_data AJAX action, allowing any authenticated users, such as Subscriber, to change title, description, alt text, and URL of arbitrary uploaded media. | |||||
| CVE-2022-20446 | 1 Google | 1 Android | 2022-11-09 | N/A | 3.3 LOW |
| In AlwaysOnHotwordDetector of AlwaysOnHotwordDetector.java, there is a possible way to access the microphone from the background due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-229793943 | |||||
| CVE-2022-20451 | 1 Google | 1 Android | 2022-11-09 | N/A | 7.8 HIGH |
| In onCallRedirectionComplete of CallsManager.java, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-235098883 | |||||
| CVE-2022-20450 | 1 Google | 1 Android | 2022-11-09 | N/A | 7.8 HIGH |
| In restorePermissionState of PermissionManagerServiceImpl.java, there is a possible way to bypass user consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-210065877 | |||||