Total
2747 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-1066 | 1 Aethon | 1 Tug Home Base Server | 2022-10-21 | N/A | 8.2 HIGH |
| Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials. | |||||
| CVE-2020-25629 | 1 Moodle | 1 Moodle | 2022-10-21 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability was found in Moodle where users with "Log in as" capability in a course context (typically, course managers) may gain access to some site administration capabilities by "logging in as" a System manager. This affects 3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and earlier unsupported versions. This is fixed in 3.9.2, 3.8.5, 3.7.8 and 3.5.14. | |||||
| CVE-2022-3501 | 1 Otrs | 1 Otrs | 2022-10-20 | N/A | 7.5 HIGH |
| Article template contents with sensitive data could be accessed from agents without permissions. | |||||
| CVE-2021-21264 | 1 Octobercms | 1 October | 2022-10-19 | 4.4 MEDIUM | 5.2 MEDIUM |
| October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. A bypass of CVE-2020-26231 (fixed in 1.0.470/471 and 1.1.1) was discovered that has the same impact as CVE-2020-26231 & CVE-2020-15247. An authenticated backend user with the `cms.manage_pages`, `cms.manage_layouts`, or `cms.manage_partials` permissions who would **normally** not be permitted to provide PHP code to be executed by the CMS due to `cms.enableSafeMode` being enabled is able to write specific Twig code to escape the Twig sandbox and execute arbitrary PHP. This is not a problem for anyone that trusts their users with those permissions to normally write & manage PHP within the CMS by not having `cms.enableSafeMode` enabled, but would be a problem for anyone relying on `cms.enableSafeMode` to ensure that users with those permissions in production do not have access to write & execute arbitrary PHP. Issue has been patched in Build 472 (v1.0.472) and v1.1.2. As a workaround, apply https://github.com/octobercms/october/commit/f63519ff1e8d375df30deba63156a2fc97aa9ee7 to your installation manually if unable to upgrade to Build 472 or v1.1.2. | |||||
| CVE-2022-2985 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2022-10-18 | N/A | 7.8 HIGH |
| In music service, there is a missing permission check. This could lead to elevation of privilege in contacts service with no additional execution privileges needed. | |||||
| CVE-2022-39107 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2022-10-18 | N/A | 7.8 HIGH |
| In Soundrecorder service, there is a missing permission check. This could lead to elevation of privilege in Soundrecorder service with no additional execution privileges needed. | |||||
| CVE-2022-38669 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2022-10-18 | N/A | 7.8 HIGH |
| In soundrecorder service, there is a missing permission check. This could lead to elevation of privilege in contacts service with no additional execution privileges needed. | |||||
| CVE-2022-38670 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2022-10-18 | N/A | 7.8 HIGH |
| In soundrecorder service, there is a missing permission check. This could lead to elevation of privilege in contacts service with no additional execution privileges needed. | |||||
| CVE-2022-38677 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2022-10-18 | N/A | 5.5 MEDIUM |
| In cell service, there is a missing permission check. This could lead to local denial of service in cell service with no additional execution privileges needed. | |||||
| CVE-2022-38679 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2022-10-18 | N/A | 5.5 MEDIUM |
| In music service, there is a missing permission check. This could lead to local denial of service in music service with no additional execution privileges needed. | |||||
| CVE-2022-39111 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2022-10-18 | N/A | 7.8 HIGH |
| In Music service, there is a missing permission check. This could lead to elevation of privilege in Music service with no additional execution privileges needed. | |||||
| CVE-2022-39109 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2022-10-18 | N/A | 7.8 HIGH |
| In Music service, there is a missing permission check. This could lead to elevation of privilege in Music service with no additional execution privileges needed. | |||||
| CVE-2022-39108 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2022-10-18 | N/A | 7.8 HIGH |
| In Music service, there is a missing permission check. This could lead to elevation of privilege in Music service with no additional execution privileges needed. | |||||
| CVE-2022-39080 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2022-10-18 | N/A | 7.8 HIGH |
| In messaging service, there is a missing permission check. This could lead to elevation of privilege in contacts service with no additional execution privileges needed. | |||||
| CVE-2022-38698 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2022-10-18 | N/A | 7.8 HIGH |
| In messaging service, there is a missing permission check. This could lead to elevation of privilege in contacts service with no additional execution privileges needed. | |||||
| CVE-2022-38697 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2022-10-18 | N/A | 5.5 MEDIUM |
| In messaging service, there is a missing permission check. This could lead to access unexpected provider in contacts service with no additional execution privileges needed. | |||||
| CVE-2022-39110 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2022-10-18 | N/A | 7.8 HIGH |
| In Music service, there is a missing permission check. This could lead to elevation of privilege in Music service with no additional execution privileges needed. | |||||
| CVE-2022-39112 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2022-10-17 | N/A | 5.5 MEDIUM |
| In Music service, there is a missing permission check. This could lead to local denial of service in Music service with no additional execution privileges needed. | |||||
| CVE-2022-39114 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2022-10-17 | N/A | 5.5 MEDIUM |
| In Music service, there is a missing permission check. This could lead to local denial of service in Music service with no additional execution privileges needed. | |||||
| CVE-2022-39113 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2022-10-17 | N/A | 5.5 MEDIUM |
| In Music service, there is a missing permission check. This could lead to local denial of service in Music service with no additional execution privileges needed. | |||||