Total
537 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-39329 | 1 Nextcloud | 2 Nextcloud Enterprise Server, Nextcloud Server | 2023-07-14 | N/A | 5.3 MEDIUM |
| Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server and Nextcloud Enterprise Server prior to versions 23.0.9 and 24.0.5 are vulnerable to exposure of information that cannot be controlled by administrators without direct database access. Versions 23.0.9 and 24.0.5 contains patches for this issue. No known workarounds are available. | |||||
| CVE-2022-39873 | 1 Samsung | 1 Internet | 2023-07-14 | N/A | 4.6 MEDIUM |
| Improper authorization vulnerability in Samsung Internet prior to version 18.0.4.14 allows physical attackers to add bookmarks in secret mode without user authentication. | |||||
| CVE-2022-39883 | 1 Google | 1 Android | 2023-07-14 | N/A | 7.8 HIGH |
| Improper authorization vulnerability in StorageManagerService prior to SMR Nov-2022 Release 1 allows local attacker to call privileged API. | |||||
| CVE-2023-25517 | 4 Citrix, Nvidia, Redhat and 1 more | 4 Hypervisor, Gpu Display Driver, Enterprise Linux Kernel-based Virtual Machine and 1 more | 2023-07-12 | N/A | 7.1 HIGH |
| NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a guest OS may be able to control resources for which it is not authorized, which may lead to information disclosure and data tampering. | |||||
| CVE-2022-24894 | 1 Sensiolabs | 1 Symfony | 2023-07-12 | N/A | 8.8 HIGH |
| Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony HTTP cache system, acts as a reverse proxy: It caches entire responses (including headers) and returns them to the clients. In a recent change in the `AbstractSessionListener`, the response might contain a `Set-Cookie` header. If the Symfony HTTP cache system is enabled, this response might bill stored and return to the next clients. An attacker can use this vulnerability to retrieve the victim's session. This issue has been patched and is available for branch 4.4. | |||||
| CVE-2022-27583 | 1 Sick | 4 Flx3-cpuc1, Flx3-cpuc1 Firmware, Flx3-cpuc2 and 1 more | 2023-07-11 | N/A | 9.1 CRITICAL |
| A remote unprivileged attacker can interact with the configuration interface of a Flexi-Compact FLX3-CPUC1 or FLX3-CPUC2 running an affected firmware version to potentially impact the availability of the FlexiCompact. | |||||
| CVE-2023-36611 | 1 Ovarro | 10 Tbox Lt2, Tbox Lt2 Firmware, Tbox Ms-cpu32 and 7 more | 2023-07-07 | N/A | 6.5 MEDIUM |
| The affected TBox RTUs allow low privilege users to access software security tokens of higher privilege. This could allow an attacker with “user” privileges to access files requiring higher privileges by establishing an SSH session and providing the other tokens. | |||||
| CVE-2023-34460 | 3 Apple, Linux, Tauri | 3 Macos, Linux Kernel, Tauri | 2023-07-05 | N/A | 9.8 CRITICAL |
| Tauri is a framework for building binaries for all major desktop platforms. The 1.4.0 release includes a regression on the Filesystem scope check for dotfiles on Unix. Previously dotfiles were not implicitly allowed by the glob wildcard scopes (eg. `$HOME/*`), but a regression was introduced when a configuration option for this behavior was implemented. Only Tauri applications using wildcard scopes in the `fs` endpoint are affected. The regression has been patched on version 1.4.1. | |||||
| CVE-2022-2393 | 2 Pki-core Project, Redhat | 3 Pki-core, Certificate System, Enterprise Linux | 2023-06-30 | N/A | 5.7 MEDIUM |
| A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not be able to decrypt message content. | |||||
| CVE-2021-25354 | 1 Samsung | 1 Internet | 2023-06-30 | 6.8 MEDIUM | 5.3 MEDIUM |
| Improper input check in Samsung Internet prior to version 13.2.1.46 allows attackers to launch non-exported activity in Samsung Browser via malicious deeplink. | |||||
| CVE-2022-34434 | 1 Dell | 1 Cloud Mobility For Dell Emc Storage | 2023-06-29 | N/A | 6.7 MEDIUM |
| Cloud Mobility for Dell Storage versions 1.3.0 and earlier contains an Improper Access Control vulnerability within the Postgres database. A threat actor with root level access to either the vApp or containerized versions of Cloud Mobility may potentially exploit this vulnerability, leading to the modification or deletion of tables that are required for many of the core functionalities of Cloud Mobility. Exploitation may lead to the compromise of integrity and availability of the normal functionality of the Cloud Mobility application. | |||||
| CVE-2022-33702 | 1 Google | 1 Android | 2023-06-29 | 2.1 LOW | 5.5 MEDIUM |
| Improper authorization vulnerability in Knoxguard prior to SMR Jul-2022 Release 1 allows local attacker to disable keyguard and bypass Knoxguard lock by factory reset. | |||||
| CVE-2022-30746 | 1 Samsung | 1 Smartthings | 2023-06-29 | 5.0 MEDIUM | 7.5 HIGH |
| Missing caller check in Smart Things prior to version 1.7.85.12 allows attacker to access senstive information remotely using javascript interface API. | |||||
| CVE-2022-30730 | 1 Samsung | 1 Samsung Pass | 2023-06-28 | 2.1 LOW | 4.6 MEDIUM |
| Improper authorization in Samsung Pass prior to 1.0.00.33 allows physical attackers to acess account list without authentication. | |||||
| CVE-2022-29490 | 1 Hitachienergy | 2 Microscada X Sys600, Sys600 | 2023-06-28 | N/A | 8.8 HIGH |
| Improper Authorization vulnerability exists in the Workplace X WebUI of the Hitachi Energy MicroSCADA X SYS600 allows an authenticated user to execute any MicroSCADA internal scripts irrespective of the authenticated user's role. This issue affects: Hitachi Energy MicroSCADA X SYS600 version 10 to version 10.3.1. cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:* | |||||
| CVE-2022-28776 | 1 Samsung | 1 Galaxy Store | 2023-06-28 | 4.6 MEDIUM | 7.8 HIGH |
| Improper access control vulnerability in Galaxy Store prior to version 4.5.36.4 allows attacker to install applications from Galaxy Store without user interactions. | |||||
| CVE-2022-2661 | 1 Sequi | 2 Portbloque S, Portbloque S Firmware | 2023-06-28 | N/A | 8.8 HIGH |
| Sequi PortBloque S has an improper authorization vulnerability, which may allow a low-privileged user to perform administrative functions using specifically crafted requests. | |||||
| CVE-2022-26857 | 1 Dell | 1 Openmanage Enterprise | 2023-06-28 | 6.5 MEDIUM | 8.8 HIGH |
| Dell OpenManage Enterprise Versions 3.8.3 and prior contain an improper authorization vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to bypass blocked functionalities and perform unauthorized actions. | |||||
| CVE-2022-2675 | 1 Unitree | 2 Go 1, Go 1 Firmware | 2023-06-28 | N/A | 6.5 MEDIUM |
| Using off-the-shelf commodity hardware, the Unitree Go 1 robotics platform version H0.1.7 and H0.1.9 (using firmware version 0.1.35) can be powered down by an attacker within normal RF range without authentication. Other versions may be affected, such as the A1. | |||||
| CVE-2022-36110 | 1 Gravitl | 1 Netmaker | 2023-06-27 | N/A | 8.8 HIGH |
| Netmaker makes networks with WireGuard. Prior to version 0.15.1, Improper Authorization functions lead to non-privileged users running privileged API calls. If someone adds users to the Netmaker platform who do not have admin privileges, they can use their auth tokens to run admin-level functions via the API. This problem has been patched in v0.15.1. | |||||