Export limit exceeded: 12098 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (12098 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-31257 | 1 Mendix | 1 Mendix | 2024-11-21 | 7.5 High |
| A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.31), Mendix Applications using Mendix 8 (All versions < V8.18.18), Mendix Applications using Mendix 9 (All versions < V9.14.0), Mendix Applications using Mendix 9 (V9.12) (All versions < V9.12.2), Mendix Applications using Mendix 9 (V9.6) (All versions < V9.6.12). In case of access to an active user session in an application that is built with an affected version, it’s possible to change that user’s password bypassing password validations within a Mendix application. This could allow to set weak passwords. | ||||
| CVE-2022-31247 | 1 Suse | 1 Rancher | 2024-11-21 | 9.1 Critical |
| An Improper Authorization vulnerability in SUSE Rancher, allows any user who has permissions to create/edit cluster role template bindings or project role template bindings (such as cluster-owner, manage cluster members, project-owner and manage project members) to gain owner permission in another project in the same cluster or in another project on a different downstream cluster. This issue affects: SUSE Rancher Rancher versions prior to 2.6.7; Rancher versions prior to 2.5.16. | ||||
| CVE-2022-31237 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | 3.3 Low |
| Dell PowerScale OneFS, versions 9.2.0 up to and including 9.2.1.12 and 9.3.0.5 contain an improper preservation of permissions vulnerability in SyncIQ. A low privileged local attacker may potentially exploit this vulnerability, leading to limited information disclosure. | ||||
| CVE-2022-30757 | 1 Google | 1 Android | 2024-11-21 | 4 Medium |
| Improper authorization in isemtelephony prior to SMR Jul-2022 Release 1 allows attacker to obtain CID without ACCESS_FINE_LOCATION permission. | ||||
| CVE-2022-30755 | 1 Google | 1 Android | 2024-11-21 | 7.3 High |
| Improper authentication vulnerability in AppLock prior to SMR Jul-2022 Release 1 allows attacker to bypass password confirm activity by hijacking the implicit intent. | ||||
| CVE-2022-30752 | 1 Google | 1 Android | 2024-11-21 | 3.3 Low |
| Improper access control vulnerability in sendDHCPACKBroadcast function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected by using WIFI_AP_STA_STATE_CHANGED action. | ||||
| CVE-2022-30751 | 1 Google | 1 Android | 2024-11-21 | 3.3 Low |
| Improper access control vulnerability in sendDHCPACKBroadcast function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected by using WIFI_AP_STA_DHCPACK_EVENT action. | ||||
| CVE-2022-30750 | 1 Google | 1 Android | 2024-11-21 | 3.3 Low |
| Improper access control vulnerability in updateLastConnectedClientInfo function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected. | ||||
| CVE-2022-30749 | 1 Samsung | 1 Smartthings | 2024-11-21 | 3.3 Low |
| Improper access control vulnerability in Smart Things prior to 1.7.85.25 allows local attackers to add arbitrary smart devices by bypassing login activity. | ||||
| CVE-2022-30746 | 1 Samsung | 1 Smartthings | 2024-11-21 | 7.5 High |
| Missing caller check in Smart Things prior to version 1.7.85.12 allows attacker to access senstive information remotely using javascript interface API. | ||||
| CVE-2022-30745 | 1 Samsung | 1 Quick Share | 2024-11-21 | 4 Medium |
| Improper access control vulnerability in Quick Share prior to version 13.1.2.4 allows attacker to access internal files in Quick Share. | ||||
| CVE-2022-30730 | 1 Samsung | 1 Samsung Pass | 2024-11-21 | 4.6 Medium |
| Improper authorization in Samsung Pass prior to 1.0.00.33 allows physical attackers to acess account list without authentication. | ||||
| CVE-2022-30727 | 1 Google | 1 Android | 2024-11-21 | 6.2 Medium |
| Improper handling of insufficient permissions vulnerability in addAppPackageNameToAllowList in PersonaManagerService prior to SMR Jun-2022 Release 1 allows local attackers to set some setting value in work space. | ||||
| CVE-2022-30725 | 1 Google | 1 Android | 2024-11-21 | 4 Medium |
| Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in sendIntentSessionError function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device. | ||||
| CVE-2022-30724 | 1 Google | 1 Android | 2024-11-21 | 4 Medium |
| Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in sendIntentSessionCompleted function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device. | ||||
| CVE-2022-30723 | 1 Google | 1 Android | 2024-11-21 | 4 Medium |
| Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in activateVoiceRecognitionWithDevice function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device. | ||||
| CVE-2022-30722 | 1 Google | 1 Android | 2024-11-21 | 6.2 Medium |
| Implicit Intent hijacking vulnerability in Samsung Account prior to SMR Jun-2022 Release 1 allows attackers to bypass user confirmation of Samsung Account. | ||||
| CVE-2022-30717 | 1 Google | 1 Android | 2024-11-21 | 4 Medium |
| Improper caller check in AR Emoji prior to SMR Jun-2022 Release 1 allows untrusted applications to use some camera functions via deeplink. | ||||
| CVE-2022-30716 | 1 Google | 1 Android | 2024-11-21 | 4 Medium |
| Unprotected broadcast in sendIntentForToastDumpLog in DisplayToast prior to SMR Jun-2022 Release 1 allows untrusted applications to access toast message information from device. | ||||
| CVE-2022-30715 | 1 Google | 1 Android | 2024-11-21 | 4 Medium |
| Improper access control vulnerability in DofViewer prior to SMR Jun-2022 Release 1 allows attackers to control floating system alert window. | ||||