Total
29699 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-33721 | 1 Google | 1 Android | 2024-11-21 | 4.4 Medium |
| A vulnerability using PendingIntent in DeX for PC prior to SMR Aug-2022 Release 1 allows attackers to access files with system privilege. | ||||
| CVE-2022-33718 | 1 Google | 1 Android | 2024-11-21 | 6.2 Medium |
| An improper access control vulnerability in Wi-Fi Service prior to SMR AUG-2022 Release 1 allows untrusted applications to manipulate the list of apps that can use mobile data. | ||||
| CVE-2022-33715 | 1 Google | 1 Android | 2024-11-21 | 5.3 Medium |
| Improper access control and path traversal vulnerability in LauncherProvider prior to SMR Aug-2022 Release 1 allow local attacker to access files of One UI. | ||||
| CVE-2022-33714 | 1 Google | 1 Android | 2024-11-21 | 6.2 Medium |
| Improper access control vulnerability in SemWifiApBroadcastReceiver prior to SMR Aug-2022 Release 1 allows attacker to reset a setting value related to mobile hotspot. | ||||
| CVE-2022-33713 | 1 Samsung | 1 Cloud | 2024-11-21 | 7.5 High |
| Implicit Intent hijacking vulnerability in Samsung Cloud prior to version 5.2.0 allows attacker to get sensitive information. | ||||
| CVE-2022-33706 | 1 Samsung | 1 Samsung Gallery | 2024-11-21 | 2.4 Low |
| Improper access control vulnerability in Samsung Gallery prior to version 13.1.05.8 allows physical attackers to access the pictures using S Pen air gesture. | ||||
| CVE-2022-33705 | 1 Samsung | 1 Calendar | 2024-11-21 | 3.3 Low |
| Information exposure in Calendar prior to version 12.3.05.10000 allows attacker to access calendar schedule without READ_CALENDAR permission. | ||||
| CVE-2022-33702 | 1 Google | 1 Android | 2024-11-21 | 6.2 Medium |
| Improper authorization vulnerability in Knoxguard prior to SMR Jul-2022 Release 1 allows local attacker to disable keyguard and bypass Knoxguard lock by factory reset. | ||||
| CVE-2022-33701 | 1 Google | 1 Android | 2024-11-21 | 3.3 Low |
| Improper access control vulnerability in KnoxCustomManagerService prior to SMR Jul-2022 Release 1 allows attacker to call PowerManaer.goToSleep method which is protected by system permission by sending braodcast intent. | ||||
| CVE-2022-33689 | 1 Google | 1 Android | 2024-11-21 | 6.2 Medium |
| Improper access control vulnerability in TelephonyUI prior to SMR Jul-2022 Release 1 allows attackers to change preferred network type by unprotected binder call. | ||||
| CVE-2022-33685 | 1 Google | 1 Android | 2024-11-21 | 4 Medium |
| Unprotected dynamic receiver in Wearable Manager Service prior to SMR Jul-2022 Release 1 allows attacker to launch arbitray activity and access senstive information. | ||||
| CVE-2022-33311 | 1 Cybozu | 1 Office | 2024-11-21 | 4.3 Medium |
| Browse restriction bypass vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Address Book via unspecified vectors. | ||||
| CVE-2022-33243 | 1 Qualcomm | 314 Apq8096au, Apq8096au Firmware, Aqt1000 and 311 more | 2024-11-21 | 8.4 High |
| Memory corruption due to improper access control in Qualcomm IPC. | ||||
| CVE-2022-33173 | 1 Couchbase | 1 Couchbase Server | 2024-11-21 | 7.5 High |
| An algorithm-downgrade issue was discovered in Couchbase Server before 7.0.4. Analytics Remote Links may temporarily downgrade to non-TLS connection to determine the TLS port number, using SCRAM-SHA instead. | ||||
| CVE-2022-33172 | 1 Bund | 1 De.fac2 | 2024-11-21 | 5.5 Medium |
| de.fac2 1.34 allows bypassing the User Presence protection mechanism when there is malware on the victim's PC. | ||||
| CVE-2022-33124 | 1 Aiohttp | 1 Aiohttp | 2024-11-21 | 5.5 Medium |
| AIOHTTP 3.8.1 can report a "ValueError: Invalid IPv6 URL" outcome, which can lead to a Denial of Service (DoS). NOTE: multiple third parties dispute this issue because there is no example of a context in which denial of service would occur, and many common contexts have exception handing in the calling application | ||||
| CVE-2022-32993 | 1 Totolink | 2 A7000r, A7000r Firmware | 2024-11-21 | 9.8 Critical |
| TOTOLINK A7000R V4.1cu.4134 was discovered to contain an access control issue via /cgi-bin/ExportSettings.sh. | ||||
| CVE-2022-32959 | 1 Hinet | 1 Hicos Natural Person Credential Component Client | 2024-11-21 | 6.8 Medium |
| HiCOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for OS information. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service. | ||||
| CVE-2022-32583 | 1 Cybozu | 1 Office | 2024-11-21 | 4.3 Medium |
| Operation restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to alter the data of Scheduler via unspecified vectors. | ||||
| CVE-2022-32544 | 1 Cybozu | 1 Office | 2024-11-21 | 4.3 Medium |
| Operation restriction bypass vulnerability in Project of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to alter the data of Project via unspecified vectors. | ||||