Total
29699 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-28777 | 1 Samsung | 1 Members | 2024-11-21 | 4.3 Medium |
| Improper access control vulnerability in Samsung Members prior to version 13.6.08.5 allows local attacker to execute call function without CALL_PHONE permission. | ||||
| CVE-2022-28776 | 1 Samsung | 1 Galaxy Store | 2024-11-21 | 5.9 Medium |
| Improper access control vulnerability in Galaxy Store prior to version 4.5.36.4 allows attacker to install applications from Galaxy Store without user interactions. | ||||
| CVE-2022-28775 | 1 Samsung | 1 Samsung Flow | 2024-11-21 | 5.1 Medium |
| Improper access control vulnerability in Samsung Flow prior to version 4.8.06.5 allows attacker to write the file without Samsung Flow permission. | ||||
| CVE-2022-28758 | 1 Zoom | 1 Zoom On-premise Meeting Connector Mmr | 2024-11-21 | 8.2 High |
| Zoom On-Premise Meeting Connector MMR before version 4.8.20220815.130 contains an improper access control vulnerability. As a result, a malicious actor could obtain the audio and video feed of a meeting they were not authorized to join and cause other meeting disruptions. | ||||
| CVE-2022-28754 | 1 Zoom | 1 Meeting Connector | 2024-11-21 | 7.1 High |
| Zoom On-Premise Meeting Connector MMR before version 4.8.129.20220714 contains an improper access control vulnerability. As a result, a malicious actor can join a meeting which they are authorized to join without appearing to the other participants, can admit themselves into the meeting from the waiting room, and can become host and cause other meeting disruptions. | ||||
| CVE-2022-28753 | 1 Zoom | 1 Meeting Connector | 2024-11-21 | 7.1 High |
| Zoom On-Premise Meeting Connector MMR before version 4.8.129.20220714 contains an improper access control vulnerability. As a result, a malicious actor can join a meeting which they are authorized to join without appearing to the other participants, can admit themselves into the meeting from the waiting room, and can become host and cause other meeting disruptions. | ||||
| CVE-2022-28749 | 1 Zoom | 1 On-premise Meeting Connector Multimedia Router | 2024-11-21 | 6.5 Medium |
| Zooms On-Premise Meeting Connector MMR before version 4.8.113.20220526 fails to properly check the permissions of a Zoom meeting attendee. As a result, a threat actor in the Zooms waiting room can join the meeting without the consent of the host. | ||||
| CVE-2022-28742 | 1 Aenrich | 1 A\+hrd | 2024-11-21 | 7.5 High |
| aEnrich eHRD Learning Management Key Performance Indicator System 5+ has Improper Access Control. The web application does not validate user session when accessing many application pages. This can allow an attacker to gain unauthenticated access to sensitive functionalities in the application | ||||
| CVE-2022-28718 | 1 Cybozu | 1 Garoon | 2024-11-21 | 4.3 Medium |
| Operation restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.5.1 allow a remote authenticated attacker to alter the data of Bulletin. | ||||
| CVE-2022-28704 | 1 Rakuten | 1 Casa | 2024-11-21 | 7.2 High |
| Improper access control vulnerability in Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 allows a remote attacker to log in with the root privilege and perform an arbitrary operation if the product is in its default settings in which is set to accept SSH connections from the WAN side, and is also connected to the Internet with the authentication information unchanged from the default settings. | ||||
| CVE-2022-28244 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-11-21 | 6.3 Medium |
| Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) is affected by a violation of secure design principles through bypassing the content security policy, which could result in an attacker sending arbitrarily configured requests to the cross-origin attack target domain. Exploitation requires user interaction in which the victim needs to access a crafted PDF file on an attacker's server. | ||||
| CVE-2022-28165 | 1 Broadcom | 1 Sannav | 2024-11-21 | 8.8 High |
| A vulnerability in the role-based access control (RBAC) functionality of the Brocade SANNav before 2.2.0 could allow an authenticated, remote attacker to access resources that they should not be able to access and perform actions that they should not be able to perform. The vulnerability exists because restrictions are not performed on Server side to ensure the user has required permission before processing requests. | ||||
| CVE-2022-28096 | 1 Skycaiji | 1 Skycaiji | 2024-11-21 | 7.2 High |
| Skycaiji v2.4 was discovered to contain a remote code execution (RCE) vulnerability via /SkycaijiApp/admin/controller/Develop.php. | ||||
| CVE-2022-28093 | 1 Online Sports Complex Booking System Project | 1 Online Sports Complex Booking System | 2024-11-21 | 9.8 Critical |
| SCBS Online Sports Venue Reservation System v1.0 was discovered to contain a local file inclusion vulnerability which allow attackers to execute arbitrary code via a crafted PHP file. | ||||
| CVE-2022-28067 | 1 Sandboxie | 1 Sandboxie | 2024-11-21 | 8.6 High |
| An incorrect access control issue in Sandboxie Classic v5.55.13 allows attackers to cause a Denial of Service (DoS) in the Sandbox via a crafted executable. | ||||
| CVE-2022-28054 | 2 Microsoft, Vandyke | 2 Windows, Vshell | 2024-11-21 | 9.8 Critical |
| Improper sanitization of trigger action scripts in VanDyke Software VShell for Windows v4.6.2 allows attackers to execute arbitrary code via a crafted value. | ||||
| CVE-2022-27838 | 1 Samsung | 1 Factorycamera | 2024-11-21 | 7.7 High |
| Improper access control vulnerability in FactoryCamera prior to version 2.1.96 allows attacker to access the file with system privilege. | ||||
| CVE-2022-27779 | 3 Haxx, Netapp, Splunk | 15 Curl, Clustered Data Ontap, H300s and 12 more | 2024-11-21 | 5.3 Medium |
| libcurl wrongly allows cookies to be set for Top Level Domains (TLDs) if thehost name is provided with a trailing dot.curl can be told to receive and send cookies. curl's "cookie engine" can bebuilt with or without [Public Suffix List](https://publicsuffix.org/)awareness. If PSL support not provided, a more rudimentary check exists to atleast prevent cookies from being set on TLDs. This check was broken if thehost name in the URL uses a trailing dot.This can allow arbitrary sites to set cookies that then would get sent to adifferent and unrelated site or domain. | ||||
| CVE-2022-27661 | 1 Cybozu | 1 Garoon | 2024-11-21 | 4.3 Medium |
| Operation restriction bypass vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Workflow. | ||||
| CVE-2022-27511 | 1 Citrix | 1 Application Delivery Management | 2024-11-21 | 8.1 High |
| Corruption of the system by a remote, unauthenticated user. The impact of this can include the reset of the administrator password at the next device reboot, allowing an attacker with ssh access to connect with the default administrator credentials after the device has rebooted. | ||||