Total
9641 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-30741 | 1 Samsung | 1 Find My Mobile | 2024-11-21 | 3.3 Low |
| Sensitive information exposure vulnerability in SimChangeAlertManger of Find My Mobile prior to 7.2.24.12 allows local attackers with log access permission to get sim card information through device log. | ||||
| CVE-2022-30740 | 1 Samsung | 1 Internet | 2024-11-21 | 4.1 Medium |
| Improper auto-fill algorithm in Samsung Internet prior to version 17.0.1.69 allows physical attackers to guess stored credit card numbers. | ||||
| CVE-2022-30737 | 1 Samsung | 1 Account | 2024-11-21 | 4 Medium |
| Implicit Intent hijacking vulnerability in Samsung Account prior to version 13.2.00.6 allows attackers to get email ID. | ||||
| CVE-2022-30736 | 1 Samsung | 1 Account | 2024-11-21 | 5.3 Medium |
| Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get the data of contact and gallery without permission. | ||||
| CVE-2022-30735 | 1 Samsung | 1 Account | 2024-11-21 | 5.9 Medium |
| Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get the access_token without permission. | ||||
| CVE-2022-30734 | 1 Samsung | 1 Account | 2024-11-21 | 4 Medium |
| Sensitive information exposure in Sign-out log in Samsung Account prior to version 13.2.00.6 allows attackers to get an user email or phone number without permission. | ||||
| CVE-2022-30733 | 1 Samsung | 1 Account | 2024-11-21 | 4 Medium |
| Sensitive information exposure in Sign-in log in Samsung Account prior to version 13.2.00.6 allows attackers to get an user email or phone number without permission. | ||||
| CVE-2022-30732 | 1 Samsung | 1 Account | 2024-11-21 | 5.5 Medium |
| Exposure of Sensitive Information vulnerability in Samsung Account prior to version 13.2.00.6 allows attacker to access sensitive information via onActivityResult. | ||||
| CVE-2022-30693 | 1 Cybozu | 1 Office | 2024-11-21 | 5.3 Medium |
| Information disclosure vulnerability in the system configuration of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to obtain the data of the product via unspecified vectors. | ||||
| CVE-2022-30625 | 1 Chcnav | 2 P5e Gnss, P5e Gnss Firmware | 2024-11-21 | 5.7 Medium |
| Directory listing is a web server function that displays the directory contents when there is no index file in a specific website directory. A directory listing provides an attacker with the complete index of all the resources located inside of the directory. The specific risks and consequences vary depending on which files are listed and accessible. | ||||
| CVE-2022-30607 | 2 Ibm, Microsoft | 2 Robotic Process Automation, Windows | 2024-11-21 | 6.5 Medium |
| IBM Robotic Process Automation 20.10.0, 20.12.5, 21.0.0, 21.0.1, and 21.0.2 contains a vulnerability that could allow a user to obtain sensitive information due to information properly masked in the control center UI. IBM X-Force ID: 227294. | ||||
| CVE-2022-30598 | 3 Fedoraproject, Moodle, Redhat | 3 Fedora, Moodle, Enterprise Linux | 2024-11-21 | 4.3 Medium |
| A flaw was found in moodle where global search results could include author information on some activities where a user may not otherwise have access to it. | ||||
| CVE-2022-30586 | 1 Gradle | 1 Gradle | 2024-11-21 | 7.2 High |
| Gradle Enterprise through 2022.2.2 has Incorrect Access Control that leads to code execution. | ||||
| CVE-2022-30334 | 1 Brave | 1 Brave | 2024-11-21 | 5.3 Medium |
| Brave before 1.34, when a Private Window with Tor Connectivity is used, leaks .onion URLs in Referer and Origin headers. NOTE: although this was fixed by Brave, the Brave documentation still advises "Note that Private Windows with Tor Connectivity in Brave are just regular private windows that use Tor as a proxy. Brave does NOT implement most of the privacy protections from Tor Browser." | ||||
| CVE-2022-2806 | 3 Ovirt, Redhat, Sos Project | 3 Log Collector, Rhev Manager, Sos | 2024-11-21 | 5.5 Medium |
| It was found that the ovirt-log-collector/sosreport collects the RHV admin password unfiltered. Fixed in: sos-4.2-20.el8_6, ovirt-log-collector-4.4.7-2.el8ev | ||||
| CVE-2022-2739 | 2 Podman Project, Redhat | 4 Podman, Enterprise Linux Server, Enterprise Linux Workstation and 1 more | 2024-11-21 | 5.3 Medium |
| The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-14370, which was previously fixed via RHSA-2020:5056. This issue could possibly allow an attacker to gain access to sensitive information stored in environment variables. | ||||
| CVE-2022-2558 | 1 Presstigers | 1 Simple Job Board | 2024-11-21 | 5.3 Medium |
| The Simple Job Board WordPress plugin before 2.10.0 is susceptible to Directory Listing which allows the public listing of uploaded resumes in certain configurations. | ||||
| CVE-2022-2462 | 1 Transposh | 1 Transposh Wordpress Translation | 2024-11-21 | 5.3 Medium |
| The Transposh WordPress Translation plugin for WordPress is vulnerable to sensitive information disclosure to unauthenticated users in versions up to, and including, 1.0.8.1. This is due to insufficient permissions checking on the 'tp_history' AJAX action and insufficient restriction on the data returned in the response. This makes it possible for unauthenticated users to exfiltrate usernames of individuals who have translated text. | ||||
| CVE-2022-2394 | 1 Perforce | 1 Puppet Bolt | 2024-11-21 | 4.1 Medium |
| Puppet Bolt prior to version 3.24.0 will print sensitive parameters when planning a run resulting in them potentially being logged when run programmatically, such as via Puppet Enterprise. | ||||
| CVE-2022-2308 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 6.5 Medium |
| A flaw was found in vDPA with VDUSE backend. There are currently no checks in VDUSE kernel driver to ensure the size of the device config space is in line with the features advertised by the VDUSE userspace application. In case of a mismatch, Virtio drivers config read helpers do not initialize the memory indirectly passed to vduse_vdpa_get_config() returning uninitialized memory from the stack. This could cause undefined behavior or data leaks in Virtio drivers. | ||||