Total
32771 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-36872 | 1 Samsung | 2 Samsung Pay, Samsung Pay Kr | 2024-11-21 | N/A | 5.0 MEDIUM |
| Pending Intent hijacking vulnerability in SpayNotification in Samsung Pay prior to version 5.0.63 for KR and 5.1.47 for Global allows attackers to access files without permission via implicit Intent. | |||||
| CVE-2022-36871 | 1 Samsung | 2 Samsung Pay, Samsung Pay Kr | 2024-11-21 | N/A | 5.0 MEDIUM |
| Pending Intent hijacking vulnerability in NotiCenterUtils in Samsung Pay prior to version 5.0.63 for KR and 5.1.47 for Global allows attackers to access files without permission via implicit Intent. | |||||
| CVE-2022-36870 | 1 Samsung | 2 Samsung Pay, Samsung Pay Kr | 2024-11-21 | N/A | 5.0 MEDIUM |
| Pending Intent hijacking vulnerability in MTransferNotificationManager in Samsung Pay prior to version 5.0.63 for KR and 5.1.47 for Global allows attackers to access files without permission via implicit Intent. | |||||
| CVE-2022-36853 | 1 Google | 1 Android | 2024-11-21 | N/A | 3.3 LOW |
| Intent redirection in Photo Editor prior to SMR Sep-2022 Release 1 allows attacker to get sensitive information. | |||||
| CVE-2022-36838 | 1 Samsung | 1 Galaxy Wearable | 2024-11-21 | N/A | 4.0 MEDIUM |
| Implicit Intent hijacking vulnerability in Galaxy Wearable prior to version 2.2.50 allows attacker to get sensitive information. | |||||
| CVE-2022-36837 | 1 Samsung | 1 Samsung Email | 2024-11-21 | N/A | 6.2 MEDIUM |
| Intent redirection vulnerability using implicit intent in Samsung email prior to version 6.1.70.20 allows attacker to get sensitive information. | |||||
| CVE-2022-36835 | 1 Samsung | 1 Samsung Internet Browser | 2024-11-21 | N/A | 3.3 LOW |
| Implicit Intent hijacking vulnerability in Samsung Internet Browser prior to version 17.0.7.34 allows attackers to access arbitrary files. | |||||
| CVE-2022-36800 | 1 Atlassian | 1 Jira Service Management | 2024-11-21 | N/A | 4.3 MEDIUM |
| Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers without the "Browse Users" permission to view groups via an Information Disclosure vulnerability in the browsegroups.action endpoint. The affected versions are before version 4.22.2. | |||||
| CVE-2022-36793 | 1 Wp-shop | 1 Wp Shop | 2024-11-21 | N/A | 6.5 MEDIUM |
| Unauthenticated Plugin Settings Change & Data Deletion vulnerabilities in WP Shop plugin <= 3.9.6 at WordPress. | |||||
| CVE-2022-36782 | 1 Pal-es | 1 Palgate | 2024-11-21 | N/A | 5.9 MEDIUM |
| Pal Electronics Systems - Pal Gate Authorization Errors. The vulnerability is an authorization problem in PalGate device management android client app. Gates of bulidings and parking lots with a simple button in any smartphone. The API was found after a decompiling and static research using Jadx, and a dynamic analasys using Frida. The attacker can iterate over all the IOT devices to see every entry and exit, on every gate and device all over the world, he can also scrape the server and create a user's DB with full names and phone number of over 2.8 million users, and to see all of the users' movement in and out of gates, even in real time. | |||||
| CVE-2022-36777 | 1 Ibm | 2 Cloud Pak For Security, Qradar Suite | 2024-11-21 | N/A | 4.3 MEDIUM |
| IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.16.0could allow an authenticated user to obtain sensitive version information that could aid in further attacks against the system. IBM X-Force ID: 233665. | |||||
| CVE-2022-36774 | 2 Ibm, Microsoft | 4 Robotic Process Automation, Robotic Process Automation As A Service, Robotic Process Automation For Cloud Pak and 1 more | 2024-11-21 | N/A | 5.3 MEDIUM |
| IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to man in the middle attacks through manipulation of the client proxy configuration. IBM X-Force ID: 233575. | |||||
| CVE-2022-36772 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2024-11-21 | N/A | 6.5 MEDIUM |
| IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information that should only be available to a privileged user. | |||||
| CVE-2022-36768 | 1 Ibm | 2 Aix, Vios | 2024-11-21 | N/A | 7.8 HIGH |
| IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the invscout command to obtain root privileges. IBM X-Force ID: 232014. | |||||
| CVE-2022-36602 | 1 Innosilicon | 2 A10, A10 Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| InnoSilicon A10 a10_20200924_120556 was discovered to contain a remote code execution (RCE) vulnerability in the setPlatformAPI function. | |||||
| CVE-2022-36572 | 1 Sinsiu | 1 Enterprise Website System | 2024-11-21 | N/A | 9.8 CRITICAL |
| Sinsiu Sinsiu Enterprise Website System v1.1.1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /upload/admin.php?/deal/. | |||||
| CVE-2022-36561 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | N/A | 5.5 MEDIUM |
| XPDF v4.0.4 was discovered to contain a segmentation violation via the component /xpdf/AcroForm.cc:538. | |||||
| CVE-2022-36534 | 2 Linux, Syncovery | 2 Linux Kernel, Syncovery | 2024-11-21 | N/A | 8.8 HIGH |
| Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x and below was discovered to contain multiple remote code execution (RCE) vulnerabilities via the Job_ExecuteBefore and Job_ExecuteAfter parameters at post_profilesettings.php. | |||||
| CVE-2022-36532 | 1 Bolt | 1 Bolt Cms | 2024-11-21 | N/A | 8.8 HIGH |
| Bolt CMS contains a vulnerability in version 5.1.12 and below that allows an authenticated user with the ROLE_EDITOR privileges to upload and rename a malicious file to achieve remote code execution. | |||||
| CVE-2022-36526 | 1 Dlink | 2 Go-rt-ac750, Go-rt-ac750 Firmware | 2024-11-21 | N/A | 7.5 HIGH |
| D-Link GO-RT-AC750 GORTAC750_revA_v101b03 & GO-RT-AC750_revB_FWv200b02 is vulnerable to Authentication Bypass via function phpcgi_main in cgibin. | |||||