Total
1299 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-25899 | 1 Intel | 1 Open Active Management Technology Cloud Toolkit | 2022-08-22 | N/A | 9.8 CRITICAL |
| Authentication bypass for the Open AMT Cloud Toolkit software maintained by Intel(R) before versions 2.0.2 and 2.2.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | |||||
| CVE-2021-37409 | 1 Intel | 26 Killer Ac 1550, Killer Ac 1550 Firmware, Killer Wi-fi 6 Ax1650 and 23 more | 2022-08-22 | N/A | 7.8 HIGH |
| Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-21140 | 1 Intel | 36 Dual Band Wireless-ac 3165, Dual Band Wireless-ac 3165 Firmware, Dual Band Wireless-ac 3168 and 33 more | 2022-08-20 | N/A | 5.5 MEDIUM |
| Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow a privileged user to potentially enable information disclosure via local access. | |||||
| CVE-2021-23188 | 1 Intel | 36 Dual Band Wireless-ac 3165, Dual Band Wireless-ac 3165 Firmware, Dual Band Wireless-ac 3168 and 33 more | 2022-08-19 | N/A | 3.3 LOW |
| Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2022-21812 | 1 Intel | 1 Hardware Accelerated Execution Manager | 2022-08-19 | N/A | 7.8 HIGH |
| Improper access control in the Intel(R) HAXM software before version 7.7.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-23182 | 1 Intel | 1 Data Center Manager | 2022-08-19 | N/A | 8.8 HIGH |
| Improper access control in the Intel(R) Data Center Manager software before version 4.1 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. | |||||
| CVE-2022-23033 | 3 Debian, Fedoraproject, Xen | 3 Debian Linux, Fedora, Xen | 2022-08-19 | 4.6 MEDIUM | 7.8 HIGH |
| arm: guest_physmap_remove_page not removing the p2m mappings The functions to remove one or more entries from a guest p2m pagetable on Arm (p2m_remove_mapping, guest_physmap_remove_page, and p2m_set_entry with mfn set to INVALID_MFN) do not actually clear the pagetable entry if the entry doesn't have the valid bit set. It is possible to have a valid pagetable entry without the valid bit set when a guest operating system uses set/way cache maintenance instructions. For instance, a guest issuing a set/way cache maintenance instruction, then calling the XENMEM_decrease_reservation hypercall to give back memory pages to Xen, might be able to retain access to those pages even after Xen started reusing them for other purposes. | |||||
| CVE-2022-28753 | 1 Zoom | 1 Meeting Connector | 2022-08-18 | N/A | 5.4 MEDIUM |
| Zoom On-Premise Meeting Connector MMR before version 4.8.129.20220714 contains an improper access control vulnerability. As a result, a malicious actor can join a meeting which they are authorized to join without appearing to the other participants, can admit themselves into the meeting from the waiting room, and can become host and cause other meeting disruptions. | |||||
| CVE-2022-28754 | 1 Zoom | 1 Meeting Connector | 2022-08-18 | N/A | 5.4 MEDIUM |
| Zoom On-Premise Meeting Connector MMR before version 4.8.129.20220714 contains an improper access control vulnerability. As a result, a malicious actor can join a meeting which they are authorized to join without appearing to the other participants, can admit themselves into the meeting from the waiting room, and can become host and cause other meeting disruptions. | |||||
| CVE-2022-20326 | 1 Google | 1 Android | 2022-08-18 | N/A | 5.5 MEDIUM |
| In Telephony, there is a possible disclosure of SIM identifiers due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-185235527 | |||||
| CVE-2022-20323 | 1 Google | 1 Android | 2022-08-18 | N/A | 5.5 MEDIUM |
| In PackageManager, there is a possible package installation disclosure due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-187176203 | |||||
| CVE-2022-20321 | 1 Google | 1 Android | 2022-08-18 | N/A | 3.3 LOW |
| In Settings, there is a possible way for an application without permissions to read content of WiFi QR codes due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-187176859 | |||||
| CVE-2022-2661 | 1 Sequi | 2 Portbloque S, Portbloque S Firmware | 2022-08-17 | N/A | 8.8 HIGH |
| Sequi PortBloque S has an improper authorization vulnerability, which may allow a low-privileged user to perform administrative functions using specifically crafted requests. | |||||
| CVE-2022-31675 | 1 Vmware | 1 Vrealize Operations | 2022-08-15 | N/A | 7.5 HIGH |
| VMware vRealize Operations contains an authentication bypass vulnerability. An unauthenticated malicious actor with network access may be able to create a user with administrative privileges. | |||||
| CVE-2022-37002 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2022-08-15 | N/A | 9.8 CRITICAL |
| The SystemUI module has a privilege escalation vulnerability. Successful exploitation of this vulnerability can cause malicious applications to pop up windows or run in the background. | |||||
| CVE-2021-39138 | 1 Parseplatform | 1 Parse-server | 2022-08-12 | 6.4 MEDIUM | 6.5 MEDIUM |
| Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Developers can use the REST API to signup users and also allow users to login anonymously. Prior to version 4.5.1, when an anonymous user is first signed up using REST, the server creates session incorrectly. Particularly, the `authProvider` field in `_Session` class under `createdWith` shows the user logged in creating a password. If a developer later depends on the `createdWith` field to provide a different level of access between a password user and anonymous user, the server incorrectly classified the session type as being created with a `password`. The server does not currently use `createdWith` to make decisions about internal functions, so if a developer is not using `createdWith` directly, they are not affected. The vulnerability only affects users who depend on `createdWith` by using it directly. The issue is patched in Parse Server version 4.5.1. As a workaround, do not use the `createdWith` Session field to make decisions if one allows anonymous login. | |||||
| CVE-2021-41093 | 1 Wire | 1 Wire | 2022-08-12 | 7.5 HIGH | 9.8 CRITICAL |
| Wire is an open source secure messenger. In affected versions if the an attacker gets an old but valid access token they can take over an account by changing the email. This issue has been resolved in version 3.86 which uses a new endpoint which additionally requires an authentication cookie. See wire-ios-sync-engine and wire-ios-transport references. This is the root advisory that pulls the changes together. | |||||
| CVE-2022-35489 | 1 Zammad | 1 Zammad | 2022-08-12 | N/A | 6.5 MEDIUM |
| In Zammad 5.2.0, customers who have secondary organizations assigned were able to see all organizations of the system rather than only those to which they are assigned. | |||||
| CVE-2022-35487 | 1 Zammad | 1 Zammad | 2022-08-12 | N/A | 7.5 HIGH |
| Zammad 5.2.0 suffers from Incorrect Access Control. Zammad did not correctly perform authorization on certain attachment endpoints. This could be abused by an unauthenticated attacker to gain access to attachments, such as emails or attached files. | |||||
| CVE-2022-2326 | 1 Gitlab | 1 Gitlab | 2022-08-11 | N/A | 8.1 HIGH |
| An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible to gain access to a private project through an email invite by using other user's email address as an unverified secondary email. | |||||