Total
29527 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-25446 | 1 Samsung | 2 Smartthings, Smartthings Firmware | 2022-09-23 | 5.0 MEDIUM | 5.3 MEDIUM |
| Improper access control vulnerability in SmartThings prior to version 1.7.67.25 allows untrusted applications to cause arbitrary webpage loading in webview. | |||||
| CVE-2021-25448 | 1 Samsung | 1 Smart Touch Call | 2022-09-23 | 5.0 MEDIUM | 5.3 MEDIUM |
| Improper access control vulnerability in Smart Touch Call prior to version 1.0.0.5 allows arbitrary webpage loading in webview. | |||||
| CVE-2021-25460 | 1 Google | 1 Android | 2022-09-23 | 2.1 LOW | 5.5 MEDIUM |
| An improper access control vulnerability in sspExit() in BlockchainTZService prior to SMR Sep-2021 Release 1 allows attackers to terminate BlockchainTZService. | |||||
| CVE-2022-40428 | 1 D8s-mpeg Project | 1 D8s Mpeg | 2022-09-21 | N/A | 9.8 CRITICAL |
| The d8s-mpeg for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0. | |||||
| CVE-2022-40429 | 1 D8s-ip-addresses Project | 1 D8s-ip-addresses | 2022-09-21 | N/A | 9.8 CRITICAL |
| The d8s-ip-addresses for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0. | |||||
| CVE-2022-40425 | 1 D8s-html Project | 1 D8s-html | 2022-09-21 | N/A | 9.8 CRITICAL |
| The d8s-html for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0. | |||||
| CVE-2022-40426 | 1 D8s-asns Project | 1 D8s-asns | 2022-09-21 | N/A | 9.8 CRITICAL |
| The d8s-asns for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0. | |||||
| CVE-2022-40809 | 1 Democritus Dicts Project | 1 Democritus Dicts | 2022-09-21 | N/A | 9.8 CRITICAL |
| The d8s-dicts for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0 | |||||
| CVE-2022-40430 | 1 D8s-utility Project | 1 D8s-utility | 2022-09-21 | N/A | 9.8 CRITICAL |
| The d8s-utility for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0. | |||||
| CVE-2022-40810 | 1 Democritus Ip Addresses Project | 1 Democritus Ip Addresses | 2022-09-21 | N/A | 9.8 CRITICAL |
| The d8s-ip-addresses for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0 | |||||
| CVE-2022-40812 | 1 Democritus Pdfs Project | 1 Democritus Pdfs | 2022-09-21 | N/A | 9.8 CRITICAL |
| The d8s-pdfs for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0. | |||||
| CVE-2022-36865 | 2 Google, Samsung | 2 Android, Group Sharing | 2022-09-21 | N/A | 3.3 LOW |
| Improper access control in Group Sharing prior to versions 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below allows attackers to access device information. | |||||
| CVE-2022-36851 | 1 Samsung | 1 Samsung Pass | 2022-09-21 | N/A | 4.6 MEDIUM |
| Improper access control vulnerability in Samsung pass prior to version 4.0.03.1 allow physical attackers to access data of Samsung pass on a certain state of an unlocked device. | |||||
| CVE-2022-36864 | 1 Samsung | 1 Samsung Email | 2022-09-21 | N/A | 7.8 HIGH |
| Improper access control and intent redirection in Samsung Email prior to 6.1.70.20 allows attacker to access specific formatted file and execute privileged behavior. | |||||
| CVE-2022-36866 | 2 Google, Samsung | 2 Android, Group Sharing | 2022-09-21 | N/A | 3.3 LOW |
| Improper access control vulnerability in Broadcaster in Group Sharing prior to versions 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below allows attackers to identify the device. | |||||
| CVE-2022-23768 | 1 Neoinfosys | 2 Nis-hap11ac, Nis-hap11ac Firmware | 2022-09-21 | N/A | 9.8 CRITICAL |
| This Vulnerability in NIS-HAP11AC is caused by an exposed external port for the telnet service. Remote attackers use this vulnerability to induce all attacks such as source code hijacking, remote control of the device. | |||||
| CVE-2022-28758 | 1 Zoom | 1 Zoom On-premise Meeting Connector Mmr | 2022-09-21 | N/A | 8.2 HIGH |
| Zoom On-Premise Meeting Connector MMR before version 4.8.20220815.130 contains an improper access control vulnerability. As a result, a malicious actor could obtain the audio and video feed of a meeting they were not authorized to join and cause other meeting disruptions. | |||||
| CVE-2022-39217 | 1 Ghas-to-csv Project | 1 Ghas-to-csv | 2022-09-21 | N/A | 9.8 CRITICAL |
| some-natalie/ghas-to-csv (GitHub Advanced Security to CSV) is a GitHub action which scrapes the GitHub Advanced Security API and shoves it into a CSV. In affected versions this GitHub Action creates a CSV file without sanitizing the output of the APIs. If an alert is dismissed or any other custom field contains executable code / formulas, it might be run when an endpoint opens that CSV file in a spreadsheet program. This issue has been addressed in version `v1`. Users are advised to use `v1` or later. There are no known workarounds for this issue. | |||||
| CVE-2022-40811 | 1 Democritus Urls Project | 1 Democritus Urls | 2022-09-21 | N/A | 9.8 CRITICAL |
| The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0. | |||||
| CVE-2022-40808 | 1 Democritus Dates Project | 1 Democritus Dates | 2022-09-21 | N/A | 9.8 CRITICAL |
| The d8s-dates for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0 | |||||