CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 1 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2022-29973 770 +Info 2022-05-02 2022-05-11
1.9
None Local Medium Not required Partial None None
relan exFAT 1.3.0 allows local users to obtain sensitive information (data from deleted files in the filesystem) in certain situations involving offsets beyond ValidDataLength.
2 CVE-2022-29868 312 Bypass 2022-05-09 2022-05-18
2.1
None Local Low Not required Partial None None
1Password for Mac 7.2.4 through 7.9.x before 7.9.3 is vulnerable to a process validation bypass. Malicious software running on the same computer can exfiltrate secrets from 1Password provided that 1Password is running and is unlocked. Affected secrets include vault items and derived values used for signing in to 1Password.
3 CVE-2022-29816 74 2022-04-28 2022-05-05
2.1
None Local Low Not required None Partial None
In JetBrains IntelliJ IDEA before 2022.1 HTML injection into IDE messages was possible
4 CVE-2022-29812 2022-04-28 2022-05-05
2.1
None Local Low Not required None Partial None
In JetBrains IntelliJ IDEA before 2022.1 notification mechanisms about using Unicode directionality formatting characters were insufficient
5 CVE-2022-29810 532 2022-04-27 2022-05-10
2.1
None Local Low Not required Partial None None
The Hashicorp go-getter library before 1.5.11 does not redact an SSH key from a URL query parameter.
6 CVE-2022-29302 552 2022-05-12 2022-05-20
2.1
None Local Low Not required Partial None None
SolarView Compact ver.6.00 was discovered to contain a local file disclosure via /html/Solar_Ftp.php.
7 CVE-2022-29172 79 XSS 2022-05-05 2022-05-16
2.6
None Remote High Not required None Partial None
Auth0 is an authentication broker that supports both social and enterprise identity providers, including Active Directory, LDAP, Google Apps, and Salesforce. In versions before `11.33.0`, when the “additional signup fields� feature [is configured](https://github.com/auth0/lock#additional-sign-up-fields), a malicious actor can inject invalidated HTML code into these additional fields, which is then stored in the service `user_metdata` payload (using the `name` property). Verification emails, when applicable, are generated using this metadata. It is therefor possible for an actor to craft a malicious link by injecting HTML, which is then rendered as the recipient's name within the delivered email template. You are impacted by this vulnerability if you are using `auth0-lock` version `11.32.2` or lower and are using the “additional signup fields� feature in your application. Upgrade to version `11.33.0`.
8 CVE-2022-29140 2022-05-10 2022-05-23
2.1
None Local Low Not required Partial None None
Windows Print Spooler Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-29114.
9 CVE-2022-29134 2022-05-10 2022-05-23
2.1
None Local Low Not required Partial None None
Windows Clustered Shared Volume Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-29120, CVE-2022-29122, CVE-2022-29123.
10 CVE-2022-29127 Bypass 2022-05-10 2022-05-23
1.9
None Local Medium Not required Partial None None
BitLocker Security Feature Bypass Vulnerability.
11 CVE-2022-29123 668 2022-05-10 2022-05-23
2.1
None Local Low Not required Partial None None
Windows Clustered Shared Volume Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-29120, CVE-2022-29122, CVE-2022-29134.
12 CVE-2022-29122 668 2022-05-10 2022-05-23
2.1
None Local Low Not required Partial None None
Windows Clustered Shared Volume Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-29120, CVE-2022-29123, CVE-2022-29134.
13 CVE-2022-29114 863 2022-05-10 2022-05-23
2.1
None Local Low Not required Partial None None
Windows Print Spooler Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-29140.
14 CVE-2022-28793 754 2022-05-03 2022-05-11
2.1
None Local Low Not required None Partial None
Given the TEE is compromised and controlled by the attacker, improper state maintenance in StrongBox allows attackers to change Android ROT during device boot cycle after compromising TEE. The patch is applied in Galaxy S22 to prevent change of Android ROT after first initialization at boot time.
15 CVE-2022-28791 20 2022-05-03 2022-05-11
2.1
None Local Low Not required None Partial None
Improper input validation vulnerability in InstallAgent in Galaxy Store prior to version 4.5.41.8 allows attacker to overwrite files stored in a specific path. The patch adds proper protection to prevent overwrite to existing files.
16 CVE-2022-28790 287 2022-05-03 2022-05-11
2.1
None Local Low Not required None None Partial
Improper authentication in Link to Windows Service prior to version 2.3.04.1 allows attacker to lock the device. The patch adds proper caller signature check logic.
17 CVE-2022-28789 862 2022-05-03 2022-05-11
2.1
None Local Low Not required Partial None None
Unprotected activities in Voice Note prior to version 21.3.51.11 allows attackers to record voice without user interaction. The patch adds proper permission for vulnerable activities.
18 CVE-2022-28788 125 DoS 2022-05-03 2022-05-11
2.1
None Local Low Not required None None Partial
Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic.
19 CVE-2022-28787 125 DoS 2022-05-03 2022-05-11
2.1
None Local Low Not required None None Partial
Improper buffer size check logic in wmfextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic.
20 CVE-2022-28786 125 DoS 2022-05-03 2022-05-11
2.1
None Local Low Not required None None Partial
Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic.
21 CVE-2022-28785 125 DoS 2022-05-03 2022-05-11
2.1
None Local Low Not required None None Partial
Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic.
22 CVE-2022-28784 22 Dir. Trav. 2022-05-03 2022-05-11
2.1
None Local Low Not required Partial None None
Path traversal vulnerability in Galaxy Themes prior to SMR May-2022 Release 1 allows attackers to list file names in arbitrary directory as system user. The patch addresses incorrect implementation of file path validation check logic.
23 CVE-2022-28782 863 2022-05-03 2022-05-11
2.1
None Local Low Not required None Partial None
Improper access control vulnerability in Contents To Window prior to SMR May-2022 Release 1 allows physical attacker to install package before completion of Setup wizard. The patch blocks entry point of the vulnerability.
24 CVE-2022-28780 2022-05-03 2022-05-11
2.1
None Local Low Not required Partial None None
Improper access control vulnerability in Weather prior to SMR May-2022 Release 1 allows that attackers can access location information that set in Weather without permission. The patch adds proper protection to prevent access to location information.
25 CVE-2022-28778 863 2022-04-11 2022-04-19
2.1
None Local Low Not required None Partial None
Improper access control vulnerability in Samsung Security Supporter prior to version 1.2.40.0 allows attacker to set the arbitrary folder as Secret Folder without Samsung Security Supporter permission
26 CVE-2022-28777 863 2022-04-11 2022-04-19
2.1
None Local Low Not required None Partial None
Improper access control vulnerability in Samsung Members prior to version 13.6.08.5 allows local attacker to execute call function without CALL_PHONE permission.
27 CVE-2022-28775 863 2022-04-11 2022-04-21
2.1
None Local Low Not required None Partial None
Improper access control vulnerability in Samsung Flow prior to version 4.8.06.5 allows attacker to write the file without Samsung Flow permission.
28 CVE-2022-28774 863 2022-05-11 2022-05-19
1.9
None Local Medium Not required Partial None None
Under certain conditions, the SAP Host Agent logfile shows information which would otherwise be restricted.
29 CVE-2022-28651 522 2022-04-05 2022-04-18
2.1
None Local Low Not required Partial None None
In JetBrains IntelliJ IDEA before 2021.3.3 it was possible to get passwords from protected fields
30 CVE-2022-28543 22 Dir. Trav. 2022-04-11 2022-04-21
2.1
None Local Low Not required Partial None None
Path traversal vulnerability in Samsung Flow prior to version 4.8.07.4 allows local attackers to read arbitrary files as Samsung Flow permission.
31 CVE-2022-28542 863 2022-04-11 2022-04-21
2.1
None Local Low Not required Partial None None
Improper sanitization of incoming intent in Galaxy Store prior to version 4.5.40.5 allows local attackers to access privileged content providers as Galaxy Store permission.
32 CVE-2022-28218 276 2022-04-26 2022-05-06
2.1
None Local Low Not required Partial None None
An issue was discovered in CipherMail Webmail Messenger 1.1.1 through 4.1.4. A local attacker could access secret keys (found in a Roundcube configuration file) that are used to protect Webmail user passwords and two-factor authentication (2FA).
33 CVE-2022-28162 312 2022-05-09 2022-05-17
2.1
None Local Low Not required Partial None None
Brocade SANnav before version SANnav 2.2.0 logs the REST API Authentication token in plain text.
34 CVE-2022-28161 532 2022-05-09 2022-05-17
1.9
None Local Medium Not required Partial None None
An information exposure through log file vulnerability in Brocade SANNav versions before Brocade SANnav 2.2.0 could allow an authenticated, local attacker to view sensitive information such as ssh passwords in filetansfer.log in debug mode. To exploit this vulnerability, the attacker would need to have valid user credentials and turn on debug mode.
35 CVE-2022-27950 401 2022-03-28 2022-04-05
2.1
None Local Low Not required None None Partial
In drivers/hid/hid-elo.c in the Linux kernel before 5.16.11, a memory leak exists for a certain hid_parse error condition.
36 CVE-2022-27888 532 2022-04-26 2022-05-05
2.1
None Local Low Not required Partial None None
Foundry Issues service versions 2.244.0 to 2.249.0 was found to be logging in a manner that captured sensitive information (session tokens). This issue was fixed in 2.249.1.
37 CVE-2022-27841 755 2022-04-11 2022-04-19
1.9
None Local Medium Not required Partial None None
Improper exception handling in Samsung Pass prior to version 3.7.07.5 allows physical attacker to view the screen that is previously running without authentication
38 CVE-2022-27832 125 DoS 2022-04-11 2022-04-18
2.1
None Local Low Not required None None Partial
Improper boundary check in media.extractor library prior to SMR Apr-2022 Release 1 allows attackers to cause denial of service via a crafted media file.
39 CVE-2022-27822 668 2022-04-11 2022-04-18
2.1
None Local Low Not required Partial None None
Information exposure vulnerability in ril property setting prior to SMR April-2022 Release 1 allows access to EF_RUIMID value without permission.
40 CVE-2022-27814 668 2022-04-14 2022-04-21
2.1
None Local Low Not required Partial None None
SWHKD 1.1.5 allows arbitrary file-existence tests via the -c option.
41 CVE-2022-27636 532 2022-05-05 2022-05-13
2.1
None Local Low Not required Partial None None
On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as well as F5 BIG-IP APM Clients 7.x versions prior to 7.2.1.5, BIG-IP Edge Client may log sensitive APM session-related information when VPN is launched on a Windows system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
42 CVE-2022-27503 79 XSS 2022-04-13 2022-04-21
2.6
None Remote High Not required None Partial None
Cross-site Scripting (XSS) vulnerability in Citrix StoreFront affects version 1912 before CU5 and version 3.12 before CU9
43 CVE-2022-27254 294 2022-03-23 2022-03-31
2.9
None Local Network Medium Not required None Partial None
The remote keyless system on Honda Civic 2018 vehicles sends the same RF signal for each door-open request, which allows for a replay attack, a related issue to CVE-2019-20626.
44 CVE-2022-27195 532 2022-03-15 2022-03-23
2.1
None Local Low Not required Partial None None
Jenkins Parameterized Trigger Plugin 2.43 and earlier captures environment variables passed to builds triggered using Jenkins Parameterized Trigger Plugin, including password parameter values, in their `build.xml` files. These values are stored unencrypted and can be viewed by users with access to the Jenkins controller file system.
45 CVE-2022-27152 2022-04-08 2022-04-15
2.7
None Local Network Low ??? None Partial None
Roku devices running RokuOS v9.4.0 build 4200 or earlier that uses a Realtek WiFi chip is vulnerable to Arbitrary file modification.
46 CVE-2022-27049 2022-03-31 2022-04-08
1.9
None Local Medium Not required None Partial None
Raidrive before v2021.12.35 allows attackers to arbitrarily move log files by pre-creating a mountpoint and log files before Raidrive is installed.
47 CVE-2022-26966 +Info 2022-03-12 2022-04-27
2.1
None Local Low Not required Partial None None
An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to obtain sensitive information from heap memory via crafted frame lengths from a device.
48 CVE-2022-26930 2022-05-10 2022-05-19
2.1
None Local Low Not required Partial None None
Windows Remote Access Connection Manager Information Disclosure Vulnerability.
49 CVE-2022-26878 772 2022-03-11 2022-03-22
2.1
None Local Low Not required None None Partial
drivers/bluetooth/virtio_bt.c in the Linux kernel before 5.16.3 has a memory leak (socket buffers have memory allocated but not freed).
50 CVE-2022-26856 522 2022-04-21 2022-05-03
2.1
None Local Low Not required Partial None None
Dell EMC Repository Manager version 3.4.0 contains a plain-text password storage vulnerability. A local attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application's database with privileges of the compromised account.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.