‼ CVE-2022-30729 ‼
📖 Read
via "National Vulnerability Database".
Implicit Intent hijacking vulnerability in Settings prior to SMR Jun-2022 Release 1 allows attackers to get Wi-Fi SSID and password via a malicious QR code scanner.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30733 ‼
📖 Read
via "National Vulnerability Database".
Sensitive information exposure in Sign-in log in Samsung Account prior to version 13.2.00.6 allows attackers to get an user email or phone number without permission.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30715 ‼
📖 Read
via "National Vulnerability Database".
Improper access control vulnerability in DofViewer prior to SMR Jun-2022 Release 1 allows attackers to control floating system alert window.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30746 ‼
📖 Read
via "National Vulnerability Database".
Missing caller check in Smart Things prior to version 1.7.85.12 allows attacker to access senstive information remotely using javascript interface API.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30745 ‼
📖 Read
via "National Vulnerability Database".
Improper access control vulnerability in Quick Share prior to version 13.1.2.4 allows attacker to access internal files in Quick Share.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30749 ‼
📖 Read
via "National Vulnerability Database".
Improper access control vulnerability in Smart Things prior to 1.7.85.25 allows local attackers to add arbitrary smart devices by bypassing login activity.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30739 ‼
📖 Read
via "National Vulnerability Database".
Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get an user email or phone number with a normal level permission.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30726 ‼
📖 Read
via "National Vulnerability Database".
Unprotected component vulnerability in DeviceSearchTrampoline in SecSettingsIntelligence prior to SMR Jun-2022 Release 1 allows local attackers to launch activities of SecSettingsIntelligence.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30735 ‼
📖 Read
via "National Vulnerability Database".
Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get the access_token without permission.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30732 ‼
📖 Read
via "National Vulnerability Database".
Exposure of Sensitive Information vulnerability in Samsung Account prior to version 13.2.00.6 allows attacker to access sensitive information via onActivityResult.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30742 ‼
📖 Read
via "National Vulnerability Database".
Sensitive information exposure vulnerability in FmmExtraOperation of Find My Mobile prior to 7.2.24.12 allows local attackers with log access permissio to get sim card information through device log.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30736 ‼
📖 Read
via "National Vulnerability Database".
Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get the data of contact and gallery without permission.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30730 ‼
📖 Read
via "National Vulnerability Database".
Improper authorization in Samsung Pass prior to 1.0.00.33 allows physical attackers to acess account list without authentication.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30731 ‼
📖 Read
via "National Vulnerability Database".
Improper access control vulnerability in My Files prior to version 13.1.00.193 allows attackers to access arbitrary private files in My Files application.📖 Read
via "National Vulnerability Database".
👍2
‼ CVE-2022-2022 ‼
📖 Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository nocodb/nocodb prior to 0.91.7.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-31470 ‼
📖 Read
via "National Vulnerability Database".
An XSS vulnerability in the index_mobile_changepass.hsp reset-password section of Axigen Mobile WebMail before 10.2.3.12 and 10.3.x before 10.3.3.47 allows attackers to run arbitrary Javascript code that, using an active end-user session (for a logged-in user), can access and retrieve mailbox content.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29620 ‼
📖 Read
via "National Vulnerability Database".
** DISPUTED ** FileZilla v3.59.0 allows attackers to obtain cleartext passwords of connected SSH or FTP servers via a memory dump.- NOTE: the vendor does not consider this a vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30466 ‼
📖 Read
via "National Vulnerability Database".
joyebike Joy ebike Wolf Manufacturing year 2022 is vulnerable to Authentication Bypass by Capture-replay.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-35531 ‼
📖 Read
via "National Vulnerability Database".
Improper Input Validation vulnerability in a particular configuration setting field of Hitachi Energy TXpert Hub CoreTec 4 product, allows an attacker with access to an authorized user with ADMIN or ENGINEER role rights to inject an OS command that is executed by the system. This issue affects: Hitachi Energy TXpert Hub CoreTec 4 version 2.0.0; 2.0.1; 2.1.0; 2.1.1; 2.1.2; 2.1.3; 2.2.0; 2.2.1.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-35530 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the application authentication and authorization mechanism in Hitachi Energy's TXpert Hub CoreTec 4, that depends on a token validation of the session identifier, allows an unauthorized modified message to be executed in the server enabling an unauthorized actor to change an existing user password, and further gain authorized access into the system via login mechanism. This issue affects: Hitachi Energy TXpert Hub CoreTec 4 version 2.0.0 2.1.0; 2.1.0; 2.1.1; 2.1.2; 2.1.3; 2.2.0; 2.2.1.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-35532 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability exists in the file upload validation part of Hitachi Energy TXpert Hub CoreTec 4 product. The vulnerability allows an attacker or malicious agent who manages to gain access to the system and obtain an account with sufficient privilege to upload a malicious firmware to the product. This issue affects: Hitachi Energy TXpert Hub CoreTec 4 version 2.0.0; 2.0.1; 2.1.0; 2.1.1; 2.1.2; 2.1.3; 2.2.0; 2.2.1.📖 Read
via "National Vulnerability Database".