Filtered by CWE-668
Total 653 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-30734 1 Samsung 1 Account 2024-11-21 4 Medium
Sensitive information exposure in Sign-out log in Samsung Account prior to version 13.2.00.6 allows attackers to get an user email or phone number without permission.
CVE-2022-30732 1 Samsung 1 Account 2024-11-21 5.5 Medium
Exposure of Sensitive Information vulnerability in Samsung Account prior to version 13.2.00.6 allows attacker to access sensitive information via onActivityResult.
CVE-2022-30728 1 Google 1 Android 2024-11-21 1.9 Low
Information exposure vulnerability in ScanPool prior to SMR Jun-2022 Release 1 allows local attackers to get MAC address information.
CVE-2022-30714 1 Google 1 Android 2024-11-21 1.9 Low
Information exposure vulnerability in SemIWCMonitor prior to SMR Jun-2022 Release 1 allows local attackers to get MAC address information.
CVE-2022-2610 2 Fedoraproject, Google 2 Fedora, Chrome 2024-11-21 6.5 Medium
Insufficient policy enforcement in Background Fetch in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2022-2403 1 Redhat 1 Openshift 2024-11-21 6.5 Medium
A credentials leak was found in the OpenShift Container Platform. The private key for the external cluster certificate was stored incorrectly in the oauth-serving-cert ConfigMaps, and accessible to any authenticated OpenShift user or service-account. A malicious user could exploit this flaw by reading the oauth-serving-cert ConfigMap in the openshift-config-managed namespace, compromising any web traffic secured using that certificate.
CVE-2022-29901 6 Debian, Fedoraproject, Intel and 3 more 258 Debian Linux, Fedora, Core I3-6100 and 255 more 2024-11-21 5.6 Medium
Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions.
CVE-2022-29850 1 Lexmark 234 B2236, B2236 Firmware, B2338 and 231 more 2024-11-21 8.1 High
Various Lexmark products through 2022-04-27 allow an attacker who has already compromised an affected Lexmark device to maintain persistence across reboots.
CVE-2022-29820 1 Jetbrains 1 Pycharm 2024-11-21 3 Low
In JetBrains PyCharm before 2022.1 exposure of the debugger port to the internal network was possible
CVE-2022-29646 1 Totolink 2 A3100r, A3100r Firmware 2024-11-21 5.3 Medium
An access control issue in TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 allows attackers to obtain sensitive information via a crafted web request.
CVE-2022-28924 1 Universis 1 Universis-students 2024-11-21 6.5 Medium
An information disclosure vulnerability in UniverSIS-Students before v1.5.0 allows attackers to obtain sensitive information via a crafted GET request to the endpoint /api/students/me/courses/.
CVE-2022-28794 1 Google 1 Android 2024-11-21 2.2 Low
Sensitive information exposure in low-battery dumpstate log prior to SMR Jun-2022 Release 1 allows local attackers to get SIM card information.
CVE-2022-28226 2 Microsoft, Yandex 2 Windows, Yandex Browser 2024-11-21 7.8 High
Local privilege vulnerability in Yandex Browser for Windows prior to 22.3.3.801 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating temporary files in directory with insecure permissions during Yandex Browser update process.
CVE-2022-28160 1 Jenkins 1 Tests Selector 2024-11-21 6.5 Medium
Jenkins Tests Selector Plugin 1.3.3 and earlier allows users with Item/Configure permission to read arbitrary files on the Jenkins controller.
CVE-2022-27822 1 Google 1 Android 2024-11-21 6.6 Medium
Information exposure vulnerability in ril property setting prior to SMR April-2022 Release 1 allows access to EF_RUIMID value without permission.
CVE-2022-27818 1 Waycrate 1 Swhkd 2024-11-21 9.1 Critical
SWHKD 1.1.5 unsafely uses the /tmp/swhkd.sock pathname. There can be an information leak or denial of service.
CVE-2022-27817 1 Waycrate 1 Swhkd 2024-11-21 4.4 Medium
SWHKD 1.1.5 consumes the keyboard events of unintended users. This could potentially cause an information leak, but is usually a denial of functionality.
CVE-2022-27772 1 Vmware 1 Spring Boot 2024-11-21 7.8 High
spring-boot versions prior to version v2.2.11.RELEASE was vulnerable to temporary directory hijacking. This vulnerability impacted the org.springframework.boot.web.server.AbstractConfigurableWebServerFactory.createTempDir method. NOTE: This vulnerability only affects products and/or versions that are no longer supported by the maintainer
CVE-2022-27576 1 Google 1 Android 2024-11-21 3.3 Low
Information exposure vulnerability in Samsung DeX Home prior to SMR April-2022 Release 1 allows to access currently launched foreground app information without permission
CVE-2022-27331 1 Zammad 1 Zammad 2024-11-21 4.3 Medium
An access control issue in Zammad v5.0.3 broadcasts administrative configuration changes to all users who have an active application instance, including settings that should only be visible to authenticated users.