Vulnerabilities > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-10 | CVE-2022-24929 | Unspecified vulnerability in Google Android 10.0/11.0/12.0 Unprotected Activity in AppLock prior to SMR Mar-2022 Release 1 allows attacker to change the list of locked app without authentication. | 3.3 |
| 2022-03-10 | CVE-2022-24930 | Unspecified vulnerability in Samsung Wear OS 3.0 An Improper access control vulnerability in StRetailModeReceiver in Wear OS 3.0 prior to Firmware update MAR-2022 Release allows untrusted applications to reset default app settings without a proper permission | 3.3 |
| 2022-03-10 | CVE-2022-21170 | Improper Certificate Validation vulnerability in DAJ I-Filter and I-Filter Browser & Cloud Multiagent Improper check for certificate revocation in i-FILTER Ver.10.45R01 and earlier, i-FILTER Ver.9.50R10 and earlier, i-FILTER Browser & Cloud MultiAgent for Windows Ver.4.93R04 and earlier, and D-SPA (Ver.3 / Ver.4) using i-FILTER allows a remote unauthenticated attacker to conduct a man-in-the-middle attack and eavesdrop on an encrypted communication. | 3.7 |
| 2022-03-10 | CVE-2021-3981 | A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged users to read its content. | 3.3 |
| 2022-03-09 | CVE-2022-24744 | Unspecified vulnerability in Shopware Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. | 3.5 |
| 2022-03-08 | CVE-2021-41181 | Improper Authentication vulnerability in Nextcloud Talk Nextcloud talk is a self hosting messaging service. | 2.4 |
| 2022-03-02 | CVE-2021-3716 | A flaw was found in nbdkit due to to improperly caching plaintext state across the STARTTLS encryption boundary. | 3.1 |
| 2022-03-02 | CVE-2021-46270 | Unspecified vulnerability in Jfrog Artifactory JFrog Artifactory before 7.31.10, is vulnerable to Broken Access Control where a project admin user is able to list all available repository names due to insufficient permission validation. | 2.7 |
| 2022-02-21 | CVE-2021-25075 | Unspecified vulnerability in Wpdevart Duplicate Page or Post The Duplicate Page or Post WordPress plugin before 1.5.1 does not have any authorisation and has a flawed CSRF check in the wpdevart_duplicate_post_parametrs_save_in_db AJAX action, allowing any authenticated users, such as subscriber to call it and change the plugin's settings, or perform such attack via CSRF. | 3.5 |
| 2022-02-21 | CVE-2022-0279 | Unspecified vulnerability in Bologer Anycomment The AnyComment WordPress plugin before 0.2.18 is affected by a race condition when liking/disliking a comment/reply, which could allow any authenticated user to quickly raise their rating or lower the rating of other users | 3.1 |