Protection Mechanism Failure

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

CVEs (508)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-0131 1Google 1Chrome Mar 20, 2025 Jan 10, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Inappropriate implementation in in iframe Sandbox in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to bypass file download restrictions via a crafted HTML page. (Chromium security severity: Medium)
CVE-2022-46762 1Huawei 2Emui Harmonyos Apr 9, 2025 Jan 6, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 The memory management module has a logic bypass vulnerability.Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2022-47544 1Siren 1Investigate Apr 10, 2025 Jan 5, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue was discovered in Siren Investigate before 12.1.7. Script variable whitelisting is insufficiently sandboxed.
CVE-2022-26384 1Mozilla 3Firefox Firefox EsrThunderbird Apr 16, 2025 Dec 22, 2022 N/A· v4 9.6 CRITICAL· v3 N/A· v2 If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in...Show more If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.Show less
CVE-2022-22761 1Mozilla 3Firefox Firefox EsrThunderbird Apr 16, 2025 Dec 22, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Web-accessible extension pages (pages with a moz-extension:// scheme) were not correctly enforcing the frame-ancestors directive when it was used in the Web Extension's Content Security Policy. This vulnerability affects...Show more Web-accessible extension pages (pages with a moz-extension:// scheme) were not correctly enforcing the frame-ancestors directive when it was used in the Web Extension's Content Security Policy. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.Show less
CVE-2022-22759 1Mozilla 3Firefox Firefox EsrThunderbird Apr 16, 2025 Dec 22, 2022 N/A· v4 9.6 CRITICAL· v3 N/A· v2 If a document created a sandboxed iframe without <code>allow-scripts</code>, and subsequently appended an element to the iframe's document that e.g. had a JavaScript event handler - the event handler would have run despi...Show more If a document created a sandboxed iframe without <code>allow-scripts</code>, and subsequently appended an element to the iframe's document that e.g. had a JavaScript event handler - the event handler would have run despite the iframe's sandbox. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.Show less
CVE-2022-20562 1Google 1Android Apr 21, 2025 Dec 16, 2022 N/A· v4 3.3 LOW· v3 N/A· v2 In various functions of ap_input_processor.c, there is a possible way to record audio during a phone call due to a logic error in the code. This could lead to local information disclosure with User execution privileges n...Show more In various functions of ap_input_processor.c, there is a possible way to record audio during a phone call due to a logic error in the code. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-231630423References: N/AShow less
CVE-2022-46698 1Apple 7Icloud IpadosIphone Os+4 more Apr 21, 2025 Dec 15, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A logic issue was addressed with improved checks. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud for Windows 14.1, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web cont...Show more A logic issue was addressed with improved checks. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud for Windows 14.1, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may disclose sensitive user information.Show less
CVE-2022-42848 1Apple 3Ipados Iphone OsTvos Apr 21, 2025 Dec 15, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 A logic issue was addressed with improved checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, iOS 15.7.2 and iPadOS 15.7.2, tvOS 16.2. An app may be able to execute arbitrary code with kernel privileges.
CVE-2022-42821 1Apple 1Macos Apr 21, 2025 Dec 15, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 A logic issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.2, macOS Big Sur 11.7.2, macOS Ventura 13. An app may bypass Gatekeeper checks.
CVE-2022-32537 1Medtronic 28Guardian Link 2 Transmitter Mmt 7730 Firmware Guardian Link 2 Transmitter Mmt 7731 FirmwareGuardian Link 2 Transmitter Mmt 7738 Firmware+25 more May 7, 2026 Dec 12, 2022 N/A· v4 4.8 MEDIUM· v3 N/A· v2 A vulnerability exists which could allow an unauthorized user to learn aspects of the communication protocol used to pair system components while the pump is being paired with other system components. Exploitation requir...Show more A vulnerability exists which could allow an unauthorized user to learn aspects of the communication protocol used to pair system components while the pump is being paired with other system components. Exploitation requires nearby wireless signal proximity with the patient and the device; advanced technical knowledge is required for exploitation. Please refer to the Medtronic Product Security Bulletin for guidanceShow less
CVE-2021-31608 1Proofpoint 1Enterprise Protection Apr 30, 2025 Nov 17, 2022 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Proofpoint Enterprise Protection before 18.8.0 allows a Bypass of a Security Control.
CVE-2022-33942 1Intel 1Data Center Manager Feb 5, 2025 Nov 11, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Protection mechanism failure in the Intel(R) DCM software before version 5.0 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.
CVE-2022-27516 1Citrix 2Application Delivery Controller Firmware Gateway Nov 21, 2024 Nov 8, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 User login brute force protection functionality bypass
CVE-2022-42801 1Apple 5Ipados Iphone OsMacos+2 more Apr 22, 2025 Nov 1, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 A logic issue was addressed with improved checks. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1. An app may be able to execut...Show more A logic issue was addressed with improved checks. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1. An app may be able to execute arbitrary code with kernel privileges.Show less
CVE-2022-32910 1Apple 2Mac Os X Macos May 6, 2025 Nov 1, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 A logic issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.8, macOS Monterey 12.5, Security Update 2022-005 Catalina. An archive may be able to bypass Gatekeeper.
CVE-2022-43435 1Jenkins 1360 Fireline May 8, 2025 Oct 19, 2022 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Jenkins 360 FireLine Plugin 1.7.2 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download.
CVE-2022-43434 1Jenkins 1Neuvector Vulnerability Scanner May 8, 2025 Oct 19, 2022 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Jenkins NeuVector Vulnerability Scanner Plugin 1.20 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for down...Show more Jenkins NeuVector Vulnerability Scanner Plugin 1.20 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download.Show less
CVE-2022-43433 1Jenkins 1Screenrecorder May 8, 2025 Oct 19, 2022 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Jenkins ScreenRecorder Plugin 0.7 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download.
CVE-2022-43432 1Jenkins 1Xframium Builder May 8, 2025 Oct 19, 2022 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Jenkins XFramium Builder Plugin 1.0.22 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download.

Previous 1...192021...26 Next