Total
9615 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2558 | 1 Presstigers | 1 Simple Job Board | 2024-11-21 | N/A | 5.3 MEDIUM |
|
The Simple Job Board WordPress plugin before 2.10.0 is susceptible to Directory Listing which allows the public listing of uploaded resumes in certain configurations.
|
|||||
| CVE-2022-2462 | 1 Transposh | 1 Transposh Wordpress Translation | 2024-11-21 | N/A | 5.3 MEDIUM |
|
The Transposh WordPress Translation plugin for WordPress is vulnerable to sensitive information disclosure to unauthenticated users in versions up to, and including, 1.0.8.1. This is due to insufficient permissions checking on the 'tp_history' AJAX action and insufficient restriction on the data returned in the response. This makes it possible for unauthenticated users to exfiltrate usernames of individuals who have translated text.
|
|||||
| CVE-2022-2408 | 1 Mattermost | 1 Mattermost | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
The Guest account feature in Mattermost version 6.7.0 and earlier fails to properly restrict the permissions, which allows a guest user to fetch a list of all public channels in the team, in spite of not being part of those channels.
|
|||||
| CVE-2022-2401 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Unrestricted information disclosure of all users in Mattermost version 6.7.0 and earlier allows team members to access some sensitive information by directly accessing the APIs.
|
|||||
| CVE-2022-2394 | 1 Perforce | 1 Puppet Bolt | 2024-11-21 | N/A | 4.1 MEDIUM |
|
Puppet Bolt prior to version 3.24.0 will print sensitive parameters when planning a run resulting in them potentially being logged when run programmatically, such as via Puppet Enterprise.
|
|||||
| CVE-2022-2221 | 1 Devolutions | 1 Remote Desktop Manager | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Information Exposure vulnerability in My Account Settings of Devolutions Remote Desktop Manager before 2022.1.8 allows authenticated users to access credentials of other users. This issue affects: Devolutions Remote Desktop Manager versions prior to 2022.1.8.
|
|||||
| CVE-2022-29901 | 5 Debian, Fedoraproject, Intel and 2 more | 254 Debian Linux, Fedora, Core I3-6100 and 251 more | 2024-11-21 | 1.9 LOW | 5.6 MEDIUM |
|
Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions.
|
|||||
| CVE-2022-29567 | 1 Vaadin | 1 Vaadin | 2024-11-21 | 5.0 MEDIUM | 5.7 MEDIUM |
|
The default configuration of a TreeGrid component uses Object::toString as a key on the client-side and server communication in Vaadin 14.8.5 through 14.8.9, 22.0.6 through 22.0.14, 23.0.0.beta2 through 23.0.8 and 23.1.0.alpha1 through 23.1.0.alpha4, resulting in potential information disclosure of values that should not be available on the client-side.
|
|||||
| CVE-2022-29512 | 1 Cybozu | 1 Garoon | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Exposure of sensitive information to an unauthorized actor issue in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to obtain the data without the viewing privilege.
|
|||||
| CVE-2022-29467 | 1 Cybozu | 1 Garoon | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
Address information disclosure vulnerability in Cybozu Garoon 4.2.0 to 5.5.1 allows a remote authenticated attacker to obtain some data of Address.
|
|||||
| CVE-2022-29248 | 3 Debian, Drupal, Guzzlephp | 3 Debian Linux, Drupal, Guzzle | 2024-11-21 | 5.8 MEDIUM | 8.0 HIGH |
|
Guzzle is a PHP HTTP client. Guzzle prior to versions 6.5.6 and 7.4.3 contains a vulnerability with the cookie middleware. The vulnerability is that it is not checked if the cookie domain equals the domain of the server which sets the cookie via the Set-Cookie header, allowing a malicious server to set cookies for unrelated domains. The cookie middleware is disabled by default, so most library consumers will not be affected by this issue. Only those who manually add the cookie middleware to the ...
Show More |
|||||
| CVE-2022-29241 | 1 Jupyter | 1 Jupyter Server | 2024-11-21 | 9.0 HIGH | 7.1 HIGH |
|
Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications like Jupyter Notebook. Prior to version 1.17.1, if notebook server is started with a value of `root_dir` that contains the starting user's home directory, then the underlying REST API can be used to leak the access token assigned at start time by guessing/brute forcing the PID of the jupyter server. While this requires an authenticated user session, this URL can be used from a cros ...
Show More |
|||||
| CVE-2022-29235 | 1 Bigbluebutton | 1 Bigbluebutton | 2024-11-21 | 4.3 MEDIUM | 5.3 MEDIUM |
|
BigBlueButton is an open source web conferencing system. Starting in version 2.2 and prior to versions 2.3.18 and 2.4-rc-6, an attacker who is able to obtain the meeting identifier for a meeting on a server can find information related to an external video being shared, like the current timestamp and play/pause. The problem has been patched in versions 2.3.18 and 2.4-rc-6 by modifying the stream to send the data only for users in the meeting. There are currently no known workarounds.
|
|||||
| CVE-2022-29232 | 1 Bigbluebutton | 1 Bigbluebutton | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
BigBlueButton is an open source web conferencing system. Starting with version 2.2 and prior to versions 2.3.9 and 2.4-beta-1, an attacker can circumvent access controls to obtain the content of public chat messages from different meetings on the server. The attacker must be a participant in a meeting on the server. BigBlueButton versions 2.3.9 and 2.4-beta-1 contain a patch for this issue. There are currently no known workarounds.
|
|||||
| CVE-2022-29165 | 1 Argoproj | 1 Argo Cd | 2024-11-21 | 9.3 HIGH | 10.0 CRITICAL |
|
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A critical vulnerability has been discovered in Argo CD starting with version 1.4.0 and prior to versions 2.1.15, 2.2.9, and 2.3.4 which would allow unauthenticated users to impersonate as any Argo CD user or role, including the `admin` user, by sending a specifically crafted JSON Web Token (JWT) along with the request. In order for this vulnerability to be exploited, anonymous access to the Argo CD instance must have been ...
Show More |
|||||
| CVE-2022-29071 | 1 Arista | 1 Cloudvision Portal | 2024-11-21 | N/A | 4.0 MEDIUM |
|
This advisory documents an internally found vulnerability in the on premises deployment model of Arista CloudVision Portal (CVP) where under a certain set of conditions, user passwords can be leaked in the Audit and System logs. The impact of this vulnerability is that the CVP user login passwords might be leaked to other authenticated users.
|
|||||
| CVE-2022-28764 | 1 Zoom | 3 Meetings, Rooms, Vdi Windows Meeting Clients | 2024-11-21 | N/A | 3.3 LOW |
|
The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.6 is susceptible to a local information exposure vulnerability. A failure to clear data from a local SQL database after a meeting ends and the usage of an insufficiently secure per-device key encrypting that database results in a local malicious user being able to obtain meeting information such as in-meeting chat for the previous meeting attended from that local user account.
|
|||||
| CVE-2022-28614 | 3 Apache, Fedoraproject, Netapp | 3 Http Server, Fedora, Clustered Data Ontap | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function. Modules compiled and distributed separately from Apache HTTP Server that use the 'ap_rputs' function and may pass it a very large (INT_MAX or larger) string must be compiled against current headers to resolve the issue.
|
|||||
| CVE-2022-27912 | 1 Joomla | 1 Joomla\! | 2024-11-21 | N/A | 5.3 MEDIUM |
|
An issue was discovered in Joomla! 4.0.0 through 4.2.3. Sites with publicly enabled debug mode exposed data of previous requests.
|
|||||
| CVE-2022-27891 | 1 Palantir | 1 Gotham | 2024-11-21 | N/A | 5.3 MEDIUM |
|
Palantir Gotham included an unauthenticated endpoint that listed all active usernames on the stack with an active session. The affected services have been patched and automatically deployed to all Apollo-managed Gotham instances. It is highly recommended that customers upgrade all affected services to the latest version. This issue affects: Palantir Gotham versions prior to 103.30221005.0.
|
|||||
| CVE-2022-27875 | 1 F5 | 1 Access For Android | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
On F5 Access for Android 3.x versions prior to 3.0.8, a Task Hijacking vulnerability exists in the F5 Access for Android application, which may allow an attacker to steal sensitive user information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
|
|||||
| CVE-2022-27863 | 1 Vikwp | 1 Vikbooking Hotel Booking Engine \& Property Management System Plugin | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Sensitive Information Exposure in E4J s.r.l. VikBooking Hotel Booking Engine & PMS plugin <= 1.5.3 on WordPress allows attackers to get the booking data by guessing / brute-forcing easy predictable booking IDs via search POST requests.
|
|||||
| CVE-2022-27849 | 1 Plugin-planet | 1 Simple Ajax Chat | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Sensitive Information Disclosure (sac-export.csv) in Simple Ajax Chat (WordPress plugin) <= 20220115
|
|||||
| CVE-2022-27844 | 1 Wpvivid | 1 Migration\, Backup\, Staging | 2024-11-21 | 5.0 MEDIUM | 2.7 LOW |
|
Arbitrary File Read vulnerability in WPvivid Team Migration, Backup, Staging – WPvivid (WordPress plugin) versions <= 0.9.70
|
|||||
| CVE-2022-27775 | 5 Brocade, Debian, Haxx and 2 more | 17 Fabric Operating System, Debian Linux, Curl and 14 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead.
|
|||||
| CVE-2022-27667 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
|
Under certain conditions, SAP BusinessObjects Business Intelligence platform, Client Management Console (CMC) - version 430, allows an attacker to access information which would otherwise be restricted, leading to Information Disclosure.
|
|||||
| CVE-2022-27633 | 1 Tcl | 1 Linkhub Mesh Wifi Ac1200 | 2024-11-21 | N/A | 7.5 HIGH |
|
An information disclosure vulnerability exists in the confctl_get_guest_wlan functionality of TCL LinkHub Mesh Wifi MS1G_00_01.00_14. A specially-crafted network packet can lead to information disclosure. An attacker can send packets to trigger this vulnerability.
|
|||||
| CVE-2022-27630 | 1 Tcl | 1 Linkhub Mesh Wifi Ac1200 | 2024-11-21 | N/A | 7.5 HIGH |
|
An information disclosure vulnerability exists in the confctl_get_master_wlan functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to information disclosure. An attacker can send packets to trigger this vulnerability.
|
|||||
| CVE-2022-27576 | 1 Google | 1 Android | 2024-11-21 | 4.3 MEDIUM | 3.3 LOW |
|
Information exposure vulnerability in Samsung DeX Home prior to SMR April-2022 Release 1 allows to access currently launched foreground app information without permission
|
|||||
| CVE-2022-27575 | 1 Google | 1 Android | 2024-11-21 | 4.3 MEDIUM | 3.3 LOW |
|
Information exposure vulnerability in One UI Home prior to SMR April-2022 Release 1 allows to access currently launched foreground app information without permission.
|
|||||
| CVE-2022-27490 | 1 Fortinet | 4 Fortianalyzer, Fortimanager, Fortiportal and 1 more | 2024-11-21 | N/A | 5.4 MEDIUM |
|
A exposure of sensitive information to an unauthorized actor in Fortinet FortiManager version 6.0.0 through 6.0.4, FortiAnalyzer version 6.0.0 through 6.0.4, FortiPortal version 6.0.0 through 6.0.9, 5.3.0 through 5.3.8, 5.2.x, 5.1.0, 5.0.x, 4.2.x, 4.1.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.x, 6.0.x allows an attacker which has obtained access to a restricted administrative account to obtain sensitive information via `diagnose debug` commands.
|
|||||
| CVE-2022-27241 | 1 Mendix | 1 Mendix | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.31), Mendix Applications using Mendix 8 (All versions < V8.18.18), Mendix Applications using Mendix 9 (All versions < V9.11), Mendix Applications using Mendix 9 (V9.6) (All versions < V9.6.12). Applications built with an affected system publicly expose the internal project structure. This could allow an unauthenticated remote attacker to read confidential information.
|
|||||
| CVE-2022-26869 | 1 Dell | 3 Powerstore T, Powerstore X, Powerstoreos | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Dell PowerStore versions 2.0.0.x, 2.0.1.x and 2.1.0.x contains an open port vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure and arbitrary code execution.
|
|||||
| CVE-2022-26847 | 2 Debian, Spip | 2 Debian Linux, Spip | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
SPIP before 3.2.14 and 4.x before 4.0.5 allows unauthenticated access to information about editorial objects.
|
|||||
| CVE-2022-26070 | 1 Splunk | 1 Splunk | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
When handling a mismatched pre-authentication cookie, the application leaks the internal error message in the response, which contains the Splunk Enterprise local system path. The vulnerability impacts Splunk Enterprise versions before 8.1.0.
|
|||||
| CVE-2022-25990 | 1 F5 | 1 F5os-a | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
On 1.0.x versions prior to 1.0.1, systems running F5OS-A software may expose certain registry ports externally. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
|
|||||
| CVE-2022-25830 | 1 Samsung | 1 Galaxy Watch 3 Plugin | 2024-11-21 | 2.1 LOW | 1.9 LOW |
|
Information Exposure vulnerability in Galaxy Watch3 Plugin prior to version 2.2.09.22012751 allows attacker to access password information of connected WiFiAp in the log
|
|||||
| CVE-2022-25829 | 1 Samsung | 1 Watch Active2 Plugin | 2024-11-21 | 2.1 LOW | 1.9 LOW |
|
Information Exposure vulnerability in Watch Active2 Plugin prior to version 2.2.08.22012751 allows attacker to access password information of connected WiFiAp in the log
|
|||||
| CVE-2022-25828 | 1 Samsung | 1 Watch Active Plugin | 2024-11-21 | 2.1 LOW | 1.9 LOW |
|
Information Exposure vulnerability in Watch Active Plugin prior to version 2.2.07.22012751 allows attacker to access password information of connected WiFiAp in the log
|
|||||
| CVE-2022-25827 | 1 Samsung | 1 Galaxy Watch Plugin | 2024-11-21 | 2.1 LOW | 1.9 LOW |
|
Information Exposure vulnerability in Galaxy Watch Plugin prior to version 2.2.05.22012751 allows attacker to access password information of connected WiFiAp in the log
|
|||||