Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-22048 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-08-08 | 6.6 MEDIUM | 6.1 MEDIUM |
| BitLocker Security Feature Bypass Vulnerability | |||||
| CVE-2022-22042 | 1 Microsoft | 9 Windows 10, Windows 11, Windows 7 and 6 more | 2023-08-08 | 4.0 MEDIUM | 6.5 MEDIUM |
| Windows Hyper-V Information Disclosure Vulnerability | |||||
| CVE-2022-22028 | 1 Microsoft | 5 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 2 more | 2023-08-08 | 4.3 MEDIUM | 5.9 MEDIUM |
| Windows Network File System Information Disclosure Vulnerability | |||||
| CVE-2022-21845 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-08-08 | 4.7 MEDIUM | 4.7 MEDIUM |
| Windows Kernel Information Disclosure Vulnerability | |||||
| CVE-2021-40013 | 1 Huawei | 2 Emui, Magic Ui | 2023-08-08 | 3.3 LOW | 6.5 MEDIUM |
| Improper permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability will affect integrity. | |||||
| CVE-2022-35406 | 1 Portswigger | 1 Burp Suite | 2023-08-08 | 4.3 MEDIUM | 4.3 MEDIUM |
| A URL disclosure issue was discovered in Burp Suite before 2022.6. If a user views a crafted response in the Repeater or Intruder, it may be incorrectly interpreted as a redirect. | |||||
| CVE-2022-21784 | 2 Google, Mediatek | 33 Android, Mt6761, Mt6779 and 30 more | 2023-08-08 | 4.6 MEDIUM | 6.7 MEDIUM |
| In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06704526; Issue ID: ALPS06704462. | |||||
| CVE-2022-21766 | 2 Google, Mediatek | 36 Android, Mt6580, Mt6735 and 33 more | 2023-08-08 | 4.6 MEDIUM | 6.7 MEDIUM |
| In CCCI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06641673; Issue ID: ALPS06641653. | |||||
| CVE-2022-21765 | 2 Google, Mediatek | 36 Android, Mt6580, Mt6735 and 33 more | 2023-08-08 | 4.6 MEDIUM | 6.7 MEDIUM |
| In CCCI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06641673; Issue ID: ALPS06641673. | |||||
| CVE-2022-2097 | 5 Debian, Fedoraproject, Netapp and 2 more | 15 Debian Linux, Fedora, Active Iq Unified Manager and 12 more | 2023-08-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p). | |||||
| CVE-2022-29471 | 1 Cybozu | 1 Garoon | 2023-08-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| Browse restriction bypass vulnerability in Bulletin of Cybozu Garoon allows a remote authenticated attacker to obtain the data of Bulletin. | |||||
| CVE-2022-29467 | 1 Cybozu | 1 Garoon | 2023-08-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| Address information disclosure vulnerability in Cybozu Garoon 4.2.0 to 5.5.1 allows a remote authenticated attacker to obtain some data of Address. | |||||
| CVE-2022-28718 | 1 Cybozu | 1 Garoon | 2023-08-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| Operation restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.5.1 allow a remote authenticated attacker to alter the data of Bulletin. | |||||
| CVE-2022-27661 | 1 Cybozu | 1 Garoon | 2023-08-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| Operation restriction bypass vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Workflow. | |||||
| CVE-2022-26368 | 1 Cybozu | 1 Garoon | 2023-08-08 | 5.5 MEDIUM | 5.4 MEDIUM |
| Browse restriction bypass and operation restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter and/or obtain the data of Cabinet. | |||||
| CVE-2022-26054 | 1 Cybozu | 1 Garoon | 2023-08-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| Operation restriction bypass vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Link. | |||||
| CVE-2022-26051 | 1 Cybozu | 1 Garoon | 2023-08-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| Operation restriction bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Portal. | |||||
| CVE-2022-22373 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2023-08-08 | 5.5 MEDIUM | 5.4 MEDIUM |
| An improper validation vulnerability in IBM InfoSphere Information Server 11.7 Pack for SAP Apps and BW Packs may lead to creation of directories and files on the server file system that may contain non-sensitive debugging information like stack traces. IBM X-Force ID: 221323. | |||||
| CVE-2022-1954 | 1 Gitlab | 1 Gitlab | 2023-08-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| A Regular Expression Denial of Service vulnerability in GitLab CE/EE affecting all versions from 1.0.2 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to make a GitLab instance inaccessible via specially crafted web server response headers | |||||
| CVE-2022-2243 | 1 Gitlab | 1 Gitlab | 2023-08-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| An access control vulnerability in GitLab EE/CE affecting all versions from 14.8 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows authenticated users to enumerate issues in non-linked sentry projects. | |||||
| CVE-2022-22494 | 3 Ibm, Linux, Microsoft | 4 Aix, Spectrum Protect Operations Center, Linux Kernel and 1 more | 2023-08-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14 could allow a remote attacker to gain details of the database, such as type and version, by sending a specially-crafted HTTP request. This information could then be used in future attacks. IBM X-Force ID: 226940. | |||||
| CVE-2021-38954 | 3 Ibm, Linux, Microsoft | 4 Aix, Sterling B2b Integrator, Linux Kernel and 1 more | 2023-08-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5 and 6.1.0.0 through 6.1.1.0 could disclose sensitive version information that could aid in future attacks against the system. IBM X-Force ID: 211414. | |||||
| CVE-2021-37791 | 1 Myadmin Project | 1 Myadmin | 2023-08-08 | 4.0 MEDIUM | 4.9 MEDIUM |
| MyAdmin v1.0 is affected by an incorrect access control vulnerability in viewing personal center in /api/user/userData?userCode=admin. | |||||
| CVE-2022-29271 | 1 Nagios | 1 Nagios Xi | 2023-08-08 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Nagios XI through 5.8.5, a read-only Nagios user (due to an incorrect permission check) is able to schedule downtime for any host/services. This allows an attacker to permanently disable all monitoring checks. | |||||
| CVE-2022-29270 | 1 Nagios | 1 Nagios Xi | 2023-08-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| In Nagios XI through 5.8.5, it is possible for a user without password verification to change his e-mail address. | |||||
| CVE-2022-29269 | 1 Nagios | 1 Nagios Xi | 2023-08-08 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Nagios XI through 5.8.5, in the schedule report function, an authenticated attacker is able to inject HTML tags that lead to the reformatting/editing of emails from an official email address. | |||||
| CVE-2021-41559 | 1 Silverstripe | 1 Silverstripe | 2023-08-08 | 4.3 MEDIUM | 6.5 MEDIUM |
| Silverstripe silverstripe/framework 4.8.1 has a quadratic blowup in Convert::xml2array() that enables a remote attack via a crafted XML document. | |||||
| CVE-2021-40606 | 1 Gpac | 1 Gpac | 2023-08-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| The gf_bs_write_data function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command. | |||||
| CVE-2022-28167 | 1 Broadcom | 1 Sannav | 2023-08-08 | 4.0 MEDIUM | 6.5 MEDIUM |
| Brocade SANnav before Brocade SANvav v. 2.2.0.2 and Brocade SANanv v.2.1.1.8 logs the Brocade Fabric OS switch password in plain text in asyncjobscheduler-manager.log | |||||
| CVE-2021-38879 | 3 Ibm, Linux, Microsoft | 3 Jazz Team Server, Linux Kernel, Windows | 2023-08-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 209057. | |||||
| CVE-2021-20355 | 3 Ibm, Linux, Microsoft | 3 Jazz Team Server, Linux Kernel, Windows | 2023-08-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 194891. | |||||
| CVE-2022-29330 | 1 Vitalpbx | 1 Vitalpbx | 2023-08-08 | 4.0 MEDIUM | 4.9 MEDIUM |
| Missing access control in the backup system of Telesoft VitalPBX before 3.2.1 allows attackers to access the PJSIP and SIP extension credentials, cryptographic keys and voicemails files via unspecified vectors. | |||||
| CVE-2021-29768 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2023-08-08 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a low level user to obtain sensitive information from the details of the 'Cloud Storage' page for which they should not have access. IBM X-Force ID: 202682. | |||||
| CVE-2022-1741 | 1 Dominionvoting | 2 Democracy Suite, Imagecast X | 2023-08-08 | 7.2 HIGH | 6.8 MEDIUM |
| The tested version of Dominion Voting Systems ImageCast X has a Terminal Emulator application which could be leveraged by an attacker to gain elevated privileges on a device and/or install malicious code. | |||||
| CVE-2021-30651 | 1 Broadcom | 1 Symantec Messaging Gateway | 2023-08-08 | 4.0 MEDIUM | 4.9 MEDIUM |
| A malicious authenticated SMG administrator user can obtain passwords for external LDAP/Active Directory servers that they might not otherwise be authorized to access. | |||||
| CVE-2022-34298 | 1 Openidentityplatform | 1 Openam | 2023-08-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| The NT auth module in OpenAM before 14.6.6 allows a "replace Samba username attack." | |||||
| CVE-2022-22414 | 2 Ibm, Microsoft | 2 Robotic Process Automation, Windows | 2023-08-08 | 2.1 LOW | 5.5 MEDIUM |
| IBM Robotic Process Automation 21.0.2 could allow a local user to obtain sensitive web service configuration credentials from system memory. IBM X-Force ID: 223026. | |||||
| CVE-2021-46823 | 1 Python-ldap | 1 Python-ldap | 2023-08-08 | 4.0 MEDIUM | 6.5 MEDIUM |
| python-ldap before 3.4.0 is vulnerable to a denial of service when ldap.schema is used for untrusted schema definitions, because of a regular expression denial of service (ReDoS) flaw in the LDAP schema parser. By sending crafted regex input, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition. | |||||
| CVE-2022-31876 | 1 Netgear | 2 Wnap320, Wnap320 Firmware | 2023-08-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| netgear wnap320 router WNAP320_V2.0.3_firmware is vulnerable to Incorrect Access Control via /recreate.php, which can leak all users cookies. | |||||
| CVE-2022-33755 | 1 Broadcom | 1 Ca Automic Automation | 2023-08-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| CA Automic Automation 12.2 and 12.3 contain an insecure input handling vulnerability in the Automic Agent that could allow a remote attacker to potentially enumerate users. | |||||
| CVE-2022-22953 | 1 Vmware | 1 Vmware Hcx | 2023-08-08 | 4.0 MEDIUM | 6.5 MEDIUM |
| VMware HCX update addresses an information disclosure vulnerability. A malicious actor with network user access to the VMware HCX appliance may be able to gain access to sensitive information. | |||||
| CVE-2022-28749 | 1 Zoom | 1 On-premise Meeting Connector Multimedia Router | 2023-08-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| Zooms On-Premise Meeting Connector MMR before version 4.8.113.20220526 fails to properly check the permissions of a Zoom meeting attendee. As a result, a threat actor in the Zooms waiting room can join the meeting without the consent of the host. | |||||
| CVE-2022-20176 | 1 Google | 1 Android | 2023-08-08 | 2.1 LOW | 4.4 MEDIUM |
| In auth_store of sjtag-driver.c, there is a possible read of uninitialized memory due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-197787879References: N/A | |||||
| CVE-2022-20143 | 1 Google | 1 Android | 2023-08-08 | 4.9 MEDIUM | 5.5 MEDIUM |
| In addAutomaticZenRule of ZenModeHelper.java, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-220735360 | |||||
| CVE-2022-20129 | 1 Google | 1 Android | 2023-08-08 | 4.9 MEDIUM | 5.5 MEDIUM |
| In registerPhoneAccount of PhoneAccountRegistrar.java, there is a possible way to prevent the user from selecting a phone account due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-217934478 | |||||
| CVE-2021-40616 | 1 Thinkcmf | 1 Thinkcmf | 2023-08-08 | 4.0 MEDIUM | 6.5 MEDIUM |
| thinkcmf v5.1.7 has an unauthorized vulnerability. The attacker can modify the password of the administrator account with id 1 through the background user management group permissions. The use condition is that the background user management group authority is required. | |||||
| CVE-2021-35092 | 1 Qualcomm | 166 Apq8053, Apq8053 Firmware, Apq8096au and 163 more | 2023-08-08 | 4.6 MEDIUM | 6.7 MEDIUM |
| Processing DCB/AVB algorithm with an invalid queue index from IOCTL request could lead to arbitrary address modification in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music | |||||
| CVE-2021-30346 | 1 Qualcomm | 56 Ar8035, Ar8035 Firmware, Qca9984 and 53 more | 2023-08-08 | 4.9 MEDIUM | 5.5 MEDIUM |
| RPM secure Stream can access any secure resource due to improper SMMU configuration in Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2021-30345 | 1 Qualcomm | 56 Ar8035, Ar8035 Firmware, Qca9984 and 53 more | 2023-08-08 | 4.9 MEDIUM | 5.5 MEDIUM |
| RPM secure Stream can access any secure resource due to improper SMMU configuration in Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2021-30339 | 1 Qualcomm | 110 Ar8035, Ar8035 Firmware, Qca6391 and 107 more | 2023-08-08 | 4.9 MEDIUM | 5.5 MEDIUM |
| Reading PRNG output may lead to improper key generation due to lack of buffer validation in Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | |||||