Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-44837 | 1 Deltarm | 1 Delta Rm | 2023-08-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in Delta RM 1.2. It is possible for an unprivileged user to access the same information as an admin user regarding the risk creation information in the /risque/administration/referentiel/json/create/categorie endpoint, using the id_cat1 query parameter to indicate the risk. | |||||
| CVE-2022-20288 | 1 Google | 1 Android | 2023-08-08 | N/A | 5.5 MEDIUM |
| In AppSearchManagerService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-204082360 | |||||
| CVE-2022-32583 | 1 Cybozu | 1 Office | 2023-08-08 | N/A | 4.3 MEDIUM |
| Operation restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to alter the data of Scheduler via unspecified vectors. | |||||
| CVE-2022-32544 | 1 Cybozu | 1 Office | 2023-08-08 | N/A | 4.3 MEDIUM |
| Operation restriction bypass vulnerability in Project of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to alter the data of Project via unspecified vectors. | |||||
| CVE-2022-42788 | 1 Apple | 1 Macos | 2023-08-08 | N/A | 5.5 MEDIUM |
| A permissions issue existed. This issue was addressed with improved permission validation. This issue is fixed in macOS Ventura 13. A malicious application may be able to read sensitive location information. | |||||
| CVE-2022-33311 | 1 Cybozu | 1 Office | 2023-08-08 | N/A | 4.3 MEDIUM |
| Browse restriction bypass vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Address Book via unspecified vectors. | |||||
| CVE-2022-23775 | 1 Truestack | 1 Direct Connect | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| TrueStack Direct Connect 1.4.7 has Incorrect Access Control. | |||||
| CVE-2022-26051 | 1 Cybozu | 1 Garoon | 2023-08-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| Operation restriction bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Portal. | |||||
| CVE-2022-36263 | 2 Logitech, Microsoft | 2 Streamlabs Desktop, Windows | 2023-08-08 | N/A | 7.3 HIGH |
| StreamLabs Desktop Application 1.9.0 is vulnerable to Incorrect Access Control via obs64.exe. An attacker can execute arbitrary code via a crafted .exe file. | |||||
| CVE-2022-29502 | 2 Fedoraproject, Schedmd | 2 Fedora, Slurm | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges. | |||||
| CVE-2021-3172 | 1 Php-fusion | 1 Php-fusion | 2023-08-08 | N/A | 8.1 HIGH |
| An issue in Php-Fusion v9.03.90 fixed in v9.10.00 allows authenticated attackers to cause a Distributed Denial of Service via the Polling feature. | |||||
| CVE-2022-36537 | 1 Zkoss | 1 Zk Framework | 2023-08-08 | N/A | 7.5 HIGH |
| ZK Framework v9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 allows attackers to access sensitive information via a crafted POST request sent to the component AuUploader. | |||||
| CVE-2022-36804 | 1 Atlassian | 1 Bitbucket | 2023-08-08 | N/A | 8.8 HIGH |
| Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10, from version 7.18.0 before version 7.21.4, from version 8.0.0 before version 8.0.3, from version 8.1.0 before version 8.1.3, and from version 8.2.0 before version 8.2.2, and from version 8.3.0 before 8.3.1 allows remote attackers with read permissions to a public or private Bitbucket repository to execute arbitrary code by sending a malicious HTTP request. This vulnerability was reported via our Bug Bounty Program by TheGrandPew. | |||||
| CVE-2022-47003 | 1 Murasoftware | 1 Mura Cms | 2023-08-08 | N/A | 9.8 CRITICAL |
| A vulnerability in the Remember Me function of Mura CMS before v10.0.580 allows attackers to bypass authentication via a crafted web request. | |||||
| CVE-2021-33128 | 1 Intel | 2 Ethernet Controller E810, Ethernet Controller E810 Firmware | 2023-08-08 | N/A | 4.4 MEDIUM |
| Improper access control in the firmware for some Intel(R) E810 Ethernet Controllers before version 1.6.0.6 may allow a privileged user to potentially enable denial of service via local access. | |||||
| CVE-2022-26843 | 1 Intel | 2 Oneapi Dpc\+\+\/c\+\+ Compiler, Oneapi Toolkits | 2023-08-08 | N/A | 9.8 CRITICAL |
| Insufficient visual distinction of homoglyphs presented to user in the Intel(R) oneAPI DPC++/C++ Compiler before version 2022.1 for Intel(R) oneAPI Toolkits before version 2022.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | |||||
| CVE-2022-36562 | 1 Rubyinstaller | 1 Rubyinstaller2 | 2023-08-08 | N/A | 8.8 HIGH |
| Incorrect access control in the install directory (C:\Ruby31-x64) of Rubyinstaller2 v3.1.2 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory. | |||||
| CVE-2021-26099 | 1 Fortinet | 1 Fortimail | 2023-08-08 | 4.0 MEDIUM | 4.9 MEDIUM |
| Missing cryptographic steps in the Identity-Based Encryption service of FortiMail before 7.0.0 may allow an attacker who comes in possession of the encrypted master keys to compromise their confidentiality by observing a few invariant properties of the ciphertext. | |||||
| CVE-2022-25921 | 1 Morgan-json Project | 1 Morgan-json | 2023-08-08 | N/A | 9.8 CRITICAL |
| All versions of package morgan-json are vulnerable to Arbitrary Code Execution due to missing sanitization of input passed to the Function constructor. | |||||
| CVE-2022-36565 | 1 Wampserver | 1 Wampserver | 2023-08-08 | N/A | 8.8 HIGH |
| Incorrect access control in the install directory (C:\Wamp64) of Wamp v3.2.6 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory. | |||||
| CVE-2022-36564 | 2 Microsoft, Strawberryperl | 2 Windows, Strawberryperl | 2023-08-08 | N/A | 8.8 HIGH |
| Incorrect access control in the install directory (C:\Strawberry) of StrawberryPerl v5.32.1.1 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory. | |||||
| CVE-2022-36563 | 1 Rubyinstaller | 1 Rubyinstaller2 | 2023-08-08 | N/A | 8.8 HIGH |
| Incorrect access control in the install directory (C:\RailsInstaller) of Rubyinstaller2 v3.1.2 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory. | |||||
| CVE-2022-45552 | 1 Zbt | 2 We1626, We1626 Firmware | 2023-08-08 | N/A | 7.5 HIGH |
| An Insecure Permissions vulnerability in Shenzhen Zhiboton Electronics ZBT WE1626 Router v 21.06.18 allows attackers to obtain sensitive information via SPI bus interface connected to pinout of the NAND flash memory. | |||||
| CVE-2021-43129 | 1 D2l | 1 Brightspace | 2023-08-08 | 5.8 MEDIUM | 6.5 MEDIUM |
| A bypass exists for Desire2Learn/D2L Brightspace’s “Disable Right Click” option in the quizzing feature, which allows a quiz-taker to access print and copy functionality via the browser’s right click menu even when “Disable Right Click” is enabled on the quiz. | |||||
| CVE-2022-3317 | 1 Google | 2 Android, Chrome | 2023-08-08 | N/A | 4.3 MEDIUM |
| Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 106.0.5249.62 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low) | |||||
| CVE-2022-37172 | 1 Msys2 | 1 Msys2 | 2023-08-08 | N/A | 7.8 HIGH |
| Incorrect access control in the install directory (C:\msys64) of Msys2 v20220603 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory. | |||||
| CVE-2022-21165 | 1 Font Converter Project | 1 Font Converter | 2023-08-08 | N/A | 9.8 CRITICAL |
| All versions of package font-converter are vulnerable to Arbitrary Command Injection due to missing sanitization of input that potentially flows into the child_process.exec() function. | |||||
| CVE-2021-0187 | 1 Intel | 106 Xeon Gold 5315y, Xeon Gold 5315y Firmware, Xeon Gold 5317 and 103 more | 2023-08-08 | N/A | 8.2 HIGH |
| Improper access control in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access. | |||||
| CVE-2021-44852 | 1 Biostar | 1 Racing Gt Evo | 2023-08-08 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in BS_RCIO64.sys in Biostar RACING GT Evo 2.1.1905.1700. A low-integrity process can open the driver's device object and issue IOCTLs to read or write to arbitrary physical memory locations (or call an arbitrary address), leading to execution of arbitrary code. This is associated with 0x226040, 0x226044, and 0x226000. | |||||
| CVE-2022-47717 | 1 Lastyard | 1 Last Yard | 2023-08-08 | N/A | 7.5 HIGH |
| Last Yard 22.09.8-1 is vulnerable to Cross-origin resource sharing (CORS). | |||||
| CVE-2022-45475 | 1 Tiny File Manager Project | 1 Tiny File Manager | 2023-08-08 | N/A | 6.5 MEDIUM |
| Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to access the application's internal files. This is possible because the application is vulnerable to broken access control. | |||||
| CVE-2022-22589 | 1 Apple | 7 Ipados, Iphone Os, Mac Os X and 4 more | 2023-08-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing a maliciously crafted mail message may lead to running arbitrary javascript. | |||||
| CVE-2021-39892 | 1 Gitlab | 1 Gitlab | 2023-08-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| In all versions of GitLab CE/EE since version 12.0, a lower privileged user can import users from projects that they don't have a maintainer role on and disclose email addresses of those users. | |||||
| CVE-2022-34298 | 1 Openidentityplatform | 1 Openam | 2023-08-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| The NT auth module in OpenAM before 14.6.6 allows a "replace Samba username attack." | |||||
| CVE-2022-37734 | 1 Graphql-java Project | 1 Graphql-java | 2023-08-08 | N/A | 7.5 HIGH |
| graphql-java before19.0 is vulnerable to Denial of Service. An attacker can send a malicious GraphQL query that consumes CPU resources. The fixed versions are 19.0 and later, 18.3, and 17.4, and 0.0.0-2022-07-26T05-45-04-226aabd9. | |||||
| CVE-2022-37190 | 1 Cuppacms | 1 Cuppacms | 2023-08-08 | N/A | 8.8 HIGH |
| CuppaCMS 1.0 is vulnerable to Remote Code Execution (RCE). An authenticated user can control both parameters (action and function) from "/api/index.php. | |||||
| CVE-2022-30290 | 1 Citeum | 1 Opencti | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| In OpenCTI through 5.2.4, a broken access control vulnerability has been identified in the profile endpoint. An attacker can abuse the identified vulnerability in order to arbitrarily change their registered e-mail address as well as their API key, even though such action is not possible through the interface, legitimately. | |||||
| CVE-2022-38770 | 1 Transtek | 1 Mojodat Fixed Asset Management | 2023-08-08 | N/A | 5.3 MEDIUM |
| The mobile application in Transtek Mojodat FAM (Fixed Asset Management) 2.4.6 allows remote attackers to fetch other users' data upon a successful login request. | |||||
| CVE-2021-44854 | 1 Mediawiki | 1 Mediawiki | 2023-08-08 | N/A | 5.3 MEDIUM |
| An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The REST API publicly caches results from private wikis. | |||||
| CVE-2022-26572 | 1 Xerox | 2 Colorqube 8580, Colorqube 8580 Firmware | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| Xerox ColorQube 8580 was discovered to contain an access control issue which allows attackers to print, view the status, and obtain sensitive information. | |||||
| CVE-2022-38769 | 1 Transtek | 1 Mojodat Fixed Asset Management | 2023-08-08 | N/A | 7.5 HIGH |
| The mobile application in Transtek Mojodat FAM (Fixed Asset Management) 2.4.6 allows remote attackers to fetch cleartext passwords upon a successful login request. | |||||
| CVE-2022-38768 | 1 Transtek | 1 Mojodat Fixed Asset Management | 2023-08-08 | N/A | 9.8 CRITICAL |
| The mobile application in Transtek Mojodat FAM (Fixed Asset Management) 2.4.6 allows remote attackers to bypass authorization. | |||||
| CVE-2022-36436 | 1 Osuosl | 1 Twisted Vnc Authentication Proxy | 2023-08-08 | N/A | 9.8 CRITICAL |
| OSU Open Source Lab VNCAuthProxy through 1.1.1 is affected by an vncap/vnc/protocol.py VNCServerAuthenticator authentication-bypass vulnerability that could allow a malicious actor to gain unauthorized access to a VNC session or to disconnect a legitimate user from a VNC session. A remote attacker with network access to the proxy server could leverage this vulnerability to connect to VNC servers protected by the proxy server without providing any authentication credentials. Exploitation of this issue requires that the proxy server is currently accepting connections for the target VNC server. | |||||
| CVE-2021-41844 | 1 Crocoblock | 1 Jetengine | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| Crocoblock JetEngine before 2.9.1 does not properly validate and sanitize form data. | |||||
| CVE-2021-39017 | 3 Ibm, Linux, Microsoft | 3 Engineering Lifecycle Optimization Publishing, Linux Kernel, Windows | 2023-08-08 | N/A | 6.5 MEDIUM |
| IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to upload arbitrary files, caused by improper access controls. IBM X-Force ID: 213725. | |||||
| CVE-2022-36369 | 1 Intel | 1 Qatzip | 2023-08-08 | N/A | 7.8 HIGH |
| Improper access control in some QATzip software maintained by Intel(R) before version 1.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-47410 | 1 Fp Newsletter Project | 1 Fp Newsletter | 2023-08-08 | N/A | 7.5 HIGH |
| An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Data about subscribers may be obtained via createAction operations. | |||||
| CVE-2022-38341 | 1 Safe | 1 Fme Server | 2023-08-08 | N/A | 7.1 HIGH |
| Safe Software FME Server v2021.2.5 and below does not employ server-side validation. | |||||
| CVE-2022-3044 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2023-08-08 | N/A | 6.5 MEDIUM |
| Inappropriate implementation in Site Isolation in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. | |||||
| CVE-2022-0093 | 1 Gitlab | 1 Gitlab | 2023-08-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. GitLab allows a user with an expired password to access sensitive information through RSS feeds. | |||||