Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-20287 | 1 Google | 1 Android | 2023-08-08 | N/A | 5.5 MEDIUM |
| In AppSearchManagerService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-204082784 | |||||
| CVE-2022-1545 | 1 Gitlab | 1 Gitlab | 2023-08-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| It was possible to disclose details of confidential notes created via the API in Gitlab CE/EE affecting all versions from 13.2 prior to 14.8.6, 14.9 prior to 14.9.4, and 14.10 prior to 14.10.1 if an unauthorised project member was tagged in the note. | |||||
| CVE-2022-2622 | 3 Fedoraproject, Google, Microsoft | 3 Fedora, Chrome, Windows | 2023-08-08 | N/A | 6.5 MEDIUM |
| Insufficient validation of untrusted input in Safe Browsing in Google Chrome on Windows prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a crafted file. | |||||
| CVE-2022-20332 | 1 Google | 1 Android | 2023-08-08 | N/A | 5.5 MEDIUM |
| In PackageManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-180019130 | |||||
| CVE-2022-42041 | 1 Democritus | 1 D8s-file-system | 2023-08-08 | N/A | 9.8 CRITICAL |
| The d8s-file-system package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hashes package. The affected version is 0.1.0. | |||||
| CVE-2022-38341 | 1 Safe | 1 Fme Server | 2023-08-08 | N/A | 7.1 HIGH |
| Safe Software FME Server v2021.2.5 and below does not employ server-side validation. | |||||
| CVE-2021-0369 | 1 Google | 1 Android | 2023-08-08 | 4.4 MEDIUM | 7.8 HIGH |
| In CrossProfileAppsServiceImpl.java, there is the possibility of an application's INTERACT_ACROSS_PROFILES grant state not displaying properly in the setting UI due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-166561076 | |||||
| CVE-2022-3044 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2023-08-08 | N/A | 6.5 MEDIUM |
| Inappropriate implementation in Site Isolation in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. | |||||
| CVE-2022-36563 | 1 Rubyinstaller | 1 Rubyinstaller2 | 2023-08-08 | N/A | 8.8 HIGH |
| Incorrect access control in the install directory (C:\RailsInstaller) of Rubyinstaller2 v3.1.2 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory. | |||||
| CVE-2022-20288 | 1 Google | 1 Android | 2023-08-08 | N/A | 5.5 MEDIUM |
| In AppSearchManagerService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-204082360 | |||||
| CVE-2022-33311 | 1 Cybozu | 1 Office | 2023-08-08 | N/A | 4.3 MEDIUM |
| Browse restriction bypass vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Address Book via unspecified vectors. | |||||
| CVE-2021-33128 | 1 Intel | 2 Ethernet Controller E810, Ethernet Controller E810 Firmware | 2023-08-08 | N/A | 4.4 MEDIUM |
| Improper access control in the firmware for some Intel(R) E810 Ethernet Controllers before version 1.6.0.6 may allow a privileged user to potentially enable denial of service via local access. | |||||
| CVE-2022-32583 | 1 Cybozu | 1 Office | 2023-08-08 | N/A | 4.3 MEDIUM |
| Operation restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to alter the data of Scheduler via unspecified vectors. | |||||
| CVE-2022-30290 | 1 Citeum | 1 Opencti | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| In OpenCTI through 5.2.4, a broken access control vulnerability has been identified in the profile endpoint. An attacker can abuse the identified vulnerability in order to arbitrarily change their registered e-mail address as well as their API key, even though such action is not possible through the interface, legitimately. | |||||
| CVE-2022-31876 | 1 Netgear | 2 Wnap320, Wnap320 Firmware | 2023-08-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| netgear wnap320 router WNAP320_V2.0.3_firmware is vulnerable to Incorrect Access Control via /recreate.php, which can leak all users cookies. | |||||
| CVE-2022-25921 | 1 Morgan-json Project | 1 Morgan-json | 2023-08-08 | N/A | 9.8 CRITICAL |
| All versions of package morgan-json are vulnerable to Arbitrary Code Execution due to missing sanitization of input passed to the Function constructor. | |||||
| CVE-2022-42221 | 1 Netgear | 2 R6220, R6220 Firmware | 2023-08-08 | N/A | 8.8 HIGH |
| Netgear R6220 v1.1.0.114_1.0.1 suffers from Incorrect Access Control, resulting in a command injection vulnerability. | |||||
| CVE-2022-32544 | 1 Cybozu | 1 Office | 2023-08-08 | N/A | 4.3 MEDIUM |
| Operation restriction bypass vulnerability in Project of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to alter the data of Project via unspecified vectors. | |||||
| CVE-2022-3047 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2023-08-08 | N/A | 6.5 MEDIUM |
| Insufficient policy enforcement in Extensions API in Google Chrome prior to 105.0.5195.52 allowed an attacker who convinced a user to install a malicious extension to bypass downloads policy via a crafted HTML page. | |||||
| CVE-2022-36436 | 1 Osuosl | 1 Twisted Vnc Authentication Proxy | 2023-08-08 | N/A | 9.8 CRITICAL |
| OSU Open Source Lab VNCAuthProxy through 1.1.1 is affected by an vncap/vnc/protocol.py VNCServerAuthenticator authentication-bypass vulnerability that could allow a malicious actor to gain unauthorized access to a VNC session or to disconnect a legitimate user from a VNC session. A remote attacker with network access to the proxy server could leverage this vulnerability to connect to VNC servers protected by the proxy server without providing any authentication credentials. Exploitation of this issue requires that the proxy server is currently accepting connections for the target VNC server. | |||||
| CVE-2022-25986 | 1 Cybozu | 1 Office | 2023-08-08 | N/A | 4.3 MEDIUM |
| Browse restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Scheduler. | |||||
| CVE-2022-47717 | 1 Lastyard | 1 Last Yard | 2023-08-08 | N/A | 7.5 HIGH |
| Last Yard 22.09.8-1 is vulnerable to Cross-origin resource sharing (CORS). | |||||
| CVE-2022-30688 | 2 Debian, Needrestart Project | 2 Debian Linux, Needrestart | 2023-08-08 | 4.6 MEDIUM | 7.8 HIGH |
| needrestart 0.8 through 3.5 before 3.6 is prone to local privilege escalation. Regexes to detect the Perl, Python, and Ruby interpreters are not anchored, allowing a local user to escalate privileges when needrestart tries to detect if interpreters are using old source files. | |||||
| CVE-2022-1741 | 1 Dominionvoting | 2 Democracy Suite, Imagecast X | 2023-08-08 | 7.2 HIGH | 6.8 MEDIUM |
| The tested version of Dominion Voting Systems ImageCast X has a Terminal Emulator application which could be leveraged by an attacker to gain elevated privileges on a device and/or install malicious code. | |||||
| CVE-2021-33104 | 1 Intel | 1 One Boot Flash Update | 2023-08-08 | N/A | 5.5 MEDIUM |
| Improper access control in the Intel(R) OFU software before version 14.1.28 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2022-47003 | 1 Murasoftware | 1 Mura Cms | 2023-08-08 | N/A | 9.8 CRITICAL |
| A vulnerability in the Remember Me function of Mura CMS before v10.0.580 allows attackers to bypass authentication via a crafted web request. | |||||
| CVE-2022-37190 | 1 Cuppacms | 1 Cuppacms | 2023-08-08 | N/A | 8.8 HIGH |
| CuppaCMS 1.0 is vulnerable to Remote Code Execution (RCE). An authenticated user can control both parameters (action and function) from "/api/index.php. | |||||
| CVE-2022-21129 | 1 Paypal | 1 Nemo-appium | 2023-08-08 | N/A | 9.8 CRITICAL |
| Versions of the package nemo-appium before 0.0.9 are vulnerable to Command Injection due to improper input sanitization in the 'module.exports.setup' function. **Note:** In order to exploit this vulnerability appium-running 0.1.3 has to be installed as one of nemo-appium dependencies. | |||||
| CVE-2022-37734 | 1 Graphql-java Project | 1 Graphql-java | 2023-08-08 | N/A | 7.5 HIGH |
| graphql-java before19.0 is vulnerable to Denial of Service. An attacker can send a malicious GraphQL query that consumes CPU resources. The fixed versions are 19.0 and later, 18.3, and 17.4, and 0.0.0-2022-07-26T05-45-04-226aabd9. | |||||
| CVE-2022-3317 | 1 Google | 2 Android, Chrome | 2023-08-08 | N/A | 4.3 MEDIUM |
| Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 106.0.5249.62 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low) | |||||
| CVE-2021-27101 | 1 Accellion | 1 Fta | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| Accellion FTA 9_12_370 and earlier is affected by SQL injection via a crafted Host header in a request to document_root.html. The fixed version is FTA_9_12_380 and later. | |||||
| CVE-2021-25298 | 1 Nagios | 1 Nagios Xi | 2023-08-08 | 9.0 HIGH | 8.8 HIGH |
| Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/cloud-vm/cloud-vm.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server. | |||||
| CVE-2021-25297 | 1 Nagios | 1 Nagios Xi | 2023-08-08 | 9.0 HIGH | 8.8 HIGH |
| Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server. | |||||
| CVE-2022-27411 | 1 Totolink | 2 N600r, N600r Firmware | 2023-08-08 | 10.0 HIGH | 9.8 CRITICAL |
| TOTOLINK N600R v5.3c.5507_B20171031 was discovered to contain a command injection vulnerability via the QUERY_STRING parameter in the "Main" function. | |||||
| CVE-2022-41326 | 1 Mitel | 1 Micollab | 2023-08-08 | N/A | 9.8 CRITICAL |
| The web conferencing component of Mitel MiCollab through 9.6.0.13 could allow an unauthenticated attacker to upload arbitrary scripts due to improper authorization controls. A successful exploit could allow remote code execution within the context of the application. | |||||
| CVE-2022-21131 | 1 Intel | 292 Core I9-7900x, Core I9-7900x Firmware, Core I9-7920x and 289 more | 2023-08-08 | 2.1 LOW | 5.5 MEDIUM |
| Improper access control for some Intel(R) Xeon(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2022-40216 | 1 Wordplus | 1 Better Messages | 2023-08-08 | N/A | 6.5 MEDIUM |
| Auth. (subscriber+) Messaging Block Bypass vulnerability in Better Messages plugin <= 1.9.10.69 on WordPress. | |||||
| CVE-2022-21173 | 1 Elecom | 16 Wrh-300bk3, Wrh-300bk3-s, Wrh-300bk3-s Firmware and 13 more | 2023-08-08 | 8.3 HIGH | 8.8 HIGH |
| Hidden functionality vulnerability in ELECOM LAN routers (WRH-300BK3 firmware v1.05 and earlier, WRH-300WH3 firmware v1.05 and earlier, WRH-300BK3-S firmware v1.05 and earlier, WRH-300DR3-S firmware v1.05 and earlier, WRH-300LB3-S firmware v1.05 and earlier, WRH-300PN3-S firmware v1.05 and earlier, WRH-300WH3-S firmware v1.05 and earlier, and WRH-300YG3-S firmware v1.05 and earlier) allows an attacker on the adjacent network to execute an arbitrary OS command via unspecified vectors. | |||||
| CVE-2021-25296 | 1 Nagios | 1 Nagios Xi | 2023-08-08 | 9.0 HIGH | 8.8 HIGH |
| Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server. | |||||
| CVE-2022-0172 | 1 Gitlab | 1 Gitlab | 2023-08-08 | 6.4 MEDIUM | 6.5 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.3. Under certain conditions it was possible to bypass the IP restriction for public projects through GraphQL allowing unauthorised users to read titles of issues, merge requests and milestones. | |||||
| CVE-2022-34827 | 1 Carel | 2 Boss Mini, Boss Mini Firmware | 2023-08-08 | N/A | 9.9 CRITICAL |
| Carel Boss Mini 1.5.0 has Improper Access Control. | |||||
| CVE-2022-2229 | 1 Gitlab | 1 Gitlab | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| An improper authorization issue in GitLab CE/EE affecting all versions from 13.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to extract the value of an unprotected variable they know the name of in public projects or private projects they're a member of. | |||||
| CVE-2022-23443 | 1 Fortinet | 1 Fortisoar | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| An improper access control in Fortinet FortiSOAR before 7.2.0 allows unauthenticated attackers to access gateway API data via crafted HTTP GET requests. | |||||
| CVE-2022-27808 | 2 Intel, Microsoft | 2 Administrative Tools For Intel Network Adapters, Windows | 2023-08-08 | N/A | 7.8 HIGH |
| Insufficient control flow management in some Intel(R) Ethernet Controller Administrative Tools drivers for Windows before version 1.5.0.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-37843 | 1 Totolink | 2 A860r, A860r Firmware | 2023-08-08 | N/A | 9.8 CRITICAL |
| In TOTOLINK A860R V4.1.2cu.5182_B20201027 in cstecgi.cgi, the acquired parameters are directly put into the system for execution without filtering, resulting in a command injection vulnerability. | |||||
| CVE-2022-33243 | 1 Qualcomm | 314 Apq8096au, Apq8096au Firmware, Aqt1000 and 311 more | 2023-08-08 | N/A | 7.8 HIGH |
| Memory corruption due to improper access control in Qualcomm IPC. | |||||
| CVE-2021-30349 | 1 Qualcomm | 282 Aqt1000, Aqt1000 Firmware, Ar8031 and 279 more | 2023-08-08 | 7.2 HIGH | 6.7 MEDIUM |
| Improper access control sequence for AC database after memory allocation can lead to possible memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2022-36348 | 1 Intel | 1 Server Platform Services | 2023-08-08 | N/A | 7.8 HIGH |
| Active debug code in some Intel (R) SPS firmware before version SPS_E5_04.04.04.300.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-43996 | 1 Facade | 1 Ignition | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| The Ignition component before 1.16.15, and 2.0.x before 2.0.6, for Laravel has a "fix variable names" feature that can lead to incorrect access control. | |||||
| CVE-2021-38878 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| IBM QRadar 7.3, 7.4, and 7.5 could allow a malicious actor to impersonate an actor due to key exchange without entity authentication. IBM X-Force ID: 208756. | |||||