Search
Total
21119 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-35838 | 1 Microsoft | 2 Windows 11, Windows Server 2022 | 2023-08-08 | N/A | 7.5 HIGH |
| HTTP V3 Denial of Service Vulnerability | |||||
| CVE-2022-36121 | 1 Ssctech | 1 Blue Prism Enterprise | 2023-08-08 | N/A | 5.3 MEDIUM |
| An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to reverse engineer the Blue Prism software and circumvent access controls for the UpdateOfflineHelpData administrative function. Abusing this function will allow any Blue Prism user to change the offline help URL to one of their choice, opening the possibility of spoofing the help page or executing a local file. | |||||
| CVE-2022-39196 | 1 Blackboard | 1 Blackboard Learn | 2023-08-08 | N/A | 6.5 MEDIUM |
| Blackboard Learn 1.10.1 allows remote authenticated users to read unintended files by entering student credentials and then directly visiting a certain webapps/bbcms/execute/ URL. | |||||
| CVE-2022-22314 | 1 Ibm | 1 Planning Analytics Workspace | 2023-08-08 | N/A | 3.3 LOW |
| IBM Planning Analytics Local 2.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 217371. | |||||
| CVE-2021-43955 | 1 Atlassian | 2 Crucible, Fisheye | 2023-08-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| The /rest-service-fecru/server-v1 resource in Fisheye and Crucible before version 4.8.9 allowed authenticated remote attackers to obtain information about installation directories via information disclosure vulnerability. | |||||
| CVE-2022-26816 | 1 Microsoft | 3 Windows Server 2016, Windows Server 2019, Windows Server 2022 | 2023-08-08 | 4.0 MEDIUM | 6.5 MEDIUM |
| Windows DNS Server Information Disclosure Vulnerability | |||||
| CVE-2022-22579 | 1 Apple | 5 Ipados, Iphone Os, Mac Os X and 2 more | 2023-08-08 | 9.3 HIGH | 7.8 HIGH |
| An information disclosure issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS 15.3, tvOS 15.3, Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. Processing a maliciously crafted STL file may lead to unexpected application termination or arbitrary code execution. | |||||
| CVE-2021-26095 | 1 Fortinet | 1 Fortimail | 2023-08-08 | 6.5 MEDIUM | 8.8 HIGH |
| The combination of various cryptographic issues in the session management of FortiMail 6.4.0 through 6.4.4 and 6.2.0 through 6.2.6, including the encryption construction of the session cookie, may allow a remote attacker already in possession of a cookie to possibly reveal and alter or forge its content, thereby escalating privileges. | |||||
| CVE-2022-34382 | 1 Dell | 3 Alienware Update, Command Update, Update | 2023-08-08 | N/A | 7.8 HIGH |
| Dell Command Update, Dell Update and Alienware Update versions prior to 4.6.0 contains a Local Privilege Escalation Vulnerability in the custom catalog configuration. A local malicious user may potentially exploit this vulnerability in order to elevate their privileges. | |||||
| CVE-2022-20217 | 1 Google | 1 Android | 2023-08-08 | N/A | 6.5 MEDIUM |
| There is a unauthorized broadcast in the SprdContactsProvider. A third-party app could use this issue to delete Fdn contact.Product: AndroidVersions: Android SoCAndroid ID: A-232441378 | |||||
| CVE-2021-42295 | 1 Microsoft | 2 365 Apps, Office | 2023-08-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| Visual Basic for Applications Information Disclosure Vulnerability | |||||
| CVE-2022-36117 | 1 Ssctech | 1 Blue Prism | 2023-08-08 | N/A | 3.1 LOW |
| An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to reverse engineer the Blue Prism software and circumvent access controls for an administrative function. If credential access is configured to be accessible by a machine or the runtime resource security group, using further reverse engineering, an attacker can spoof a known machine and request known encrypted credentials to decrypt later. | |||||
| CVE-2022-23254 | 1 Microsoft | 1 Powerbi-client Js Sdk | 2023-08-08 | 4.0 MEDIUM | 4.9 MEDIUM |
| Microsoft Power BI Information Disclosure Vulnerability | |||||
| CVE-2022-35833 | 1 Microsoft | 9 Windows 10, Windows 11, Windows 7 and 6 more | 2023-08-08 | N/A | 7.5 HIGH |
| Windows Secure Channel Denial of Service Vulnerability | |||||
| CVE-2022-0331 | 1 Sophos | 1 Sfos | 2023-08-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| An information disclosure vulnerability in Webadmin allows an unauthenticated remote attacker to read the device serial number in Sophos Firewall version v18.5 MR2 and older. | |||||
| CVE-2021-31232 | 1 Linuxfoundation | 1 Cortex | 2023-08-08 | 2.1 LOW | 5.5 MEDIUM |
| The Alertmanager in CNCF Cortex before 1.8.1 has a local file disclosure vulnerability when -experimental.alertmanager.enable-api is used. The HTTP basic auth password_file can be used as an attack vector to send any file content via a webhook. The alertmanager templates can be used as an attack vector to send any file content because the alertmanager can load any text file specified in the templates list. | |||||
| CVE-2022-2259 | 1 Octopus | 1 Octopus Server | 2023-08-08 | N/A | 4.3 MEDIUM |
| In affected versions of Octopus Deploy it is possible for a user to view Workerpools without being explicitly assigned permissions to view these items | |||||
| CVE-2022-23690 | 1 Arubanetworks | 13 Aos-cx, Cx 10000, Cx 4100i and 10 more | 2023-08-08 | N/A | 5.3 MEDIUM |
| A vulnerability in the web-based management interface of AOS-CX could allow a remote unauthenticated attacker to fingerprint the exact version AOS-CX running on the switch. This allows an attacker to retrieve information which could be used to more precisely target the switch for further exploitation in ArubaOS-CX Switches version(s): AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1020 and below, AOS-CX 10.08.xxxx: 10.08.1060 and below, AOS-CX 10.06.xxxx: 10.06.0200 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address this security vulnerability. | |||||
| CVE-2021-39757 | 1 Google | 1 Android | 2023-08-08 | 2.1 LOW | 5.5 MEDIUM |
| In PermissionController, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-176094662 | |||||
| CVE-2022-23691 | 1 Arubanetworks | 5 Aos-cx, Cx 10000, Cx 8320 and 2 more | 2023-08-08 | N/A | 6.8 MEDIUM |
| A vulnerability exists in certain AOS-CX switch models which could allow an attacker with access to the recovery console to bypass normal authentication. A successful exploit allows an attacker to bypass system authentication and achieve total switch compromise in ArubaOS-CX Switches version(s): AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1030 and below, AOS-CX 10.08.xxxx: 10.08.1070 and below, AOS-CX 10.06.xxxx: 10.06.0210 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address this security vulnerability. | |||||
| CVE-2022-0735 | 1 Gitlab | 1 Gitlab | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.6.5, all versions starting from 14.7 before 14.7.4, all versions starting from 14.8 before 14.8.2. An unauthorised user was able to steal runner registration tokens through an information disclosure vulnerability using quick actions commands. | |||||
| CVE-2022-37954 | 1 Microsoft | 4 Windows 10, Windows 11, Windows Server 2019 and 1 more | 2023-08-08 | N/A | 7.8 HIGH |
| DirectX Graphics Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2022-35841 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2023-08-08 | N/A | 8.8 HIGH |
| Windows Enterprise App Management Service Remote Code Execution Vulnerability | |||||
| CVE-2021-26267 | 1 Cpanel | 1 Cpanel | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| cPanel before 92.0.9 allows a MySQL user (who has an old-style password hash) to bypass suspension (SEC-579). | |||||
| CVE-2022-35837 | 1 Microsoft | 9 Windows 10, Windows 11, Windows 7 and 6 more | 2023-08-08 | N/A | 6.5 MEDIUM |
| Windows Graphics Component Information Disclosure Vulnerability | |||||
| CVE-2022-22027 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-08-08 | 6.8 MEDIUM | 7.8 HIGH |
| Windows Fax Service Remote Code Execution Vulnerability | |||||
| CVE-2022-32896 | 1 Apple | 1 Macos | 2023-08-08 | N/A | 5.5 MEDIUM |
| This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Monterey 12.6, macOS Big Sur 11.7. A user may be able to view sensitive user information. | |||||
| CVE-2022-23689 | 1 Arubanetworks | 13 Aos-cx, Cx 10000, Cx 4100i and 10 more | 2023-08-08 | N/A | 4.3 MEDIUM |
| Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Successful exploitation of these vulnerabilities may allow an attacker to impact the availability of the AOS-CX LLDP service and/or the management plane of the switch in ArubaOS-CX Switches version(s): AOS-CX 10.09.xxxx: 10.09.1010 and below, AOS-CX 10.08.xxxx: 10.08.1050 and below, AOS-CX 10.06.xxxx: 10.06.0190 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address these security vulnerabilities. | |||||
| CVE-2022-25571 | 1 Bluedon | 1 Internet Access Detector | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| Bluedon Information Security Technologies Co.,Ltd Internet Access Detector v1.0 was discovered to contain an information leak which allows attackers to access the contents of the password file via unspecified vectors. | |||||
| CVE-2021-45101 | 1 Wisc | 1 Htcondor | 2023-08-08 | 5.5 MEDIUM | 8.1 HIGH |
| An issue was discovered in HTCondor before 8.8.15, 9.0.x before 9.0.4, and 9.1.x before 9.1.2. Using standard command-line tools, a user with only READ access to an HTCondor SchedD or Collector daemon can discover secrets that could allow them to control other users' jobs and/or read their data. | |||||
| CVE-2022-31660 | 3 Linux, Microsoft, Vmware | 6 Linux Kernel, Windows, Access Connector and 3 more | 2023-08-08 | N/A | 7.8 HIGH |
| VMware Workspace ONE Access, Identity Manager and vRealize Automation contains a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'. | |||||
| CVE-2021-22367 | 1 Huawei | 2 Emui, Magic Ui | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| There is a Key Management Errors Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may lead to authentication bypass. | |||||
| CVE-2022-0461 | 1 Google | 1 Chrome | 2023-08-08 | 6.4 MEDIUM | 6.5 MEDIUM |
| Policy bypass in COOP in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to bypass iframe sandbox via a crafted HTML page. | |||||
| CVE-2022-23700 | 1 Hp | 1 Oneview | 2023-08-08 | 2.1 LOW | 5.5 MEDIUM |
| A local unauthorized read access to files vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView. | |||||
| CVE-2021-37540 | 1 Jetbrains | 1 Hub | 2023-08-08 | 6.4 MEDIUM | 6.5 MEDIUM |
| In JetBrains Hub before 2021.1.13262, a potentially insufficient CSP for the Widget deployment feature was used. | |||||
| CVE-2022-24475 | 1 Microsoft | 1 Edge Chromium | 2023-08-08 | 5.1 MEDIUM | 8.3 HIGH |
| Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | |||||
| CVE-2022-26891 | 1 Microsoft | 1 Edge Chromium | 2023-08-08 | 5.1 MEDIUM | 8.3 HIGH |
| Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | |||||
| CVE-2022-23699 | 1 Hp | 1 Oneview | 2023-08-08 | 4.6 MEDIUM | 7.8 HIGH |
| A local authentication restriction bypass vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView. | |||||
| CVE-2022-26894 | 1 Microsoft | 1 Edge Chromium | 2023-08-08 | 5.1 MEDIUM | 8.3 HIGH |
| Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | |||||
| CVE-2022-22040 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-08-08 | 7.5 HIGH | 7.3 HIGH |
| Internet Information Services Dynamic Compression Module Denial of Service Vulnerability | |||||
| CVE-2021-36769 | 1 Telegram | 2 Telegram, Telegram Desktop | 2023-08-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| A reordering issue exists in Telegram before 7.8.1 for Android, Telegram before 7.8.3 for iOS, and Telegram Desktop before 2.8.8. An attacker can cause the server to receive messages in a different order than they were sent a client. | |||||
| CVE-2022-23688 | 1 Arubanetworks | 13 Aos-cx, Cx 10000, Cx 4100i and 10 more | 2023-08-08 | N/A | 4.3 MEDIUM |
| Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Successful exploitation of these vulnerabilities may allow an attacker to impact the availability of the AOS-CX LLDP service and/or the management plane of the switch in ArubaOS-CX Switches version(s): AOS-CX 10.09.xxxx: 10.09.1010 and below, AOS-CX 10.08.xxxx: 10.08.1050 and below, AOS-CX 10.06.xxxx: 10.06.0190 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address these security vulnerabilities. | |||||
| CVE-2021-30898 | 1 Apple | 2 Ipados, Iphone Os | 2023-08-08 | 2.1 LOW | 5.5 MEDIUM |
| An access issue was addressed with additional sandbox restrictions on third party applications. This issue is fixed in iOS 15 and iPadOS 15. A malicious application may be able to access some of the user's Apple ID information, or recent in-app search terms. | |||||
| CVE-2021-31231 | 1 Grafana | 1 Enterprise Metrics | 2023-08-08 | 2.1 LOW | 5.5 MEDIUM |
| The Alertmanager in Grafana Enterprise Metrics before 1.2.1 and Metrics Enterprise 1.2.1 has a local file disclosure vulnerability when experimental.alertmanager.enable-api is used. The HTTP basic auth password_file can be used as an attack vector to send any file content via a webhook. The alertmanager templates can be used as an attack vector to send any file content because the alertmanager can load any text file specified in the templates list. | |||||
| CVE-2021-30998 | 1 Apple | 2 Ipados, Iphone Os | 2023-08-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| A S/MIME issue existed in the handling of encrypted email. This issue was addressed with improved selection of the encryption certificate. This issue is fixed in iOS 15.2 and iPadOS 15.2. A sender's email address may be leaked when sending an S/MIME encrypted email using a certificate with more than one email address. | |||||
| CVE-2022-34113 | 1 Dataease | 1 Dataease | 2023-08-08 | N/A | 9.8 CRITICAL |
| An issue in the component /api/plugin/upload of Dataease v1.11.1 allows attackers to execute arbitrary code via a crafted plugin. | |||||
| CVE-2022-27333 | 1 Idccms Project | 1 Idccms | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| idcCMS v1.10 was discovered to contain an issue which allows attackers to arbitrarily delete the install.lock file, resulting in a reset of the CMS settings and data. | |||||
| CVE-2021-30944 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2023-08-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| Description: A logic issue was addressed with improved state management. This issue is fixed in iOS 15.2 and iPadOS 15.2, watchOS 8.3, macOS Monterey 12.1, tvOS 15.2. A malicious app may be able to access data from other apps by enabling additional logging. | |||||
| CVE-2022-22254 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| A permission bypass vulnerability exists when the NFC CAs access the TEE.Successful exploitation of this vulnerability may affect data confidentiality. | |||||
| CVE-2021-42299 | 1 Microsoft | 2 Surface Pro 3, Surface Pro 3 Firmware | 2023-08-08 | 3.6 LOW | 5.6 MEDIUM |
| Microsoft Surface Pro 3 Security Feature Bypass Vulnerability | |||||