Total
6955 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-1004 | 1 Otrs | 1 Otrs | 2022-03-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| Accounted time is shown in the Ticket Detail View (External Interface), even if ExternalFrontend::TicketDetailView###AccountedTimeDisplay is disabled. | |||||
| CVE-2022-25248 | 1 Ptc | 2 Axeda Agent, Axeda Desktop Server | 2022-03-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) supplies the event log of the specific service. | |||||
| CVE-2015-8481 | 1 Atlassian | 3 Jira Core, Jira Server, Jira Service Desk | 2022-03-28 | 3.5 LOW | 3.1 LOW |
| Atlassian JIRA Software 7.0.3, JIRA Core 7.0.3, and the bundled JIRA Service Desk 3.0.3 installer attaches the wrong image to e-mail notifications when a user views an issue with inline wiki markup referencing an image attachment, which might allow remote attackers to obtain sensitive information by updating a different issue that includes wiki markup for an external image reference. | |||||
| CVE-2021-39125 | 1 Atlassian | 3 Data Center, Jira, Jira Server | 2022-03-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to discover the usernames of users via an enumeration vulnerability in the password reset page. The affected versions are before version 8.5.10, and from version 8.6.0 before 8.13.1. | |||||
| CVE-2020-14181 | 1 Atlassian | 3 Data Center, Jira, Jira Server | 2022-03-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the /ViewUserHover.jspa endpoint. The affected versions are before version 7.13.6, from version 8.0.0 before 8.5.7, and from version 8.6.0 before 8.12.0. | |||||
| CVE-2017-18104 | 1 Atlassian | 2 Jira, Jira Server | 2022-03-25 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Webhooks component of Atlassian Jira before version 7.6.7 and from version 7.7.0 before version 7.11.0 allows remote attackers who are able to observe or otherwise intercept webhook events to learn information about changes in issues that should not be sent because they are not contained within the results of a specified JQL query. | |||||
| CVE-2018-13391 | 1 Atlassian | 2 Jira, Jira Server | 2022-03-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| The ProfileLinkUserFormat component of Jira Server before version 7.6.8, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3 and from version 7.11.0 before version 7.11.2 allows remote attackers who can access & view an issue to obtain the email address of the reporter and assignee user of an issue despite the configured email visibility setting being set to hidden. | |||||
| CVE-2022-22621 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2022-03-24 | 2.1 LOW | 4.6 MEDIUM |
| This issue was addressed with improved checks. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. A person with physical access to an iOS device may be able to see sensitive information via keyboard suggestions. | |||||
| CVE-2022-24742 | 1 Sylius | 1 Sylius | 2022-03-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| Sylius is an open source eCommerce platform. Prior to versions 1.9.10, 1.10.11, and 1.11.2, any other user can view the data if browser tab remains unclosed after log out. The issue is fixed in versions 1.9.10, 1.10.11, and 1.11.2. A workaround is available. The application must strictly redirect to login page even browser back button is pressed. Another possibility is to set more strict cache policies for restricted content. | |||||
| CVE-2022-25512 | 1 Freetakserver-ui Project | 1 Freetakserver-ui | 2022-03-22 | 5.0 MEDIUM | 7.5 HIGH |
| FreeTAKServer-UI v1.9.8 was discovered to leak sensitive API and Websocket keys. | |||||
| CVE-2022-24762 | 1 Sysend.js Project | 1 Sysend.js | 2022-03-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| sysend.js is a library that allows a user to send messages between pages that are open in the same browser. Users that use cross-origin communication may have their communications intercepted. Impact is limited by the communication occurring in the same browser. This issue has been patched in sysend.js version 1.10.0. The only currently known workaround is to avoid sending communications that a user does not want to have intercepted via sysend messages. | |||||
| CVE-2022-26847 | 2 Debian, Spip | 2 Debian Linux, Spip | 2022-03-18 | 5.0 MEDIUM | 5.3 MEDIUM |
| SPIP before 3.2.14 and 4.x before 4.0.5 allows unauthenticated access to information about editorial objects. | |||||
| CVE-2022-25830 | 1 Samsung | 1 Galaxy Watch 3 Plugin | 2022-03-18 | 2.1 LOW | 3.3 LOW |
| Information Exposure vulnerability in Galaxy Watch3 Plugin prior to version 2.2.09.22012751 allows attacker to access password information of connected WiFiAp in the log | |||||
| CVE-2022-25829 | 1 Samsung | 1 Watch Active2 Plugin | 2022-03-18 | 2.1 LOW | 3.3 LOW |
| Information Exposure vulnerability in Watch Active2 Plugin prior to version 2.2.08.22012751 allows attacker to access password information of connected WiFiAp in the log | |||||
| CVE-2022-25828 | 1 Samsung | 1 Watch Active Plugin | 2022-03-18 | 2.1 LOW | 3.3 LOW |
| Information Exposure vulnerability in Watch Active Plugin prior to version 2.2.07.22012751 allows attacker to access password information of connected WiFiAp in the log | |||||
| CVE-2022-25827 | 1 Samsung | 1 Galaxy Watch Plugin | 2022-03-18 | 2.1 LOW | 3.3 LOW |
| Information Exposure vulnerability in Galaxy Watch Plugin prior to version 2.2.05.22012751 allows attacker to access password information of connected WiFiAp in the log | |||||
| CVE-2022-25826 | 1 Samsung | 1 Galaxy Watch 3 Plugin | 2022-03-18 | 2.1 LOW | 3.3 LOW |
| Information Exposure vulnerability in Galaxy S3 Plugin prior to version 2.2.03.22012751 allows attacker to access password information of connected WiFiAp in the log | |||||
| CVE-2022-25823 | 1 Samsung | 1 Galaxy Watch Plugin | 2022-03-18 | 2.1 LOW | 3.3 LOW |
| Information Exposure vulnerability in Galaxy Watch Plugin prior to version 2.2.05.220126741 allows attackers to access user information in log. | |||||
| CVE-2022-24725 | 1 Shescape Project | 1 Shescape | 2022-03-17 | 1.9 LOW | 5.5 MEDIUM |
| Shescape is a shell escape package for JavaScript. An issue in versions 1.4.0 to 1.5.1 allows for exposure of the home directory on Unix systems when using Bash with the `escape` or `escapeAll` functions from the _shescape_ API with the `interpolation` option set to `true`. Other tested shells, Dash and Zsh, are not affected. Depending on how the output of _shescape_ is used, directory traversal may be possible in the application using _shescape_. The issue was patched in version 1.5.1. As a workaround, manually escape all instances of the tilde character (`~`) using `arg.replace(/~/g, "\\~")`. | |||||
| CVE-2022-24747 | 1 Shopware | 1 Shopware | 2022-03-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. Affected versions of shopware do no properly set sensitive HTTP headers to be non-cacheable. If there is an HTTP cache between the server and client then headers may be exposed via HTTP caches. This issue has been resolved in version 6.4.8.2. There are no known workarounds. | |||||