Total
688 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-22314 | 1 Ibm | 1 Planning Analytics Workspace | 2022-09-13 | N/A | 3.3 LOW |
| IBM Planning Analytics Local 2.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 217371. | |||||
| CVE-2022-37146 | 1 Plextrac | 1 Plextrac | 2022-09-13 | N/A | 5.3 MEDIUM |
| The PlexTrac platform prior to version 1.28.0 allows for username enumeration via HTTP response times on invalid login attempts for users configured to use the PlexTrac authentication provider. Login attempts for valid, unlocked users configured to use PlexTrac as their authentication provider take significantly longer than those for invalid users, allowing for valid users to be enumerated by an unauthenticated remote attacker. Note that the lockout policy implemented in Plextrac version 1.17.0 makes it impossible to distinguish between valid, locked user accounts and user accounts that do not exist, but does not prevent valid, unlocked users from being enumerated. | |||||
| CVE-2022-23690 | 1 Arubanetworks | 13 Aos-cx, Cx 10000, Cx 4100i and 10 more | 2022-09-12 | N/A | 5.3 MEDIUM |
| A vulnerability in the web-based management interface of AOS-CX could allow a remote unauthenticated attacker to fingerprint the exact version AOS-CX running on the switch. This allows an attacker to retrieve information which could be used to more precisely target the switch for further exploitation in ArubaOS-CX Switches version(s): AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1020 and below, AOS-CX 10.08.xxxx: 10.08.1060 and below, AOS-CX 10.06.xxxx: 10.06.0200 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address this security vulnerability. | |||||
| CVE-2022-28376 | 1 Verizon | 2 Lvskihp, Lvskihp Firmware | 2022-09-09 | 6.8 MEDIUM | 8.1 HIGH |
| Verizon 5G Home LVSKIHP outside devices through 2022-02-15 allow anyone (knowing the device's serial number) to access a CPE admin website, e.g., at the 10.0.0.1 IP address. The password (for the verizon username) is calculated by concatenating the serial number and the model (i.e., the LVSKIHP string), running the sha256sum program, and extracting the first seven characters concatenated with the last seven characters of that SHA-256 value. | |||||
| CVE-2022-29500 | 3 Debian, Fedoraproject, Schedmd | 3 Debian Linux, Fedora, Slurm | 2022-09-09 | 9.0 HIGH | 8.8 HIGH |
| SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Information Disclosure. | |||||
| CVE-2022-34867 | 1 Wp Libre Form Project | 1 Wp Libre Form | 2022-09-08 | N/A | 6.5 MEDIUM |
| Unauthenticated Sensitive Information Disclosure vulnerability in WP Libre Form 2 plugin <= 2.0.8 at WordPress allows attackers to list and delete submissions. Affects only versions from 2.0.0 to 2.0.8. | |||||
| CVE-2022-26330 | 1 Microfocus | 1 Arcsight Logger | 2022-09-06 | N/A | 7.5 HIGH |
| Potential vulnerabilities have been identified in Micro Focus ArcSight Logger. The vulnerabilities could be remotely exploited resulting in Information Disclosure, or Self Cross-Site Scripting (XSS). This issue affects: Micro Focus ArcSight Logger versions prior to v7.2.2 version and prior versions. | |||||
| CVE-2022-22662 | 2 Apple, Fedoraproject | 3 Mac Os X, Macos, Fedora | 2022-09-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cookie management issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may disclose sensitive user information. | |||||
| CVE-2021-42001 | 1 Pingidentity | 1 Pingid Desktop | 2022-09-02 | 4.0 MEDIUM | 9.9 CRITICAL |
| PingID Desktop prior to 1.7.3 has a misconfiguration in the encryption libraries which can lead to sensitive data exposure. An attacker capable of exploiting this vulnerability may be able to successfully complete an MFA challenge via OTP. | |||||
| CVE-2022-1488 | 1 Google | 1 Chrome | 2022-09-01 | N/A | 4.3 MEDIUM |
| Inappropriate implementation in Extensions API in Google Chrome prior to 101.0.4951.41 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. | |||||
| CVE-2022-1146 | 1 Google | 1 Chrome | 2022-09-01 | N/A | 6.5 MEDIUM |
| Inappropriate implementation in Resource Timing in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2022-36226 | 1 Siteservercms Project | 1 Siteservercms | 2022-08-31 | N/A | 7.2 HIGH |
| SiteServerCMS 5.X has a Remote-download-Getshell-vulnerability via /SiteServer/Ajax/ajaxOtherService.aspx. | |||||
| CVE-2021-22897 | 4 Haxx, Netapp, Oracle and 1 more | 29 Curl, Cloud Backup, H300e and 26 more | 2022-08-30 | 4.3 MEDIUM | 5.3 MEDIUM |
| curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising side-effect that if an application sets up multiple concurrent transfers, the last one that sets the ciphers will accidentally control the set used by all transfers. In a worst-case scenario, this weakens transport security significantly. | |||||
| CVE-2021-23263 | 1 Craftercms | 1 Crafter Cms | 2022-08-30 | 5.0 MEDIUM | 7.5 HIGH |
| Unauthenticated remote attackers can read textual content via FreeMarker including files /scripts/*, /templates/* and some of the files in /.git/* (non-binary). | |||||
| CVE-2022-2479 | 1 Google | 2 Android, Chrome | 2022-08-30 | N/A | 4.3 MEDIUM |
| Insufficient validation of untrusted input in File in Google Chrome on Android prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious app to obtain potentially sensitive information from internal file directories via a crafted HTML page. | |||||
| CVE-2022-34775 | 1 Tabit Technologies | 1 Tabit | 2022-08-26 | N/A | 7.5 HIGH |
| Tabit - Excessive data exposure. Another endpoint mapped by the tiny url, was one for reservation cancellation, containing the MongoDB ID of the reservation, and organization. This can be used to query the http://tgm-api.tabit.cloud/rsv/management/{reservationId}?organization={orgId} API which returns a lot of data regarding the reservation (OWASP: API3): Name, mail, phone number, the number of visits of the user to this specific restaurant, the money he spent there, the money he spent on alcohol, whether he left a deposit etc. This information can easily be used for a phishing attack. | |||||
| CVE-2022-35235 | 1 Xplodedthemes | 1 Wpide - File Manager \& Code Editor | 2022-08-25 | N/A | 4.9 MEDIUM |
| Authenticated (admin+) Arbitrary File Read vulnerability in XplodedThemes WPide plugin <= 2.6 at WordPress. | |||||
| CVE-2022-2792 | 1 Emerson | 1 Electric\'s Proficy | 2022-08-24 | N/A | 7.5 HIGH |
| Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-284 Improper Access Control, and stores project data in a directory with improper access control lists. | |||||
| CVE-2022-31238 | 1 Dell | 1 Emc Powerscale Onefs | 2022-08-24 | N/A | 5.5 MEDIUM |
| Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain a process invoked with sensitive information vulnerability. A CLI user may potentially exploit this vulnerability, leading to information disclosure. | |||||
| CVE-2022-25986 | 1 Cybozu | 1 Office | 2022-08-18 | N/A | 4.3 MEDIUM |
| Browse restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Scheduler. | |||||