Total
688 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-1467 | 1 Aveva | 2 Intouch Access Anywhere, Plant Scada Access Anywhere | 2022-06-06 | 8.5 HIGH | 9.9 CRITICAL |
Windows OS can be configured to overlay a “language bar” on top of any application. When this OS functionality is enabled, the OS language bar UI will be viewable in the browser alongside the AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere applications. It is possible to manipulate the Windows OS language bar to launch an OS command prompt, resulting in a context-escape from application into OS. | |||||
CVE-2021-38905 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2022-06-03 | 4.0 MEDIUM | 4.3 MEDIUM |
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow an authenticated user to view report pages that they should not have access to. IBM X-Force ID: 209697. | |||||
CVE-2021-38904 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2022-06-03 | 4.3 MEDIUM | 6.5 MEDIUM |
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings. IBM X-Force ID: 209693. | |||||
CVE-2021-26314 | 6 Amd, Arm, Broadcom and 3 more | 11 Ryzen 5 5600x, Ryzen 7 2700x, Ryzen Threadripper 2990wx and 8 more | 2022-06-03 | 2.1 LOW | 5.5 MEDIUM |
Potential floating point value injection in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution with incorrect floating point results, may cause the use of incorrect data from FPVI and may result in data leakage. | |||||
CVE-2021-21334 | 2 Fedoraproject, Linuxfoundation | 2 Fedora, Containerd | 2022-06-03 | 4.3 MEDIUM | 6.3 MEDIUM |
In containerd (an industry-standard container runtime) before versions 1.3.10 and 1.4.4, containers launched through containerd's CRI implementation (through Kubernetes, crictl, or any other pod/container client that uses the containerd CRI service) that share the same image may receive incorrect environment variables, including values that are defined for other containers. If the affected containers have different security contexts, this may allow sensitive information to be unintentionally shared. If you are not using containerd's CRI implementation (through one of the mechanisms described above), you are not vulnerable to this issue. If you are not launching multiple containers or Kubernetes pods from the same image which have different environment variables, you are not vulnerable to this issue. If you are not launching multiple containers or Kubernetes pods from the same image in rapid succession, you have reduced likelihood of being vulnerable to this issue This vulnerability has been fixed in containerd 1.3.10 and containerd 1.4.4. Users should update to these versions. | |||||
CVE-2022-1413 | 1 Gitlab | 1 Gitlab | 2022-06-02 | 5.0 MEDIUM | 7.5 HIGH |
Missing input masking in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 before 14.10.1 causes potentially sensitive integration properties to be disclosed in the web interface | |||||
CVE-2021-26366 | 1 Amd | 125 Athlon 3050ge, Athlon 3050ge Firmware, Athlon 3150g and 122 more | 2022-06-01 | 3.6 LOW | 7.1 HIGH |
An attacker, who gained elevated privileges via some other vulnerability, may be able to read data from Boot ROM resulting in a loss of system integrity. | |||||
CVE-2021-26361 | 1 Amd | 71 Athlon 3050ge, Athlon 3050ge Firmware, Athlon 3150g and 68 more | 2022-06-01 | 2.1 LOW | 5.5 MEDIUM |
A malicious or compromised User Application (UApp) or AGESA Boot Loader (ABL) could be used by an attacker to exfiltrate arbitrary memory from the ASP stage 2 bootloader potentially leading to information disclosure. | |||||
CVE-2022-0005 | 1 Intel | 918 Celeron G5205u, Celeron G5205u Firmware, Celeron G5305u and 915 more | 2022-06-01 | 2.1 LOW | 2.4 LOW |
Sensitive information accessible by physical probing of JTAG interface for some Intel(R) Processors with SGX may allow an unprivileged user to potentially enable information disclosure via physical access. | |||||
CVE-2021-26363 | 1 Amd | 67 Radeon Software, Ryzen 3 3100, Ryzen 3 3100 Firmware and 64 more | 2022-06-01 | 3.6 LOW | 4.4 MEDIUM |
A malicious or compromised UApp or ABL could potentially change the value that the ASP uses for its reserved DRAM, to one outside of the fenced area, potentially leading to data exposure. | |||||
CVE-2021-26317 | 1 Amd | 147 Athlon 3050ge, Athlon 3050ge Firmware, Athlon 3150g and 144 more | 2022-06-01 | 7.2 HIGH | 7.8 HIGH |
Failure to verify the protocol in SMM may allow an attacker to control the protocol and modify SPI flash resulting in a potential arbitrary code execution. | |||||
CVE-2022-28991 | 1 Bdtask | 1 Multi Store Inventory Management System | 2022-05-31 | 5.0 MEDIUM | 7.5 HIGH |
Multi Store Inventory Management System v1.0 was discovered to contain an information disclosure vulnerability which allows attackers to access sensitive files. | |||||
CVE-2022-29646 | 1 Totolink | 2 A3100r, A3100r Firmware | 2022-05-26 | 5.0 MEDIUM | 5.3 MEDIUM |
An access control issue in TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 allows attackers to obtain sensitive information via a crafted web request. | |||||
CVE-2022-28924 | 1 Universis | 1 Universis-students | 2022-05-26 | 4.0 MEDIUM | 6.5 MEDIUM |
An information disclosure vulnerability in UniverSIS-Students before v1.5.0 allows attackers to obtain sensitive information via a crafted GET request to the endpoint /api/students/me/courses/. | |||||
CVE-2021-27770 | 1 Hcltech | 1 Sametime | 2022-05-24 | 6.8 MEDIUM | 8.8 HIGH |
The vulnerability was discovered within the “FaviconService”. The service takes a base64-encoded URL which is then requested by the webserver. We assume this service is used by the “meetings”-function where users can specify an external URL where the online meeting will take place. | |||||
CVE-2021-43227 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server and 2 more | 2022-05-23 | 2.1 LOW | 5.5 MEDIUM |
Storage Spaces Controller Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-43235. | |||||
CVE-2021-43235 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server and 2 more | 2022-05-23 | 2.1 LOW | 5.5 MEDIUM |
Storage Spaces Controller Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-43227. | |||||
CVE-2021-43224 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-05-23 | 2.1 LOW | 5.5 MEDIUM |
Windows Common Log File System Driver Information Disclosure Vulnerability | |||||
CVE-2021-43222 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-05-23 | 5.0 MEDIUM | 7.5 HIGH |
Microsoft Message Queuing Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-43236. | |||||
CVE-2021-43216 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-05-23 | 6.8 MEDIUM | 6.5 MEDIUM |
Microsoft Local Security Authority Server (lsasrv) Information Disclosure Vulnerability |