Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-668
Total 688 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-1467 1 Aveva 2 Intouch Access Anywhere, Plant Scada Access Anywhere 2022-06-06 8.5 HIGH 9.9 CRITICAL
Windows OS can be configured to overlay a “language bar” on top of any application. When this OS functionality is enabled, the OS language bar UI will be viewable in the browser alongside the AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere applications. It is possible to manipulate the Windows OS language bar to launch an OS command prompt, resulting in a context-escape from application into OS.
CVE-2021-38905 2 Ibm, Netapp 2 Cognos Analytics, Oncommand Insight 2022-06-03 4.0 MEDIUM 4.3 MEDIUM
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow an authenticated user to view report pages that they should not have access to. IBM X-Force ID: 209697.
CVE-2021-38904 2 Ibm, Netapp 2 Cognos Analytics, Oncommand Insight 2022-06-03 4.3 MEDIUM 6.5 MEDIUM
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings. IBM X-Force ID: 209693.
CVE-2021-26314 6 Amd, Arm, Broadcom and 3 more 11 Ryzen 5 5600x, Ryzen 7 2700x, Ryzen Threadripper 2990wx and 8 more 2022-06-03 2.1 LOW 5.5 MEDIUM
Potential floating point value injection in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution with incorrect floating point results, may cause the use of incorrect data from FPVI and may result in data leakage.
CVE-2021-21334 2 Fedoraproject, Linuxfoundation 2 Fedora, Containerd 2022-06-03 4.3 MEDIUM 6.3 MEDIUM
In containerd (an industry-standard container runtime) before versions 1.3.10 and 1.4.4, containers launched through containerd's CRI implementation (through Kubernetes, crictl, or any other pod/container client that uses the containerd CRI service) that share the same image may receive incorrect environment variables, including values that are defined for other containers. If the affected containers have different security contexts, this may allow sensitive information to be unintentionally shared. If you are not using containerd's CRI implementation (through one of the mechanisms described above), you are not vulnerable to this issue. If you are not launching multiple containers or Kubernetes pods from the same image which have different environment variables, you are not vulnerable to this issue. If you are not launching multiple containers or Kubernetes pods from the same image in rapid succession, you have reduced likelihood of being vulnerable to this issue This vulnerability has been fixed in containerd 1.3.10 and containerd 1.4.4. Users should update to these versions.
CVE-2022-1413 1 Gitlab 1 Gitlab 2022-06-02 5.0 MEDIUM 7.5 HIGH
Missing input masking in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 before 14.10.1 causes potentially sensitive integration properties to be disclosed in the web interface
CVE-2021-26366 1 Amd 125 Athlon 3050ge, Athlon 3050ge Firmware, Athlon 3150g and 122 more 2022-06-01 3.6 LOW 7.1 HIGH
An attacker, who gained elevated privileges via some other vulnerability, may be able to read data from Boot ROM resulting in a loss of system integrity.
CVE-2021-26361 1 Amd 71 Athlon 3050ge, Athlon 3050ge Firmware, Athlon 3150g and 68 more 2022-06-01 2.1 LOW 5.5 MEDIUM
A malicious or compromised User Application (UApp) or AGESA Boot Loader (ABL) could be used by an attacker to exfiltrate arbitrary memory from the ASP stage 2 bootloader potentially leading to information disclosure.
CVE-2022-0005 1 Intel 918 Celeron G5205u, Celeron G5205u Firmware, Celeron G5305u and 915 more 2022-06-01 2.1 LOW 2.4 LOW
Sensitive information accessible by physical probing of JTAG interface for some Intel(R) Processors with SGX may allow an unprivileged user to potentially enable information disclosure via physical access.
CVE-2021-26363 1 Amd 67 Radeon Software, Ryzen 3 3100, Ryzen 3 3100 Firmware and 64 more 2022-06-01 3.6 LOW 4.4 MEDIUM
A malicious or compromised UApp or ABL could potentially change the value that the ASP uses for its reserved DRAM, to one outside of the fenced area, potentially leading to data exposure.
CVE-2021-26317 1 Amd 147 Athlon 3050ge, Athlon 3050ge Firmware, Athlon 3150g and 144 more 2022-06-01 7.2 HIGH 7.8 HIGH
Failure to verify the protocol in SMM may allow an attacker to control the protocol and modify SPI flash resulting in a potential arbitrary code execution.
CVE-2022-28991 1 Bdtask 1 Multi Store Inventory Management System 2022-05-31 5.0 MEDIUM 7.5 HIGH
Multi Store Inventory Management System v1.0 was discovered to contain an information disclosure vulnerability which allows attackers to access sensitive files.
CVE-2022-29646 1 Totolink 2 A3100r, A3100r Firmware 2022-05-26 5.0 MEDIUM 5.3 MEDIUM
An access control issue in TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 allows attackers to obtain sensitive information via a crafted web request.
CVE-2022-28924 1 Universis 1 Universis-students 2022-05-26 4.0 MEDIUM 6.5 MEDIUM
An information disclosure vulnerability in UniverSIS-Students before v1.5.0 allows attackers to obtain sensitive information via a crafted GET request to the endpoint /api/students/me/courses/.
CVE-2021-27770 1 Hcltech 1 Sametime 2022-05-24 6.8 MEDIUM 8.8 HIGH
The vulnerability was discovered within the “FaviconService”. The service takes a base64-encoded URL which is then requested by the webserver. We assume this service is used by the “meetings”-function where users can specify an external URL where the online meeting will take place.
CVE-2021-43227 1 Microsoft 5 Windows 10, Windows 11, Windows Server and 2 more 2022-05-23 2.1 LOW 5.5 MEDIUM
Storage Spaces Controller Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-43235.
CVE-2021-43235 1 Microsoft 5 Windows 10, Windows 11, Windows Server and 2 more 2022-05-23 2.1 LOW 5.5 MEDIUM
Storage Spaces Controller Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-43227.
CVE-2021-43224 1 Microsoft 10 Windows 10, Windows 11, Windows 7 and 7 more 2022-05-23 2.1 LOW 5.5 MEDIUM
Windows Common Log File System Driver Information Disclosure Vulnerability
CVE-2021-43222 1 Microsoft 10 Windows 10, Windows 11, Windows 7 and 7 more 2022-05-23 5.0 MEDIUM 7.5 HIGH
Microsoft Message Queuing Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-43236.
CVE-2021-43216 1 Microsoft 10 Windows 10, Windows 11, Windows 7 and 7 more 2022-05-23 6.8 MEDIUM 6.5 MEDIUM
Microsoft Local Security Authority Server (lsasrv) Information Disclosure Vulnerability