Total
688 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-22515 | 1 Codesys | 18 Control For Beaglebone Sl, Control For Beckhoff Cx9020, Control For Empc-a\/imx6 Sl and 15 more | 2022-05-12 | 4.9 MEDIUM | 8.1 HIGH |
A remote, authenticated attacker could utilize the control program of the CODESYS Control runtime system to use the vulnerability in order to read and modify the configuration file(s) of the affected products. | |||||
CVE-2021-26312 | 1 Amd | 114 Epyc 7232p, Epyc 7232p Firmware, Epyc 7251 and 111 more | 2022-05-11 | 2.1 LOW | 5.5 MEDIUM |
Failure to flush the Translation Lookaside Buffer (TLB) of the I/O memory management unit (IOMMU) may lead an IO device to write to memory it should not be able to access, resulting in a potential loss of integrity. | |||||
CVE-2022-24897 | 1 Xwiki | 1 Xwiki | 2022-05-11 | 6.0 MEDIUM | 7.5 HIGH |
APIs to evaluate content with Velocity is a package for APIs to evaluate content with Velocity. Starting with version 2.3 and prior to 12.6.7, 12.10.3, and 13.0, the velocity scripts are not properly sandboxed against using the Java File API to perform read or write operations on the filesystem. Writing an attacking script in Velocity requires the Script rights in XWiki so not all users can use it, and it also requires finding an XWiki API which returns a File. The problem has been patched in versions 12.6.7, 12.10.3, and 13.0. There is no easy workaround for fixing this vulnerability other than upgrading and being careful when giving Script rights. | |||||
CVE-2022-25375 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2022-05-11 | 2.1 LOW | 5.5 MEDIUM |
An issue was discovered in drivers/usb/gadget/function/rndis.c in the Linux kernel before 5.16.10. The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory. | |||||
CVE-2022-0815 | 1 Mcafee | 1 Webadvisor | 2022-05-10 | 7.5 HIGH | 7.3 HIGH |
Improper access control vulnerability in McAfee WebAdvisor Chrome and Edge browser extensions up to 8.1.0.1895 allows a remote attacker to gain access to McAfee WebAdvisor settings and other details about the user’s system. This could lead to unexpected behaviors including; settings being changed, fingerprinting of the system leading to targeted scams, and not triggering the malicious software if McAfee software is detected. | |||||
CVE-2021-22572 | 1 Google | 1 Data Transfer Project | 2022-05-10 | 2.1 LOW | 5.5 MEDIUM |
On unix-like systems, the system temporary directory is shared between all users on that system. The root cause is File.createTempFile creates files in the the system temporary directory with world readable permissions. Any sensitive information written to theses files is visible to all other local users on unix-like systems. We recommend upgrading past commit https://github.com/google/data-transfer-project/pull/969 | |||||
CVE-2022-22783 | 1 Zoom | 2 Zoom On-premise Meeting Connector Controller, Zoom On-premise Meeting Connector Mmr | 2022-05-09 | 5.0 MEDIUM | 7.5 HIGH |
A vulnerability in Zoom On-Premise Meeting Connector Controller version 4.8.102.20220310 and On-Premise Meeting Connector MMR version 4.8.102.20220310 exposes process memory fragments to connected clients, which could be observed by a passive attacker. | |||||
CVE-2022-27332 | 1 Zammad | 1 Zammad | 2022-05-05 | 5.8 MEDIUM | 9.1 CRITICAL |
An access control issue in Zammad v5.0.3 allows attackers to write entries to the CTI caller log without authentication. This vulnerability can allow attackers to execute phishing attacks or cause a Denial of Service (DoS). | |||||
CVE-2022-27331 | 1 Zammad | 1 Zammad | 2022-05-05 | 4.0 MEDIUM | 4.3 MEDIUM |
An access control issue in Zammad v5.0.3 broadcasts administrative configuration changes to all users who have an active application instance, including settings that should only be visible to authenticated users. | |||||
CVE-2022-29820 | 1 Jetbrains | 1 Pycharm | 2022-05-05 | 3.3 LOW | 3.5 LOW |
In JetBrains PyCharm before 2022.1 exposure of the debugger port to the internal network was possible | |||||
CVE-2021-22468 | 1 Huawei | 1 Harmonyos | 2022-05-03 | 2.1 LOW | 3.3 LOW |
A component of the HarmonyOS has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability. Local attackers may exploit this vulnerability to cause kernel address leakage. | |||||
CVE-2021-33669 | 1 Sap | 1 Mobile Sdk Certificate Provider | 2022-05-03 | 6.9 MEDIUM | 7.8 HIGH |
Under certain conditions, SAP Mobile SDK Certificate Provider allows a local unprivileged attacker to exploit an insecure temporary file storage. For a successful exploitation user interaction from another user is required and could lead to complete impact of confidentiality integrity and availability. | |||||
CVE-2021-22420 | 1 Huawei | 1 Harmonyos | 2022-05-03 | 7.2 HIGH | 7.8 HIGH |
A component of the HarmonyOS has a External Control of System or Configuration Setting vulnerability. Local attackers may exploit this vulnerability to cause the underlying trust of the application trustlist mechanism is missing.. | |||||
CVE-2021-22385 | 1 Huawei | 2 Emui, Magic Ui | 2022-05-03 | 7.2 HIGH | 7.8 HIGH |
A component of the Huawei smartphone has a External Control of System or Configuration Setting vulnerability. Local attackers may exploit this vulnerability to cause Kernel Code Execution. | |||||
CVE-2021-27236 | 1 Mutare | 1 Voice | 2022-05-03 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. getfile.asp allows Unauthenticated Local File Inclusion, which can be leveraged to achieve Remote Code Execution. | |||||
CVE-2021-22454 | 1 Huawei | 1 Harmonyos | 2022-05-03 | 2.1 LOW | 5.5 MEDIUM |
A component of the HarmonyOS has a External Control of System or Configuration Setting vulnerability. Local attackers may exploit this vulnerability to cause core dump. | |||||
CVE-2021-21878 | 1 Lantronix | 2 Premierwave 2050, Premierwave 2050 Firmware | 2022-04-28 | 6.8 MEDIUM | 4.9 MEDIUM |
A local file inclusion vulnerability exists in the Web Manager Applications and FsBrowse functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted series of HTTP requests can lead to local file inclusion. An attacker can make a series of authenticated HTTP requests to trigger this vulnerability. | |||||
CVE-2022-1385 | 1 Mattermost | 1 Mattermost Server | 2022-04-27 | 5.8 MEDIUM | 4.6 MEDIUM |
Mattermost 6.4.x and earlier fails to properly invalidate pending email invitations when the action is performed from the system console, which allows accidentally invited users to join the workspace and access information from the public teams and channels. | |||||
CVE-2021-43129 | 1 D2l | 1 Brightspace | 2022-04-27 | 5.8 MEDIUM | 6.5 MEDIUM |
A bypass exists for Desire2Learn/D2L Brightspace’s “Disable Right Click” option in the quizzing feature, which allows a quiz-taker to access print and copy functionality via the browser’s right click menu even when “Disable Right Click” is enabled on the quiz. | |||||
CVE-2022-23345 | 1 Bigantsoft | 1 Bigant Server | 2022-04-27 | 5.0 MEDIUM | 7.5 HIGH |
BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control. |