Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-668
Total 688 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-22515 1 Codesys 18 Control For Beaglebone Sl, Control For Beckhoff Cx9020, Control For Empc-a\/imx6 Sl and 15 more 2022-05-12 4.9 MEDIUM 8.1 HIGH
A remote, authenticated attacker could utilize the control program of the CODESYS Control runtime system to use the vulnerability in order to read and modify the configuration file(s) of the affected products.
CVE-2021-26312 1 Amd 114 Epyc 7232p, Epyc 7232p Firmware, Epyc 7251 and 111 more 2022-05-11 2.1 LOW 5.5 MEDIUM
Failure to flush the Translation Lookaside Buffer (TLB) of the I/O memory management unit (IOMMU) may lead an IO device to write to memory it should not be able to access, resulting in a potential loss of integrity.
CVE-2022-24897 1 Xwiki 1 Xwiki 2022-05-11 6.0 MEDIUM 7.5 HIGH
APIs to evaluate content with Velocity is a package for APIs to evaluate content with Velocity. Starting with version 2.3 and prior to 12.6.7, 12.10.3, and 13.0, the velocity scripts are not properly sandboxed against using the Java File API to perform read or write operations on the filesystem. Writing an attacking script in Velocity requires the Script rights in XWiki so not all users can use it, and it also requires finding an XWiki API which returns a File. The problem has been patched in versions 12.6.7, 12.10.3, and 13.0. There is no easy workaround for fixing this vulnerability other than upgrading and being careful when giving Script rights.
CVE-2022-25375 2 Debian, Linux 2 Debian Linux, Linux Kernel 2022-05-11 2.1 LOW 5.5 MEDIUM
An issue was discovered in drivers/usb/gadget/function/rndis.c in the Linux kernel before 5.16.10. The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory.
CVE-2022-0815 1 Mcafee 1 Webadvisor 2022-05-10 7.5 HIGH 7.3 HIGH
Improper access control vulnerability in McAfee WebAdvisor Chrome and Edge browser extensions up to 8.1.0.1895 allows a remote attacker to gain access to McAfee WebAdvisor settings and other details about the user’s system. This could lead to unexpected behaviors including; settings being changed, fingerprinting of the system leading to targeted scams, and not triggering the malicious software if McAfee software is detected.
CVE-2021-22572 1 Google 1 Data Transfer Project 2022-05-10 2.1 LOW 5.5 MEDIUM
On unix-like systems, the system temporary directory is shared between all users on that system. The root cause is File.createTempFile creates files in the the system temporary directory with world readable permissions. Any sensitive information written to theses files is visible to all other local users on unix-like systems. We recommend upgrading past commit https://github.com/google/data-transfer-project/pull/969
CVE-2022-22783 1 Zoom 2 Zoom On-premise Meeting Connector Controller, Zoom On-premise Meeting Connector Mmr 2022-05-09 5.0 MEDIUM 7.5 HIGH
A vulnerability in Zoom On-Premise Meeting Connector Controller version 4.8.102.20220310 and On-Premise Meeting Connector MMR version 4.8.102.20220310 exposes process memory fragments to connected clients, which could be observed by a passive attacker.
CVE-2022-27332 1 Zammad 1 Zammad 2022-05-05 5.8 MEDIUM 9.1 CRITICAL
An access control issue in Zammad v5.0.3 allows attackers to write entries to the CTI caller log without authentication. This vulnerability can allow attackers to execute phishing attacks or cause a Denial of Service (DoS).
CVE-2022-27331 1 Zammad 1 Zammad 2022-05-05 4.0 MEDIUM 4.3 MEDIUM
An access control issue in Zammad v5.0.3 broadcasts administrative configuration changes to all users who have an active application instance, including settings that should only be visible to authenticated users.
CVE-2022-29820 1 Jetbrains 1 Pycharm 2022-05-05 3.3 LOW 3.5 LOW
In JetBrains PyCharm before 2022.1 exposure of the debugger port to the internal network was possible
CVE-2021-22468 1 Huawei 1 Harmonyos 2022-05-03 2.1 LOW 3.3 LOW
A component of the HarmonyOS has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability. Local attackers may exploit this vulnerability to cause kernel address leakage.
CVE-2021-33669 1 Sap 1 Mobile Sdk Certificate Provider 2022-05-03 6.9 MEDIUM 7.8 HIGH
Under certain conditions, SAP Mobile SDK Certificate Provider allows a local unprivileged attacker to exploit an insecure temporary file storage. For a successful exploitation user interaction from another user is required and could lead to complete impact of confidentiality integrity and availability.
CVE-2021-22420 1 Huawei 1 Harmonyos 2022-05-03 7.2 HIGH 7.8 HIGH
A component of the HarmonyOS has a External Control of System or Configuration Setting vulnerability. Local attackers may exploit this vulnerability to cause the underlying trust of the application trustlist mechanism is missing..
CVE-2021-22385 1 Huawei 2 Emui, Magic Ui 2022-05-03 7.2 HIGH 7.8 HIGH
A component of the Huawei smartphone has a External Control of System or Configuration Setting vulnerability. Local attackers may exploit this vulnerability to cause Kernel Code Execution.
CVE-2021-27236 1 Mutare 1 Voice 2022-05-03 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. getfile.asp allows Unauthenticated Local File Inclusion, which can be leveraged to achieve Remote Code Execution.
CVE-2021-22454 1 Huawei 1 Harmonyos 2022-05-03 2.1 LOW 5.5 MEDIUM
A component of the HarmonyOS has a External Control of System or Configuration Setting vulnerability. Local attackers may exploit this vulnerability to cause core dump.
CVE-2021-21878 1 Lantronix 2 Premierwave 2050, Premierwave 2050 Firmware 2022-04-28 6.8 MEDIUM 4.9 MEDIUM
A local file inclusion vulnerability exists in the Web Manager Applications and FsBrowse functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted series of HTTP requests can lead to local file inclusion. An attacker can make a series of authenticated HTTP requests to trigger this vulnerability.
CVE-2022-1385 1 Mattermost 1 Mattermost Server 2022-04-27 5.8 MEDIUM 4.6 MEDIUM
Mattermost 6.4.x and earlier fails to properly invalidate pending email invitations when the action is performed from the system console, which allows accidentally invited users to join the workspace and access information from the public teams and channels.
CVE-2021-43129 1 D2l 1 Brightspace 2022-04-27 5.8 MEDIUM 6.5 MEDIUM
A bypass exists for Desire2Learn/D2L Brightspace’s “Disable Right Click” option in the quizzing feature, which allows a quiz-taker to access print and copy functionality via the browser’s right click menu even when “Disable Right Click” is enabled on the quiz.
CVE-2022-23345 1 Bigantsoft 1 Bigant Server 2022-04-27 5.0 MEDIUM 7.5 HIGH
BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control.