Total
688 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-8698 | 5 Debian, Fedoraproject, Intel and 2 more | 49 Debian Linux, Fedora, Core I3-1000g1 and 46 more | 2022-04-26 | 2.1 LOW | 5.5 MEDIUM |
Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | |||||
CVE-2021-25357 | 1 Google | 1 Android | 2022-04-26 | 2.1 LOW | 5.5 MEDIUM |
A pendingIntent hijacking vulnerability in Create Movie prior to SMR APR-2021 Release 1 in Android O(8.x) and P(9.0), 3.4.81.1 in Android Q(10,0), and 3.6.80.7 in Android R(11.0) allows unprivileged applications to access contact information. | |||||
CVE-2022-26816 | 1 Microsoft | 3 Windows Server 2016, Windows Server 2019, Windows Server 2022 | 2022-04-25 | 4.0 MEDIUM | 6.5 MEDIUM |
Windows DNS Server Information Disclosure Vulnerability. | |||||
CVE-2021-28568 | 3 Adobe, Apple, Microsoft | 3 Genuine Service, Macos, Windows | 2022-04-25 | 6.9 MEDIUM | 6.5 MEDIUM |
Adobe Genuine Services version 7.1 (and earlier) is affected by an Insecure file permission vulnerability during installation process. A local authenticated attacker could leverage this vulnerability to achieve privilege escalation in the context of the current user. | |||||
CVE-2020-16247 | 1 Philips | 1 Clinical Collaboration Platform | 2022-04-25 | 3.6 LOW | 7.1 HIGH |
Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource. | |||||
CVE-2022-27257 | 1 Hubzilla | 1 Hubzilla | 2022-04-22 | 5.0 MEDIUM | 7.5 HIGH |
A PHP Local File Inclusion vulneraility in the default Redbasic theme for Hubzilla before version 7.2 allows remote attackers to include arbitrary php files via the schema parameter. | |||||
CVE-2022-27814 | 1 Waycrate | 1 Swhkd | 2022-04-21 | 2.1 LOW | 3.3 LOW |
SWHKD 1.1.5 allows arbitrary file-existence tests via the -c option. | |||||
CVE-2022-27817 | 1 Waycrate | 1 Swhkd | 2022-04-21 | 3.6 LOW | 4.4 MEDIUM |
SWHKD 1.1.5 consumes the keyboard events of unintended users. This could potentially cause an information leak, but is usually a denial of functionality. | |||||
CVE-2022-22961 | 2 Linux, Vmware | 6 Linux Kernel, Cloud Foundation, Identity Manager and 3 more | 2022-04-21 | 5.0 MEDIUM | 5.3 MEDIUM |
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information. A malicious actor with remote access may leak the hostname of the target system. Successful exploitation of this issue can lead to targeting victims. | |||||
CVE-2022-24411 | 1 Dell | 1 Emc Powerscale Onefs | 2022-04-20 | 4.6 MEDIUM | 7.8 HIGH |
Dell PowerScale OneFS 8.2.2 and above contain an elevation of privilege vulnerability. A local attacker with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE could potentially exploit this vulnerability, leading to elevation of privilege. This could potentially allow users to circumvent PowerScale Compliance Mode guarantees. | |||||
CVE-2022-23163 | 1 Dell | 1 Emc Powerscale Onefs | 2022-04-20 | 2.1 LOW | 5.5 MEDIUM |
Dell PowerScale OneFS, 8.2,x, 9.1.0.x, 9.2.1.x, and 9.3.0.x contain a denial of service vulnerability. A local malicious user could potentially exploit this vulnerability, leading to denial of service/data unavailability. | |||||
CVE-2021-39805 | 1 Google | 1 Android | 2022-04-20 | 3.3 LOW | 6.5 MEDIUM |
In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure through Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-212694559 | |||||
CVE-2021-42255 | 1 Blueplanet-works | 1 Appguard | 2022-04-20 | 7.2 HIGH | 7.8 HIGH |
AppGuard Enterprise before 6.7.100.1 creates a Temporary File in a Directory with Insecure Permissions. Local users can gain SYSTEM privileges because a repair operation relies on the %TEMP% directory of an unprivileged user. | |||||
CVE-2022-25755 | 1 Siemens | 48 Scalance X302-7eec, Scalance X302-7eec Firmware, Scalance X304-2fe and 45 more | 2022-04-19 | 5.0 MEDIUM | 7.5 HIGH |
A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. The webserver of an affected device is missing specific security headers. This could allow an remote attacker to extract confidential session information under certain circumstances. | |||||
CVE-2022-25650 | 1 Mendix | 1 Mendix | 2022-04-19 | 4.0 MEDIUM | 6.5 MEDIUM |
A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.27), Mendix Applications using Mendix 8 (All versions < V8.18.14), Mendix Applications using Mendix 9 (All versions < V9.12.0), Mendix Applications using Mendix 9 (V9.6) (All versions < V9.6.3). When querying the database, it is possible to sort the results using a protected field. With this an authenticated attacker could extract information about the contents of a protected field. | |||||
CVE-2022-0117 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2022-04-18 | 4.3 MEDIUM | 6.5 MEDIUM |
Policy bypass in Blink in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
CVE-2022-26090 | 1 Google | 1 Android | 2022-04-18 | 2.1 LOW | 3.3 LOW |
Improper access control vulnerability in SamsungContacts prior to SMR Apr-2022 Release 1 allows that attackers can access contact information without permission. | |||||
CVE-2022-27822 | 1 Google | 1 Android | 2022-04-18 | 2.1 LOW | 5.5 MEDIUM |
Information exposure vulnerability in ril property setting prior to SMR April-2022 Release 1 allows access to EF_RUIMID value without permission. | |||||
CVE-2022-27576 | 1 Google | 1 Android | 2022-04-18 | 4.3 MEDIUM | 3.3 LOW |
Information exposure vulnerability in Samsung DeX Home prior to SMR April-2022 Release 1 allows to access currently launched foreground app information without permission | |||||
CVE-2022-27575 | 1 Google | 1 Android | 2022-04-18 | 4.3 MEDIUM | 3.3 LOW |
Information exposure vulnerability in One UI Home prior to SMR April-2022 Release 1 allows to access currently launched foreground app information without permission. |