Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-668
Total 688 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-28365 1 Reprisesoftware 1 Reprise License Manager 2022-04-15 5.0 MEDIUM 5.3 MEDIUM
Reprise License Manager 14.2 is affected by an Information Disclosure vulnerability via a GET request to /goforms/rlminfo. No authentication is required. The information disclosed is associated with software versions, process IDs, network configuration, hostname(s), system architecture, and file/directory details.
CVE-2022-27818 1 Waycrate 1 Swhkd 2022-04-14 6.4 MEDIUM 9.1 CRITICAL
SWHKD 1.1.5 unsafely uses the /tmp/swhkd.sock pathname. There can be an information leak or denial of service.
CVE-2018-20321 1 Suse 1 Rancher 2022-04-13 9.0 HIGH 8.8 HIGH
An issue was discovered in Rancher 2 through 2.1.5. Any project member with access to the default namespace can mount the netes-default service account in a pod, and then use that pod to execute administrative privileged commands against the k8s cluster. This could be mitigated by isolating the default namespace in a separate project, where only cluster admins can be given permissions to access. As of 2018-12-20, this bug affected ALL clusters created or imported by Rancher.
CVE-2019-12274 1 Suse 1 Rancher 2022-04-13 4.0 MEDIUM 8.8 HIGH
In Rancher 1 and 2 through 2.2.3, unprivileged users (if allowed to deploy nodes) can gain admin access to the Rancher management plane because node driver options intentionally allow posting certain data to the cloud. The problem is that a user could choose to post a sensitive file such as /root/.kube/config or /var/lib/rancher/management-state/cred/kubeconfig-system.yaml.
CVE-2022-0461 1 Google 1 Chrome 2022-04-12 6.4 MEDIUM 6.5 MEDIUM
Policy bypass in COOP in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to bypass iframe sandbox via a crafted HTML page.
CVE-2022-22331 1 Ibm 1 Partner Engagement Manager 2022-04-12 5.5 MEDIUM 7.1 HIGH
IBM SterlingPartner Engagement Manager 6.2.0 could allow a remote authenticated attacker to obtain sensitive information or modify user details caused by an insecure direct object vulnerability (IDOR). IBM X-Force ID: 219130.
CVE-2022-1111 1 Gitlab 1 Gitlab 2022-04-11 3.5 LOW 2.7 LOW
A business logic error in Project Import in GitLab CE/EE versions 14.9 prior to 14.9.2, 14.8 prior to 14.8.5, and 14.0 prior to 14.7.7 under certain conditions caused imported projects to show an incorrect user in the 'Access Granted' column in the project membership pages
CVE-2016-5334 1 Vmware 2 Identity Manager, Vrealize Automation 2022-04-08 5.0 MEDIUM 5.3 MEDIUM
VMware Identity Manager 2.x before 2.7.1 and vRealize Automation 7.x before 7.2.0 allow remote attackers to read /SAAS/WEB-INF and /SAAS/META-INF files via unspecified vectors.
CVE-2022-27772 1 Vmware 1 Spring Boot 2022-04-07 4.6 MEDIUM 7.8 HIGH
** UNSUPPORTED WHEN ASSIGNED ** spring-boot versions prior to version v2.2.11.RELEASE was vulnerable to temporary directory hijacking. This vulnerability impacted the org.springframework.boot.web.server.AbstractConfigurableWebServerFactory.createTempDir method. NOTE: This vulnerability only affects products and/or versions that are no longer supported by the maintainer.
CVE-2019-8934 2 Opensuse, Qemu 2 Leap, Qemu 2022-04-05 2.1 LOW 3.3 LOW
hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes with a guest.
CVE-2021-39757 1 Google 1 Android 2022-04-05 2.1 LOW 5.5 MEDIUM
In PermissionController, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-176094662
CVE-2021-39777 1 Google 1 Android 2022-04-05 2.1 LOW 5.5 MEDIUM
In Telephony, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-194743207
CVE-2022-28160 1 Jenkins 1 Tests Selector 2022-04-04 4.0 MEDIUM 6.5 MEDIUM
Jenkins Tests Selector Plugin 1.3.3 and earlier allows users with Item/Configure permission to read arbitrary files on the Jenkins controller.
CVE-2020-1945 5 Apache, Canonical, Fedoraproject and 2 more 50 Ant, Ubuntu Linux, Fedora and 47 more 2022-04-04 3.3 LOW 6.3 MEDIUM
Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process.
CVE-2021-27424 1 Ge 38 Multilin B30, Multilin B30 Firmware, Multilin B90 and 35 more 2022-04-01 5.0 MEDIUM 5.3 MEDIUM
GE UR firmware versions prior to version 8.1x shares MODBUS memory map as part of the communications guide. GE was made aware a “Last-key pressed” MODBUS register can be used to gain unauthorized information.
CVE-2022-21718 1 Electronjs 1 Electron 2022-04-01 4.0 MEDIUM 5.0 MEDIUM
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. A vulnerability in versions prior to `17.0.0-alpha.6`, `16.0.6`, `15.3.5`, `14.2.4`, and `13.6.6` allows renderers to obtain access to a bluetooth device via the web bluetooth API if the app has not configured a custom `select-bluetooth-device` event handler. This has been patched and Electron versions `17.0.0-alpha.6`, `16.0.6`, `15.3.5`, `14.2.4`, and `13.6.6` contain the fix. Code from the GitHub Security Advisory can be added to the app to work around the issue.
CVE-2022-0315 1 Horovod 1 Horovod 2022-03-31 5.0 MEDIUM 7.5 HIGH
Insecure Temporary File in GitHub repository horovod/horovod prior to 0.24.0.
CVE-2021-20373 5 Hp, Ibm, Linux and 2 more 6 Hp-ux, Aix, Db2 and 3 more 2022-03-31 5.0 MEDIUM 7.5 HIGH
IBM Db2 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an Information Disclosure when using the LOAD utility as under certain circumstances the LOAD utility does not enforce directory restrictions. IBM X-Force ID: 199521.
CVE-2022-27919 1 Gradle 1 Enterprise 2022-03-30 7.5 HIGH 9.8 CRITICAL
Gradle Enterprise before 2022.1 allows remote code execution if the installation process did not specify an initial configuration file. The configuration allows certain anonymous access to administration and an API.
CVE-2021-29115 1 Esri 1 Arcgis Enterprise 2022-03-30 5.0 MEDIUM 5.3 MEDIUM
An information disclosure vulnerability in the ArcGIS Service Directory in Esri ArcGIS Enterprise versions 10.9.0 and below may allows a remote attacker to view hidden field names in feature layers. This issue may reveal field names, but not not disclose features.