Total
688 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-28365 | 1 Reprisesoftware | 1 Reprise License Manager | 2022-04-15 | 5.0 MEDIUM | 5.3 MEDIUM |
| Reprise License Manager 14.2 is affected by an Information Disclosure vulnerability via a GET request to /goforms/rlminfo. No authentication is required. The information disclosed is associated with software versions, process IDs, network configuration, hostname(s), system architecture, and file/directory details. | |||||
| CVE-2022-27818 | 1 Waycrate | 1 Swhkd | 2022-04-14 | 6.4 MEDIUM | 9.1 CRITICAL |
| SWHKD 1.1.5 unsafely uses the /tmp/swhkd.sock pathname. There can be an information leak or denial of service. | |||||
| CVE-2018-20321 | 1 Suse | 1 Rancher | 2022-04-13 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered in Rancher 2 through 2.1.5. Any project member with access to the default namespace can mount the netes-default service account in a pod, and then use that pod to execute administrative privileged commands against the k8s cluster. This could be mitigated by isolating the default namespace in a separate project, where only cluster admins can be given permissions to access. As of 2018-12-20, this bug affected ALL clusters created or imported by Rancher. | |||||
| CVE-2019-12274 | 1 Suse | 1 Rancher | 2022-04-13 | 4.0 MEDIUM | 8.8 HIGH |
| In Rancher 1 and 2 through 2.2.3, unprivileged users (if allowed to deploy nodes) can gain admin access to the Rancher management plane because node driver options intentionally allow posting certain data to the cloud. The problem is that a user could choose to post a sensitive file such as /root/.kube/config or /var/lib/rancher/management-state/cred/kubeconfig-system.yaml. | |||||
| CVE-2022-0461 | 1 Google | 1 Chrome | 2022-04-12 | 6.4 MEDIUM | 6.5 MEDIUM |
| Policy bypass in COOP in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to bypass iframe sandbox via a crafted HTML page. | |||||
| CVE-2022-22331 | 1 Ibm | 1 Partner Engagement Manager | 2022-04-12 | 5.5 MEDIUM | 7.1 HIGH |
| IBM SterlingPartner Engagement Manager 6.2.0 could allow a remote authenticated attacker to obtain sensitive information or modify user details caused by an insecure direct object vulnerability (IDOR). IBM X-Force ID: 219130. | |||||
| CVE-2022-1111 | 1 Gitlab | 1 Gitlab | 2022-04-11 | 3.5 LOW | 2.7 LOW |
| A business logic error in Project Import in GitLab CE/EE versions 14.9 prior to 14.9.2, 14.8 prior to 14.8.5, and 14.0 prior to 14.7.7 under certain conditions caused imported projects to show an incorrect user in the 'Access Granted' column in the project membership pages | |||||
| CVE-2016-5334 | 1 Vmware | 2 Identity Manager, Vrealize Automation | 2022-04-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| VMware Identity Manager 2.x before 2.7.1 and vRealize Automation 7.x before 7.2.0 allow remote attackers to read /SAAS/WEB-INF and /SAAS/META-INF files via unspecified vectors. | |||||
| CVE-2022-27772 | 1 Vmware | 1 Spring Boot | 2022-04-07 | 4.6 MEDIUM | 7.8 HIGH |
| ** UNSUPPORTED WHEN ASSIGNED ** spring-boot versions prior to version v2.2.11.RELEASE was vulnerable to temporary directory hijacking. This vulnerability impacted the org.springframework.boot.web.server.AbstractConfigurableWebServerFactory.createTempDir method. NOTE: This vulnerability only affects products and/or versions that are no longer supported by the maintainer. | |||||
| CVE-2019-8934 | 2 Opensuse, Qemu | 2 Leap, Qemu | 2022-04-05 | 2.1 LOW | 3.3 LOW |
| hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes with a guest. | |||||
| CVE-2021-39757 | 1 Google | 1 Android | 2022-04-05 | 2.1 LOW | 5.5 MEDIUM |
| In PermissionController, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-176094662 | |||||
| CVE-2021-39777 | 1 Google | 1 Android | 2022-04-05 | 2.1 LOW | 5.5 MEDIUM |
| In Telephony, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-194743207 | |||||
| CVE-2022-28160 | 1 Jenkins | 1 Tests Selector | 2022-04-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Tests Selector Plugin 1.3.3 and earlier allows users with Item/Configure permission to read arbitrary files on the Jenkins controller. | |||||
| CVE-2020-1945 | 5 Apache, Canonical, Fedoraproject and 2 more | 50 Ant, Ubuntu Linux, Fedora and 47 more | 2022-04-04 | 3.3 LOW | 6.3 MEDIUM |
| Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process. | |||||
| CVE-2021-27424 | 1 Ge | 38 Multilin B30, Multilin B30 Firmware, Multilin B90 and 35 more | 2022-04-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| GE UR firmware versions prior to version 8.1x shares MODBUS memory map as part of the communications guide. GE was made aware a “Last-key pressed” MODBUS register can be used to gain unauthorized information. | |||||
| CVE-2022-21718 | 1 Electronjs | 1 Electron | 2022-04-01 | 4.0 MEDIUM | 5.0 MEDIUM |
| Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. A vulnerability in versions prior to `17.0.0-alpha.6`, `16.0.6`, `15.3.5`, `14.2.4`, and `13.6.6` allows renderers to obtain access to a bluetooth device via the web bluetooth API if the app has not configured a custom `select-bluetooth-device` event handler. This has been patched and Electron versions `17.0.0-alpha.6`, `16.0.6`, `15.3.5`, `14.2.4`, and `13.6.6` contain the fix. Code from the GitHub Security Advisory can be added to the app to work around the issue. | |||||
| CVE-2022-0315 | 1 Horovod | 1 Horovod | 2022-03-31 | 5.0 MEDIUM | 7.5 HIGH |
| Insecure Temporary File in GitHub repository horovod/horovod prior to 0.24.0. | |||||
| CVE-2021-20373 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Db2 and 3 more | 2022-03-31 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Db2 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an Information Disclosure when using the LOAD utility as under certain circumstances the LOAD utility does not enforce directory restrictions. IBM X-Force ID: 199521. | |||||
| CVE-2022-27919 | 1 Gradle | 1 Enterprise | 2022-03-30 | 7.5 HIGH | 9.8 CRITICAL |
| Gradle Enterprise before 2022.1 allows remote code execution if the installation process did not specify an initial configuration file. The configuration allows certain anonymous access to administration and an API. | |||||
| CVE-2021-29115 | 1 Esri | 1 Arcgis Enterprise | 2022-03-30 | 5.0 MEDIUM | 5.3 MEDIUM |
| An information disclosure vulnerability in the ArcGIS Service Directory in Esri ArcGIS Enterprise versions 10.9.0 and below may allows a remote attacker to view hidden field names in feature layers. This issue may reveal field names, but not not disclose features. | |||||