Total
688 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-0762 | 1 Microweber | 1 Microweber | 2022-03-08 | 4.0 MEDIUM | 4.3 MEDIUM |
Business Logic Errors in GitHub repository microweber/microweber prior to 1.3. | |||||
CVE-2022-26159 | 1 Ametys | 1 Ametys | 2022-03-07 | 5.0 MEDIUM | 5.3 MEDIUM |
The auto-completion plugin in Ametys CMS before 4.5.0 allows a remote unauthenticated attacker to read documents such as plugins/web/service/search/auto-completion/<domain>/en.xml (and similar pathnames for other languages), which contain all characters typed by all users, including the content of private pages. For example, a private page may contain usernames, e-mail addresses, and possibly passwords. | |||||
CVE-2022-22716 | 1 Microsoft | 7 365 Apps, Excel, Office and 4 more | 2022-03-04 | 4.3 MEDIUM | 5.5 MEDIUM |
Microsoft Excel Information Disclosure Vulnerability. | |||||
CVE-2022-24336 | 1 Jetbrains | 1 Teamcity | 2022-03-03 | 5.0 MEDIUM | 5.3 MEDIUM |
In JetBrains TeamCity before 2021.2.1, an unauthenticated attacker can cancel running builds via an XML-RPC request to the TeamCity server. | |||||
CVE-2022-25336 | 1 Ibexa | 1 Ez Platform Kernel | 2022-03-03 | 4.3 MEDIUM | 5.3 MEDIUM |
Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x before 1.3.12 allows Insecure Direct Object Reference (IDOR) attacks against image files because the image path and filename can be correctly deduced. | |||||
CVE-2022-0736 | 1 Lfprojects | 1 Mlflow | 2022-03-01 | 5.0 MEDIUM | 7.5 HIGH |
Insecure Temporary File in GitHub repository mlflow/mlflow prior to 1.23.1. | |||||
CVE-2021-46354 | 1 Cybelesoft | 1 Thinfinity Virtualui | 2022-03-01 | 5.0 MEDIUM | 7.5 HIGH |
Thinfinity VirtualUI 2.1.28.0, 2.1.32.1 and 2.5.26.2, fixed in version 3.0 is affected by an information disclosure vulnerability in the parameter "Addr" in cmd site. The ability to send requests to other systems can allow the vulnerable server to filtrate the real IP of the web server or increase the attack surface. | |||||
CVE-2021-38009 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2022-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
Inappropriate implementation in cache in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
CVE-2011-1960 | 1 Microsoft | 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more | 2022-02-28 | 4.3 MEDIUM | N/A |
Microsoft Internet Explorer 6 through 9 does not properly implement JavaScript event handlers, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Event Handlers Information Disclosure Vulnerability." | |||||
CVE-2011-1258 | 1 Microsoft | 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more | 2022-02-28 | 4.3 MEDIUM | N/A |
Microsoft Internet Explorer 6 through 8 does not properly restrict web script, which allows user-assisted remote attackers to obtain sensitive information from a different (1) domain or (2) zone via vectors involving a drag-and-drop operation, aka "Drag and Drop Information Disclosure Vulnerability." | |||||
CVE-2004-1489 | 1 Opera | 1 Opera Browser | 2022-02-28 | 2.6 LOW | N/A |
Opera 7.54 and earlier does not properly limit an applet's access to internal Java packages from Sun, which allows remote attackers to gain sensitive information, such as user names and the installation directory. | |||||
CVE-2022-25318 | 1 Cerebrate-project | 1 Cerebrate | 2022-02-25 | 4.0 MEDIUM | 4.3 MEDIUM |
An issue was discovered in Cerebrate through 1.4. An incorrect sharing group ACL allowed an unprivileged user to edit and modify sharing groups. | |||||
CVE-2021-45421 | 1 Emerson | 2 Dixell Xweb-500, Dixell Xweb-500 Firmware | 2022-02-23 | 5.0 MEDIUM | 7.5 HIGH |
** UNSUPPORTED WHEN ASSIGNED ** Emerson Dixell XWEB-500 products are affected by information disclosure via directory listing. A potential attacker can use this misconfiguration to access all the files in the remote directories. Note: the product has not been supported since 2018 and should be removed or replaced. | |||||
CVE-2022-23317 | 1 Helpsystems | 1 Cobalt Strike | 2022-02-23 | 5.0 MEDIUM | 7.5 HIGH |
CobaltStrike <=4.5 HTTP(S) listener does not determine whether the request URL begins with "/", and attackers can obtain relevant information by specifying the URL. | |||||
CVE-2020-13670 | 1 Drupal | 1 Drupal | 2022-02-23 | 5.0 MEDIUM | 7.5 HIGH |
Information Disclosure vulnerability in file module of Drupal Core allows an attacker to gain access to the file metadata of a permanent private file that they do not have access to by guessing the ID of the file. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6. | |||||
CVE-2021-45402 | 1 Linux | 1 Linux Kernel | 2022-02-23 | 2.1 LOW | 5.5 MEDIUM |
The check_alu_op() function in kernel/bpf/verifier.c in the Linux kernel through v5.16-rc5 did not properly update bounds while handling the mov32 instruction, which allows local users to obtain potentially sensitive address information, aka a "pointer leak." | |||||
CVE-2021-42712 | 1 Splashtop | 1 Streamer | 2022-02-23 | 7.2 HIGH | 7.8 HIGH |
Splashtop Streamer through 3.4.8.3 creates a Temporary File in a Directory with Insecure Permissions. | |||||
CVE-2022-24975 | 1 Git-scm | 1 Git | 2022-02-22 | 4.3 MEDIUM | 7.5 HIGH |
The --mirror documentation for Git through 2.35.1 does not mention the availability of deleted content, aka the "GitBleed" issue. This could present a security risk if information-disclosure auditing processes rely on a clone operation without the --mirror option. | |||||
CVE-2017-17087 | 3 Canonical, Debian, Vim | 3 Ubuntu Linux, Debian Linux, Vim | 2022-02-19 | 2.1 LOW | 5.5 MEDIUM |
fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor's primary group (which may be different from the group ownership of the original file), which allows local users to obtain sensitive information by leveraging an applicable group membership, as demonstrated by /etc/shadow owned by root:shadow mode 0640, but /etc/.shadow.swp owned by root:users mode 0640, a different vulnerability than CVE-2017-1000382. | |||||
CVE-2018-6910 | 1 Dedecms | 1 Dedecms | 2022-02-18 | 5.0 MEDIUM | 7.5 HIGH |
DedeCMS 5.7 allows remote attackers to discover the full path via a direct request for include/downmix.inc.php or inc/inc_archives_functions.php. |