Total
688 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-6880 | 1 Phome | 1 Empirecms | 2022-02-18 | 5.0 MEDIUM | 5.3 MEDIUM |
EmpireCMS 6.6 through 7.2 allows remote attackers to discover the full path via an array value for a parameter to class/connect.php. | |||||
CVE-2021-38004 | 2 Debian, Google | 2 Debian Linux, Chrome | 2022-02-18 | 4.3 MEDIUM | 4.3 MEDIUM |
Insufficient policy enforcement in Autofill in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
CVE-2021-31814 | 1 Stormshield | 1 Stormshield Network Security | 2022-02-17 | 3.6 LOW | 6.1 MEDIUM |
In Stormshield 1.1.0, and 2.1.0 through 2.9.0, an attacker can block a client from accessing the VPN and can obtain sensitive information through the SN VPN SSL Client. | |||||
CVE-2021-33096 | 1 Intel | 6 82599eb, 82599eb Firmware, 82599en and 3 more | 2022-02-15 | 2.1 LOW | 5.5 MEDIUM |
Improper isolation of shared resources in network on chip for the Intel(R) 82599 Ethernet Controllers and Adapters may allow an authenticated user to potentially enable denial of service via local access. | |||||
CVE-2021-39631 | 1 Google | 1 Android | 2022-02-15 | 2.1 LOW | 5.5 MEDIUM |
In clear_data_dlg_text of strings.xml, there is a possible situation when "Clear storage" functionality sets up the wrong security/privacy expectations due to a misleading message. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-193890833 | |||||
CVE-2022-23254 | 1 Microsoft | 1 Powerbi-client Js Sdk | 2022-02-15 | 4.0 MEDIUM | 4.9 MEDIUM |
Microsoft Power BI Information Disclosure Vulnerability. | |||||
CVE-2022-23252 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2022-02-15 | 2.1 LOW | 5.5 MEDIUM |
Microsoft Office Information Disclosure Vulnerability. | |||||
CVE-2021-45116 | 2 Djangoproject, Fedoraproject | 2 Django, Fedora | 2022-02-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. Due to leveraging the Django Template Language's variable resolution logic, the dictsort template filter was potentially vulnerable to information disclosure, or an unintended method call, if passed a suitably crafted key. | |||||
CVE-2021-42295 | 1 Microsoft | 2 365 Apps, Office | 2022-02-10 | 4.3 MEDIUM | 5.5 MEDIUM |
Visual Basic for Applications Information Disclosure Vulnerability | |||||
CVE-2019-15349 | 1 Tecno-mobile | 1 Tecno\/h612\/tecno-id5a\ | 2022-02-10 | 7.2 HIGH | 7.8 HIGH |
The Tecno Camon Android device with a build fingerprint of TECNO/H612/TECNO-ID5a:8.1.0/O11019/F-180828V106:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an exported service named com.lovelyfont.manager.service.FunctionService that allows any app co-located on the device to supply the file path to a Dalvik Executable (DEX) file which it will dynamically load within its own process and execute in with its own system privileges. This app cannot be disabled by the user and the attack can be performed by a zero-permission app. Executing commands as the system user can allow a third-party app to video record the user's screen, factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), and obtains the user's text messages, and more. Executing code as the system user can allow a third-party app to factory reset the device, obtain the user's Wi-Fi passwords, obtain the user's notifications, read the logcat logs, inject events in the GUI, change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, and obtains the user's text messages, and more. | |||||
CVE-2022-23563 | 1 Google | 1 Tensorflow | 2022-02-09 | 3.3 LOW | 6.3 MEDIUM |
Tensorflow is an Open Source Machine Learning Framework. In multiple places, TensorFlow uses `tempfile.mktemp` to create temporary files. While this is acceptable in testing, in utilities and libraries it is dangerous as a different process can create the file between the check for the filename in `mktemp` and the actual creation of the file by a subsequent operation (a TOC/TOU type of weakness). In several instances, TensorFlow was supposed to actually create a temporary directory instead of a file. This logic bug is hidden away by the `mktemp` function usage. We have patched the issue in several commits, replacing `mktemp` with the safer `mkstemp`/`mkdtemp` functions, according to the usage pattern. Users are advised to upgrade as soon as possible. | |||||
CVE-2021-44886 | 1 Zammad | 1 Zammad | 2022-02-09 | 5.0 MEDIUM | 5.3 MEDIUM |
In Zammad 5.0.2, agents can configure "out of office" periods and substitute persons. If the substitute persons didn't have the same permissions as the original agent, they could receive ticket notifications for tickets that they have no access to. | |||||
CVE-2021-38130 | 1 Microfocus | 1 Voltage Securemail | 2022-02-08 | 4.0 MEDIUM | 6.5 MEDIUM |
A potential Information leakage vulnerability has been identified in versions of Micro Focus Voltage SecureMail Mail Relay prior to 7.3.0.1. The vulnerability could be exploited to create an information leakage attack. | |||||
CVE-2021-42640 | 1 Printerlogic | 1 Web Stack | 2022-02-08 | 6.4 MEDIUM | 9.1 CRITICAL |
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability that allows an unauthenticated attacker to reassign drivers for any printer. | |||||
CVE-2021-42641 | 1 Printerlogic | 1 Web Stack | 2022-02-08 | 5.0 MEDIUM | 7.5 HIGH |
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability that allows an unauthenticated attacker to disclose the username and email address of all users. | |||||
CVE-2022-21817 | 3 Linux, Microsoft, Nvidia | 3 Linux Kernel, Windows, Omniverse Launcher | 2022-02-07 | 5.8 MEDIUM | 9.3 CRITICAL |
NVIDIA Omniverse Launcher contains a Cross-Origin Resource Sharing (CORS) vulnerability which can allow an unprivileged remote attacker, if they can get user to browse malicious site, to acquire access tokens allowing them to access resources in other security domains, which may lead to code execution, escalation of privileges, and impact to confidentiality and integrity. | |||||
CVE-2021-44746 | 1 Nec | 9 Univerge Dt800 Data Maintenance Tool, Univerge Dt820, Univerge Dt820 Firmware and 6 more | 2022-02-07 | 5.0 MEDIUM | 5.3 MEDIUM |
UNIVERGE DT 820 V3.2.7.0 and prior, UNIVERGE DT 830 V5.2.7.0 and prior, UNIVERGE DT 930 V2.4.0.0 and prior, IP Phone Manager V8.9.1 and prior, Data Maintenance Tool for DT900 Series V5.3.0.0 and prior, Data Maintenance Tool for DT800 Series V4.2.0.0 and prior allows a remote attacker who can access to the internal network, the configuration information may be obtained. | |||||
CVE-2021-30946 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2022-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2 and iPadOS 15.2, macOS Big Sur 11.6.2. A malicious application may be able to bypass certain Privacy preferences. | |||||
CVE-2018-7479 | 1 Yzmcms | 1 Yzmcms | 2022-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
YzmCMS 3.6 allows remote attackers to discover the full path via a direct request to application/install/templates/s1.php. | |||||
CVE-2021-24868 | 1 Bplugins | 1 Document Embedder | 2022-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
The Document Embedder WordPress plugin before 1.7.9 contains a AJAX action endpoint, which could allow any authenticated user, such as subscriber to enumerate the title of arbitrary private and draft posts. |