Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-668
Total 688 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-26343 1 Amd 48 Epyc 7003, Epyc 7003 Firmware, Epyc 72f3 and 45 more 2023-01-18 N/A 5.5 MEDIUM
Insufficient validation in ASP BIOS and DRTM commands may allow malicious supervisor x86 software to disclose the contents of sensitive memory which may result in information disclosure.
CVE-2023-21536 1 Microsoft 8 Windows 10 1809, Windows 10 20h2, Windows 10 21h2 and 5 more 2023-01-17 N/A 4.7 MEDIUM
Event Tracing for Windows Information Disclosure Vulnerability. This CVE ID is unique from CVE-2023-21753.
CVE-2022-23825 4 Amd, Debian, Fedoraproject and 1 more 249 A10-9600p, A10-9600p Firmware, A10-9630p and 246 more 2023-01-11 2.1 LOW 6.5 MEDIUM
Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure.
CVE-2022-0337 2 Google, Microsoft 2 Chrome, Windows 2023-01-09 N/A 6.5 MEDIUM
Inappropriate implementation in File System API in Google Chrome on Windows prior to 97.0.4692.71 allowed a remote attacker to obtain potentially sensitive information via a crafted HTML page. (Chrome security severity: High)
CVE-2022-4025 1 Google 1 Chrome 2023-01-09 N/A 4.3 MEDIUM
Inappropriate implementation in Paint in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to leak cross-origin data outside an iframe via a crafted HTML page. (Chrome security severity: Low)
CVE-2022-32833 1 Apple 3 Iphone Os, Macos, Safari 2023-01-09 N/A 5.3 MEDIUM
An issue existed with the file paths used to store website data. The issue was resolved by improving how website data is stored. This issue is fixed in iOS 16. An unauthorized user may be able to access browsing history.
CVE-2022-42843 1 Apple 5 Ipados, Iphone Os, Macos and 2 more 2023-01-09 N/A 5.5 MEDIUM
This issue was addressed with improved data protection. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2, watchOS 9.2. A user may be able to view sensitive user information.
CVE-2021-30944 1 Apple 5 Ipados, Iphone Os, Macos and 2 more 2023-01-09 4.3 MEDIUM 5.5 MEDIUM
Description: A logic issue was addressed with improved state management. This issue is fixed in iOS 15.2 and iPadOS 15.2, watchOS 8.3, macOS Monterey 12.1, tvOS 15.2. A malicious app may be able to access data from other apps by enabling additional logging.
CVE-2022-47952 1 Linuxcontainers 1 Lxc 2023-01-09 N/A 3.3 LOW
lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may allow local users to infer whether any file exists, even within a protected directory tree, because "Failed to open" often indicates that a file does not exist, whereas "does not refer to a network namespace path" often indicates that a file exists. NOTE: this is different from CVE-2018-6556 because the CVE-2018-6556 fix design was based on the premise that "we will report back to the user that the open() failed but the user has no way of knowing why it failed"; however, in many realistic cases, there are no plausible reasons for failing except that the file does not exist.
CVE-2022-42953 1 Zkteco 20 Zem500, Zem500 Firmware, Zem510 and 17 more 2023-01-06 N/A 7.5 HIGH
Certain ZKTeco products (ZEM500-510-560-760, ZEM600-800, ZEM720, ZMM) allow access to sensitive information via direct requests for the form/DataApp?style=1 and form/DataApp?style=0 URLs. The affected versions may be before 8.88 (ZEM500-510-560-760, ZEM600-800, ZEM720) and 15.00 (ZMM200-220-210). The fixed versions are firmware version 8.88 (ZEM500-510-560-760, ZEM600-800, ZEM720) and firmware version 15.00 (ZMM200-220-210).
CVE-2022-4817 1 Jgit-cookbook Project 1 Jgit-cookbook 2023-01-06 N/A 7.8 HIGH
A vulnerability was found in centic9 jgit-cookbook. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to insecure temporary file. The attack can be initiated remotely. The name of the patch is b8cb29b43dc704708d598c60ac1881db7cf8e9c3. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216988.
CVE-2015-10004 1 Json Web Token Project 1 Json Web Token 2023-01-06 N/A 7.5 HIGH
Token validation methods are susceptible to a timing side-channel during HMAC comparison. With a large enough number of requests over a low latency connection, an attacker may use this to determine the expected HMAC.
CVE-2022-27779 2 Haxx, Netapp 14 Curl, Clustered Data Ontap, H300s and 11 more 2023-01-05 5.0 MEDIUM 5.3 MEDIUM
libcurl wrongly allows cookies to be set for Top Level Domains (TLDs) if thehost name is provided with a trailing dot.curl can be told to receive and send cookies. curl's "cookie engine" can bebuilt with or without [Public Suffix List](https://publicsuffix.org/)awareness. If PSL support not provided, a more rudimentary check exists to atleast prevent cookies from being set on TLDs. This check was broken if thehost name in the URL uses a trailing dot.This can allow arbitrary sites to set cookies that then would get sent to adifferent and unrelated site or domain.
CVE-2019-9011 1 Pilz 1 Pmc 2023-01-05 N/A 5.3 MEDIUM
In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), an attacker can identify valid usernames.
CVE-2022-45414 1 Mozilla 1 Thunderbird 2023-01-05 N/A 8.1 HIGH
If a Thunderbird user quoted from an HTML email, for example by replying to the email, and the email contained either a VIDEO tag with the POSTER attribute or an OBJECT tag with a DATA attribute, a network request to the referenced remote URL was performed, regardless of a configuration to block remote content. An image loaded from the POSTER attribute was shown in the composer window. These issues could have given an attacker additional capabilities when targetting releases that did not yet have a fix for CVE-2022-3033 which was reported around three months ago. This vulnerability affects Thunderbird < 102.5.1.
CVE-2022-41317 1 Squid-cache 1 Squid 2023-01-04 N/A 6.5 MEDIUM
An issue was discovered in Squid 4.9 through 4.17 and 5.0.6 through 5.6. Due to inconsistent handling of internal URIs, there can be Exposure of Sensitive Information about clients using the proxy via an HTTPS request to an internal cache manager URL. This is fixed in 5.7.
CVE-2022-45895 1 Planetestream 1 Planet Estream 2023-01-04 N/A 6.5 MEDIUM
Planet eStream before 6.72.10.07 discloses sensitive information, related to the ON cookie (findable in HTML source code for Default.aspx in some situations) and the WhoAmI endpoint (e.g., path disclosure).
CVE-2021-44854 1 Mediawiki 1 Mediawiki 2023-01-03 N/A 5.3 MEDIUM
An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The REST API publicly caches results from private wikis.
CVE-2022-38474 1 Mozilla 1 Firefox 2023-01-03 N/A 4.3 MEDIUM
A website that had permission to access the microphone could record audio without the audio notification being shown. This bug does not allow the attacker to bypass the permission prompt - it only affects the notification shown once permission has been granted.<br />*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 104.
CVE-2022-37958 1 Microsoft 9 Windows 10, Windows 11, Windows 7 and 6 more 2023-01-03 N/A 8.1 HIGH
SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Information Disclosure Vulnerability.