Total
688 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-21126 | 1 Samtools | 1 Htsjdk | 2022-12-01 | N/A | 7.8 HIGH |
The package com.github.samtools:htsjdk before 3.0.1 are vulnerable to Creation of Temporary File in Directory with Insecure Permissions due to the createTempDir() function in util/IOUtil.java not checking for the existence of the temporary directory before attempting to create it. | |||||
CVE-2022-38813 | 1 Phpgurukul Blood Donor Management System Project | 1 Phpgurukul Blood Donor Management System | 2022-11-29 | N/A | 8.1 HIGH |
PHPGurukul Blood Donor Management System 1.0 does not properly restrict access to admin/dashboard.php, which allows attackers to access all data of users, delete the users, add and manage Blood Group, and Submit Report. | |||||
CVE-2022-31649 | 1 Owncloud | 1 Owncloud | 2022-11-29 | 5.0 MEDIUM | 7.5 HIGH |
ownCloud owncloud/core before 10.10.0 Improperly Removes Sensitive Information Before Storage or Transfer. | |||||
CVE-2020-13240 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | 5.5 MEDIUM | 5.4 MEDIUM |
The DMS/ECM module in Dolibarr 11.0.4 allows users with the 'Setup documents directories' permission to rename uploaded files to have insecure file extensions. This bypasses the .noexe protection mechanism against XSS. | |||||
CVE-2022-3952 | 1 Manydesigns | 1 Portofino | 2022-11-15 | N/A | 7.1 HIGH |
A vulnerability has been found in ManyDesigns Portofino 5.3.2 and classified as problematic. Affected by this vulnerability is the function createTempDir of the file WarFileLauncher.java. The manipulation leads to creation of temporary file in directory with insecure permissions. Upgrading to version 5.3.3 is able to address this issue. The name of the patch is 94653cb357806c9cf24d8d294e6afea33f8f0775. It is recommended to upgrade the affected component. The identifier VDB-213457 was assigned to this vulnerability. | |||||
CVE-2022-3866 | 1 Hashicorp | 1 Nomad | 2022-11-15 | N/A | 4.3 MEDIUM |
HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 workload identity token can list non-sensitive metadata for paths under nomad/ that belong to other jobs in the same namespace. Fixed in 1.4.2. | |||||
CVE-2022-35837 | 1 Microsoft | 9 Windows 10, Windows 11, Windows 7 and 6 more | 2022-11-14 | N/A | 6.5 MEDIUM |
Windows Graphics Component Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-34728, CVE-2022-38006. | |||||
CVE-2022-44549 | 1 Huawei | 2 Emui, Harmonyos | 2022-11-10 | N/A | 7.5 HIGH |
The LBS module has a vulnerability in geofencing API access. Successful exploitation of this vulnerability may cause third-party apps to access the geofencing APIs without authorization, affecting user confidentiality. | |||||
CVE-2022-39886 | 1 Google | 1 Android | 2022-11-10 | N/A | 3.3 LOW |
Improper access control vulnerability in IpcRxServiceModeBigDataInfo in RIL prior to SMR Nov-2022 Release 1 allows local attacker to access Device information. | |||||
CVE-2022-42442 | 2 Ibm, Redhat | 2 Robotic Process Automation For Cloud Pak, Openshift Container Platform | 2022-11-04 | N/A | 3.3 LOW |
"IBM Robotic Process Automation for Cloud Pak 21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5 is vulnerable to exposure of the first tenant owner e-mail address to users with access to the container platform. IBM X-Force ID: 238214." | |||||
CVE-2022-22442 | 3 Ibm, Linux, Microsoft | 5 Aix, Infosphere Information Server, Infosphere Information Server On Cloud and 2 more | 2022-11-04 | N/A | 6.5 MEDIUM |
"IBM InfoSphere Information Server 11.7 could allow an authenticated user to access information restricted to users with elevated privileges due to improper access controls. IBM X-Force ID: 224427." | |||||
CVE-2021-45446 | 1 Hitachi | 1 Vantara Pentaho | 2022-11-04 | N/A | 7.5 HIGH |
A vulnerability in Hitachi Vantara Pentaho Business Analytics Server versions before 9.2.0.2 and 8.3.0.25 does not cascade the hidden property to the children of the Home folder. This directory listing provides an attacker with the complete index of all the resources located inside the directory. | |||||
CVE-2022-32883 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2022-11-03 | N/A | 5.5 MEDIUM |
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An app may be able to read sensitive location information. | |||||
CVE-2021-39045 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2022-11-03 | N/A | 5.5 MEDIUM |
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a local attacker to obtain information due to the autocomplete feature on password input fields. IBM X-Force ID: 214345. | |||||
CVE-2021-22057 | 2 Linux, Vmware | 2 Linux Kernel, Workspace One Access | 2022-11-03 | 6.5 MEDIUM | 8.8 HIGH |
VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 contain an authentication bypass vulnerability. A malicious actor, who has successfully provided first-factor authentication, may be able to obtain second-factor authentication provided by VMware Verify. | |||||
CVE-2022-22583 | 1 Apple | 2 Mac Os X, Macos | 2022-11-02 | 2.1 LOW | 5.5 MEDIUM |
A permissions issue was addressed with improved validation. This issue is fixed in Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. An application may be able to access restricted files. | |||||
CVE-2022-3018 | 1 Gitlab | 1 Gitlab | 2022-10-28 | N/A | 4.9 MEDIUM |
An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 9.3 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 allows a project maintainer to access the DataDog integration API key from webhook logs. | |||||
CVE-2022-2882 | 1 Gitlab | 1 Gitlab | 2022-10-28 | N/A | 4.3 MEDIUM |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. A malicious maintainer could exfiltrate a GitHub integration's access token by modifying the integration URL such that authenticated requests are sent to an attacker controlled server. | |||||
CVE-2022-2610 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2022-10-27 | N/A | 6.5 MEDIUM |
Insufficient policy enforcement in Background Fetch in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
CVE-2022-36830 | 1 Samsung | 2 Charm, Charm Firmware | 2022-10-27 | N/A | 5.5 MEDIUM |
PendingIntent hijacking vulnerability in cancelAlarmManager in Charm by Samsung prior to version 1.2.3 allows local attackers to access files without permission via implicit intent. |