Total
688 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-36829 | 1 Samsung | 2 Charm, Charm Firmware | 2022-10-27 | N/A | 5.5 MEDIUM |
| PendingIntent hijacking vulnerability in releaseAlarm in Charm by Samsung prior to version 1.2.3 allows local attackers to access files without permission via implicit intent. | |||||
| CVE-2022-2370 | 1 Yaycommerce | 1 Yaysmtp | 2022-10-27 | N/A | 6.5 MEDIUM |
| The YaySMTP WordPress plugin before 2.2.1 does not have capability check before displaying the Mailer Credentials in JS code for the settings, allowing any authenticated users, such as subscriber to retrieve them | |||||
| CVE-2022-26653 | 1 Zohocorp | 1 Manageengine Remote Access Plus | 2022-10-27 | 5.0 MEDIUM | 5.3 MEDIUM |
| Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view domain details (such as the username and GUID of an administrator). | |||||
| CVE-2022-26777 | 1 Zohocorp | 1 Manageengine Remote Access Plus | 2022-10-27 | 5.0 MEDIUM | 5.3 MEDIUM |
| Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view license details. | |||||
| CVE-2021-34761 | 1 Cisco | 3 Firepower Management Center Virtual Appliance, Firepower Threat Defense, Sourcefire Defense Center | 2022-10-27 | 6.6 MEDIUM | 6.0 MEDIUM |
| A vulnerability in Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to overwrite or append arbitrary data to system files using root-level privileges. The attacker must have administrative credentials on the device. This vulnerability is due to incomplete validation of user input for a specific CLI command. An attacker could exploit this vulnerability by authenticating to the device with administrative privileges and issuing a CLI command with crafted user parameters. A successful exploit could allow the attacker to overwrite or append arbitrary data to system files using root-level privileges. | |||||
| CVE-2021-36002 | 1 Adobe | 1 Captivate | 2022-10-27 | 4.4 MEDIUM | 7.3 HIGH |
| Adobe Captivate version 11.5.5 (and earlier) is affected by an Creation of Temporary File In Directory With Incorrect Permissions vulnerability that could result in privilege escalation in the context of the current user. The attacker must plant a malicious file in a particular location of the victim's machine. Exploitation of this issue requires user interaction in that a victim must launch the Captivate Installer. | |||||
| CVE-2021-37704 | 1 Phpfastcache | 1 Phpfastcache | 2022-10-27 | 4.0 MEDIUM | 4.3 MEDIUM |
| PhpFastCache is a high-performance backend cache system (packagist package phpfastcache/phpfastcache). In versions before 6.1.5, 7.1.2, and 8.0.7 the `phpinfo()` can be exposed if the `/vendor` is not protected from public access. This is a rare situation today since the vendor directory is often located outside the web directory or protected via server rule (.htaccess, etc). Only the v6, v7 and v8 will be patched respectively in 8.0.7, 7.1.2, 6.1.5. Older versions such as v5, v4 are not longer supported and will **NOT** be patched. As a workaround, protect the `/vendor` directory from public access. | |||||
| CVE-2022-1501 | 1 Google | 1 Chrome | 2022-10-26 | N/A | 6.5 MEDIUM |
| Inappropriate implementation in iframe in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2022-1498 | 1 Google | 1 Chrome | 2022-10-26 | N/A | 4.3 MEDIUM |
| Inappropriate implementation in HTML Parser in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2020-19155 | 1 Jflyfox | 1 Jfinal Cms | 2022-10-26 | 6.5 MEDIUM | 8.8 HIGH |
| Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information and/or execute arbitrary code via the 'FileManager.rename()' function in the component 'modules/filemanager/FileManagerController.java'. | |||||
| CVE-2022-1637 | 1 Google | 2 Android, Chrome | 2022-10-26 | N/A | 4.3 MEDIUM |
| Inappropriate implementation in Web Contents in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2022-2160 | 3 Fedoraproject, Google, Microsoft | 3 Fedora, Chrome, Windows | 2022-10-26 | N/A | 6.5 MEDIUM |
| Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 103.0.5060.53 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from a user's local files via a crafted HTML page. | |||||
| CVE-2022-1875 | 1 Google | 1 Chrome | 2022-10-26 | N/A | 4.3 MEDIUM |
| Inappropriate implementation in PDF in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2022-1873 | 1 Google | 1 Chrome | 2022-10-26 | N/A | 6.5 MEDIUM |
| Insufficient policy enforcement in COOP in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2022-27912 | 1 Joomla | 1 Joomla\! | 2022-10-26 | N/A | 5.3 MEDIUM |
| An issue was discovered in Joomla! 4.0.0 through 4.2.3. Sites with publicly enabled debug mode exposed data of previous requests. | |||||
| CVE-2021-46744 | 1 Amd | 198 Epyc 7001, Epyc 7001 Firmware, Epyc 7002 and 195 more | 2022-10-25 | 2.1 LOW | 6.5 MEDIUM |
| An attacker with access to a malicious hypervisor may be able to infer data values used in a SEV guest on AMD CPUs by monitoring ciphertext values over time. | |||||
| CVE-2022-39315 | 1 Getkirby | 1 Kirby | 2022-10-25 | N/A | 5.3 MEDIUM |
| Kirby is a Content Management System. Prior to versions 3.5.8.2, 3.6.6.2, 3.7.5.1, and 3.8.1, a user enumeration vulnerability affects all Kirby sites with user accounts unless Kirby's API and Panel are disabled in the config. It can only be exploited for targeted attacks because the attack does not scale to brute force. The problem has been patched in Kirby 3.5.8.2, Kirby 3.6.6.2, Kirby 3.7.5.1, and Kirby 3.8.1. In all of the mentioned releases, the maintainers have rewritten the affected code so that the delay is also inserted after the brute force limit is reached. | |||||
| CVE-2021-28623 | 2 Adobe, Microsoft | 2 Premiere Elements, Windows | 2022-10-25 | 2.1 LOW | 5.5 MEDIUM |
| Adobe Premiere Elements version 5.2 (and earlier) is affected by an insecure temporary file creation vulnerability. An unauthenticated attacker could leverage this vulnerability to call functions against the installer to perform high privileged actions. Exploitation of this issue does not require user interaction. | |||||
| CVE-2021-25652 | 1 Avaya | 1 Aura Appliance Virtualization Platform | 2022-10-25 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Appliance Virtualization Platform Utilities (AVPU). This vulnerability may potentially allow any local user to access system functionality and configuration information that should only be available to a privileged user. Affects versions 8.0.0.0 through 8.1.3.1 of AVPU. | |||||
| CVE-2021-22118 | 3 Netapp, Oracle, Vmware | 32 Hci, Management Services For Element Software, Commerce Guided Search and 29 more | 2022-10-25 | 4.6 MEDIUM | 7.8 HIGH |
| In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data. | |||||