Total
688 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-1128 | 2 Google, Microsoft | 2 Chrome, Windows | 2022-10-25 | N/A | 6.5 MEDIUM |
Inappropriate implementation in Web Share API in Google Chrome on Windows prior to 100.0.4896.60 allowed an attacker on the local network segment to leak cross-origin data via a crafted HTML page. | |||||
CVE-2022-1139 | 1 Google | 1 Chrome | 2022-10-25 | N/A | 6.5 MEDIUM |
Inappropriate implementation in Background Fetch API in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
CVE-2022-1137 | 1 Google | 1 Chrome | 2022-10-25 | N/A | 6.5 MEDIUM |
Inappropriate implementation in Extensions in Google Chrome prior to 100.0.4896.60 allowed an attacker who convinced a user to install a malicious extension to leak potentially sensitive information via a crafted HTML page. | |||||
CVE-2022-1138 | 1 Google | 1 Chrome | 2022-10-25 | N/A | 6.5 MEDIUM |
Inappropriate implementation in Web Cursor in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who had compromised the renderer process to obscure the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
CVE-2021-25364 | 1 Google | 1 Android | 2022-10-25 | 2.1 LOW | 3.3 LOW |
A pendingIntent hijacking vulnerability in Secure Folder prior to SMR APR-2021 Release 1 allows unprivileged applications to access contact information. | |||||
CVE-2021-22539 | 1 Google | 1 Bazel | 2022-10-25 | 6.8 MEDIUM | 7.8 HIGH |
An attacker can place a crafted JSON config file into the project folder pointing to a custom executable. VScode-bazel allows the workspace path to lint *.bzl files to be set via this config file. As such the attacker is able to execute any executable on the system through vscode-bazel. We recommend upgrading to version 0.4.1 or above. | |||||
CVE-2021-22549 | 1 Google | 1 Asylo | 2022-10-25 | 4.6 MEDIUM | 7.8 HIGH |
An attacker can modify the address to point to trusted memory to overwrite arbitrary trusted memory. It is recommended to update past 0.6.2 or git commit https://github.com/google/asylo/commit/53ed5d8fd8118ced1466e509606dd2f473707a5c | |||||
CVE-2021-22044 | 1 Vmware | 1 Spring Cloud Openfeign | 2022-10-25 | 5.0 MEDIUM | 7.5 HIGH |
In Spring Cloud OpenFeign 3.0.0 to 3.0.4, 2.2.0.RELEASE to 2.2.9.RELEASE, and older unsupported versions, applications using type-level `@RequestMapping`annotations over Feign client interfaces, can be involuntarily exposing endpoints corresponding to `@RequestMapping`-annotated interface methods. | |||||
CVE-2021-21430 | 1 Openapi-generator | 1 Openapi Generator | 2022-10-24 | 2.1 LOW | 5.5 MEDIUM |
OpenAPI Generator allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. Using `File.createTempFile` in JDK will result in creating and using insecure temporary files that can leave application and system data vulnerable to attacks. Auto-generated code (Java, Scala) that deals with uploading or downloading binary data through API endpoints will create insecure temporary files during the process. Affected generators: `java` (jersey2, okhttp-gson (default library)), `scala-finch`. The issue has been patched with `Files.createTempFile` and released in the v5.1.0 stable version. | |||||
CVE-2022-39309 | 1 Thoughtworks | 1 Gocd | 2022-10-21 | N/A | 6.5 MEDIUM |
GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions prior to 21.1.0 leak the symmetric key used to encrypt/decrypt any secure variables/secrets in GoCD configuration to authenticated agents. A malicious/compromised agent may then expose that key from memory, and potentially allow an attacker the ability to decrypt secrets intended for other agents/environments if they also are able to obtain access to encrypted configuration values from the GoCD server. This issue is fixed in GoCD version 21.1.0. There are currently no known workarounds. | |||||
CVE-2021-1423 | 1 Cisco | 14 Aironet 1540, Aironet 1560, Aironet 1800 and 11 more | 2022-10-21 | 2.1 LOW | 4.4 MEDIUM |
A vulnerability in the implementation of a CLI command in Cisco Aironet Access Points (AP) could allow an authenticated, local attacker to overwrite files in the flash memory of the device. This vulnerability is due to insufficient input validation for a specific command. An attacker could exploit this vulnerability by issuing a command with crafted arguments. A successful exploit could allow the attacker to overwrite or create files with data that is already present in other files that are hosted on the affected device. | |||||
CVE-2013-4253 | 1 Redhat | 1 Openshift | 2022-10-21 | N/A | 7.5 HIGH |
The deployment script in the unsupported "OpenShift Extras" set of add-on scripts, in Red Hat Openshift 1, installs a default public key in the root user's authorized_keys file. | |||||
CVE-2020-26868 | 1 Pcvuesolutions | 1 Pcvue | 2022-10-19 | 5.0 MEDIUM | 7.5 HIGH |
ARC Informatique PcVue prior to version 12.0.17 is vulnerable to a denial-of-service attack due to the ability of an unauthorized user to modify information used to validate messages sent by legitimate web clients. This issue also affects third-party systems based on the Web Services Toolkit. | |||||
CVE-2021-28597 | 3 Adobe, Apple, Microsoft | 3 Photoshop Elements, Macos, Windows | 2022-10-18 | 2.1 LOW | 5.5 MEDIUM |
Adobe Photoshop Elements version 5.2 (and earlier) is affected by an insecure temporary file creation vulnerability. An unauthenticated attacker could leverage this vulnerability to call functions against the installer to perform high privileged actions. Exploitation of this issue does not require user interaction. | |||||
CVE-2022-39015 | 1 Sap | 1 Business Objects Business Intelligence Platform | 2022-10-14 | N/A | 6.5 MEDIUM |
Under certain conditions, BOE AdminTools/ BOE SDK allows an attacker to access information which would otherwise be restricted. | |||||
CVE-2022-37974 | 1 Microsoft | 2 Windows 10, Windows 11 | 2022-10-12 | N/A | 6.5 MEDIUM |
Windows Mixed Reality Developer Tools Information Disclosure Vulnerability. | |||||
CVE-2022-26121 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2022-10-12 | N/A | 5.3 MEDIUM |
An exposure of resource to wrong sphere vulnerability [CWE-668] in FortiAnalyzer and FortiManager GUI 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11, 5.6.0 through 5.6.11 may allow an unauthenticated and remote attacker to access report template images via referencing the name in the URL path. | |||||
CVE-2022-37985 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-10-12 | N/A | 5.5 MEDIUM |
Windows Graphics Component Information Disclosure Vulnerability. | |||||
CVE-2022-39860 | 1 Samsung | 1 Quick Share | 2022-10-11 | N/A | 3.5 LOW |
Improper access control vulnerability in QuickShare prior to version 13.2.3.5 allows attackers to access sensitive information via implicit broadcast. | |||||
CVE-2022-39864 | 1 Samsung | 1 Smartthings | 2022-10-11 | N/A | 7.5 HIGH |
Improper access control vulnerability in WifiSetupLaunchHelper in SmartThings prior to version 1.7.89.25 allows attackers to access sensitive information via implicit intent. |