Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-7533 | 1 Schneider-electric | 32 140cpu65260, 140cpu65260 Firmware, 140noc77101 and 29 more | 2022-04-25 | 7.5 HIGH | 9.8 CRITICAL |
| A CWE-255: Credentials Management vulnerability exists in Web Server on Modicon M340, Modicon Quantum and ModiconPremium Legacy offers and their Communication Modules (see security notification for version information) which could cause the execution of commands on the webserver without authentication when sending specially crafted HTTP requests. | |||||
| CVE-2021-36205 | 1 Johnsoncontrols | 3 Metasys Application And Data Server, Metasys Extended Application And Data Server, Metasys Open Application Server | 2022-04-25 | 6.8 MEDIUM | 9.8 CRITICAL |
| Under certain circumstances the session token is not cleared on logout. | |||||
| CVE-2021-40531 | 2 Apple, Sketch | 2 Macos, Sketch | 2022-04-25 | 7.5 HIGH | 9.8 CRITICAL |
| Sketch before 75 allows library feeds to be used to bypass file quarantine. Files are automatically downloaded and opened, without the com.apple.quarantine extended attribute. This results in remote code execution, as demonstrated by CommandString in a terminal profile to Terminal.app. | |||||
| CVE-2020-2319 | 1 Jenkins | 1 Vmware Lab Manager Slaves | 2022-04-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins VMware Lab Manager Slaves Plugin 0.2.8 and earlier stores a password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | |||||
| CVE-2020-2318 | 1 Jenkins | 1 Mail Commander | 2022-04-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Mail Commander Plugin for Jenkins-ci Plugin 1.0.0 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. | |||||
| CVE-2020-2314 | 1 Jenkins | 1 Appspider | 2022-04-25 | 2.1 LOW | 5.5 MEDIUM |
| Jenkins AppSpider Plugin 1.0.12 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | |||||
| CVE-2020-2297 | 1 Jenkins | 1 Sms Notification | 2022-04-25 | 2.1 LOW | 3.3 LOW |
| Jenkins SMS Notification Plugin 1.2 and earlier stores an access token unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | |||||
| CVE-2020-2291 | 1 Jenkins | 1 Couchdb-statistics | 2022-04-25 | 2.1 LOW | 3.3 LOW |
| Jenkins couchdb-statistics Plugin 0.3 and earlier stores its server password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | |||||
| CVE-2020-16247 | 1 Philips | 1 Clinical Collaboration Platform | 2022-04-25 | 3.6 LOW | 7.1 HIGH |
| Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource. | |||||
| CVE-2022-21209 | 1 Fatek | 1 Fvdesigner | 2022-04-25 | 6.8 MEDIUM | 7.8 HIGH |
| The affected product is vulnerable to an out-of-bounds read while processing project files, which allows an attacker to craft a project file that would allow arbitrary code execution. | |||||
| CVE-2020-8342 | 1 Lenovo | 1 System Update | 2022-04-25 | 6.9 MEDIUM | 7.0 HIGH |
| A race condition vulnerability was reported in Lenovo System Update prior to version 5.07.0106 that could allow escalation of privilege. | |||||
| CVE-2020-15128 | 1 Octobercms | 1 October | 2022-04-25 | 3.5 LOW | 6.3 MEDIUM |
| In OctoberCMS before version 1.0.468, encrypted cookie values were not tied to the name of the cookie the value belonged to. This meant that certain classes of attacks that took advantage of other theoretical vulnerabilities in user facing code (nothing exploitable in the core project itself) had a higher chance of succeeding. Specifically, if your usage exposed a way for users to provide unfiltered user input and have it returned to them as an encrypted cookie (ex. storing a user provided search query in a cookie) they could then use the generated cookie in place of other more tightly controlled cookies; or if your usage exposed the plaintext version of an encrypted cookie at any point to the user they could theoretically provide encrypted content from your application back to it as an encrypted cookie and force the framework to decrypt it for them. Issue has been fixed in build 468 (v1.0.468). | |||||
| CVE-2020-12028 | 1 Rockwellautomation | 1 Factorytalk View | 2022-04-25 | 5.5 MEDIUM | 8.1 HIGH |
| In all versions of FactoryTalk View SEA remote, an authenticated attacker may be able to utilize certain handlers to interact with the data on the remote endpoint since those handlers do not enforce appropriate permissions. Rockwell Automation recommends enabling built in security features found within FactoryTalk View SE. Users should follow guidance found in knowledge base articles 109056 and 1126943 to set up IPSec and/or HTTPs. | |||||
| CVE-2020-10279 | 4 Aliasrobotics, Enabled-robotics, Mobile-industrial-robotics and 1 more | 20 Mir100, Mir1000, Mir1000 Firmware and 17 more | 2022-04-25 | 7.5 HIGH | 9.8 CRITICAL |
| MiR robot controllers (central computation unit) makes use of Ubuntu 16.04.2 an operating system, Thought for desktop uses, this operating system presents insecure defaults for robots. These insecurities include a way for users to escalate their access beyond what they were granted via file creation, access race conditions, insecure home directory configurations and defaults that facilitate Denial of Service (DoS) attacks. | |||||
| CVE-2020-1629 | 1 Juniper | 1 Junos | 2022-04-25 | 4.3 MEDIUM | 5.9 MEDIUM |
| A race condition vulnerability on Juniper Network Junos OS devices may cause the routing protocol daemon (RPD) process to crash and restart while processing a BGP NOTIFICATION message. This issue affects Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S6; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R2-S11, 17.1R3-S1; 17.2 versions prior to 17.2R1-S9, 17.2R3-S3; 17.2 version 17.2R2 and later versions; 17.2X75 versions prior to 17.2X75-D105, 17.2X75-D110; 17.3 versions prior to 17.3R2-S5, 17.3R3-S6; 17.4 versions prior to 17.4R2-S7, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3-S3; 18.2X75 versions prior to 18.2X75-D410, 18.2X75-D420, 18.2X75-D50, 18.2X75-D60; 18.3 versions prior to 18.3R1-S5, 18.3R2-S2, 18.3R3; 18.4 versions prior to 18.4R2-S2, 18.4R3; 19.1 versions prior to 19.1R1-S2, 19.1R2; 19.2 versions prior to 19.2R1-S4, 19.2R2. This issue does not affect Juniper Networks Junos OS prior to version 16.1R1. | |||||
| CVE-2021-40386 | 1 Kaseya | 1 Unitrends Backup | 2022-04-25 | 7.5 HIGH | 9.8 CRITICAL |
| Kaseya Unitrends Client/Agent through 10.5,5 allows remote attackers to execute arbitrary code. | |||||
| CVE-2020-1724 | 1 Redhat | 3 Keycloak, Openshift Application Runtimes, Single Sign-on | 2022-04-25 | 4.0 MEDIUM | 4.3 MEDIUM |
| A flaw was found in Keycloak in versions before 9.0.2. This flaw allows a malicious user that is currently logged in, to see the personal information of a previously logged out user in the account manager section. | |||||
| CVE-2020-1733 | 3 Debian, Fedoraproject, Redhat | 6 Debian Linux, Fedora, Ansible and 3 more | 2022-04-25 | 3.7 LOW | 5.0 MEDIUM |
| A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with "umask 77 && mkdir -p <dir>"; this operation does not fail if the directory already exists and is owned by another user. An attacker could take advantage to gain control of the become user as the target directory can be retrieved by iterating '/proc/<pid>/cmdline'. | |||||
| CVE-2020-2095 | 1 Jenkins | 1 Redgate Sql Change Automation | 2022-04-25 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins Redgate SQL Change Automation Plugin 2.0.4 and earlier stored an API key unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2021-43013 | 3 Adobe, Apple, Microsoft | 3 Media Encoder, Macos, Windows | 2022-04-25 | 9.3 HIGH | 7.8 HIGH |
| Adobe Media Encoder version 15.4.1 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||