Vulnerabilities (CVE)

Filtered by CWE-668
Total 538 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-35936 2022-08-06 N/A N/A
Ethermint is an Ethereum library. In Ethermint running versions before `v0.17.2`, the contract `selfdestruct` invocation permanently removes the corresponding bytecode from the internal database storage. However, due to a bug in the `DeleteAccount`function, all contracts that used the identical bytecode (i.e shared the same `CodeHash`) will also stop working once one contract invokes `selfdestruct`, even though the other contracts did not invoke the `selfdestruct` OPCODE. This vulnerability has been patched in Ethermint version v0.18.0. The patch has state machine-breaking changes for applications using Ethermint, so a coordinated upgrade procedure is required. A workaround is available. If a contract is subject to DoS due to this issue, the user can redeploy the same contract, i.e. with identical bytecode, so that the original contract's code is recovered. The new contract deployment restores the `bytecode hash -> bytecode` entry in the internal state.
CVE-2022-2370 1 Yaycommerce 1 Yaysmtp 2022-08-05 N/A 6.5 MEDIUM
The YaySMTP WordPress plugin before 2.2.1 does not have capability check before displaying the Mailer Credentials in JS code for the settings, allowing any authenticated users, such as subscriber to retrieve them
CVE-2022-35716 1 Ibm 1 Urbancode Deploy 2022-08-05 N/A 6.5 MEDIUM
IBM UrbanCode Deploy (UCD) 6.2.0.0 through 6.2.7.16, 7.0.0.0 through 7.0.5.11, 7.1.0.0 through 7.1.2.7, and 7.2.0.0 through 7.2.3.0 could allow an authenticated user to obtain sensitive information in some instances due to improper security checking. IBM X-Force ID: 231360.
CVE-2022-22334 1 Ibm 1 Robotic Process Automation 2022-08-04 N/A 4.3 MEDIUM
IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a user to access information from a tenant of which they should not have access. IBM X-Force ID: 219391.
CVE-2022-2479 1 Google 2 Android, Chrome 2022-08-04 N/A 4.3 MEDIUM
Insufficient validation of untrusted input in File in Google Chrome on Android prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious app to obtain potentially sensitive information from internal file directories via a crafted HTML page.
CVE-2021-44717 3 Debian, Golang, Opengroup 3 Debian Linux, Go, Unix 2022-08-04 5.8 MEDIUM 4.8 MEDIUM
Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion.
CVE-2022-36901 1 Jenkins 1 Http Request 2022-08-03 N/A 6.5 MEDIUM
Jenkins HTTP Request Plugin 1.15 and earlier stores HTTP Request passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.
CVE-2022-2160 3 Fedoraproject, Google, Microsoft 3 Fedora, Chrome, Windows 2022-08-03 N/A 6.5 MEDIUM
Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 103.0.5060.53 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from a user's local files via a crafted HTML page.
CVE-2022-1873 1 Google 1 Chrome 2022-08-03 N/A 6.5 MEDIUM
Insufficient policy enforcement in COOP in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2022-1875 1 Google 1 Chrome 2022-08-03 N/A 4.3 MEDIUM
Inappropriate implementation in PDF in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2022-29901 4 Fedoraproject, Intel, Vmware and 1 more 253 Fedora, Core I3-6100, Core I3-6100 Firmware and 250 more 2022-08-03 1.9 LOW 6.5 MEDIUM
Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions.
CVE-2022-23825 4 Amd, Debian, Fedoraproject and 1 more 249 A10-9600p, A10-9600p Firmware, A10-9630p and 246 more 2022-08-03 2.1 LOW 6.5 MEDIUM
Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure.
CVE-2022-34047 1 Wavlink 2 Wl-wn530hg4, Wl-wn530hg4 Firmware 2022-08-01 N/A 7.5 HIGH
An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows attackers to obtain usernames and passwords via view-source:http://IP_ADDRESS/set_safety.shtml?r=52300 and searching for [var syspasswd].
CVE-2022-35288 1 Ibm 1 Security Verify Information Queue 2022-08-01 N/A 6.5 MEDIUM
IBM Security Verify Information Queue 10.0.2 could allow a user to obtain sensitive information that could be used in further attacks against the system. IBM X-Force ID: 230818.
CVE-2021-25515 1 Google 1 Android 2022-08-01 2.1 LOW 3.3 LOW
An improper usage of implicit intent in SemRewardManager prior to SMR Dec-2021 Release 1 allows attackers to access BSSID.
CVE-2021-29768 1 Ibm 1 Cognos Analytics 2022-07-29 4.0 MEDIUM 6.5 MEDIUM
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a low level user to obtain sensitive information from the details of the 'Cloud Storage' page for which they should not have access. IBM X-Force ID: 202682.
CVE-2021-28168 2 Eclipse, Oracle 3 Jersey, Communications Cloud Native Core Policy, Communications Cloud Native Core Unified Data Repository 2022-07-29 2.1 LOW 5.5 MEDIUM
Eclipse Jersey 2.28 to 2.33 and Eclipse Jersey 3.0.0 to 3.0.1 contains a local information disclosure vulnerability. This is due to the use of the File.createTempFile which creates a file inside of the system temporary directory with the permissions: -rw-r--r--. Thus the contents of this file are viewable by all other users locally on the system. As such, if the contents written is security sensitive, it can be disclosed to other local users.
CVE-2022-1488 1 Google 1 Chrome 2022-07-28 N/A 4.3 MEDIUM
Inappropriate implementation in Extensions API in Google Chrome prior to 101.0.4951.41 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension.
CVE-2022-1501 1 Google 1 Chrome 2022-07-28 N/A 6.5 MEDIUM
Inappropriate implementation in iframe in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2022-1498 1 Google 1 Chrome 2022-07-28 N/A 4.3 MEDIUM
Inappropriate implementation in HTML Parser in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to leak cross-origin data via a crafted HTML page.