Total
596 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-1875 | 1 Google | 1 Chrome | 2023-12-10 | N/A | 4.3 MEDIUM |
Inappropriate implementation in PDF in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
CVE-2022-2610 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2023-12-10 | N/A | 6.5 MEDIUM |
Insufficient policy enforcement in Background Fetch in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
CVE-2021-0734 | 1 Google | 1 Android | 2023-12-10 | N/A | 5.5 MEDIUM |
In Settings, there is a possible way to determine whether an app is installed without query permissions, due to side channel information disclosure. This could lead to local information disclosure of an installed package, without proper query permissions, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-189122911 | |||||
CVE-2022-34867 | 1 Wp Libre Form Project | 1 Wp Libre Form | 2023-12-10 | N/A | 6.5 MEDIUM |
Unauthenticated Sensitive Information Disclosure vulnerability in WP Libre Form 2 plugin <= 2.0.8 at WordPress allows attackers to list and delete submissions. Affects only versions from 2.0.0 to 2.0.8. | |||||
CVE-2022-39015 | 1 Sap | 1 Business Objects Business Intelligence Platform | 2023-12-10 | N/A | 6.5 MEDIUM |
Under certain conditions, BOE AdminTools/ BOE SDK allows an attacker to access information which would otherwise be restricted. | |||||
CVE-2022-34047 | 1 Wavlink | 2 Wl-wn530hg4, Wl-wn530hg4 Firmware | 2023-12-10 | N/A | 7.5 HIGH |
An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows attackers to obtain usernames and passwords via view-source:http://IP_ADDRESS/set_safety.shtml?r=52300 and searching for [var syspasswd]. | |||||
CVE-2022-24139 | 1 Iobit | 1 Advanced System Care | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
In IOBit Advanced System Care (AscService.exe) 15, an attacker with SEImpersonatePrivilege can create a named pipe with the same name as one of ASCService's named pipes. ASCService first tries to connect before trying to create the named pipes, because of that during login the service will try to connect to the attacker which will lead to either escalation of privileges (through token manipulation and ImpersonateNamedPipeClient() ) from ADMIN -> SYSTEM or from Local ADMIN-> Domain ADMIN depending on the user and named pipe that is used. | |||||
CVE-2022-1137 | 1 Google | 1 Chrome | 2023-12-10 | N/A | 6.5 MEDIUM |
Inappropriate implementation in Extensions in Google Chrome prior to 100.0.4896.60 allowed an attacker who convinced a user to install a malicious extension to leak potentially sensitive information via a crafted HTML page. | |||||
CVE-2013-4253 | 1 Redhat | 1 Openshift | 2023-12-10 | N/A | 7.5 HIGH |
The deployment script in the unsupported "OpenShift Extras" set of add-on scripts, in Red Hat Openshift 1, installs a default public key in the root user's authorized_keys file. | |||||
CVE-2022-29850 | 1 Lexmark | 234 B2236, B2236 Firmware, B2338 and 231 more | 2023-12-10 | N/A | 8.1 HIGH |
Various Lexmark products through 2022-04-27 allow an attacker who has already compromised an affected Lexmark device to maintain persistence across reboots. | |||||
CVE-2020-27601 | 1 Bigbluebutton | 1 Bigbluebutton | 2023-12-10 | N/A | 3.5 LOW |
In BigBlueButton before 2.2.7, lockSettingsProps.disablePrivateChat does not apply to already opened chats. This occurs in bigbluebutton-html5/imports/ui/components/chat/service.js. | |||||
CVE-2022-28160 | 1 Jenkins | 1 Tests Selector | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
Jenkins Tests Selector Plugin 1.3.3 and earlier allows users with Item/Configure permission to read arbitrary files on the Jenkins controller. | |||||
CVE-2022-25236 | 4 Debian, Libexpat Project, Oracle and 1 more | 5 Debian Linux, Libexpat, Http Server and 2 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs. | |||||
CVE-2022-24747 | 1 Shopware | 1 Shopware | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. Affected versions of shopware do no properly set sensitive HTTP headers to be non-cacheable. If there is an HTTP cache between the server and client then headers may be exposed via HTTP caches. This issue has been resolved in version 6.4.8.2. There are no known workarounds. | |||||
CVE-2021-20551 | 3 Ibm, Linux, Microsoft | 3 Jazz Team Server, Linux Kernel, Windows | 2023-12-10 | 2.1 LOW | 3.3 LOW |
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 199149. | |||||
CVE-2021-42255 | 1 Blueplanet-works | 1 Appguard | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
AppGuard Enterprise before 6.7.100.1 creates a Temporary File in a Directory with Insecure Permissions. Local users can gain SYSTEM privileges because a repair operation relies on the %TEMP% directory of an unprivileged user. | |||||
CVE-2022-27817 | 1 Waycrate | 1 Swhkd | 2023-12-10 | 3.6 LOW | 4.4 MEDIUM |
SWHKD 1.1.5 consumes the keyboard events of unintended users. This could potentially cause an information leak, but is usually a denial of functionality. | |||||
CVE-2022-24742 | 1 Sylius | 1 Sylius | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
Sylius is an open source eCommerce platform. Prior to versions 1.9.10, 1.10.11, and 1.11.2, any other user can view the data if browser tab remains unclosed after log out. The issue is fixed in versions 1.9.10, 1.10.11, and 1.11.2. A workaround is available. The application must strictly redirect to login page even browser back button is pressed. Another possibility is to set more strict cache policies for restricted content. | |||||
CVE-2022-28924 | 1 Universis | 1 Universis-students | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
An information disclosure vulnerability in UniverSIS-Students before v1.5.0 allows attackers to obtain sensitive information via a crafted GET request to the endpoint /api/students/me/courses/. | |||||
CVE-2022-27822 | 1 Google | 1 Android | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
Information exposure vulnerability in ril property setting prior to SMR April-2022 Release 1 allows access to EF_RUIMID value without permission. |