Total
594 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-26850 | 1 Apache | 1 Nifi | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
| When creating or updating credentials for single-user access, Apache NiFi wrote a copy of the Login Identity Providers configuration to the operating system temporary directory. On most platforms, the operating system temporary directory has global read permissions. NiFi immediately moved the temporary file to the final configuration directory, which significantly limited the window of opportunity for access. NiFi 1.16.0 includes updates to replace the Login Identity Providers configuration without writing a file to the operating system temporary directory. | |||||
| CVE-2022-32530 | 1 Schneider-electric | 1 Geo Scada Mobile | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
| A CWE-668 Exposure of Resource to Wrong Sphere vulnerability exists that could cause users to be misled, hiding alarms, showing the wrong server connection option or the wrong control request when a mobile device has been compromised by a malicious application. Affected Product: Geo SCADA Mobile (Build 222 and prior) | |||||
| CVE-2021-28488 | 1 Ericsson | 1 Network Manager | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| Ericsson Network Manager (ENM) before 21.2 has incorrect access-control behavior (that only affects the level of access available to persons who were already granted a highly privileged role). Users in the same AMOS authorization group can retrieve managed-network data that was not set to be accessible to the entire group (i.e., was only set to be accessible to a subset of that group). | |||||
| CVE-2022-25041 | 1 Open-emr | 1 Openemr | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
| OpenEMR v6.0.0 was discovered to contain an incorrect access control issue. | |||||
| CVE-2022-21947 | 1 Suse | 1 Rancher Desktop | 2023-12-10 | 5.8 MEDIUM | 8.8 HIGH |
| A Exposure of Resource to Wrong Sphere vulnerability in Rancher Desktop of SUSE allows attackers in the local network to connect to the Dashboard API (steve) to carry out arbitrary actions. This issue affects: SUSE Rancher Desktop versions prior to V. | |||||
| CVE-2020-25459 | 1 Webank | 1 Federated Ai Technology Enabler | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in function sync_tree in hetero_decision_tree_guest.py in WeBank FATE (Federated AI Technology Enabler) 0.1 through 1.4.2 allows attackers to read sensitive information during the training process of machine learning joint modeling. | |||||
| CVE-2022-31845 | 1 Wavlink | 2 Wn535g3, Wn535g3 Firmware | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in live_check.shtml of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to obtain sensitive router information via execution of the exec cmd function. | |||||
| CVE-2021-42712 | 1 Splashtop | 1 Streamer | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
| Splashtop Streamer through 3.4.8.3 creates a Temporary File in a Directory with Insecure Permissions. | |||||
| CVE-2021-22057 | 2 Linux, Vmware | 2 Linux Kernel, Workspace One Access | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
| VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 contain an authentication bypass vulnerability. A malicious actor, who has successfully provided first-factor authentication, may be able to obtain second-factor authentication provided by VMware Verify. | |||||
| CVE-2021-39915 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| Improper access control in the GraphQL API in GitLab CE/EE affecting all versions starting from 13.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker to see the names of project access tokens on arbitrary projects | |||||
| CVE-2021-42254 | 1 Beyondtrust | 1 Privilege Management For Windows | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
| BeyondTrust Privilege Management prior to version 21.6 creates a Temporary File in a Directory with Insecure Permissions. | |||||
| CVE-2021-36319 | 1 Dell | 1 Networking Os10 | 2023-12-10 | 2.1 LOW | 3.3 LOW |
| Dell Networking OS10 versions 10.4.3.x, 10.5.0.x and 10.5.1.x contain an information exposure vulnerability. A low privileged authenticated malicious user can gain access to SNMP authentication failure messages. | |||||
| CVE-2021-34761 | 1 Cisco | 3 Firepower Management Center Virtual Appliance, Firepower Threat Defense, Sourcefire Defense Center | 2023-12-10 | 6.6 MEDIUM | 6.0 MEDIUM |
| A vulnerability in Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to overwrite or append arbitrary data to system files using root-level privileges. The attacker must have administrative credentials on the device. This vulnerability is due to incomplete validation of user input for a specific CLI command. An attacker could exploit this vulnerability by authenticating to the device with administrative privileges and issuing a CLI command with crafted user parameters. A successful exploit could allow the attacker to overwrite or append arbitrary data to system files using root-level privileges. | |||||
| CVE-2021-23034 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2023-12-10 | 7.1 HIGH | 7.5 HIGH |
| On BIG-IP version 16.x before 16.1.0 and 15.1.x before 15.1.3.1, when a DNS profile using a DNS cache resolver is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2022-22154 | 1 Juniper | 1 Junos | 2023-12-10 | 4.6 MEDIUM | 6.8 MEDIUM |
| In a Junos Fusion scenario an External Control of Critical State Data vulnerability in the Satellite Device (SD) control state machine of Juniper Networks Junos OS allows an attacker who is able to make physical changes to the cabling of the device to cause a denial of service (DoS). An SD can get rebooted and subsequently controlled by an Aggregation Device (AD) which does not belong to the original Fusion setup and is just connected to an extended port of the SD. To carry out this attack the attacker needs to have physical access to the cabling between the SD and the original AD. This issue affects: Juniper Networks Junos OS 16.1R1 and later versions prior to 18.4R3-S10; 19.1 versions prior to 19.1R3-S7; 19.2 versions prior to 19.2R3-S4. This issue does not affect Juniper Networks Junos OS versions prior to 16.1R1. | |||||
| CVE-2021-26312 | 1 Amd | 114 Epyc 7232p, Epyc 7232p Firmware, Epyc 7251 and 111 more | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
| Failure to flush the Translation Lookaside Buffer (TLB) of the I/O memory management unit (IOMMU) may lead an IO device to write to memory it should not be able to access, resulting in a potential loss of integrity. | |||||
| CVE-2021-22468 | 1 Huawei | 1 Harmonyos | 2023-12-10 | 2.1 LOW | 3.3 LOW |
| A component of the HarmonyOS has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability. Local attackers may exploit this vulnerability to cause kernel address leakage. | |||||
| CVE-2021-38505 | 2 Microsoft, Mozilla | 4 Windows 10, Firefox, Firefox Esr and 1 more | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| Microsoft introduced a new feature in Windows 10 known as Cloud Clipboard which, if enabled, will record data copied to the clipboard to the cloud, and make it available on other computers in certain scenarios. Applications that wish to prevent copied data from being recorded in Cloud History must use specific clipboard formats; and Firefox before versions 94 and ESR 91.3 did not implement them. This could have caused sensitive data to be recorded to a user's Microsoft account. *This bug only affects Firefox for Windows 10+ with Cloud Clipboard enabled. Other operating systems are unaffected.*. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. | |||||
| CVE-2021-42536 | 1 Emerson | 6 Wireless 1410 Gateway, Wireless 1410 Gateway Firmware, Wireless 1410d Gateway and 3 more | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| The affected product is vulnerable to a disclosure of peer username and password by allowing all users access to read global variables. | |||||
| CVE-2021-1918 | 1 Qualcomm | 60 Qca6391, Qca6391 Firmware, Qcm6490 and 57 more | 2023-12-10 | 2.1 LOW | 6.5 MEDIUM |
| Improper handling of resource allocation in virtual machines can lead to information exposure in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile | |||||