Total
7971 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-26847 | 2 Debian, Spip | 2 Debian Linux, Spip | 2022-03-18 | 5.0 MEDIUM | 5.3 MEDIUM |
| SPIP before 3.2.14 and 4.x before 4.0.5 allows unauthenticated access to information about editorial objects. | |||||
| CVE-2022-24398 | 1 Sap | 1 Business Objects Business Intelligence Platform | 2022-03-16 | 3.5 LOW | 6.5 MEDIUM |
| Under certain conditions SAP Business Objects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker to access information which would otherwise be restricted. | |||||
| CVE-2021-4023 | 2 Fedoraproject, Linux | 2 Fedora, Linux Kernel | 2022-03-15 | 4.9 MEDIUM | 5.5 MEDIUM |
| A flaw was found in the io-workqueue implementation in the Linux kernel versions prior to 5.15-rc1. The kernel can panic when an improper cancellation operation triggers the submission of new io-uring operations during a shortage of free space. This flaw allows a local user with permissions to execute io-uring requests to possibly crash the system. | |||||
| CVE-2020-14112 | 1 Mi | 2 Ax6000, Ax6000 Firmware | 2022-03-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| Information Leak Vulnerability exists in the Xiaomi Router AX6000. The vulnerability is caused by incorrect routing configuration. Attackers can exploit this vulnerability to download part of the files in Xiaomi Router AX6000. | |||||
| CVE-2021-22783 | 1 Schneider-electric | 1 Ritto Wiser Door | 2022-03-12 | 4.8 MEDIUM | 7.6 HIGH |
| A CWE-200: Information Exposure vulnerability exists which could allow a session hijack when the door panel is communicating with the door. Affected Product: Ritto Wiser Door (All versions) | |||||
| CVE-2015-3269 | 2 Adobe, Hp | 2 Livecycle Data Services, Business Service Management | 2022-03-11 | 5.0 MEDIUM | N/A |
| Apache Flex BlazeDS, as used in flex-messaging-core.jar in Adobe LiveCycle Data Services (LCDS) 3.0.x before 3.0.0.354170, 4.5 before 4.5.1.354169, 4.6.2 before 4.6.2.354169, and 4.7 before 4.7.0.354169 and other products, allows remote attackers to read arbitrary files via an AMF message containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
| CVE-2022-22303 | 1 Fortinet | 1 Fortimanager | 2022-03-10 | 2.1 LOW | 5.5 MEDIUM |
| An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiManager versions prior to 7.0.2, 6.4.7 and 6.2.9 may allow a low privileged authenticated user to gain access to the FortiGate users credentials via the config conflict file. | |||||
| CVE-2018-19205 | 1 Roundcube | 1 Webmail | 2022-03-10 | 5.0 MEDIUM | 7.5 HIGH |
| Roundcube before 1.3.7 mishandles GnuPG MDC integrity-protection warnings, which makes it easier for attackers to obtain sensitive information, a related issue to CVE-2017-17688. This is associated with plugins/enigma/lib/enigma_driver_gnupg.php. | |||||
| CVE-2021-4076 | 1 Tang Project | 1 Tang | 2022-03-09 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw exists in tang, a network-based cryptographic binding server, which could result in leak of private keys. | |||||
| CVE-2022-23779 | 1 Zohocorp | 1 Manageengine Desktop Central | 2022-03-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the installed server name to anyone. The internal hostname can be discovered by reading HTTP redirect responses. | |||||
| CVE-2019-18332 | 1 Siemens | 1 Sppa-t3000 Application Server | 2022-03-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could gain access to directory listings of the server by sending specifically crafted packets to 80/tcp, 8095/tcp or 8080/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2019-18333 | 1 Siemens | 1 Sppa-t3000 Application Server | 2022-03-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could gain access to filenames on the server by sending specifically crafted packets to 8090/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2019-18286 | 1 Siemens | 1 Sppa-t3000 Application Server | 2022-03-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). The Application Server exposes directory listings and files containing sensitive information. This vulnerability is independent from CVE-2019-18287. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2019-18287 | 1 Siemens | 1 Sppa-t3000 Application Server | 2022-03-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). The Application Server exposes directory listings and files containing sensitive information. This vulnerability is independent from CVE-2019-18286. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2019-18334 | 1 Siemens | 1 Sppa-t3000 Application Server | 2022-03-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could be able to enumerate valid user names by sending specifically crafted packets to 8090/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2019-18335 | 1 Siemens | 1 Sppa-t3000 Application Server | 2022-03-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could be able to gain access to logs and configuration files by sending specifically crafted packets to 80/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2019-18331 | 1 Siemens | 1 Sppa-t3000 Application Server | 2022-03-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could gain access to path and filenames on the server by sending specifically crafted packets to 1099/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2021-43951 | 1 Atlassian | 1 Jira Service Management | 2022-03-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view object import configuration details via an Information Disclosure vulnerability in the Create Object type mapping feature. The affected versions are before version 4.21.0. | |||||
| CVE-2021-43949 | 1 Atlassian | 1 Jira Service Management | 2022-03-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view private objects via a Broken Access Control vulnerability in the Custom Fields feature. The affected versions are before version 4.21.0. | |||||
| CVE-2022-24633 | 1 Filecloud | 1 Filecloud | 2022-03-02 | 5.0 MEDIUM | 5.3 MEDIUM |
| All versions of FileCloud prior to 21.3 are vulnerable to user enumeration. The vulnerability exists in the parameter "path" passing "/SHARED/<username>". A malicious actor could identify the existence of users by requesting share information on specified share paths. | |||||