Total
7971 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-36835 | 1 Samsung | 1 Samsung Internet Browser | 2022-10-27 | N/A | 3.3 LOW |
| Implicit Intent hijacking vulnerability in Samsung Internet Browser prior to version 17.0.7.34 allows attackers to access arbitrary files. | |||||
| CVE-2021-36723 | 1 Emuse - Eservices \/ Envoice Project | 1 Emuse - Eservices \/ Envoice | 2022-10-27 | 5.0 MEDIUM | 7.5 HIGH |
| Emuse - eServices / eNvoice Exposure Of Private Personal Information due to lack of identification mechanisms and predictable IDs an attacker can scrape all the files on the service. | |||||
| CVE-2022-29244 | 2 Netapp, Npmjs | 2 Ontap Select Deploy Administration Utility, Npm | 2022-10-27 | 5.0 MEDIUM | 7.5 HIGH |
| npm pack ignores root-level .gitignore and .npmignore file exclusion directives when run in a workspace or with a workspace flag (ie. `--workspaces`, `--workspace=<name>`). Anyone who has run `npm pack` or `npm publish` inside a workspace, as of v7.9.0 and v7.13.0 respectively, may be affected and have published files into the npm registry they did not intend to include. Users should upgrade to the latest, patched version of npm v8.11.0, run: npm i -g npm@latest . Node.js versions v16.15.1, v17.19.1, and v18.3.0 include the patched v8.11.0 version of npm. | |||||
| CVE-2021-31352 | 1 Juniper | 1 Session And Resource Control | 2022-10-27 | 5.0 MEDIUM | 5.3 MEDIUM |
| An Information Exposure vulnerability in Juniper Networks SRC Series devices configured for NETCONF over SSH permits the negotiation of weak ciphers, which could allow a remote attacker to obtain sensitive information. A remote attacker with read and write access to network data could exploit this vulnerability to display plaintext bits from a block of ciphertext and obtain sensitive information. This issue affects all Juniper Networks SRC Series versions prior to 4.13.0-R6. | |||||
| CVE-2021-3031 | 1 Paloaltonetworks | 14 Pa-200, Pa-2020, Pa-2050 and 11 more | 2022-10-27 | 3.3 LOW | 4.3 MEDIUM |
| Padding bytes in Ethernet packets on PA-200, PA-220, PA-500, PA-800, PA-2000 Series, PA-3000 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series firewalls are not cleared before the data frame is created. This leaks a small amount of random information from the firewall memory into the Ethernet packets. An attacker on the same Ethernet subnet as the PAN-OS firewall is able to collect potentially sensitive information from these packets. This issue is also known as Etherleak and is detected by security scanners as CVE-2003-0001. This issue impacts: PAN-OS 8.1 version earlier than PAN-OS 8.1.18; PAN-OS 9.0 versions earlier than PAN-OS 9.0.12; PAN-OS 9.1 versions earlier than PAN-OS 9.1.5. | |||||
| CVE-2021-30638 | 1 Apache | 1 Tapestry | 2022-10-27 | 5.0 MEDIUM | 7.5 HIGH |
| Information Exposure vulnerability in context asset handling of Apache Tapestry allows an attacker to download files inside WEB-INF if using a specially-constructed URL. This was caused by an incomplete fix for CVE-2020-13953. This issue affects Apache Tapestry Apache Tapestry 5.4.0 version to Apache Tapestry 5.6.3; Apache Tapestry 5.7.0 version and Apache Tapestry 5.7.1. | |||||
| CVE-2021-37704 | 1 Phpfastcache | 1 Phpfastcache | 2022-10-27 | 4.0 MEDIUM | 4.3 MEDIUM |
| PhpFastCache is a high-performance backend cache system (packagist package phpfastcache/phpfastcache). In versions before 6.1.5, 7.1.2, and 8.0.7 the `phpinfo()` can be exposed if the `/vendor` is not protected from public access. This is a rare situation today since the vendor directory is often located outside the web directory or protected via server rule (.htaccess, etc). Only the v6, v7 and v8 will be patched respectively in 8.0.7, 7.1.2, 6.1.5. Older versions such as v5, v4 are not longer supported and will **NOT** be patched. As a workaround, protect the `/vendor` directory from public access. | |||||
| CVE-2017-8516 | 1 Microsoft | 1 Sql Server | 2022-10-27 | 5.0 MEDIUM | 7.5 HIGH |
| Microsoft SQL Server Analysis Services in Microsoft SQL Server 2012, Microsoft SQL Server 2014, and Microsoft SQL Server 2016 allows an information disclosure vulnerability when it improperly enforces permissions, aka "Microsoft SQL Server Analysis Services Information Disclosure Vulnerability". | |||||
| CVE-2022-22542 | 1 Sap | 1 S\/4hana | 2022-10-26 | 4.0 MEDIUM | 6.5 MEDIUM |
| S/4HANA Supplier Factsheet exposes the private address and bank details of an Employee Business Partner with Supplier Role, AND Enterprise Search for Customer, Supplier and Business Partner objects exposes the private address fields of Employee Business Partners, to an actor that is not explicitly authorized to have access to that information, which could compromise Confidentiality. | |||||
| CVE-2020-12966 | 1 Amd | 214 Epyc 7001, Epyc 7001 Firmware, Epyc 7002 and 211 more | 2022-10-26 | 2.1 LOW | 5.5 MEDIUM |
| AMD EPYC™ Processors contain an information disclosure vulnerability in the Secure Encrypted Virtualization with Encrypted State (SEV-ES) and Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP). A local authenticated attacker could potentially exploit this vulnerability leading to leaking guest data by the malicious hypervisor. | |||||
| CVE-2022-22545 | 1 Sap | 1 Netweaver Abap | 2022-10-25 | 4.0 MEDIUM | 4.9 MEDIUM |
| A high privileged user who has access to transaction SM59 can read connection details stored with the destination for http calls in SAP NetWeaver Application Server ABAP and ABAP Platform - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756. | |||||
| CVE-2021-3503 | 1 Redhat | 1 Wildfly | 2022-10-25 | 4.0 MEDIUM | 4.3 MEDIUM |
| A flaw was found in Wildfly where insufficient RBAC restrictions may lead to expose metrics data. The highest threat from this vulnerability is to the confidentiality. | |||||
| CVE-2021-31918 | 1 Redhat | 1 Openstack | 2022-10-25 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was found in tripleo-ansible version as shipped in Red Hat Openstack 16.1. The Ansible log file is readable to all users during stack update and creation. The highest threat from this vulnerability is to data confidentiality. | |||||
| CVE-2021-30169 | 1 Meritlilin | 82 P2g1022, P2g1022 Firmware, P2g1022x and 79 more | 2022-10-25 | 5.0 MEDIUM | 7.5 HIGH |
| The sensitive information of webcam device is not properly protected. Remote attackers can unauthentically grant user’s credential. | |||||
| CVE-2021-30168 | 1 Meritlilin | 82 P2g1022, P2g1022 Firmware, P2g1022x and 79 more | 2022-10-25 | 7.5 HIGH | 9.8 CRITICAL |
| The sensitive information of webcam device is not properly protected. Remote attackers can unauthentically grant administrator’s credential and further control the devices. | |||||
| CVE-2021-39327 | 1 Ait-pro | 1 Bulletproof Security | 2022-10-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible ~/db_backup_log.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This affects versions up to, and including, 5.1. | |||||
| CVE-2021-25364 | 1 Google | 1 Android | 2022-10-25 | 2.1 LOW | 3.3 LOW |
| A pendingIntent hijacking vulnerability in Secure Folder prior to SMR APR-2021 Release 1 allows unprivileged applications to access contact information. | |||||
| CVE-2021-22134 | 2 Elastic, Oracle | 2 Elasticsearch, Communications Cloud Native Core Automated Test Suite | 2022-10-25 | 4.0 MEDIUM | 4.3 MEDIUM |
| A document disclosure flaw was found in Elasticsearch versions after 7.6.0 and before 7.11.0 when Document or Field Level Security is used. Get requests do not properly apply security permissions when executing a query against a recently updated document. This affects documents that have been updated and not yet refreshed in the index. This could result in the search disclosing the existence of documents and fields the attacker should not be able to view. | |||||
| CVE-2021-22044 | 1 Vmware | 1 Spring Cloud Openfeign | 2022-10-25 | 5.0 MEDIUM | 7.5 HIGH |
| In Spring Cloud OpenFeign 3.0.0 to 3.0.4, 2.2.0.RELEASE to 2.2.9.RELEASE, and older unsupported versions, applications using type-level `@RequestMapping`annotations over Feign client interfaces, can be involuntarily exposing endpoints corresponding to `@RequestMapping`-annotated interface methods. | |||||
| CVE-2021-21564 | 1 Dell | 1 Openmanage Enterprise | 2022-10-25 | 7.5 HIGH | 9.8 CRITICAL |
| Dell OpenManage Enterprise versions prior to 3.6.1 contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to hijack an elevated session or perform unauthorized actions by sending malformed data. | |||||