Total
7971 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-21421 | 1 Node-etsy-client Project | 1 Node-etsy-client | 2022-10-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| node-etsy-client is a NodeJs Etsy ReST API Client. Applications that are using node-etsy-client and reporting client error to the end user will offer api key value too This is fixed in node-etsy-client v0.3.0 and later. | |||||
| CVE-2021-21364 | 1 Smartbear | 1 Swagger-codegen | 2022-10-21 | 2.1 LOW | 5.5 MEDIUM |
| swagger-codegen is an open-source project which contains a template-driven engine to generate documentation, API clients and server stubs in different languages by parsing your OpenAPI / Swagger definition. In swagger-codegen before version 2.4.19, on Unix-Like systems, the system temporary directory is shared between all local users. When files/directories are created, the default `umask` settings for the process are respected. As a result, by default, most processes/apis will create files/directories with the permissions `-rw-r--r--` and `drwxr-xr-x` respectively, unless an API that explicitly sets safe file permissions is used. Because this vulnerability impacts generated code, the generated code will remain vulnerable until fixed manually! This vulnerability is fixed in version 2.4.19. Note this is a distinct vulnerability from CVE-2021-21363. | |||||
| CVE-2022-39309 | 1 Thoughtworks | 1 Gocd | 2022-10-21 | N/A | 6.5 MEDIUM |
| GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions prior to 21.1.0 leak the symmetric key used to encrypt/decrypt any secure variables/secrets in GoCD configuration to authenticated agents. A malicious/compromised agent may then expose that key from memory, and potentially allow an attacker the ability to decrypt secrets intended for other agents/environments if they also are able to obtain access to encrypted configuration values from the GoCD server. This issue is fixed in GoCD version 21.1.0. There are currently no known workarounds. | |||||
| CVE-2020-8975 | 1 Zigor | 2 Zgr Tps200 Ng, Zgr Tps200 Ng Firmware | 2022-10-20 | N/A | 7.5 HIGH |
| ZGR TPS200 NG in its 2.00 firmware version and 1.01 hardware version, allows a remote attacker with access to the web application and knowledge of the routes (URIs) used by the application, to access sensitive information about the system. | |||||
| CVE-2022-3501 | 1 Otrs | 1 Otrs | 2022-10-20 | N/A | 7.5 HIGH |
| Article template contents with sensitive data could be accessed from agents without permissions. | |||||
| CVE-2022-39201 | 1 Grafana | 1 Grafana | 2022-10-19 | N/A | 7.5 HIGH |
| Grafana is an open source observability and data visualization platform. Starting with version 5.0.0-beta1 and prior to versions 8.5.14 and 9.1.8, Grafana could leak the authentication cookie of users to plugins. The vulnerability impacts data source and plugin proxy endpoints under certain conditions. The destination plugin could receive a user's Grafana authentication cookie. Versions 9.1.8 and 8.5.14 contain a patch for this issue. There are no known workarounds. | |||||
| CVE-2021-28566 | 1 Magento | 1 Magento | 2022-10-18 | 4.0 MEDIUM | 2.7 LOW |
| Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are vulnerable to an Information Disclosure vulnerability when uploading a modified png file to a product image. Successful exploitation could lead to the disclosure of document root path by an unauthenticated attacker. Access to the admin console is required for successful exploitation. | |||||
| CVE-2021-28805 | 1 Qnap | 5 Qss, Qsw-m2108-2c, Qsw-m2108-2s and 2 more | 2022-10-18 | 2.1 LOW | 5.5 MEDIUM |
| Inclusion of sensitive information in the source code has been reported to affect certain QNAP switches running QSS. If exploited, this vulnerability allows attackers to read application data. This issue affects: QNAP Systems Inc. QSS versions prior to 1.0.3 build 20210505 on QSW-M2108-2C; versions prior to 1.0.3 build 20210505 on QSW-M2108-2S; versions prior to 1.0.3 build 20210505 on QSW-M2108R-2C; versions prior to 1.0.12 build 20210506 on QSW-M408. | |||||
| CVE-2022-38689 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2022-10-17 | N/A | 5.5 MEDIUM |
| In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | |||||
| CVE-2022-38688 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2022-10-17 | N/A | 5.5 MEDIUM |
| In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | |||||
| CVE-2022-31130 | 1 Grafana | 1 Grafana | 2022-10-17 | N/A | 7.5 HIGH |
| Grafana is an open source observability and data visualization platform. Versions of Grafana for endpoints prior to 9.1.8 and 8.5.14 could leak authentication tokens to some destination plugins under some conditions. The vulnerability impacts data source and plugin proxy endpoints with authentication tokens. The destination plugin could receive a user's Grafana authentication token. Versions 9.1.8 and 8.5.14 contain a patch for this issue. As a workaround, do not use API keys, JWT authentication, or any HTTP Header based authentication. | |||||
| CVE-2022-33919 | 1 Dell | 1 Geodrive | 2022-10-14 | N/A | 7.8 HIGH |
| Dell GeoDrive, versions 2.1 - 2.2, contains an information disclosure vulnerability in GUI. An authenticated non-admin user could potentially exploit this vulnerability and view sensitive information. | |||||
| CVE-2022-0854 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2022-10-14 | 2.1 LOW | 5.5 MEDIUM |
| A memory leak flaw was found in the Linux kernel’s DMA subsystem, in the way a user calls DMA_FROM_DEVICE. This flaw allows a local user to read random memory from the kernel space. | |||||
| CVE-2019-6177 | 1 Lenovo | 1 Solution Center | 2022-10-14 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability reported in Lenovo Solution Center version 03.12.003, which is no longer supported, could allow log files to be written to non-standard locations, potentially leading to privilege escalation. Lenovo ended support for Lenovo Solution Center and recommended that customers migrate to Lenovo Vantage or Lenovo Diagnostics in April 2018. | |||||
| CVE-2019-7259 | 1 Nortekcontrol | 4 Linear Emerge Elite, Linear Emerge Elite Firmware, Linear Emerge Essential and 1 more | 2022-10-14 | 4.0 MEDIUM | 8.8 HIGH |
| Linear eMerge E3-Series devices allow Authorization Bypass with Information Disclosure. | |||||
| CVE-2022-35296 | 1 Sap | 1 Businessobjects Business Intelligence | 2022-10-12 | N/A | 4.9 MEDIUM |
| Under certain conditions, the application SAP BusinessObjects Business Intelligence Platform (Version Management System) exposes sensitive information to an actor over the network with high privileges that is not explicitly authorized to have access to that information, leading to a high impact on Confidentiality. | |||||
| CVE-2022-40177 | 1 Siemens | 20 Desigo Pxm30-1, Desigo Pxm30-1 Firmware, Desigo Pxm30.e and 17 more | 2022-10-12 | N/A | 5.7 MEDIUM |
| A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM30.E (All versions < V02.20.126.11-41), Desigo PXM40-1 (All versions < V02.20.126.11-41), Desigo PXM40.E (All versions < V02.20.126.11-41), Desigo PXM50-1 (All versions < V02.20.126.11-41), Desigo PXM50.E (All versions < V02.20.126.11-41), PXG3.W100-1 (All versions < V02.20.126.11-37), PXG3.W100-2 (All versions < V02.20.126.11-41), PXG3.W200-1 (All versions < V02.20.126.11-37), PXG3.W200-2 (All versions < V02.20.126.11-41). Endpoints of the “Operation” web application that interpret and execute Axon language queries allow file read access to the device file system with root privileges. By supplying specific I/O related Axon queries, a remote low-privileged attacker can read sensitive files on the device. | |||||
| CVE-2022-39848 | 1 Google | 1 Android | 2022-10-08 | N/A | 3.3 LOW |
| Exposure of sensitive information in AT_Distributor prior to SMR Oct-2022 Release 1 allows local attacker to access SerialNo via log. | |||||
| CVE-2022-39856 | 1 Google | 1 Android | 2022-10-08 | N/A | 3.3 LOW |
| Improper access control vulnerability in imsservice application prior to SMR Oct-2022 Release 1 allows local attackers to access call information. | |||||
| CVE-2022-39859 | 1 Samsung | 1 Uphelper Library | 2022-10-07 | N/A | 3.3 LOW |
| Implicit intent hijacking vulnerability in UPHelper library prior to version 3.0.12 allows attackers to access sensitive information via implicit intent. | |||||