Total
7971 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-35936 | 1 Apache | 1 Airflow | 2022-10-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| If remote logging is not used, the worker (in the case of CeleryExecutor) or the scheduler (in the case of LocalExecutor) runs a Flask logging server and is listening on a specific port and also binds on 0.0.0.0 by default. This logging server had no authentication and allows reading log files of DAG jobs. This issue affects Apache Airflow < 2.1.2. | |||||
| CVE-2020-9386 | 1 Mahara | 1 Mahara | 2022-10-07 | 4.0 MEDIUM | 4.3 MEDIUM |
| In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before 19.10.2, file metadata information is disclosed to group members in the Elasticsearch result list despite them not having access to that artefact anymore. | |||||
| CVE-2020-35167 | 2 Dell, Oracle | 6 Bsafe Crypto-c-micro-edition, Bsafe Micro-edition-suite, Database and 3 more | 2022-10-06 | 7.5 HIGH | 9.8 CRITICAL |
| Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability. | |||||
| CVE-2020-11922 | 1 Wizconnected | 2 A60 Colors, A60 Colors Firmware | 2022-10-05 | 3.3 LOW | 4.3 MEDIUM |
| An issue was discovered in WiZ Colors A60 1.14.0. The device sends unnecessary information to the cloud controller server. Although this information is sent encrypted and has low risk in isolation, it decreases the privacy of the end user. The information sent includes the local IP address being used and the SSID of the Wi-Fi network the device is connected to. (Various resources such as wigle.net can be use for mapping of SSIDs to physical locations.) | |||||
| CVE-2022-0516 | 5 Debian, Fedoraproject, Linux and 2 more | 31 Debian Linux, Fedora, Linux Kernel and 28 more | 2022-10-04 | 4.6 MEDIUM | 7.8 HIGH |
| A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s390.c function in KVM for s390 in the Linux kernel. This flaw allows a local attacker with a normal user privilege to obtain unauthorized memory write access. This flaw affects Linux kernel versions prior to 5.17-rc4. | |||||
| CVE-2022-23726 | 1 Pingidentity | 1 Pingcentral | 2022-10-04 | N/A | 4.9 MEDIUM |
| PingCentral versions prior to listed versions expose Spring Boot actuator endpoints that with administrative authentication return large amounts of sensitive environmental and application information. | |||||
| CVE-2022-32540 | 1 Bosch | 3 Bosch Video Management System, Videojet Decoder 7513, Videojet Decoder 7513 Firmware | 2022-10-04 | N/A | 5.9 MEDIUM |
| Information Disclosure in Operator Client application in BVMS 10.1.1, 11.0 and 11.1.0 and VIDEOJET Decoder VJD-7513 versions 10.23 and 10.30 allows man-in-the-middle attacker to compromise confidential video stream. This is only applicable for UDP encryption when target system contains cameras with platform CPP13 or CPP14 and firmware version 8.x. | |||||
| CVE-2017-0885 | 1 Nextcloud | 1 Nextcloud Server | 2022-10-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| Nextcloud Server before 9.0.55 and 10.0.2 suffers from a error message disclosing existence of file in write-only share. Due to an error in the application logic an adversary with access to a write-only share may enumerate the names of existing files and subfolders by comparing the exception messages. | |||||
| CVE-2022-3348 | 1 Tooljet | 1 Tooljet | 2022-09-30 | N/A | 4.9 MEDIUM |
| Just like in the previous report, an attacker could steal the account of different users. But in this case, it's a little bit more specific, because it is needed to be an editor in the same app as the victim. | |||||
| CVE-2022-39258 | 1 Mailcow | 1 Mailcow\ | 2022-09-29 | N/A | 8.2 HIGH |
| mailcow is a mailserver suite. A vulnerability innversions prior to 2022-09 allows an attacker to craft a custom Swagger API template to spoof Authorize links. This could redirect a victim to an attacker controller place to steal Swagger authorization credentials or create a phishing page to steal other information. The issue has been fixed with the 2022-09 mailcow Mootember Update. As a workaround, one may delete the Swapper API Documentation from their e-mail server. | |||||
| CVE-2022-39029 | 1 Lcnet | 1 Smart Evision | 2022-09-29 | N/A | 6.5 MEDIUM |
| Smart eVision has inadequate authorization for the database query function. A remote attacker with general user privilege, who is not explicitly authorized to access the information, can access sensitive information. | |||||
| CVE-2022-39030 | 1 Lcnet | 1 Smart Evision | 2022-09-29 | N/A | 7.5 HIGH |
| smart eVision has inadequate authorization for system information query function. An unauthenticated remote attacker, who is not explicitly authorized to access the information, can access sensitive information. | |||||
| CVE-2022-39031 | 1 Lcnet | 1 Smart Evision | 2022-09-28 | N/A | 5.3 MEDIUM |
| Smart eVision has insufficient authorization for task acquisition function. An unauthorized remote attacker can exploit this vulnerability to acquire the Session IDs of other general users only. | |||||
| CVE-2022-32219 | 1 Rocket.chat | 1 Rocket.chat | 2022-09-27 | N/A | 4.3 MEDIUM |
| An information disclosure vulnerability exists in Rocket.Chat <v4.7.5 which allowed the "users.list" REST endpoint gets a query parameter from JSON and runs Users.find(queryFromClientSide). This means virtually any authenticated user can access any data (except password hashes) of any user authenticated. | |||||
| CVE-2022-40629 | 1 Tacitine | 4 En6200-prime Quad-100, En6200-prime Quad-100 Firmware, En6200-prime Quad-35 and 1 more | 2022-09-26 | N/A | 7.5 HIGH |
| This vulnerability exists in Tacitine Firewall, all versions of EN6200-PRIME QUAD-35 and EN6200-PRIME QUAD-100 between 19.1.1 to 22.20.1 (inclusive), due to insecure design in the Tacitine Firewall web-based management interface. An unauthenticated remote attacker could exploit this vulnerability by sending a specially crafted http request on the targeted device. Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to view sensitive information on the targeted device. | |||||
| CVE-2022-35247 | 1 Rocket.chat | 1 Rocket.chat | 2022-09-26 | N/A | 4.3 MEDIUM |
| A information disclosure vulnerability exists in Rocket.chat <v5, <v4.8.2 and <v4.7.5 where the lack of ACL checks in the getRoomRoles Meteor method leak channel members with special roles to unauthorized clients. | |||||
| CVE-2022-39230 | 1 Amazon | 1 Fhir-works-on-aws-authz-smart | 2022-09-26 | N/A | 6.5 MEDIUM |
| fhir-works-on-aws-authz-smart is an implementation of the authorization interface from the FHIR Works interface. Versions 3.1.1 and 3.1.2 are subject to Exposure of Sensitive Information to an Unauthorized Actor. This issue allows a client of the API to retrieve more information than the client’s OAuth scope permits when making “search-type” requests. This issue would not allow a client to retrieve information about individuals other than those the client was already authorized to access. Users of fhir-works-on-aws-authz-smart 3.1.1 or 3.1.2 should upgrade to version 3.1.3 or higher immediately. Versions 3.1.0 and below are unaffected. There is no workaround for this issue. | |||||
| CVE-2022-40194 | 1 Cusrev | 1 Customer Reviews For Woocommerce | 2022-09-26 | N/A | 7.5 HIGH |
| Unauthenticated Sensitive Information Disclosure vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPress | |||||
| CVE-2021-25464 | 1 Samsung | 1 Capture | 2022-09-23 | 2.1 LOW | 5.5 MEDIUM |
| An improper file management vulnerability in SamsungCapture prior to version 4.8.02 allows sensitive information leak. | |||||
| CVE-2021-25426 | 1 Google | 1 Android | 2022-09-23 | 5.0 MEDIUM | 7.5 HIGH |
| Improper component protection vulnerability in SmsViewerActivity of Samsung Message prior to SMR July-2021 Release 1 allows untrusted applications to access Message files. | |||||