Total
621 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-41954 | 1 Mpxj | 1 Mpxj | 2024-11-21 | N/A | 3.3 LOW |
| MPXJ is an open source library to read and write project plans from a variety of file formats and databases. On Unix-like operating systems (not Windows or macos), MPXJ's use of `File.createTempFile(..)` results in temporary files being created with the permissions `-rw-r--r--`. This means that any other user on the system can read the contents of this file. When MPXJ is reading a schedule file which requires the creation of a temporary file or directory, a knowledgeable local user could locate these transient files while they are in use and would then be able to read the schedule being processed by MPXJ. The problem has been patched, MPXJ version 10.14.1 and later includes the necessary changes. Users unable to upgrade may set `java.io.tmpdir` to a directory to which only the user running the application has access will prevent other users from accessing these temporary files. | |||||
| CVE-2022-40525 | 1 Qualcomm | 62 Csr8811, Csr8811 Firmware, Ipq6000 and 59 more | 2024-11-21 | N/A | 7.1 HIGH |
| Information disclosure in Linux Networking Firmware due to unauthorized information leak during side channel analysis. | |||||
| CVE-2022-40523 | 1 Qualcomm | 370 9205 Lte Modem, 9205 Lte Modem Firmware, Aqt1000 and 367 more | 2024-11-21 | N/A | 7.1 HIGH |
| Information disclosure in Kernel due to indirect branch misprediction. | |||||
| CVE-2022-40234 | 1 Ibm | 1 Spectrum Protect Plus | 2024-11-21 | N/A | 5.9 MEDIUM |
| Versions of IBM Spectrum Protect Plus prior to 10.1.12 (excluding 10.1.12) include the private key information for a certificate inside the generated .crt file when uploading a TLS certificate to IBM Spectrum Protect Plus. If this generated .crt file is shared, an attacker can obtain the private key information for the uploaded certificate. IBM X-Force ID: 235718. | |||||
| CVE-2022-40210 | 1 Intel | 1 Data Center Manager | 2024-11-21 | N/A | 6.8 MEDIUM |
| Exposure of data element to wrong session in the Intel DCM software before version 5.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-39952 | 1 Fortinet | 1 Fortinac | 2024-11-21 | N/A | 9.8 CRITICAL |
| A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP request. | |||||
| CVE-2022-39871 | 1 Samsung | 1 Smartthings | 2024-11-21 | N/A | 4.0 MEDIUM |
| Improper access control vulnerability cloudNotificationManager.java in SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcasts. | |||||
| CVE-2022-39870 | 1 Samsung | 1 Smartthings | 2024-11-21 | N/A | 4.0 MEDIUM |
| Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via PUSH_MESSAGE_RECEIVED broadcast. | |||||
| CVE-2022-39869 | 1 Samsung | 1 Smartthings | 2024-11-21 | N/A | 4.0 MEDIUM |
| Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via REMOVE_PERSISTENT_BANNER broadcast. | |||||
| CVE-2022-39309 | 1 Thoughtworks | 1 Gocd | 2024-11-21 | N/A | 4.9 MEDIUM |
| GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions prior to 21.1.0 leak the symmetric key used to encrypt/decrypt any secure variables/secrets in GoCD configuration to authenticated agents. A malicious/compromised agent may then expose that key from memory, and potentially allow an attacker the ability to decrypt secrets intended for other agents/environments if they also are able to obtain access to encrypted configuration values from the GoCD server. This issue is fixed in GoCD version 21.1.0. There are currently no known workarounds. | |||||
| CVE-2022-39015 | 1 Sap | 1 Business Objects Business Intelligence Platform | 2024-11-21 | N/A | 6.5 MEDIUM |
| Under certain conditions, BOE AdminTools/ BOE SDK allows an attacker to access information which would otherwise be restricted. | |||||
| CVE-2022-38087 | 1 Intel | 934 Core I3-1000g1, Core I3-1000g1 Firmware, Core I3-1000g4 and 931 more | 2024-11-21 | N/A | 4.1 MEDIUM |
| Exposure of resource to wrong sphere in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access. | |||||
| CVE-2022-36901 | 1 Jenkins | 1 Http Request | 2024-11-21 | N/A | 6.5 MEDIUM |
| Jenkins HTTP Request Plugin 1.15 and earlier stores HTTP Request passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | |||||
| CVE-2022-35936 | 3 Crypto, Evmos, Kava | 4 Cronos, Ethermint, Evmos and 1 more | 2024-11-21 | N/A | 8.2 HIGH |
| Ethermint is an Ethereum library. In Ethermint running versions before `v0.17.2`, the contract `selfdestruct` invocation permanently removes the corresponding bytecode from the internal database storage. However, due to a bug in the `DeleteAccount`function, all contracts that used the identical bytecode (i.e shared the same `CodeHash`) will also stop working once one contract invokes `selfdestruct`, even though the other contracts did not invoke the `selfdestruct` OPCODE. This vulnerability has been patched in Ethermint version v0.18.0. The patch has state machine-breaking changes for applications using Ethermint, so a coordinated upgrade procedure is required. A workaround is available. If a contract is subject to DoS due to this issue, the user can redeploy the same contract, i.e. with identical bytecode, so that the original contract's code is recovered. The new contract deployment restores the `bytecode hash -> bytecode` entry in the internal state. | |||||
| CVE-2022-34867 | 1 Wp Libre Form Project | 1 Wp Libre Form | 2024-11-21 | N/A | 7.3 HIGH |
| Unauthenticated Sensitive Information Disclosure vulnerability in WP Libre Form 2 plugin <= 2.0.8 at WordPress allows attackers to list and delete submissions. Affects only versions from 2.0.0 to 2.0.8. | |||||
| CVE-2022-34765 | 1 Schneider-electric | 4 Opc Ua Module For M580, Opc Ua Module For M580 Firmware, X80 Advanced Rtu Module and 1 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| A CWE-73: External Control of File Name or Path vulnerability exists that could cause loading of unauthorized firmware images when user-controlled data is written to the file path. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V2.01 and later), OPC UA Modicon Communication Module (BMENUA0100) (V1.10 and prior) | |||||
| CVE-2022-34464 | 1 Siemens | 4 Sicam Gridedge Essential Arm, Sicam Gridedge Essential Gds Arm, Sicam Gridedge Essential Gds Intel and 1 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions), SICAM GridEdge Essential Intel (All versions < V2.7.3), SICAM GridEdge Essential with GDS ARM (All versions), SICAM GridEdge Essential with GDS Intel (All versions < V2.7.3). Affected software uses an improperly protected file to import SSH keys. Attackers with access to the filesystem of the host on which SICAM GridEdge runs, are able to inject a custom SSH key to that file. | |||||
| CVE-2022-34452 | 1 Dell | 1 Powerpath Management Appliance | 2024-11-21 | N/A | 2.7 LOW |
| PowerPath Management Appliance with versions 3.3, 3.2*, 3.1 & 3.0* contains sensitive information disclosure vulnerability. An Authenticated admin user can able to exploit the issue and view sensitive information stored in the logs. | |||||
| CVE-2022-34387 | 1 Dell | 2 Supportassist For Business Pcs, Supportassist For Home Pcs | 2024-11-21 | N/A | 6.4 MEDIUM |
| Dell SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain a privilege escalation vulnerability. A local authenticated malicious user could potentially exploit this vulnerability to elevate privileges and gain total control of the system. | |||||
| CVE-2022-34364 | 1 Dell | 1 Bsafe Ssl-j | 2024-11-21 | N/A | 4.4 MEDIUM |
| Dell BSAFE SSL-J, versions before 6.5 and version 7.0 contain a debug message revealing unnecessary information vulnerability. This may lead to disclosing sensitive information to a locally privileged user. . | |||||