Total
604 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-24986 | 1 Kde | 1 Kcron | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| KDE KCron through 21.12.2 uses a temporary file in /tmp when saving, but reuses the filename during an editing session. Thus, someone watching it be created the first time could potentially intercept the file the following time, enabling that person to run unauthorized commands. | |||||
| CVE-2022-24975 | 1 Git-scm | 1 Git | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
| The --mirror documentation for Git through 2.35.1 does not mention the availability of deleted content, aka the "GitBleed" issue. This could present a security risk if information-disclosure auditing processes rely on a clone operation without the --mirror option. Note: This has been disputed by multiple 3rd parties who believe this is an intended feature of the git binary and does not pose a security risk. | |||||
| CVE-2022-24823 | 3 Netapp, Netty, Oracle | 5 Active Iq Unified Manager, Oncommand Workflow Automation, Snapcenter and 2 more | 2024-11-21 | 1.9 LOW | 5.5 MEDIUM |
| Netty is an open-source, asynchronous event-driven network application framework. The package `io.netty:netty-codec-http` prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290. When Netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. This only impacts applications running on Java version 6 and lower. Additionally, this vulnerability impacts code running on Unix-like systems, and very old versions of Mac OSX and Windows as they all share the system temporary directory between all users. Version 4.1.77.Final contains a patch for this vulnerability. As a workaround, specify one's own `java.io.tmpdir` when starting the JVM or use DefaultHttpDataFactory.setBaseDir(...) to set the directory to something that is only readable by the current user. | |||||
| CVE-2022-24747 | 1 Shopware | 1 Shopware | 2024-11-21 | 5.0 MEDIUM | 6.3 MEDIUM |
| Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. Affected versions of shopware do no properly set sensitive HTTP headers to be non-cacheable. If there is an HTTP cache between the server and client then headers may be exposed via HTTP caches. This issue has been resolved in version 6.4.8.2. There are no known workarounds. | |||||
| CVE-2022-24742 | 1 Sylius | 1 Sylius | 2024-11-21 | 4.3 MEDIUM | 5.0 MEDIUM |
| Sylius is an open source eCommerce platform. Prior to versions 1.9.10, 1.10.11, and 1.11.2, any other user can view the data if browser tab remains unclosed after log out. The issue is fixed in versions 1.9.10, 1.10.11, and 1.11.2. A workaround is available. The application must strictly redirect to login page even browser back button is pressed. Another possibility is to set more strict cache policies for restricted content. | |||||
| CVE-2022-24411 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Dell PowerScale OneFS 8.2.2 and above contain an elevation of privilege vulnerability. A local attacker with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE could potentially exploit this vulnerability, leading to elevation of privilege. This could potentially allow users to circumvent PowerScale Compliance Mode guarantees. | |||||
| CVE-2022-24139 | 1 Iobit | 1 Advanced System Care | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| In IOBit Advanced System Care (AscService.exe) 15, an attacker with SEImpersonatePrivilege can create a named pipe with the same name as one of ASCService's named pipes. ASCService first tries to connect before trying to create the named pipes, because of that during login the service will try to connect to the attacker which will lead to either escalation of privileges (through token manipulation and ImpersonateNamedPipeClient() ) from ADMIN -> SYSTEM or from Local ADMIN-> Domain ADMIN depending on the user and named pipe that is used. | |||||
| CVE-2022-24074 | 1 Navercorp | 1 Whale | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Whale Bridge, a default extension in Whale browser before 3.12.129.18, allowed to receive any SendMessage request from the content script itself that could lead to controlling Whale Bridge if the rendering process compromises. | |||||
| CVE-2022-23835 | 1 Visual Voice Mail Project | 1 Visual Voice Mail | 2024-11-21 | 4.3 MEDIUM | 8.1 HIGH |
| ** DISPUTED ** The Visual Voice Mail (VVM) application through 2022-02-24 for Android allows persistent access if an attacker temporarily controls an application that has the READ_SMS permission, and reads an IMAP credentialing message that is (by design) not displayed to the victim within the AOSP SMS/MMS messaging application. (Often, the IMAP credentials are usable to listen to voice mail messages sent before the vulnerability was exploited, in addition to new ones.) NOTE: some vendors characterize this as not a "concrete and exploitable risk." | |||||
| CVE-2022-23825 | 4 Amd, Debian, Fedoraproject and 1 more | 249 A10-9600p, A10-9600p Firmware, A10-9630p and 246 more | 2024-11-21 | 2.1 LOW | 6.5 MEDIUM |
| Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure. | |||||
| CVE-2022-23163 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | 2.1 LOW | 4.7 MEDIUM |
| Dell PowerScale OneFS, 8.2,x, 9.1.0.x, 9.2.1.x, and 9.3.0.x contain a denial of service vulnerability. A local malicious user could potentially exploit this vulnerability, leading to denial of service/data unavailability. | |||||
| CVE-2022-23118 | 1 Jenkins | 1 Debian Package Builder | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| Jenkins Debian Package Builder Plugin 1.6.11 and earlier implements functionality that allows agents to invoke command-line `git` at an attacker-specified path on the controller, allowing attackers able to control agent processes to invoke arbitrary OS commands on the controller. | |||||
| CVE-2022-22732 | 2024-11-21 | N/A | 3.9 LOW | ||
| A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause all remote domains to access the resources (data) supplied by the server when an attacker sends a fetch request from third-party site or malicious site. Affected Products: EcoStruxure Power Commission (Versions prior to V2.22) | |||||
| CVE-2022-22515 | 1 Codesys | 18 Control For Beaglebone Sl, Control For Beckhoff Cx9020, Control For Empc-a\/imx6 Sl and 15 more | 2024-11-21 | 4.9 MEDIUM | 8.1 HIGH |
| A remote, authenticated attacker could utilize the control program of the CODESYS Control runtime system to use the vulnerability in order to read and modify the configuration file(s) of the affected products. | |||||
| CVE-2022-22154 | 1 Juniper | 1 Junos | 2024-11-21 | 4.6 MEDIUM | 6.8 MEDIUM |
| In a Junos Fusion scenario an External Control of Critical State Data vulnerability in the Satellite Device (SD) control state machine of Juniper Networks Junos OS allows an attacker who is able to make physical changes to the cabling of the device to cause a denial of service (DoS). An SD can get rebooted and subsequently controlled by an Aggregation Device (AD) which does not belong to the original Fusion setup and is just connected to an extended port of the SD. To carry out this attack the attacker needs to have physical access to the cabling between the SD and the original AD. This issue affects: Juniper Networks Junos OS 16.1R1 and later versions prior to 18.4R3-S10; 19.1 versions prior to 19.1R3-S7; 19.2 versions prior to 19.2R3-S4. This issue does not affect Juniper Networks Junos OS versions prior to 16.1R1. | |||||
| CVE-2022-21964 | 1 Microsoft | 1 Windows 10 | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| Remote Desktop Licensing Diagnoser Information Disclosure Vulnerability | |||||
| CVE-2022-21947 | 1 Suse | 1 Rancher Desktop | 2024-11-21 | 5.8 MEDIUM | 8.3 HIGH |
| A Exposure of Resource to Wrong Sphere vulnerability in Rancher Desktop of SUSE allows attackers in the local network to connect to the Dashboard API (steve) to carry out arbitrary actions. This issue affects: SUSE Rancher Desktop versions prior to V. | |||||
| CVE-2022-21126 | 1 Samtools | 1 Htsjdk | 2024-11-21 | N/A | 7.3 HIGH |
| The package com.github.samtools:htsjdk before 3.0.1 are vulnerable to Creation of Temporary File in Directory with Insecure Permissions due to the createTempDir() function in util/IOUtil.java not checking for the existence of the temporary directory before attempting to create it. | |||||
| CVE-2022-1911 | 1 M-files | 1 M-files Server | 2024-11-21 | N/A | 5.3 MEDIUM |
| Error in parser function in M-Files Server versions before 22.6.11534.1 and before 22.6.11505.0 allowed unauthenticated access to some information of the underlying operating system. | |||||
| CVE-2022-1875 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 4.3 MEDIUM |
| Inappropriate implementation in PDF in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||