Total
646 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-39349 | 1 Tasks | 1 Tasks | 2024-08-03 | 5.5 Medium |
| The Tasks.org Android app is an open-source app for to-do lists and reminders. The Tasks.org app uses the activity `ShareLinkActivity.kt` to handle "share" intents coming from other components in the same device and convert them to tasks. Those intents may contain arbitrary file paths as attachments, in which case the files pointed by those paths are copied in the app's external storage directory. Prior to versions 12.7.1 and 13.0.1, those paths were not validated, allowing a malicious or compromised application in the same device to force Tasks.org to copy files from its internal storage to its external storage directory, where they became accessible to any component with permission to read the external storage. This vulnerability can lead to sensitive information disclosure. All information in the user's notes and the app's preferences, including the encrypted credentials of CalDav integrations if enabled, could be accessed by third party applications installed on the same device. This issue was fixed in versions 12.7.1 and 13.0.1. There are no known workarounds. | ||||
| CVE-2022-39309 | 1 Thoughtworks | 1 Gocd | 2024-08-03 | 4.9 Medium |
| GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions prior to 21.1.0 leak the symmetric key used to encrypt/decrypt any secure variables/secrets in GoCD configuration to authenticated agents. A malicious/compromised agent may then expose that key from memory, and potentially allow an attacker the ability to decrypt secrets intended for other agents/environments if they also are able to obtain access to encrypted configuration values from the GoCD server. This issue is fixed in GoCD version 21.1.0. There are currently no known workarounds. | ||||
| CVE-2022-39015 | 1 Sap | 1 Business Objects Business Intelligence Platform | 2024-08-03 | 6.5 Medium |
| Under certain conditions, BOE AdminTools/ BOE SDK allows an attacker to access information which would otherwise be restricted. | ||||
| CVE-2022-38813 | 1 Phpgurukul Blood Donor Management System Project | 1 Phpgurukul Blood Donor Management System | 2024-08-03 | 8.1 High |
| PHPGurukul Blood Donor Management System 1.0 does not properly restrict access to admin/dashboard.php, which allows attackers to access all data of users, delete the users, add and manage Blood Group, and Submit Report. | ||||
| CVE-2022-38599 | 1 Goteleport | 1 Teleport | 2024-08-03 | 6.5 Medium |
| Teleport v3.2.2, Teleport v3.5.6-rc6, and Teleport v3.6.3-b2 was discovered to contain an information leak via the /user/get-role-list web interface. | ||||
| CVE-2022-38474 | 1 Mozilla | 1 Firefox | 2024-08-03 | 4.3 Medium |
| A website that had permission to access the microphone could record audio without the audio notification being shown. This bug does not allow the attacker to bypass the permission prompt - it only affects the notification shown once permission has been granted.<br />*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 104. | ||||
| CVE-2022-38087 | 1 Intel | 934 Core I3-1000g1, Core I3-1000g1 Firmware, Core I3-1000g4 and 931 more | 2024-08-03 | 4.1 Medium |
| Exposure of resource to wrong sphere in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access. | ||||
| CVE-2022-35936 | 3 Crypto, Evmos, Kava | 4 Cronos, Ethermint, Evmos and 1 more | 2024-08-03 | 8.2 High |
| Ethermint is an Ethereum library. In Ethermint running versions before `v0.17.2`, the contract `selfdestruct` invocation permanently removes the corresponding bytecode from the internal database storage. However, due to a bug in the `DeleteAccount`function, all contracts that used the identical bytecode (i.e shared the same `CodeHash`) will also stop working once one contract invokes `selfdestruct`, even though the other contracts did not invoke the `selfdestruct` OPCODE. This vulnerability has been patched in Ethermint version v0.18.0. The patch has state machine-breaking changes for applications using Ethermint, so a coordinated upgrade procedure is required. A workaround is available. If a contract is subject to DoS due to this issue, the user can redeploy the same contract, i.e. with identical bytecode, so that the original contract's code is recovered. The new contract deployment restores the `bytecode hash -> bytecode` entry in the internal state. | ||||
| CVE-2022-34452 | 1 Dell | 1 Powerpath Management Appliance | 2024-08-03 | 2.7 Low |
| PowerPath Management Appliance with versions 3.3, 3.2*, 3.1 & 3.0* contains sensitive information disclosure vulnerability. An Authenticated admin user can able to exploit the issue and view sensitive information stored in the logs. | ||||
| CVE-2022-34464 | 1 Siemens | 4 Sicam Gridedge Essential Arm, Sicam Gridedge Essential Gds Arm, Sicam Gridedge Essential Gds Intel and 1 more | 2024-08-03 | 5.5 Medium |
| A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions), SICAM GridEdge Essential Intel (All versions < V2.7.3), SICAM GridEdge Essential with GDS ARM (All versions), SICAM GridEdge Essential with GDS Intel (All versions < V2.7.3). Affected software uses an improperly protected file to import SSH keys. Attackers with access to the filesystem of the host on which SICAM GridEdge runs, are able to inject a custom SSH key to that file. | ||||
| CVE-2022-34364 | 1 Dell | 1 Bsafe Ssl-j | 2024-08-03 | 4.4 Medium |
| Dell BSAFE SSL-J, versions before 6.5 and version 7.0 contain a debug message revealing unnecessary information vulnerability. This may lead to disclosing sensitive information to a locally privileged user. . | ||||
| CVE-2022-34387 | 1 Dell | 2 Supportassist For Business Pcs, Supportassist For Home Pcs | 2024-08-03 | 6.4 Medium |
| Dell SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain a privilege escalation vulnerability. A local authenticated malicious user could potentially exploit this vulnerability to elevate privileges and gain total control of the system. | ||||
| CVE-2022-34047 | 1 Wavlink | 2 Wl-wn530hg4, Wl-wn530hg4 Firmware | 2024-08-03 | 7.5 High |
| An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows attackers to obtain usernames and passwords via view-source:http://IP_ADDRESS/set_safety.shtml?r=52300 and searching for [var syspasswd]. | ||||
| CVE-2022-33692 | 1 Google | 1 Android | 2024-08-03 | 4 Medium |
| Exposure of Sensitive Information in Messaging application prior to SMR Jul-2022 Release 1 allows local attacker to access imsi and iccid via log. | ||||
| CVE-2022-33698 | 1 Google | 1 Android | 2024-08-03 | 3.3 Low |
| Exposure of Sensitive Information in Telecom application prior to SMR Jul-2022 Release 1 allows local attackers to access ICCID via log. | ||||
| CVE-2022-33696 | 1 Google | 1 Android | 2024-08-03 | 4 Medium |
| Exposure of Sensitive Information in Telephony service prior to SMR Jul-2022 Release 1 allows local attacker to access imsi and iccid via log. | ||||
| CVE-2022-33699 | 1 Google | 1 Android | 2024-08-03 | 2 Low |
| Exposure of Sensitive Information in getDsaSimImsi in TelephonyUI prior to SMR Jul-2022 Release 1 allows local attacker to access imsi via log. | ||||
| CVE-2022-33694 | 1 Google | 1 Android | 2024-08-03 | 4 Medium |
| Exposure of Sensitive Information in CSC application prior to SMR Jul-2022 Release 1 allows local attacker to access wifi information via unprotected intent broadcasting. | ||||
| CVE-2022-33700 | 1 Google | 1 Android | 2024-08-03 | 2 Low |
| Exposure of Sensitive Information in putDsaSimImsi in TelephonyUI prior to SMR Jul-2022 Release 1 allows local attacker to access imsi via log. | ||||
| CVE-2022-32530 | 1 Schneider-electric | 1 Geo Scada Mobile | 2024-08-03 | 4.8 Medium |
| A CWE-668 Exposure of Resource to Wrong Sphere vulnerability exists that could cause users to be misled, hiding alarms, showing the wrong server connection option or the wrong control request when a mobile device has been compromised by a malicious application. Affected Product: Geo SCADA Mobile (Build 222 and prior) | ||||