Total
646 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-32249 | 1 Sap | 1 Business One | 2024-08-03 | 7.5 High |
| Under special integration scenario of SAP Business one and SAP HANA - version 10.0, an attacker can exploit HANA cockpit�s data volume to gain access to highly sensitive information (e.g., high privileged account credentials) | ||||
| CVE-2022-32221 | 6 Apple, Debian, Haxx and 3 more | 16 Macos, Debian Linux, Curl and 13 more | 2024-08-03 | 9.8 Critical |
| When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST. | ||||
| CVE-2022-31846 | 1 Wavlink | 2 Wn535g3, Wn535g3 Firmware | 2024-08-03 | 7.5 High |
| A vulnerability in live_mfg.shtml of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to obtain sensitive router information via execution of the exec cmd function. | ||||
| CVE-2022-31845 | 1 Wavlink | 2 Wn535g3, Wn535g3 Firmware | 2024-08-03 | 7.5 High |
| A vulnerability in live_check.shtml of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to obtain sensitive router information via execution of the exec cmd function. | ||||
| CVE-2022-31649 | 1 Owncloud | 1 Owncloud | 2024-08-03 | 7.5 High |
| ownCloud owncloud/core before 10.10.0 Improperly Removes Sensitive Information Before Storage or Transfer. | ||||
| CVE-2022-31596 | 1 Sap | 1 Business Objects Business Intelligence Platform | 2024-08-03 | 6.0 Medium |
| Under certain conditions, an attacker authenticated as a CMS administrator and with high privileges access to the Network in SAP BusinessObjects Business Intelligence Platform (Monitoring DB) - version 430, can access BOE Monitoring database to retrieve and modify (non-personal) system data which would otherwise be restricted. Also, a potential attack could be used to leave the CMS's scope and impact the database. A successful attack could have a low impact on confidentiality, a high impact on integrity, and a low impact on availability. | ||||
| CVE-2022-30952 | 2 Jenkins, Redhat | 3 Blue Ocean, Ocp Tools, Openshift | 2024-08-03 | 6.5 Medium |
| Jenkins Pipeline SCM API for Blue Ocean Plugin 1.25.3 and earlier allows attackers with Job/Configure permission to access credentials with attacker-specified IDs stored in the private per-user credentials stores of any attacker-specified user in Jenkins. | ||||
| CVE-2022-30728 | 1 Google | 1 Android | 2024-08-03 | 1.9 Low |
| Information exposure vulnerability in ScanPool prior to SMR Jun-2022 Release 1 allows local attackers to get MAC address information. | ||||
| CVE-2022-30732 | 1 Samsung | 1 Account | 2024-08-03 | 5.5 Medium |
| Exposure of Sensitive Information vulnerability in Samsung Account prior to version 13.2.00.6 allows attacker to access sensitive information via onActivityResult. | ||||
| CVE-2022-30734 | 1 Samsung | 1 Account | 2024-08-03 | 4 Medium |
| Sensitive information exposure in Sign-out log in Samsung Account prior to version 13.2.00.6 allows attackers to get an user email or phone number without permission. | ||||
| CVE-2022-30714 | 1 Google | 1 Android | 2024-08-03 | 1.9 Low |
| Information exposure vulnerability in SemIWCMonitor prior to SMR Jun-2022 Release 1 allows local attackers to get MAC address information. | ||||
| CVE-2022-29901 | 6 Debian, Fedoraproject, Intel and 3 more | 258 Debian Linux, Fedora, Core I3-6100 and 255 more | 2024-08-03 | 5.6 Medium |
| Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. | ||||
| CVE-2022-29850 | 1 Lexmark | 234 B2236, B2236 Firmware, B2338 and 231 more | 2024-08-03 | 8.1 High |
| Various Lexmark products through 2022-04-27 allow an attacker who has already compromised an affected Lexmark device to maintain persistence across reboots. | ||||
| CVE-2022-29820 | 1 Jetbrains | 1 Pycharm | 2024-08-03 | 3 Low |
| In JetBrains PyCharm before 2022.1 exposure of the debugger port to the internal network was possible | ||||
| CVE-2022-29646 | 1 Totolink | 2 A3100r, A3100r Firmware | 2024-08-03 | 5.3 Medium |
| An access control issue in TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 allows attackers to obtain sensitive information via a crafted web request. | ||||
| CVE-2022-29247 | 1 Electronjs | 1 Electron | 2024-08-03 | 2.2 Low |
| Electron is a framework for writing cross-platform desktop applications using JavaScript (JS), HTML, and CSS. A vulnerability in versions prior to 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 allows a renderer with JS execution to obtain access to a new renderer process with `nodeIntegrationInSubFrames` enabled which in turn allows effective access to `ipcRenderer`. The `nodeIntegrationInSubFrames` option does not implicitly grant Node.js access. Rather, it depends on the existing sandbox setting. If an application is sandboxed, then `nodeIntegrationInSubFrames` just gives access to the sandboxed renderer APIs, which include `ipcRenderer`. If the application then additionally exposes IPC messages without IPC `senderFrame` validation that perform privileged actions or return confidential data this access to `ipcRenderer` can in turn compromise your application / user even with the sandbox enabled. Electron versions 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 contain a fix for this issue. As a workaround, ensure that all IPC message handlers appropriately validate `senderFrame`. | ||||
| CVE-2022-27772 | 1 Vmware | 1 Spring Boot | 2024-08-03 | 7.8 High |
| spring-boot versions prior to version v2.2.11.RELEASE was vulnerable to temporary directory hijacking. This vulnerability impacted the org.springframework.boot.web.server.AbstractConfigurableWebServerFactory.createTempDir method. NOTE: This vulnerability only affects products and/or versions that are no longer supported by the maintainer | ||||
| CVE-2022-28924 | 1 Universis | 1 Universis-students | 2024-08-03 | 6.5 Medium |
| An information disclosure vulnerability in UniverSIS-Students before v1.5.0 allows attackers to obtain sensitive information via a crafted GET request to the endpoint /api/students/me/courses/. | ||||
| CVE-2022-28794 | 1 Google | 1 Android | 2024-08-03 | 2.2 Low |
| Sensitive information exposure in low-battery dumpstate log prior to SMR Jun-2022 Release 1 allows local attackers to get SIM card information. | ||||
| CVE-2022-28226 | 2 Microsoft, Yandex | 2 Windows, Yandex Browser | 2024-08-03 | 7.8 High |
| Local privilege vulnerability in Yandex Browser for Windows prior to 22.3.3.801 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating temporary files in directory with insecure permissions during Yandex Browser update process. | ||||