Total
646 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-28160 | 1 Jenkins | 1 Tests Selector | 2024-08-03 | 6.5 Medium |
| Jenkins Tests Selector Plugin 1.3.3 and earlier allows users with Item/Configure permission to read arbitrary files on the Jenkins controller. | ||||
| CVE-2022-27822 | 1 Google | 1 Android | 2024-08-03 | 6.6 Medium |
| Information exposure vulnerability in ril property setting prior to SMR April-2022 Release 1 allows access to EF_RUIMID value without permission. | ||||
| CVE-2022-27817 | 1 Waycrate | 1 Swhkd | 2024-08-03 | 4.4 Medium |
| SWHKD 1.1.5 consumes the keyboard events of unintended users. This could potentially cause an information leak, but is usually a denial of functionality. | ||||
| CVE-2022-27818 | 1 Waycrate | 1 Swhkd | 2024-08-03 | 9.1 Critical |
| SWHKD 1.1.5 unsafely uses the /tmp/swhkd.sock pathname. There can be an information leak or denial of service. | ||||
| CVE-2022-27576 | 1 Google | 1 Android | 2024-08-03 | 3.3 Low |
| Information exposure vulnerability in Samsung DeX Home prior to SMR April-2022 Release 1 allows to access currently launched foreground app information without permission | ||||
| CVE-2022-27331 | 1 Zammad | 1 Zammad | 2024-08-03 | 4.3 Medium |
| An access control issue in Zammad v5.0.3 broadcasts administrative configuration changes to all users who have an active application instance, including settings that should only be visible to authenticated users. | ||||
| CVE-2022-25481 | 1 Thinkphp | 1 Thinkphp | 2024-08-03 | 7.5 High |
| ThinkPHP Framework v5.0.24 was discovered to be configured without the PATHINFO parameter. This allows attackers to access all system environment parameters from index.php. NOTE: this is disputed by a third party because system environment exposure is an intended feature of the debugging mode. | ||||
| CVE-2022-24975 | 1 Git-scm | 1 Git | 2024-08-03 | 7.5 High |
| The --mirror documentation for Git through 2.35.1 does not mention the availability of deleted content, aka the "GitBleed" issue. This could present a security risk if information-disclosure auditing processes rely on a clone operation without the --mirror option. Note: This has been disputed by multiple 3rd parties who believe this is an intended feature of the git binary and does not pose a security risk. | ||||
| CVE-2022-26850 | 1 Apache | 1 Nifi | 2024-08-03 | 4.3 Medium |
| When creating or updating credentials for single-user access, Apache NiFi wrote a copy of the Login Identity Providers configuration to the operating system temporary directory. On most platforms, the operating system temporary directory has global read permissions. NiFi immediately moved the temporary file to the final configuration directory, which significantly limited the window of opportunity for access. NiFi 1.16.0 includes updates to replace the Login Identity Providers configuration without writing a file to the operating system temporary directory. | ||||
| CVE-2022-26355 | 1 Citrix | 1 Federated Authentication Service | 2024-08-03 | 4.4 Medium |
| Citrix Federated Authentication Service (FAS) 7.17 - 10.6 causes deployments that have been configured to store a registration authority certificate's private key in a Trusted Platform Module (TPM) to incorrectly store that key in the Microsoft Software Key Storage Provider (MSKSP). This issue only occurs if PowerShell was used when configuring FAS to store the registration authority certificate’s private key in the TPM. It does not occur if the TPM was not selected for use or if the FAS administration console was used for configuration. | ||||
| CVE-2022-26329 | 1 Netiq | 1 Identity Manager | 2024-08-03 | 1.8 Low |
| File existence disclosure vulnerability in NetIQ Identity Manager plugin prior to version 4.8.5 allows attacker to determine whether a file exists on the filesystem. This issue affects: Micro Focus NetIQ Identity Manager NetIQ Identity Manager versions prior to 4.8.5 on ALL. | ||||
| CVE-2022-26121 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2024-08-03 | 3.7 Low |
| An exposure of resource to wrong sphere vulnerability [CWE-668] in FortiAnalyzer and FortiManager GUI 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11, 5.6.0 through 5.6.11 may allow an unauthenticated and remote attacker to access report template images via referencing the name in the URL path. | ||||
| CVE-2022-25643 | 1 Seatd Project | 1 Seatd | 2024-08-03 | 9.8 Critical |
| seatd-launch in seatd 0.6.x before 0.6.4 allows removing files with escalated privileges when installed setuid root. The attack vector is a user-supplied socket pathname. | ||||
| CVE-2022-25375 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-08-03 | 5.5 Medium |
| An issue was discovered in drivers/usb/gadget/function/rndis.c in the Linux kernel before 5.16.10. The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory. | ||||
| CVE-2022-25236 | 5 Debian, Libexpat Project, Oracle and 2 more | 11 Debian Linux, Libexpat, Http Server and 8 more | 2024-08-03 | 9.8 Critical |
| xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs. | ||||
| CVE-2022-24986 | 1 Kde | 1 Kcron | 2024-08-03 | 7.8 High |
| KDE KCron through 21.12.2 uses a temporary file in /tmp when saving, but reuses the filename during an editing session. Thus, someone watching it be created the first time could potentially intercept the file the following time, enabling that person to run unauthorized commands. | ||||
| CVE-2022-25041 | 1 Open-emr | 1 Openemr | 2024-08-03 | 4.3 Medium |
| OpenEMR v6.0.0 was discovered to contain an incorrect access control issue. | ||||
| CVE-2022-24913 | 1 Java-merge-sort Project | 1 Java-merge-sort | 2024-08-03 | 5.5 Medium |
| Versions of the package com.fasterxml.util:java-merge-sort before 1.1.0 are vulnerable to Insecure Temporary File in the StdTempFileProvider() function in StdTempFileProvider.java, which uses the permissive File.createTempFile() function, exposing temporary file contents. | ||||
| CVE-2022-24900 | 1 Piano Led Visualizer Project | 1 Piano Led Visualizer | 2024-08-03 | 9.9 Critical |
| Piano LED Visualizer is software that allows LED lights to light up as a person plays a piano connected to a computer. Version 1.3 and prior are vulnerable to a path traversal attack. The `os.path.join` call is unsafe for use with untrusted input. When the `os.path.join` call encounters an absolute path, it ignores all the parameters it has encountered till that point and starts working with the new absolute path. Since the "malicious" parameter represents an absolute path, the result of `os.path.join` ignores the static directory completely. Hence, untrusted input is passed via the `os.path.join` call to `flask.send_file` can lead to path traversal attacks. A patch with a fix is available on the `master` branch of the GitHub repository. This can also be fixed by preventing flow of untrusted data to the vulnerable `send_file` function. In case the application logic necessiates this behaviour, one can either use the `flask.safe_join` to join untrusted paths or replace `flask.send_file` calls with `flask.send_from_directory` calls. | ||||
| CVE-2022-24823 | 4 Netapp, Netty, Oracle and 1 more | 10 Active Iq Unified Manager, Oncommand Workflow Automation, Snapcenter and 7 more | 2024-08-03 | 5.5 Medium |
| Netty is an open-source, asynchronous event-driven network application framework. The package `io.netty:netty-codec-http` prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290. When Netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. This only impacts applications running on Java version 6 and lower. Additionally, this vulnerability impacts code running on Unix-like systems, and very old versions of Mac OSX and Windows as they all share the system temporary directory between all users. Version 4.1.77.Final contains a patch for this vulnerability. As a workaround, specify one's own `java.io.tmpdir` when starting the JVM or use DefaultHttpDataFactory.setBaseDir(...) to set the directory to something that is only readable by the current user. | ||||