Total
646 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-1875 | 1 Google | 1 Chrome | 2024-08-03 | 4.3 Medium |
| Inappropriate implementation in PDF in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | ||||
| CVE-2022-1637 | 1 Google | 2 Android, Chrome | 2024-08-03 | 4.3 Medium |
| Inappropriate implementation in Web Contents in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | ||||
| CVE-2022-1501 | 1 Google | 1 Chrome | 2024-08-03 | 6.5 Medium |
| Inappropriate implementation in iframe in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | ||||
| CVE-2022-1498 | 1 Google | 1 Chrome | 2024-08-03 | 4.3 Medium |
| Inappropriate implementation in HTML Parser in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | ||||
| CVE-2022-1488 | 1 Google | 1 Chrome | 2024-08-03 | 4.3 Medium |
| Inappropriate implementation in Extensions API in Google Chrome prior to 101.0.4951.41 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. | ||||
| CVE-2022-1467 | 1 Aveva | 2 Intouch Access Anywhere, Plant Scada Access Anywhere | 2024-08-03 | 7.4 High |
| Windows OS can be configured to overlay a “language bar” on top of any application. When this OS functionality is enabled, the OS language bar UI will be viewable in the browser alongside the AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere applications. It is possible to manipulate the Windows OS language bar to launch an OS command prompt, resulting in a context-escape from application into OS. | ||||
| CVE-2022-1385 | 1 Mattermost | 1 Mattermost Server | 2024-08-03 | 3.7 Low |
| Mattermost 6.4.x and earlier fails to properly invalidate pending email invitations when the action is performed from the system console, which allows accidentally invited users to join the workspace and access information from the public teams and channels. | ||||
| CVE-2022-1137 | 1 Google | 1 Chrome | 2024-08-02 | 6.5 Medium |
| Inappropriate implementation in Extensions in Google Chrome prior to 100.0.4896.60 allowed an attacker who convinced a user to install a malicious extension to leak potentially sensitive information via a crafted HTML page. | ||||
| CVE-2022-0852 | 2 Convert2rhel Project, Redhat | 3 Convert2rhel, Convert2rhel, Enterprise Linux | 2024-08-02 | 5.5 Medium |
| There is a flaw in convert2rhel. convert2rhel passes the Red Hat account password to subscription-manager via the command line, which could allow unauthorized users locally on the machine to view the password via the process command line via e.g. htop or ps. The specific impact varies upon the privileges of the Red Hat account in question, but it could affect the integrity, availability, and/or data confidentiality of other systems that are administered by that account. This occurs regardless of how the password is supplied to convert2rhel. | ||||
| CVE-2022-0815 | 1 Mcafee | 1 Webadvisor | 2024-08-02 | 6.5 Medium |
| Improper access control vulnerability in McAfee WebAdvisor Chrome and Edge browser extensions up to 8.1.0.1895 allows a remote attacker to gain access to McAfee WebAdvisor settings and other details about the user’s system. This could lead to unexpected behaviors including; settings being changed, fingerprinting of the system leading to targeted scams, and not triggering the malicious software if McAfee software is detected. | ||||
| CVE-2022-0315 | 1 Horovod | 1 Horovod | 2024-08-02 | 7.5 High |
| Insecure Temporary File in GitHub repository horovod/horovod prior to 0.24.0. | ||||
| CVE-2022-0337 | 2 Google, Microsoft | 2 Chrome, Windows | 2024-08-02 | 6.5 Medium |
| Inappropriate implementation in File System API in Google Chrome on Windows prior to 97.0.4692.71 allowed a remote attacker to obtain potentially sensitive information via a crafted HTML page. (Chrome security severity: High) | ||||
| CVE-2022-0334 | 1 Moodle | 1 Moodle | 2024-08-02 | 4.3 Medium |
| A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. Insufficient capability checks could lead to users accessing their grade report for courses where they did not have the required gradereport/user:view capability. | ||||
| CVE-2023-50328 | 1 Ibm | 1 Powersc | 2024-08-02 | 3.7 Low |
| IBM PowerSC 1.3, 2.0, and 2.1 may allow a remote attacker to view session identifiers passed via URL query strings. IBM X-Force ID: 275110. | ||||
| CVE-2023-49347 | 1 Ubuntubudgie | 1 Budgie Extras | 2024-08-02 | 6 Medium |
| Temporary data passed between application components by Budgie Extras Windows Previews could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may read private information from windows, present false information to users, or deny access to the application. | ||||
| CVE-2023-49342 | 1 Ubuntubudgie | 1 Budgie Extras | 2024-08-02 | 6 Medium |
| Temporary data passed between application components by Budgie Extras Clockworks applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false information to users or deny access to the application and panel. | ||||
| CVE-2023-49344 | 1 Ubuntubudgie | 1 Budgie Extras | 2024-08-02 | 6 Medium |
| Temporary data passed between application components by Budgie Extras Window Shuffler applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false information to users or deny access to the application and panel. | ||||
| CVE-2023-49343 | 1 Ubuntubudgie | 1 Budgie Extras | 2024-08-02 | 6 Medium |
| Temporary data passed between application components by Budgie Extras Dropby applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false information to users or deny access to the application and panel. | ||||
| CVE-2023-49346 | 1 Ubuntubudgie | 1 Budgie Extras | 2024-08-02 | 6 Medium |
| Temporary data passed between application components by Budgie Extras WeatherShow applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false information to users or deny access to the application and panel. | ||||
| CVE-2023-49345 | 1 Ubuntubudgie | 1 Budgie Extras | 2024-08-02 | 6 Medium |
| Temporary data passed between application components by Budgie Extras Takeabreak applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false information to users or deny access to the application and panel. | ||||