Total
8699 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-38400 | 1 Synck | 1 Mailform Pro Cgi | 2024-08-03 | 5.9 Medium |
| Mailform Pro CGI 4.3.1 and earlier allow a remote unauthenticated attacker to obtain the user input data by having a use of the product to access a specially crafted URL. | ||||
| CVE-2022-38113 | 1 Solarwinds | 1 Security Event Manager | 2024-08-03 | 5.3 Medium |
| This vulnerability discloses build and services versions in the server response header. | ||||
| CVE-2022-36884 | 2 Jenkins, Redhat | 2 Git, Openshift | 2024-08-03 | 5.3 Medium |
| The webhook endpoint in Jenkins Git Plugin 4.11.3 and earlier provide unauthenticated attackers information about the existence of jobs configured to use an attacker-specified Git repository. | ||||
| CVE-2022-36877 | 1 Samsung | 1 Samsung Members | 2024-08-03 | 2.8 Low |
| Exposure of Sensitive Information in FaqSymptomCardViewModel in Samsung Members prior to versions 4.3.00.11 in Global and 14.0.02.4 in China allows local attackers to access device identification via log. | ||||
| CVE-2022-36878 | 1 Samsung | 1 Find My Mobile | 2024-08-03 | 3.3 Low |
| Exposure of Sensitive Information in Find My Mobile prior to version 7.2.25.14 allows local attacker to access IMEI via log. | ||||
| CVE-2022-36834 | 1 Samsung | 1 Game Launcher | 2024-08-03 | 3.3 Low |
| Exposure of Sensitive Information vulnerability in Game Launcher prior to version 6.0.07 allows local attacker to access app data with user interaction. | ||||
| CVE-2022-36835 | 1 Samsung | 1 Samsung Internet Browser | 2024-08-03 | 3.3 Low |
| Implicit Intent hijacking vulnerability in Samsung Internet Browser prior to version 17.0.7.34 allows attackers to access arbitrary files. | ||||
| CVE-2022-36777 | 1 Ibm | 2 Cloud Pak For Security, Qradar Suite | 2024-08-03 | 4.3 Medium |
| IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.16.0could allow an authenticated user to obtain sensitive version information that could aid in further attacks against the system. IBM X-Force ID: 233665. | ||||
| CVE-2022-36399 | 1 Boxystudio | 1 Booked | 2024-08-03 | 5.3 Medium |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in BoxyStudio Booked - Appointment Booking for WordPress | Calendars.This issue affects Booked - Appointment Booking for WordPress | Calendars: from n/a before 2.4.4. | ||||
| CVE-2022-36101 | 1 Shopware | 1 Shopware | 2024-08-03 | 5.4 Medium |
| Shopware is an open source e-commerce software. In affected versions the request for the customer detail view in the backend administration contained sensitive data like the hashed password and the session ID. These fields are now explicitly unset in version 5.7.15. Users are advised to update and may get the update either via the Auto-Updater or directly via the download overview. There are no known workarounds for this issue. | ||||
| CVE-2022-36077 | 2 Electronjs, Microsoft | 2 Electron, Windows | 2024-08-03 | 7.2 High |
| The Electron framework enables writing cross-platform desktop applications using JavaScript, HTML and CSS. In versions prior to 21.0.0-beta.1, 20.0.1, 19.0.11, and 18.3.7, Electron is vulnerable to Exposure of Sensitive Information. When following a redirect, Electron delays a check for redirecting to file:// URLs from other schemes. The contents of the file is not available to the renderer following the redirect, but if the redirect target is a SMB URL such as `file://some.website.com/`, then in some cases, Windows will connect to that server and attempt NTLM authentication, which can include sending hashed credentials.This issue has been patched in versions: 21.0.0-beta.1, 20.0.1, 19.0.11, and 18.3.7. Users are recommended to upgrade to the latest stable version of Electron. If upgrading isn't possible, this issue can be addressed without upgrading by preventing redirects to file:// URLs in the `WebContents.on('will-redirect')` event, for all WebContents as a workaround. | ||||
| CVE-2022-36079 | 1 Parseplatform | 1 Parse-server | 2024-08-03 | 8.6 High |
| Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Internal fields (keys used internally by Parse Server, prefixed by `_`) and protected fields (user defined) can be used as query constraints. Internal and protected fields are removed by Parse Server and are only returned to the client using a valid master key. However, using query constraints, these fields can be guessed by enumerating until Parse Server, prior to versions 4.10.14 or 5.2.5, returns a response object. The patch available in versions 4.10.14 and 5.2.5 requires the maser key to use internal and protected fields as query constraints. As a workaround, implement a Parse Cloud Trigger `beforeFind` and manually remove the query constraints. | ||||
| CVE-2022-36074 | 1 Nextcloud | 2 Nextcloud Enterprise Server, Nextcloud Server | 2024-08-03 | 6.4 Medium |
| Nextcloud server is an open source personal cloud product. Affected versions of this package are vulnerable to Information Exposure which fails to strip the Authorization header on HTTP downgrade. This can lead to account access exposure and compromise. It is recommended that the Nextcloud Server is upgraded to 23.0.7 or 24.0.3. It is recommended that the Nextcloud Enterprise Server is upgraded to 22.2.11, 23.0.7 or 24.0.3. There are no known workarounds for this issue. | ||||
| CVE-2022-36075 | 1 Nextcloud | 1 Files Access Control | 2024-08-03 | 2.6 Low |
| Nextcloud files access control is a nextcloud app to manage access control for files. Users with limited access can see file names in certain cases where they do not have privilege to do so. This issue has been addressed and it is recommended that the Nextcloud Files Access Control app is upgraded to 1.12.2, 1.13.1 or 1.14.1. There are no known workarounds for this issue | ||||
| CVE-2022-35842 | 1 Fortinet | 1 Fortios | 2024-08-03 | 3.7 Low |
| An exposure of sensitive information to an unauthorized actor vulnerabiltiy [CWE-200] in FortiOS SSL-VPN versions 7.2.0, versions 7.0.0 through 7.0.6 and versions 6.4.0 through 6.4.9 may allow a remote unauthenticated attacker to gain information about LDAP and SAML settings configured in FortiOS. | ||||
| CVE-2022-35296 | 1 Sap | 1 Businessobjects Business Intelligence | 2024-08-03 | 4.9 Medium |
| Under certain conditions, the application SAP BusinessObjects Business Intelligence Platform (Version Management System) exposes sensitive information to an actor over the network with high privileges that is not explicitly authorized to have access to that information, leading to a high impact on Confidentiality. | ||||
| CVE-2022-35290 | 1 Sap | 1 Authenticator | 2024-08-03 | 7.5 High |
| Under certain conditions SAP Authenticator for Android allows an attacker to access information which would otherwise be restricted. | ||||
| CVE-2022-35249 | 1 Rocket.chat | 1 Rocket.chat | 2024-08-03 | 4.3 Medium |
| A information disclosure vulnerability exists in Rocket.Chat <v5 where the getUserMentionsByChannel meteor server method discloses messages from private channels and direct messages regardless of the users access permission to the room. | ||||
| CVE-2022-35247 | 1 Rocket.chat | 1 Rocket.chat | 2024-08-03 | 4.3 Medium |
| A information disclosure vulnerability exists in Rocket.chat <v5, <v4.8.2 and <v4.7.5 where the lack of ACL checks in the getRoomRoles Meteor method leak channel members with special roles to unauthorized clients. | ||||
| CVE-2022-35246 | 1 Rocket.chat | 1 Rocket.chat | 2024-08-03 | 4.3 Medium |
| A NoSQL-Injection information disclosure vulnerability vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 in the getS3FileUrl Meteor server method that can disclose arbitrary file upload URLs to users that should not be able to access. | ||||