Total
8699 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-22337 | 1 Ibm | 1 Sterling B2b Integrator | 2024-08-03 | 4.3 Medium |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 could disclose sensitive information to an authenticated user. IBM X-Force ID: 219507. | ||||
| CVE-2022-22303 | 1 Fortinet | 1 Fortimanager | 2024-08-03 | 2.8 Low |
| An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiManager versions prior to 7.0.2, 6.4.7 and 6.2.9 may allow a low privileged authenticated user to gain access to the FortiGate users credentials via the config conflict file. | ||||
| CVE-2022-22287 | 1 Samsung | 1 Samsung Email | 2024-08-03 | 3.9 Low |
| Abitrary file access vulnerability in Samsung Email prior to 6.1.60.16 allows attacker to read isolated data in sandbox. | ||||
| CVE-2022-22276 | 1 Sonicwall | 98 Nsa 2650, Nsa 2650 Firmware, Nsa 2700 and 95 more | 2024-08-03 | 5.3 Medium |
| A vulnerability in SonicOS SNMP service resulting exposure of sensitive information to an unauthorized user. | ||||
| CVE-2022-22075 | 1 Qualcomm | 366 Apq8009, Apq8009 Firmware, Apq8009w and 363 more | 2024-08-03 | 6.2 Medium |
| Information Disclosure in Graphics during GPU context switch. | ||||
| CVE-2022-21712 | 4 Debian, Fedoraproject, Redhat and 1 more | 4 Debian Linux, Fedora, Openstack and 1 more | 2024-08-03 | 7.5 High |
| twisted is an event-driven networking engine written in Python. In affected versions twisted exposes cookies and authorization headers when following cross-origin redirects. This issue is present in the `twited.web.RedirectAgent` and `twisted.web. BrowserLikeRedirectAgent` functions. Users are advised to upgrade. There are no known workarounds. | ||||
| CVE-2022-21683 | 1 Torchbox | 1 Wagtail | 2024-08-03 | 3.5 Low |
| Wagtail is a Django based content management system focused on flexibility and user experience. When notifications for new replies in comment threads are sent, they are sent to all users who have replied or commented anywhere on the site, rather than only in the relevant threads. This means that a user could listen in to new comment replies on pages they have not have editing access to, as long as they have left a comment or reply somewhere on the site. A patched version has been released as Wagtail 2.15.2, which restores the intended behaviour - to send notifications for new replies to the participants in the active thread only (editing permissions are not considered). New comments can be disabled by setting `WAGTAILADMIN_COMMENTS_ENABLED = False` in the Django settings file. | ||||
| CVE-2022-21673 | 3 Fedoraproject, Grafana, Redhat | 5 Fedora, Grafana, Ceph Storage and 2 more | 2024-08-03 | 4.3 Medium |
| Grafana is an open-source platform for monitoring and observability. In affected versions when a data source has the Forward OAuth Identity feature enabled, sending a query to that datasource with an API token (and no other user credentials) will forward the OAuth Identity of the most recently logged-in user. This can allow API token holders to retrieve data for which they may not have intended access. This attack relies on the Grafana instance having data sources that support the Forward OAuth Identity feature, the Grafana instance having a data source with the Forward OAuth Identity feature toggled on, the Grafana instance having OAuth enabled, and the Grafana instance having usable API keys. This issue has been patched in versions 7.5.13 and 8.3.4. | ||||
| CVE-2022-21678 | 1 Discourse | 1 Discourse | 2024-08-03 | 4.3 Medium |
| Discourse is an open source discussion platform. Prior to version 2.8.0.beta11 in the `tests-passed` branch, version 2.8.0.beta11 in the `beta` branch, and version 2.7.13 in the `stable` branch, the bios of users who made their profiles private were still visible in the `<meta>` tags on their users' pages. The problem is patched in `tests-passed` version 2.8.0.beta11, `beta` version 2.8.0.beta11, and `stable` version 2.7.13 of Discourse. | ||||
| CVE-2022-21677 | 1 Discourse | 1 Discourse | 2024-08-03 | 4.3 Medium |
| Discourse is an open source discussion platform. Discourse groups can be configured with varying visibility levels for the group as well as the group members. By default, a newly created group has its visibility set to public and the group's members visibility set to public as well. However, a group's visibility and the group's members visibility can be configured such that it is restricted to logged on users, members of the group or staff users. A vulnerability has been discovered in versions prior to 2.7.13 and 2.8.0.beta11 where the group advanced search option does not respect the group's visibility and members visibility level. As such, a group with restricted visibility or members visibility can be revealed through search with the right search option. This issue is patched in `stable` version 2.7.13, `beta` version 2.8.0.beta11, and `tests-passed` version 2.8.0.beta11 versions of Discourse. There are no workarounds aside from upgrading. | ||||
| CVE-2022-21642 | 1 Discourse | 1 Discourse | 2024-08-03 | 4.3 Medium |
| Discourse is an open source platform for community discussion. In affected versions when composing a message from topic the composer user suggestions reveals whisper participants. The issue has been patched in stable version 2.7.13 and beta version 2.8.0.beta11. There is no workaround for this issue and users are advised to upgrade. | ||||
| CVE-2022-21671 | 1 Replit | 1 Crosis | 2024-08-03 | 8.1 High |
| @replit/crosis is a JavaScript client that speaks Replit's container protocol. A vulnerability that involves exposure of sensitive information exists in versions prior to 7.3.1. When using this library as a way to programmatically communicate with Replit in a standalone fashion, if there are multiple failed attempts to contact Replit through a WebSocket, the library will attempt to communicate using a fallback poll-based proxy. The URL of the proxy has changed, so any communication done to the previous URL could potentially reach a server that is outside of Replit's control and the token used to connect to the Repl could be obtained by an attacker, leading to full compromise of that Repl (not of the account). This was patched in version 7.3.1 by updating the address of the fallback WebSocket polling proxy to the new one. As a workaround, a user may specify the new address for the polling host (`gp-v2.replit.com`) in the `ConnectArgs`. More information about this workaround is available in the GitHub Security Advisory. | ||||
| CVE-2022-21233 | 2 Intel, Redhat | 670 Atom C3308, Atom C3308 Firmware, Atom C3336 and 667 more | 2024-08-03 | 5.5 Medium |
| Improper isolation of shared resources in some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access. | ||||
| CVE-2022-21131 | 1 Intel | 292 Core I9-7900x, Core I9-7900x Firmware, Core I9-7920x and 289 more | 2024-08-03 | 5.5 Medium |
| Improper access control for some Intel(R) Xeon(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | ||||
| CVE-2022-4869 | 1 Evolution-events | 1 Artaxerxes | 2024-08-03 | 3.5 Low |
| A vulnerability was found in Evolution Events Artaxerxes. It has been declared as problematic. This vulnerability affects unknown code of the file arta/common/middleware.py of the component POST Parameter Handler. The manipulation of the argument password leads to information disclosure. The attack can be initiated remotely. The patch is identified as 022111407d34815c16c6eada2de69ca34084dc0d. It is recommended to apply a patch to fix this issue. VDB-217438 is the identifier assigned to this vulnerability. | ||||
| CVE-2022-4543 | 1 Linux | 1 Linux Kernel | 2024-08-03 | 5.5 Medium |
| A flaw named "EntryBleed" was found in the Linux Kernel Page Table Isolation (KPTI). This issue could allow a local attacker to leak KASLR base via prefetch side-channels based on TLB timing for Intel systems. | ||||
| CVE-2022-4457 | 1 Cloudflare | 1 Warp | 2024-08-03 | 5.5 Medium |
| Due to a misconfiguration in the manifest file of the WARP client for Android, it was possible to a perform a task hijacking attack. An attacker could create a malicious mobile application which could hijack legitimate app and steal potentially sensitive information when installed on the victim's device. | ||||
| CVE-2022-4415 | 2 Redhat, Systemd Project | 3 Enterprise Linux, Rhel Eus, Systemd | 2024-08-03 | 5.5 Medium |
| A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting. | ||||
| CVE-2022-4228 | 1 Book Store Management System Project | 1 Book Store Management System | 2024-08-03 | 5.3 Medium |
| A vulnerability classified as problematic has been found in SourceCodester Book Store Management System 1.0. This affects an unknown part of the file /bsms_ci/index.php/user/edit_user/. The manipulation of the argument password leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214587. | ||||
| CVE-2022-4087 | 1 Ipxe | 1 Ipxe | 2024-08-03 | 2.6 Low |
| A vulnerability was found in iPXE. It has been declared as problematic. This vulnerability affects the function tls_new_ciphertext of the file src/net/tls.c of the component TLS. The manipulation of the argument pad_len leads to information exposure through discrepancy. The name of the patch is 186306d6199096b7a7c4b4574d4be8cdb8426729. It is recommended to apply a patch to fix this issue. VDB-214054 is the identifier assigned to this vulnerability. | ||||