Total
8699 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-3917 | 1 Motorola | 2 Moto E20, Moto E20 Firmware | 2024-08-03 | 4.6 Medium |
| Improper access control of bootloader function was discovered in Motorola Mobility Motorola e20 prior to version RONS31.267-38-8 allows attacker with local access to read partition or RAM data. | ||||
| CVE-2022-3745 | 1 Lenovo | 174 Ideapad 1-14ijl7, Ideapad 1-14ijl7 Firmware, Ideapad 1-15ijl7 and 171 more | 2024-08-03 | 4.4 Medium |
| A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to view incoming and returned data from SMI. | ||||
| CVE-2022-3743 | 1 Lenovo | 174 Ideapad 1-14ijl7, Ideapad 1-14ijl7 Firmware, Ideapad 1-15ijl7 and 171 more | 2024-08-03 | 4.4 Medium |
| A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges under certain conditions the ability to enumerate Embedded Controller (EC) commands. | ||||
| CVE-2022-3348 | 1 Tooljet | 1 Tooljet | 2024-08-03 | 4.9 Medium |
| Just like in the previous report, an attacker could steal the account of different users. But in this case, it's a little bit more specific, because it is needed to be an editor in the same app as the victim. | ||||
| CVE-2022-3091 | 1 Ronds | 1 Equipment Predictive Maintenance | 2024-08-03 | 7.5 High |
| RONDS EPM version 1.19.5 has a vulnerability in which a function could allow unauthenticated users to leak credentials. In some circumstances, an attacker can exploit this vulnerability to execute operating system (OS) commands. | ||||
| CVE-2022-3185 | 1 Dataprobe | 24 Iboot-pdu4-n20, Iboot-pdu4-n20 Firmware, Iboot-pdu4a-n15 and 21 more | 2024-08-03 | 5.3 Medium |
| Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where the affected product exposes sensitive data concerning the device. | ||||
| CVE-2022-3033 | 2 Mozilla, Redhat | 4 Thunderbird, Enterprise Linux, Rhel E4s and 1 more | 2024-08-03 | 8.1 High |
| If a Thunderbird user replied to a crafted HTML email containing a <code>meta</code> tag, with the <code>meta</code> tag having the <code>http-equiv="refresh"</code> attribute, and the content attribute specifying an URL, then Thunderbird started a network request to that URL, regardless of the configuration to block remote content. In combination with certain other HTML elements and attributes in the email, it was possible to execute JavaScript code included in the message in the context of the message compose document. The JavaScript code was able to perform actions including, but probably not limited to, read and modify the contents of the message compose document, including the quoted original message, which could potentially contain the decrypted plaintext of encrypted data in the crafted email. The contents could then be transmitted to the network, either to the URL specified in the META refresh tag, or to a different URL, as the JavaScript code could modify the URL specified in the document. This bug doesn't affect users who have changed the default Message Body display setting to 'simple html' or 'plain text'. This vulnerability affects Thunderbird < 102.2.1 and Thunderbird < 91.13.1. | ||||
| CVE-2022-2939 | 1 Cerber | 1 Wp Cerber Security\, Anti-spam \& Malware Scan | 2024-08-03 | 5.3 Medium |
| The WP Cerber Security plugin for WordPress is vulnerable to security protection bypass in versions up to, and including 9.0, that makes user enumeration possible. This is due to improper validation on the value supplied through the 'author' parameter found in the ~/cerber-load.php file. In vulnerable versions, the plugin only blocks requests if the value supplied is numeric, making it possible for attackers to supply additional non-numeric characters to bypass the protection. The non-numeric characters are stripped and the user requested is displayed. This can be used by unauthenticated attackers to gather information about users that can targeted in further attacks. | ||||
| CVE-2022-2806 | 3 Ovirt, Redhat, Sos Project | 3 Log Collector, Rhev Manager, Sos | 2024-08-03 | 5.5 Medium |
| It was found that the ovirt-log-collector/sosreport collects the RHV admin password unfiltered. Fixed in: sos-4.2-20.el8_6, ovirt-log-collector-4.4.7-2.el8ev | ||||
| CVE-2022-2827 | 1 Ami | 1 Megarac Sp-x | 2024-08-03 | 7.5 High |
| AMI MegaRAC User Enumeration Vulnerability | ||||
| CVE-2022-2739 | 2 Podman Project, Redhat | 4 Podman, Enterprise Linux Server, Enterprise Linux Workstation and 1 more | 2024-08-03 | 5.3 Medium |
| The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-14370, which was previously fixed via RHSA-2020:5056. This issue could possibly allow an attacker to gain access to sensitive information stored in environment variables. | ||||
| CVE-2022-2704 | 1 Simple E-learning System Project | 1 Simple E-learning System | 2024-08-03 | 4.3 Medium |
| A vulnerability was found in SourceCodester Simple E-Learning System. It has been declared as problematic. This vulnerability affects unknown code of the file downloadFiles.php. The manipulation of the argument download leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205828. | ||||
| CVE-2022-2558 | 1 Presstigers | 1 Simple Job Board | 2024-08-03 | 5.3 Medium |
| The Simple Job Board WordPress plugin before 2.10.0 is susceptible to Directory Listing which allows the public listing of uploaded resumes in certain configurations. | ||||
| CVE-2022-2462 | 1 Transposh | 1 Transposh Wordpress Translation | 2024-08-03 | 5.3 Medium |
| The Transposh WordPress Translation plugin for WordPress is vulnerable to sensitive information disclosure to unauthenticated users in versions up to, and including, 1.0.8.1. This is due to insufficient permissions checking on the 'tp_history' AJAX action and insufficient restriction on the data returned in the response. This makes it possible for unauthenticated users to exfiltrate usernames of individuals who have translated text. | ||||
| CVE-2022-2401 | 1 Mattermost | 1 Mattermost Server | 2024-08-03 | 6.5 Medium |
| Unrestricted information disclosure of all users in Mattermost version 6.7.0 and earlier allows team members to access some sensitive information by directly accessing the APIs. | ||||
| CVE-2022-2408 | 1 Mattermost | 1 Mattermost | 2024-08-03 | 4.3 Medium |
| The Guest account feature in Mattermost version 6.7.0 and earlier fails to properly restrict the permissions, which allows a guest user to fetch a list of all public channels in the team, in spite of not being part of those channels. | ||||
| CVE-2022-2308 | 1 Linux | 1 Linux Kernel | 2024-08-03 | 6.5 Medium |
| A flaw was found in vDPA with VDUSE backend. There are currently no checks in VDUSE kernel driver to ensure the size of the device config space is in line with the features advertised by the VDUSE userspace application. In case of a mismatch, Virtio drivers config read helpers do not initialize the memory indirectly passed to vduse_vdpa_get_config() returning uninitialized memory from the stack. This could cause undefined behavior or data leaks in Virtio drivers. | ||||
| CVE-2022-2221 | 1 Devolutions | 1 Remote Desktop Manager | 2024-08-03 | 6.5 Medium |
| Information Exposure vulnerability in My Account Settings of Devolutions Remote Desktop Manager before 2022.1.8 allows authenticated users to access credentials of other users. This issue affects: Devolutions Remote Desktop Manager versions prior to 2022.1.8. | ||||
| CVE-2022-2084 | 1 Canonical | 2 Cloud-init, Ubuntu Linux | 2024-08-03 | 5.5 Medium |
| Sensitive data could be exposed in world readable logs of cloud-init before version 22.3 when schema failures are reported. This leak could include hashed passwords. | ||||
| CVE-2022-1815 | 1 Diagrams | 1 Drawio | 2024-08-03 | 7.5 High |
| Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.1.2. | ||||