Total
8699 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-1774 | 1 Diagrams | 1 Drawio | 2024-08-03 | 6.1 Medium |
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.0.7. | ||||
CVE-2022-1663 | 1 Stop Spam Comments Project | 1 Stop Spam Comments | 2024-08-03 | 6.5 Medium |
The Stop Spam Comments WordPress plugin through 0.2.1.2 does not properly generate the Javascript access token for preventing abuse of comment section, allowing threat authors to easily collect the value and add it to the request. | ||||
CVE-2022-1662 | 1 Convert2rhel Project | 1 Convert2rhel | 2024-08-03 | 5.5 Medium |
In convert2rhel, there's an ansible playbook named ansible/run-convert2rhel.yml which passes the Red Hat Subscription Manager user password via the CLI to convert2rhel. This could allow unauthorized local users to view the password via the process list while convert2rhel is running. However, this ansible playbook is only an example in the upstream repository and it is not shipped in officially supported versions of convert2rhel. | ||||
CVE-2022-1595 | 1 Hc Custom Wp-admin Url Project | 1 Hc Custom Wp-admin Url | 2024-08-03 | 5.3 Medium |
The HC Custom WP-Admin URL WordPress plugin through 1.4 leaks the secret login URL when sending a specific crafted request | ||||
CVE-2022-1353 | 4 Debian, Linux, Netapp and 1 more | 21 Debian Linux, Linux Kernel, H300e and 18 more | 2024-08-03 | 7.1 High |
A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information. | ||||
CVE-2022-1332 | 1 Mattermost | 1 Mattermost Server | 2024-08-03 | 4.3 Medium |
One of the API in Mattermost version 6.4.1 and earlier fails to properly protect the permissions, which allows the authenticated members with restricted custom admin role to bypass the restrictions and view the server logs and server config.json file contents. | ||||
CVE-2022-1077 | 1 Tem | 4 Flex-1080, Flex-1080 Firmware, Flex-1085 and 1 more | 2024-08-02 | 5.3 Medium |
A vulnerability was found in TEM FLEX-1080 and FLEX-1085 1.6.0. It has been declared as problematic. This vulnerability log.cgi of the component Log Handler. A direct request leads to information disclosure of hardware information. The attack can be initiated remotely and does not require any form of authentication. | ||||
CVE-2022-0987 | 2 Packagekit Project, Redhat | 2 Packagekit, Enterprise Linux | 2024-08-02 | 3.3 Low |
A flaw was found in PackageKit in the way some of the methods exposed by the Transaction interface examines files. This issue allows a local user to measure the time the methods take to execute and know whether a file owned by root or other users exists. | ||||
CVE-2022-1012 | 2 Linux, Redhat | 5 Linux Kernel, Enterprise Linux, Rhel E4s and 2 more | 2024-08-02 | 8.2 High |
A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of service problem. | ||||
CVE-2022-0882 | 1 Google | 1 Fuchsia | 2024-08-02 | 5.3 Medium |
A bug exists where an attacker can read the kernel log through exposed Zircon kernel addresses without the required capability ZX_RSRC_KIND_ROOT. It is recommended to upgrade the Fuchsia kernel to 4.1.1 or greater. | ||||
CVE-2022-0851 | 2 Convert2rhel Project, Redhat | 3 Convert2rhel, Convert2rhel, Enterprise Linux | 2024-08-02 | 5.5 Medium |
There is a flaw in convert2rhel. When the --activationkey option is used with convert2rhel, the activation key is subsequently passed to subscription-manager via the command line, which could allow unauthorized users locally on the machine to view the activation key via the process command line via e.g. htop or ps. The specific impact varies upon the subscription, but generally this would allow an attacker to register systems purchased by the victim until discovered; a form of fraud. This could occur regardless of how the activation key is supplied to convert2rhel because it involves how convert2rhel provides it to subscription-manager. | ||||
CVE-2022-0854 | 3 Debian, Linux, Redhat | 5 Debian Linux, Linux Kernel, Enterprise Linux and 2 more | 2024-08-02 | 5.5 Medium |
A memory leak flaw was found in the Linux kernel’s DMA subsystem, in the way a user calls DMA_FROM_DEVICE. This flaw allows a local user to read random memory from the kernel space. | ||||
CVE-2022-0850 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-08-02 | 7.1 High |
A vulnerability was found in linux kernel, where an information leak occurs via ext4_extent_header to userspace. | ||||
CVE-2022-0812 | 1 Linux | 1 Linux Kernel | 2024-08-02 | 4.3 Medium |
An information leak flaw was found in NFS over RDMA in the net/sunrpc/xprtrdma/rpc_rdma.c in the Linux Kernel. This flaw allows an attacker with normal user privileges to leak kernel information. | ||||
CVE-2022-0709 | 1 Saasproject | 1 Booking Package | 2024-08-02 | 7.5 High |
The Booking Package WordPress plugin before 1.5.29 requires a token for exporting the ical representation of it's booking calendar, but this token is returned in the json response to unauthenticated users performing a booking, leading to a sensitive data disclosure vulnerability. | ||||
CVE-2022-0725 | 2 Fedoraproject, Keepass | 3 Extra Packages For Enterprise Linux, Fedora, Keepass | 2024-08-02 | 7.5 High |
A flaw was found in keepass. The vulnerability occurs due to logging the plain text passwords in system log and leads to an Information Exposure vulnerability. This flaw allows an attacker to interact and read sensitive passwords and logs. | ||||
CVE-2022-0722 | 2 Parse-url Project, Redhat | 2 Parse-url, Jboss Enterprise Bpms Platform | 2024-08-02 | 7.5 High |
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository ionicabizau/parse-url prior to 7.0.0. | ||||
CVE-2022-0708 | 1 Mattermost | 1 Mattermost | 2024-08-02 | 4.3 Medium |
Mattermost 6.3.0 and earlier fails to protect email addresses of the creator of the team via one of the APIs, which allows authenticated team members to access this information resulting in sensitive & private information disclosure. | ||||
CVE-2022-0672 | 1 Eclipse | 1 Lemminx | 2024-08-02 | 5.5 Medium |
A flaw was found in LemMinX in versions prior to 0.19.0. Insecure redirect could allow unauthorized access to sensitive information locally if LemMinX is run under a privileged user. | ||||
CVE-2022-0654 | 1 Node-request-retry Project | 1 Node-request-retry | 2024-08-02 | 7.5 High |
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository fgribreau/node-request-retry prior to 7.0.0. |