Total
7426 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-27949 | 1 Apache | 1 Airflow | 2024-11-21 | N/A | 7.5 HIGH |
| A vulnerability in UI of Apache Airflow allows an attacker to view unmasked secrets in rendered template values for tasks which were not executed (for example when they were depending on past and previous instances of the task failed). This issue affects Apache Airflow prior to 2.3.1. | |||||
| CVE-2022-27912 | 1 Joomla | 1 Joomla\! | 2024-11-21 | N/A | 5.3 MEDIUM |
| An issue was discovered in Joomla! 4.0.0 through 4.2.3. Sites with publicly enabled debug mode exposed data of previous requests. | |||||
| CVE-2022-27875 | 1 F5 | 1 Access For Android | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| On F5 Access for Android 3.x versions prior to 3.0.8, a Task Hijacking vulnerability exists in the F5 Access for Android application, which may allow an attacker to steal sensitive user information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | |||||
| CVE-2022-27863 | 1 Vikwp | 1 Vikbooking Hotel Booking Engine \& Property Management System Plugin | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Sensitive Information Exposure in E4J s.r.l. VikBooking Hotel Booking Engine & PMS plugin <= 1.5.3 on WordPress allows attackers to get the booking data by guessing / brute-forcing easy predictable booking IDs via search POST requests. | |||||
| CVE-2022-27849 | 1 Plugin-planet | 1 Simple Ajax Chat | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Sensitive Information Disclosure (sac-export.csv) in Simple Ajax Chat (WordPress plugin) <= 20220115 | |||||
| CVE-2022-27667 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
| Under certain conditions, SAP BusinessObjects Business Intelligence platform, Client Management Console (CMC) - version 430, allows an attacker to access information which would otherwise be restricted, leading to Information Disclosure. | |||||
| CVE-2022-27633 | 1 Tcl | 1 Linkhub Mesh Wifi Ac1200 | 2024-11-21 | N/A | 7.5 HIGH |
| An information disclosure vulnerability exists in the confctl_get_guest_wlan functionality of TCL LinkHub Mesh Wifi MS1G_00_01.00_14. A specially-crafted network packet can lead to information disclosure. An attacker can send packets to trigger this vulnerability. | |||||
| CVE-2022-27630 | 1 Tcl | 1 Linkhub Mesh Wifi Ac1200 | 2024-11-21 | N/A | 7.5 HIGH |
| An information disclosure vulnerability exists in the confctl_get_master_wlan functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to information disclosure. An attacker can send packets to trigger this vulnerability. | |||||
| CVE-2022-27614 | 1 Synology | 3 Diskstation Manager, Media Server, Router Manager | 2024-11-21 | N/A | 5.3 MEDIUM |
| Exposure of sensitive information to an unauthorized actor vulnerability in web server in Synology Media Server before 1.8.1-2876 allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2022-27490 | 1 Fortinet | 4 Fortianalyzer, Fortimanager, Fortiportal and 1 more | 2024-11-21 | N/A | 5.4 MEDIUM |
| A exposure of sensitive information to an unauthorized actor in Fortinet FortiManager version 6.0.0 through 6.0.4, FortiAnalyzer version 6.0.0 through 6.0.4, FortiPortal version 6.0.0 through 6.0.9, 5.3.0 through 5.3.8, 5.2.x, 5.1.0, 5.0.x, 4.2.x, 4.1.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.x, 6.0.x allows an attacker which has obtained access to a restricted administrative account to obtain sensitive information via `diagnose debug` commands. | |||||
| CVE-2022-27241 | 1 Mendix | 1 Mendix | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.31), Mendix Applications using Mendix 8 (All versions < V8.18.18), Mendix Applications using Mendix 9 (All versions < V9.11), Mendix Applications using Mendix 9 (V9.6) (All versions < V9.6.12). Applications built with an affected system publicly expose the internal project structure. This could allow an unauthenticated remote attacker to read confidential information. | |||||
| CVE-2022-26847 | 2 Debian, Spip | 2 Debian Linux, Spip | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| SPIP before 3.2.14 and 4.x before 4.0.5 allows unauthenticated access to information about editorial objects. | |||||
| CVE-2022-25990 | 1 F5 | 1 F5os-a | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| On 1.0.x versions prior to 1.0.1, systems running F5OS-A software may expose certain registry ports externally. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | |||||
| CVE-2022-25948 | 1 Liquidjs | 1 Liquidjs | 2024-11-21 | N/A | 5.3 MEDIUM |
| The package liquidjs before 10.0.0 are vulnerable to Information Exposure when ownPropertyOnly parameter is set to False, which results in leaking properties of a prototype. Workaround For versions 9.34.0 and higher, an option to disable this functionality is provided. | |||||
| CVE-2022-25787 | 1 Secomea | 8 Gatemanager 4250, Gatemanager 4250 Firmware, Gatemanager 4260 and 5 more | 2024-11-21 | 4.6 MEDIUM | 7.5 HIGH |
| Information Exposure Through Query Strings in GET Request vulnerability in LMM API of Secomea GateManager allows system administrator to hijack connection. This issue affects: Secomea GateManager all versions prior to 9.7. | |||||
| CVE-2022-25512 | 1 Freetakserver-ui Project | 1 Freetakserver-ui | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| FreeTAKServer-UI v1.9.8 was discovered to leak sensitive API and Websocket keys. | |||||
| CVE-2022-25248 | 1 Ptc | 2 Axeda Agent, Axeda Desktop Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) supplies the event log of the specific service. | |||||
| CVE-2022-25166 | 1 Amazon | 1 Aws Client Vpn | 2024-11-21 | 4.3 MEDIUM | 5.0 MEDIUM |
| An issue was discovered in Amazon AWS VPN Client 2.0.0. It is possible to include a UNC path in the OpenVPN configuration file when referencing file paths for parameters (such as auth-user-pass). When this file is imported and the client attempts to validate the file path, it performs an open operation on the path and leaks the user's Net-NTLMv2 hash to an external server. This could be exploited by having a user open a crafted malicious ovpn configuration file. | |||||
| CVE-2022-24866 | 1 Discourse | 1 Assign | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Discourse Assign is a plugin for assigning users to a topic in Discourse, an open-source messaging platform. Prior to version 1.0.1, the UserBookmarkSerializer serialized the whole User / Group object, which leaked some private information. The data was only being serialized to people who could view assignment info, which is limited to staff by default. For the vast majority of sites, this data was only leaked to trusted staff member, but for sites with assign features enabled publicly, the data was accessible to more people than just staff. Version 1.0.1 contains a patch. There are currently no known workarounds. | |||||
| CVE-2022-24853 | 1 Metabase | 1 Metabase | 2024-11-21 | 2.6 LOW | 5.9 MEDIUM |
| Metabase is an open source business intelligence and analytics application. Metabase has a proxy to load arbitrary URLs for JSON maps as part of our GeoJSON support. While we do validation to not return contents of arbitrary URLs, there is a case where a particularly crafted request could result in file access on windows, which allows enabling an `NTLM relay attack`, potentially allowing an attacker to receive the system password hash. If you use Windows and are on this version of Metabase, please upgrade immediately. The following patches (or greater versions) are available: 0.42.4 and 1.42.4, 0.41.7 and 1.41.7, 0.40.8 and 1.40.8. | |||||