Total
7426 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-24850 | 1 Discourse | 1 Discourse | 2024-11-21 | 4.0 MEDIUM | 5.3 MEDIUM |
| Discourse is an open source platform for community discussion. A category's group permissions settings can be viewed by anyone that has access to the category. As a result, a normal user is able to see whether a group has read/write permissions in the category even though the information should only be available to the users that can manage a category. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. There are no workarounds for this problem. | |||||
| CVE-2022-24849 | 1 Aitsys | 1 Discatsharp | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| DisCatSharp is a Discord API wrapper for .NET. Users of versions 9.8.5, 9.8.6, 9.9.0 and previously published prereleases of 10.0.0 who have used either one of the two `RequireDisCatSharpDeveloperAttribute`s or the `BaseDiscordClient.LibraryDeveloperTeam` have potentially had their bot token sent to a web server not affiliated with Discord. This server is owned and operated by DisCatSharp's development team. The tokens were not logged, yet it is still advisable to reset the tokens of potentially affected bots. 9.9.1 has been released to patch the issue for the current stable release and the current 10.0.0 prereleases are also no longer affected. Users unable to upgrade should remove all uses of the two `RequireDisCatSharpDeveloperAttribute`s and all direct calls to `BaseDiscordClient.LibraryDeveloperTeam`. | |||||
| CVE-2022-24782 | 1 Discourse | 1 Discourse | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Discourse is an open source discussion platform. Versions 2.8.2 and prior in the `stable` branch, 2.9.0.beta3 and prior in the `beta` branch, and 2.9.0.beta3 and prior in the `tests-passed` branch are vulnerable to a data leak. Users can request an export of their own activity. Sometimes, due to category settings, they may have category membership for a secure category. The name of this secure category is shown to the user in the export. The same thing occurs when the user's post has been moved to a secure category. A patch for this issue is available in the `main` branch of Discourse's GitHub repository and is anticipated to be part of future releases. | |||||
| CVE-2022-24737 | 2 Fedoraproject, Httpie | 2 Fedora, Httpie | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| HTTPie is a command-line HTTP client. HTTPie has the practical concept of sessions, which help users to persistently store some of the state that belongs to the outgoing requests and incoming responses on the disk for further usage. Before 3.1.0, HTTPie didn‘t distinguish between cookies and hosts they belonged. This behavior resulted in the exposure of some cookies when there are redirects originating from the actual host to a third party website. Users are advised to upgrade. There are no known workarounds. | |||||
| CVE-2022-24633 | 1 Filecloud | 1 Filecloud | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| All versions of FileCloud prior to 21.3 are vulnerable to user enumeration. The vulnerability exists in the parameter "path" passing "/SHARED/<username>". A malicious actor could identify the existence of users by requesting share information on specified share paths. | |||||
| CVE-2022-24414 | 1 Dell | 1 Cloudlink | 2024-11-21 | 4.0 MEDIUM | 7.6 HIGH |
| Dell EMC CloudLink 7.1.3 and all earlier versions, Auth Token is exposed in GET requests. These request parameters can get logged in reverse proxies and server logs. Attackers may potentially use these tokens to access CloudLink server. Tokens should not be used in request URL to avoid such attacks. | |||||
| CVE-2022-23984 | 1 Gvectors | 1 Wpdiscuz | 2024-11-21 | 5.0 MEDIUM | 3.7 LOW |
| Sensitive information disclosure discovered in wpDiscuz WordPress plugin (versions <= 7.3.11). | |||||
| CVE-2022-23982 | 1 Quadlayers | 1 Perfect Brands For Woocommerce | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
| The vulnerability discovered in WordPress Perfect Brands for WooCommerce plugin (versions <= 2.0.4) allows server information exposure. | |||||
| CVE-2022-23779 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the installed server name to anyone. The internal hostname can be discovered by reading HTTP redirect responses. | |||||
| CVE-2022-23546 | 1 Discourse | 1 Discourse | 2024-11-21 | N/A | 5.5 MEDIUM |
| In version 2.9.0.beta14 of Discourse, an open-source discussion platform, maliciously embedded urls can leak an admin's digest of recent topics, possibly exposing private information. A patch is available for version 2.9.0.beta15. There are no known workarounds for this issue. | |||||
| CVE-2022-23497 | 1 Freshrss | 1 Freshrss | 2024-11-21 | N/A | 6.5 MEDIUM |
| FreshRSS is a free, self-hostable RSS aggregator. User configuration files can be accessed by a remote user. In addition to user preferences, such configurations contain hashed passwords (brypt with cost 9, salted) of FreshRSS Web interface. If the API is used, the configuration might contain a hashed password (brypt with cost 9, salted) of the GReader API, and a hashed password (MD5 salted) of the Fever API. Users should update to version 1.20.2 or edge. Users unable to upgrade can apply the patch manually or delete the file `./FreshRSS/p/ext.php`. | |||||
| CVE-2022-23158 | 1 Dell | 1 Wyse Device Agent | 2024-11-21 | 2.1 LOW | 6.0 MEDIUM |
| Wyse Device Agent version 14.6.1.4 and below contain a sensitive data exposure vulnerability. A local authenticated user with standard privilege could potentially exploit this vulnerability and provide incorrect port information and get connected to valid WMS server | |||||
| CVE-2022-23157 | 1 Dell | 1 Wyse Device Agent | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
| Wyse Device Agent version 14.6.1.4 and below contain a sensitive data exposure vulnerability. A authenticated malicious user could potentially exploit this vulnerability in order to view sensitive information from the WMS Server. | |||||
| CVE-2022-22961 | 2 Linux, Vmware | 6 Linux Kernel, Cloud Foundation, Identity Manager and 3 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information. A malicious actor with remote access may leak the hostname of the target system. Successful exploitation of this issue can lead to targeting victims. | |||||
| CVE-2022-22733 | 1 Apache | 1 Shardingsphere Elasticjob-ui | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache ShardingSphere ElasticJob-UI allows an attacker who has guest account to do privilege escalation. This issue affects Apache ShardingSphere ElasticJob-UI Apache ShardingSphere ElasticJob-UI 3.x version 3.0.0 and prior versions. | |||||
| CVE-2022-22701 | 1 Partkeepr | 1 Partkeepr | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| PartKeepr versions up to v1.4.0, loads attachments using a URL while creating a part and allows the use of the 'file://' URI scheme, allowing an authenticated user to read local files. | |||||
| CVE-2022-22545 | 1 Sap | 1 Netweaver Abap | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| A high privileged user who has access to transaction SM59 can read connection details stored with the destination for http calls in SAP NetWeaver Application Server ABAP and ABAP Platform - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756. | |||||
| CVE-2022-22542 | 1 Sap | 1 S\/4hana | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| S/4HANA Supplier Factsheet exposes the private address and bank details of an Employee Business Partner with Supplier Role, AND Enterprise Search for Customer, Supplier and Business Partner objects exposes the private address fields of Employee Business Partners, to an actor that is not explicitly authorized to have access to that information, which could compromise Confidentiality. | |||||
| CVE-2022-22506 | 1 Ibm | 1 Robotic Process Automation | 2024-11-21 | N/A | 4.6 MEDIUM |
| IBM Robotic Process Automation 21.0.2 contains a vulnerability that could allow user ids may be exposed across tenants. IBM X-Force ID: 227293. | |||||
| CVE-2022-22303 | 1 Fortinet | 1 Fortimanager | 2024-11-21 | 2.1 LOW | 2.8 LOW |
| An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiManager versions prior to 7.0.2, 6.4.7 and 6.2.9 may allow a low privileged authenticated user to gain access to the FortiGate users credentials via the config conflict file. | |||||