Total
268 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-24138 | 1 Iobit | 1 Advanced Systemcare | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
IOBit Advanced System Care (Asc.exe) 15 and Action Download Center both download components of IOBit suite into ProgramData folder, ProgramData folder has "rwx" permissions for unprivileged users. Low privilege users can use SetOpLock to wait for CreateProcess and switch the genuine component with a malicious executable thus gaining code execution as a high privilege user (Low Privilege -> high integrity ADMIN). | |||||
CVE-2022-3287 | 1 Fwupd | 1 Fwupd | 2024-02-28 | N/A | 6.5 MEDIUM |
When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file. | |||||
CVE-2022-33686 | 1 Google | 1 Android | 2024-02-28 | 2.1 LOW | 2.3 LOW |
Exposure of Sensitive Information in GsmAlarmManager prior to SMR Jul-2022 Release 1 allows local attacker to access iccid via log. | |||||
CVE-2022-45129 | 1 Payara | 1 Payara | 2024-02-28 | N/A | 7.5 HIGH |
Payara before 2022-11-04, when deployed to the root context, allows attackers to visit META-INF and WEB-INF, a different vulnerability than CVE-2022-37422. This affects Payara Platform Community before 4.1.2.191.38, 5.x before 5.2022.4, and 6.x before 6.2022.1, and Payara Platform Enterprise before 5.45.0. | |||||
CVE-2022-1117 | 1 Fapolicyd Project | 1 Fapolicyd | 2024-02-28 | N/A | 8.4 HIGH |
A vulnerability was found in fapolicyd. The vulnerability occurs due to an assumption on how glibc names the runtime linker, a build time regular expression may not correctly detect the runtime linker. The consequence is that the pattern detection for applications launched by the run time linker may fail to detect the pattern and allow execution. | |||||
CVE-2021-40150 | 1 Reolink | 2 E1 Zoom, E1 Zoom Firmware | 2024-02-28 | N/A | 7.5 HIGH |
The web server of the E1 Zoom camera through 3.0.0.716 discloses its configuration via the /conf/ directory that is mapped to a publicly accessible path. In this way an attacker can download the entire NGINX/FastCGI configurations by querying the /conf/nginx.conf or /conf/fastcgi.conf URI. | |||||
CVE-2022-2222 | 1 Wpchill | 1 Download Monitor | 2024-02-28 | 4.0 MEDIUM | 4.9 MEDIUM |
The Download Monitor WordPress plugin before 4.5.91 does not ensure that files to be downloaded are inside the blog folders, and not sensitive, allowing high privilege users such as admin to download the wp-config.php or /etc/passwd even in an hardened environment or multisite setup. | |||||
CVE-2022-2981 | 1 Wpchill | 1 Download Monitor | 2024-02-28 | N/A | 4.9 MEDIUM |
The Download Monitor WordPress plugin before 4.5.98 does not ensure that files to be downloaded are inside the blog folders, and not sensitive, allowing high privilege users such as admin to download the wp-config.php or /etc/passwd even in an hardened environment or multisite setup. | |||||
CVE-2022-24075 | 1 Navercorp | 1 Whale | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
Whale browser before 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer website which could access to local HWP files. When the HWP files were opened, the replaced script could read the files. | |||||
CVE-2022-28462 | 1 Xxyopen | 1 Novel-plus | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
novel-plus 3.6.0 suffers from an Arbitrary file reading vulnerability. | |||||
CVE-2022-26271 | 1 74cms | 1 74cms | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
74cmsSE v3.4.1 was discovered to contain an arbitrary file read vulnerability via the $url parameter at \index\controller\Download.php. | |||||
CVE-2022-26877 | 1 Asana | 1 Desktop | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
Asana Desktop before 1.6.0 allows remote attackers to exfiltrate local files if they can trick the Asana desktop app into loading a malicious web page. | |||||
CVE-2022-28002 | 1 Movie Seat Reservation Project | 1 Movie Seat Reservation | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Movie Seat Reservation v1 was discovered to contain an unauthenticated file disclosure vulnerability via /index.php?page=home. | |||||
CVE-2022-29447 | 1 Wow-company | 1 Hover Effects | 2024-02-28 | 4.0 MEDIUM | 7.2 HIGH |
Authenticated (administrator or higher user role) Local File Inclusion (LFI) vulnerability in Wow-Company's Hover Effects plugin <= 2.1 at WordPress. | |||||
CVE-2021-3717 | 1 Redhat | 4 Enterprise Linux, Jboss Enterprise Application Platform, Single Sign-on and 1 more | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
A flaw was found in Wildfly. An incorrect JBOSS_LOCAL_USER challenge location when using the elytron configuration may lead to JBOSS_LOCAL_USER access to all users on the machine. The highest threat from this vulnerability is to confidentiality, integrity, and availability. This flaw affects wildfly-core versions prior to 17.0. | |||||
CVE-2021-42644 | 1 Cmseasy | 1 Cmseasy | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
cmseasy V7.7.5_20211012 is affected by an arbitrary file read vulnerability. After login, the configuration file information of the website such as the database configuration file (config / config_database) can be read through this vulnerability. | |||||
CVE-2022-32143 | 1 Codesys | 2 Plcwinnt, Runtime Toolkit | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
In multiple CODESYS products, file download and upload function allows access to internal files in the working directory e.g. firmware files of the PLC. All requests are processed on the controller only if no level 1 password is configured on the controller or if remote attacker has previously successfully authenticated himself to the controller. A successful Attack may lead to a denial of service, change of local files, or drain of confidential Information. User interaction is not required | |||||
CVE-2022-25104 | 1 Horizontcms Project | 1 Horizontcms | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
HorizontCMS v1.0.0-beta.2 was discovered to contain an arbitrary file download vulnerability via the component /admin/file-manager/. | |||||
CVE-2022-28445 | 1 Kitesky | 1 Kitecms | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
KiteCMS v1.1.1 was discovered to contain an arbitrary file read vulnerability via the background management module. | |||||
CVE-2022-25497 | 1 Cuppacms | 1 Cuppacms | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
CuppaCMS v1.0 was discovered to contain an arbitrary file read via the copy function. |