Total
615 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-3952 | 1 Manydesigns | 1 Portofino | 2024-11-21 | N/A | 2.6 LOW |
| A vulnerability has been found in ManyDesigns Portofino 5.3.2 and classified as problematic. Affected by this vulnerability is the function createTempDir of the file WarFileLauncher.java. The manipulation leads to creation of temporary file in directory with insecure permissions. Upgrading to version 5.3.3 is able to address this issue. The name of the patch is 94653cb357806c9cf24d8d294e6afea33f8f0775. It is recommended to upgrade the affected component. The identifier VDB-213457 was assigned to this vulnerability. | |||||
| CVE-2022-3866 | 1 Hashicorp | 1 Nomad | 2024-11-21 | N/A | 5.0 MEDIUM |
| HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 workload identity token can list non-sensitive metadata for paths under nomad/ that belong to other jobs in the same namespace. Fixed in 1.4.2. | |||||
| CVE-2022-39952 | 1 Fortinet | 1 Fortinac | 2024-11-21 | N/A | 9.8 CRITICAL |
| A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP request. | |||||
| CVE-2022-39871 | 1 Samsung | 1 Smartthings | 2024-11-21 | N/A | 4.0 MEDIUM |
| Improper access control vulnerability cloudNotificationManager.java in SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcasts. | |||||
| CVE-2022-39870 | 1 Samsung | 1 Smartthings | 2024-11-21 | N/A | 4.0 MEDIUM |
| Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via PUSH_MESSAGE_RECEIVED broadcast. | |||||
| CVE-2022-39869 | 1 Samsung | 1 Smartthings | 2024-11-21 | N/A | 4.0 MEDIUM |
| Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via REMOVE_PERSISTENT_BANNER broadcast. | |||||
| CVE-2022-39349 | 1 Tasks | 1 Tasks | 2024-11-21 | N/A | 5.5 MEDIUM |
| The Tasks.org Android app is an open-source app for to-do lists and reminders. The Tasks.org app uses the activity `ShareLinkActivity.kt` to handle "share" intents coming from other components in the same device and convert them to tasks. Those intents may contain arbitrary file paths as attachments, in which case the files pointed by those paths are copied in the app's external storage directory. Prior to versions 12.7.1 and 13.0.1, those paths were not validated, allowing a malicious or compromised application in the same device to force Tasks.org to copy files from its internal storage to its external storage directory, where they became accessible to any component with permission to read the external storage. This vulnerability can lead to sensitive information disclosure. All information in the user's notes and the app's preferences, including the encrypted credentials of CalDav integrations if enabled, could be accessed by third party applications installed on the same device. This issue was fixed in versions 12.7.1 and 13.0.1. There are no known workarounds. | |||||
| CVE-2022-39309 | 1 Thoughtworks | 1 Gocd | 2024-11-21 | N/A | 4.9 MEDIUM |
| GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions prior to 21.1.0 leak the symmetric key used to encrypt/decrypt any secure variables/secrets in GoCD configuration to authenticated agents. A malicious/compromised agent may then expose that key from memory, and potentially allow an attacker the ability to decrypt secrets intended for other agents/environments if they also are able to obtain access to encrypted configuration values from the GoCD server. This issue is fixed in GoCD version 21.1.0. There are currently no known workarounds. | |||||
| CVE-2022-39015 | 1 Sap | 1 Business Objects Business Intelligence Platform | 2024-11-21 | N/A | 6.5 MEDIUM |
| Under certain conditions, BOE AdminTools/ BOE SDK allows an attacker to access information which would otherwise be restricted. | |||||
| CVE-2022-38813 | 1 Phpgurukul Blood Donor Management System Project | 1 Phpgurukul Blood Donor Management System | 2024-11-21 | N/A | 8.1 HIGH |
| PHPGurukul Blood Donor Management System 1.0 does not properly restrict access to admin/dashboard.php, which allows attackers to access all data of users, delete the users, add and manage Blood Group, and Submit Report. | |||||
| CVE-2022-38599 | 1 Goteleport | 1 Teleport | 2024-11-21 | N/A | 6.5 MEDIUM |
| Teleport v3.2.2, Teleport v3.5.6-rc6, and Teleport v3.6.3-b2 was discovered to contain an information leak via the /user/get-role-list web interface. | |||||
| CVE-2022-38474 | 1 Mozilla | 1 Firefox | 2024-11-21 | N/A | 4.3 MEDIUM |
| A website that had permission to access the microphone could record audio without the audio notification being shown. This bug does not allow the attacker to bypass the permission prompt - it only affects the notification shown once permission has been granted.<br />*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 104. | |||||
| CVE-2022-38087 | 1 Intel | 934 Core I3-1000g1, Core I3-1000g1 Firmware, Core I3-1000g4 and 931 more | 2024-11-21 | N/A | 4.1 MEDIUM |
| Exposure of resource to wrong sphere in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access. | |||||
| CVE-2022-35936 | 3 Crypto, Evmos, Kava | 4 Cronos, Ethermint, Evmos and 1 more | 2024-11-21 | N/A | 8.2 HIGH |
| Ethermint is an Ethereum library. In Ethermint running versions before `v0.17.2`, the contract `selfdestruct` invocation permanently removes the corresponding bytecode from the internal database storage. However, due to a bug in the `DeleteAccount`function, all contracts that used the identical bytecode (i.e shared the same `CodeHash`) will also stop working once one contract invokes `selfdestruct`, even though the other contracts did not invoke the `selfdestruct` OPCODE. This vulnerability has been patched in Ethermint version v0.18.0. The patch has state machine-breaking changes for applications using Ethermint, so a coordinated upgrade procedure is required. A workaround is available. If a contract is subject to DoS due to this issue, the user can redeploy the same contract, i.e. with identical bytecode, so that the original contract's code is recovered. The new contract deployment restores the `bytecode hash -> bytecode` entry in the internal state. | |||||
| CVE-2022-34867 | 1 Wp Libre Form Project | 1 Wp Libre Form | 2024-11-21 | N/A | 7.3 HIGH |
| Unauthenticated Sensitive Information Disclosure vulnerability in WP Libre Form 2 plugin <= 2.0.8 at WordPress allows attackers to list and delete submissions. Affects only versions from 2.0.0 to 2.0.8. | |||||
| CVE-2022-34765 | 1 Schneider-electric | 4 Opc Ua Module For M580, Opc Ua Module For M580 Firmware, X80 Advanced Rtu Module and 1 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| A CWE-73: External Control of File Name or Path vulnerability exists that could cause loading of unauthorized firmware images when user-controlled data is written to the file path. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V2.01 and later), OPC UA Modicon Communication Module (BMENUA0100) (V1.10 and prior) | |||||
| CVE-2022-34464 | 1 Siemens | 4 Sicam Gridedge Essential Arm, Sicam Gridedge Essential Gds Arm, Sicam Gridedge Essential Gds Intel and 1 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions), SICAM GridEdge Essential Intel (All versions < V2.7.3), SICAM GridEdge Essential with GDS ARM (All versions), SICAM GridEdge Essential with GDS Intel (All versions < V2.7.3). Affected software uses an improperly protected file to import SSH keys. Attackers with access to the filesystem of the host on which SICAM GridEdge runs, are able to inject a custom SSH key to that file. | |||||
| CVE-2022-34452 | 1 Dell | 1 Powerpath Management Appliance | 2024-11-21 | N/A | 2.7 LOW |
| PowerPath Management Appliance with versions 3.3, 3.2*, 3.1 & 3.0* contains sensitive information disclosure vulnerability. An Authenticated admin user can able to exploit the issue and view sensitive information stored in the logs. | |||||
| CVE-2022-34387 | 1 Dell | 2 Supportassist For Business Pcs, Supportassist For Home Pcs | 2024-11-21 | N/A | 6.4 MEDIUM |
| Dell SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain a privilege escalation vulnerability. A local authenticated malicious user could potentially exploit this vulnerability to elevate privileges and gain total control of the system. | |||||
| CVE-2022-34364 | 1 Dell | 1 Bsafe Ssl-j | 2024-11-21 | N/A | 4.4 MEDIUM |
| Dell BSAFE SSL-J, versions before 6.5 and version 7.0 contain a debug message revealing unnecessary information vulnerability. This may lead to disclosing sensitive information to a locally privileged user. . | |||||