Total
615 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-22154 | 1 Juniper | 1 Junos | 2024-11-21 | 4.6 MEDIUM | 6.8 MEDIUM |
| In a Junos Fusion scenario an External Control of Critical State Data vulnerability in the Satellite Device (SD) control state machine of Juniper Networks Junos OS allows an attacker who is able to make physical changes to the cabling of the device to cause a denial of service (DoS). An SD can get rebooted and subsequently controlled by an Aggregation Device (AD) which does not belong to the original Fusion setup and is just connected to an extended port of the SD. To carry out this attack the attacker needs to have physical access to the cabling between the SD and the original AD. This issue affects: Juniper Networks Junos OS 16.1R1 and later versions prior to 18.4R3-S10; 19.1 versions prior to 19.1R3-S7; 19.2 versions prior to 19.2R3-S4. This issue does not affect Juniper Networks Junos OS versions prior to 16.1R1. | |||||
| CVE-2022-21964 | 1 Microsoft | 1 Windows 10 | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| Remote Desktop Licensing Diagnoser Information Disclosure Vulnerability | |||||
| CVE-2022-21947 | 1 Suse | 1 Rancher Desktop | 2024-11-21 | 5.8 MEDIUM | 8.3 HIGH |
| A Exposure of Resource to Wrong Sphere vulnerability in Rancher Desktop of SUSE allows attackers in the local network to connect to the Dashboard API (steve) to carry out arbitrary actions. This issue affects: SUSE Rancher Desktop versions prior to V. | |||||
| CVE-2022-21126 | 1 Samtools | 1 Htsjdk | 2024-11-21 | N/A | 7.3 HIGH |
| The package com.github.samtools:htsjdk before 3.0.1 are vulnerable to Creation of Temporary File in Directory with Insecure Permissions due to the createTempDir() function in util/IOUtil.java not checking for the existence of the temporary directory before attempting to create it. | |||||
| CVE-2022-1911 | 1 M-files | 1 M-files Server | 2024-11-21 | N/A | 5.3 MEDIUM |
| Error in parser function in M-Files Server versions before 22.6.11534.1 and before 22.6.11505.0 allowed unauthenticated access to some information of the underlying operating system. | |||||
| CVE-2022-1875 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 4.3 MEDIUM |
| Inappropriate implementation in PDF in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2022-1873 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 6.5 MEDIUM |
| Insufficient policy enforcement in COOP in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2022-1637 | 1 Google | 2 Android, Chrome | 2024-11-21 | N/A | 4.3 MEDIUM |
| Inappropriate implementation in Web Contents in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2022-1501 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 6.5 MEDIUM |
| Inappropriate implementation in iframe in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2022-1498 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 4.3 MEDIUM |
| Inappropriate implementation in HTML Parser in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2022-1488 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 4.3 MEDIUM |
| Inappropriate implementation in Extensions API in Google Chrome prior to 101.0.4951.41 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. | |||||
| CVE-2022-1467 | 1 Aveva | 2 Intouch Access Anywhere, Plant Scada Access Anywhere | 2024-11-21 | 8.5 HIGH | 7.4 HIGH |
| Windows OS can be configured to overlay a “language bar” on top of any application. When this OS functionality is enabled, the OS language bar UI will be viewable in the browser alongside the AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere applications. It is possible to manipulate the Windows OS language bar to launch an OS command prompt, resulting in a context-escape from application into OS. | |||||
| CVE-2022-1385 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 5.8 MEDIUM | 3.7 LOW |
| Mattermost 6.4.x and earlier fails to properly invalidate pending email invitations when the action is performed from the system console, which allows accidentally invited users to join the workspace and access information from the public teams and channels. | |||||
| CVE-2022-1137 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 6.5 MEDIUM |
| Inappropriate implementation in Extensions in Google Chrome prior to 100.0.4896.60 allowed an attacker who convinced a user to install a malicious extension to leak potentially sensitive information via a crafted HTML page. | |||||
| CVE-2022-0337 | 2 Google, Microsoft | 2 Chrome, Windows | 2024-11-21 | N/A | 6.5 MEDIUM |
| Inappropriate implementation in File System API in Google Chrome on Windows prior to 97.0.4692.71 allowed a remote attacker to obtain potentially sensitive information via a crafted HTML page. (Chrome security severity: High) | |||||
| CVE-2022-0334 | 1 Moodle | 1 Moodle | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. Insufficient capability checks could lead to users accessing their grade report for courses where they did not have the required gradereport/user:view capability. | |||||
| CVE-2022-0315 | 1 Horovod | 1 Horovod | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Insecure Temporary File in GitHub repository horovod/horovod prior to 0.24.0. | |||||
| CVE-2021-4180 | 2 Openstack, Redhat | 2 Tripleo Heat Templates, Openstack | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| An information exposure flaw in openstack-tripleo-heat-templates allows an external user to discover the internal IP or hostname. An attacker could exploit this by checking the www_authenticate_uri parameter (which is visible to all end users) in configuration files. This would give sensitive information which may aid in additional system exploitation. This flaw affects openstack-tripleo-heat-templates versions prior to 11.6.1. | |||||
| CVE-2021-46937 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: mm/damon/dbgfs: fix 'struct pid' leaks in 'dbgfs_target_ids_write()' DAMON debugfs interface increases the reference counts of 'struct pid's for targets from the 'target_ids' file write callback ('dbgfs_target_ids_write()'), but decreases the counts only in DAMON monitoring termination callback ('dbgfs_before_terminate()'). Therefore, when 'target_ids' file is repeatedly written without DAMON monitoring start/termination, the reference count is not decreased and therefore memory for the 'struct pid' cannot be freed. This commit fixes this issue by decreasing the reference counts when 'target_ids' is written. | |||||
| CVE-2021-46935 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: binder: fix async_free_space accounting for empty parcels In 4.13, commit 74310e06be4d ("android: binder: Move buffer out of area shared with user space") fixed a kernel structure visibility issue. As part of that patch, sizeof(void *) was used as the buffer size for 0-length data payloads so the driver could detect abusive clients sending 0-length asynchronous transactions to a server by enforcing limits on async_free_size. Unfortunately, on the "free" side, the accounting of async_free_space did not add the sizeof(void *) back. The result was that up to 8-bytes of async_free_space were leaked on every async transaction of 8-bytes or less. These small transactions are uncommon, so this accounting issue has gone undetected for several years. The fix is to use "buffer_size" (the allocated buffer size) instead of "size" (the logical buffer size) when updating the async_free_space during the free operation. These are the same except for this corner case of asynchronous transactions with payloads < 8 bytes. | |||||