Total
28988 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-39310 | 1 Thoughtworks | 1 Gocd | 2024-02-28 | N/A | 6.5 MEDIUM |
GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions prior to 21.1.0 can allow one authenticated agent to impersonate another agent, and thus receive work packages for other agents due to broken access control and incorrect validation of agent tokens within the GoCD server. Since work packages can contain sensitive information such as credentials intended only for a given job running against a specific agent environment, this can cause accidental information disclosure. Exploitation requires knowledge of agent identifiers and ability to authenticate as an existing agent with the GoCD server. This issue is fixed in GoCD version 21.1.0. There are currently no known workarounds. | |||||
CVE-2022-39356 | 1 Discourse | 1 Discourse | 2024-02-28 | N/A | 8.8 HIGH |
Discourse is a platform for community discussion. Users who receive an invitation link that is not scoped to a single email address can enter any non-admin user's email and gain access to their account when accepting the invitation. All users should upgrade to the latest version. A workaround is temporarily disabling invitations with `SiteSetting.max_invites_per_day = 0` or scope them to individual email addresses. | |||||
CVE-2011-4820 | 1 Ibm | 1 Rational Asset Manager | 2024-02-28 | N/A | 4.3 MEDIUM |
IBM Rational Asset Manager 7.5 could allow a remote attacker to bypass security restrictions. An attacker could exploit this vulnerability using the UID parameter to modify another user's preferences. | |||||
CVE-2022-3029 | 1 Nlnetlabs | 1 Routinator | 2024-02-28 | N/A | 7.5 HIGH |
In NLnet Labs Routinator 0.9.0 up to and including 0.11.2, due to a mistake in error handling, data in RRDP snapshot and delta files that isn’t correctly base 64 encoded is treated as a fatal error and causes Routinator to exit. Worst case impact of this vulnerability is denial of service for the RPKI data that Routinator provides to routers. This may stop your network from validating route origins based on RPKI data. This vulnerability does not allow an attacker to manipulate RPKI data. | |||||
CVE-2022-33713 | 1 Samsung | 1 Cloud | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Implicit Intent hijacking vulnerability in Samsung Cloud prior to version 5.2.0 allows attacker to get sensitive information. | |||||
CVE-2022-2165 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-02-28 | N/A | 4.3 MEDIUM |
Insufficient data validation in URL formatting in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | |||||
CVE-2022-39877 | 2 Google, Samsung | 2 Android, Group Sharing | 2024-02-28 | N/A | 5.3 MEDIUM |
Improper access control vulnerability in ProfileSharingAccount in Group Sharing prior to versions 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below allows attackers to identify the device. | |||||
CVE-2022-24670 | 1 Forgerock | 1 Access Management | 2024-02-28 | N/A | 6.5 MEDIUM |
An attacker can use the unrestricted LDAP queries to determine configuration entries | |||||
CVE-2022-21148 | 1 Intel | 1 Edge Insights For Industrial | 2024-02-28 | N/A | 7.8 HIGH |
Improper access control in the Intel(R) Edge Insights for Industrial software before version 2.6.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2022-36263 | 2 Logitech, Microsoft | 2 Streamlabs Desktop, Windows | 2024-02-28 | N/A | 7.3 HIGH |
StreamLabs Desktop Application 1.9.0 is vulnerable to Incorrect Access Control via obs64.exe. An attacker can execute arbitrary code via a crafted .exe file. | |||||
CVE-2022-3067 | 1 Gitlab | 1 Gitlab | 2024-02-28 | N/A | 6.5 MEDIUM |
An issue has been discovered in the Import functionality of GitLab CE/EE affecting all versions starting from 14.4 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. It was possible for an authenticated user to read arbitrary projects' content given the project's ID. | |||||
CVE-2022-3056 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-02-28 | N/A | 6.5 MEDIUM |
Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to bypass content security policy via a crafted HTML page. | |||||
CVE-2022-39878 | 1 Samsung | 1 Checkout | 2024-02-28 | N/A | 5.5 MEDIUM |
Improper access control vulnerability in Samsung Checkout prior to version 5.0.55.3 allows attackers to access sensitive information via implicit intent broadcast. | |||||
CVE-2022-2390 | 1 Google | 1 Google Play Services Software Development Kit | 2024-02-28 | N/A | 8.4 HIGH |
Apps developed with Google Play Services SDK incorrectly had the mutability flag set to PendingIntents that were passed to the Notification service. As Google Play services SDK is so widely used, this bug affects many applications. For an application affected, this bug will let the attacker, gain the access to all non-exported providers and/or gain the access to other providers the victim has permissions. We recommend upgrading to version 18.0.2 of the Play Service SDK as well as rebuilding and redeploying apps. | |||||
CVE-2022-39064 | 1 Ikea | 2 Tradfri Led1732g11, Tradfri Led1732g11 Firmware | 2024-02-28 | N/A | 8.1 HIGH |
An attacker sending a single malformed IEEE 802.15.4 (Zigbee) frame makes the TRÅDFRI bulb blink, and if they replay (i.e. resend) the same frame multiple times, the bulb performs a factory reset. This causes the bulb to lose configuration information about the Zigbee network and current brightness level. After this attack, all lights are on with full brightness, and a user cannot control the bulbs with either the IKEA Home Smart app or the TRÅDFRI remote control. The malformed Zigbee frame is an unauthenticated broadcast message, which means all vulnerable devices within radio range are affected. CVSS 3.1 Base Score 7.1 vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H | |||||
CVE-2021-33126 | 1 Intel | 14 Ethernet Controller V710, Ethernet Controller V710 Firmware, Ethernet Controller X710 and 11 more | 2024-02-28 | N/A | 4.4 MEDIUM |
Improper access control in the firmware for some Intel(R) 700 and 722 Series Ethernet Controllers and Adapters before versions 8.5 and 1.5.5 may allow a privileged user to potentially enable denial of service via local access. | |||||
CVE-2022-40425 | 1 D8s-html Project | 1 D8s-html | 2024-02-28 | N/A | 9.8 CRITICAL |
The d8s-html for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0. | |||||
CVE-2022-34102 | 1 Crestron | 1 Airmedia | 2024-02-28 | N/A | 8.8 HIGH |
Insufficient access control vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a user can pause the uninstallation of an executable to gain a SYSTEM level command prompt. | |||||
CVE-2022-20347 | 1 Google | 1 Android | 2024-02-28 | N/A | 8.8 HIGH |
In onAttach of ConnectedDeviceDashboardFragment.java, there is a possible permission bypass due to a confused deputy. This could lead to remote escalation of privilege in Bluetooth settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-228450811 | |||||
CVE-2021-38417 | 1 Visam | 1 Vbase Web-remote | 2024-02-28 | N/A | 7.5 HIGH |
VISAM VBASE version 11.6.0.6 is vulnerable to improper access control via the web-remote endpoint, which may allow an unauthenticated user viewing access to folders and files in the directory listing. |