Total
9132 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-38456 | 1 Ajax Search Project | 1 Ajax Search | 2024-11-21 | N/A | 4.3 MEDIUM |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ernest Marcinko Ajax Search Lite pluginĀ <= 4.10.3 versions. | |||||
| CVE-2022-38400 | 1 Synck | 1 Mailform Pro Cgi | 2024-11-21 | N/A | 5.9 MEDIUM |
| Mailform Pro CGI 4.3.1 and earlier allow a remote unauthenticated attacker to obtain the user input data by having a use of the product to access a specially crafted URL. | |||||
| CVE-2022-38113 | 1 Solarwinds | 1 Security Event Manager | 2024-11-21 | N/A | 5.3 MEDIUM |
| This vulnerability discloses build and services versions in the server response header. | |||||
| CVE-2022-37438 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2024-11-21 | N/A | 2.6 LOW |
| In Splunk Enterprise versions in the following table, an authenticated user can craft a dashboard that could potentially leak information (for example, username, email, and real name) about Splunk users, when visited by another user through the drilldown component. The vulnerability requires user access to create and share dashboards using Splunk Web. | |||||
| CVE-2022-36878 | 1 Samsung | 1 Find My Mobile | 2024-11-21 | N/A | 3.3 LOW |
| Exposure of Sensitive Information in Find My Mobile prior to version 7.2.25.14 allows local attacker to access IMEI via log. | |||||
| CVE-2022-36877 | 1 Samsung | 1 Samsung Members | 2024-11-21 | N/A | 2.8 LOW |
| Exposure of Sensitive Information in FaqSymptomCardViewModel in Samsung Members prior to versions 4.3.00.11 in Global and 14.0.02.4 in China allows local attackers to access device identification via log. | |||||
| CVE-2022-36835 | 1 Samsung | 1 Samsung Internet Browser | 2024-11-21 | N/A | 3.3 LOW |
| Implicit Intent hijacking vulnerability in Samsung Internet Browser prior to version 17.0.7.34 allows attackers to access arbitrary files. | |||||
| CVE-2022-36834 | 1 Samsung | 1 Game Launcher | 2024-11-21 | N/A | 3.3 LOW |
| Exposure of Sensitive Information vulnerability in Game Launcher prior to version 6.0.07 allows local attacker to access app data with user interaction. | |||||
| CVE-2022-36777 | 1 Ibm | 2 Cloud Pak For Security, Qradar Suite | 2024-11-21 | N/A | 4.3 MEDIUM |
| IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.16.0could allow an authenticated user to obtain sensitive version information that could aid in further attacks against the system. IBM X-Force ID: 233665. | |||||
| CVE-2022-36399 | 1 Boxystudio | 1 Booked | 2024-11-21 | N/A | 5.3 MEDIUM |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in BoxyStudio Booked - Appointment Booking for WordPress | Calendars.This issue affects Booked - Appointment Booking for WordPress | Calendars: from n/a before 2.4.4. | |||||
| CVE-2022-36101 | 1 Shopware | 1 Shopware | 2024-11-21 | N/A | 5.4 MEDIUM |
| Shopware is an open source e-commerce software. In affected versions the request for the customer detail view in the backend administration contained sensitive data like the hashed password and the session ID. These fields are now explicitly unset in version 5.7.15. Users are advised to update and may get the update either via the Auto-Updater or directly via the download overview. There are no known workarounds for this issue. | |||||
| CVE-2022-36079 | 1 Parseplatform | 1 Parse-server | 2024-11-21 | N/A | 8.6 HIGH |
| Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Internal fields (keys used internally by Parse Server, prefixed by `_`) and protected fields (user defined) can be used as query constraints. Internal and protected fields are removed by Parse Server and are only returned to the client using a valid master key. However, using query constraints, these fields can be guessed by enumerating until Parse Server, prior to versions 4.10.14 or 5.2.5, returns a response object. The patch available in versions 4.10.14 and 5.2.5 requires the maser key to use internal and protected fields as query constraints. As a workaround, implement a Parse Cloud Trigger `beforeFind` and manually remove the query constraints. | |||||
| CVE-2022-36077 | 2 Electronjs, Microsoft | 2 Electron, Windows | 2024-11-21 | N/A | 7.2 HIGH |
| The Electron framework enables writing cross-platform desktop applications using JavaScript, HTML and CSS. In versions prior to 21.0.0-beta.1, 20.0.1, 19.0.11, and 18.3.7, Electron is vulnerable to Exposure of Sensitive Information. When following a redirect, Electron delays a check for redirecting to file:// URLs from other schemes. The contents of the file is not available to the renderer following the redirect, but if the redirect target is a SMB URL such as `file://some.website.com/`, then in some cases, Windows will connect to that server and attempt NTLM authentication, which can include sending hashed credentials.This issue has been patched in versions: 21.0.0-beta.1, 20.0.1, 19.0.11, and 18.3.7. Users are recommended to upgrade to the latest stable version of Electron. If upgrading isn't possible, this issue can be addressed without upgrading by preventing redirects to file:// URLs in the `WebContents.on('will-redirect')` event, for all WebContents as a workaround. | |||||
| CVE-2022-36075 | 1 Nextcloud | 1 Files Access Control | 2024-11-21 | N/A | 2.6 LOW |
| Nextcloud files access control is a nextcloud app to manage access control for files. Users with limited access can see file names in certain cases where they do not have privilege to do so. This issue has been addressed and it is recommended that the Nextcloud Files Access Control app is upgraded to 1.12.2, 1.13.1 or 1.14.1. There are no known workarounds for this issue | |||||
| CVE-2022-36074 | 1 Nextcloud | 2 Nextcloud Enterprise Server, Nextcloud Server | 2024-11-21 | N/A | 6.4 MEDIUM |
| Nextcloud server is an open source personal cloud product. Affected versions of this package are vulnerable to Information Exposure which fails to strip the Authorization header on HTTP downgrade. This can lead to account access exposure and compromise. It is recommended that the Nextcloud Server is upgraded to 23.0.7 or 24.0.3. It is recommended that the Nextcloud Enterprise Server is upgraded to 22.2.11, 23.0.7 or 24.0.3. There are no known workarounds for this issue. | |||||
| CVE-2022-35842 | 1 Fortinet | 1 Fortios | 2024-11-21 | N/A | 3.7 LOW |
| An exposure of sensitive information to an unauthorized actor vulnerabiltiy [CWE-200] in FortiOS SSL-VPN versions 7.2.0, versions 7.0.0 through 7.0.6 and versions 6.4.0 through 6.4.9 may allow a remote unauthenticated attacker to gain information about LDAP and SAML settings configured in FortiOS. | |||||
| CVE-2022-35296 | 1 Sap | 1 Businessobjects Business Intelligence | 2024-11-21 | N/A | 4.9 MEDIUM |
| Under certain conditions, the application SAP BusinessObjects Business Intelligence Platform (Version Management System) exposes sensitive information to an actor over the network with high privileges that is not explicitly authorized to have access to that information, leading to a high impact on Confidentiality. | |||||
| CVE-2022-35290 | 1 Sap | 1 Authenticator | 2024-11-21 | N/A | 7.5 HIGH |
| Under certain conditions SAP Authenticator for Android allows an attacker to access information which would otherwise be restricted. | |||||
| CVE-2022-35169 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-11-21 | 6.5 MEDIUM | 6.0 MEDIUM |
| SAP BusinessObjects Business Intelligence Platform (LCM) - versions 420, 430, allows an attacker with an admin privilege to read and decrypt LCMBIAR file's password under certain conditions, enabling the attacker to modify the password or import the file into another system causing high impact on confidentiality but a limited impact on the availability and integrity of the application. | |||||
| CVE-2022-35147 | 1 Html-js | 1 Doracms | 2024-11-21 | N/A | 9.8 CRITICAL |
| DoraCMS v2.18 and earlier allows attackers to bypass login authentication via a crafted HTTP request. | |||||