Total
9127 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-20955 | 1 Cisco | 2 Roomos, Telepresence Collaboration Endpoint | 2024-11-21 | N/A | 5.5 MEDIUM |
| Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2022-20954 | 1 Cisco | 2 Roomos, Telepresence Collaboration Endpoint | 2024-11-21 | N/A | 5.5 MEDIUM |
| Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2022-20953 | 1 Cisco | 2 Roomos, Telepresence Collaboration Endpoint | 2024-11-21 | N/A | 5.5 MEDIUM |
| Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2022-20811 | 1 Cisco | 2 Roomos, Telepresence Collaboration Endpoint | 2024-11-21 | N/A | 5.5 MEDIUM |
| Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2022-20776 | 1 Cisco | 2 Roomos, Telepresence Collaboration Endpoint | 2024-11-21 | N/A | 5.5 MEDIUM |
| Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2022-20734 | 1 Cisco | 1 Catalyst Sd-wan Manager | 2024-11-21 | 4.9 MEDIUM | 4.4 MEDIUM |
| A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, local attacker to view sensitive information on an affected system. This vulnerability is due to insufficient file system restrictions. An authenticated attacker with netadmin privileges could exploit this vulnerability by accessing the vshell of an affected system. A successful exploit could allow the attacker to read sensitive information on the underlying operating system. | |||||
| CVE-2022-20680 | 1 Cisco | 1 Prime Service Catalog | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Prime Service Catalog could allow an authenticated, remote attacker to access sensitive information on an affected device. This vulnerability is due to improper enforcement of Administrator privilege levels for low-value sensitive data. An attacker with read-only Administrator access to the web-based management interface could exploit this vulnerability by sending a malicious HTTP request to the page that contains the sensitive data. A successful exploit could allow the attacker to collect sensitive information about users of the system and orders that have been placed using the application. | |||||
| CVE-2022-20664 | 1 Cisco | 2 Email Security Appliance, Secure Email And Web Manager | 2024-11-21 | 3.5 LOW | 7.7 HIGH |
| A vulnerability in the web management interface of Cisco Secure Email and Web Manager, formerly Cisco Security Management Appliance (SMA), and Cisco Email Security Appliance (ESA) could allow an authenticated, remote attacker to retrieve sensitive information from a Lightweight Directory Access Protocol (LDAP) external authentication server connected to an affected device. This vulnerability is due to a lack of proper input sanitization while querying the external authentication server. An attacker could exploit this vulnerability by sending a crafted query through an external authentication web page. A successful exploit could allow the attacker to gain access to sensitive information, including user credentials from the external authentication server. To exploit this vulnerability, an attacker would need valid operator-level (or higher) credentials. | |||||
| CVE-2022-1911 | 1 M-files | 1 M-files Server | 2024-11-21 | N/A | 5.3 MEDIUM |
| Error in parser function in M-Files Server versions before 22.6.11534.1 and before 22.6.11505.0 allowed unauthenticated access to some information of the underlying operating system. | |||||
| CVE-2022-1815 | 1 Diagrams | 1 Drawio | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.1.2. | |||||
| CVE-2022-1774 | 1 Diagrams | 1 Drawio | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.0.7. | |||||
| CVE-2022-1663 | 1 Stop Spam Comments Project | 1 Stop Spam Comments | 2024-11-21 | N/A | 6.5 MEDIUM |
| The Stop Spam Comments WordPress plugin through 0.2.1.2 does not properly generate the Javascript access token for preventing abuse of comment section, allowing threat authors to easily collect the value and add it to the request. | |||||
| CVE-2022-1662 | 1 Convert2rhel Project | 1 Convert2rhel | 2024-11-21 | N/A | 5.5 MEDIUM |
| In convert2rhel, there's an ansible playbook named ansible/run-convert2rhel.yml which passes the Red Hat Subscription Manager user password via the CLI to convert2rhel. This could allow unauthorized local users to view the password via the process list while convert2rhel is running. However, this ansible playbook is only an example in the upstream repository and it is not shipped in officially supported versions of convert2rhel. | |||||
| CVE-2022-1595 | 1 Hc Custom Wp-admin Url Project | 1 Hc Custom Wp-admin Url | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The HC Custom WP-Admin URL WordPress plugin through 1.4 leaks the secret login URL when sending a specific crafted request | |||||
| CVE-2022-1353 | 4 Debian, Linux, Netapp and 1 more | 19 Debian Linux, Linux Kernel, H300e and 16 more | 2024-11-21 | 3.6 LOW | 7.1 HIGH |
| A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information. | |||||
| CVE-2022-1332 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| One of the API in Mattermost version 6.4.1 and earlier fails to properly protect the permissions, which allows the authenticated members with restricted custom admin role to bypass the restrictions and view the server logs and server config.json file contents. | |||||
| CVE-2022-1077 | 1 Tem | 4 Flex-1080, Flex-1080 Firmware, Flex-1085 and 1 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability was found in TEM FLEX-1080 and FLEX-1085 1.6.0. It has been declared as problematic. This vulnerability log.cgi of the component Log Handler. A direct request leads to information disclosure of hardware information. The attack can be initiated remotely and does not require any form of authentication. | |||||
| CVE-2022-1004 | 1 Otrs | 1 Otrs | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Accounted time is shown in the Ticket Detail View (External Interface), even if ExternalFrontend::TicketDetailView###AccountedTimeDisplay is disabled. | |||||
| CVE-2022-0987 | 2 Packagekit Project, Redhat | 2 Packagekit, Enterprise Linux | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| A flaw was found in PackageKit in the way some of the methods exposed by the Transaction interface examines files. This issue allows a local user to measure the time the methods take to execute and know whether a file owned by root or other users exists. | |||||
| CVE-2022-0882 | 1 Google | 1 Fuchsia | 2024-11-21 | 2.1 LOW | 5.3 MEDIUM |
| A bug exists where an attacker can read the kernel log through exposed Zircon kernel addresses without the required capability ZX_RSRC_KIND_ROOT. It is recommended to upgrade the Fuchsia kernel to 4.1.1 or greater. | |||||