Total
7102 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-41964 | 1 Bigbluebutton | 1 Bigbluebutton | 2022-12-21 | N/A | 5.7 MEDIUM |
| BigBlueButton is an open source web conferencing system. This vulnerability only affects release candidates of BigBlueButton 2.4. The attacker can start a subscription for poll results before starting an anonymous poll, and use this subscription to see individual responses in the anonymous poll. The attacker had to be a meeting presenter. This issue is patched in version 2.4.0. There are no workarounds. | |||||
| CVE-2017-14443 | 1 Insteon | 2 Hub 2245-222, Hub 2245-222 Firmware | 2022-12-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| An exploitable information leak vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation incorrectly checks the number of GET parameters supplied, leading to an arbitrarily controlled information leak on the whole device memory. An attacker can send an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2016-8722 | 1 Moxa | 2 Awk-3131a, Awk-3131a Firmware | 2022-12-14 | 5.0 MEDIUM | 5.3 MEDIUM |
| An exploitable Information Disclosure vulnerability exists in the Web Application functionality of Moxa AWK-3131A Series Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client. Retrieving a specific URL without authentication can reveal sensitive information to an attacker. | |||||
| CVE-2016-8725 | 1 Moxa | 2 Awk-3131a, Awk-3131a Firmware | 2022-12-13 | 5.0 MEDIUM | 5.3 MEDIUM |
| An exploitable information disclosure vulnerability exists in the Web Application functionality of the Moxa AWK-3131A wireless access point running firmware 1.1. Retrieving a specific URL without authentication can reveal sensitive information to an attacker. | |||||
| CVE-2016-8724 | 1 Moxa | 2 Awk-3131a, Awk-3131a Firmware | 2022-12-13 | 5.0 MEDIUM | 5.3 MEDIUM |
| An exploitable information disclosure vulnerability exists in the serviceAgent functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted TCP query will allow an attacker to retrieve potentially sensitive information. | |||||
| CVE-2022-23497 | 1 Freshrss | 1 Freshrss | 2022-12-13 | N/A | 7.5 HIGH |
| FreshRSS is a free, self-hostable RSS aggregator. User configuration files can be accessed by a remote user. In addition to user preferences, such configurations contain hashed passwords (brypt with cost 9, salted) of FreshRSS Web interface. If the API is used, the configuration might contain a hashed password (brypt with cost 9, salted) of the GReader API, and a hashed password (MD5 salted) of the Fever API. Users should update to version 1.20.2 or edge. Users unable to upgrade can apply the patch manually or delete the file `./FreshRSS/p/ext.php`. | |||||
| CVE-2016-6210 | 1 Openbsd | 1 Openssh | 2022-12-13 | 4.3 MEDIUM | 5.9 MEDIUM |
| sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided. | |||||
| CVE-2016-0777 | 5 Apple, Hp, Openbsd and 2 more | 7 Mac Os X, Remote Device Access Virtual Customer Access System, Openssh and 4 more | 2022-12-13 | 4.0 MEDIUM | 6.5 MEDIUM |
| The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key. | |||||
| CVE-2016-0800 | 2 Openssl, Pulsesecure | 3 Openssl, Client, Steel Belted Radius | 2022-12-13 | 4.3 MEDIUM | 5.9 MEDIUM |
| The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a "DROWN" attack. | |||||
| CVE-2022-39904 | 1 Google | 1 Android | 2022-12-12 | N/A | 3.3 LOW |
| Exposure of Sensitive Information vulnerability in Samsung Settings prior to SMR Dec-2022 Release 1 allows local attackers to access the Network Access Identifier via log. | |||||
| CVE-2017-12128 | 1 Moxa | 2 Edr-810, Edr-810 Firmware | 2022-12-09 | 5.0 MEDIUM | 7.5 HIGH |
| An exploitable information disclosure vulnerability exists in the Server Agent functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted TCP packet can cause information disclosure. An attacker can send a crafted TCP packet to trigger this vulnerability. | |||||
| CVE-2019-4514 | 1 Ibm | 1 Security Key Lifecycle Manager | 2022-12-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0, and 3.0.1 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 165136. | |||||
| CVE-2018-3854 | 1 Intuit | 1 Quicken 2018 | 2022-12-03 | 3.6 LOW | 7.1 HIGH |
| An exploitable information disclosure vulnerability exists in the password protection functionality of Quicken Deluxe 2018 for Mac version 5.2.2. A specially crafted sqlite3 request can cause the removal of the password protection, allowing an attacker to access and modify the data without knowing the password. An attacker needs to have access to the password-protected files to trigger this vulnerability. | |||||
| CVE-2019-4437 | 1 Ibm | 1 Api Connect | 2022-12-02 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM API Connect 2018.1 through 2018.4.1.6 may inadvertently leak sensitive details about internal servers and network via API swagger. IBM X-force ID: 162947. | |||||
| CVE-2022-46150 | 1 Discourse | 1 Discourse | 2022-12-01 | N/A | 4.3 MEDIUM |
| Discourse is an open-source discussion platform. Prior to version 2.8.13 of the `stable` branch and version 2.9.0.beta14 of the `beta` and `tests-passed` branches, unauthorized users may learn of the existence of hidden tags and that they have been applied to topics that they have access to. This issue is patched in version 2.8.13 of the `stable` branch and version 2.9.0.beta14 of the `beta` and `tests-passed` branches. As a workaround, use the `disable_email` site setting to disable all emails to non-staff users. | |||||
| CVE-2022-41926 | 1 Nextcloud | 1 Talk | 2022-12-01 | N/A | 5.5 MEDIUM |
| Nextcould talk android is the android OS implementation of the nextcloud talk chat system. In affected versions the receiver is not protected by broadcastPermission allowing malicious apps to monitor communication. It is recommended that the Nextcloud Talk Android is upgraded to 14.1.0. There are no known workarounds for this issue. | |||||
| CVE-2017-17898 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | 5.0 MEDIUM | 7.5 HIGH |
| Dolibarr ERP/CRM version 6.0.4 does not block direct requests to *.tpl.php files, which allows remote attackers to obtain sensitive information. | |||||
| CVE-2021-40159 | 1 Autodesk | 11 Advance Steel, Autocad, Autocad Architecture and 8 more | 2022-11-16 | 6.8 MEDIUM | 7.8 HIGH |
| An Information Disclosure vulnerability for JT files in Autodesk Inventor 2022, 2021, 2020, 2019 in conjunction with other vulnerabilities may lead to code execution through maliciously crafted JT files in the context of the current process. | |||||
| CVE-2021-34589 | 1 Bender | 9 Cc612, Cc612 Firmware, Cc613 and 6 more | 2022-10-28 | 5.0 MEDIUM | 7.5 HIGH |
| In Bender/ebee Charge Controllers in multiple versions are prone to an RFID leak. The RFID of the last charge event can be read without authentication via the web interface. | |||||
| CVE-2021-25118 | 1 Yoast | 1 Yoast Seo | 2022-10-27 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Yoast SEO WordPress plugin (from versions 16.7 until 17.2) discloses the full internal path of featured images in posts via the wp/v2/posts REST endpoints which could help an attacker identify other vulnerabilities or help during the exploitation of other identified vulnerabilities. | |||||