Total
7102 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-39230 | 1 Amazon | 1 Fhir-works-on-aws-authz-smart | 2022-09-26 | N/A | 6.5 MEDIUM |
| fhir-works-on-aws-authz-smart is an implementation of the authorization interface from the FHIR Works interface. Versions 3.1.1 and 3.1.2 are subject to Exposure of Sensitive Information to an Unauthorized Actor. This issue allows a client of the API to retrieve more information than the client’s OAuth scope permits when making “search-type” requests. This issue would not allow a client to retrieve information about individuals other than those the client was already authorized to access. Users of fhir-works-on-aws-authz-smart 3.1.1 or 3.1.2 should upgrade to version 3.1.3 or higher immediately. Versions 3.1.0 and below are unaffected. There is no workaround for this issue. | |||||
| CVE-2022-40194 | 1 Cusrev | 1 Customer Reviews For Woocommerce | 2022-09-26 | N/A | 7.5 HIGH |
| Unauthenticated Sensitive Information Disclosure vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPress | |||||
| CVE-2022-36878 | 1 Samsung | 1 Find My Mobile | 2022-09-21 | N/A | 3.3 LOW |
| Exposure of Sensitive Information in Find My Mobile prior to version 7.2.25.14 allows local attacker to access IMEI via log. | |||||
| CVE-2022-36834 | 1 Samsung | 1 Game Launcher | 2022-09-20 | N/A | 5.0 MEDIUM |
| Exposure of Sensitive Information vulnerability in Game Launcher prior to version 6.0.07 allows local attacker to access app data with user interaction. | |||||
| CVE-2022-31143 | 1 Glpi-project | 1 Glpi | 2022-09-19 | N/A | 5.3 MEDIUM |
| GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. It was found that in affected versions there is an exposure of private information defined in setup of GLPI (like smtp or cas hosts). Note that passwords are not exposed. Users are advised to upgrade to version 10.0.3. There are no known workarounds for this issue. | |||||
| CVE-2022-31221 | 1 Dell | 50 Chengming 3900, Chengming 3900 Firmware, Inspiron 14 Plus 7420 and 47 more | 2022-09-15 | N/A | 2.3 LOW |
| Dell BIOS versions contain an Information Exposure vulnerability. A local authenticated administrator user could potentially exploit this vulnerability in order access sensitive state information on the system. | |||||
| CVE-2022-2939 | 1 Cerber | 1 Wp Cerber Security\, Anti-spam \& Malware Scan | 2022-09-13 | N/A | 5.3 MEDIUM |
| The WP Cerber Security plugin for WordPress is vulnerable to security protection bypass in versions up to, and including 9.0, that makes user enumeration possible. This is due to improper validation on the value supplied through the 'author' parameter found in the ~/cerber-load.php file. In vulnerable versions, the plugin only blocks requests if the value supplied is numeric, making it possible for attackers to supply additional non-numeric characters to bypass the protection. The non-numeric characters are stripped and the user requested is displayed. This can be used by unauthenticated attackers to gather information about users that can targeted in further attacks. | |||||
| CVE-2017-3732 | 2 Nodejs, Openssl | 2 Node.js, Openssl | 2022-08-29 | 4.3 MEDIUM | 5.9 MEDIUM |
| There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very similar to CVE-2015-3193 but must be treated as a separate problem. | |||||
| CVE-2022-2558 | 1 Presstigers | 1 Simple Job Board | 2022-08-23 | N/A | 5.3 MEDIUM |
| The Simple Job Board WordPress plugin before 2.10.0 is susceptible to Directory Listing which allows the public listing of uploaded resumes in certain configurations. | |||||
| CVE-2017-3738 | 3 Debian, Nodejs, Openssl | 3 Debian Linux, Node.js, Openssl | 2022-08-19 | 4.3 MEDIUM | 5.9 MEDIUM |
| There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732 and CVE-2015-3193. OpenSSL version 1.0.2-1.0.2m and 1.1.0-1.1.0g are affected. Fixed in OpenSSL 1.0.2n. Due to the low severity of this issue we are not issuing a new release of OpenSSL 1.1.0 at this time. The fix will be included in OpenSSL 1.1.0h when it becomes available. The fix is also available in commit e502cc86d in the OpenSSL git repository. | |||||
| CVE-2022-30693 | 1 Cybozu | 1 Office | 2022-08-19 | N/A | 5.3 MEDIUM |
| Information disclosure vulnerability in the system configuration of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to obtain the data of the product via unspecified vectors. | |||||
| CVE-1999-0453 | 1 Cisco | 1 Router | 2022-08-17 | 5.0 MEDIUM | N/A |
| An attacker can identify a CISCO device by sending a SYN packet to port 1999, which is for the Cisco Discovery Protocol (CDP). | |||||
| CVE-2022-34659 | 1 Siemens | 1 Simcenter Star-ccm\+ Viewer | 2022-08-16 | N/A | 7.5 HIGH |
| A vulnerability has been identified in Simcenter STAR-CCM+ (All versions only if the Power-on-Demand public license server is used). Affected applications expose user, host and display name of users, when the public license server is used. This could allow an attacker to retrieve this information. | |||||
| CVE-2017-1000381 | 2 C-ares Project, Nodejs | 2 C-ares, Node.js | 2022-08-16 | 5.0 MEDIUM | 7.5 HIGH |
| The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. | |||||
| CVE-2021-41140 | 1 Discourse | 1 Discourse Reactions | 2022-08-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| Discourse-reactions is a plugin for the Discourse platform that allows user to add their reactions to the post. In affected versions reactions given by user to secure topics and private messages are visible. This issue is patched in version 0.2 of discourse-reaction. Users who are unable to update are advised to disable the Discourse-reactions plugin in admin panel. | |||||
| CVE-2022-27633 | 1 Tcl | 1 Linkhub Mesh Wifi Ac1200 | 2022-08-09 | N/A | 7.5 HIGH |
| An information disclosure vulnerability exists in the confctl_get_guest_wlan functionality of TCL LinkHub Mesh Wifi MS1G_00_01.00_14. A specially-crafted network packet can lead to information disclosure. An attacker can send packets to trigger this vulnerability. | |||||
| CVE-2022-27630 | 1 Tcl | 1 Linkhub Mesh Wifi Ac1200 | 2022-08-09 | N/A | 7.5 HIGH |
| An information disclosure vulnerability exists in the confctl_get_master_wlan functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to information disclosure. An attacker can send packets to trigger this vulnerability. | |||||
| CVE-2022-31185 | 1 Makedp | 1 Mprweb | 2022-08-09 | N/A | 5.3 MEDIUM |
| mprweb is a hosting platform for the makedeb Package Repository. Email addresses were found to not have been hidden, even if a user had clicked the `Hide Email Address` checkbox on their account page, or during signup. This could lead to an account's email being leaked, which may be problematic if your email needs to remain private for any reason. Users hosting their own mprweb instance will need to upgrade to the latest commit to get this fixed. Users on the official instance will already have this issue fixed. | |||||
| CVE-2010-1407 | 1 Apple | 2 Iphone Os, Ipod Touch | 2022-08-09 | 4.3 MEDIUM | N/A |
| WebKit in Apple iOS before 4 on the iPhone and iPod touch does not properly implement the history.replaceState method in certain situations involving IFRAME elements, which allows remote attackers to obtain sensitive information via a crafted HTML document. | |||||
| CVE-2009-0958 | 1 Apple | 2 Iphone Os, Ipod Touch | 2022-08-09 | 4.3 MEDIUM | N/A |
| Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 stores an exception for a hostname when the user accepts an untrusted Exchange server certificate, which causes it to be accepted without prompting in future usage and allows remote Exchange servers to obtain sensitive information such as credentials. | |||||