Total
583 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-24411 | 1 Dell | 1 Emc Powerscale Onefs | 2022-04-20 | 4.6 MEDIUM | 7.8 HIGH |
| Dell PowerScale OneFS 8.2.2 and above contain an elevation of privilege vulnerability. A local attacker with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE could potentially exploit this vulnerability, leading to elevation of privilege. This could potentially allow users to circumvent PowerScale Compliance Mode guarantees. | |||||
| CVE-2022-23163 | 1 Dell | 1 Emc Powerscale Onefs | 2022-04-20 | 2.1 LOW | 5.5 MEDIUM |
| Dell PowerScale OneFS, 8.2,x, 9.1.0.x, 9.2.1.x, and 9.3.0.x contain a denial of service vulnerability. A local malicious user could potentially exploit this vulnerability, leading to denial of service/data unavailability. | |||||
| CVE-2021-42255 | 1 Blueplanet-works | 1 Appguard | 2022-04-20 | 7.2 HIGH | 7.8 HIGH |
| AppGuard Enterprise before 6.7.100.1 creates a Temporary File in a Directory with Insecure Permissions. Local users can gain SYSTEM privileges because a repair operation relies on the %TEMP% directory of an unprivileged user. | |||||
| CVE-2022-27822 | 1 Google | 1 Android | 2022-04-18 | 2.1 LOW | 5.5 MEDIUM |
| Information exposure vulnerability in ril property setting prior to SMR April-2022 Release 1 allows access to EF_RUIMID value without permission. | |||||
| CVE-2022-27576 | 1 Google | 1 Android | 2022-04-18 | 4.3 MEDIUM | 3.3 LOW |
| Information exposure vulnerability in Samsung DeX Home prior to SMR April-2022 Release 1 allows to access currently launched foreground app information without permission | |||||
| CVE-2022-27818 | 1 Waycrate | 1 Swhkd | 2022-04-14 | 6.4 MEDIUM | 9.1 CRITICAL |
| SWHKD 1.1.5 unsafely uses the /tmp/swhkd.sock pathname. There can be an information leak or denial of service. | |||||
| CVE-2018-20321 | 1 Suse | 1 Rancher | 2022-04-13 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered in Rancher 2 through 2.1.5. Any project member with access to the default namespace can mount the netes-default service account in a pod, and then use that pod to execute administrative privileged commands against the k8s cluster. This could be mitigated by isolating the default namespace in a separate project, where only cluster admins can be given permissions to access. As of 2018-12-20, this bug affected ALL clusters created or imported by Rancher. | |||||
| CVE-2019-12274 | 1 Suse | 1 Rancher | 2022-04-13 | 4.0 MEDIUM | 8.8 HIGH |
| In Rancher 1 and 2 through 2.2.3, unprivileged users (if allowed to deploy nodes) can gain admin access to the Rancher management plane because node driver options intentionally allow posting certain data to the cloud. The problem is that a user could choose to post a sensitive file such as /root/.kube/config or /var/lib/rancher/management-state/cred/kubeconfig-system.yaml. | |||||
| CVE-2016-5334 | 1 Vmware | 2 Identity Manager, Vrealize Automation | 2022-04-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| VMware Identity Manager 2.x before 2.7.1 and vRealize Automation 7.x before 7.2.0 allow remote attackers to read /SAAS/WEB-INF and /SAAS/META-INF files via unspecified vectors. | |||||
| CVE-2019-8934 | 2 Opensuse, Qemu | 2 Leap, Qemu | 2022-04-05 | 2.1 LOW | 3.3 LOW |
| hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes with a guest. | |||||
| CVE-2021-39777 | 1 Google | 1 Android | 2022-04-05 | 2.1 LOW | 5.5 MEDIUM |
| In Telephony, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-194743207 | |||||
| CVE-2021-27424 | 1 Ge | 38 Multilin B30, Multilin B30 Firmware, Multilin B90 and 35 more | 2022-04-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| GE UR firmware versions prior to version 8.1x shares MODBUS memory map as part of the communications guide. GE was made aware a “Last-key pressed” MODBUS register can be used to gain unauthorized information. | |||||
| CVE-2022-0315 | 1 Horovod | 1 Horovod | 2022-03-31 | 5.0 MEDIUM | 7.5 HIGH |
| Insecure Temporary File in GitHub repository horovod/horovod prior to 0.24.0. | |||||
| CVE-2022-25041 | 1 Open-emr | 1 Openemr | 2022-03-29 | 4.0 MEDIUM | 4.3 MEDIUM |
| OpenEMR v6.0.0 was discovered to contain an incorrect access control issue. | |||||
| CVE-2020-4989 | 1 Ibm | 1 Rational Team Concert | 2022-03-22 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Engineering Workflow Management 7.0, 7.0.1, and 7.0.2 and IBM Rational Team Concert 6.0.6 and 6.0.0.1 could allow an authenticated user to obtain sensitive information about build definitions. IBM X-Force ID: 192707. | |||||
| CVE-2022-26355 | 1 Citrix | 1 Federated Authentication Service | 2022-03-18 | 1.9 LOW | 4.4 MEDIUM |
| Citrix Federated Authentication Service (FAS) 7.17 - 10.6 causes deployments that have been configured to store a registration authority certificate's private key in a Trusted Platform Module (TPM) to incorrectly store that key in the Microsoft Software Key Storage Provider (MSKSP). This issue only occurs if PowerShell was used when configuring FAS to store the registration authority certificate’s private key in the TPM. It does not occur if the TPM was not selected for use or if the FAS administration console was used for configuration. | |||||
| CVE-2021-46354 | 1 Cybelesoft | 1 Thinfinity Virtualui | 2022-03-01 | 5.0 MEDIUM | 7.5 HIGH |
| Thinfinity VirtualUI 2.1.28.0, 2.1.32.1 and 2.5.26.2, fixed in version 3.0 is affected by an information disclosure vulnerability in the parameter "Addr" in cmd site. The ability to send requests to other systems can allow the vulnerable server to filtrate the real IP of the web server or increase the attack surface. | |||||
| CVE-2011-1960 | 1 Microsoft | 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more | 2022-02-28 | 4.3 MEDIUM | N/A |
| Microsoft Internet Explorer 6 through 9 does not properly implement JavaScript event handlers, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Event Handlers Information Disclosure Vulnerability." | |||||
| CVE-2011-1258 | 1 Microsoft | 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more | 2022-02-28 | 4.3 MEDIUM | N/A |
| Microsoft Internet Explorer 6 through 8 does not properly restrict web script, which allows user-assisted remote attackers to obtain sensitive information from a different (1) domain or (2) zone via vectors involving a drag-and-drop operation, aka "Drag and Drop Information Disclosure Vulnerability." | |||||
| CVE-2004-1489 | 1 Opera | 1 Opera Browser | 2022-02-28 | 2.6 LOW | N/A |
| Opera 7.54 and earlier does not properly limit an applet's access to internal Java packages from Sun, which allows remote attackers to gain sensitive information, such as user names and the installation directory. | |||||