Total
29527 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-43541 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2022-12-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| When invoking protocol handlers for external protocols, a supplied parameter URL containing spaces was not properly escaped. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. | |||||
| CVE-2019-3928 | 1 Crestron | 4 Am-100, Am-100 Firmware, Am-101 and 1 more | 2022-12-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allow any user to obtain the presentation passcode via the iso.3.6.1.4.1.3212.100.3.2.7.4 OIDs. A remote, unauthenticated attacker can use this vulnerability to access a restricted presentation or to become the presenter. | |||||
| CVE-2022-43516 | 2 Microsoft, Zabbix | 2 Windows Firewall, Zabbix | 2022-12-07 | N/A | 9.8 CRITICAL |
| A Firewall Rule which allows all incoming TCP connections to all programs from any source and to all ports is created in Windows Firewall after Zabbix agent installation (MSI) | |||||
| CVE-2019-3935 | 1 Crestron | 4 Am-100, Am-100 Firmware, Am-101 and 1 more | 2022-12-06 | 6.4 MEDIUM | 9.1 CRITICAL |
| Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allows anyone to act as a moderator to a slide show via crafted HTTP POST requests to conference.cgi. A remote, unauthenticated attacker can use this vulnerability to start, stop, and disconnect active slideshows. | |||||
| CVE-2022-46156 | 1 Grafana | 1 Synthetic Monitoring Agent | 2022-12-05 | N/A | 3.3 LOW |
| The Synthetic Monitoring Agent for Grafana's Synthetic Monitoring application provides probe functionality and executes network checks for monitoring remote targets. Users running the Synthetic Monitoring agent prior to version 0.12.0 in their local network are impacted. The authentication token used to communicate with the Synthetic Monitoring API is exposed through a debugging endpoint. This token can be used to retrieve the Synthetic Monitoring checks created by the user and assigned to the agent identified with that token. The Synthetic Monitoring API will reject connections from already-connected agents, so access to the token does not guarantee access to the checks. Version 0.12.0 contains a fix. Users are advised to rotate the agent tokens. After upgrading to version v0.12.0 or later, it's recommended that users of distribution packages review the configuration stored in `/etc/synthetic-monitoring/synthetic-monitoring-agent.conf`, specifically the `API_TOKEN` variable which has been renamed to `SM_AGENT_API_TOKEN`. As a workaround for previous versions, it's recommended that users review the agent settings and set the HTTP listening address in a manner that limits the exposure, for example, localhost or a non-routed network, by using the command line parameter `-listen-address`, e.g. `-listen-address localhost:4050`. | |||||
| CVE-2020-35501 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2022-12-02 | 3.6 LOW | 3.4 LOW |
| A flaw was found in the Linux kernels implementation of audit rules, where a syscall can unexpectedly not be correctly not be logged by the audit subsystem | |||||
| CVE-2021-25463 | 1 Samsung | 1 Penup | 2022-12-02 | 2.1 LOW | 3.3 LOW |
| Improper access control vulnerability in PENUP prior to version 3.8.00.18 allows arbitrary webpage loading in webview. | |||||
| CVE-2022-4136 | 1 Leadshop | 1 Leadshop | 2022-11-30 | N/A | 9.8 CRITICAL |
| Dangerous method exposed which can lead to RCE in qmpass/leadshop v1.4.15 allows an attacker to control the target host by calling any function in leadshop.php via the GET method. | |||||
| CVE-2020-29506 | 2 Dell, Oracle | 6 Bsafe Crypto-c-micro-edition, Bsafe Micro-edition-suite, Database and 3 more | 2022-11-29 | 7.5 HIGH | 9.8 CRITICAL |
| Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Observable Timing Discrepancy Vulnerability. | |||||
| CVE-2021-43043 | 1 Kaseya | 1 Unitrends Backup | 2022-11-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The apache user could read arbitrary files such as /etc/shadow by abusing an insecure Sudo rule. | |||||
| CVE-2022-41839 | 1 Wpbrigade | 1 Loginpress | 2022-11-22 | N/A | 5.3 MEDIUM |
| Broken Access Control vulnerability in WordPress LoginPress plugin <= 1.6.2 on WordPress leading to unauth. changing of Opt-In or Opt-Out tracking settings. | |||||
| CVE-2022-38974 | 1 Wpml | 1 Wpml | 2022-11-21 | N/A | 4.3 MEDIUM |
| Broken Access Control vulnerability in WPML Multilingual CMS premium plugin <= 4.5.10 on WordPress allows users with subscriber or higher user roles to change the status of the translation jobs. | |||||
| CVE-2022-0746 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | 4.0 MEDIUM | 4.3 MEDIUM |
| Business Logic Errors in GitHub repository dolibarr/dolibarr prior to 16.0. | |||||
| CVE-2021-25956 | 1 Dolibarr | 2 Dolibarr, Dolibarr Erp\/crm | 2022-11-17 | 6.5 MEDIUM | 7.2 HIGH |
| In “Dolibarr” application, v3.3.beta1_20121221 to v13.0.2 have “Modify” access for admin level users to change other user’s details but fails to validate already existing “Login” name, while renaming the user “Login”. This leads to complete account takeover of the victim user. This happens since the password gets overwritten for the victim user having a similar login name. | |||||
| CVE-2021-33164 | 1 Intel | 8 Nuc 8 Mainstream-g Kit Nuc8i5inh, Nuc 8 Mainstream-g Kit Nuc8i5inh Firmware, Nuc 8 Mainstream-g Kit Nuc8i7inh and 5 more | 2022-11-17 | N/A | 6.7 MEDIUM |
| Improper access control in BIOS firmware for some Intel(R) NUCs before version INWHL357.0046 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-41904 | 1 Element | 1 Element | 2022-11-16 | N/A | 6.5 MEDIUM |
| Element iOS is an iOS Matrix client provided by Element. It is based on MatrixSDK. Prior to version 1.9.7, events encrypted using Megolm for which trust could not be established did not get decorated accordingly (with warning shields). Therefore a malicious homeserver could inject messages into the room without the user being alerted that the messages were not sent by a verified group member, even if the user has previously verified all group members. This issue has been patched in Element iOS 1.9.7. There are currently no known workarounds. | |||||
| CVE-2021-41313 | 1 Atlassian | 2 Jira Data Center, Jira Server | 2022-11-16 | 4.0 MEDIUM | 4.3 MEDIUM |
| Affected versions of Atlassian Jira Server and Data Center allow authenticated but non-admin remote attackers to edit email batch configurations via an Improper Authorization vulnerability in the /secure/admin/ConfigureBatching!default.jspa endpoint. The affected versions are before version 8.20.7. | |||||
| CVE-2021-32001 | 1 Suse | 2 Rancher K3s, Rancher Rke2 | 2022-11-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| K3s in SUSE Rancher allows any user with direct access to the datastore, or a copy of a datastore backup, to extract the cluster's confidential keying material (cluster certificate authority private keys, secrets encryption configuration passphrase, etc.) and decrypt it, without having to know the token value. This issue affects: SUSE Rancher K3s version v1.19.12+k3s1, v1.20.8+k3s1, v1.21.2+k3s1 and prior versions; RKE2 version v1.19.12+rke2r1, v1.20.8+rke2r1, v1.21.2+rke2r1 and prior versions. | |||||
| CVE-2022-39889 | 1 Samsung | 1 Galaxywatch4plugin | 2022-11-11 | N/A | 3.3 LOW |
| Improper access control vulnerability in GalaxyWatch4Plugin prior to versions 2.2.11.22101351 and 2.2.12.22101351 allows attackers to access wearable device information. | |||||
| CVE-2022-3706 | 1 Gitlab | 1 Gitlab | 2022-11-11 | N/A | 4.3 MEDIUM |
| Improper authorization in GitLab CE/EE affecting all versions from 7.14 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a user retrying a job in a downstream pipeline to take ownership of the retried jobs in the upstream pipeline even if the user doesn't have access to that project. | |||||