Total
8075 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-0027 | 1 Rockwellautomation | 1 Modbus Tcp Server Add On Instructions | 2023-11-07 | N/A | 4.3 MEDIUM |
| Rockwell Automation Modbus TCP Server AOI prior to 2.04.00 is vulnerable to an unauthorized user sending a malformed message that could cause the controller to respond with a copy of the most recent response to the last valid request. If exploited, an unauthorized user could read the connected device’s Modbus TCP Server AOI information. | |||||
| CVE-2023-0020 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2023-11-07 | N/A | 7.1 HIGH |
| SAP BusinessObjects Business Intelligence platform - versions 420, 430, allows an authenticated attacker to access sensitive information which is otherwise restricted. On successful exploitation, there could be a high impact on confidentiality and limited impact on integrity of the application. | |||||
| CVE-2022-4862 | 1 M-files | 1 M-files Server | 2023-11-07 | N/A | 7.6 HIGH |
| Rendering of HTML provided by another authenticated user is possible in browser on M-Files Web before 22.12.12140.3. This allows the content to steal user sensitive information. This issue affects M-Files New Web: before 22.12.12140.3. | |||||
| CVE-2022-4457 | 1 Cloudflare | 1 Warp | 2023-11-07 | N/A | 5.5 MEDIUM |
| Due to a misconfiguration in the manifest file of the WARP client for Android, it was possible to a perform a task hijacking attack. An attacker could create a malicious mobile application which could hijack legitimate app and steal potentially sensitive information when installed on the victim's device. | |||||
| CVE-2022-46257 | 1 Github | 1 Enterprise Server | 2023-11-07 | N/A | 4.3 MEDIUM |
| An information disclosure vulnerability was identified in GitHub Enterprise Server that allowed private repositories to be added to a GitHub Actions runner group via the API by a user who did not have access to those repositories, resulting in the repository names being shown in the UI. To exploit this vulnerability, an attacker would need access to the GHES instance, permissions to modify GitHub Actions runner groups, and successfully guess the obfuscated ID of private repositories. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.7 and was fixed in versions 3.3.17, 3.4.12, 3.5.9, 3.6.5. This vulnerability was reported via the GitHub Bug Bounty program. | |||||
| CVE-2022-45103 | 1 Dell | 8 Emc Solutions Enabler Virtual Appliance, Emc Unisphere For Powermax, Emc Unisphere For Powermax Virtual Appliance and 5 more | 2023-11-07 | N/A | 6.5 MEDIUM |
| Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 9.2.3.x contain an information disclosure vulnerability. A low privileged remote attacker could potentially exploit this vulnerability, leading to read arbitrary files on the underlying file system. | |||||
| CVE-2022-43951 | 1 Fortinet | 2 Fortinac, Fortinac-f | 2023-11-07 | N/A | 7.5 HIGH |
| An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.11 and below, 8.7.6 and below may allow an unauthenticated attacker to access sensitive information via crafted HTTP requests. | |||||
| CVE-2022-43930 | 2 Ibm, Microsoft | 2 Db2, Windows | 2023-11-07 | N/A | 7.5 HIGH |
| IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable to an Information Disclosure as sensitive information may be included in a log file. IBM X-Force ID: 241677. | |||||
| CVE-2022-43927 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Db2 and 3 more | 2023-11-07 | N/A | 7.5 HIGH |
| IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable to information Disclosure due to improper privilege management when a specially crafted table access is used. IBM X-Force ID: 241671. | |||||
| CVE-2022-43901 | 1 Ibm | 1 Websphere Automation For Ibm Cloud Pak For Watson Aiops | 2023-11-07 | N/A | 5.5 MEDIUM |
| IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps 1.4.3 could disclose sensitive information. An authenticated local attacker could exploit this vulnerability to possibly gain information to other IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps components. IBM X-Force ID: 240829. | |||||
| CVE-2022-43573 | 3 Ibm, Microsoft, Redhat | 5 Robotic Process Automation, Robotic Process Automation As A Service, Robotic Process Automation For Cloud Pak and 2 more | 2023-11-07 | N/A | 5.3 MEDIUM |
| IBM Robotic Process Automation 20.12 through 21.0.6 is vulnerable to exposure of the name and email for the creator/modifier of platform level objects. IBM X-Force ID: 238678. | |||||
| CVE-2022-42782 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-11-07 | N/A | 5.5 MEDIUM |
| In wlan driver, there is a possible missing permission check, This could lead to local information disclosure. | |||||
| CVE-2022-42766 | 2 Google, Unisoc | 14 Android, S8011, Sc7731e and 11 more | 2023-11-07 | N/A | 5.5 MEDIUM |
| In wlan driver, there is a possible missing permission check, This could lead to local information disclosure. | |||||
| CVE-2022-42439 | 4 Ibm, Linux, Microsoft and 1 more | 6 Aix, App Connect Enterprise, App Connect Enterprise Certified Container and 3 more | 2023-11-07 | N/A | 4.9 MEDIUM |
| IBM App Connect Enterprise 11.0.0.17 through 11.0.0.19 and 12.0.4.0 and 12.0.5.0 contains an unspecified vulnerability in the Discovery Connector nodes which may cause a 3rd party system’s credentials to be exposed to a privileged attacker. IBM X-Force ID: 238211. | |||||
| CVE-2022-41734 | 1 Ibm | 2 Maximo Application Suite, Maximo Asset Management | 2023-11-07 | N/A | 7.5 HIGH |
| IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 237587. | |||||
| CVE-2022-41329 | 1 Fortinet | 2 Fortios, Fortiproxy | 2023-11-07 | N/A | 5.3 MEDIUM |
| An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.7, FortiOS version 7.2.0 through 7.2.3 and 7.0.0 through 7.0.9 allows an unauthenticated attackers to obtain sensitive logging informations on the device via crafted HTTP GET requests. | |||||
| CVE-2022-3284 | 1 M-files | 1 M-files Server | 2023-11-07 | N/A | 7.5 HIGH |
| Download key for a file in a vault was passed in an insecure way that could easily be logged in M-Files New Web in M-Files before 22.11.12011.0. This issue affects M-Files New Web: before 22.11.12011.0. | |||||
| CVE-2022-3185 | 1 Dataprobe | 24 Iboot-pdu4-n20, Iboot-pdu4-n20 Firmware, Iboot-pdu4a-n15 and 21 more | 2023-11-07 | N/A | 5.3 MEDIUM |
| Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where the affected product exposes sensitive data concerning the device. | |||||
| CVE-2022-3091 | 1 Ronds | 1 Equipment Predictive Maintenance | 2023-11-07 | N/A | 7.5 HIGH |
| RONDS EPM version 1.19.5 has a vulnerability in which a function could allow unauthenticated users to leak credentials. In some circumstances, an attacker can exploit this vulnerability to execute operating system (OS) commands. | |||||
| CVE-2022-39167 | 1 Ibm | 1 Spectrum Virtualize | 2023-11-07 | N/A | 5.9 MEDIUM |
| IBM Spectrum Virtualize 8.5, 8.4, 8.3, 8.2, and 7.8, under certain configurations, could disclose sensitive information to an attacker using man-in-the-middle techniques. IBM X-Force ID: 235408. | |||||