Total
638 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-33700 | 1 Google | 1 Android | 2022-07-16 | 2.1 LOW | 2.3 LOW |
| Exposure of Sensitive Information in putDsaSimImsi in TelephonyUI prior to SMR Jul-2022 Release 1 allows local attacker to access imsi via log. | |||||
| CVE-2022-33694 | 1 Google | 1 Android | 2022-07-15 | 2.1 LOW | 3.3 LOW |
| Exposure of Sensitive Information in CSC application prior to SMR Jul-2022 Release 1 allows local attacker to access wifi information via unprotected intent broadcasting. | |||||
| CVE-2022-24139 | 1 Iobit | 1 Advanced System Care | 2022-07-15 | 7.2 HIGH | 7.8 HIGH |
| In IOBit Advanced System Care (AscService.exe) 15, an attacker with SEImpersonatePrivilege can create a named pipe with the same name as one of ASCService's named pipes. ASCService first tries to connect before trying to create the named pipes, because of that during login the service will try to connect to the attacker which will lead to either escalation of privileges (through token manipulation and ImpersonateNamedPipeClient() ) from ADMIN -> SYSTEM or from Local ADMIN-> Domain ADMIN depending on the user and named pipe that is used. | |||||
| CVE-2021-46687 | 1 Jfrog | 1 Artifactory | 2022-07-13 | 6.8 MEDIUM | 4.9 MEDIUM |
| JFrog Artifactory prior to version 7.31.10 and 6.23.38 is vulnerable to Sensitive Data Exposure through the Project Administrator REST API. This issue affects: JFrog JFrog Artifactory JFrog Artifactory versions before 7.31.10 versions prior to 7.x; JFrog Artifactory versions before 6.23.38 versions prior to 6.x. | |||||
| CVE-2021-31154 | 1 Pleaseedit Project | 1 Pleaseedit | 2022-07-12 | 7.2 HIGH | 7.8 HIGH |
| pleaseedit in please before 0.4 uses predictable temporary filenames in /tmp and the target directory. This allows a local attacker to gain full root privileges by staging a symlink attack. | |||||
| CVE-2021-40639 | 1 Jflyfox | 1 Jfinal Cms | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| Improper access control in Jfinal CMS 5.1.0 allows attackers to access sensitive information via /classes/conf/db.properties&config=filemanager.config.js. | |||||
| CVE-2021-22009 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| The vCenter Server contains multiple denial-of-service vulnerabilities in VAPI (vCenter API) service. A malicious actor with network access to port 443 on vCenter Server may exploit these issues to create a denial of service condition due to excessive memory consumption by VAPI service. | |||||
| CVE-2021-43066 | 1 Fortinet | 1 Forticlient | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| A external control of file name or path in Fortinet FortiClientWindows version 7.0.2 and below, version 6.4.6 and below, version 6.2.9 and below, version 6.0.10 and below allows attacker to escalate privilege via the MSI installer. | |||||
| CVE-2021-43893 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-07-12 | 6.0 MEDIUM | 7.5 HIGH |
| Windows Encrypting File System (EFS) Elevation of Privilege Vulnerability | |||||
| CVE-2021-34539 | 1 Cubecoders | 1 Amp | 2022-07-12 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in CubeCoders AMP before 2.1.1.8. A lack of validation of the Java Version setting means that an unintended executable path can be set. The result is that high-privileged users can trigger code execution. | |||||
| CVE-2021-44049 | 1 Cyberark | 1 Endpoint Privilege Manager | 2022-07-12 | 6.9 MEDIUM | 7.8 HIGH |
| CyberArk Endpoint Privilege Manager (EPM) through 11.5.3.328 before 2021-12-20 allows a local user to gain elevated privileges via a Trojan horse Procmon64.exe in the user's Temp directory. | |||||
| CVE-2021-20461 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2022-07-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Cognos Analytics 10.0 and 11.1 is susceptible to a weakness in the implementation of the System Appearance configuration setting. An attacker could potentially bypass business logic to modify the appearance and behavior of the application. IBM X-Force ID: 196770. | |||||
| CVE-2021-0542 | 1 Google | 1 Android | 2022-07-12 | 2.1 LOW | 5.5 MEDIUM |
| In updateNotification of BeamTransferManager.java, there is a missing permission check. This could lead to local information disclosure of paired Bluetooth addresses with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-168712890 | |||||
| CVE-2021-28488 | 1 Ericsson | 1 Network Manager | 2022-07-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| Ericsson Network Manager (ENM) before 21.2 has incorrect access-control behavior (that only affects the level of access available to persons who were already granted a highly privileged role). Users in the same AMOS authorization group can retrieve managed-network data that was not set to be accessible to the entire group (i.e., was only set to be accessible to a subset of that group). | |||||
| CVE-2021-0588 | 1 Google | 1 Android | 2022-07-12 | 4.9 MEDIUM | 5.5 MEDIUM |
| In processInboundMessage of MceStateMachine.java, there is a possible SMS disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9Android ID: A-177238342 | |||||
| CVE-2013-4561 | 1 Redhat | 1 Openshift | 2022-07-11 | 6.4 MEDIUM | 9.1 CRITICAL |
| In a openshift node, there is a cron job to update mcollective facts that mishandles a temporary file. This may lead to loss of confidentiality and integrity. | |||||
| CVE-2022-32530 | 1 Schneider-electric | 1 Geo Scada Mobile | 2022-07-06 | 6.8 MEDIUM | 7.8 HIGH |
| A CWE-668 Exposure of Resource to Wrong Sphere vulnerability exists that could cause users to be misled, hiding alarms, showing the wrong server connection option or the wrong control request when a mobile device has been compromised by a malicious application. Affected Product: Geo SCADA Mobile (Build 222 and prior) | |||||
| CVE-2021-20551 | 3 Ibm, Linux, Microsoft | 3 Jazz Team Server, Linux Kernel, Windows | 2022-06-30 | 2.1 LOW | 3.3 LOW |
| IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 199149. | |||||
| CVE-2020-25459 | 1 Webank | 1 Federated Ai Technology Enabler | 2022-06-28 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in function sync_tree in hetero_decision_tree_guest.py in WeBank FATE (Federated AI Technology Enabler) 0.1 through 1.4.2 allows attackers to read sensitive information during the training process of machine learning joint modeling. | |||||
| CVE-2022-29247 | 1 Electronjs | 1 Electron | 2022-06-27 | 6.8 MEDIUM | 9.8 CRITICAL |
| Electron is a framework for writing cross-platform desktop applications using JavaScript (JS), HTML, and CSS. A vulnerability in versions prior to 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 allows a renderer with JS execution to obtain access to a new renderer process with `nodeIntegrationInSubFrames` enabled which in turn allows effective access to `ipcRenderer`. The `nodeIntegrationInSubFrames` option does not implicitly grant Node.js access. Rather, it depends on the existing sandbox setting. If an application is sandboxed, then `nodeIntegrationInSubFrames` just gives access to the sandboxed renderer APIs, which include `ipcRenderer`. If the application then additionally exposes IPC messages without IPC `senderFrame` validation that perform privileged actions or return confidential data this access to `ipcRenderer` can in turn compromise your application / user even with the sandbox enabled. Electron versions 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 contain a fix for this issue. As a workaround, ensure that all IPC message handlers appropriately validate `senderFrame`. | |||||