Total
638 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-42641 | 1 Printerlogic | 1 Web Stack | 2022-02-08 | 5.0 MEDIUM | 7.5 HIGH |
| PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability that allows an unauthenticated attacker to disclose the username and email address of all users. | |||||
| CVE-2018-7479 | 1 Yzmcms | 1 Yzmcms | 2022-02-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| YzmCMS 3.6 allows remote attackers to discover the full path via a direct request to application/install/templates/s1.php. | |||||
| CVE-2021-24868 | 1 Bplugins | 1 Document Embedder | 2022-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| The Document Embedder WordPress plugin before 1.7.9 contains a AJAX action endpoint, which could allow any authenticated user, such as subscriber to enumerate the title of arbitrary private and draft posts. | |||||
| CVE-2021-24775 | 1 Bplugins | 1 Document Embedder | 2022-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Document Embedder WordPress plugin before 1.7.5 contains a REST endpoint, which could allow unauthenticated users to enumerate the title of arbitrary private and draft posts. | |||||
| CVE-2016-5787 | 1 Ge | 1 Cimplicity | 2022-02-03 | 4.6 MEDIUM | 6.3 MEDIUM |
| General Electric (GE) Digital Proficy HMI/SCADA - CIMPLICITY before 8.2 SIM 27 mishandles service DACLs, which allows local users to modify a service configuration via unspecified vectors. | |||||
| CVE-2018-7846 | 1 Schneider-electric | 8 Modicon M340, Modicon M340 Firmware, Modicon M580 and 5 more | 2022-02-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| A CWE-501: Trust Boundary Violation vulnerability on connection to the Controller exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum and Modicon Premium which could cause unauthorized access by conducting a brute force attack on Modbus protocol to the controller. | |||||
| CVE-2022-22154 | 1 Juniper | 1 Junos | 2022-01-28 | 4.6 MEDIUM | 6.8 MEDIUM |
| In a Junos Fusion scenario an External Control of Critical State Data vulnerability in the Satellite Device (SD) control state machine of Juniper Networks Junos OS allows an attacker who is able to make physical changes to the cabling of the device to cause a denial of service (DoS). An SD can get rebooted and subsequently controlled by an Aggregation Device (AD) which does not belong to the original Fusion setup and is just connected to an extended port of the SD. To carry out this attack the attacker needs to have physical access to the cabling between the SD and the original AD. This issue affects: Juniper Networks Junos OS 16.1R1 and later versions prior to 18.4R3-S10; 19.1 versions prior to 19.1R3-S7; 19.2 versions prior to 19.2R3-S4. This issue does not affect Juniper Networks Junos OS versions prior to 16.1R1. | |||||
| CVE-2021-38931 | 6 Hp, Ibm, Linux and 3 more | 7 Hp-ux, Aix, Db2 and 4 more | 2022-01-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1, and 11.5 is vulnerable to an information disclosure as a result of a connected user having indirect read access to a table where they are not authorized to select from. IBM X-Force ID: 210418. | |||||
| CVE-2021-39628 | 1 Google | 1 Android | 2022-01-15 | 2.1 LOW | 3.3 LOW |
| In StatusBar.java, there is a possible disclosure of notification content on the lockscreen due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-189575031 | |||||
| CVE-2021-42749 | 1 Fastlinemedia | 1 Beaver Themer | 2022-01-14 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Beaver Themer, attackers can bypass conditional logic controls (for hiding content) when viewing the post archives. Exploitation requires that a Themer layout is applied to the archives, and that the post excerpt field is not set. | |||||
| CVE-2021-1918 | 1 Qualcomm | 60 Qca6391, Qca6391 Firmware, Qcm6490 and 57 more | 2022-01-11 | 2.1 LOW | 6.5 MEDIUM |
| Improper handling of resource allocation in virtual machines can lead to information exposure in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile | |||||
| CVE-2021-45708 | 1 Abomonation Project | 1 Abomonation | 2022-01-10 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the abomonation crate through 2021-10-17 for Rust. Because transmute operations are insufficiently constrained, there can be an information leak or ASLR bypass. | |||||
| CVE-2020-20948 | 1 Jeecg | 1 Jeecg | 2022-01-07 | 5.0 MEDIUM | 7.5 HIGH |
| An arbitrary file download vulnerability in jeecg v3.8 allows attackers to access sensitive files via modification of the "localPath" variable. | |||||
| CVE-2019-8702 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2022-01-05 | 2.1 LOW | 5.5 MEDIUM |
| This issue was addressed with a new entitlement. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra, iOS 12.4, tvOS 12.4. A local user may be able to read a persistent account identifier. | |||||
| CVE-2019-15138 | 1 Html-pdf Project | 1 Html-pdf | 2022-01-01 | 5.0 MEDIUM | 7.5 HIGH |
| The html-pdf package 2.2.0 for Node.js has an arbitrary file read vulnerability via an HTML file that uses XMLHttpRequest to access a file:/// URL. | |||||
| CVE-2020-35215 | 1 Atomix | 1 Atomix | 2021-12-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue in Atomix v3.1.5 allows attackers to access sensitive information when a malicious Atomix node queries distributed variable primitives which contain the entire primitive lists that ONOS nodes use to share important states. | |||||
| CVE-2021-44524 | 1 Siemens | 2 Sipass Integrated, Siveillance Identity | 2021-12-17 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions < V1.6.284.0). Affected applications insufficiently limit the access to the internal user authentication service. This could allow an unauthenticated remote attacker to trigger several actions on behalf of valid user accounts. | |||||
| CVE-2021-44523 | 1 Siemens | 2 Sipass Integrated, Siveillance Identity | 2021-12-17 | 6.4 MEDIUM | 9.1 CRITICAL |
| A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions < V1.6.284.0). Affected applications insufficiently limit the access to the internal activity feed database. This could allow an unauthenticated remote attacker to read, modify or delete activity feed entries. | |||||
| CVE-2021-44522 | 1 Siemens | 2 Sipass Integrated, Siveillance Identity | 2021-12-17 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions < V1.6.284.0). Affected applications insufficiently limit the access to the internal message broker system. This could allow an unauthenticated remote attacker to subscribe to arbitrary message queues. | |||||
| CVE-2021-39915 | 1 Gitlab | 1 Gitlab | 2021-12-16 | 5.0 MEDIUM | 5.3 MEDIUM |
| Improper access control in the GraphQL API in GitLab CE/EE affecting all versions starting from 13.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker to see the names of project access tokens on arbitrary projects | |||||