Export limit exceeded: 26339 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (26339 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-0654 | 1 Node-request-retry Project | 1 Node-request-retry | 2024-11-21 | 7.5 High |
| Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository fgribreau/node-request-retry prior to 7.0.0. | ||||
| CVE-2022-0622 | 1 Snipeitapp | 1 Snipe-it | 2024-11-21 | 5.3 Medium |
| Generation of Error Message Containing Sensitive Information in Packagist snipe/snipe-it prior to 5.3.11. | ||||
| CVE-2022-0577 | 2 Debian, Scrapy | 2 Debian Linux, Scrapy | 2024-11-21 | 6.5 Medium |
| Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository scrapy/scrapy prior to 2.6.1. | ||||
| CVE-2022-0567 | 2 Ovn, Redhat | 2 Ovn-kubernetes, Openshift | 2024-11-21 | 9.1 Critical |
| A flaw was found in ovn-kubernetes. This flaw allows a system administrator or privileged attacker to create an egress network policy that bypasses existing ingress policies of other pods in a cluster, allowing network traffic to access pods that should not be reachable. This issue results in information disclosure and other attacks on other pods that should not be reachable. | ||||
| CVE-2022-0551 | 1 Nozominetworks | 2 Cmc, Guardian | 2024-11-21 | 7.2 High |
| Improper Input Validation vulnerability in project file upload in Nozomi Networks Guardian and CMC allows an authenticated attacker with admin or import manager roles to execute unattended commands on the appliance using web server user privileges. This issue affects: Nozomi Networks Guardian versions prior to 22.0.0. Nozomi Networks CMC versions prior to 22.0.0. | ||||
| CVE-2022-0550 | 1 Nozominetworks | 2 Cmc, Guardian | 2024-11-21 | 7.2 High |
| Improper Input Validation vulnerability in custom report logo upload in Nozomi Networks Guardian, and CMC allows an authenticated attacker with admin or report manager roles to execute unattended commands on the appliance using web server user privileges. This issue affects: Nozomi Networks Guardian versions prior to 22.0.0. Nozomi Networks CMC versions prior to 22.0.0. | ||||
| CVE-2022-0516 | 5 Debian, Fedoraproject, Linux and 2 more | 32 Debian Linux, Fedora, Linux Kernel and 29 more | 2024-11-21 | 7.8 High |
| A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s390.c function in KVM for s390 in the Linux kernel. This flaw allows a local attacker with a normal user privilege to obtain unauthorized memory write access. This flaw affects Linux kernel versions prior to 5.17-rc4. | ||||
| CVE-2022-0504 | 1 Microweber | 1 Microweber | 2024-11-21 | 6.5 Medium |
| Generation of Error Message Containing Sensitive Information in Packagist microweber/microweber prior to 1.2.11. | ||||
| CVE-2022-0494 | 3 Debian, Linux, Redhat | 5 Debian Linux, Linux Kernel, Enterprise Linux and 2 more | 2024-11-21 | 4.4 Medium |
| A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality. | ||||
| CVE-2022-0484 | 1 Mirantis | 1 Container Cloud Lens Extension | 2024-11-21 | 8.8 High |
| Lack of validation of URLs causes Mirantis Container Cloud Lens Extension before v3.1.1 to open external programs other than the default browser to perform sign on to a new cluster. An attacker could host a webserver which serves a malicious Mirantis Container Cloud configuration file and induce the victim to add a new cluster via its URL. This issue affects: Mirantis Mirantis Container Cloud Lens Extension v3 versions prior to v3.1.1. | ||||
| CVE-2022-0474 | 1 Otrs | 1 Custom Contact Fields | 2024-11-21 | 2.4 Low |
| Full list of recipients from customer users in a contact field could be disclosed in notification emails event when the notification is set to be sent to each recipient individually. This issue affects: OTRS AG OTRSCustomContactFields 8.0.x version: 8.0.11 and prior versions. | ||||
| CVE-2022-0430 | 1 Httpie | 1 Httpie | 2024-11-21 | 5.3 Medium |
| Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository httpie/httpie prior to 3.1.0. | ||||
| CVE-2022-0415 | 1 Gogs | 1 Gogs | 2024-11-21 | 8.8 High |
| Remote Command Execution in uploading repository file in GitHub repository gogs/gogs prior to 0.12.6. | ||||
| CVE-2022-0384 | 1 Imdpen | 1 Video Conferencing With Zoom | 2024-11-21 | 4.3 Medium |
| The Video Conferencing with Zoom WordPress plugin before 3.8.17 does not have authorisation in its vczapi_get_wp_users AJAX action, allowing any authenticated users, such as subscriber to download the list of email addresses registered on the blog | ||||
| CVE-2022-0281 | 1 Microweber | 1 Microweber | 2024-11-21 | 7.5 High |
| Exposure of Sensitive Information to an Unauthorized Actor in Packagist microweber/microweber prior to 1.2.11. | ||||
| CVE-2022-0235 | 4 Debian, Node-fetch Project, Redhat and 1 more | 14 Debian Linux, Node-fetch, Acm and 11 more | 2024-11-21 | 6.1 Medium |
| node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor | ||||
| CVE-2022-0083 | 1 Livehelperchat | 1 Live Helper Chat | 2024-11-21 | 5.3 Medium |
| livehelperchat is vulnerable to Generation of Error Message Containing Sensitive Information | ||||
| CVE-2022-0079 | 1 Showdoc | 1 Showdoc | 2024-11-21 | 5.3 Medium |
| showdoc is vulnerable to Generation of Error Message Containing Sensitive Information | ||||
| CVE-2022-0018 | 3 Apple, Microsoft, Paloaltonetworks | 3 Macos, Windows, Globalprotect | 2024-11-21 | 6.1 Medium |
| An information exposure vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows and MacOS where the credentials of the local user account are sent to the GlobalProtect portal when the Single Sign-On feature is enabled in the GlobalProtect portal configuration. This product behavior is intentional and poses no security risk when connecting to trusted GlobalProtect portals configured to use the same Single Sign-On credentials both for the local user account as well as the GlobalProtect login. However when the credentials are different, the local account credentials are inadvertently sent to the GlobalProtect portal for authentication. A third party MITM type of attacker cannot see these credentials in transit. This vulnerability is a concern where the GlobalProtect app is deployed on Bring-your-Own-Device (BYOD) type of clients with private local user accounts or GlobalProtect app is used to connect to different organizations. Fixed versions of GlobalProtect app have an app setting to prevent the transmission of the user's local user credentials to the target GlobalProtect portal regardless of the portal configuration. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.10 on Windows and MacOS; GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.9 on Windows and MacOS This issue does not affect GlobalProtect app on other platforms. | ||||
| CVE-2022-0013 | 2 Microsoft, Paloaltonetworks | 2 Windows, Cortex Xdr Agent | 2024-11-21 | 5 Medium |
| A file information exposure vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables a local attacker to read the contents of arbitrary files on the system with elevated privileges when generating a support file. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9; Cortex XDR agent 7.2 versions earlier than Cortex XDR agent 7.2.4; Cortex XDR agent 7.3 versions earlier than Cortex XDR agent 7.3.2. | ||||