ReportizFlow
Filtered by vendor
Subscriptions
Total
648 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-22732 | 1 Schneider-electric | 1 Ecostruxure Power Commission | 2024-11-21 | 3.9 Low |
| A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause all remote domains to access the resources (data) supplied by the server when an attacker sends a fetch request from third-party site or malicious site. Affected Products: EcoStruxure Power Commission (Versions prior to V2.22) | ||||
| CVE-2022-22515 | 1 Codesys | 18 Control For Beaglebone Sl, Control For Beckhoff Cx9020, Control For Empc-a\/imx6 Sl and 15 more | 2024-11-21 | 8.1 High |
| A remote, authenticated attacker could utilize the control program of the CODESYS Control runtime system to use the vulnerability in order to read and modify the configuration file(s) of the affected products. | ||||
| CVE-2022-22154 | 1 Juniper | 1 Junos | 2024-11-21 | 6.8 Medium |
| In a Junos Fusion scenario an External Control of Critical State Data vulnerability in the Satellite Device (SD) control state machine of Juniper Networks Junos OS allows an attacker who is able to make physical changes to the cabling of the device to cause a denial of service (DoS). An SD can get rebooted and subsequently controlled by an Aggregation Device (AD) which does not belong to the original Fusion setup and is just connected to an extended port of the SD. To carry out this attack the attacker needs to have physical access to the cabling between the SD and the original AD. This issue affects: Juniper Networks Junos OS 16.1R1 and later versions prior to 18.4R3-S10; 19.1 versions prior to 19.1R3-S7; 19.2 versions prior to 19.2R3-S4. This issue does not affect Juniper Networks Junos OS versions prior to 16.1R1. | ||||
| CVE-2022-21947 | 1 Suse | 1 Rancher Desktop | 2024-11-21 | 8.3 High |
| A Exposure of Resource to Wrong Sphere vulnerability in Rancher Desktop of SUSE allows attackers in the local network to connect to the Dashboard API (steve) to carry out arbitrary actions. This issue affects: SUSE Rancher Desktop versions prior to V. | ||||
| CVE-2022-21718 | 1 Electronjs | 1 Electron | 2024-11-21 | 3.4 Low |
| Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. A vulnerability in versions prior to `17.0.0-alpha.6`, `16.0.6`, `15.3.5`, `14.2.4`, and `13.6.6` allows renderers to obtain access to a bluetooth device via the web bluetooth API if the app has not configured a custom `select-bluetooth-device` event handler. This has been patched and Electron versions `17.0.0-alpha.6`, `16.0.6`, `15.3.5`, `14.2.4`, and `13.6.6` contain the fix. Code from the GitHub Security Advisory can be added to the app to work around the issue. | ||||
| CVE-2022-21126 | 1 Samtools | 1 Htsjdk | 2024-11-21 | 7.3 High |
| The package com.github.samtools:htsjdk before 3.0.1 are vulnerable to Creation of Temporary File in Directory with Insecure Permissions due to the createTempDir() function in util/IOUtil.java not checking for the existence of the temporary directory before attempting to create it. | ||||
| CVE-2022-20917 | 1 Cisco | 1 Jabber | 2024-11-21 | 4.3 Medium |
| A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) message processing feature of Cisco Jabber could allow an authenticated, remote attacker to manipulate the content of XMPP messages that are used by the affected application. This vulnerability is due to the improper handling of nested XMPP messages within requests that are sent to the Cisco Jabber client software. An attacker could exploit this vulnerability by connecting to an XMPP messaging server and sending crafted XMPP messages to an affected Jabber client. A successful exploit could allow the attacker to manipulate the content of XMPP messages, possibly allowing the attacker to cause the Jabber client application to perform unsafe actions. | ||||
| CVE-2022-1911 | 1 M-files | 1 M-files Server | 2024-11-21 | 5.3 Medium |
| Error in parser function in M-Files Server versions before 22.6.11534.1 and before 22.6.11505.0 allowed unauthenticated access to some information of the underlying operating system. | ||||
| CVE-2022-1902 | 1 Redhat | 1 Advanced Cluster Security | 2024-11-21 | 8.8 High |
| A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. Notifier secrets were not properly sanitized in the GraphQL API. This flaw allows authenticated ACS users to retrieve Notifiers from the GraphQL API, revealing secrets that can escalate their privileges. | ||||
| CVE-2022-1875 | 1 Google | 1 Chrome | 2024-11-21 | 4.3 Medium |
| Inappropriate implementation in PDF in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | ||||
| CVE-2022-1873 | 1 Google | 1 Chrome | 2024-11-21 | 6.5 Medium |
| Insufficient policy enforcement in COOP in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | ||||
| CVE-2022-1637 | 1 Google | 2 Android, Chrome | 2024-11-21 | 4.3 Medium |
| Inappropriate implementation in Web Contents in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | ||||
| CVE-2022-1501 | 1 Google | 1 Chrome | 2024-11-21 | 6.5 Medium |
| Inappropriate implementation in iframe in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | ||||
| CVE-2022-1498 | 1 Google | 1 Chrome | 2024-11-21 | 4.3 Medium |
| Inappropriate implementation in HTML Parser in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | ||||
| CVE-2022-1488 | 1 Google | 1 Chrome | 2024-11-21 | 4.3 Medium |
| Inappropriate implementation in Extensions API in Google Chrome prior to 101.0.4951.41 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. | ||||
| CVE-2022-1467 | 1 Aveva | 2 Intouch Access Anywhere, Plant Scada Access Anywhere | 2024-11-21 | 7.4 High |
| Windows OS can be configured to overlay a “language bar” on top of any application. When this OS functionality is enabled, the OS language bar UI will be viewable in the browser alongside the AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere applications. It is possible to manipulate the Windows OS language bar to launch an OS command prompt, resulting in a context-escape from application into OS. | ||||
| CVE-2022-1137 | 1 Google | 1 Chrome | 2024-11-21 | 6.5 Medium |
| Inappropriate implementation in Extensions in Google Chrome prior to 100.0.4896.60 allowed an attacker who convinced a user to install a malicious extension to leak potentially sensitive information via a crafted HTML page. | ||||
| CVE-2022-0852 | 2 Convert2rhel Project, Redhat | 3 Convert2rhel, Convert2rhel, Enterprise Linux | 2024-11-21 | 5.5 Medium |
| There is a flaw in convert2rhel. convert2rhel passes the Red Hat account password to subscription-manager via the command line, which could allow unauthorized users locally on the machine to view the password via the process command line via e.g. htop or ps. The specific impact varies upon the privileges of the Red Hat account in question, but it could affect the integrity, availability, and/or data confidentiality of other systems that are administered by that account. This occurs regardless of how the password is supplied to convert2rhel. | ||||
| CVE-2022-0815 | 1 Mcafee | 1 Webadvisor | 2024-11-21 | 6.5 Medium |
| Improper access control vulnerability in McAfee WebAdvisor Chrome and Edge browser extensions up to 8.1.0.1895 allows a remote attacker to gain access to McAfee WebAdvisor settings and other details about the user’s system. This could lead to unexpected behaviors including; settings being changed, fingerprinting of the system leading to targeted scams, and not triggering the malicious software if McAfee software is detected. | ||||
| CVE-2022-0337 | 2 Google, Microsoft | 2 Chrome, Windows | 2024-11-21 | 6.5 Medium |
| Inappropriate implementation in File System API in Google Chrome on Windows prior to 97.0.4692.71 allowed a remote attacker to obtain potentially sensitive information via a crafted HTML page. (Chrome security severity: High) | ||||