Total
9776 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-30598 | 3 Fedoraproject, Moodle, Redhat | 3 Fedora, Moodle, Enterprise Linux | 2024-11-21 | 4.3 Medium |
| A flaw was found in moodle where global search results could include author information on some activities where a user may not otherwise have access to it. | ||||
| CVE-2022-30586 | 1 Gradle | 1 Gradle | 2024-11-21 | 7.2 High |
| Gradle Enterprise through 2022.2.2 has Incorrect Access Control that leads to code execution. | ||||
| CVE-2022-30334 | 1 Brave | 1 Brave | 2024-11-21 | 5.3 Medium |
| Brave before 1.34, when a Private Window with Tor Connectivity is used, leaks .onion URLs in Referer and Origin headers. NOTE: although this was fixed by Brave, the Brave documentation still advises "Note that Private Windows with Tor Connectivity in Brave are just regular private windows that use Tor as a proxy. Brave does NOT implement most of the privacy protections from Tor Browser." | ||||
| CVE-2022-2806 | 3 Ovirt, Redhat, Sos Project | 3 Log Collector, Rhev Manager, Sos | 2024-11-21 | 5.5 Medium |
| It was found that the ovirt-log-collector/sosreport collects the RHV admin password unfiltered. Fixed in: sos-4.2-20.el8_6, ovirt-log-collector-4.4.7-2.el8ev | ||||
| CVE-2022-2739 | 2 Podman Project, Redhat | 4 Podman, Enterprise Linux Server, Enterprise Linux Workstation and 1 more | 2024-11-21 | 5.3 Medium |
| The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-14370, which was previously fixed via RHSA-2020:5056. This issue could possibly allow an attacker to gain access to sensitive information stored in environment variables. | ||||
| CVE-2022-2558 | 1 Presstigers | 1 Simple Job Board | 2024-11-21 | 5.3 Medium |
| The Simple Job Board WordPress plugin before 2.10.0 is susceptible to Directory Listing which allows the public listing of uploaded resumes in certain configurations. | ||||
| CVE-2022-2462 | 1 Transposh | 1 Transposh Wordpress Translation | 2024-11-21 | 5.3 Medium |
| The Transposh WordPress Translation plugin for WordPress is vulnerable to sensitive information disclosure to unauthenticated users in versions up to, and including, 1.0.8.1. This is due to insufficient permissions checking on the 'tp_history' AJAX action and insufficient restriction on the data returned in the response. This makes it possible for unauthenticated users to exfiltrate usernames of individuals who have translated text. | ||||
| CVE-2022-2394 | 1 Perforce | 1 Puppet Bolt | 2024-11-21 | 4.1 Medium |
| Puppet Bolt prior to version 3.24.0 will print sensitive parameters when planning a run resulting in them potentially being logged when run programmatically, such as via Puppet Enterprise. | ||||
| CVE-2022-2308 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 6.5 Medium |
| A flaw was found in vDPA with VDUSE backend. There are currently no checks in VDUSE kernel driver to ensure the size of the device config space is in line with the features advertised by the VDUSE userspace application. In case of a mismatch, Virtio drivers config read helpers do not initialize the memory indirectly passed to vduse_vdpa_get_config() returning uninitialized memory from the stack. This could cause undefined behavior or data leaks in Virtio drivers. | ||||
| CVE-2022-2221 | 1 Devolutions | 1 Remote Desktop Manager | 2024-11-21 | 6.5 Medium |
| Information Exposure vulnerability in My Account Settings of Devolutions Remote Desktop Manager before 2022.1.8 allows authenticated users to access credentials of other users. This issue affects: Devolutions Remote Desktop Manager versions prior to 2022.1.8. | ||||
| CVE-2022-29901 | 6 Debian, Fedoraproject, Intel and 3 more | 258 Debian Linux, Fedora, Core I3-6100 and 255 more | 2024-11-21 | 5.6 Medium |
| Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. | ||||
| CVE-2022-29900 | 5 Amd, Debian, Fedoraproject and 2 more | 253 A10-9600p, A10-9600p Firmware, A10-9630p and 250 more | 2024-11-21 | 6.5 Medium |
| Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. | ||||
| CVE-2022-29567 | 1 Vaadin | 1 Vaadin | 2024-11-21 | 5.7 Medium |
| The default configuration of a TreeGrid component uses Object::toString as a key on the client-side and server communication in Vaadin 14.8.5 through 14.8.9, 22.0.6 through 22.0.14, 23.0.0.beta2 through 23.0.8 and 23.1.0.alpha1 through 23.1.0.alpha4, resulting in potential information disclosure of values that should not be available on the client-side. | ||||
| CVE-2022-29512 | 1 Cybozu | 1 Garoon | 2024-11-21 | 6.5 Medium |
| Exposure of sensitive information to an unauthorized actor issue in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to obtain the data without the viewing privilege. | ||||
| CVE-2022-29467 | 1 Cybozu | 1 Garoon | 2024-11-21 | 4.3 Medium |
| Address information disclosure vulnerability in Cybozu Garoon 4.2.0 to 5.5.1 allows a remote authenticated attacker to obtain some data of Address. | ||||
| CVE-2022-29235 | 1 Bigbluebutton | 1 Bigbluebutton | 2024-11-21 | 5.3 Medium |
| BigBlueButton is an open source web conferencing system. Starting in version 2.2 and prior to versions 2.3.18 and 2.4-rc-6, an attacker who is able to obtain the meeting identifier for a meeting on a server can find information related to an external video being shared, like the current timestamp and play/pause. The problem has been patched in versions 2.3.18 and 2.4-rc-6 by modifying the stream to send the data only for users in the meeting. There are currently no known workarounds. | ||||
| CVE-2022-29071 | 1 Arista | 1 Cloudvision Portal | 2024-11-21 | 4 Medium |
| This advisory documents an internally found vulnerability in the on premises deployment model of Arista CloudVision Portal (CVP) where under a certain set of conditions, user passwords can be leaked in the Audit and System logs. The impact of this vulnerability is that the CVP user login passwords might be leaked to other authenticated users. | ||||
| CVE-2022-28614 | 4 Apache, Fedoraproject, Netapp and 1 more | 6 Http Server, Fedora, Clustered Data Ontap and 3 more | 2024-11-21 | 5.3 Medium |
| The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function. Modules compiled and distributed separately from Apache HTTP Server that use the 'ap_rputs' function and may pass it a very large (INT_MAX or larger) string must be compiled against current headers to resolve the issue. | ||||
| CVE-2022-27912 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 5.3 Medium |
| An issue was discovered in Joomla! 4.0.0 through 4.2.3. Sites with publicly enabled debug mode exposed data of previous requests. | ||||
| CVE-2022-27875 | 1 F5 | 1 Access For Android | 2024-11-21 | 5.5 Medium |
| On F5 Access for Android 3.x versions prior to 3.0.8, a Task Hijacking vulnerability exists in the F5 Access for Android application, which may allow an attacker to steal sensitive user information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | ||||