Total
415 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-25375 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-11-21 | 5.5 Medium |
| An issue was discovered in drivers/usb/gadget/function/rndis.c in the Linux kernel before 5.16.10. The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory. | ||||
| CVE-2022-25299 | 1 Cesanta | 1 Mongoose | 2024-11-21 | 9.8 Critical |
| This affects the package cesanta/mongoose before 7.6. The unsafe handling of file names during upload using mg_http_upload() method may enable attackers to write files to arbitrary locations outside the designated target folder. | ||||
| CVE-2022-25297 | 1 Drogon | 1 Drogon | 2024-11-21 | 7.5 High |
| This affects the package drogonframework/drogon before 1.7.5. The unsafe handling of file names during upload using HttpFile::save() method may enable attackers to write files to arbitrary locations outside the designated target folder. | ||||
| CVE-2022-25104 | 1 Horizontcms Project | 1 Horizontcms | 2024-11-21 | 7.5 High |
| HorizontCMS v1.0.0-beta.2 was discovered to contain an arbitrary file download vulnerability via the component /admin/file-manager/. | ||||
| CVE-2022-24694 | 1 Mahara | 1 Mahara | 2024-11-21 | 4.3 Medium |
| In Mahara 20.10 before 20.10.4, 21.04 before 21.04.3, and 21.10 before 21.10.1, the names of folders in the Files area can be seen by a person not owning the folders. (Only folder names are affected. Neither file names nor file contents are affected.) | ||||
| CVE-2022-24138 | 1 Iobit | 1 Advanced Systemcare | 2024-11-21 | 7.8 High |
| IOBit Advanced System Care (Asc.exe) 15 and Action Download Center both download components of IOBit suite into ProgramData folder, ProgramData folder has "rwx" permissions for unprivileged users. Low privilege users can use SetOpLock to wait for CreateProcess and switch the genuine component with a malicious executable thus gaining code execution as a high privilege user (Low Privilege -> high integrity ADMIN). | ||||
| CVE-2022-24075 | 1 Navercorp | 1 Whale | 2024-11-21 | 6.5 Medium |
| Whale browser before 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer website which could access to local HWP files. When the HWP files were opened, the replaced script could read the files. | ||||
| CVE-2022-23377 | 1 Keep | 1 Archeevo | 2024-11-21 | 7.5 High |
| Archeevo below 5.0 is affected by local file inclusion through file=~/web.config to allow an attacker to retrieve local files. | ||||
| CVE-2022-23316 | 1 Taogogo | 1 Taocms | 2024-11-21 | 4.9 Medium |
| An issue was discovered in taoCMS v3.0.2. There is an arbitrary file read vulnerability that can read any files via admin.php?action=file&ctrl=download&path=../../1.txt. | ||||
| CVE-2022-22490 | 2 Ibm, Microsoft | 4 Robotic Process Automation, Robotic Process Automation As A Service, Robotic Process Automation For Cloud Pak and 1 more | 2024-11-21 | 4.9 Medium |
| IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a privileged user to obtain sensitive Azure bot credential information. IBM X-Force ID: 226342. | ||||
| CVE-2022-22270 | 1 Google | 1 Android | 2024-11-21 | 4.4 Medium |
| An implicit Intent hijacking vulnerability in Dialer prior to SMR Jan-2022 Release 1 allows unprivileged applications to access contact information. | ||||
| CVE-2022-22269 | 1 Google | 1 Android | 2024-11-21 | 4 Medium |
| Keeping sensitive data in unprotected BluetoothSettingsProvider prior to SMR Jan-2022 Release 1 allows untrusted applications to get a local Bluetooth MAC address. | ||||
| CVE-2022-22268 | 1 Google | 1 Android | 2024-11-21 | 6.1 Medium |
| Incorrect implementation of Knox Guard prior to SMR Jan-2022 Release 1 allows physically proximate attackers to temporary unlock the Knox Guard via Samsung DeX mode. | ||||
| CVE-2022-22267 | 1 Google | 1 Android | 2024-11-21 | 4 Medium |
| Implicit Intent hijacking vulnerability in ActivityMetricsLogger prior to SMR Jan-2022 Release 1 allows attackers to get running application information. | ||||
| CVE-2022-1585 | 1 Project-source-code-download Project | 1 Project-source-code-download | 2024-11-21 | 7.5 High |
| The Project Source Code Download WordPress plugin through 1.0.0 does not protect its backup generation and download functionalities, which may allow any visitors on the site to download the entire site, including sensitive files like wp-config.php. | ||||
| CVE-2022-1117 | 2 Fapolicyd Project, Redhat | 3 Fapolicyd, Enterprise Linux, Rhel Eus | 2024-11-21 | 8.4 High |
| A vulnerability was found in fapolicyd. The vulnerability occurs due to an assumption on how glibc names the runtime linker, a build time regular expression may not correctly detect the runtime linker. The consequence is that the pattern detection for applications launched by the run time linker may fail to detect the pattern and allow execution. | ||||
| CVE-2022-0656 | 1 Webtoprint | 1 Web To Print Shop\ | 2024-11-21 | 7.5 High |
| The Web To Print Shop : uDraw WordPress plugin before 3.3.3 does not validate the url parameter in its udraw_convert_url_to_base64 AJAX action (available to both unauthenticated and authenticated users) before using it in the file_get_contents function and returning its content base64 encoded in the response. As a result, unauthenticated users could read arbitrary files on the web server (such as /etc/passwd, wp-config.php etc) | ||||
| CVE-2022-0244 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 8.6 High |
| An issue has been discovered in GitLab CE/EE affecting all versions starting with 14.5. Arbitrary file read was possible by importing a group was due to incorrect handling of file. | ||||
| CVE-2021-4112 | 1 Redhat | 5 Ansible Automation Platform, Ansible Automation Platform Early Access, Ansible Automation Platform Text-only Advisories and 2 more | 2024-11-21 | 8.8 High |
| A flaw was found in ansible-tower where the default installation is vulnerable to job isolation escape. This flaw allows an attacker to elevate the privilege from a low privileged user to an AWX user from outside the isolated environment. | ||||
| CVE-2021-44983 | 1 Taogogo | 1 Taocms | 2024-11-21 | 4.9 Medium |
| In taocms 3.0.1 after logging in to the background, there is an Arbitrary file download vulnerability at the File Management column. | ||||