Total
271 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-41710 | 1 Markdownify Project | 1 Markdownify | 2022-11-04 | 5.5 Medium |
| Markdownify version 1.4.1 allows an external attacker to remotely obtain arbitrary local files on any client that attempts to view a malicious markdown file through Markdownify. This is possible because the application does not have a CSP policy (or at least not strict enough) and/or does not properly validate the contents of markdown files before rendering them. | ||||
| CVE-2021-33843 | 1 Fresenius-kabi | 2 Agilia Sp Mc Wifi, Agilia Sp Mc Wifi Firmware | 2022-10-27 | 5.3 Medium |
| Fresenius Kabi Agilia SP MC WiFi vD25 and prior has a default configuration page accessible without authentication. An attacker may use this functionality to change the exposed configuration values such as network settings. | ||||
| CVE-2022-42234 | 1 Ucms Project | 1 Ucms | 2022-10-17 | 8.8 High |
| There is a file inclusion vulnerability in the template management module in UCMS 1.6 | ||||
| CVE-2022-2981 | 1 Wpchill | 1 Download Monitor | 2022-10-12 | 4.9 Medium |
| The Download Monitor WordPress plugin before 4.5.98 does not ensure that files to be downloaded are inside the blog folders, and not sensitive, allowing high privilege users such as admin to download the wp-config.php or /etc/passwd even in an hardened environment or multisite setup. | ||||
| CVE-2022-40126 | 1 Clash Project | 1 Clash | 2022-10-04 | 7.8 High |
| A misconfiguration in the Service Mode profile directory of Clash for Windows v0.19.9 allows attackers to escalate privileges and execute arbitrary commands when Service Mode is activated. | ||||
| CVE-2022-39208 | 1 Onedev Project | 1 Onedev | 2022-10-01 | 7.5 High |
| Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. All files in the /opt/onedev/sites/ directory are exposed and can be read by unauthenticated users. This directory contains all projects, including their bare git repos and build artifacts. This file disclosure vulnerability can be used by unauthenticated attackers to leak all project files of any project. Since project IDs are incremental, an attacker could iterate through them and leak all project data. This issue has been resolved in version 7.3.0 and users are advised to upgrade. There are no known workarounds for this issue. | ||||
| CVE-2022-27837 | 2 Google, Samsung | 2 Android, Accessibility | 2022-09-09 | 7.8 High |
| A vulnerability using PendingIntent in Accessibility prior to version 12.5.3.2 in Android R(11.0) and 13.0.1.1 in Android S(12.0) allows attacker to access the file with system privilege. | ||||
| CVE-2022-2392 | 1 Lana | 1 Lana Downloads Manager | 2022-08-25 | 6.5 Medium |
| The Lana Downloads Manager WordPress plugin before 1.8.0 is affected by an arbitrary file download vulnerability that can be exploited by users with "Contributor" permissions or higher. | ||||
| CVE-2022-22490 | 2 Ibm, Microsoft | 4 Robotic Process Automation, Robotic Process Automation As A Service, Robotic Process Automation For Cloud Pak and 1 more | 2022-08-12 | 4.9 Medium |
| IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a privileged user to obtain sensitive Azure bot credential information. IBM X-Force ID: 226342. | ||||
| CVE-2022-2357 | 1 Wsm Downloader Project | 1 Wsm Downloader | 2022-08-12 | 7.5 High |
| The WSM Downloader WordPress plugin through 1.4.0 allows any visitor to use its remote file download feature to download any local files, including sensitive ones like wp-config.php. | ||||
| CVE-2022-33158 | 2 Microsoft, Trendmicro | 2 Windows, Vpn Proxy One Pro | 2022-08-10 | 7.8 High |
| Trend Micro VPN Proxy Pro version 5.2.1026 and below contains a vulnerability involving some overly permissive folders in a key directory which could allow a local attacker to obtain privilege escalation on an affected system. | ||||
| CVE-2022-1585 | 1 Project-source-code-download Project | 1 Project-source-code-download | 2022-08-04 | 7.5 High |
| The Project Source Code Download WordPress plugin through 1.0.0 does not protect its backup generation and download functionalities, which may allow any visitors on the site to download the entire site, including sensitive files like wp-config.php. | ||||
| CVE-2022-34049 | 1 Wavlink | 2 Wl-wn530hg4, Wl-wn530hg4 Firmware | 2022-07-27 | 5.3 Medium |
| An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows unauthenticated attackers to download log files and configuration data. | ||||
| CVE-2021-40149 | 1 Reolink | 2 E1 Zoom, E1 Zoom Firmware | 2022-07-27 | 5.9 Medium |
| The web server of the E1 Zoom camera through 3.0.0.716 discloses its SSL private key via the root web server directory. In this way an attacker can download the entire key via the /self.key URI. | ||||
| CVE-2021-40150 | 1 Reolink | 2 E1 Zoom, E1 Zoom Firmware | 2022-07-22 | 7.5 High |
| The web server of the E1 Zoom camera through 3.0.0.716 discloses its configuration via the /conf/ directory that is mapped to a publicly accessible path. In this way an attacker can download the entire NGINX/FastCGI configurations by querying the /conf/nginx.conf or /conf/fastcgi.conf URI. | ||||
| CVE-2022-2222 | 1 Wpchill | 1 Download Monitor | 2022-07-18 | 4.9 Medium |
| The Download Monitor WordPress plugin before 4.5.91 does not ensure that files to be downloaded are inside the blog folders, and not sensitive, allowing high privilege users such as admin to download the wp-config.php or /etc/passwd even in an hardened environment or multisite setup. | ||||
| CVE-2022-33686 | 1 Google | 1 Android | 2022-07-16 | 2.3 Low |
| Exposure of Sensitive Information in GsmAlarmManager prior to SMR Jul-2022 Release 1 allows local attacker to access iccid via log. | ||||
| CVE-2022-24138 | 1 Iobit | 1 Advanced Systemcare | 2022-07-14 | 7.8 High |
| IOBit Advanced System Care (Asc.exe) 15 and Action Download Center both download components of IOBit suite into ProgramData folder, ProgramData folder has "rwx" permissions for unprivileged users. Low privilege users can use SetOpLock to wait for CreateProcess and switch the genuine component with a malicious executable thus gaining code execution as a high privilege user (Low Privilege -> high integrity ADMIN). | ||||
| CVE-2020-11469 | 1 Zoom | 1 Meetings | 2022-07-12 | 7.8 High |
| Zoom Client for Meetings through 4.6.8 on macOS copies runwithroot to a user-writable temporary directory during installation, which allows a local process (with the user's privileges) to obtain root access by replacing runwithroot. | ||||
| CVE-2022-21236 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2022-07-01 | 7.5 High |
| An information disclosure vulnerability exists due to a web server misconfiguration in the Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability. | ||||