Total
9616 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-34659 | 1 Siemens | 1 Simcenter Star-ccm\+ Viewer | 2024-11-21 | 7.5 High |
| A vulnerability has been identified in Simcenter STAR-CCM+ (All versions only if the Power-on-Demand public license server is used). Affected applications expose user, host and display name of users, when the public license server is used. This could allow an attacker to retrieve this information. | ||||
| CVE-2022-34355 | 1 Ibm | 2 Collaborative Lifecycle Management, Engineering Lifecycle Management | 2024-11-21 | 4 Medium |
| IBM Jazz Foundation (IBM Engineering Lifecycle Management 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2) could disclose sensitive version information to a user that could be used in further attacks against the system. IBM X-Force ID: 230498. | ||||
| CVE-2022-34352 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2024-11-21 | 6.5 Medium |
| IBM QRadar SIEM 7.5.0 is vulnerable to information exposure allowing a delegated Admin tenant user with a specific domain security profile assigned to see data from other domains. IBM X-Force ID: 230403. | ||||
| CVE-2022-33878 | 1 Fortinet | 1 Forticlient | 2024-11-21 | 2.2 Low |
| An exposure of sensitive information to an unauthorized actor vulnerabiltiy [CWE-200] in FortiClient for Mac versions 7.0.0 through 7.0.5 may allow a local authenticated attacker to obtain the SSL-VPN password in cleartext via running a logstream for the FortiTray process in the terminal. | ||||
| CVE-2022-33742 | 4 Debian, Fedoraproject, Linux and 1 more | 4 Debian Linux, Fedora, Linux Kernel and 1 more | 2024-11-21 | 7.1 High |
| Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). | ||||
| CVE-2022-33741 | 4 Debian, Fedoraproject, Linux and 1 more | 4 Debian Linux, Fedora, Linux Kernel and 1 more | 2024-11-21 | 7.1 High |
| Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). | ||||
| CVE-2022-33728 | 1 Google | 1 Android | 2024-11-21 | 4 Medium |
| Exposure of sensitive information in Bluetooth prior to SMR Aug-2022 Release 1 allows local attackers to access connected BT macAddress via Settings.Gloabal. | ||||
| CVE-2022-33724 | 1 Google | 1 Android | 2024-11-21 | 3.3 Low |
| Exposure of Sensitive Information in Samsung Dialer application?prior to SMR Aug-2022 Release 1 allows local attackers to access ICCID via log. | ||||
| CVE-2022-33700 | 1 Google | 1 Android | 2024-11-21 | 2 Low |
| Exposure of Sensitive Information in putDsaSimImsi in TelephonyUI prior to SMR Jul-2022 Release 1 allows local attacker to access imsi via log. | ||||
| CVE-2022-33699 | 1 Google | 1 Android | 2024-11-21 | 2 Low |
| Exposure of Sensitive Information in getDsaSimImsi in TelephonyUI prior to SMR Jul-2022 Release 1 allows local attacker to access imsi via log. | ||||
| CVE-2022-33698 | 1 Google | 1 Android | 2024-11-21 | 3.3 Low |
| Exposure of Sensitive Information in Telecom application prior to SMR Jul-2022 Release 1 allows local attackers to access ICCID via log. | ||||
| CVE-2022-33693 | 1 Google | 1 Android | 2024-11-21 | 2 Low |
| Exposure of Sensitive Information in CID Manager prior to SMR Jul-2022 Release 1 allows local attacker to access iccid via log. | ||||
| CVE-2022-33687 | 1 Google | 1 Android | 2024-11-21 | 3.3 Low |
| Exposure of Sensitive Information in telephony-common.jar prior to SMR Jul-2022 Release 1 allows local attackers to access IMSI via log. | ||||
| CVE-2022-33686 | 1 Google | 1 Android | 2024-11-21 | 2.3 Low |
| Exposure of Sensitive Information in GsmAlarmManager prior to SMR Jul-2022 Release 1 allows local attacker to access iccid via log. | ||||
| CVE-2022-32751 | 1 Ibm | 1 Security Verify Directory | 2024-11-21 | 5.3 Medium |
| IBM Security Verify Directory 10.0.0 could disclose sensitive server information that could be used in further attacks against the system. IBM X-Force ID: 228437. | ||||
| CVE-2022-32742 | 2 Redhat, Samba | 4 Enterprise Linux, Rhev Hypervisor, Storage and 1 more | 2024-11-21 | 4.3 Medium |
| A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file (or printer) instead of client-supplied data. The client cannot control the area of the server memory written to the file (or printer). | ||||
| CVE-2022-32741 | 1 Otrs | 1 Otrs | 2024-11-21 | 5.3 Medium |
| Attacker is able to determine if the provided username exists (and it's valid) using Request New Password feature, based on the response time. | ||||
| CVE-2022-32740 | 1 Otrs | 1 Otrs | 2024-11-21 | 3.5 Low |
| A reply to a forwarded email article by a 3rd party could unintensionally expose the email content to the ticket customer under certain circumstances. | ||||
| CVE-2022-32739 | 1 Otrs | 2 Calendar Resource Planning, Otrs | 2024-11-21 | 3.5 Low |
| When Secure::DisableBanner system configuration has been disabled and agent shares his calendar via public URL, received ICS file contains OTRS release number. | ||||
| CVE-2022-32244 | 1 Sap | 1 Businessobjects Business Intelligence | 2024-11-21 | 5.2 Medium |
| Under certain conditions an attacker authenticated as a CMS administrator access the BOE Commentary database and retrieve (non-personal) system data, modify system data but can't make the system unavailable. This needs the attacker to have high privilege access to the same physical/logical network to access information which would otherwise be restricted, leading to low impact on confidentiality and high impact on integrity of the application. | ||||