CWE:
 

Tytuł
Data
Autor
Med.
Zoom 5.4.3 (54779.1115) / 5.5.4 (13142.0301) Information Disclosure
23.03.2021
Matthias Deeg


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2022-05-10
Low
CVE-2022-22011

Vendor: Microsoft
Software: Windows 10
 

 
Windows Graphics Component Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-26934, CVE-2022-29112.

 
Low
CVE-2022-22015

Vendor: Microsoft
Software: Windows 10
 

 
Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability.

 
2022-04-28
Low
CVE-2022-29820

Vendor: Jetbrains
Software: Pycharm
 

 
In JetBrains PyCharm before 2022.1 exposure of the debugger port to the internal network was possible

 
2022-04-27
Low
CVE-2021-38874

Updating...
 

 
IBM QRadar SIEM 7.3, 7.4, and 7.5 allows for users to access information across tenant and domain boundaries in some situations. IBM X-Force ID: 208397.

 
2022-04-22
Low
CVE-2021-38904

Vendor: IBM
Software: Cognos analytics
 

 
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings. IBM X-Force ID: 209693.

 
Low
CVE-2021-38905

Vendor: IBM
Software: Cognos analytics
 

 
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow an authenticated user to view report pages that they should not have access to. IBM X-Force ID: 209697.

 
2022-04-19
Medium
CVE-2022-1385

Vendor: Mattermost
Software: Mattermost s...
 

 
Mattermost 6.4.x and earlier fails to properly invalidate pending email invitations when the action is performed from the system console, which allows accidentally invited users to join the workspace and access information from the public teams and channels.

 
Medium
CVE-2021-43129

Vendor: D2L
Software: Brightspace
 

 

 
2022-04-15
Medium
CVE-2022-27257

Vendor: Hubzilla
Software: Hubzilla
 

 
A PHP Local File Inclusion vulneraility in the default Redbasic theme for Hubzilla before version 7.2 allows remote attackers to include arbitrary php files via the schema parameter.

 
2022-04-14
Low
CVE-2022-25165

Vendor: Amazon
Software: Aws client vpn
 

 
An issue was discovered in Amazon AWS VPN Client 2.0.0. A TOCTOU race condition exists during the validation of VPN configuration files. This allows parameters outside of the AWS VPN Client allow list to be injected into the configuration file prior to the AWS VPN Client service (running as SYSTEM) processing the file. Dangerous arguments can be injected by a low-level user such as log, which allows an arbitrary destination to be specified for writing log files. This leads to an arbitrary file write as SYSTEM with partial control over the files content. This can be abused to cause an elevation of privilege or denial of service.

 

 


Copyright 2022, cxsecurity.com

 

Back to Top