• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-1188

CVE-2021-0114

February 23, 2023 by

Unchecked return value in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access.

CVE-2022-46831

February 23, 2023 by godfreyd94

In JetBrains TeamCity between 2022.10 and 2022.10.1 connecting to AWS using the “Default Credential Provider Chain” allowed TeamCity project administrators to access AWS resources normally limited to TeamCity system administrators.

CVE-2022-42467

February 23, 2023 by godfreyd94

When running in prototype mode, the h2 webconsole module (accessible from the Prototype menu) is automatically made available with the ability to directly query the database. It was felt that it is safer to require the developer to explicitly enable this capability. As of 2.0.0-M8, this can now be done using the ‘isis.prototyping.h2-console.web-allow-remote-access’ configuration property; the web console will be unavailable without setting this configuration. As an additional safeguard, the new ‘isis.prototyping.h2-console.generate-random-web-admin-password’ configuration parameter (enabled by default) requires that the administrator use a randomly generated password to use the console. The password is printed to the log, as “webAdminPass: xxx” (where “xxx”) is the password. To revert to the original behaviour, the administrator would therefore need to set these configuration parameter: isis.prototyping.h2-console.web-allow-remote-access=true isis.prototyping.h2-console.generate-random-web-admin-password=false Note also that the h2 webconsole is never available in production mode, so these safeguards are only to ensure that the webconsole is secured by default also in prototype mode.

CVE-2022-40468

February 23, 2023 by godfreyd94

Potential leak of left-over heap data if custom error page templates containing special non-standard variables are used. Tinyproxy commit 84f203f and earlier use uninitialized buffers in process_request() function.

CVE-2022-36349

February 23, 2023 by godfreyd94

Insecure default variable initialization in BIOS firmware for some Intel(R) NUC Boards and Intel(R) NUC Kits before version MYi30060 may allow an authenticated user to potentially enable denial of service via local access.

CVE-2022-3262

February 23, 2023 by godfreyd94

A flaw was found in Openshift. A pod with a DNSPolicy of “ClusterFirst” may incorrectly resolve the hostname based on a service provided. This flaw allows an attacker to supply an incorrect name with the DNS search policy, affecting confidentiality and availability.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 14
  • Go to page 15
  • Go to page 16
  • Go to page 17
  • Go to page 18
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE