Search
14,626 CVEs · Low severity
CVEs (14,626, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 101–125 of 14,626 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↓ | Published | Description |
|---|---|---|---|---|---|
| CVE-2022-39334 | LOW | Patched | 3.9 | 2022-11-25 | Nextcloud also ships a CLI utility called nextcloudcmd which is sometimes used for automated scripting and headless servers. Versions of nextcloudcmd prior to 3.6.1 would i… |
| CVE-2022-30307 | LOW | Patched | 3.9 | 2022-11-02 | A key management error vulnerability [CWE-320] affecting the RSA SSH host key in FortiOS 7.2.0 and below, 7.0.6 and below, 6.4.9 and below may allow an unauthenticated atta… |
| CVE-2022-39403 | LOW | Patched | 3.9 | 2022-10-18 | Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell: Core Client). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vuln… |
| CVE-2022-36851 | LOW | Patched | 3.9 | 2022-09-09 | Improper access control vulnerability in Samsung pass prior to version 4.0.03.1 allow physical attackers to access data of Samsung pass on a certain state of an unlocked device. |
| CVE-2022-1697 | LOW | 3.9 | 2022-09-06 | Okta Active Directory Agent versions 3.8.0 through 3.11.0 installed the Okta AD Agent Update Service using an unquoted path. Note: To remediate this vulnerability, you must… | |
| CVE-2022-2788 | LOW | Patched | 3.9 | 2022-08-19 | Emerson Electric's Proficy Machine Edition Version 9.80 and prior is vulnerable to CWE-29 Path Traversal: '\..\Filename', also known as a ZipSlip attack, through an upload … |
| CVE-2021-27785 | LOW | Patched | 3.9 | 2022-07-30 | HCL Commerce's Remote Store server could allow a local attacker to obtain sensitive personal information. The vulnerability requires the victim to first perform a particula… |
| CVE-2022-37009 | LOW | Patched | 3.9 | 2022-07-28 | In JetBrains IntelliJ IDEA before 2022.2 local code execution via a Vagrant executable was possible |
| CVE-2022-20226 | LOW | 3.9 | 2022-07-13 | In finishDrawingWindow of WindowManagerService.java, there is a possible tapjacking due to improper input validation. This could lead to local escalation of privilege with … | |
| CVE-2022-0997 | LOW | Patched | 3.9 | 2022-05-17 | Improper file permissions in the CommandPost, Collector, and Sensor components of Fidelis Network and Deception enables an attacker with local, administrative access to the… |
| CVE-2022-29817 | LOW | Patched | 3.9 | 2022-04-28 | In JetBrains IntelliJ IDEA before 2022.1 reflected XSS via error messages in internal web server was possible |
| CVE-2022-29818 | LOW | Patched | 3.9 | 2022-04-28 | In JetBrains IntelliJ IDEA before 2022.1 origin checks in the internal web server were flawed |
| CVE-2022-24735 | LOW | Patched | 3.9 | 2022-04-27 | Redis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis prior to version 7.… |
| CVE-2021-25266 | LOW | Patched | 3.9 | 2022-04-27 | An insecure data storage vulnerability allows a physical attacker with root privileges to retrieve TOTP secret keys from unlocked phones in Sophos Authenticator for Android… |
| CVE-2022-23999 | LOW | 3.9 | 2022-02-11 | PendingIntent hijacking vulnerability in CpaReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission in KnoxPrivacyNoticeRec… | |
| CVE-2022-24000 | LOW | 3.9 | 2022-02-11 | PendingIntent hijacking vulnerability in DataUsageReminderReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission in KnoxPr… | |
| CVE-2022-23427 | LOW | 3.9 | 2022-02-11 | PendingIntent hijacking vulnerability in KnoxPrivacyNoticeReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission via impli… | |
| CVE-2022-21298 | LOW | 3.9 | 2022-01-19 | Vulnerability in the Oracle Solaris product of Oracle Systems (component: Install). The supported version that is affected is 11. Easily exploitable vulnerability allows lo… | |
| CVE-2022-22287 | LOW | Patched | 3.9 | 2022-01-10 | Abitrary file access vulnerability in Samsung Email prior to 6.1.60.16 allows attacker to read isolated data in sandbox. |
| CVE-2021-45653 | LOW | Patched | 3.9 | 2021-12-26 | Certain NETGEAR devices are affected by disclosure of sensitive information. This affects RBK352 before 4.4.0.10, RBR350 before 4.4.0.10, and RBS350 before 4.4.0.10. |
| CVE-2021-45640 | LOW | Patched | 3.9 | 2021-12-26 | Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D3600 before 1.0.0.72, D6000 before 1.0.0.72, D6200 before 1.1.00.34, D62… |
| CVE-2020-14264 | LOW | Patched | 3.9 | 2021-10-25 | "HCL Traveler Companion is vulnerable to an iOS weak cryptographic process vulnerability via the included MobileIron AppConnect SDK" |
| CVE-2020-14263 | LOW | Patched | 3.9 | 2021-10-21 | "HCL Traveler Companion is vulnerable to an iOS weak cryptographic process vulnerability via the included MobileIron AppConnect SDK" |
| CVE-2021-35549 | LOW | 3.9 | 2021-10-20 | Vulnerability in the Oracle Solaris product of Oracle Systems (component: Utility). The supported version that is affected is 11. Easily exploitable vulnerability allows lo… | |
| CVE-2021-25475 | LOW | 3.9 | 2021-10-06 | A possible heap-based buffer overflow vulnerability in DSP kernel driver prior to SMR Oct-2021 Release 1 allows arbitrary memory write and code execution. |