Total
1400 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-28809 | 1 Opendesign | 1 Drawings Sdk | 2024-11-21 | N/A | 7.8 HIGH |
| An issue was discovered in Open Design Alliance Drawings SDK before 2023.3. An Out-of-Bounds Read vulnerability exists when reading a DWG file with an invalid vertex number in a recovery mode. An attacker can leverage this vulnerability to execute code in the context of the current process. | |||||
| CVE-2022-28771 | 1 Sap | 1 Business One License Service Api | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Due to missing authentication check, SAP Business one License service API - version 10.0 allows an unauthenticated attacker to send malicious http requests over the network. On successful exploitation, an attacker can break the whole application making it inaccessible. | |||||
| CVE-2022-28719 | 1 Hammock | 1 Assetview | 2024-11-21 | 9.3 HIGH | 9.8 CRITICAL |
| Missing authentication for critical function in AssetView prior to Ver.13.2.0 allows a remote unauthenticated attacker with some knowledge on the system configuration to upload a crafted configuration file to the managing server, which may result in the managed clients to execute arbitrary code with the administrative privilege. | |||||
| CVE-2022-28660 | 1 Grafana | 1 Grafana | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The querier component in Grafana Enterprise Logs 1.1.x through 1.3.x before 1.4.0 does not require authentication when X-Scope-OrgID is used. Versions 1.2.1, 1.3.1, and 1.4.0 contain the bugfix. This affects -auth.type=enterprise in microservices mode | |||||
| CVE-2022-27891 | 1 Palantir | 1 Gotham | 2024-11-21 | N/A | 5.3 MEDIUM |
| Palantir Gotham included an unauthenticated endpoint that listed all active usernames on the stack with an active session. The affected services have been patched and automatically deployed to all Apollo-managed Gotham instances. It is highly recommended that customers upgrade all affected services to the latest version. This issue affects: Palantir Gotham versions prior to 103.30221005.0. | |||||
| CVE-2022-27645 | 1 Netgear | 46 Lax20, Lax20 Firmware, R6400 and 43 more | 2024-11-21 | N/A | 8.8 HIGH |
| This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within readycloud_control.cgi. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15762. | |||||
| CVE-2022-27586 | 1 Sick | 2 Sim1004-0p0g311, Sim1004-0p0g311 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| Password recovery vulnerability in SICK SIM1004 Partnumber 1098148 with firmware version <2.0.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The recommended solution is to update the firmware to a version >= 2.0.0 as soon as possible (available in SICK Support Portal). | |||||
| CVE-2022-27584 | 1 Sick | 2 Sim2000st, Sim2000st Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| Password recovery vulnerability in SICK SIM2000ST Partnumber 1080579 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The firmware versions <=1.7.0 allow to optionally disable device configuration over the network interfaces. Please make sure that you apply general security practices when operating the SIM2000ST. A fix is planned but not yet scheduled. | |||||
| CVE-2022-27582 | 1 Sick | 14 Sim1000 Fx, Sim1000 Fx Firmware, Sim1004 and 11 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| Password recovery vulnerability in SICK SIM4000 (PPC) Partnumber 1078787 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The firmware versions <=1.10.1 allow to optionally disable device configuration over the network interfaces. Please make sure that you apply general security practices when operating the SIM4000. A fix is planned but not yet scheduled. | |||||
| CVE-2022-27495 | 1 F5 | 1 Nginx Service Mesh | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| On all versions 1.3.x (fixed in 1.4.0) NGINX Service Mesh control plane endpoints are exposed to the cluster overlay network. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | |||||
| CVE-2022-27332 | 1 Zammad | 1 Zammad | 2024-11-21 | 5.8 MEDIUM | 9.1 CRITICAL |
| An access control issue in Zammad v5.0.3 allows attackers to write entries to the CTI caller log without authentication. This vulnerability can allow attackers to execute phishing attacks or cause a Denial of Service (DoS). | |||||
| CVE-2022-27169 | 1 Openautomationsoftware | 1 Oas Platform | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An information disclosure vulnerability exists in the OAS Engine SecureBrowseFile functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted network request can lead to a disclosure of sensitive information. An attacker can send a network request to trigger this vulnerability. | |||||
| CVE-2022-26971 | 1 Barco | 1 Control Room Management Suite | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. This upload can be executed without authentication. | |||||
| CVE-2022-26833 | 1 Openautomationsoftware | 1 Oas Platform | 2024-11-21 | 7.5 HIGH | 9.4 CRITICAL |
| An improper authentication vulnerability exists in the REST API functionality of Open Automation Software OAS Platform V16.00.0121. A specially-crafted series of HTTP requests can lead to unauthenticated use of the REST API. An attacker can send a series of HTTP requests to trigger this vulnerability. | |||||
| CVE-2022-26394 | 1 Baxter | 8 Baxter Spectrum Iq 35700bax3, Baxter Spectrum Iq 35700bax3 Firmware, Sigma Spectrum 35700bax and 5 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| The Baxter Spectrum WBM does not perform mutual authentication with the gateway server host. This may allow an attacker to perform a man in the middle attack that modifies parameters making the network connection fail. | |||||
| CVE-2022-26303 | 1 Openautomationsoftware | 1 Oas Platform | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An external config control vulnerability exists in the OAS Engine SecureAddUser functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to the creation of an OAS user account. An attacker can send a sequence of requests to trigger this vulnerability. | |||||
| CVE-2022-26267 | 1 Piwigo | 1 Piwigo | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Piwigo v12.2.0 was discovered to contain an information leak via the action parameter in /admin/maintenance_actions.php. | |||||
| CVE-2022-26082 | 1 Openautomationsoftware | 1 Oas Platform | 2024-11-21 | 7.5 HIGH | 9.1 CRITICAL |
| A file write vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability. | |||||
| CVE-2022-26067 | 1 Openautomationsoftware | 1 Oas Platform | 2024-11-21 | 5.0 MEDIUM | 4.9 MEDIUM |
| An information disclosure vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to arbitrary file read. An attacker can send a sequence of requests to trigger this vulnerability. | |||||
| CVE-2022-26043 | 1 Openautomationsoftware | 1 Oas Platform | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An external config control vulnerability exists in the OAS Engine SecureAddSecurity functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to the creation of a custom Security Group. An attacker can send a sequence of requests to trigger this vulnerability. | |||||