Total
1400 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-26026 | 1 Openautomationsoftware | 1 Oas Platform | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A denial of service vulnerability exists in the OAS Engine SecureConfigValues functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted network request can lead to loss of communications. An attacker can send a network request to trigger this vulnerability. | |||||
| CVE-2022-25922 | 1 Hegemonelectronics | 2 Plc4trucks, Plc4trucks Firmware | 2024-11-21 | 6.4 MEDIUM | 6.1 MEDIUM |
| Power Line Communications PLC4TRUCKS J2497 trailer brake controllers implement diagnostic functions which can be invoked by replaying J2497 messages. There is no authentication or authorization for these functions. | |||||
| CVE-2022-25508 | 1 Freetakserver-ui Project | 1 Freetakserver-ui | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An access control issue in the component /ManageRoute/postRoute of FreeTAKServer v1.9.8 allows unauthenticated attackers to cause a Denial of Service (DoS) via an unusually large amount of created routes, or create unsafe or false routes for legitimate users. | |||||
| CVE-2022-25359 | 1 Iclinks | 3 Scadaflex Ii, Scadaflex Ii Firmware, Weblib | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| On ICL ScadaFlex II SCADA Controller SC-1 and SC-2 1.03.07 devices, unauthenticated remote attackers can overwrite, delete, or create files. | |||||
| CVE-2022-25251 | 1 Ptc | 2 Axeda Agent, Axeda Desktop Server | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send certain XML messages to a specific port without proper authentication. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to read and modify the affected product’s configuration. | |||||
| CVE-2022-25250 | 1 Ptc | 2 Axeda Agent, Axeda Desktop Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send a certain command to a specific port without authentication. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to shut down a specific service. | |||||
| CVE-2022-25247 | 1 Ptc | 2 Axeda Agent, Axeda Desktop Server | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send certain commands to a specific port without authentication. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to obtain full file-system access and remote code execution. | |||||
| CVE-2022-25245 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Zoho ManageEngine ServiceDesk Plus before 13001 allows anyone to know the organisation's default currency name. | |||||
| CVE-2022-25008 | 1 Totolink | 4 Ex1200t, Ex1200t Firmware, Ex300 V2 and 1 more | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
| totolink EX300_v2 V4.0.3c.140_B20210429 and EX1200T V4.1.2cu.5230_B20210706 does not contain an authentication mechanism. | |||||
| CVE-2022-24935 | 1 Lexmark | 2 Lexmark, Lexmark Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Lexmark products through 2022-02-10 have Incorrect Access Control. | |||||
| CVE-2022-24829 | 1 Garden | 1 Garden | 2024-11-21 | 4.3 MEDIUM | 8.1 HIGH |
| Garden is an automation platform for Kubernetes development and testing. In versions prior to 0.12.39 multiple endpoints did not require authentication. In some operating modes this allows for an attacker to gain access to the application erroneously. The configuration is leaked through the /api endpoint on the local server that is responsible for serving the Garden dashboard. At the moment, this server is accessible to 0.0.0.0 which makes it accessible to anyone on the same network (or anyone on the internet if they are on a public, static IP). This may lead to the ability to compromise credentials, secrets or environment variables. Users are advised to upgrade to version 0.12.39 as soon as possible. Users unable to upgrade should use a firewall blocking access to port 9777 from all untrusted network machines. | |||||
| CVE-2022-24820 | 1 Xwiki | 1 Xwiki | 2024-11-21 | 4.3 MEDIUM | 5.3 MEDIUM |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A guest user without the right to view pages of the wiki can still list documents by rendering some velocity documents. The problem has been patched in XWiki versions 12.10.11, 13.4.4, and 13.9-rc-1. There is no known workaround for this problem. | |||||
| CVE-2022-24562 | 1 Iobit | 1 Iotransfer | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| In IOBit IOTransfer 4.3.1.1561, an unauthenticated attacker can send GET and POST requests to Airserv and gain arbitrary read/write access to the entire file-system (with admin privileges) on the victim's endpoint, which can result in data theft and remote code execution. | |||||
| CVE-2022-24396 | 1 Sap | 1 Simple Diagnostics Agent | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| The Simple Diagnostics Agent - versions 1.0 up to version 1.57, does not perform any authentication checks for functionalities that can be accessed via localhost on http port 3005. Due to lack of authentication checks, an attacker could access administrative or other privileged functionalities and read, modify, or delete sensitive information and configurations. | |||||
| CVE-2022-24111 | 1 Mahara | 1 Mahara | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Mahara 21.04 before 21.04.3 and 21.10 before 21.10.1, portfolios created in groups that have not been shared with non-group members and portfolios created on the site and institution levels can be viewed without requiring a login if the URL to these portfolios is known. | |||||
| CVE-2022-23945 | 1 Apache | 1 Shenyu | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Missing authentication on ShenYu Admin when register by HTTP. This issue affected Apache ShenYu 2.4.0 and 2.4.1. | |||||
| CVE-2022-23944 | 1 Apache | 1 Shenyu | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| User can access /plugin api without authentication. This issue affected Apache ShenYu 2.4.0 and 2.4.1. | |||||
| CVE-2022-23719 | 1 Pingidentity | 1 Pingid Integration For Windows Login | 2024-11-21 | 6.9 MEDIUM | 7.2 HIGH |
| PingID Windows Login prior to 2.8 does not authenticate communication with a local Java service used to capture security key requests. An attacker with the ability to execute code on the target machine maybe able to exploit and spoof the local Java service using multiple attack vectors. A successful attack can lead to code executed as SYSTEM by the PingID Windows Login application, or even a denial of service for offline security key authentication. | |||||
| CVE-2022-23345 | 1 Bigantsoft | 1 Bigant Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control. | |||||
| CVE-2022-23220 | 4 Canonical, Debian, Gentoo and 1 more | 4 Ubuntu Linux, Debian Linux, Linux and 1 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| USBView 2.1 before 2.2 allows some local users (e.g., ones logged in via SSH) to execute arbitrary code as root because certain Polkit settings (e.g., allow_any=yes) for pkexec disable the authentication requirement. Code execution can, for example, use the --gtk-module option. This affects Ubuntu, Debian, and Gentoo. | |||||