Total
106 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-33317 | 2 Iconics, Mitsubishielectric | 2 Genesis64, Mc Works64 | 2024-02-04 | N/A | 7.8 HIGH |
| Inclusion of Functionality from Untrusted Control Sphere vulnerability in ICONICS GENESIS64 versions 10.97.1 and prior and Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior allows an unauthenticated attacker to execute an arbitrary malicious code by leading a user to load a monitoring screen file including malicious script codes. | |||||
| CVE-2022-30243 | 1 Honeywell | 2 Alterton Visual Logic, Alterton Visual Logic Firmware | 2024-02-04 | N/A | 8.8 HIGH |
| Honeywell Alerton Visual Logic through 2022-05-04 allows unauthenticated programming writes from remote users. This enables code to be stored on the controller and then run without verification. A user with malicious intent can send a crafted packet to change and/or stop the program without the knowledge of other users, altering the controller's function. After the programming change, the program needs to be overwritten in order for the controller to restore its original operational function. | |||||
| CVE-2022-22246 | 1 Juniper | 1 Junos | 2024-02-04 | N/A | 8.8 HIGH |
| A PHP Local File Inclusion (LFI) vulnerability in the J-Web component of Juniper Networks Junos OS may allow a low-privileged authenticated attacker to execute an untrusted PHP file. By chaining this vulnerability with other unspecified vulnerabilities, and by circumventing existing attack requirements, successful exploitation could lead to a complete system compromise. This issue affects Juniper Networks Junos OS: all versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S6; 19.4 versions prior to 19.4R2-S7, 19.4R3-S8; 20.1 versions prior to 20.1R3-S5; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S2; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R2-S2, 21.3R3; 21.4 versions prior to 21.4R1-S2, 21.4R2-S1, 21.4R3; 22.1 versions prior to 22.1R1-S1, 22.1R2. | |||||
| CVE-2021-4229 | 1 Ua-parser-js Project | 1 Ua-parser-js | 2024-02-04 | 7.6 HIGH | 8.8 HIGH |
| A vulnerability was found in ua-parser-js 0.7.29/0.8.0/1.0.0. It has been rated as critical. This issue affects the crypto mining component which introduces a backdoor. Upgrading to version 0.7.30, 0.8.1 and 1.0.1 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2022-1161 | 1 Rockwellautomation | 48 Compact Guardlogix 5370, Compact Guardlogix 5370 Firmware, Compact Guardlogix 5380 and 45 more | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| An attacker with the ability to modify a user program may change user program code on some ControlLogix, CompactLogix, and GuardLogix Control systems. Studio 5000 Logix Designer writes user-readable program code to a separate location than the executed compiled code, allowing an attacker to change one and not the other. | |||||
| CVE-2022-25486 | 1 Cuppacms | 1 Cuppacms | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
| CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertConfigField.php. | |||||
| CVE-2022-24232 | 1 Hospital\'s Patient Records Management System Project | 1 Hospital\'s Patient Records Management System | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
| A local file inclusion in Hospital Patient Record Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-22308 | 1 Ibm | 1 Planning Analytics | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
| IBM Planning Analytics 2.0 is vulnerable to a Remote File Include (RFI) attack. User input could be passed into file include commands and the web application could be tricked into including remote files with malicious code. IBM X-Force ID: 216891. | |||||
| CVE-2022-23630 | 1 Gradle | 1 Gradle | 2024-02-04 | 6.0 MEDIUM | 7.5 HIGH |
| Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, Gradle may skip that verification and accept a dependency that would otherwise fail the build as an untrusted external artifact. This occurs when dependency verification is disabled on one or more configurations and those configurations have common dependencies with other configurations that have dependency verification enabled. If the configuration that has dependency verification disabled is resolved first, Gradle does not verify the common dependencies for the configuration that has dependency verification enabled. Gradle 7.4 fixes that issue by validating artifacts at least once if they are present in a resolved configuration that has dependency verification active. For users who cannot update either do not use `ResolutionStrategy.disableDependencyVerification()` and do not use plugins that use that method to disable dependency verification for a single configuration or make sure resolution of configuration that disable that feature do not happen in builds that resolve configuration where the feature is enabled. | |||||
| CVE-2022-24824 | 1 Discourse | 1 Discourse | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| Discourse is an open source platform for community discussion. In affected versions an attacker can poison the cache for anonymous (i.e. not logged in) users, such that the users are shown the crawler view of the site instead of the HTML page. This can lead to a partial denial-of-service. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. There are no known workarounds for this issue. | |||||
| CVE-2022-25485 | 1 Cuppacms | 1 Cuppacms | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
| CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertLightbox.php. | |||||
| CVE-2021-41256 | 1 Nextcloud | 1 News | 2024-02-04 | 5.8 MEDIUM | 7.1 HIGH |
| nextcloud news-android is an Android client for the Nextcloud news/feed reader app. In affected versions the Nextcloud News for Android app has a security issue by which a malicious application installed on the same device can send it an arbitrary Intent that gets reflected back, unintentionally giving read and write access to non-exported Content Providers in Nextcloud News for Android. Users should upgrade to version 0.9.9.63 or higher as soon as possible. | |||||
| CVE-2021-33626 | 2 Insyde, Siemens | 33 Insydeh2o, Ruggedcom Apr1808, Ruggedcom Apr1808 Firmware and 30 more | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
| A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(QWORD values for CommBuffer). This can be used by an attacker to corrupt data in SMRAM memory and even lead to arbitrary code execution. | |||||
| CVE-2021-20843 | 2 Ntt-west, Yamaha | 16 Biz Box Nvr510, Biz Box Nvr510 Firmware, Biz Box Nvr700w and 13 more | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site script inclusion vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to alter the settings of the product via a specially crafted web page. | |||||
| CVE-2021-29113 | 1 Esri | 1 Arcgis Server | 2024-02-04 | 4.3 MEDIUM | 4.7 MEDIUM |
| A remote file inclusion vulnerability in the ArcGIS Server help documentation may allow a remote, unauthenticated attacker to inject attacker supplied html into a page. | |||||
| CVE-2021-41841 | 1 Insyde | 1 Insydeh2o | 2024-02-04 | 7.2 HIGH | 8.2 HIGH |
| An issue was discovered in AhciBusDxe in the kernel 5.0 through 5.5 in Insyde InsydeH2O. There is an SMM callout that allows an attacker to access the System Management Mode and execute arbitrary code. This occurs because of Inclusion of Functionality from an Untrusted Control Sphere. | |||||
| CVE-2020-16152 | 1 Extremenetworks | 1 Aerohive Netconfig | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| The NetConfig UI administrative interface in Extreme Networks ExtremeWireless Aerohive HiveOS and IQ Engine through 10.0r8a allows attackers to execute PHP code as the root user via remote HTTP requests that insert this code into a log file and then traverse to that file. | |||||
| CVE-2021-38360 | 1 Wp-publications Project | 1 Wp-publications | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| The wp-publications WordPress plugin is vulnerable to restrictive local file inclusion via the Q_FILE parameter found in the ~/bibtexbrowser.php file which allows attackers to include local zip files and achieve remote code execution, in versions up to and including 0.0. | |||||
| CVE-2021-41569 | 1 Sas | 1 Sas\/intrnet | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| SAS/Intrnet 9.4 build 1520 and earlier allows Local File Inclusion. The samples library (included by default) in the appstart.sas file, allows end-users of the application to access the sample.webcsf1.sas program, which contains user-controlled macro variables that are passed to the DS2CSF macro. Users can escape the context of the configured user-controllable variable and append additional functions native to the macro but not included as variables within the library. This includes a function that retrieves files from the host OS. | |||||
| CVE-2021-42133 | 1 Ivanti | 1 Avalanche | 2024-02-04 | 5.5 MEDIUM | 8.1 HIGH |
| An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform an arbitrary file write. | |||||