Total
4649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-0022 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-11-21 | N/A | 9.9 CRITICAL |
| SAP BusinessObjects Business Intelligence Analysis edition for OLAP allows an authenticated attacker to inject malicious code that can be executed by the application over the network. On successful exploitation, an attacker can perform operations that may completely compromise the application causing a high impact on the confidentiality, integrity, and availability of the application. | |||||
| CVE-2022-4300 | 1 Xjd2020 | 1 Fastcms | 2024-11-21 | N/A | 6.3 MEDIUM |
| A vulnerability was found in FastCMS. It has been rated as critical. This issue affects some unknown processing of the file /template/edit of the component Template Handler. The manipulation leads to injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-214901 was assigned to this vulnerability. | |||||
| CVE-2022-46836 | 1 Checkmk | 1 Checkmk | 2024-11-21 | N/A | 9.1 CRITICAL |
| PHP code injection in watolib auth.php and hosttags.php in Tribe29's Checkmk <= 2.1.0p10, Checkmk <= 2.0.0p27, and Checkmk <= 1.6.0p29 allows an attacker to inject and execute PHP code which will be executed upon request of the vulnerable component. | |||||
| CVE-2022-46742 | 1 Paddlepaddle | 1 Paddlepaddle | 2024-11-21 | N/A | 10.0 CRITICAL |
| Code injection in paddle.audio.functional.get_window in PaddlePaddle 2.4.0-rc0 allows arbitrary code execution. | |||||
| CVE-2022-46333 | 1 Proofpoint | 1 Enterprise Protection | 2024-11-21 | N/A | 7.2 HIGH |
| The admin user interface in Proofpoint Enterprise Protection (PPS/PoD) contains a command injection vulnerability that enables an admin to execute commands beyond their allowed scope. This affects all versions 8.19.0 and below. | |||||
| CVE-2022-46166 | 1 Codecentric | 1 Spring Boot Admin | 2024-11-21 | N/A | 8.0 HIGH |
| Spring boot admins is an open source administrative user interface for management of spring boot applications. All users who run Spring Boot Admin Server, having enabled Notifiers (e.g. Teams-Notifier) and write access to environment variables via UI are affected. Users are advised to upgrade to the most recent releases of Spring Boot Admin 2.6.10 and 2.7.8 to resolve this issue. Users unable to upgrade may disable any notifier or disable write access (POST request) on `/env` actuator endpoint. | |||||
| CVE-2022-46157 | 1 Akeneo | 1 Product Information Management | 2024-11-21 | N/A | 8.8 HIGH |
| Akeneo PIM is an open source Product Information Management (PIM). Akeneo PIM Community Edition versions before v5.0.119 and v6.0.53 allows remote authenticated users to execute arbitrary PHP code on the server by uploading a crafted image. Akeneo PIM Community Edition after the versions aforementioned provides patched Apache HTTP server configuration file, for docker setup and in documentation sample, to fix this vulnerability. Community Edition users must change their Apache HTTP server configuration accordingly to be protected. The patch for Cloud Based Akeneo PIM Services customers has been applied since 30th October 2022. Users are advised to upgrade. Users unable to upgrade may Replace any reference to `<FilesMatch \.php$>` in their apache httpd configurations with: `<Location "/index.php">`. | |||||
| CVE-2022-46070 | 2024-11-21 | N/A | 7.5 HIGH | ||
| GV-ASManager V6.0.1.0 contains a Local File Inclusion vulnerability in GeoWebServer via Path. | |||||
| CVE-2022-45177 | 1 Liveboxcloud | 1 Vdesk | 2024-11-21 | N/A | 7.5 HIGH |
| An issue was discovered in LIVEBOX Collaboration vDesk through v031. An Observable Response Discrepancy can occur under the /api/v1/vdeskintegration/user/isenableuser endpoint, the /api/v1/sharedsearch?search={NAME]+{SURNAME] endpoint, and the /login endpoint. The web application provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere. | |||||
| CVE-2022-43938 | 1 Hitachi | 1 Vantara Pentaho Business Analytics Server | 2024-11-21 | N/A | 8.8 HIGH |
| Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x cannot allow a system administrator to disable scripting capabilities of Pentaho Reports (*.prpt) through the JVM script manager. | |||||
| CVE-2022-43572 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2024-11-21 | N/A | 7.5 HIGH |
| In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, sending a malformed file through the Splunk-to-Splunk (S2S) or HTTP Event Collector (HEC) protocols to an indexer results in a blockage or denial-of-service preventing further indexing. | |||||
| CVE-2022-43571 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2024-11-21 | N/A | 8.8 HIGH |
| In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can execute arbitrary code through the dashboard PDF generation component. | |||||
| CVE-2022-43279 | 1 Limesurvey | 1 Limesurvey | 2024-11-21 | N/A | 7.2 HIGH |
| LimeSurvey before v5.0.4 was discovered to contain a SQL injection vulnerability via the component /application/views/themeOptions/update.php. | |||||
| CVE-2022-42889 | 3 Apache, Juniper, Netapp | 10 Commons Text, Jsa1500, Jsa3500 and 7 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - "script" - execute expressions using the JVM script execution engine (javax.script) - "dns" - resolve dns records - "url" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolators by default. | |||||
| CVE-2022-42699 | 1 Wp-ecommerce | 1 Easy Wp Smtp | 2024-11-21 | N/A | 9.1 CRITICAL |
| Auth. Remote Code Execution vulnerability in Easy WP SMTP plugin <= 1.5.1 on WordPress. | |||||
| CVE-2022-42268 | 1 Nvidia | 6 Nvidia Isaac Sim, Omniverse Audio2face, Omniverse Code and 3 more | 2024-11-21 | N/A | 7.8 HIGH |
| Omniverse Kit contains a vulnerability in the reference applications Create, Audio2Face, Isaac Sim, View, Code, and Machinima. These applications allow executable Python code to be embedded in Universal Scene Description (USD) files to customize all aspects of a scene. If a user opens a USD file that contains embedded Python code in one of these applications, the embedded Python code automatically runs with the privileges of the user who opened the file. As a result, an unprivileged remote attacker could craft a USD file containing malicious Python code and persuade a local user to open the file, which may lead to information disclosure, data tampering, and denial of service. | |||||
| CVE-2022-42045 | 2 Watchdog, Zemana | 2 Anti-virus, Antimalware | 2024-11-21 | N/A | 6.7 MEDIUM |
| Certain Zemana products are vulnerable to Arbitrary code injection. This affects Watchdog Anti-Malware 4.1.422 and Zemana AntiMalware 3.2.28. | |||||
| CVE-2022-41763 | 1 Nokia | 1 Access Management System | 2024-11-21 | N/A | 8.8 HIGH |
| An issue was discovered in NOKIA AMS 9.7.05. Remote Code Execution exists via the debugger of the ipAddress variable. A remote user, authenticated to the AMS server, could inject code in the PING function. The privileges of the command executed depend on the user that runs the service. | |||||
| CVE-2022-41264 | 1 Sap | 1 Basis | 2024-11-21 | N/A | 8.8 HIGH |
| Due to the unrestricted scope of the RFC function module, SAP BASIS - versions 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, 791, allows an authenticated non-administrator attacker to access a system class and execute any of its public methods with parameters provided by the attacker. On successful exploitation the attacker can have full control of the system to which the class belongs, causing a high impact on the integrity of the application. | |||||
| CVE-2022-41205 | 2 Microsoft, Sap | 2 Windows, Gui | 2024-11-21 | N/A | 5.5 MEDIUM |
| SAP GUI allows an authenticated attacker to execute scripts in the local network. On successful exploitation, the attacker can gain access to registries which can cause a limited impact on confidentiality and high impact on availability of the application. | |||||