Export limit exceeded: 80274 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (80274 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-31591 | 1 Sap | 1 Businessobjects Bw Publisher Service | 2024-11-21 | 7.8 High |
| SAP BusinessObjects BW Publisher Service - versions 420, 430, uses a search path that contains an unquoted element. A local attacker can gain elevated privileges by inserting an executable file in the path of the affected service | ||||
| CVE-2022-31590 | 1 Sap | 1 Powerdesigner Proxy | 2024-11-21 | 7.8 High |
| SAP PowerDesigner Proxy - version 16.7, allows an attacker with low privileges and has local access, with the ability to work around system’s root disk access restrictions to Write/Create a program file on system disk root path, which could then be executed with elevated privileges of the application during application start up or reboot, potentially compromising Confidentiality, Integrity and Availability of the system. | ||||
| CVE-2022-31578 | 1 Bt Lnmp Project | 1 Bt Lnmp | 2024-11-21 | 7.5 High |
| The piaoyunsoft/bt_lnmp repository through 2019-10-10 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | ||||
| CVE-2022-31566 | 1 Data Stream Algorithm Benchmark Project | 1 Data Stream Algorithm Benchmark | 2024-11-21 | 8.6 High |
| The DSAB-local/DSAB repository through 2019-02-18 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | ||||
| CVE-2022-31500 | 1 Knime | 1 Knime Analytics Platform | 2024-11-21 | 7.8 High |
| In KNIME Analytics Platform below 4.6.0, the Windows installer sets improper filesystem permissions. | ||||
| CVE-2022-31496 | 1 Librehealth | 1 Librehealth Ehr | 2024-11-21 | 8.8 High |
| LibreHealth EHR Base 2.0.0 allows incorrect interface/super/manage_site_files.php access. | ||||
| CVE-2022-31489 | 1 Inoutscripts | 1 Blockchain Altexchanger | 2024-11-21 | 7.5 High |
| Inout Blockchain AltExchanger 1.2.1 allows index.php/home/about inoutio_language cookie SQL injection. | ||||
| CVE-2022-31488 | 1 Inoutscripts | 1 Blockchain Altexchanger | 2024-11-21 | 7.5 High |
| Inout Blockchain AltExchanger 1.2.1 allows index.php/coins/update_marketboxslider marketcurrency SQL injection. | ||||
| CVE-2022-31487 | 1 Inoutscripts | 2 Blockchain Altexchanger, Blockchain Fiatexchanger | 2024-11-21 | 7.5 High |
| Inout Blockchain AltExchanger 1.2.1 and Inout Blockchain FiatExchanger 2.2.1 allow Chart/TradingView/chart_content/master.php symbol SQL injection. | ||||
| CVE-2022-31486 | 2 Carrier, Hidglobal | 28 Lenels2 Lnl-4420, Lenels2 Lnl-4420 Firmware, Lenels2 Lnl-x2210 and 25 more | 2024-11-21 | 8.8 High |
| An authenticated attacker can send a specially crafted route to the “edit_route.cgi” binary and have it execute shell commands. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.303 for the LP series and 1.297 for the EP series. An attacker with this level of access on the device can monitor all communications sent to and from this device, modify onboard relays, change configuration files, or cause the device to become unstable. | ||||
| CVE-2022-31484 | 2 Carrier, Hidglobal | 28 Lenels2 Lnl-4420, Lenels2 Lnl-4420 Firmware, Lenels2 Lnl-x2210 and 25 more | 2024-11-21 | 7.5 High |
| An unauthenticated attacker can send a specially crafted network packet to delete a user from the web interface. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29. The impact of this vulnerability is that an unauthenticated attacker could restrict access to the web interface to legitimate users and potentially requiring them to use the default user dip switch procedure to gain access back. | ||||
| CVE-2022-31482 | 2 Carrier, Hidglobal | 28 Lenels2 Lnl-4420, Lenels2 Lnl-4420 Firmware, Lenels2 Lnl-x2210 and 25 more | 2024-11-21 | 7.5 High |
| An unauthenticated attacker can send a specially crafted unauthenticated HTTP request to the device that can overflow a buffer. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29. The overflowed data leads to segmentation fault and ultimately a denial-of-service condition, causing the device to reboot. The impact of this vulnerability is that an unauthenticated attacker could leverage this flaw to cause the target device to become unresponsive. An attacker could automate this attack to achieve persistent DoS, effectively rendering the target controller useless. | ||||
| CVE-2022-31480 | 2 Carrier, Hidglobal | 28 Lenels2 Lnl-4420, Lenels2 Lnl-4420 Firmware, Lenels2 Lnl-x2210 and 25 more | 2024-11-21 | 7.5 High |
| An unauthenticated attacker could arbitrarily upload firmware files to the target device, ultimately causing a Denial-of-Service (DoS). This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.302 for the LP series and 1.296 for the EP series. The attacker needs to have a properly signed and encrypted binary, loading the firmware to the device ultimately triggers a reboot. | ||||
| CVE-2022-31471 | 1 Untangle Project | 1 Untangle | 2024-11-21 | 7.5 High |
| untangle is a python library to convert XML data to python objects. untangle versions 1.2.0 and earlier improperly restricts XML external entity references. By exploiting this vulnerability, a remote unauthenticated attacker may read the contents of local files. | ||||
| CVE-2022-31467 | 1 Quickheal | 1 Total Security | 2024-11-21 | 7.9 High |
| A DLL hijacking vulnerability in the installed for Quick Heal Total Security prior to 12.1.1.27 allows a local attacker to achieve privilege escalation, leading to execution of arbitrary code, via the installer not restricting the search path for required DLLs and then not verifying the signature of the DLLs it tries to load. | ||||
| CVE-2022-31466 | 1 Quickheal | 1 Total Security | 2024-11-21 | 7.9 High |
| Time of Check - Time of Use (TOCTOU) vulnerability in Quick Heal Total Security prior to 12.1.1.27 allows a local attacker to achieve privilege escalation, potentially leading to deletion of system files. This is achieved through exploiting the time between detecting a file as malicious and when the action of quarantining or cleaning is performed, and using the time to replace the malicious file by a symlink. | ||||
| CVE-2022-31464 | 1 Adaware | 1 Protect | 2024-11-21 | 7.8 High |
| Insecure permissions configuration in Adaware Protect v1.2.439.4251 allows attackers to escalate privileges via changing the service binary path. | ||||
| CVE-2022-31463 | 1 Owllabs | 2 Meeting Owl Pro, Meeting Owl Pro Firmware | 2024-11-21 | 8.2 High |
| Owl Labs Meeting Owl 5.2.0.15 does not require a password for Bluetooth commands, because only client-side authentication is used. | ||||
| CVE-2022-31461 | 1 Owllabs | 2 Meeting Owl Pro, Meeting Owl Pro Firmware | 2024-11-21 | 7.4 High |
| Owl Labs Meeting Owl 5.2.0.15 allows attackers to deactivate the passcode protection mechanism via a certain c 11 message. | ||||
| CVE-2022-31460 | 1 Owllabs | 2 Meeting Owl Pro, Meeting Owl Pro Firmware | 2024-11-21 | 7.4 High |
| Owl Labs Meeting Owl 5.2.0.15 allows attackers to activate Tethering Mode with hard-coded hoothoot credentials via a certain c 150 value. | ||||