Search Results (364491 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-29983 1 Simple Client Management System Project 1 Simple Client Management System 2024-11-21 9.8 Critical
Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=invoice/view_invoice&id=.
CVE-2022-29982 1 Simple Client Management System Project 1 Simple Client Management System 2024-11-21 9.8 Critical
Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/maintenance/manage_service.php?id=.
CVE-2022-29981 1 Simple Client Management System Project 1 Simple Client Management System 2024-11-21 9.8 Critical
Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Users.php?f=delete.
CVE-2022-29980 1 Simple Client Management System Project 1 Simple Client Management System 2024-11-21 9.8 Critical
Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=user/manage_user&id=.
CVE-2022-29979 1 Simple Client Management System Project 1 Simple Client Management System 2024-11-21 9.8 Critical
Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_designation.
CVE-2022-29976 1 Altn 1 Mdaemon 2024-11-21 5.4 Medium
An Authenticated Reflected Cross-site scripting at BCC Parameter was discovered in MDaemon before 22.0.0 .
CVE-2022-29975 1 Altn 1 Mdaemon 2024-11-21 5.4 Medium
An Authenticated Reflected Cross-site scripting at CC Parameter was discovered in MDaemon before 22.0.0 .
CVE-2022-29973 1 Exfat Project 1 Exfat 2024-11-21 4.7 Medium
relan exFAT 1.3.0 allows local users to obtain sensitive information (data from deleted files in the filesystem) in certain situations involving offsets beyond ValidDataLength.
CVE-2022-29972 1 Insightsoftware 1 Magnitude Simba Amazon Redshift Odbc Driver 2024-11-21 7.8 High
An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Redshift ODBC Driver (1.4.14 through 1.4.21.1001 and 1.4.22 through 1.4.x before 1.4.52) may allow a local user to execute arbitrary code.
CVE-2022-29971 1 Insightsoftware 1 Magnitude Simba Amazon Athena Odbc Driver 2024-11-21 7.8 High
An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Athena ODBC Driver 1.1.1 through 1.1.x before 1.1.17 may allow a local user to execute arbitrary code.
CVE-2022-29969 1 Mediawiki 1 Rss For Mediawiki 2024-11-21 6.1 Medium
The RSS extension before 2022-04-29 for MediaWiki allows XSS via an rss element (if the feed is in $wgRSSUrlWhitelist and $wgRSSAllowLinkTag is true).
CVE-2022-29968 3 Fedoraproject, Linux, Netapp 13 Fedora, Linux Kernel, H300s and 10 more 2024-11-21 7.8 High
An issue was discovered in the Linux kernel through 5.17.5. io_rw_init_file in fs/io_uring.c lacks initialization of kiocb->private.
CVE-2022-29967 1 Glewlwyd Project 1 Glewlwyd 2024-11-21 7.5 High
static_compressed_inmemory_website_callback.c in Glewlwyd through 2.6.2 allows directory traversal.
CVE-2022-29965 1 Emerson 49 Deltav Distributed Control System, Deltav Distributed Control System Sq Controller, Deltav Distributed Control System Sq Controller Firmware and 46 more 2024-11-21 5.5 Medium
The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. Access to privileged operations on the maintenance port TELNET interface (23/TCP) on M-series and SIS (CSLS/LSNB/LSNG) nodes is controlled by means of utility passwords. These passwords are generated using a deterministic, insecure algorithm using a single seed value composed of a day/hour/minute timestamp with less than 16 bits of entropy. The seed value is fed through a lookup table and a series of permutation operations resulting in three different four-character passwords corresponding to different privilege levels. An attacker can easily reconstruct these passwords and thus gain access to privileged maintenance operations. NOTE: this is different from CVE-2014-2350.
CVE-2022-29964 1 Emerson 48 Deltav Distributed Control System Sq Controller, Deltav Distributed Control System Sq Controller Firmware, Deltav Distributed Control System Sx Controller and 45 more 2024-11-21 5.5 Medium
The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. WIOC SSH provides access to a shell as root, DeltaV, or backup via hardcoded credentials. NOTE: this is different from CVE-2014-2350.
CVE-2022-29963 1 Emerson 48 Deltav Distributed Control System Sq Controller, Deltav Distributed Control System Sq Controller Firmware, Deltav Distributed Control System Sx Controller and 45 more 2024-11-21 5.5 Medium
The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. TELNET on port 18550 provides access to a root shell via hardcoded credentials. This affects S-series, P-series, and CIOC/EIOC nodes. NOTE: this is different from CVE-2014-2350.
CVE-2022-29962 1 Emerson 48 Deltav Distributed Control System Sq Controller, Deltav Distributed Control System Sq Controller Firmware, Deltav Distributed Control System Sx Controller and 45 more 2024-11-21 5.5 Medium
The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. FTP has hardcoded credentials (but may often be disabled in production). This affects S-series, P-series, and CIOC/EIOC nodes. NOTE: this is different from CVE-2014-2350.
CVE-2022-29960 1 Emerson 1 Openbsi 2024-11-21 5.5 Medium
Emerson OpenBSI through 2022-04-29 uses weak cryptography. It is an engineering environment for the ControlWave and Bristol Babcock line of RTUs. DES with hardcoded cryptographic keys is used for protection of certain system credentials, engineering files, and sensitive utilities.
CVE-2022-29959 1 Emerson 1 Openbsi 2024-11-21 5.5 Medium
Emerson OpenBSI through 2022-04-29 mishandles credential storage. It is an engineering environment for the ControlWave and Bristol Babcock line of RTUs. This environment provides access control functionality through user authentication and privilege management. The credentials for various users are stored insecurely in the SecUsers.ini file by using a simple string transformation rather than a cryptographic mechanism.
CVE-2022-29958 1 Jtekt 34 Nano 10gx Tuc-1157, Nano 10gx Tuc-1157 Firmware, Nano Cpu Tuc-6941 and 31 more 2024-11-21 9.8 Critical
JTEKT TOYOPUC PLCs through 2022-04-29 do not ensure data integrity. They utilize the unauthenticated CMPLink/TCP protocol for engineering purposes, including downloading projects and control logic to the PLC. Control logic is downloaded to the PLC on a block-by-block basis with a given memory address and a blob of machine code. The logic that is downloaded to the PLC is not cryptographically authenticated, allowing an attacker to execute arbitrary machine code on the PLC's CPU module in the context of the runtime. In the case of the PC10G-CPU, and likely for other CPU modules of the TOYOPUC family, a processor without MPU or MMU is used and this no memory protection or privilege-separation capabilities are available, giving an attacker full control over the CPU.