Search Results (363125 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-26113 1 Fortinet 1 Forticlient 2024-11-21 7.7 High
An execution with unnecessary privileges vulnerability [CWE-250] in FortiClientWindows 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, 6.0.0 through 6.0.10 may allow a local attacker to perform an arbitrary file write on the system.
CVE-2022-26111 1 Canon 1 Irisnext 2024-11-21 8.8 High
The BeanShell components of IRISNext through 9.8.28 allow execution of arbitrary commands on the target server by creating a custom search (or editing an existing/predefined search) of the documents. The search components permit adding BeanShell expressions that result in Remote Code Execution in the context of the IRISNext application user, running on the web server.
CVE-2022-26110 2 Debian, Wisc 2 Debian Linux, Htcondor 2024-11-21 8.8 High
An issue was discovered in HTCondor 8.8.x before 8.8.16, 9.0.x before 9.0.10, and 9.1.x before 9.6.0. When a user authenticates to an HTCondor daemon via the CLAIMTOBE method, the user can then impersonate any entity when issuing additional commands to that daemon.
CVE-2022-26109 1 Sap 1 3d Visual Enterprise Viewer 2024-11-21 6.5 Medium
When a user opens a manipulated Portable Document Format (.pdf, PDFView.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application.
CVE-2022-26108 1 Sap 1 3d Visual Enterprise Viewer 2024-11-21 6.5 Medium
When a user opens a manipulated Picture Exchange (.pcx, 2d.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application.
CVE-2022-26107 1 Sap 1 3d Visual Enterprise Viewer 2024-11-21 6.5 Medium
When a user opens a manipulated Jupiter Tesselation (.jt, JTReader.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application.
CVE-2022-26106 1 Sap 1 3d Visual Enterprise Viewer 2024-11-21 6.5 Medium
When a user opens a manipulated Computer Graphics Metafile (.cgm, CgmCore.dll) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application.
CVE-2022-26105 1 Sap 1 Netweaver Enterprise Portal 2024-11-21 6.1 Medium
SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the user inputs while interacting on the Network. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.
CVE-2022-26104 1 Sap 1 Financial Consolidation 2024-11-21 5.3 Medium
SAP Financial Consolidation - version 10.1, does not perform necessary authorization checks for updating homepage messages, resulting for an unauthorized user to alter the maintenance system message.
CVE-2022-26103 1 Sap 1 Netweaver Application Server Java 2024-11-21 5.3 Medium
Under certain conditions, SAP NetWeaver (Real Time Messaging Framework) - version 7.50, allows an attacker to access information which could lead to information gathering for further exploits and attacks.
CVE-2022-26102 1 Sap 1 Netweaver Application Server Abap 2024-11-21 5.4 Medium
Due to missing authorization check, SAP NetWeaver Application Server for ABAP - versions 700, 701, 702, 731, allows an authenticated attacker, to access content on the start screen of any transaction that is available with in the same SAP system even if he/she isn't authorized for that transaction. A successful exploitation could expose information and in worst case manipulate data before the start screen is executed, resulting in limited impact on confidentiality and integrity of the application.
CVE-2022-26101 1 Sap 1 Fiori Launchpad 2024-11-21 6.1 Medium
Fiori launchpad - versions 754, 755, 756, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
CVE-2022-26100 1 Sap 1 Sapcar 2024-11-21 9.8 Critical
SAPCAR - version 7.22, does not contain sufficient input validation on the SAPCAR archive. As a result, the SAPCAR process may crash, and the attacker may obtain privileged access to the system.
CVE-2022-26099 1 Google 1 Android 2024-11-21 5.9 Medium
Null pointer dereference vulnerability in parser_infe function of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds read by remote attackers.
CVE-2022-26098 1 Google 1 Android 2024-11-21 8.1 High
Heap-based buffer overflow vulnerability in sheifd_create function of libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attackers.
CVE-2022-26097 1 Google 1 Android 2024-11-21 5.9 Medium
Null pointer dereference vulnerability in parser_unknown_property function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker.
CVE-2022-26096 1 Google 1 Android 2024-11-21 5.9 Medium
Null pointer dereference vulnerability in parser_ispe function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker.
CVE-2022-26095 1 Google 1 Android 2024-11-21 5.9 Medium
Null pointer dereference vulnerability in parser_colr function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker.
CVE-2022-26094 1 Google 1 Android 2024-11-21 5.9 Medium
Null pointer dereference vulnerability in parser_auxC function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker.
CVE-2022-26093 1 Google 1 Android 2024-11-21 5.9 Medium
Null pointer dereference vulnerability in parser_irot function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker.