Search Results (365444 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-48593 1 Sciencelogic 1 Sl1 2024-11-21 8.8 High
A SQL injection vulnerability exists in the “topology data service” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
CVE-2022-48592 1 Sciencelogic 1 Sl1 2024-11-21 8.8 High
A SQL injection vulnerability exists in the vendor_country parameter of the “vendor print report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
CVE-2022-48591 1 Sciencelogic 1 Sl1 2024-11-21 8.8 High
A SQL injection vulnerability exists in the vendor_state parameter of the “vendor print report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
CVE-2022-48590 1 Sciencelogic 1 Sl1 2024-11-21 8.8 High
A SQL injection vulnerability exists in the “admin dynamic app mib errors” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
CVE-2022-48589 1 Sciencelogic 1 Sl1 2024-11-21 8.8 High
A SQL injection vulnerability exists in the “reporting job editor” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
CVE-2022-48588 1 Sciencelogic 1 Sl1 2024-11-21 8.8 High
A SQL injection vulnerability exists in the “schedule editor decoupled” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
CVE-2022-48587 1 Sciencelogic 1 Sl1 2024-11-21 8.8 High
A SQL injection vulnerability exists in the “schedule editor” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
CVE-2022-48586 1 Sciencelogic 1 Sl1 2024-11-21 8.8 High
A SQL injection vulnerability exists in the “json walker” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
CVE-2022-48585 1 Sciencelogic 1 Sl1 2024-11-21 8.8 High
A SQL injection vulnerability exists in the “admin brand portal” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
CVE-2022-48584 1 Sciencelogic 1 Sl1 2024-11-21 8.8 High
A command injection vulnerability exists in the download and convert report feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system.
CVE-2022-48583 1 Sciencelogic 1 Sl1 2024-11-21 8.8 High
A command injection vulnerability exists in the dashboard scheduler feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system.
CVE-2022-48582 1 Sciencelogic 1 Sl1 2024-11-21 8.8 High
A command injection vulnerability exists in the ticket report generate feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system.
CVE-2022-48581 1 Sciencelogic 1 Sl1 2024-11-21 8.8 High
A command injection vulnerability exists in the “dash export” feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system.
CVE-2022-48580 1 Sciencelogic 1 Sl1 2024-11-21 8.8 High
A command injection vulnerability exists in the ARP ping device tool feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system.
CVE-2022-48579 1 Rarlab 1 Unrar 2024-11-21 7.5 High
UnRAR before 6.2.3 allows extraction of files outside of the destination folder via symlink chains.
CVE-2022-48578 1 Apple 1 Macos 2024-11-21 7.1 High
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.5. Processing an AppleScript may result in unexpected termination or disclosure of process memory.
CVE-2022-48571 1 Memcached 1 Memcached 2024-11-21 7.5 High
memcached 1.6.7 allows a Denial of Service via multi-packet uploads in UDP.
CVE-2022-48570 1 Cryptopp 1 Crypto\+\+ 2024-11-21 7.5 High
Crypto++ through 8.4 contains a timing side channel in ECDSA signature generation. Function FixedSizeAllocatorWithCleanup could write to memory outside of the allocation if the allocated memory was not 16-byte aligned. NOTE: this issue exists because the CVE-2019-14318 fix was intentionally removed for functionality reasons.
CVE-2022-48566 3 Debian, Netapp, Python 4 Debian Linux, Active Iq Unified Manager, Converged Systems Advisor Agent and 1 more 2024-11-21 5.9 Medium
An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest.
CVE-2022-48565 3 Debian, Python, Redhat 3 Debian Linux, Python, Enterprise Linux 2024-11-21 9.8 Critical
An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities.