Search Results (365349 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-45868 1 H2database 1 H2 2024-11-21 8.4 High
The web-based admin console in H2 Database Engine before 2.2.220 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web admin console. Consequently, a local user (or an attacker that has obtained local access through some means) would be able to discover the password by listing processes and their arguments. NOTE: the vendor states "This is not a vulnerability of H2 Console ... Passwords should never be passed on the command line and every qualified DBA or system administrator is expected to know that." Nonetheless, the issue was fixed in 2.2.220.
CVE-2022-45861 1 Fortinet 2 Fortios, Fortiproxy 2024-11-21 6.4 Medium
An access of uninitialized pointer vulnerability [CWE-824] in the SSL VPN portal of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9 and before 6.4.11 and FortiProxy version 7.2.0 through 7.2.1, version 7.0.0 through 7.0.7 and before 2.0.11 allows a remote authenticated attacker to crash the sslvpn daemon via an HTTP GET request.
CVE-2022-45860 1 Fortinet 2 Fortinac, Fortinac-f 2024-11-21 5 Medium
A weak authentication vulnerability [CWE-1390] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in device registration page may allow an unauthenticated attacker to perform password spraying attacks with an increased chance of success.
CVE-2022-45859 1 Fortinet 2 Fortinac, Fortinac-f 2024-11-21 3.9 Low
An insufficiently protected credentials vulnerability [CWE-522] in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions, 8.7.0 all versions may allow a local attacker with system access to retrieve users' passwords.
CVE-2022-45858 1 Fortinet 1 Fortinac 2024-11-21 3.8 Low
A use of a weak cryptographic algorithm vulnerability [CWE-327] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.0 all versions, 8.8.0 all versions, 8.7.0 all versions may increase the chances of an attacker to have access to sensitive information or to perform man-in-the-middle attacks.
CVE-2022-45857 1 Fortinet 1 Fortimanager 2024-11-21 6 Medium
An incorrect user management vulnerability [CWE-286] in the FortiManager version 6.4.6 and below VDOM creation component may allow an attacker to access a FortiGate without a password via newly created VDOMs after the super_admin account is deleted.
CVE-2022-45855 1 Apache 1 Ambari 2024-11-21 8 High
SpringEL injection in the metrics source in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. Users are recommended to upgrade to 2.7.7.
CVE-2022-45848 1 Contest-gallery 1 Contest Gallery 2024-11-21 6.1 Medium
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Contest Gallery plugin <= 13.1.0.9 on WordPress.
CVE-2022-45828 1 Nootheme 1 Noo Timetable 2024-11-21 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in NooTheme Noo Timetable plugin <= 2.1.3 versions.
CVE-2022-45827 1 Galleryplugins 1 Video Contest 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in GalleryPlugins Video Contest plugin <= 3.2 versions.
CVE-2022-45823 1 Video Contest Wordpress Project 1 Video Contest Wordpress 2024-11-21 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in GalleryPlugins Video Contest WordPress plugin <= 3.2 versions.
CVE-2022-45821 1 Nootheme 1 Noo Timetable 2024-11-21 6.5 Medium
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in NooTheme Noo Timetable plugin <= 2.1.3 versions.
CVE-2022-45816 1 Dev4press 1 Gd Bbpress Attachments 2024-11-21 4.8 Medium
Auth. Stored Cross-Site Scripting (XSS) vulnerability in GD bbPress Attachments plugin <= 4.3.1 on WordPress.
CVE-2022-45803 1 Gutenbergforms 1 Gutenberg Forms 2024-11-21 6.5 Medium
Missing Authorization vulnerability in Nikolay Strikhar WordPress Form Builder Plugin – Gutenberg Forms.This issue affects WordPress Form Builder Plugin – Gutenberg Forms: from n/a through 2.2.8.3.
CVE-2022-45802 1 Apache 1 Streampark 2024-11-21 9.8 Critical
Streampark allows any users to upload a jar as application, but there is no mandatory verification of the uploaded file type, causing users to upload some high-risk files, and may upload them to any directory, Users of the affected versions should upgrade to Apache StreamPark 2.0.0 or later
CVE-2022-45801 1 Apache 1 Streampark 2024-11-21 5.4 Medium
Apache StreamPark 1.0.0 to 2.0.0 have a LDAP injection vulnerability. LDAP Injection is an attack used to exploit web based applications that construct LDAP statements based on user input. When an application fails to properly sanitize user input, it's possible to modify LDAP statements through techniques similar to SQL Injection. LDAP injection attacks could result in the granting of permissions to unauthorized queries, and content modification inside the LDAP tree. This risk may only occur when the user logs in with ldap, and the user name and password login will not be affected, Users of the affected versions should upgrade to Apache StreamPark 2.0.0 or later.
CVE-2022-45790 1 Omron 92 Cj1g-cpu42p, Cj1g-cpu42p Firmware, Cj1g-cpu43p and 89 more 2024-11-21 8.6 High
The Omron FINS protocol has an authenticated feature to prevent access to memory regions. Authentication is susceptible to bruteforce attack, which may allow an adversary to gain access to protected memory. This access can allow overwrite of values including programmed logic.
CVE-2022-45781 1 Tenda 2 Ax1803, Ax1803 Firmware 2024-11-21 8.8 High
Buffer Overflow vulnerability in Tenda AX1803 v1.0.0.1_2994 and earlier allows attackers to run arbitrary code via /goform/SetOnlineDevName.
CVE-2022-45722 1 Gzwhir 1 Ezeip 2024-11-21 6.1 Medium
ezEIP v5.3.0(0649) was discovered to contain a cross-site scripting (XSS) vulnerability.
CVE-2022-45703 1 Gnu 1 Binutils 2024-11-21 7.8 High
Heap buffer overflow vulnerability in binutils readelf before 2.40 via function display_debug_section in file readelf.c.