Search Results (364725 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-35403 1 Zohocorp 4 Manageengine Assetexplorer, Manageengine Servicedesk Plus, Manageengine Servicedesk Plus Msp and 1 more 2024-11-21 7.5 High
Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP before 10606, and SupportCenter Plus before 11022 are affected by an unauthenticated local file disclosure vulnerability via ticket-creation email. (This also affects Asset Explorer before 6977 with authentication.)
CVE-2022-35299 1 Sap 2 Sap Iq, Sql Anywhere 2024-11-21 9.8 Critical
SAP SQL Anywhere - version 17.0, and SAP IQ - version 16.1, allows an attacker to leverage logical errors in memory management to cause a memory corruption, such as Stack-based buffer overflow.
CVE-2022-35298 1 Sap 1 Netweaver Enterprise Portal 2024-11-21 6.1 Medium
SAP NetWeaver Enterprise Portal (KMC) - version 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability. KMC servlet is vulnerable to XSS attack. The execution of script content by a victim registered on the portal could compromise the confidentiality and integrity of victim’s web browser session.
CVE-2022-35297 1 Sap 1 Enable Now 2024-11-21 5.4 Medium
The application SAP Enable Now does not sufficiently encode user-controlled inputs over the network before it is placed in the output being served to other users, thereby expanding the attack scope, resulting in Stored Cross-Site Scripting (XSS) vulnerability leading to limited impact on Confidentiality, Integrity and Availability.
CVE-2022-35296 1 Sap 1 Businessobjects Business Intelligence 2024-11-21 4.9 Medium
Under certain conditions, the application SAP BusinessObjects Business Intelligence Platform (Version Management System) exposes sensitive information to an actor over the network with high privileges that is not explicitly authorized to have access to that information, leading to a high impact on Confidentiality.
CVE-2022-35295 1 Sap 1 Host Agent 2024-11-21 4.9 Medium
In SAP Host Agent (SAPOSCOL) - version 7.22, an attacker may use files created by saposcol to escalate privileges for themselves.
CVE-2022-35294 1 Sap 1 Netweaver Application Server Abap 2024-11-21 5.4 Medium
An attacker with basic business user privileges could craft and upload a malicious file to SAP NetWeaver Application Server ABAP, which is then downloaded and viewed by other users resulting in a stored Cross-Site-Scripting attack. This could lead to information disclosure including stealing authentication information and impersonating the affected user.
CVE-2022-35292 1 Sap 1 Business One 2024-11-21 7.8 High
In SAP Business One application when a service is created, the executable path contains spaces and isn’t enclosed within quotes, leading to a vulnerability known as Unquoted Service Path which allows a user to gain SYSTEM privileges. If the service is exploited by adversaries, it can be used to gain privileged permissions on a system or network leading to high impact on Confidentiality, Integrity, and Availability.
CVE-2022-35291 1 Sap 1 Successfactors Mobile 2024-11-21 8.1 High
Due to misconfigured application endpoints, SAP SuccessFactors attachment APIs allow attackers with user privileges to perform activities with admin privileges over the network. These APIs were consumed in the SF Mobile application for Time Off, Time Sheet, EC Workflow, and Benefits. On successful exploitation, the attacker can read/write attachments. Thus, compromising the confidentiality and integrity of the application
CVE-2022-35289 1 Facebook 1 Hermes 2024-11-21 9.8 Critical
A write-what-where condition in hermes caused by an integer overflow, prior to commit 5b6255ae049fa4641791e47fad994e8e8c4da374 allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected.
CVE-2022-35288 1 Ibm 1 Security Verify Information Queue 2024-11-21 6.5 Medium
IBM Security Verify Information Queue 10.0.2 could allow a user to obtain sensitive information that could be used in further attacks against the system. IBM X-Force ID: 230818.
CVE-2022-35287 1 Ibm 1 Security Verify Information Queue 2024-11-21 7.5 High
IBM Security Verify Information Queue 10.0.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 230817.
CVE-2022-35286 2 Ibm, Linux 2 Security Verify Information Queue, Linux Kernel 2024-11-21 8.8 High
IBM Security Verify Information Queue 10.0.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 230814.
CVE-2022-35285 2 Ibm, Linux 2 Security Verify Information Queue, Linux Kernel 2024-11-21 8.8 High
IBM Security Verify Information Queue 10.0.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 230812.
CVE-2022-35284 1 Ibm 1 Security Verify Information Queue 2024-11-21 7.5 High
IBM Security Verify Information Queue 10.0.2 could disclose sensitive information due to a missing or insecure SameSite attribute for a sensitive cookie. IBM X-Force ID: 230811.
CVE-2022-35283 2 Ibm, Linux 2 Security Verify Information Queue, Linux Kernel 2024-11-21 6.5 Medium
IBM Security Verify Information Queue 10.0.2 could allow an authenticated user to cause a denial of service with a specially crafted HTTP request.
CVE-2022-35280 2 Ibm, Microsoft 2 Robotic Process Automation For Cloud Pak, Windows 2024-11-21 9.8 Critical
IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 230634.
CVE-2022-35273 1 Allied-telesis 2 Centrecom Ar260s, Centrecom Ar260s Firmware 2024-11-21 8.8 High
OS command injection vulnerability in GUI setting page of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote authenticated attacker to execute an arbitrary OS command.
CVE-2022-35272 1 F5 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more 2024-11-21 7.5 High
In BIG-IP Versions 17.0.x before 17.0.0.1 and 16.1.x before 16.1.3.1, when source-port preserve-strict is configured on an HTTP Message Routing Framework (MRF) virtual server, undisclosed traffic may cause the Traffic Management Microkernel (TMM) to produce a core file and the connection to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2022-35260 4 Apple, Haxx, Netapp and 1 more 12 Macos, Curl, Clustered Data Ontap and 9 more 2024-11-21 6.5 Medium
curl can be told to parse a `.netrc` file for credentials. If that file endsin a line with 4095 consecutive non-white space letters and no newline, curlwould first read past the end of the stack-based buffer, and if the readworks, write a zero byte beyond its boundary.This will in most cases cause a segfault or similar, but circumstances might also cause different outcomes.If a malicious user can provide a custom netrc file to an application or otherwise affect its contents, this flaw could be used as denial-of-service.