Search Results (363384 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-26582 1 Paxtechnology 2 A930, Paydroid 2024-11-21 7.8 High
PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allow an attacker to gain root access through command injection in systool client. The attacker must have shell access to the device in order to exploit this vulnerability.
CVE-2022-26581 2 Pax, Paxtechnology 3 A930, A930, Paydroid 2024-11-21 5.2 Medium
PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allow an unauthorized attacker to perform privileged actions through the execution of specific binaries listed in ADB daemon. The attacker must have physical USB access to the device in order to exploit this vulnerability.
CVE-2022-26580 1 Paxtechnology 2 A930, Paydroid 2024-11-21 6.8 Medium
PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allow the execution of specific command injections on selected binaries in the ADB daemon shell service. The attacker must have physical USB access to the device in order to exploit this vulnerability.
CVE-2022-26579 1 Paxtechnology 2 A930, Paydroid 2024-11-21 6 Medium
PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allow a root privileged attacker to install unsigned packages. The attacker must have shell access to the device and gain root privileges in order to exploit this vulnerability.
CVE-2022-26572 1 Xerox 2 Colorqube 8580, Colorqube 8580 Firmware 2024-11-21 7.5 High
Xerox ColorQube 8580 was discovered to contain an access control issue which allows attackers to print, view the status, and obtain sensitive information.
CVE-2022-26565 1 Totaljs 1 Content Management System 2024-11-21 4.8 Medium
A cross-site scripting (XSS) vulnerability in Totaljs all versions before commit 95f54a5commit, allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page Name text field when creating a new page.
CVE-2022-26564 1 Digitaldruid 1 Hoteldruid 2024-11-21 6.1 Medium
HotelDruid Hotel Management Software v3.0.3 contains a cross-site scripting (XSS) vulnerability via the prezzoperiodo4 parameter in creaprezzi.php.
CVE-2022-26563 1 Tildeslash 1 Monit 2024-11-21 8.8 High
An issue was discovered in Tildeslash Monit before 5.31.0, allows remote attackers to gain escilated privlidges due to improper PAM-authorization.
CVE-2022-26562 1 Kopano 1 Groupware Core 2024-11-21 9.8 Critical
An issue in provider/libserver/ECKrbAuth.cpp of Kopano Core <= v11.0.2.51 contains an issue which allows attackers to authenticate even if the user account or password is expired. It also exists in the predecessor Zarafa Collaboration Platform (ZCP) in provider/libserver/ECPamAuth.cpp of Zarafa >= 6.30 (introduced between 6.30.0 RC1e and 6.30.8 final).
CVE-2022-26555 1 Eova 1 Eova 2024-11-21 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in the Add a Button function of Eova v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the button name text box.
CVE-2022-26546 1 Hospital Management System Project 1 Hospital Management System 2024-11-21 9.1 Critical
Hospital Management System v1.0 was discovered to lack an authorization component, allowing attackers to access sensitive information and obtain the admin password.
CVE-2022-26536 1 Tenda 2 M3, M3 Firmware 2024-11-21 9.8 Critical
Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setFixTools.
CVE-2022-26534 1 Fisco-bcos 1 Fisco-bcos 2024-11-21 7.5 High
FISCO-BCOS release-3.0.0-rc2 was discovered to contain an issue where a malicious node, via a malicious viewchange packet, will cause normal nodes to change view excessively and stop generating blocks.
CVE-2022-26532 1 Zyxel 130 Atp100, Atp100 Firmware, Atp100w and 127 more 2024-11-21 7.8 High
A argument injection vulnerability in the 'packet-trace' CLI command of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5) and earlier versions, WAC500 firmware version 6.30(ABVS.2) and earlier versions, and WAX510D firmware version 6.30(ABTF.2) and earlier versions, that could allow a local authenticated attacker to execute arbitrary OS commands by including crafted arguments to the CLI command.
CVE-2022-26531 1 Zyxel 130 Atp100, Atp100 Firmware, Atp100w and 127 more 2024-11-21 6.1 Medium
Multiple improper input validation flaws were identified in some CLI commands of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5) and earlier versions, WAC500 firmware version 6.30(ABVS.2) and earlier versions, and WAX510D firmware version 6.30(ABTF.2) and earlier versions, that could allow a local authenticated attacker to cause a buffer overflow or a system crash via a crafted payload.
CVE-2022-26530 1 Swaywm 1 Swaylock 2024-11-21 9.1 Critical
swaylock before 1.6 allows attackers to trigger a crash and achieve unlocked access to a Wayland compositor.
CVE-2022-26529 3 Google, Linux, Realtek 3 Android, Linux Kernel, Bluetooth Mesh Software Development Kit 2024-11-21 6.5 Medium
Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for segmented packets’ link parameter. An unauthenticated attacker in the adjacent network can exploit this vulnerability to cause buffer overflow and disrupt service.
CVE-2022-26528 3 Google, Linux, Realtek 3 Android, Linux Kernel, Bluetooth Mesh Software Development Kit 2024-11-21 6.5 Medium
Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for the length of segmented packets’ shift parameter. An unauthenticated attacker in the adjacent network can exploit this vulnerability to cause buffer overflow and disrupt service.
CVE-2022-26527 3 Google, Linux, Realtek 3 Android, Linux Kernel, Bluetooth Mesh Software Development Kit 2024-11-21 6.5 Medium
Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for the size of segmented packets’ reference parameter. An unauthenticated attacker in the adjacent network can exploit this vulnerability to cause buffer overflow and disrupt service.
CVE-2022-26526 2 Anaconda, Conda 2 Anaconda3, Miniconda3 2024-11-21 7.8 High
Anaconda Anaconda3 (Anaconda Distribution) through 2021.11.0.0 and Miniconda3 through 4.11.0.0 can create a world-writable directory under %PROGRAMDATA% and place that directory into the system PATH environment variable. Thus, for example, local users can gain privileges by placing a Trojan horse file into that directory. (This problem can only happen in a non-default installation. The person who installs the product must specify that it is being installed for all users. Also, the person who installs the product must specify that the system PATH should be changed.