Search Results (362695 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-47556 1 Ormazabal 4 Ekorccp, Ekorccp Firmware, Ekorrci and 1 more 2024-11-21 6.5 Medium
Uncontrolled resource consumption in ekorRCI, allowing an attacker with low-privileged access to the web server to send continuous legitimate web requests to a functionality that is not properly validated, in order to cause a denial of service (DoS) on the device.
CVE-2022-47555 1 Ormazabal 4 Ekorccp, Ekorccp Firmware, Ekorrci and 1 more 2024-11-21 9.3 Critical
Operating system command injection in ekorCCP and ekorRCI, which could allow an authenticated attacker to execute commands, create new users with elevated privileges or set up a backdoor.
CVE-2022-47554 1 Ormazabal 4 Ekorccp, Ekorccp Firmware, Ekorrci and 1 more 2024-11-21 8.2 High
Exposure of sensitive information in ekorCCP and ekorRCI, potentially allowing a remote attacker to obtain critical information from various .xml files, including .xml files containing credentials, without being authenticated within the web server.
CVE-2022-47553 1 Ormazabal 4 Ekorccp, Ekorccp Firmware, Ekorrci and 1 more 2024-11-21 8.6 High
Incorrect authorisation in ekorCCP and ekorRCI, which could allow a remote attacker to obtain resources with sensitive information for the organisation, without being authenticated within the web server.
CVE-2022-47532 1 Filerun 1 Filerun 2024-11-21 9.8 Critical
FileRun 20220519 allows SQL Injection via the "dir" parameter in a /?module=users&section=cpanel&page=list request.
CVE-2022-47531 1 Ericsson 1 Evolved Packet Gateway 2024-11-21 8.8 High
An issue was discovered in Ericsson Evolved Packet Gateway (EPG) versions 3.x before 3.25 and 2.x before 2.16, allows authenticated users to bypass system CLI and execute commands they are authorized to execute directly in the UNIX shell.
CVE-2022-47529 1 Rsa 1 Netwitness 2024-11-21 6.7 Medium
Insecure Win32 memory objects in Endpoint Windows Agents in RSA NetWitness Platform before 12.2 allow local and admin Windows user accounts to modify the endpoint agent service configuration: to either disable it completely or run user-supplied code or commands, thereby bypassing tamper-protection features via ACL modification.
CVE-2022-47421 1 Armemberplugin 1 Armember 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Repute InfoSystems ARMember (free), Repute InfoSystems ARMember (premium) plugins.
CVE-2022-47375 1 Siemens 18 6ag1414-3em07-7ab0, 6ag1414-3em07-7ab0 Firmware, 6ag1416-3es07-7ab0 and 15 more 2024-11-21 7.5 High
A vulnerability has been identified in SIMATIC PC-Station Plus (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions), SINAMICS S120 (incl. SIPLUS variants) (All versions < V5.2 SP3 HF15), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions). The affected products do not handle long file names correctly. This could allow an attacker to create a buffer overflow and create a denial of service condition for the device.
CVE-2022-47353 2 Google, Unisoc 7 Android, S8000, T610 and 4 more 2024-11-21 4.4 Medium
In vdsp device, there is a possible system crash due to improper input validation.This could lead to local denial of service with System execution privileges needed
CVE-2022-47352 2 Google, Unisoc 3 Android, T610, T618 2024-11-21 4.4 Medium
In camera driver, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed
CVE-2022-47351 2 Google, Unisoc 10 Android, S8000, T606 and 7 more 2024-11-21 4.4 Medium
In camera driver, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed
CVE-2022-47350 2 Google, Unisoc 12 Android, S8000, Sc9863a and 9 more 2024-11-21 4.4 Medium
In camera driver, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed
CVE-2022-47187 1 Generex 3 Cs141, Cs141 Firmware, Ups-cs141 2024-11-21 5.3 Medium
There is a file upload XSS vulnerability in Generex CS141 below 2.06 version. The web application allows file uploading, making it possible to upload a file with HTML content. When HTML files are allowed, XSS payload can be injected into the uploaded file.
CVE-2022-47186 1 Generex 3 Cs141, Cs141 Firmware, Ups-cs141 2024-11-21 7.5 High
There is an unrestricted upload of file vulnerability in Generex CS141 below 2.06 version. An attacker could upload and/or delete any type of file, without any format restriction and without any authentication, in the "upload" directory.
CVE-2022-47175 1 Royal-elementor-addons 1 Royal Elementor Addons 2024-11-21 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in P Royal Royal Elementor Addons and Templates plugin <= 1.3.75 versions.
CVE-2022-47172 1 Hasthemes 1 Woolentor - Woocommerce Elementor Addons \+ Builder 2024-11-21 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in HasThemes ShopLentor plugin <= 2.6.2 versions.
CVE-2022-47169 1 Staxwp 1 Visibility Logic For Elementor 2024-11-21 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in StaxWP Visibility Logic for Elementor plugin <= 2.3.4 versions.
CVE-2022-47140 1 Reputeinfosystems 1 Armember 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Repute InfoSystems ARMember plugin <= 4.0.1 versions.
CVE-2022-47132 1 Creativeitem 1 Academy Lms 2024-11-21 8.8 High
A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows attackers to arbitrarily add Administrator users.