Search Results (363819 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-31600 1 Nvidia 2 Dgx A100, Dgx A100 Firmware 2024-11-21 7.5 High
NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmmCore, where a user with high privileges can chain another vulnerability to this vulnerability, causing an integer overflow, possibly leading to code execution, escalation of privileges, denial of service, compromised integrity, and information disclosure. The scope of impact can extend to other components.
CVE-2022-31599 1 Nvidia 2 Dgx A100, Dgx A100 Firmware 2024-11-21 8.2 High
NVIDIA DGX A100 contains a vulnerability in SBIOS in the Ofbd, where a local user with elevated privileges can cause access to an uninitialized pointer, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can extend to other components.
CVE-2022-31598 1 Sap 1 Business Objects Business Intelligence Platform 2024-11-21 5.4 Medium
Due to insufficient input validation, SAP Business Objects - version 420, allows an authenticated attacker to submit a malicious request through an allowed operation. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.
CVE-2022-31597 1 Sap 2 S\/4hana, Sapscore 2024-11-21 5.4 Medium
Within SAP S/4HANA - versions S4CORE 101, 102, 103, 104, 105, 106, SAPSCORE 127, the application business partner extension for Spain/Slovakia does not perform necessary authorization checks for a low privileged authenticated user over the network, resulting in escalation of privileges leading to low impact on confidentiality and integrity of the data.
CVE-2022-31594 1 Sap 1 Adaptive Server Enterprise 2024-11-21 6.7 Medium
A highly privileged user can exploit SUID-root program to escalate his privileges to root on a local Unix system.
CVE-2022-31593 1 Sap 1 Business One 2024-11-21 8.8 High
SAP Business One client - version 10.0 allows an attacker with low privileges, to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.
CVE-2022-31592 1 Sap 1 Enterprise Extension Defense Forces \& Public Security 2024-11-21 4.3 Medium
The application SAP Enterprise Extension Defense Forces & Public Security - versions 605, 606, 616,617,618, 802, 803, 804, 805, 806, does not perform necessary authorization checks for an authenticated user over the network, resulting in escalation of privileges leading to a limited impact on confidentiality.
CVE-2022-31591 1 Sap 1 Businessobjects Bw Publisher Service 2024-11-21 7.8 High
SAP BusinessObjects BW Publisher Service - versions 420, 430, uses a search path that contains an unquoted element. A local attacker can gain elevated privileges by inserting an executable file in the path of the affected service
CVE-2022-31590 1 Sap 1 Powerdesigner Proxy 2024-11-21 7.8 High
SAP PowerDesigner Proxy - version 16.7, allows an attacker with low privileges and has local access, with the ability to work around system’s root disk access restrictions to Write/Create a program file on system disk root path, which could then be executed with elevated privileges of the application during application start up or reboot, potentially compromising Confidentiality, Integrity and Availability of the system.
CVE-2022-31589 1 Sap 3 Erp Financial Accounting, Erp Localization For Cee Countries, S\/4hana 2024-11-21 6.5 Medium
Due to improper authorization check, business users who are using Israeli File from SHAAM program (/ATL/VQ23 transaction), are granted more than needed authorization to perform certain transaction, which may lead to users getting access to data that would otherwise be restricted.
CVE-2022-31588 1 Testplatform Project 1 Testplatform 2024-11-21 9.3 Critical
The zippies/testplatform repository through 2016-07-19 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVE-2022-31587 1 Kg-fashion-chatbot Project 1 Kg-fashion-chatbot 2024-11-21 9.3 Critical
The yuriyouzhou/KG-fashion-chatbot repository through 2018-05-22 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVE-2022-31586 1 Changepop-back Project 1 Changepop-back 2024-11-21 9.3 Critical
The unizar-30226-2019-06/ChangePop-Back repository through 2019-06-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVE-2022-31585 1 Home Internet Project 1 Home Internet 2024-11-21 9.3 Critical
The umeshpatil-dev/Home__internet repository through 2020-08-28 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVE-2022-31584 1 S3label Project 1 S3label 2024-11-21 9.3 Critical
The stonethree/s3label repository through 2019-08-14 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVE-2022-31583 1 Automatedquizeval Project 1 Automatedquizeval 2024-11-21 9.3 Critical
The sravaniboinepelli/AutomatedQuizEval repository through 2020-04-27 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVE-2022-31582 1 Videoserver Project 1 Videoserver 2024-11-21 9.3 Critical
The shaolo1/VideoServer repository through 2019-09-21 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVE-2022-31581 1 Scorelab 1 Openmf 2024-11-21 9.3 Critical
The scorelab/OpenMF repository before 2022-05-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVE-2022-31580 1 Caretakerr-api Project 1 Caretakerr-api 2024-11-21 9.3 Critical
The sanojtharindu/caretakerr-api repository through 2021-05-17 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVE-2022-31579 1 Iasset Project 1 Iasset 2024-11-21 9.3 Critical
The ralphjzhang/iasset repository through 2022-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.