Search Results (36956 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-29051 1 Jenkins 1 Publish Over Ftp 2024-11-21 4.3 Medium
Missing permission checks in Jenkins Publish Over FTP Plugin 1.16 and earlier allow attackers with Overall/Read permission to connect to an FTP server using attacker-specified credentials.
CVE-2022-29047 2 Jenkins, Redhat 3 Pipeline\, Ocp Tools, Openshift 2024-11-21 5.3 Medium
Jenkins Pipeline: Shared Groovy Libraries Plugin 564.ve62a_4eb_b_e039 and earlier, except 2.21.3, allows attackers able to submit pull requests (or equivalent), but not able to commit directly to the configured SCM, to effectively change the Pipeline behavior by changing the definition of a dynamically retrieved library in their pull request, even if the Pipeline is configured to not trust them.
CVE-2022-29033 1 Siemens 2 Jt2go, Teamcenter Visualization 2024-11-21 7.8 High
A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The CGM_NIST_Loader.dll library is vulnerable to uninitialized pointer free while parsing specially crafted CGM files. An attacker could leverage this vulnerability to execute code in the context of the current process.
CVE-2022-29028 1 Siemens 2 Jt2go, Teamcenter Visualization 2024-11-21 5.5 Medium
A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The Tiff_Loader.dll is vulnerable to infinite loop condition while parsing specially crafted TIFF files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.
CVE-2022-29009 1 Phpgurukul 1 Cyber Cafe Management System 2024-11-21 9.8 Critical
Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Cyber Cafe Management System Project v1.0 allows attackers to bypass authentication.
CVE-2022-29007 1 Phpgurukul 1 Dairy Farm Shop Management System 2024-11-21 9.8 Critical
Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Dairy Farm Shop Management System v1.0 allows attackers to bypass authentication.
CVE-2022-29006 1 Phpgurukul 1 Directory Management System 2024-11-21 9.8 Critical
Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Directory Management System v1.0 allows attackers to bypass authentication.
CVE-2022-28993 1 Bdtask 1 Multi Store Inventory Management System 2024-11-21 9.8 Critical
Multi Store Inventory Management System v1.0 allows attackers to perform an account takeover via a crafted POST request.
CVE-2022-28962 1 Online Sports Complex Booking System Project 1 Online Sports Complex Booking System 2024-11-21 9.8 Critical
Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/classes/Users.php?f=delete_client.
CVE-2022-28961 1 Spip 1 Spip 2024-11-21 8.8 High
Spip Web Framework v3.1.13 and below was discovered to contain multiple SQL injection vulnerabilities at /ecrire via the lier_trad and where parameters.
CVE-2022-28930 1 Erp-pro Project 1 Erp-pro 2024-11-21 9.8 Critical
ERP-Pro v3.7.5 was discovered to contain a SQL injection vulnerability via the component /base/SysEveMenuAuthPointMapper.xml..
CVE-2022-28929 1 Hospital Management System Project 1 Hospital Management System 2024-11-21 9.8 Critical
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the delid parameter at viewtreatmentrecord.php.
CVE-2022-28884 2 F-secure, Withsecure 4 Internet Gatekeeper, Linux Security, Business Suite and 1 more 2024-11-21 4.3 Medium
A Denial-of-Service vulnerability was discovered in the F-Secure and WithSecure products where aerdl.dll may go into an infinite loop when unpacking PE files. It is possible that this can crash the scanning engine.
CVE-2022-28882 3 Apple, F-secure, Microsoft 9 Macos, Atlant, Cloud Protection For Salesforce and 6 more 2024-11-21 4.3 Medium
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aegen.dll will go into an infinite loop when unpacking PE files. This eventually leads to scanning engine crash. The exploit can be triggered remotely by an attacker.
CVE-2022-28866 1 Nokia 1 Airframe Bmc Web Gui R18 Firmware 2024-11-21 8.8 High
Multiple Improper Access Control was discovered in Nokia AirFrame BMC Web GUI < R18 Firmware v4.13.00. It does not properly validate requests for access to (or editing of) data and functionality in all endpoints under /#settings/* and /api/settings/*. By not verifying the permissions for access to resources, it allows a potential attacker to view pages, with sensitive data, that are not allowed, and modify system configurations also causing DoS, which should be accessed only by user with administration profile, bypassing all controls (without checking for user identity).
CVE-2022-28862 1 Archibus 1 Web Central 2024-11-21 9.8 Critical
In Archibus Web Central before 26.2, multiple SQL Injection vulnerabilities occur in dwr/call/plaincall/workflow.runWorkflowRule.dwr. Through the injection of arbitrary SQL statements, a potential attacker can modify query syntax and perform unauthorized (and unexpected) operations against the remote database. This is fixed in all recent versions, such as version 26.2.
CVE-2022-28789 1 Samsung 1 Voice Note 2024-11-21 6.2 Medium
Unprotected activities in Voice Note prior to version 21.3.51.11 allows attackers to record voice without user interaction. The patch adds proper permission for vulnerable activities.
CVE-2022-28774 1 Sap 1 Host Agent 2024-11-21 5.5 Medium
Under certain conditions, the SAP Host Agent logfile shows information which would otherwise be restricted.
CVE-2022-28648 1 Jetbrains 1 Youtrack 2024-11-21 5.7 Medium
In JetBrains YouTrack before 2022.1.43563 HTML code from the issue description was being rendered
CVE-2022-28623 3 Hp, Hpe, Redhat 3 Hp-ux, Icewall Sso Certd, Enterprise Linux 2024-11-21 9.8 Critical
Security vulnerabilities in HPE IceWall SSO 10.0 certd could be exploited remotely to allow SQL injection or unauthorized data injection. HPE has provided the following updated modules to resolve these vulnerabilities. HPE IceWall SSO version 10.0 certd library Patch 9 for RHEL and HPE IceWall SSO version 10.0 certd library Patch 9 for HP-UX.