Search Results (36947 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-23183 1 Advancedcustomfields 1 Advanced Custom Fields 2024-11-21 6.5 Medium
Missing authorization vulnerability in Advanced Custom Fields versions prior to 5.12.1 and Advanced Custom Fields Pro versions prior to 5.12.1 allows a remote authenticated attacker to view the information on the database without the access permission.
CVE-2022-23169 1 Amodat 1 Mobile Application Gateway 2024-11-21 5.9 Medium
attacker needs to craft a SQL payload. the vulnerable parameter is "agentid" must be authenticated to the admin panel.
CVE-2022-23168 1 Amodat 1 Mobile Application Gateway 2024-11-21 5.9 Medium
The attacker could get access to the database. The SQL injection is in the username parameter at the login panel: username: admin'--
CVE-2022-23139 1 Zte 2 Zxmp M721, Zxmp M721 Firmware 2024-11-21 8.8 High
ZTE's ZXMP M721 product has a permission and access control vulnerability. Since the folder permission viewed by sftp is 666, which is inconsistent with the actual permission. It’s easy for?users to?ignore the modification?of?the file permission configuration, so that low-authority accounts could actually obtain higher operating permissions on key files.
CVE-2022-23112 1 Jenkins 1 Publish Over Ssh 2024-11-21 6.5 Medium
A missing permission check in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers with Overall/Read access to connect to an attacker-specified SSH server using attacker-specified credentials.
CVE-2022-23098 2 Debian, Intel 2 Debian Linux, Connman 2024-11-21 7.5 High
An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation has an infinite loop if no data is received.
CVE-2022-23055 1 Frappe 1 Erpnext 2024-11-21 N/A
In ERPNext, versions v11.0.0-beta through v13.0.2 are vulnerable to Missing Authorization, in the chat rooms functionality. A low privileged attacker can send a direct message or a group message to any member or group, impersonating themselves as the administrator. The attacker can also read chat messages of groups that they do not belong to, and of other users.
CVE-2022-23046 1 Phpipam 1 Phpipam 2024-11-21 7.2 High
PhpIPAM v1.4.4 allows an authenticated admin user to inject SQL sentences in the "subnet" parameter while searching a subnet via app/admin/routing/edit-bgp-mapping-search.php
CVE-2022-23033 3 Debian, Fedoraproject, Xen 3 Debian Linux, Fedora, Xen 2024-11-21 7.8 High
arm: guest_physmap_remove_page not removing the p2m mappings The functions to remove one or more entries from a guest p2m pagetable on Arm (p2m_remove_mapping, guest_physmap_remove_page, and p2m_set_entry with mfn set to INVALID_MFN) do not actually clear the pagetable entry if the entry doesn't have the valid bit set. It is possible to have a valid pagetable entry without the valid bit set when a guest operating system uses set/way cache maintenance instructions. For instance, a guest issuing a set/way cache maintenance instruction, then calling the XENMEM_decrease_reservation hypercall to give back memory pages to Xen, might be able to retain access to those pages even after Xen started reusing them for other purposes.
CVE-2022-23009 1 F5 1 Big-iq Centralized Management 2024-11-21 7.2 High
On BIG-IQ Centralized Management 8.x before 8.1.0, an authenticated administrative role user on a BIG-IQ managed BIG-IP device can access other BIG-IP devices managed by the same BIG-IQ system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2022-22978 4 Netapp, Oracle, Redhat and 1 more 5 Active Iq Unified Manager, Financial Services Crime And Compliance Management Studio, Jboss Fuse and 2 more 2024-11-21 9.8 Critical
In spring security versions prior to 5.4.11+, 5.5.7+ , 5.6.4+ and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass.
CVE-2022-22897 1 Apollotheme 1 Ap Pagebuilder 2024-11-21 9.8 Critical
A SQL injection vulnerability in the product_all_one_img and image_product parameters of the ApolloTheme AP PageBuilder component through 2.4.4 for PrestaShop allows unauthenticated attackers to exfiltrate database data.
CVE-2022-22881 1 Jeecg 1 Jeecg Boot 2024-11-21 9.8 Critical
Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerability via the code parameter in /sys/user/queryUserComponentData.
CVE-2022-22880 1 Jeecg 1 Jeecg Boot 2024-11-21 9.8 Critical
Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerability via the code parameter in /jeecg-boot/sys/user/queryUserByDepId.
CVE-2022-22854 1 Hospital\'s Patient Records Management System Project 1 Hospital\'s Patient Records Management System 2024-11-21 8.8 High
An access control issue in hprms/admin/?page=user/list of Hospital Patient Record Management System v1.0 allows attackers to escalate privileges via accessing and editing the user list.
CVE-2022-22794 1 Cybonet 1 Pineapp Mail Secure 2024-11-21 6.8 Medium
Cybonet - PineApp Mail Relay Unauthenticated Sql Injection. Attacker can send a request to: /manage/emailrichment/userlist.php?CUSTOMER_ID_INNER=1 /admin/emailrichment/userlist.php?CUSTOMER_ID_INNER=1 /manage/emailrichment/usersunlist.php?CUSTOMER_ID_INNER=1 /admin/emailrichment/usersunlist.php?CUSTOMER_ID_INNER=1 and by doing that, the attacker can run Remote Code Execution in one liner.
CVE-2022-22735 1 Sedlex 1 Simple Quotation 2024-11-21 8.8 High
The Simple Quotation WordPress plugin through 1.3.2 does not have authorisation (and CSRF) checks in various of its AJAX actions and is lacking escaping of user data when using it in SQL statements, allowing any authenticated users, such as subscriber to perform SQL injection attacks
CVE-2022-22661 1 Apple 2 Mac Os X, Macos 2024-11-21 7.8 High
A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. An application may be able to execute arbitrary code with kernel privileges.
CVE-2022-22540 1 Sap 1 Netweaver Application Server Abap 2024-11-21 7.5 High
SAP NetWeaver AS ABAP (Workplace Server) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 787, allows an attacker to execute crafted database queries, that could expose the backend database. Successful attacks could result in disclosure of a table of contents from the system, but no risk of modification possible.
CVE-2022-22535 1 Sap 1 Erp Human Capital Management 2024-11-21 6.5 Medium
SAP ERP HCM Portugal - versions 600, 604, 608, does not perform necessary authorization checks for a report that reads the payroll data of employees in a certain area. Since the affected report only reads the payroll information, the attacker can neither modify any information nor cause availability impacts.