Total
11827 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-47909 | 1 Checkmk | 1 Checkmk | 2024-08-03 | 6.8 Medium |
| Livestatus Query Language (LQL) injection in the AuthUser HTTP query header of Tribe29's Checkmk <= 2.1.0p11, Checkmk <= 2.0.0p28, and all versions of Checkmk 1.6.0 (EOL) allows an attacker to perform direct queries to the application's core from localhost. | ||||
| CVE-2022-47925 | 1 Csaf-validator-lib Project | 1 Csaf-validator-lib | 2024-08-03 | 7.5 High |
| The validate JSON endpoint of the Secvisogram csaf-validator-service in versions < 0.1.0 processes tests with unexpected names. This insufficient input validation of requests by an unauthenticated remote user might lead to a partial DoS of the service. Only the request of the attacker is affected by this vulnerability. | ||||
| CVE-2022-47917 | 1 Sewio | 1 Real-time Location System Studio | 2024-08-03 | 6.8 Medium |
| Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 is vulnerable to improper input validation of user input to several modules and services of the software. This could allow an attacker to delete arbitrary files and cause a denial-of-service condition. | ||||
| CVE-2022-47502 | 1 Apache | 1 Openoffice | 2024-08-03 | 7.8 High |
| Apache OpenOffice documents can contain links that call internal macros with arbitrary arguments. Several URI Schemes are defined for this purpose. Links can be activated by clicks, or by automatic document events. The execution of such links must be subject to user approval. In the affected versions of OpenOffice, approval for certain links is not requested; when activated, such links could therefore result in arbitrary script execution. | ||||
| CVE-2022-47391 | 1 Codesys | 14 Control For Beaglebone Sl, Control For Empc-a\/imx6 Sl, Control For Iot2000 Sl and 11 more | 2024-08-03 | 7.5 High |
| In multiple CODESYS products in multiple versions an unauthorized, remote attacker may use a improper input validation vulnerability to read from invalid addresses leading to a denial of service. | ||||
| CVE-2022-47392 | 1 Codesys | 17 Control For Beaglebone Sl, Control For Empc-a\/imx6 Sl, Control For Iot2000 Sl and 14 more | 2024-08-03 | 6.5 Medium |
| An authenticated, remote attacker may use a improper input validation vulnerability in the CmpApp/CmpAppBP/CmpAppForce Components of multiple CODESYS products in multiple versions to read from an invalid address which can lead to a denial-of-service condition. | ||||
| CVE-2022-47378 | 1 Codesys | 17 Control For Beaglebone Sl, Control For Empc-a\/imx6 Sl, Control For Iot2000 Sl and 14 more | 2024-08-03 | 6.5 Medium |
| Multiple CODESYS products in multiple versions are prone to a improper input validation vulnerability. An authenticated remote attacker may craft specific requests that use the vulnerability leading to a denial-of-service condition. | ||||
| CVE-2022-47191 | 1 Generex | 2 Cs141, Cs141 Firmware | 2024-08-03 | 4.3 Medium |
| Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a file with modified permissions, allowing him to escalate privileges. | ||||
| CVE-2022-47190 | 1 Generex | 2 Cs141, Cs141 Firmware | 2024-08-03 | 10 Critical |
| Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a webshell that could allow him to execute arbitrary code as root. | ||||
| CVE-2022-47188 | 1 Generex | 2 Cs141, Cs141 Firmware | 2024-08-03 | 7.5 High |
| There is an arbitrary file reading vulnerability in Generex UPS CS141 below 2.06 version. An attacker, making use of the default credentials, could upload a backup file containing a symlink to /etc/shadow, allowing him to obtain the content of this path. | ||||
| CVE-2022-47189 | 1 Generex | 2 Cs141, Cs141 Firmware | 2024-08-03 | 7.5 High |
| Generex UPS CS141 below 2.06 version, allows an attacker toupload a firmware file containing an incorrect configuration, in order to disrupt the normal functionality of the device. | ||||
| CVE-2022-47192 | 1 Generex | 2 Cs141, Cs141 Firmware | 2024-08-03 | 8.8 High |
| Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a backup file containing a modified "users.json" to the web server of the device, allowing him to replace the administrator password. | ||||
| CVE-2022-46836 | 1 Checkmk | 1 Checkmk | 2024-08-03 | 9.1 Critical |
| PHP code injection in watolib auth.php and hosttags.php in Tribe29's Checkmk <= 2.1.0p10, Checkmk <= 2.0.0p27, and Checkmk <= 1.6.0p29 allows an attacker to inject and execute PHP code which will be executed upon request of the vulnerable component. | ||||
| CVE-2022-46701 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2024-08-03 | 7.8 High |
| The issue was addressed with improved bounds checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2. Connecting to a malicious NFS server may lead to arbitrary code execution with kernel privileges. | ||||
| CVE-2022-46725 | 2 Apple, Redhat | 3 Ipados, Iphone Os, Enterprise Linux | 2024-08-03 | 4.3 Medium |
| A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.4 and iPadOS 16.4. Visiting a malicious website may lead to address bar spoofing. | ||||
| CVE-2022-46705 | 2 Apple, Redhat | 7 Ipados, Iphone Os, Macos and 4 more | 2024-08-03 | 4.3 Medium |
| A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, Safari 16.2. Visiting a malicious website may lead to address bar spoofing. | ||||
| CVE-2022-46372 | 1 Alotceriot | 2 Ar7088h-a, Ar7088h-a Firmware | 2024-08-03 | 7.2 High |
| Alotcer - AR7088H-A firmware version 16.10.3 Command execution Improper validation of unspecified input field may allow Authenticated command execution. | ||||
| CVE-2022-46363 | 2 Apache, Redhat | 8 Cxf, Camel K, Camel Spring Boot and 5 more | 2024-08-03 | 7.5 High |
| A vulnerability in Apache CXF before versions 3.5.5 and 3.4.10 allows an attacker to perform a remote directory listing or code exfiltration. The vulnerability only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to be used together, and so the vulnerability can only arise if the CXF service is misconfigured. | ||||
| CVE-2022-46303 | 1 Checkmk | 1 Checkmk | 2024-08-03 | 8 High |
| Command injection in SMS notifications in Tribe29 Checkmk <= 2.1.0p10, Checkmk <= 2.0.0p27, and Checkmk <= 1.6.0p29 allows an attacker with User Management permissions, as well as LDAP administrators in certain scenarios, to perform arbitrary commands within the context of the application's local permissions. | ||||
| CVE-2022-46328 | 1 Huawei | 2 Emui, Harmonyos | 2024-08-03 | 7.5 High |
| Some smartphones have the input validation vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. | ||||