Total
29785 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-38770 | 1 Transtek | 1 Mojodat Fixed Asset Management | 2024-11-21 | 5.3 Medium |
| The mobile application in Transtek Mojodat FAM (Fixed Asset Management) 2.4.6 allows remote attackers to fetch other users' data upon a successful login request. | ||||
| CVE-2022-38769 | 1 Transtek | 1 Mojodat Fixed Asset Management | 2024-11-21 | 7.5 High |
| The mobile application in Transtek Mojodat FAM (Fixed Asset Management) 2.4.6 allows remote attackers to fetch cleartext passwords upon a successful login request. | ||||
| CVE-2022-38768 | 1 Transtek | 1 Mojodat Fixed Asset Management | 2024-11-21 | 9.8 Critical |
| The mobile application in Transtek Mojodat FAM (Fixed Asset Management) 2.4.6 allows remote attackers to bypass authorization. | ||||
| CVE-2022-38715 | 1 Siretta | 2 Quartz-gold, Quartz-gold Firmware | 2024-11-21 | 8.8 High |
| A leftover debug code vulnerability exists in the httpd shell.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability. | ||||
| CVE-2022-38611 | 1 Watchdog | 1 Anti-virus | 2024-11-21 | 7.8 High |
| Incorrect access control in Watchdog Anti-Virus v1.4.158 allows attackers to perform a DLL hijacking attack and execute arbitrary code via a crafted binary. | ||||
| CVE-2022-38381 | 1 Fortinet | 1 Fortiadc | 2024-11-21 | 5.3 Medium |
| An improper handling of malformed request vulnerability [CWE-228] exists in FortiADC 5.0 all versions, 6.0.0 all versions, 6.1.0 all versions, 6.2.0 through 6.2.3, and 7.0.0 through 7.0.2. This may allow a remote attacker without privileges to bypass some Web Application Firewall (WAF) protection such as the SQL Injection and XSS filters via a malformed HTTP request. | ||||
| CVE-2022-38380 | 1 Fortinet | 1 Fortios | 2024-11-21 | 4.3 Medium |
| An improper access control [CWE-284] vulnerability in FortiOS version 7.2.0 and versions 7.0.0 through 7.0.7 may allow a remote authenticated read-only user to modify the interface settings via the API. | ||||
| CVE-2022-38377 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2024-11-21 | 4.1 Medium |
| An improper access control vulnerability [CWE-284] in FortiManager 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11 and FortiAnalyzer 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.0 through 6.0.12 may allow a remote and authenticated admin user assigned to a specific ADOM to access other ADOMs information such as device information and dashboard information. | ||||
| CVE-2022-38375 | 1 Fortinet | 2 Fortinac, Fortinac-f | 2024-11-21 | 8.6 High |
| An improper authorization vulnerability [CWE-285] in Fortinet FortiNAC version 9.4.0 through 9.4.1 and before 9.2.6 allows an unauthenticated user to perform some administrative operations over the FortiNAC instance via crafted HTTP POST requests. | ||||
| CVE-2022-38372 | 1 Fortinet | 1 Fortitester | 2024-11-21 | 6.7 Medium |
| A hidden functionality vulnerability [CWE-1242] in FortiTester CLI 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow a local, privileged user to obtain a root shell on the device via an undocumented command. | ||||
| CVE-2022-38341 | 1 Safe | 1 Fme Server | 2024-11-21 | 7.1 High |
| Safe Software FME Server v2021.2.5 and below does not employ server-side validation. | ||||
| CVE-2022-37953 | 1 Ge | 1 Workstationst | 2024-11-21 | 4.7 Medium |
| An HTTP response splitting vulnerability exists in the AM Gateway Challenge-Response dialog of WorkstationST (<v07.09.15) and could allow an attacker to compromise a victim's browser/session. WorkstationST is only deployed in specific, controlled environments rendering attack complexity significantly higher than if the attack were conducted on the software in isolation. WorkstationST v07.09.15 can be found in ControlST v07.09.07 SP8 and greater. | ||||
| CVE-2022-37843 | 1 Totolink | 2 A860r, A860r Firmware | 2024-11-21 | 9.8 Critical |
| In TOTOLINK A860R V4.1.2cu.5182_B20201027 in cstecgi.cgi, the acquired parameters are directly put into the system for execution without filtering, resulting in a command injection vulnerability. | ||||
| CVE-2022-37734 | 2 Graphql-java Project, Redhat | 4 Graphql-java, Openshift Application Runtimes, Quarkus and 1 more | 2024-11-21 | 7.5 High |
| graphql-java before19.0 is vulnerable to Denial of Service. An attacker can send a malicious GraphQL query that consumes CPU resources. The fixed versions are 19.0 and later, 18.3, and 17.4, and 0.0.0-2022-07-26T05-45-04-226aabd9. | ||||
| CVE-2022-37458 | 1 Discourse | 1 Discourse | 2024-11-21 | 7.2 High |
| Discourse through 2.8.7 allows admins to send invitations to arbitrary email addresses at an unlimited rate. | ||||
| CVE-2022-37316 | 1 Rsa | 1 Archer | 2024-11-21 | 6.5 Medium |
| Archer Platform 6.8 before 6.11 P3 (6.11.0.3) contains an improper API access control vulnerability in a multi-instance system that could potentially present unauthorized metadata to an authenticated user of the affected system. 6.10 P3 HF1 (6.10.0.3.1) is also a fixed release. | ||||
| CVE-2022-37190 | 1 Cuppacms | 1 Cuppacms | 2024-11-21 | 8.8 High |
| CuppaCMS 1.0 is vulnerable to Remote Code Execution (RCE). An authenticated user can control both parameters (action and function) from "/api/index.php. | ||||
| CVE-2022-37172 | 1 Msys2 | 1 Msys2 | 2024-11-21 | 7.8 High |
| Incorrect access control in the install directory (C:\msys64) of Msys2 v20220603 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory. | ||||
| CVE-2022-37151 | 1 Online Diagnostic Lab Management System Project | 1 Online Diagnostic Lab Management System | 2024-11-21 | 7.5 High |
| There is an unauthorized access vulnerability in Online Diagnostic Lab Management System 1.0. | ||||
| CVE-2022-36956 | 1 Veritas | 1 Netbackup | 2024-11-21 | 9 Critical |
| In Veritas NetBackup, the NetBackup Client allows arbitrary command execution from any remote host that has access to a valid host-id NetBackup certificate/private key from the same domain. The affects 9.0.x through 9.0.0.1 and 9.1.x through 9.1.0.1. | ||||