Export limit exceeded: 35128 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (35128 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-36121 | 1 Ssctech | 1 Blue Prism Enterprise | 2024-11-21 | 5.3 Medium |
| An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to reverse engineer the Blue Prism software and circumvent access controls for the UpdateOfflineHelpData administrative function. Abusing this function will allow any Blue Prism user to change the offline help URL to one of their choice, opening the possibility of spoofing the help page or executing a local file. | ||||
| CVE-2022-36120 | 1 Ssctech | 1 Blue Prism Enterprise | 2024-11-21 | 8.1 High |
| An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to reverse engineer the Blue Prism software and circumvent access controls for the getChartData administrative function. Using a low/no privilege Blue Prism user account, the attacker can alter the server's settings by abusing the getChartData method, allowing the Blue Prism server to execute any MSSQL stored procedure by name. | ||||
| CVE-2022-36118 | 1 Ssctech | 1 Blue Prism | 2024-11-21 | 5.3 Medium |
| An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to reverse engineer the Blue Prism software and circumvent access controls for the SetProcessAttributes administrative function. Abusing this function will allow any Blue Prism user to publish, unpublish, or retire processes. Using this function, any logged-in user can change the status of a process, an action allowed only intended for users with the Edit Process permission. | ||||
| CVE-2022-36117 | 1 Ssctech | 1 Blue Prism | 2024-11-21 | 3.1 Low |
| An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to reverse engineer the Blue Prism software and circumvent access controls for an administrative function. If credential access is configured to be accessible by a machine or the runtime resource security group, using further reverse engineering, an attacker can spoof a known machine and request known encrypted credentials to decrypt later. | ||||
| CVE-2022-36116 | 1 Ssctech | 1 Blue Prism | 2024-11-21 | 5.3 Medium |
| An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to reverse engineer the Blue Prism software and circumvent access controls for the setValidationInfo administrative function. Removing the validation applied to newly designed processes increases the chance of successfully hiding malicious code that could be executed in a production environment. | ||||
| CVE-2022-36115 | 1 Ssctech | 1 Blue Prism | 2024-11-21 | 7.1 High |
| An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to reverse engineer the Blue Prism software and circumvent access controls for unintended functionality. An attacker can abuse the CreateProcessAutosave() method to inject their own functionality into a development process. If (upon a warning) a user decides to recover unsaved work by using the last saved version, the malicious code could enter the workflow. Should the process action stages not be fully reviewed before publishing, this could result in the malicious code being run in a production environment. | ||||
| CVE-2022-35912 | 1 Grails | 1 Grails | 2024-11-21 | 9.8 Critical |
| In grails-databinding in Grails before 3.3.15, 4.x before 4.1.1, 5.x before 5.1.9, and 5.2.x before 5.2.1 (at least when certain Java 8 configurations are used), data binding allows a remote attacker to execute code by gaining access to the class loader. | ||||
| CVE-2022-35908 | 1 Cambiumnetworks | 1 Enterprise Wi-fi | 2024-11-21 | 8.8 High |
| Cambium Enterprise Wi-Fi System Software before 6.4.2 does not sanitize the ping host argument in device-agent. | ||||
| CVE-2022-35873 | 1 Inductiveautomation | 1 Ignition | 2024-11-21 | 7.8 High |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of ZIP files. Crafted data in a ZIP file can cause the application to execute arbitrary Python scripts. The user interface fails to provide sufficient indication of the hazard. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-16949. | ||||
| CVE-2022-35648 | 1 Nautilus | 4 T616, T616 Firmware, T618 and 1 more | 2024-11-21 | 2.6 Low |
| Nautilus treadmills T616 S/N 100672PRO21140001 through 100672PRO21171980 and T618 S/N 100647PRO21130111 through 100647PRO21183960 with software before 2022-06-09 allow physically proximate attackers to cause a denial of service (fall) by connecting the power cord to a 120V circuit (which may lead to self-starting at an inopportune time). | ||||
| CVE-2022-35643 | 1 Ibm | 1 Powervm Virtual I\/o Server | 2024-11-21 | 9.1 Critical |
| IBM PowerVM VIOS 3.1 could allow a remote attacker to tamper with system configuration or cause a denial of service. IBM X-Force ID: 230956. | ||||
| CVE-2022-35639 | 2 Ibm, Linux | 3 Sterling Partner Engagement Manager, Sterling Partner Engagement Manager On Cloud, Linux Kernel | 2024-11-21 | 7.5 High |
| IBM Sterling Partner Engagement Manager 6.1, 6.2, and Cloud 22.2 do not limit the length of a connection which could cause the server to become unresponsive. IBM X-Force ID: 230932. | ||||
| CVE-2022-35637 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Db2 and 3 more | 2024-11-21 | 6.5 Medium |
| IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service after entering a malformed SQL statement into the Db2expln tool. IBM X-Force ID: 230823. | ||||
| CVE-2022-35620 | 1 Dlink | 2 Dir-818l, Dir-818l Firmware | 2024-11-21 | 9.8 Critical |
| D-LINK DIR-818LW A1:DIR818L_FW105b01 was discovered to contain a remote code execution (RCE) vulnerability via the function binary.soapcgi_main. | ||||
| CVE-2022-35619 | 1 Dlink | 2 Dir-818l, Dir-818l Firmware | 2024-11-21 | 9.8 Critical |
| D-LINK DIR-818LW A1:DIR818L_FW105b01 was discovered to contain a remote code execution (RCE) vulnerability via the function ssdpcgi_main. | ||||
| CVE-2022-35489 | 1 Zammad | 1 Zammad | 2024-11-21 | 6.5 Medium |
| In Zammad 5.2.0, customers who have secondary organizations assigned were able to see all organizations of the system rather than only those to which they are assigned. | ||||
| CVE-2022-35488 | 1 Zammad | 1 Zammad | 2024-11-21 | 7.5 High |
| In Zammad 5.2.0, an attacker could manipulate the rate limiting in the 'forgot password' feature of Zammad, and thereby send many requests for a known account to cause Denial Of Service by many generated emails which would also spam the victim. | ||||
| CVE-2022-35412 | 1 Digitalguardian | 1 Digital Guardian | 2024-11-21 | 5.1 Medium |
| Digital Guardian Agent 7.7.4.0042 allows an administrator (who ordinarily does not have a supported way to uninstall the product) to disable some of the agent functionality and then exfiltrate files to an external USB device. | ||||
| CVE-2022-35403 | 1 Zohocorp | 4 Manageengine Assetexplorer, Manageengine Servicedesk Plus, Manageengine Servicedesk Plus Msp and 1 more | 2024-11-21 | 7.5 High |
| Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP before 10606, and SupportCenter Plus before 11022 are affected by an unauthenticated local file disclosure vulnerability via ticket-creation email. (This also affects Asset Explorer before 6977 with authentication.) | ||||
| CVE-2022-35288 | 1 Ibm | 1 Security Verify Information Queue | 2024-11-21 | 6.5 Medium |
| IBM Security Verify Information Queue 10.0.2 could allow a user to obtain sensitive information that could be used in further attacks against the system. IBM X-Force ID: 230818. | ||||