Export limit exceeded: 20153 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (20153 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-48596 | 1 Sciencelogic | 1 Sl1 | 2024-11-21 | 8.8 High |
| A SQL injection vulnerability exists in the “ticket queue watchers” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database. | ||||
| CVE-2022-48595 | 1 Sciencelogic | 1 Sl1 | 2024-11-21 | 8.8 High |
| A SQL injection vulnerability exists in the “ticket template watchers” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database. | ||||
| CVE-2022-48594 | 1 Sciencelogic | 1 Sl1 | 2024-11-21 | 8.8 High |
| A SQL injection vulnerability exists in the “ticket watchers email” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database. | ||||
| CVE-2022-48593 | 1 Sciencelogic | 1 Sl1 | 2024-11-21 | 8.8 High |
| A SQL injection vulnerability exists in the “topology data service” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database. | ||||
| CVE-2022-48592 | 1 Sciencelogic | 1 Sl1 | 2024-11-21 | 8.8 High |
| A SQL injection vulnerability exists in the vendor_country parameter of the “vendor print report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database. | ||||
| CVE-2022-48591 | 1 Sciencelogic | 1 Sl1 | 2024-11-21 | 8.8 High |
| A SQL injection vulnerability exists in the vendor_state parameter of the “vendor print report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database. | ||||
| CVE-2022-48590 | 1 Sciencelogic | 1 Sl1 | 2024-11-21 | 8.8 High |
| A SQL injection vulnerability exists in the “admin dynamic app mib errors” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database. | ||||
| CVE-2022-48589 | 1 Sciencelogic | 1 Sl1 | 2024-11-21 | 8.8 High |
| A SQL injection vulnerability exists in the “reporting job editor” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database. | ||||
| CVE-2022-48588 | 1 Sciencelogic | 1 Sl1 | 2024-11-21 | 8.8 High |
| A SQL injection vulnerability exists in the “schedule editor decoupled” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database. | ||||
| CVE-2022-48587 | 1 Sciencelogic | 1 Sl1 | 2024-11-21 | 8.8 High |
| A SQL injection vulnerability exists in the “schedule editor” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database. | ||||
| CVE-2022-48586 | 1 Sciencelogic | 1 Sl1 | 2024-11-21 | 8.8 High |
| A SQL injection vulnerability exists in the “json walker” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database. | ||||
| CVE-2022-48585 | 1 Sciencelogic | 1 Sl1 | 2024-11-21 | 8.8 High |
| A SQL injection vulnerability exists in the “admin brand portal” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database. | ||||
| CVE-2022-48584 | 1 Sciencelogic | 1 Sl1 | 2024-11-21 | 8.8 High |
| A command injection vulnerability exists in the download and convert report feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system. | ||||
| CVE-2022-48583 | 1 Sciencelogic | 1 Sl1 | 2024-11-21 | 8.8 High |
| A command injection vulnerability exists in the dashboard scheduler feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system. | ||||
| CVE-2022-48582 | 1 Sciencelogic | 1 Sl1 | 2024-11-21 | 8.8 High |
| A command injection vulnerability exists in the ticket report generate feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system. | ||||
| CVE-2022-48581 | 1 Sciencelogic | 1 Sl1 | 2024-11-21 | 8.8 High |
| A command injection vulnerability exists in the “dash export” feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system. | ||||
| CVE-2022-48580 | 1 Sciencelogic | 1 Sl1 | 2024-11-21 | 8.8 High |
| A command injection vulnerability exists in the ARP ping device tool feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system. | ||||
| CVE-2022-48570 | 1 Cryptopp | 1 Crypto\+\+ | 2024-11-21 | 7.5 High |
| Crypto++ through 8.4 contains a timing side channel in ECDSA signature generation. Function FixedSizeAllocatorWithCleanup could write to memory outside of the allocation if the allocated memory was not 16-byte aligned. NOTE: this issue exists because the CVE-2019-14318 fix was intentionally removed for functionality reasons. | ||||
| CVE-2022-48522 | 1 Perl | 1 Perl | 2024-11-21 | 9.8 Critical |
| In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crash that can lead to remote code execution or local privilege escalation. | ||||
| CVE-2022-48464 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-11-21 | 5.5 Medium |
| In wifi service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed | ||||