Total
10626 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-45088 | 1 Gruparge | 1 Smartpower Web | 2023-11-07 | N/A | 9.8 CRITICAL |
| Improper Input Validation vulnerability in Group Arge Energy and Control Systems Smartpower Web allows PHP Local File Inclusion.This issue affects Smartpower Web: before 23.01.01. | |||||
| CVE-2022-44756 | 1 Hcltechsw | 1 Bigfix Insights For Vulnerability Remediation | 2023-11-07 | N/A | 6.5 MEDIUM |
| Insights for Vulnerability Remediation (IVR) is vulnerable to improper input validation. This may lead to information disclosure. This requires privileged access. | |||||
| CVE-2022-44644 | 1 Apache | 1 Linkis | 2023-11-07 | N/A | 6.5 MEDIUM |
| In Apache Linkis <=1.3.0 when used with the MySQL Connector/J in the data source module, an authenticated attacker could read arbitrary local files by connecting a rogue MySQL server, By adding allowLoadLocalInfile to true in the JDBC parameter. Therefore, the parameters in the JDBC URL should be blacklisted. Versions of Apache Linkis <= 1.3.0 will be affected. We recommend users upgrade the version of Linkis to version 1.3.1 | |||||
| CVE-2022-44617 | 1 X.org | 1 Libxpm | 2023-11-07 | N/A | 7.5 HIGH |
| A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called repeatedly and can lead to an infinite loop, resulting in a Denial of Service in the application linked to the library. | |||||
| CVE-2022-44611 | 1 Intel | 596 Atom X6200fe, Atom X6200fe Firmware, Atom X6211e and 593 more | 2023-11-07 | N/A | 8.0 HIGH |
| Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via adjacent access. | |||||
| CVE-2022-44556 | 1 Huawei | 2 Emui, Harmonyos | 2023-11-07 | N/A | 7.5 HIGH |
| Missing parameter type validation in the DRM module. Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2022-43929 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Db2 and 3 more | 2023-11-07 | N/A | 7.5 HIGH |
| IBM Db2 for Linux, UNIX and Windows 11.1 and 11.5 may be vulnerable to a Denial of Service when executing a specially crafted 'Load' command. IBM X-Force ID: 241676. | |||||
| CVE-2022-43875 | 2 Ibm, Linux | 4 Aix, Financial Transaction Manager, Linux On Ibm Z and 1 more | 2023-11-07 | N/A | 5.5 MEDIUM |
| IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 could allow an authenticated user to lock additional RM authorizations, resulting in a denial of service on displaying or managing these authorizations. IBM X-Force ID: 240034. | |||||
| CVE-2022-43863 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2023-11-07 | N/A | 7.2 HIGH |
| IBM QRadar SIEM 7.4 and 7.5 is vulnerable to privilege escalation, allowing a user with some admin capabilities to gain additional admin capabilities. IBM X-Force ID: 239425. | |||||
| CVE-2022-43849 | 1 Ibm | 2 Aix, Vios | 2023-11-07 | N/A | 6.2 MEDIUM |
| IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a non-privileged local user to exploit a vulnerability in the AIX pfcdd kernel extension to cause a denial of service. IBM X-Force ID: 239170. | |||||
| CVE-2022-43848 | 1 Ibm | 2 Aix, Vios | 2023-11-07 | N/A | 6.2 MEDIUM |
| IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX perfstat kernel extension to cause a denial of service. IBM X-Force ID: 239169. | |||||
| CVE-2022-43566 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2023-11-07 | N/A | 8.0 HIGH |
| In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run risky commands using a more privileged user’s permissions to bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards in the Analytics Workspace. The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The attacker cannot exploit the vulnerability at will. | |||||
| CVE-2022-43565 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2023-11-07 | N/A | 8.8 HIGH |
| In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the ‘tstats command handles Javascript Object Notation (JSON) lets an attacker bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards . The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. | |||||
| CVE-2022-43563 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2023-11-07 | N/A | 8.8 HIGH |
| In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the rex search command handles field names lets an attacker bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards . The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The attacker cannot exploit the vulnerability at will. | |||||
| CVE-2022-43562 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2023-11-07 | N/A | 5.4 MEDIUM |
| In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, Splunk Enterprise fails to properly validate and escape the Host header, which could let a remote authenticated user conduct various attacks against the system, including cross-site scripting and cache poisoning. | |||||
| CVE-2022-43455 | 1 Sewio | 1 Real-time Location System Studio | 2023-11-07 | N/A | 6.5 MEDIUM |
| Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 is vulnerable to improper input validation of user input to the service_start, service_stop, and service_restart modules of the software. This could allow an attacker to start, stop, or restart arbitrary services running on the server. | |||||
| CVE-2022-42477 | 1 Fortinet | 1 Fortianalyzer | 2023-11-07 | N/A | 5.5 MEDIUM |
| An improper input validation vulnerability [CWE-20] in FortiAnalyzer version 7.2.1 and below, version 7.0.6 and below, 6.4 all versions may allow an authenticated attacker to disclose file system information via custom dataset SQL queries. | |||||
| CVE-2022-41733 | 3 Ibm, Linux, Microsoft | 3 Infosphere Information Server, Linux Kernel, Windows | 2023-11-07 | N/A | 5.3 MEDIUM |
| IBM InfoSphere Information Server 11.7 could allow a remote attacked to cause some of the components to be unusable until the process is restarted. IBM X-Force ID: 237583. | |||||
| CVE-2022-41214 | 1 Sap | 1 Netweaver Application Server Abap | 2023-11-07 | N/A | 8.7 HIGH |
| Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a remote enabled function to delete a file which is otherwise restricted. On successful exploitation an attacker can completely compromise the integrity and availability of the application. | |||||
| CVE-2022-40237 | 1 Ibm | 1 Mq For Hpe Nonstop | 2023-11-07 | N/A | 7.5 HIGH |
| IBM MQ for HPE NonStop 8.1.0 is vulnerable to a denial of service attack due to an error within the CCDT and channel synchronization logic. IBM X-Force ID: 235727. | |||||