Latest CVE Feed
-
9.8
CRITICALCVE-2022-22831
An issue was discovered in Servisnet Tessa 0.0.2. An attacker can add a new sysadmin user via a manipulation of the Authorization HTTP header.... Read more
Affected Products : tessa- Published: Feb. 06, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2022-22828
An insecure direct object reference for the file-download URL in Synametrics SynaMan before 5.0 allows a remote attacker to access unshared files via a modified base64-encoded filename string.... Read more
Affected Products : synaman- Published: Jan. 27, 2022
- Modified: Nov. 21, 2024
-
4.4
MEDIUMCVE-2022-22821
NVIDIA NeMo before 1.6.0 contains a vulnerability in ASR WebApp, in which ../ Path Traversal may lead to deletion of any directory when admin privileges are available.... Read more
Affected Products : nemo- Published: Jan. 10, 2022
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2022-22820
Due to the lack of media file checks before rendering, it was possible for an attacker to cause abnormal CPU consumption for message recipient by sending specially crafted gif image in LINE for Windows before 7.4.... Read more
Affected Products : line- Published: Jan. 20, 2022
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2022-22819
NXP LPC55S66JBD64, LPC55S66JBD100, LPC55S66JEV98, LPC55S69JBD64, LPC55S69JBD100, and LPC55S69JEV98 microcontrollers (ROM version 1B) have a buffer overflow in parsing SB2 updates before the signature is verified. This can allow an attacker to achieve non-... Read more
- Published: Mar. 23, 2022
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2022-22818
The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2 does not properly encode the current context. This may lead to XSS.... Read more
- Published: Feb. 03, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-22817
PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used.... Read more
- Published: Jan. 10, 2022
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2022-22816
path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path.... Read more
- Published: Jan. 10, 2022
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2022-22815
path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path.... Read more
- Published: Jan. 10, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-22814
The System Diagnosis service of MyASUS before 3.1.2.0 allows privilege escalation.... Read more
Affected Products : myasus- Published: Mar. 10, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-22813
A CWE-798: Use of Hard-coded Credentials vulnerability exists. If an attacker were to obtain the TLS cryptographic key and take active control of the Courier tunneling communication network, they could potentially observe and manipulate traffic associated... Read more
- Published: Feb. 09, 2022
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2022-22812
A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause a web session compromise when an attacker injects and then executes arbitrary malicious JavaScript code inside the target ... Read more
Affected Products : spacelynk_firmware wiser_for_knx_firmware fellerlynk_firmware spacelynk wiser_for_knx fellerlynk- Published: Feb. 09, 2022
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2022-22811
A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists that could induce users to perform unintended actions, leading to the override of the system�s configurations when an attacker persuades a user to visit a rogue website. Affected Product: s... Read more
Affected Products : spacelynk_firmware wiser_for_knx_firmware fellerlynk_firmware spacelynk wiser_for_knx fellerlynk- Published: Feb. 09, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-22810
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow an attacker to manipulate the admin after numerous attempts at guessing credentials. Affected Product: spaceLYnk (V2.6.2 and prior), Wiser for KNX (... Read more
Affected Products : spacelynk_firmware wiser_for_knx_firmware fellerlynk_firmware spacelynk wiser_for_knx fellerlynk- Published: Feb. 09, 2022
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2022-22809
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow modifications of the touch configurations in an unauthorized manner when an attacker attempts to modify the touch configurations. Affected Product: spaceLYnk (V2... Read more
Affected Products : spacelynk_firmware wiser_for_knx_firmware fellerlynk_firmware spacelynk wiser_for_knx fellerlynk- Published: Feb. 09, 2022
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2022-22808
A CWE-352: Cross-Site Request Forgery (CSRF) exists that could cause a remote attacker to gain unauthorized access to the product when conducting cross-domain attacks based on same-origin policy or cross-site request forgery protections bypass. Affected P... Read more
- Published: Feb. 09, 2022
- Modified: Nov. 21, 2024
-
7.4
HIGHCVE-2022-22807
A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause unintended modifications of the product settings or user accounts when deceiving the user to use the web interface rendered within iframes. Affected Prod... Read more
- Published: Feb. 09, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-22806
A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause an unauthenticated connection to the UPS when a malformed connection is sent. Affected Product: SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prio... Read more
Affected Products : smt_series_1015_ups_firmware smc_series_1018_ups_firmware smtl_series_1026_ups_firmware scl_series_1029_ups_firmware scl_series_1030_ups_firmware scl_series_1036_ups_firmware scl_series_1037_ups_firmware smx_series_1031_ups_firmware smt_series_1015_ups smc_series_1018_ups +6 more products- Published: Mar. 09, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-22805
A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists that could cause remote code execution when an improperly handled TLS packet is reassembled. Affected Product: SmartConnect Family: SMT Series (SMT Seri... Read more
Affected Products : smt_series_1015_ups_firmware smc_series_1018_ups_firmware smtl_series_1026_ups_firmware scl_series_1029_ups_firmware scl_series_1030_ups_firmware scl_series_1036_ups_firmware scl_series_1037_ups_firmware smx_series_1031_ups_firmware smt_series_1015_ups smc_series_1018_ups +6 more products- Published: Mar. 09, 2022
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2022-22804
A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could allow an authenticated attacker to view data, change settings, or impact availability of the software when the user visits a pag... Read more
Affected Products : ecostruxure_power_monitoring_expert- Published: Feb. 04, 2022
- Modified: Nov. 21, 2024