Latest CVE Feed
-
8.8
HIGHCVE-2022-22767
Specific BD Pyxis™ products were installed with default credentials and may presently still operate with these credentials. There may be scenarios where BD Pyxis™ products are installed with the same default local operating system credentials or domain-jo... Read more
Affected Products : pyxis_anesthesia_station_es_firmware pyxis_ciisafe_firmware pyxis_logistics_firmware pyxis_medbank_firmware pyxis_medstation_4000_firmware pyxis_medstation_es_firmware pyxis_medstation_es_server_firmware pyxis_parassist_firmware pyxis_rapid_rx_firmware pyxis_stockstation_firmware +22 more products- Published: Jun. 02, 2022
- Modified: Nov. 21, 2024
-
7.0
HIGHCVE-2022-22766
Hardcoded credentials are used in specific BD Pyxis products. If exploited, threat actors may be able to gain access to the underlying file system and could potentially exploit application files for information that could be used to decrypt application cr... Read more
Affected Products : pyxis_anesthesia_station_es_firmware pyxis_ciisafe_firmware pyxis_logistics_firmware pyxis_medbank_firmware pyxis_medstation_4000_firmware pyxis_medstation_es_firmware pyxis_medstation_es_server_firmware pyxis_parassist_firmware pyxis_rapid_rx_firmware pyxis_stockstation_firmware +38 more products- Published: Feb. 11, 2022
- Modified: Nov. 21, 2024
-
8.0
HIGHCVE-2022-22765
BD Viper LT system, versions 2.0 and later, contains hardcoded credentials. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information (ePHI), protected health information (... Read more
- Published: Feb. 12, 2022
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2022-22752
Mozilla developers Christian Holler and Jason Kratzer reported memory safety bugs present in Firefox 95. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrar... Read more
Affected Products : firefox- Published: Dec. 22, 2022
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2022-22735
The Simple Quotation WordPress plugin through 1.3.2 does not have authorisation (and CSRF) checks in various of its AJAX actions and is lacking escaping of user data when using it in SQL statements, allowing any authenticated users, such as subscriber to ... Read more
Affected Products : simple_quotation- Published: Mar. 14, 2022
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2022-22734
The Simple Quotation WordPress plugin through 1.3.2 does not have CSRF check when creating or editing a quote and does not sanitise and escape Quotes. As a result, attacker could make a logged in admin create or edit arbitrary quote, and put Cross-Site Sc... Read more
Affected Products : simple_quotation- Published: Mar. 14, 2022
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2022-22733
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache ShardingSphere ElasticJob-UI allows an attacker who has guest account to do privilege escalation. This issue affects Apache ShardingSphere ElasticJob-UI Apache ShardingSphe... Read more
Affected Products : shardingsphere_elasticjob-ui- Published: Jan. 20, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2022-22732
A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause all remote domains to access the resources (data) supplied by the server when an attacker sends a fetch request from third-party site or malicious site. Affected Product... Read more
Affected Products : ecostruxure_power_commission- Published: Jan. 30, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-22731
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in a function that could allow an attacker to create or overwrite critical files that are used to execute code, such as programs or libraries and... Read more
Affected Products : ecostruxure_power_commission- Published: Jan. 30, 2023
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2022-22729
CAMS for HIS Server contained in the following Yokogawa Electric products improperly authenticate the receiving packets. The authentication may be bypassed via some crafted packets: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions fro... Read more
- Published: Mar. 11, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2022-22728
A flaw in Apache libapreq2 versions 2.16 and earlier could cause a buffer overflow while processing multipart form uploads. A remote attacker could send a request causing a process crash which could lead to a denial of service attack.... Read more
- Published: Aug. 25, 2022
- Modified: Nov. 21, 2024
-
9.3
HIGHCVE-2022-22727
A CWE-20: Improper Input Validation vulnerability exists that could allow an unauthenticated attacker to view data, change settings, impact availability of the software, or potentially impact a user�s local machine when the user clicks a specially crafted... Read more
Affected Products : ecostruxure_power_monitoring_expert- Published: Feb. 04, 2022
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2022-22726
A CWE-20: Improper Input Validation vulnerability exists that could allow arbitrary files on the server to be read by authenticated users through a limited operating system service account. Affected Product: EcoStruxure Power Monitoring Expert (Versions 2... Read more
Affected Products : ecostruxure_power_monitoring_expert- Published: Feb. 04, 2022
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2022-22725
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could lead to a buffer overflow causing program crashes and arbitrary code execution when specially crafted packets are sent to the device over the network. Protection functio... Read more
- Published: Feb. 04, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2022-22724
A CWE-400: Uncontrolled Resource Consumption vulnerability exists that could cause a denial of service on ports 80 (HTTP) and 502 (Modbus), when sending a large number of TCP RST or FIN packets to any open TCP port of the PLC. Affected Product: Modicon M3... Read more
Affected Products : modicon_m340_bmxp341000_firmware modicon_m340_bmxp342010_firmware modicon_m340_bmxp342030_firmware modicon_m340_bmxp342000_firmware modicon_m340_bmxp3420102_firmware modicon_m340_bmxp3420302_firmware modicon_m340_bmxp341000 modicon_m340_bmxp342010 modicon_m340_bmxp342030 modicon_m340_bmxp3420302 +2 more products- Published: Feb. 04, 2022
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2022-22723
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could lead to a buffer overflow causing program crashes and arbitrary code execution when specially crafted packets are sent to the device over the network. Protection functio... Read more
- Published: Feb. 04, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2022-22722
A CWE-798: Use of Hard-coded Credentials vulnerability exists that could result in information disclosure. If an attacker were to obtain the SSH cryptographic key for the device and take active control of the local operational network connected to the pro... Read more
- Published: Feb. 04, 2022
- Modified: Nov. 21, 2024
-
9.1
CRITICALCVE-2022-22721
If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier.... Read more
Affected Products : fedora zfs_storage_appliance_kit debian_linux macos http_server enterprise_manager_ops_center mac_os_x http_server- Published: Mar. 14, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-22720
Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling... Read more
Affected Products : fedora zfs_storage_appliance_kit debian_linux macos http_server enterprise_manager_ops_center mac_os_x http_server- Published: Mar. 14, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2022-22719
A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier.... Read more
Affected Products : fedora zfs_storage_appliance_kit debian_linux macos http_server mac_os_x http_server- Published: Mar. 14, 2022
- Modified: Nov. 21, 2024