Latest CVE Feed
-
9.8
CRITICALCVE-2022-22532
In SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an unauthenticated attacker could submit a crafted HTTP server request which triggers improper shared memory b... Read more
Affected Products : netweaver_application_server_java- Published: Feb. 09, 2022
- Modified: Nov. 21, 2024
-
8.1
HIGHCVE-2022-22531
The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files. This allows an attacker with basic user rights to run arbitrary script code, resulting in sensitive infor... Read more
Affected Products : s\/4hana- Published: Jan. 14, 2022
- Modified: Nov. 21, 2024
-
8.1
HIGHCVE-2022-22530
The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files. This allows an attacker with basic user rights to inject dangerous content or malicious code which could ... Read more
Affected Products : s\/4hana- Published: Jan. 14, 2022
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2022-22529
SAP Enterprise Threat Detection (ETD) - version 2.0, does not sufficiently encode user-controlled inputs which may lead to an unauthorized attacker possibly exploit XSS vulnerability. The UIs in ETD are using SAP UI5 standard controls, the UI5 framework p... Read more
Affected Products : enterprise_threat_detection- Published: Jan. 14, 2022
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2022-22528
SAP Adaptive Server Enterprise (ASE) - version 16.0, installation makes an entry in the system PATH environment variable in Windows platform which, under certain conditions, allows a Standard User to execute malicious Windows binaries which may lead to pr... Read more
- Published: Feb. 09, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-22526
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a missing authentication allows for full access via API.... Read more
- Published: Sep. 28, 2022
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2022-22525
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 an remote attacker with admin rights could execute arbitrary commands due to missing input sanitization in the backup restore function... Read more
- Published: Sep. 28, 2022
- Modified: Nov. 21, 2024
-
9.4
CRITICALCVE-2022-22524
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 an unauthenticated remote attacker could utilize a SQL-Injection vulnerability to gain full database access, modify users and stop services .... Read more
- Published: Sep. 28, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2022-22523
An improper authentication vulnerability exists in the Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 Web-App which allows an authentication bypass to the context of an unauthorised user if free-access is disabled.... Read more
- Published: Sep. 28, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-22522
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could make use of hard-coded credentials to gain full access to the device.... Read more
- Published: Sep. 28, 2022
- Modified: Nov. 21, 2024
-
7.3
HIGHCVE-2022-22521
In Miele Benchmark Programming Tool with versions Prior to 1.2.71, executable files manipulated by attackers are unknowingly executed with users privileges. An attacker with low privileges may trick a user with administrative privileges to execute these b... Read more
Affected Products : benchmark_programming_tool- Published: Apr. 27, 2022
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2022-22520
A remote, unauthenticated attacker can enumerate valid users by sending specific requests to the webservice of MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2.... Read more
- Published: Sep. 14, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2022-22519
A remote, unauthenticated attacker can send a specific crafted HTTP or HTTPS requests causing a buffer over-read resulting in a crash of the webserver of the CODESYS Control runtime system.... Read more
- Published: Apr. 07, 2022
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2022-22518
A bug in CmpUserMgr component can lead to only partially applied security policies. This can result in enabled, anonymous access to components part of the applied security policy.... Read more
- Published: Apr. 07, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2022-22517
An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets. This results in the communication channel to be closed.... Read more
Affected Products : gateway development_system edge_gateway hmi_sl plchandler control_for_beaglebone_sl control_for_empc-a\/imx6_sl control_for_iot2000_sl control_for_linux_sl control_for_pfc100_sl +16 more products- Published: Apr. 07, 2022
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2022-22516
The SysDrv3S driver in the CODESYS Control runtime system on Microsoft Windows allows any system user to read and write within restricted memory space.... Read more
- Published: Apr. 07, 2022
- Modified: Nov. 21, 2024
-
8.1
HIGHCVE-2022-22515
A remote, authenticated attacker could utilize the control program of the CODESYS Control runtime system to use the vulnerability in order to read and modify the configuration file(s) of the affected products.... Read more
- Published: Apr. 07, 2022
- Modified: Nov. 21, 2024
-
7.1
HIGHCVE-2022-22514
An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. The accesses can subsequently lead to local overwriting of memory in the CmpTraceMgr, whereby the attacker can neither gain the values read internally nor ... Read more
Affected Products : gateway development_system edge_gateway hmi_sl control_for_beaglebone_sl control_for_empc-a\/imx6_sl control_for_iot2000_sl control_for_linux_sl control_for_pfc100_sl control_for_pfc200_sl +15 more products- Published: Apr. 07, 2022
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2022-22513
An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a crash.... Read more
Affected Products : gateway development_system edge_gateway hmi_sl control_for_beaglebone_sl control_for_empc-a\/imx6_sl control_for_iot2000_sl control_for_linux_sl control_for_pfc100_sl control_for_pfc200_sl +15 more products- Published: Apr. 07, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-22512
Hard-coded credentials in Web-UI of multiple VARTA Storage products in multiple versions allows an unauthorized attacker to gain administrative access to the Web-UI via network.... Read more
Affected Products : element_backup_firmware element_s1_firmware element_s2_firmware element_s3_firmware element_s4_firmware one_l_firmware one_xl_firmware pulse_firmware element_backup element_s1 +6 more products- Published: Mar. 23, 2023
- Modified: Nov. 21, 2024