ReportizFlow
Filtered by vendor
Subscriptions
Total
1344 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-26833 | 1 Openautomationsoftware | 1 Oas Platform | 2024-11-21 | 9.4 Critical |
| An improper authentication vulnerability exists in the REST API functionality of Open Automation Software OAS Platform V16.00.0121. A specially-crafted series of HTTP requests can lead to unauthenticated use of the REST API. An attacker can send a series of HTTP requests to trigger this vulnerability. | ||||
| CVE-2022-26501 | 1 Veeam | 1 Veeam Backup \& Replication | 2024-11-21 | 9.8 Critical |
| Veeam Backup & Replication 10.x and 11.x has Incorrect Access Control (issue 1 of 2). | ||||
| CVE-2022-26394 | 1 Baxter | 8 Baxter Spectrum Iq 35700bax3, Baxter Spectrum Iq 35700bax3 Firmware, Sigma Spectrum 35700bax and 5 more | 2024-11-21 | 5.5 Medium |
| The Baxter Spectrum WBM does not perform mutual authentication with the gateway server host. This may allow an attacker to perform a man in the middle attack that modifies parameters making the network connection fail. | ||||
| CVE-2022-26303 | 1 Openautomationsoftware | 1 Oas Platform | 2024-11-21 | 7.5 High |
| An external config control vulnerability exists in the OAS Engine SecureAddUser functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to the creation of an OAS user account. An attacker can send a sequence of requests to trigger this vulnerability. | ||||
| CVE-2022-26267 | 1 Piwigo | 1 Piwigo | 2024-11-21 | 7.5 High |
| Piwigo v12.2.0 was discovered to contain an information leak via the action parameter in /admin/maintenance_actions.php. | ||||
| CVE-2022-26143 | 1 Mitel | 2 Micollab, Mivoice Business Express | 2024-11-21 | 9.8 Critical |
| The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 allows remote attackers to obtain sensitive information and cause a denial of service (performance degradation and excessive outbound traffic). This was exploited in the wild in February and March 2022 for the TP240PhoneHome DDoS attack. | ||||
| CVE-2022-26082 | 1 Openautomationsoftware | 1 Oas Platform | 2024-11-21 | 9.1 Critical |
| A file write vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability. | ||||
| CVE-2022-26067 | 1 Openautomationsoftware | 1 Oas Platform | 2024-11-21 | 4.9 Medium |
| An information disclosure vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to arbitrary file read. An attacker can send a sequence of requests to trigger this vulnerability. | ||||
| CVE-2022-26043 | 1 Openautomationsoftware | 1 Oas Platform | 2024-11-21 | 7.5 High |
| An external config control vulnerability exists in the OAS Engine SecureAddSecurity functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to the creation of a custom Security Group. An attacker can send a sequence of requests to trigger this vulnerability. | ||||
| CVE-2022-26026 | 1 Openautomationsoftware | 1 Oas Platform | 2024-11-21 | 7.5 High |
| A denial of service vulnerability exists in the OAS Engine SecureConfigValues functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted network request can lead to loss of communications. An attacker can send a network request to trigger this vulnerability. | ||||
| CVE-2022-25922 | 1 Hegemonelectronics | 2 Plc4trucks, Plc4trucks Firmware | 2024-11-21 | 6.1 Medium |
| Power Line Communications PLC4TRUCKS J2497 trailer brake controllers implement diagnostic functions which can be invoked by replaying J2497 messages. There is no authentication or authorization for these functions. | ||||
| CVE-2022-25508 | 1 Freetakserver-ui Project | 1 Freetakserver-ui | 2024-11-21 | 7.5 High |
| An access control issue in the component /ManageRoute/postRoute of FreeTAKServer v1.9.8 allows unauthenticated attackers to cause a Denial of Service (DoS) via an unusually large amount of created routes, or create unsafe or false routes for legitimate users. | ||||
| CVE-2022-25359 | 1 Iclinks | 3 Scadaflex Ii, Scadaflex Ii Firmware, Weblib | 2024-11-21 | 9.1 Critical |
| On ICL ScadaFlex II SCADA Controller SC-1 and SC-2 1.03.07 devices, unauthenticated remote attackers can overwrite, delete, or create files. | ||||
| CVE-2022-25251 | 1 Ptc | 2 Axeda Agent, Axeda Desktop Server | 2024-11-21 | 9.8 Critical |
| When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send certain XML messages to a specific port without proper authentication. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to read and modify the affected product’s configuration. | ||||
| CVE-2022-25250 | 1 Ptc | 2 Axeda Agent, Axeda Desktop Server | 2024-11-21 | 7.5 High |
| When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send a certain command to a specific port without authentication. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to shut down a specific service. | ||||
| CVE-2022-25247 | 1 Ptc | 2 Axeda Agent, Axeda Desktop Server | 2024-11-21 | 9.8 Critical |
| Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send certain commands to a specific port without authentication. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to obtain full file-system access and remote code execution. | ||||
| CVE-2022-25245 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2024-11-21 | 5.3 Medium |
| Zoho ManageEngine ServiceDesk Plus before 13001 allows anyone to know the organisation's default currency name. | ||||
| CVE-2022-25008 | 1 Totolink | 4 Ex1200t, Ex1200t Firmware, Ex300 V2 and 1 more | 2024-11-21 | 8.8 High |
| totolink EX300_v2 V4.0.3c.140_B20210429 and EX1200T V4.1.2cu.5230_B20210706 does not contain an authentication mechanism. | ||||
| CVE-2022-24990 | 1 Terra-master | 30 F2-210, F2-221, F2-223 and 27 more | 2024-11-21 | 7.5 High |
| TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative password by sending "User-Agent: TNAS" to module/api.php?mobile/webNasIPS and then reading the PWD field in the response. | ||||
| CVE-2022-24935 | 1 Lexmark | 2 Lexmark, Lexmark Firmware | 2024-11-21 | 7.5 High |
| Lexmark products through 2022-02-10 have Incorrect Access Control. | ||||