Total
1225 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-43999 | 1 Backclick | 1 Backclick | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue was discovered in BACKCLICK Professional 5.9.63. Due to exposed CORBA management services, arbitrary system commands can be executed on the server. | |||||
| CVE-2022-43990 | 1 Sick | 2 Sim1012-0p0g200, Sim1012-0p0g200 Firmware | 2024-11-21 | N/A | 7.3 HIGH |
| Password recovery vulnerability in SICK SIM1012 Partnumber 1098146 with firmware version <2.2.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The recommended solution is to update the firmware to a version >= 2.2.0 as soon as possible (available in SICK Support Portal). | |||||
| CVE-2022-43989 | 1 Sick | 4 Sim2000-2p04g10, Sim2000-2p04g10 Firmware, Sim2500-2p03g10 and 1 more | 2024-11-21 | N/A | 7.3 HIGH |
| Password recovery vulnerability in SICK SIM2x00 (ARM) Partnumber 1092673 and 1081902 with firmware version < 1.2.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The recommended solution is to update the firmware to a version >= 1.2.0 as soon as possible (available in SICK Support Portal). | |||||
| CVE-2022-43761 | 1 Br-automation | 1 Industrial Automation Aprol | 2024-11-21 | N/A | 9.4 CRITICAL |
| Missing authentication when creating and managing the B&R APROL database in versions < R 4.2-07 allows reading and changing the system configuration. | |||||
| CVE-2022-43555 | 1 Ivanti | 1 Avalanche | 2024-11-21 | N/A | 7.8 HIGH |
| Ivanti Avalanche Printer Device Service Missing Authentication Local Privilege Escalation Vulnerability | |||||
| CVE-2022-43554 | 1 Ivanti | 1 Avalanche | 2024-11-21 | N/A | 7.8 HIGH |
| Ivanti Avalanche Smart Device Service Missing Authentication Local Privilege Escalation Vulnerability | |||||
| CVE-2022-42982 | 1 Bund | 1 Bkg Professional Ntripcaster | 2024-11-21 | N/A | 7.5 HIGH |
| BKG Professional NtripCaster 2.0.39 allows querying information over the UDP protocol without authentication. The NTRIP sourcetable is typically quite long (tens of kBs) and can be requested with a packet of only 30 bytes. This presents a vector that can be used for UDP amplification attacks. Normally, only authenticated streaming data will be provided over UDP and not the sourcetable. | |||||
| CVE-2022-42970 | 2 Microsoft, Schneider-electric | 8 Windows 10, Windows 11, Windows 7 and 5 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| A CWE-306: Missing Authentication for Critical Function The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GS-01-22261) | |||||
| CVE-2022-42785 | 1 Wut | 34 At-modem-emulator, At-modem-emulator Firmware, Com-server 20ma and 31 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| Multiple W&T products of the ComServer Series are prone to an authentication bypass. An unathenticated remote attacker, can log in without knowledge of the password by crafting a modified HTTP GET Request. | |||||
| CVE-2022-42473 | 1 Fortinet | 1 Fortisoar | 2024-11-21 | N/A | 5.3 MEDIUM |
| A missing authentication for a critical function vulnerability in Fortinet FortiSOAR 6.4.0 - 6.4.4 and 7.0.0 - 7.0.3 and 7.2.0 allows an attacker to disclose information via logging into the database using a privileged account without a password. | |||||
| CVE-2022-42277 | 1 Nvidia | 2 Dgx Station A100, Dgx Station A100 Firmware | 2024-11-21 | N/A | 7.5 HIGH |
| NVIDIA DGX Station contains a vulnerability in SBIOS in the SmiFlash, where a local user with elevated privileges can read, write and erase flash, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can extend to other components. | |||||
| CVE-2022-42276 | 1 Nvidia | 2 Dgx A100, Dgx A100 Firmware | 2024-11-21 | N/A | 7.5 HIGH |
| NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmiFlash, where a local user with elevated privileges can read, write and erase flash, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can extend to other components. | |||||
| CVE-2022-42275 | 1 Nvidia | 2 Bmc, Dgx A100 | 2024-11-21 | N/A | 7.7 HIGH |
| NVIDIA BMC IPMI handler allows an unauthenticated host to write to a host SPI flash bypassing secureboot protections. This may lead to a loss of integrity and denial of service. | |||||
| CVE-2022-41776 | 1 Deltaww | 1 Infrasuite Device Master | 2024-11-21 | N/A | 7.5 HIGH |
| Delta Electronics InfraSuite Device Master versions 00.00.01a and prior allow unauthenticated users to trigger the WriteConfiguration method, which could allow an attacker to provide new values for user configuration files such as UserListInfo.xml. This could lead to the changing of administrative passwords. | |||||
| CVE-2022-41688 | 1 Deltaww | 1 Infrasuite Device Master | 2024-11-21 | N/A | 9.8 CRITICAL |
| Delta Electronics InfraSuite Device Master versions 00.00.01a and prior lack proper authentication for functions that create and modify user groups. An attacker could provide malicious serialized objects that could run these functions without authentication to create a new user and add them to the administrator group. | |||||
| CVE-2022-41644 | 1 Deltaww | 1 Infrasuite Device Master | 2024-11-21 | N/A | 8.8 HIGH |
| Delta Electronics InfraSuite Device Master versions 00.00.01a and prior lacks authentication for a function that changes group privileges. An attacker could use this to create a denial-of-service state or escalate their own privileges. | |||||
| CVE-2022-41629 | 1 Deltaww | 1 Infrasuite Device Master | 2024-11-21 | N/A | 7.5 HIGH |
| Delta Electronics InfraSuite Device Master versions 00.00.01a and prior allow unauthenticated users to access the aprunning endpoint, which could allow an attacker to retrieve any file from the “RunningConfigs” directory. The attacker could then view and modify configuration files such as UserListInfo.xml, which would allow them to see existing administrative passwords. | |||||
| CVE-2022-41331 | 1 Fortinet | 1 Fortiproxy | 2024-11-21 | N/A | 9.8 CRITICAL |
| A missing authentication for critical function vulnerability [CWE-306] in FortiPresence infrastructure server before version 1.2.1 allows a remote, unauthenticated attacker to access the Redis and MongoDB instances via crafted authentication requests. | |||||
| CVE-2022-40725 | 1 Pingidentity | 1 Desktop | 2024-11-21 | N/A | 7.3 HIGH |
| PingID Desktop prior to the latest released version 1.7.4 contains a vulnerability that can be exploited to bypass the maximum PIN attempts permitted before the time-based lockout is activated. | |||||
| CVE-2022-40202 | 1 Deltaww | 1 Infrasuite Device Master | 2024-11-21 | N/A | 9.8 CRITICAL |
| The database backup function in Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior lacks proper authentication. An attacker could provide malicious serialized objects which, when deserialized, could activate an opcode for a backup scheduling function without authentication. This function allows the user to designate all function arguments and the file to be executed. This could allow the attacker to start any new process and achieve remote code execution. | |||||