Vulnerabilities (CVE)

Filtered by CWE-829
Total 123 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-2551 1 Bumsys Project 1 Bumsys 2024-02-28 N/A 8.8 HIGH
PHP Remote File Inclusion in GitHub repository unilogies/bumsys prior to 2.1.1.
CVE-2023-21440 1 Samsung 1 Android 2024-02-28 N/A 5.5 MEDIUM
Improper access control vulnerability in WindowManagerService prior to SMR Feb-2023 Release 1 allows attackers to take a screen capture.
CVE-2023-26053 1 Gradle 1 Gradle 2024-02-28 N/A 9.8 CRITICAL
Gradle is a build tool with a focus on build automation and support for multi-language development. This is a collision attack on long IDs (64bits) for PGP keys. Users of dependency verification in Gradle are vulnerable if they use long IDs for PGP keys in a `trusted-key` or `pgp` element in their dependency verification metadata file. The fix is to fail dependency verification if anything but a fingerprint is used in a trust element in dependency verification metadata. The problem is fixed in Gradle 8.0 and above. The problem is also patched in Gradle 6.9.4 and 7.6.1. As a workaround, use only full fingerprint IDs for `trusted-key` or `pgp` element in the metadata is a protection against this issue.
CVE-2022-24119 1 Ge 16 Inet 900, Inet 900 Firmware, Inet Ii 900 and 13 more 2024-02-28 N/A 9.8 CRITICAL
Certain General Electric Renewable Energy products have a hidden feature for unauthenticated remote access to the device configuration shell. This affects iNET and iNET II before 8.3.0.
CVE-2022-4134 2 Openstack, Redhat 2 Glance, Openstack 2024-02-28 N/A 2.8 LOW
A flaw was found in openstack-glance. This issue could allow a remote, authenticated attacker to tamper with images, compromising the integrity of virtual machines created using these modified images.
CVE-2022-30244 1 Honeywell 2 Alerton Ascent Control Module, Alerton Ascent Control Module Firmware 2024-02-28 N/A 8.0 HIGH
Honeywell Alerton Ascent Control Module (ACM) through 2022-05-04 allows unauthenticated programming writes from remote users. This enables code to be store on the controller and then run without verification. A user with malicious intent can send a crafted packet to change and/or stop the program without the knowledge of other users, altering the controller's function. After the programming change, the program needs to be overwritten in order for the controller to restore its original operational function.
CVE-2022-34121 1 Cuppacms 1 Cuppacms 2024-02-28 N/A 7.5 HIGH
Cuppa CMS v1.0 was discovered to contain a local file inclusion (LFI) vulnerability via the component /templates/default/html/windows/right.php.
CVE-2022-30243 1 Honeywell 2 Alterton Visual Logic, Alterton Visual Logic Firmware 2024-02-28 N/A 8.8 HIGH
Honeywell Alerton Visual Logic through 2022-05-04 allows unauthenticated programming writes from remote users. This enables code to be stored on the controller and then run without verification. A user with malicious intent can send a crafted packet to change and/or stop the program without the knowledge of other users, altering the controller's function. After the programming change, the program needs to be overwritten in order for the controller to restore its original operational function.
CVE-2022-22246 1 Juniper 1 Junos 2024-02-28 N/A 8.8 HIGH
A PHP Local File Inclusion (LFI) vulnerability in the J-Web component of Juniper Networks Junos OS may allow a low-privileged authenticated attacker to execute an untrusted PHP file. By chaining this vulnerability with other unspecified vulnerabilities, and by circumventing existing attack requirements, successful exploitation could lead to a complete system compromise. This issue affects Juniper Networks Junos OS: all versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S6; 19.4 versions prior to 19.4R2-S7, 19.4R3-S8; 20.1 versions prior to 20.1R3-S5; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S2; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R2-S2, 21.3R3; 21.4 versions prior to 21.4R1-S2, 21.4R2-S1, 21.4R3; 22.1 versions prior to 22.1R1-S1, 22.1R2.
CVE-2022-33317 2 Iconics, Mitsubishielectric 2 Genesis64, Mc Works64 2024-02-28 N/A 7.8 HIGH
Inclusion of Functionality from Untrusted Control Sphere vulnerability in ICONICS GENESIS64 versions 10.97.1 and prior and Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior allows an unauthenticated attacker to execute an arbitrary malicious code by leading a user to load a monitoring screen file including malicious script codes.
CVE-2022-37191 1 Cuppacms 1 Cuppacms 2024-02-28 N/A 6.5 MEDIUM
The component "cuppa/api/index.php" of CuppaCMS v1.0 is Vulnerable to LFI. An authenticated user can read system files via crafted POST request using [function] parameter value as LFI payload.
CVE-2022-24824 1 Discourse 1 Discourse 2024-02-28 5.0 MEDIUM 5.3 MEDIUM
Discourse is an open source platform for community discussion. In affected versions an attacker can poison the cache for anonymous (i.e. not logged in) users, such that the users are shown the crawler view of the site instead of the HTML page. This can lead to a partial denial-of-service. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. There are no known workarounds for this issue.
CVE-2022-24232 1 Hospital\'s Patient Records Management System Project 1 Hospital\'s Patient Records Management System 2024-02-28 6.8 MEDIUM 7.8 HIGH
A local file inclusion in Hospital Patient Record Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2022-25485 1 Cuppacms 1 Cuppacms 2024-02-28 6.8 MEDIUM 7.8 HIGH
CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertLightbox.php.
CVE-2022-1161 1 Rockwellautomation 48 Compact Guardlogix 5370, Compact Guardlogix 5370 Firmware, Compact Guardlogix 5380 and 45 more 2024-02-28 7.5 HIGH 9.8 CRITICAL
An attacker with the ability to modify a user program may change user program code on some ControlLogix, CompactLogix, and GuardLogix Control systems. Studio 5000 Logix Designer writes user-readable program code to a separate location than the executed compiled code, allowing an attacker to change one and not the other.
CVE-2022-25486 1 Cuppacms 1 Cuppacms 2024-02-28 6.8 MEDIUM 7.8 HIGH
CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertConfigField.php.
CVE-2022-22308 1 Ibm 1 Planning Analytics 2024-02-28 6.8 MEDIUM 7.8 HIGH
IBM Planning Analytics 2.0 is vulnerable to a Remote File Include (RFI) attack. User input could be passed into file include commands and the web application could be tricked into including remote files with malicious code. IBM X-Force ID: 216891.
CVE-2022-23630 1 Gradle 1 Gradle 2024-02-28 6.0 MEDIUM 7.5 HIGH
Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, Gradle may skip that verification and accept a dependency that would otherwise fail the build as an untrusted external artifact. This occurs when dependency verification is disabled on one or more configurations and those configurations have common dependencies with other configurations that have dependency verification enabled. If the configuration that has dependency verification disabled is resolved first, Gradle does not verify the common dependencies for the configuration that has dependency verification enabled. Gradle 7.4 fixes that issue by validating artifacts at least once if they are present in a resolved configuration that has dependency verification active. For users who cannot update either do not use `ResolutionStrategy.disableDependencyVerification()` and do not use plugins that use that method to disable dependency verification for a single configuration or make sure resolution of configuration that disable that feature do not happen in builds that resolve configuration where the feature is enabled.
CVE-2021-4229 1 Ua-parser-js Project 1 Ua-parser-js 2024-02-28 7.6 HIGH 8.8 HIGH
A vulnerability was found in ua-parser-js 0.7.29/0.8.0/1.0.0. It has been rated as critical. This issue affects the crypto mining component which introduces a backdoor. Upgrading to version 0.7.30, 0.8.1 and 1.0.1 is able to address this issue. It is recommended to upgrade the affected component.
CVE-2021-41841 1 Insyde 1 Insydeh2o 2024-02-28 7.2 HIGH 8.2 HIGH
An issue was discovered in AhciBusDxe in the kernel 5.0 through 5.5 in Insyde InsydeH2O. There is an SMM callout that allows an attacker to access the System Management Mode and execute arbitrary code. This occurs because of Inclusion of Functionality from an Untrusted Control Sphere.