Vulnerabilities (CVE)

Total 200753 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-40204 2022-12-01 N/A N/A
A cross-site scripting (XSS) vulnerability exists in all current versions of Digital Alert Systems DASDEC software via the Host Header in undisclosed pages after login.
CVE-2019-18265 2022-12-01 N/A N/A
Digital Alert Systems’ DASDEC software prior to version 4.1 contains a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web script or HTML via the SSH username, username field of the login page, or via the HTTP host header. The injected content is stored in logs and rendered when viewed in the web application.
CVE-2022-46162 2022-11-30 N/A N/A
discourse-bbcode is the official BBCode plugin for Discourse. Prior to commit 91478f5, CSS injection can occur when rendering content generated with the discourse-bccode plugin. This vulnerability only affects sites which have the discourse-bbcode plugin installed and enabled. This issue is patched in commit 91478f5. As a workaround, ensure that the Content Security Policy is enabled and monitor any posts that contain bbcode.
CVE-2022-41413 2022-11-30 N/A N/A
perfSONAR v4.x <= v4.4.5 was discovered to contain a Cross-Site Request Forgery (CSRF) which is triggered when an attacker injects crafted input into the Search function.
CVE-2022-41412 2022-11-30 N/A N/A
An issue in the graphData.cgi component of perfSONAR v4.4.5 and prior allows attackers to access sensitive data and execute Server-Side Request Forgery (SSRF) attacks.
CVE-2022-40282 2022-11-30 N/A N/A
The web server of Hirschmann BAT-C2 before 09.13.01.00R04 allows authenticated command injection. This allows an authenticated attacker to pass commands to the shell of the system because the dir parameter of the FsCreateDir Ajax function is not sufficiently sanitized. The vendor's ID is BSECV-2022-21.
CVE-2022-41082 1 Microsoft 1 Exchange Server 2022-11-30 N/A 8.8 HIGH
Microsoft Exchange Server Remote Code Execution Vulnerability.
CVE-2022-41040 1 Microsoft 1 Exchange Server 2022-11-30 N/A 8.8 HIGH
Microsoft Exchange Server Elevation of Privilege Vulnerability.
CVE-2020-15503 2 Fedoraproject, Libraw 2 Fedora, Libraw 2022-11-30 5.0 MEDIUM 7.5 HIGH
LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affects decoders/unpack_thumb.cpp, postprocessing/mem_image.cpp, and utils/thumb_utils.cpp. For example, malloc(sizeof(libraw_processed_image_t)+T.tlength) occurs without validating T.tlength.
CVE-2019-6543 1 Aveva 2 Indusoft Web Studio, Intouch Machine Edition 2014 2022-11-30 10.0 HIGH 9.8 CRITICAL
AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI (formerly InTouch Machine Edition) prior to Version 2017 Update. Code is executed under the program runtime privileges, which could lead to the compromise of the machine.
CVE-2019-4442 1 Ibm 1 Websphere Application Server 2022-11-30 4.0 MEDIUM 4.3 MEDIUM
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9,0 could allow a remote attacker to traverse directories on the file system. An attacker could send a specially-crafted URL request to view arbitrary files on the system but not content. IBM X-Force ID: 163226.
CVE-2019-6522 1 Moxa 8 Eds-405a, Eds-405a Firmware, Eds-408a and 5 more 2022-11-30 8.5 HIGH 9.1 CRITICAL
Moxa IKS and EDS fails to properly check array bounds which may allow an attacker to read device memory on arbitrary addresses, and may allow an attacker to retrieve sensitive data or cause device reboot.
CVE-2019-6562 1 Philips 1 Tasy Emr 2022-11-30 3.5 LOW 5.4 MEDIUM
In Philips Tasy EMR, Tasy EMR Versions 3.02.1744 and prior, the software incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CVE-2019-6565 1 Moxa 8 Eds-405a, Eds-405a Firmware, Eds-408a and 5 more 2022-11-30 4.3 MEDIUM 6.1 MEDIUM
Moxa IKS and EDS fails to properly validate user input, giving unauthenticated and authenticated attackers the ability to perform XSS attacks, which may be used to send a malicious script.
CVE-2019-6561 1 Moxa 8 Eds-405a, Eds-405a Firmware, Eds-408a and 5 more 2022-11-30 6.8 MEDIUM 8.8 HIGH
Cross-site request forgery has been identified in Moxa IKS and EDS, which may allow for the execution of unauthorized actions on the device.
CVE-2022-46156 2022-11-30 N/A N/A
The Synthetic Monitoring Agent for Grafana's Synthetic Monitoring application provides probe functionality and executes network checks for monitoring remote targets. Users running the Synthetic Monitoring agent prior to version 0.12.0 in their local network are impacted. The authentication token used to communicate with the Synthetic Monitoring API is exposed through a debugging endpoint. This token can be used to retrieve the Synthetic Monitoring checks created by the user and assigned to the agent identified with that token. The Synthetic Monitoring API will reject connections from already-connected agents, so access to the token does not guarantee access to the checks. Version 0.12.0 contains a fix. Users are advised to rotate the agent tokens. After upgrading to version v0.12.0 or later, it's recommended that users of distribution packages review the configuration stored in `/etc/synthetic-monitoring/synthetic-monitoring-agent.conf`, specifically the `API_TOKEN` variable which has been renamed to `SM_AGENT_API_TOKEN`. As a workaround for previous versions, it's recommended that users review the agent settings and set the HTTP listening address in a manner that limits the exposure, for example, localhost or a non-routed network, by using the command line parameter `-listen-address`, e.g. `-listen-address localhost:4050`.
CVE-2019-6559 1 Moxa 8 Eds-405a, Eds-405a Firmware, Eds-408a and 5 more 2022-11-30 4.0 MEDIUM 6.5 MEDIUM
Moxa IKS and EDS allow remote authenticated users to cause a denial of service via a specially crafted packet, which may cause the switch to crash.
CVE-2019-6548 1 Ge 1 Ge Communicator 2022-11-30 6.8 MEDIUM 9.8 CRITICAL
GE Communicator, all versions prior to 4.0.517, contains two backdoor accounts with hardcoded credentials, which may allow control over the database. This service is inaccessible to attackers if Windows default firewall settings are used by the end user.
CVE-2019-6557 1 Moxa 8 Eds-405a, Eds-405a Firmware, Eds-408a and 5 more 2022-11-30 7.5 HIGH 9.8 CRITICAL
Several buffer overflow vulnerabilities have been identified in Moxa IKS and EDS, which may allow remote code execution.
CVE-2019-6555 1 Hornerautomation 1 Cscape 2022-11-30 6.8 MEDIUM 7.8 HIGH
Cscape, 9.80 SP4 and prior. An improper input validation vulnerability may be exploited by processing specially crafted POC files. This may allow an attacker to read confidential information and remotely execute arbitrary code.