Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-45088

Summary
Assigner-TR-CERT
Assigner Org ID-ca940d4e-fea4-4aa2-9a58-591a58b1ce21
Published At-08 Feb, 2023 | 18:50
Updated At-24 Mar, 2025 | 19:48
Rejected At-
Credits

Local File Inclusion in Smartpower Web

Improper Input Validation vulnerability in Group Arge Energy and Control Systems Smartpower Web allows PHP Local File Inclusion.This issue affects Smartpower Web: before 23.01.01.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:TR-CERT
Assigner Org ID:ca940d4e-fea4-4aa2-9a58-591a58b1ce21
Published At:08 Feb, 2023 | 18:50
Updated At:24 Mar, 2025 | 19:48
Rejected At:
▼CVE Numbering Authority (CNA)
Local File Inclusion in Smartpower Web

Improper Input Validation vulnerability in Group Arge Energy and Control Systems Smartpower Web allows PHP Local File Inclusion.This issue affects Smartpower Web: before 23.01.01.

Affected Products
Vendor
Group Arge Energy and Control Systems
Product
Smartpower Web
Default Status
unaffected
Versions
Affected
  • From 0 before 23.01.01 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-20CWE-20 Improper Input Validation
Type: CWE
CWE ID: CWE-20
Description: CWE-20 Improper Input Validation
Metrics
VersionBase scoreBase severityVector
3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-252CAPEC-252 PHP Local File Inclusion
CAPEC ID: CAPEC-252
Description: CAPEC-252 PHP Local File Inclusion
Solutions

Update the software to >= 23.01.01

Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Vulnerability detected2022-11-08 14:44:00
CVE ID reservation 2022-11-09 10:35:00
Vendor informed2022-11-09 12:00:00
Patch published by vendor2023-01-01 10:00:00
Government advisory published2023-02-08 13:00:00
CVE published2023-02-08 14:50:00
Event: Vulnerability detected
Date: 2022-11-08 14:44:00
Event: CVE ID reservation
Date: 2022-11-09 10:35:00
Event: Vendor informed
Date: 2022-11-09 12:00:00
Event: Patch published by vendor
Date: 2023-01-01 10:00:00
Event: Government advisory published
Date: 2023-02-08 13:00:00
Event: CVE published
Date: 2023-02-08 14:50:00
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.usom.gov.tr/bildirim/tr-23-0066
government-resource
Hyperlink: https://www.usom.gov.tr/bildirim/tr-23-0066
Resource:
government-resource
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.usom.gov.tr/bildirim/tr-23-0066
government-resource
x_transferred
Hyperlink: https://www.usom.gov.tr/bildirim/tr-23-0066
Resource:
government-resource
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:iletisim@usom.gov.tr
Published At:12 Feb, 2023 | 04:15
Updated At:07 Nov, 2023 | 03:54

Improper Input Validation vulnerability in Group Arge Energy and Control Systems Smartpower Web allows PHP Local File Inclusion.This issue affects Smartpower Web: before 23.01.01.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Secondary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches
gruparge
gruparge
>>smartpower_web>>Versions before 23.01.01(exclusive)
cpe:2.3:a:gruparge:smartpower_web:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Primarynvd@nist.gov
CWE-20Secondaryiletisim@usom.gov.tr
CWE ID: CWE-20
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-20
Type: Secondary
Source: iletisim@usom.gov.tr
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.usom.gov.tr/bildirim/tr-23-0066iletisim@usom.gov.tr
Third Party Advisory
Hyperlink: https://www.usom.gov.tr/bildirim/tr-23-0066
Source: iletisim@usom.gov.tr
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

516Records found
CVE-2020-0471
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-9.8||CRITICAL
EPSS-2.46% / 85.02%
||
7 Day CHG~0.00%
Published-11 Jan, 2021 | 21:47
Updated-04 Aug, 2024 | 06:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In reassemble_and_dispatch of packet_fragmenter.cc, there is a possible way to inject packets into an encrypted Bluetooth connection due to improper input validation. This could lead to remote escalation of privilege between two Bluetooth devices by a proximal attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-8.0, Android-8.1, Android-9, Android-10, Android-11; Android ID: A-169327567.

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-20
Improper Input Validation
CVE-2021-3028
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.05% / 77.35%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 16:14
Updated-03 Aug, 2024 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

git-big-picture before 1.0.0 mishandles ' characters in a branch name, leading to code execution.

Action-Not Available
Vendor-git-big-picture_projectn/a
Product-git-big-picturen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2023-36049
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.6||HIGH
EPSS-3.49% / 87.41%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 20:18
Updated-09 Oct, 2025 | 00:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability

.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_server_2022.net_frameworkwindows_11_23h2windows_10_21h2windows_10_1809visual_studio_2022.netwindows_10_22h2windows_11_22h2windows_server_2019windows_10_1607Microsoft .NET Framework 4.6.2.NET 7.0Microsoft Visual Studio 2022 version 17.6Microsoft Visual Studio 2022 version 17.4.NET 8.0Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2.NET 6.0Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2Microsoft .NET Framework 3.5 AND 4.7.2Microsoft .NET Framework 4.8Microsoft Visual Studio 2022 version 17.7Microsoft .NET Framework 3.0 Service Pack 2Microsoft Visual Studio 2022 version 17.2Microsoft .NET Framework 3.5.1Microsoft .NET Framework 3.5 AND 4.8.1Microsoft .NET Framework 3.5 AND 4.6/4.6.2Microsoft .NET Framework 2.0 Service Pack 2Microsoft .NET Framework 3.5Microsoft .NET Framework 3.5 AND 4.8
CWE ID-CWE-20
Improper Input Validation
CVE-2023-36619
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.88% / 75.22%
||
7 Day CHG~0.00%
Published-04 Oct, 2023 | 00:00
Updated-19 Sep, 2024 | 19:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Atos Unify OpenScape Session Border Controller through V10 R3.01.03 allows execution of administrative scripts by unauthenticated users.

Action-Not Available
Vendor-unifyn/a
Product-session_border_controllern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2023-35365
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.96% / 83.29%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 17:03
Updated-01 Jan, 2025 | 01:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607Windows Server 2022Windows 10 Version 1607Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2012 (Server Core installation)Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-20
Improper Input Validation
CVE-2023-34152
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-74.84% / 98.85%
||
7 Day CHG~0.00%
Published-30 May, 2023 | 00:00
Updated-13 Jan, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was found in ImageMagick. This security flaw cause a remote code execution vulnerability in OpenBlob with --enable-pipes configured.

Action-Not Available
Vendor-n/aRed Hat, Inc.Fedora ProjectImageMagick Studio LLC
Product-extra_packages_for_enterprise_linuxfedoraenterprise_linuximagemagickImageMagick
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-35349
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.16% / 78.41%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 17:07
Updated-14 Apr, 2025 | 22:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607Windows 10 Version 1607Windows Server 2008 Service Pack 2Windows Server 2012 (Server Core installation)Windows Server 2016 (Server Core installation)Windows 11 version 22H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 1809Windows 10 Version 22H2Windows Server 2016Windows Server 2012 R2Windows 10 Version 1507Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2012Windows Server 2012 R2 (Server Core installation)Windows 11 version 21H2Windows Server 2022Windows Server 2019Windows 10 Version 21H2
CWE ID-CWE-20
Improper Input Validation
CVE-2021-27388
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-9.8||CRITICAL
EPSS-1.86% / 82.86%
||
7 Day CHG~0.00%
Published-15 Jun, 2021 | 19:40
Updated-03 Aug, 2024 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SINAMICS medium voltage routable products are affected by a vulnerability in the Sm@rtServer component for remote access that could allow an unauthenticated attacker to cause a denial-of-service condition, and/or execution of limited configuration modifications and/or execution of limited control commands on the SINAMICS Medium Voltage Products, Remote Access (SINAMICS SL150: All versions, SINAMICS SM150: All versions, SINAMICS SM150i: All versions).

Action-Not Available
Vendor-n/aSiemens AG
Product-sinamics_sl150sinamics_sm150isinamics_sm150_firmwaresinamics_sl150_firmwaresinamics_sm150i_firmwaresinamics_sm150SINAMICS Medium Voltage Products, Remote Access
CWE ID-CWE-20
Improper Input Validation
CVE-2020-11805
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.44% / 63.05%
||
7 Day CHG~0.00%
Published-25 Sep, 2020 | 03:31
Updated-04 Aug, 2024 | 11:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Pexip Reverse Proxy and TURN Server before 6.1.0 has Incorrect UDP Access Control via TURN.

Action-Not Available
Vendor-pexipn/a
Product-reverse_proxy_and_turn_serverpexip_infinityn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2023-35366
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.73% / 82.25%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 17:03
Updated-01 Jan, 2025 | 01:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607Windows Server 2022Windows 10 Version 1607Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2012 (Server Core installation)Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-20
Improper Input Validation
CVE-2020-1025
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.8||CRITICAL
EPSS-13.80% / 94.17%
||
7 Day CHG~0.00%
Published-14 Jul, 2020 | 22:53
Updated-23 Feb, 2026 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Office Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OAuth token validation. An attacker who successfully exploited the vulnerability could bypass authentication and achieve improper access. To exploit this vulnerability, an attacker would need to modify the token. The update addresses the vulnerability by modifying how Microsoft SharePoint Server and Skype for Business Server validate tokens.

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_enterprise_serverskype_for_businesssharepoint_foundationsharepoint_serverlyncMicrosoft SharePoint Server 2019Microsoft SharePoint Foundation 2013 Service Pack 1Microsoft Lync Server 2013Microsoft SharePoint Enterprise Server 2016Skype for Business Server 2015 CU 8Skype for Business Server 2019 CU2
CWE ID-CWE-20
Improper Input Validation
CVE-2023-34111
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.1||HIGH
EPSS-0.33% / 55.91%
||
7 Day CHG-0.10%
Published-06 Jun, 2023 | 16:29
Updated-07 Jan, 2025 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Command Injection Vulnerability in `Release PR Merged` Workflow in taosdata/grafanaplugin

The `Release PR Merged` workflow in the github repo taosdata/grafanaplugin is subject to a command injection vulnerability which allows for arbitrary code execution within the github action context due to the insecure usage of `${{ github.event.pull_request.title }}` in a bash command within the GitHub workflow. Attackers can inject malicious commands which will be executed by the workflow. This happens because `${{ github.event.pull_request.title }}` is directly passed to bash command on like 25 of the workflow. This may allow an attacker to gain access to secrets which the github action has access to or to otherwise make use of the compute resources.

Action-Not Available
Vendor-tdenginetaosdata
Product-grafanagrafanaplugin
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-1602
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-8.2||HIGH
EPSS-1.62% / 81.58%
||
7 Day CHG~0.00%
Published-04 Aug, 2021 | 17:20
Updated-07 Nov, 2024 | 22:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV160 and RV260 Series VPN Routers Remote Command Execution Vulnerability

A vulnerability in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device using root-level privileges. Due to the nature of the vulnerability, only commands without parameters can be executed.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-small_business_rv260small_business_rv160small_business_rv260wsmall_business_rv_series_router_firmwaresmall_business_rv160wsmall_business_rv260pCisco Small Business RV Series Router Firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE ID-CWE-20
Improper Input Validation
CVE-2023-35367
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.73% / 82.25%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 17:03
Updated-01 Jan, 2025 | 01:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607Windows Server 2022Windows 10 Version 1607Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2012 (Server Core installation)Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-20
Improper Input Validation
CVE-2016-9026
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.52% / 66.47%
||
7 Day CHG~0.00%
Published-31 Dec, 2020 | 02:12
Updated-06 Aug, 2024 | 02:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Exponent CMS before 2.6.0 has improper input validation in fileController.php.

Action-Not Available
Vendor-exponentcmsn/a
Product-exponent_cmsn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2023-35797
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-0.24% / 47.35%
||
7 Day CHG-0.42%
Published-03 Jul, 2023 | 09:08
Updated-13 Feb, 2025 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Airflow Hive Provider Beeline RCE with Principal

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Hive Provider. This issue affects Apache Airflow Apache Hive Provider: before 6.1.1. Before version 6.1.1 it was possible to bypass the security check to RCE via principal parameter. For this to be exploited it requires access to modifying the connection details. It is recommended updating provider version to 6.1.1 in order to avoid this vulnerability.

Action-Not Available
Vendor-The Apache Software Foundation
Product-apache-airflow-providers-apache-hiveApache Airflow Apache Hive Providerapache-airflow-providers-apache-hive
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • ...
  • 9
  • 10
  • 11
  • Next
Details not found