CVE-2022-38540 Archery v1.4.0 to v1.8.5 had a SQL injection vulnerability in the create_kill_session interface.
An attacker could exploit this vulnerability to execute SQL commands with the privileges of the user that requested the kill_session. This could lead to
CVE-2022-38541 Archery v1.8.3 to v1.8.5 had multiple SQL injection vulnerabilities in the my2sql interface.
An attacker can exploit these vulnerabilities to inject arbitrary SQL statements into the database and take advantage of database ACLs that permit only certain actions
CVE-2022-38616 The SmartVista SVFE2 v2.2.22 had a SQL injection vulnerability in the UserForm:j_id90 parameter.
A successful exploitation could lead to access to critical program functions and possibly system takeover. In addition to the SQL injection issue discovered, SmartVista SVFE2
CVE-2022-39151 V33.1-V33.1.262 has a vulnerability. V34.0-V34.1.242 has a vulnerability. V35.0 has no vulnerabilities.
An out of bounds write past the end of an allocated buffer while parsing specially crafted X_T files. This could allow an attacker to
CVE-2022-39146 V33.1-V33.1.262 has a vulnerability. V34.0-V34.1.242 has a vulnerability. V35.0 has no vulnerabilities.
A vulnerability has been identified in the OpenSCADA software. The application does not properly sanitize user-supplied input before using it in a SQL query. An
Episode
00:00:00
00:00:00