Lista CVE - 2022 / Marzo
Visualizzazione 1801 - 1900 di 2065 CVE per Marzo 2022 (Pagina 19 di 21)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2022-1074 | 2022-03-29 | TEM FLEX-1085 injection |
| CVE-2022-1075 | 2022-03-29 | College Website Management System Contact cross site scripting |
| CVE-2022-1076 | 2022-03-29 | Automatic Question Paper Generator System My Account Page login.php cross site scripting |
| CVE-2022-1077 | 2022-03-29 | TEM FLEX-1080/FLEX-1085 Log information disclosure |
| CVE-2022-1078 | 2022-03-29 | SourceCodester College Website Management System sql injection |
| CVE-2022-1079 | 2022-03-29 | SourceCodester One Church Management System churchprofile.php cross site scripting |
| CVE-2022-1080 | 2022-03-29 | SourceCodester One Church Management System attendancy.php sql injection |
| CVE-2022-1081 | 2022-03-29 | SourceCodester Microfinance Management System addcustomerHandler.php cross site scripting |
| CVE-2022-1082 | 2022-03-29 | SourceCodester Microfinance Management System Login Page login.php sql injection |
| CVE-2022-1083 | 2022-03-29 | Microfinance Management System sql injection |
| CVE-2022-1084 | 2022-03-29 | SourceCodester One Church Management System Session userregister.php improper authentication |
| CVE-2022-1085 | 2022-03-29 | CLTPHP POST Parameter cross site scripting |
| CVE-2022-1086 | 2022-03-29 | DolphinPHP User Management Page cross site scripting |
| CVE-2022-1087 | 2022-03-29 | htmly Edit Profile Module cross site scripting |
| CVE-2021-46743 | 2022-03-29 | In Firebase PHP-JWT before 6.0.0, an algorithm-confusion issue (e.g., RS256 / HS256) exists via the kid (aka Key ID) header, when multiple types of keys are loaded in a key... |
| CVE-2022-1032 | 2022-03-29 | Insecure deserialization of not validated module file in crater-invoice/crater |
| CVE-2022-23059 | 2022-03-29 | Shopizer - Stored XSS in Manage Images |
| CVE-2022-23901 | 2022-03-29 | A stack overflow re2c 2.2 exists due to infinite recursion issues in src/dfa/dead_rules.cc. |
| CVE-2022-23903 | 2022-03-29 | A Cross Site Scripting (XSS) vulnerability exists in pearadmin pear-admin-think <=5.0.6, which allows a login account to access arbitrary functions and cause stored XSS through a fake User-Agent. |
| CVE-2022-28133 | 2022-03-29 | Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not limit URL schemes for callback URLs on OAuth consumers, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers... |
| CVE-2022-28134 | 2022-03-29 | Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to create, view, and delete BitBucket Server consumers. |
| CVE-2022-28135 | 2022-03-29 | Jenkins instant-messaging Plugin 1.41 and earlier stores passwords for group chats unencrypted in the global configuration file of plugins based on Jenkins instant-messaging Plugin on the Jenkins controller where they... |
| CVE-2022-28136 | 2022-03-29 | A cross-site request forgery (CSRF) vulnerability in Jenkins JiraTestResultReporter Plugin 165.v817928553942 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials. |
| CVE-2022-28137 | 2022-03-29 | A missing permission check in Jenkins JiraTestResultReporter Plugin 165.v817928553942 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. |
| CVE-2022-28138 | 2022-03-29 | A cross-site request forgery (CSRF) vulnerability in Jenkins RocketChat Notifier Plugin 1.4.10 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credential. |
| CVE-2022-28139 | 2022-03-29 | A missing permission check in Jenkins RocketChat Notifier Plugin 1.4.10 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. |
| CVE-2022-28140 | 2022-03-29 | Jenkins Flaky Test Handler Plugin 1.2.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. |
| CVE-2022-28141 | 2022-03-29 | Jenkins Proxmox Plugin 0.5.0 and earlier stores the Proxmox Datacenter password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access... |
| CVE-2022-28142 | 2022-03-29 | Jenkins Proxmox Plugin 0.6.0 and earlier disables SSL/TLS certificate validation globally for the Jenkins controller JVM when configured to ignore SSL/TLS issues. |
| CVE-2022-28143 | 2022-03-29 | A cross-site request forgery (CSRF) vulnerability in Jenkins Proxmox Plugin 0.7.0 and earlier allows attackers to connect to an attacker-specified host using attacker-specified username and password (perform a connection test),... |
| CVE-2022-28144 | 2022-03-29 | Jenkins Proxmox Plugin 0.7.0 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified host using attacker-specified username... |
| CVE-2022-28145 | 2022-03-29 | Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier does not apply Content-Security-Policy headers to report files it serves, resulting in a stored cross-site scripting (XSS) exploitable by attackers... |
| CVE-2022-28146 | 2022-03-29 | Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier allows attackers with Item/Configure permission to read arbitrary files on the Jenkins controller by specifying an input folder on the... |
| CVE-2022-28147 | 2022-03-29 | A missing permission check in Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path... |
| CVE-2022-28148 | 2022-03-29 | The file browser in Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier may interpret some paths to files as absolute on Windows, resulting in a path traversal vulnerability... |
| CVE-2022-28149 | 2022-03-29 | Jenkins Job and Node ownership Plugin 0.13.0 and earlier does not escape the names of the secondary owners, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with... |
| CVE-2022-28150 | 2022-03-29 | A cross-site request forgery (CSRF) vulnerability in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers to change the owners and item-specific permissions of a job. |
| CVE-2022-28151 | 2022-03-29 | A missing permission check in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers with Item/Read permission to change the owners and item-specific permissions of a job. |
| CVE-2022-28152 | 2022-03-29 | A cross-site request forgery (CSRF) vulnerability in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers to restore the default ownership of a job. |
| CVE-2022-28153 | 2022-03-29 | Jenkins SiteMonitor Plugin 0.6 and earlier does not escape URLs of sites to monitor in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. |
| CVE-2022-28154 | 2022-03-29 | Jenkins Coverage/Complexity Scatter Plot Plugin 1.1.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. |
| CVE-2022-28155 | 2022-03-29 | Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. |
| CVE-2022-28156 | 2022-03-29 | Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier allows attackers with Item/Configure permission to copy arbitrary files and directories from the Jenkins controller to the agent workspace. |
| CVE-2022-28157 | 2022-03-29 | Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier allows attackers with Item/Configure permission to upload arbitrary files from the Jenkins controller via FTP to an attacker-specified FTP server. |
| CVE-2022-28158 | 2022-03-29 | A missing permission check in Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. |
| CVE-2022-28159 | 2022-03-29 | Jenkins Tests Selector Plugin 1.3.3 and earlier does not escape the Properties File Path option for Choosing Tests parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers... |
| CVE-2022-28160 | 2022-03-29 | Jenkins Tests Selector Plugin 1.3.3 and earlier allows users with Item/Configure permission to read arbitrary files on the Jenkins controller. |
| CVE-2022-1055 | 2022-03-29 | Use after Free in tc_new_tfilter allowing for privilege escalation in Linux Kernel |
| CVE-2021-22572 | 2022-03-29 | Data-transfer-project information disclosure via tmp directory |
| CVE-2022-0343 | 2022-03-29 | Local Priviledge escalation in Perfetto Dev scripts |
| CVE-2021-43701 | 2022-03-29 | CSZ CMS 1.2.9 has a Time and Boolean-based Blind SQL Injection vulnerability in the endpoint /admin/export/getcsv/article_db, via the fieldS[] and orderby parameters. |
| CVE-2021-44081 | 2022-03-29 | A buffer overflow vulnerability exists in the AMF of open5gs 2.1.4. When the length of MSIN in Supi exceeds 24 characters, it leads to AMF denial of service. |
| CVE-2022-26059 | 2022-03-29 | Delta Electronics DIAEnergie SQL Injection in GetQueryData |
| CVE-2022-25980 | 2022-03-29 | Delta Electronics DIAEnergie SQL Injection in HandlerCommon.ashx |
| CVE-2022-25347 | 2022-03-29 | Delta Electronics DIAEnergie Path Traversal |
| CVE-2022-26069 | 2022-03-29 | Delta Electronics DIAEnergie SQL Injection in HandlerPage_KID.ashx |
| CVE-2022-0923 | 2022-03-29 | Delta Electronics DIAEnergie SQL Injection in HandlerDialog_KID.ashx |
| CVE-2022-25880 | 2022-03-29 | Delta Electronics DIAEnergie SQL Injection in DIAE_hierarchyHandler.ashx |
| CVE-2022-26013 | 2022-03-29 | Delta Electronics DIAEnergie SQL Injection in DIAE_dmdsetHandler.ashx |
| CVE-2022-26065 | 2022-03-29 | Delta Electronics DIAEnergie SQL Injection in GetLatestDemandNode and GetDemandAnalysisData |
| CVE-2022-26349 | 2022-03-29 | Delta Electronics DIAEnergie SQL Injection in DIAE_eccoefficientHandler.ashx |
| CVE-2022-26836 | 2022-03-29 | Delta Electronics DIAEnergie SQL Injection in HandlerExport.ashx/Calendar.ashx |
| CVE-2022-26887 | 2022-03-29 | Delta Electronics DIAEnergie SQL Injection in DIAE_HandlerTag_KID.ashx |
| CVE-2022-26666 | 2022-03-29 | Delta Electronics DIAEnergie SQL Injection in HandlerDialogECC.ashx |
| CVE-2022-26514 | 2022-03-29 | Delta Electronics DIAEnergie SQL Injection in DIAE_tagHandler.ashx |
| CVE-2022-26338 | 2022-03-29 | Delta Electronics DIAEnergie SQL Injection in DIAE_hierarchyHandler.ashx |
| CVE-2022-26667 | 2022-03-29 | Delta Electronics DIAEnergie SQL Injection in GetDemandAnalysisData |
| CVE-2022-26839 | 2022-03-29 | Delta Electronics DIAEnergie Incorrect Default Permissions |
| CVE-2022-27175 | 2022-03-29 | Delta Electronics DIAEnergie SQL Injection in GetCalcTagList |
| CVE-2021-42970 | 2022-03-29 | Cross Site Scripting (XSS) vulnerability exists in cxuucms v3 via the imgurl of /feedback/post/ content parameter. |
| CVE-2022-22948 | 2022-03-29 | The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative access to the vCenter Server may exploit this issue to gain... |
| CVE-2022-1122 | 2022-03-29 | A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate... |
| CVE-2021-43109 | 2022-03-29 | An SQL Injection vulnerability exits in PuneethReddyHC online-shopping-system as of 11/01/2021 via the p parameter in product.php. |
| CVE-2021-43110 | 2022-03-29 | An Access Conrol vulnerability exists in PuneethReddyHC online-shopping-system as of 11/01/2021 in add_products. |
| CVE-2021-42911 | 2022-03-29 | A Format String vulnerability exists in DrayTek Vigor 2960 <= 1.5.1.3, DrayTek Vigor 3900 <= 1.5.1.3, and DrayTek Vigor 300B <= 1.5.1.3 in the mainfunction.cgi file via a crafted HTTP... |
| CVE-2021-43118 | 2022-03-29 | A Remote Command Injection vulnerability exists in DrayTek Vigor 2960 1.5.1.3, DrayTek Vigor 3900 1.5.1.3, and DrayTek Vigor 300B 1.5.1.3 via a crafted HTTP message containing malformed QUERY STRING in... |
| CVE-2022-21821 | 2022-03-29 | NVIDIA CUDA Toolkit SDK contains an integer overflow vulnerability in cuobjdump.To exploit this vulnerability, a remote attacker would require a local user to download a specially crafted, corrupted file and... |
| CVE-2022-26871 | 2022-03-29 | An arbitrary file upload vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to upload an arbitrary file which could lead to remote code execution. |
| CVE-2021-44082 | 2022-03-29 | textpattern 4.8.7 is vulnerable to Cross Site Scripting (XSS) via /textpattern/index.php,Body. A remote and unauthenticated attacker can use XSS to trigger remote code execution by uploading a webshell. To do... |
| CVE-2022-26244 | 2022-03-29 | A stored cross-site scripting (XSS) vulnerability in Hospital Patient Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the "special"... |
| CVE-2015-3298 | 2022-03-29 | Yubico ykneo-openpgp before 1.0.10 has a typo in which an invalid PIN can be used. When first powered up, a signature will be issued even though the PIN has not... |
| CVE-2022-27815 | 2022-03-29 | SWHKD 1.1.5 unsafely uses the /tmp/swhkd.pid pathname. There can be an information leak or denial of service. |
| CVE-2022-27432 | 2022-03-29 | A Cross-Site Request Forgery (CSRF) in Pluck CMS v4.7.15 allows attackers to change the password of any given user by exploiting this feature leading to account takeover. |
| CVE-2022-26947 | 2022-03-29 | Archer 6.x through 6.9 SP3 (6.9.3.0) contains a reflected XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability by tricking a victim application user into supplying... |
| CVE-2022-26948 | 2022-03-29 | The Archer RSS feed integration for Archer 6.x through 6.9 SP1 (6.9.1.0) is affected by an insecure credential storage vulnerability. A malicious attacker may obtain access to credential information to... |
| CVE-2022-26949 | 2022-03-29 | Archer 6.x through 6.9 SP2 P1 (6.9.2.1) contains an improper access control vulnerability on attachments. A remote authenticated malicious user could potentially exploit this vulnerability to gain access to files... |
| CVE-2022-26950 | 2022-03-29 | Archer 6.x through 6.9 P2 (6.9.0.2) is affected by an open redirect vulnerability. A remote unprivileged attacker may potentially redirect legitimate users to arbitrary web sites and conduct phishing attacks.... |
| CVE-2022-26951 | 2022-03-29 | Archer 6.x through 6.10 (6.10.0.0) contains a reflected XSS vulnerability. A remote SAML-unauthenticated malicious Archer user could potentially exploit this vulnerability by tricking a victim application user into supplying malicious... |
| CVE-2021-41594 | 2022-03-29 | In RSA Archer 6.9.SP1 P3, if some application functions are precluded by the Administrator, this can be bypassed by intercepting the API request at the /api/V2/internal/TaskPermissions/CheckTaskAccess endpoint. If the parameters... |
| CVE-2020-35501 | 2022-03-30 | A flaw was found in the Linux kernels implementation of audit rules, where a syscall can unexpectedly not be correctly not be logged by the audit subsystem |
| CVE-2022-1154 | 2022-03-30 | Use after free in utf_ptr2char in vim/vim |
| CVE-2022-1160 | 2022-03-30 | heap buffer overflow in get_one_sourceline in vim/vim |
| CVE-2022-28202 | 2022-03-30 | An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. The widthheight, widthheightpage, and nbytes properties of messages are not escaped when used in... |
| CVE-2022-28205 | 2022-03-30 | An issue was discovered in MediaWiki through 1.37.1. The CentralAuth extension mishandles a ttl issue for groups expiring in the future. |
| CVE-2022-28206 | 2022-03-30 | An issue was discovered in MediaWiki through 1.37.1. ImportPlanValidator.php in the FileImporter extension mishandles the check for edit rights. |
| CVE-2022-28209 | 2022-03-30 | An issue was discovered in Mediawiki through 1.37.1. The check for the override-antispoof permission in the AntiSpoof extension is incorrect. |
| CVE-2022-24763 | 2022-03-30 | Infinite Loop in PJSIP |
| CVE-2020-24771 | 2022-03-30 | Incorrect access control in NexusPHP 1.5.beta5.20120707 allows unauthorized attackers to access published content. |
| CVE-2020-24770 | 2022-03-30 | SQL injection vulnerability in modrules.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| CVE-2020-24769 | 2022-03-30 | SQL injection vulnerability in takeconfirm.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the classes parameter. |