Lista CVE - 2022 / Aprile
Visualizzazione 101 - 200 di 2039 CVE per Aprile 2022 (Pagina 2 di 21)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2022-25160 | 2022-04-01 | Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series... |
| CVE-2022-1201 | 2022-04-02 | NULL Pointer Dereference in mrb_vm_exec with super in mruby/mruby |
| CVE-2022-28352 | 2022-04-02 | WeeChat (aka Wee Enhanced Environment for Chat) 3.2 to 3.4 before 3.4.1 does not properly verify the TLS certificate of the server, after certain GnuTLS options are changed, which allows... |
| CVE-2022-28355 | 2022-04-02 | randomUUID in Scala.js before 1.10.0 generates predictable values. |
| CVE-2022-28356 | 2022-04-02 | In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c. |
| CVE-2022-28368 | 2022-04-03 | Dompdf 1.2.1 allows remote code execution via a .php file in the src:url field of an @font-face Cascading Style Sheets (CSS) statement (within an HTML input file). |
| CVE-2022-1210 | 2022-04-03 | LibTIFF tiff2ps resource consumption |
| CVE-2022-28376 | 2022-04-03 | Verizon 5G Home LVSKIHP outside devices through 2022-02-15 allow anyone (knowing the device's serial number) to access a CPE admin website, e.g., at the 10.0.0.1 IP address. The password (for... |
| CVE-2022-0088 | 2022-04-03 | Cross-Site Request Forgery (CSRF) in yourls/yourls |
| CVE-2022-1211 | 2022-04-03 | tildearrow Furnace FUR to VGM Converter stack-based overflow |
| CVE-2022-28378 | 2022-04-03 | Craft CMS before 3.7.29 allows XSS. |
| CVE-2022-28379 | 2022-04-03 | jc21.com Nginx Proxy Manager before 2.9.17 allows XSS during item deletion. |
| CVE-2022-28380 | 2022-04-03 | The rc-httpd component through 2022-03-31 for 9front (Plan 9 fork) allows ..%2f directory traversal if serve-static is used. |
| CVE-2022-0405 | 2022-04-03 | Improper Access Control in janeczku/calibre-web |
| CVE-2022-28381 | 2022-04-03 | Mediaserver.exe in ALLMediaServer 1.6 has a stack-based buffer overflow that allows remote attackers to execute arbitrary code via a long string to TCP port 888, a related issue to CVE-2017-17932. |
| CVE-2022-0406 | 2022-04-03 | Improper Authorization in janeczku/calibre-web |
| CVE-2022-28390 | 2022-04-03 | ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free. |
| CVE-2022-28389 | 2022-04-03 | mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free. |
| CVE-2022-28388 | 2022-04-03 | usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free. |
| CVE-2022-28391 | 2022-04-03 | BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible terminal. Alternatively, the attacker could... |
| CVE-2021-30061 | 2022-04-03 | On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, physically proximate attackers can execute code via a crafted file on a USB stick. |
| CVE-2021-30062 | 2022-04-03 | On Schneider Electric ConneXium Tofino OPCLSM TCSEFM0000 before 03.23 and Belden Tofino Xenon Security Appliance, crafted OPC packets can bypass the OPC enforcer. |
| CVE-2021-30063 | 2022-04-03 | On Schneider Electric ConneXium Tofino OPCLSM TCSEFM0000 before 03.23 and Belden Tofino Xenon Security Appliance, crafted OPC packets can cause an OPC enforcer denial of service. |
| CVE-2021-30064 | 2022-04-03 | On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, an SSH login can succeed with hardcoded default credentials (if the device is in... |
| CVE-2021-30065 | 2022-04-03 | On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, crafted ModBus packets can bypass the ModBus enforcer. NOTE: this issue exists because of... |
| CVE-2021-30066 | 2022-04-03 | On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, an arbitrary firmware image can be loaded because firmware signature verification (for a USB... |
| CVE-2022-26233 | 2022-04-03 | Barco Control Room Management through Suite 2.9 Build 0275 was discovered to be vulnerable to directory traversal, allowing attackers to access sensitive information and components. Requests must begin with the... |
| CVE-2022-26530 | 2022-04-03 | swaylock before 1.6 allows attackers to trigger a crash and achieve unlocked access to a Wayland compositor. |
| CVE-2022-27248 | 2022-04-03 | A directory traversal vulnerability in IdeaRE RefTree before 2021.09.17 allows remote authenticated users to download arbitrary .dwg files from a remote server by specifying an absolute or relative path when... |
| CVE-2022-27249 | 2022-04-03 | An unrestricted file upload vulnerability in IdeaRE RefTree before 2021.09.17 allows remote authenticated users to execute arbitrary code by using UploadDwg to upload a crafted aspx file to the web... |
| CVE-2022-1222 | 2022-04-04 | Inf loop in gpac/gpac |
| CVE-2022-24785 | 2022-04-04 | Path Traversal in Moment.js |
| CVE-2022-0939 | 2022-04-04 | Server-Side Request Forgery (SSRF) in janeczku/calibre-web |
| CVE-2022-24191 | 2022-04-04 | In HTMLDOC 1.9.14, an infinite loop in the gif_read_lzw function can lead to a pointer arbitrarily pointing to heap memory and resulting in a buffer overflow. |
| CVE-2022-1224 | 2022-04-04 | Improper Authorization in phpipam/phpipam |
| CVE-2022-1223 | 2022-04-04 | Incorrect Authorization in phpipam/phpipam |
| CVE-2022-1225 | 2022-04-04 | Incorrect Privilege Assignment in phpipam/phpipam |
| CVE-2021-33616 | 2022-04-04 | RSA Archer 6.x through 6.9 SP1 P4 (6.9.1.4) allows stored XSS. |
| CVE-2021-44138 | 2022-04-04 | There is a Directory traversal vulnerability in Caucho Resin, as distributed in Resin 4.0.52 - 4.0.56, which allows remote attackers to read files in arbitrary directories via a ; in... |
| CVE-2022-26616 | 2022-04-04 | PKP Vendor Open Journal System v2.4.8 to v3.3.8 allows attackers to perform reflected cross-site scripting (XSS) attacks via crafted HTTP headers. |
| CVE-2022-27435 | 2022-04-04 | An unrestricted file upload at /public/admin/index.php?add_product of Ecommerce-Website v1.1.0 allows attackers to upload a webshell via the Product Image component. |
| CVE-2022-27436 | 2022-04-04 | A cross-site scripting (XSS) vulnerability in /public/admin/index.php?add_user at Ecommerce-Website v1.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username text field. |
| CVE-2022-28062 | 2022-04-04 | Car Rental System v1.0 contains an arbitrary file upload vulnerability via the Add Car component which allows attackers to upload a webshell and execute arbitrary code. |
| CVE-2022-28063 | 2022-04-04 | Simple Bakery Shop Management System v1.0 contains a file disclosure via /bsms/?page=products. |
| CVE-2021-43454 | 2022-04-04 | An Unquoted Service Path vulnerability exists in AnyTXT Searcher 1.2.394 via a specially crafted file in the ATService path. . |
| CVE-2022-1026 | 2022-04-04 | Kyocera Net View Address Book Exposure |
| CVE-2021-43455 | 2022-04-04 | An Unquoted Service Path vulnerability exists in FreeLAN 2.2 via a specially crafted file in the FreeLAN Service path. |
| CVE-2021-43456 | 2022-04-04 | An Unquoted Service Path vulnerablility exists in Rumble Mail Server 0.51.3135 via via a specially crafted file in the RumbleService executable service path. |
| CVE-2021-43457 | 2022-04-04 | An Unquoted Service Path vulnerability exists in bVPN 2.5.1 via a specially crafted file in the waselvpnserv service path. |
| CVE-2021-43458 | 2022-04-04 | An Unquoted Service Path vulnerability exits in Vembu BDR 4.2.0.1 via a specially crafted file in the (1) hsflowd, (2) VembuBDR360Agent, or (3) VembuOffice365Agent service paths. |
| CVE-2021-43459 | 2022-04-04 | A Cross Site Scripting (XSS) vulnerability exists in Rumble Mail Server 0.51.3135 via the (1) domain and (2) path parameters. |
| CVE-2021-43460 | 2022-04-04 | An Unquoted Service Path vulnerability exists in System Explorer 7.0.0 via via a specially crafted file in the SystemExplorerHelpService service executable path. |
| CVE-2021-43461 | 2022-04-04 | Cross Site Scripting (XSS) vulnerability exists in Rumble Mail Server 0.51.3135 via the servername parameter. |
| CVE-2021-25048 | 2022-04-04 | KingComposer <= 2.9.6 - Subscriber+ Stored Cross-Site Scripting |
| CVE-2021-25113 | 2022-04-04 | Dropdown Menu Widget <= 1.9.7 - Subscriber+ Arbitrary Settings Update to Stored XSS |
| CVE-2022-0403 | 2022-04-04 | Library File Manager < 5.2.3 - Subscriber+ Arbitrary File Creation/Upload/Deletion |
| CVE-2022-0404 | 2022-04-04 | Material Design for Contact Form 7 <= 2.6.4 - Subscriber+ Arbitrary Settings Update leading to DoS |
| CVE-2022-0431 | 2022-04-04 | Google Pagespeed Insights < 4.0.4 - Reflected Cross-Site Scripting |
| CVE-2022-0537 | 2022-04-04 | MapPress Maps for WordPress < 2.73.13 - Admin+ File Upload to Remote Code Execution |
| CVE-2022-0709 | 2022-04-04 | Booking Package < 1.5.29 - Unauthenticated Sensitive Data Disclosure |
| CVE-2022-0825 | 2022-04-04 | Amelia < 1.0.49 - Customer+ Arbitrary Appointments Status Update |
| CVE-2022-0830 | 2022-04-04 | FormBuilder <= 1.08 - Stored Cross-Site Scripting via CSRF |
| CVE-2022-0837 | 2022-04-04 | Amelia < 1.0.48 - Customer+ SMS Service Abuse and Sensitive Data Disclosure |
| CVE-2022-0864 | 2022-04-04 | UpdraftPlus < 1.22.9 - Reflected Cross-Site Scripting |
| CVE-2022-0884 | 2022-04-04 | Profile Builder < 3.6.8 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-0887 | 2022-04-04 | Easy Social Icons < 3.1.4 - Admin+ SQL Injection |
| CVE-2022-0901 | 2022-04-04 | Ad Inserter < 2.7.12 - Reflected Cross-Site Scripting |
| CVE-2022-0958 | 2022-04-04 | Mark Posts < 2.0.1 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-1164 | 2022-04-04 | Wyzi < 2.4.3 - Reflected Cross-Site Scripting (XSS) |
| CVE-2022-1165 | 2022-04-04 | Blackhole for Bad Bots < 3.3.2 - Arbitrary IP Address Blocking via IP Spoofing |
| CVE-2022-1166 | 2022-04-04 | JobMonster < 4.6.6.1 - Directory Listing in Upload Folder |
| CVE-2022-1167 | 2022-04-04 | CareerUp < 2.3.1 - Unauthenticated Reflected Cross-Site Scripting |
| CVE-2022-1168 | 2022-04-04 | JobSearch < 1.5.1 - Unauthenticated Reflected Cross-Site Scripting (XSS) |
| CVE-2022-1169 | 2022-04-04 | Careerfy < 3.9.0 - Unauthenticated Reflected Cross-Site Scripting (XSS) |
| CVE-2022-1170 | 2022-04-04 | JobMonster < 4.5.2.9 - Unauthenticated Reflected Cross-Site Scripting |
| CVE-2021-43462 | 2022-04-04 | A Cross Site Scripting (XSS) vulnerability exists in Rumble Mail Server 0.51.3135 via the username parameter. |
| CVE-2021-43463 | 2022-04-04 | An Unquoted Service Path vulnerability exists in Ext2Fsd v0.68 via a specially crafted file in the Ext2Srv Service executable service path. |
| CVE-2020-28062 | 2022-04-04 | An Access Control vulnerability exists in HisiPHP 2.0.11 via special packets that are constructed in $files = Dir::getList($decompath. '/ Upload/Plugins /, which could let a remote malicious user execute arbitrary... |
| CVE-2022-25569 | 2022-04-04 | Bettini Srl GAMS Product Line v4.3.0 was discovered to re-use static SSH keys across installations, allowing unauthenticated attackers to login as root users via extracting a key from the software. |
| CVE-2022-24801 | 2022-04-04 | HTTP Request Smuggling in twisted.web |
| CVE-2021-43464 | 2022-04-04 | A Remiote Code Execution (RCE) vulnerability exiss in Subrion CMS 4.2.1 via modified code in a background field; when the information is modified, the data in it will be executed... |
| CVE-2022-24787 | 2022-04-04 | Incorrect Comparison in Vyper |
| CVE-2022-24813 | 2022-04-04 | Authentication Bypass Using an Alternate Path or Channel in CreateWiki |
| CVE-2022-24814 | 2022-04-04 | Cross-site Scripting in Directus |
| CVE-2022-0990 | 2022-04-04 | Server-Side Request Forgery (SSRF) in janeczku/calibre-web |
| CVE-2022-26572 | 2022-04-04 | Xerox ColorQube 8580 was discovered to contain an access control issue which allows attackers to print, view the status, and obtain sensitive information. |
| CVE-2022-1233 | 2022-04-04 | URL Confusion When Scheme Not Supplied in medialize/uri.js |
| CVE-2022-27608 | 2022-04-04 | Forcepoint One Endpoint prior to version 22.01 installed on Microsoft Windows is vulnerable to registry key tampering by users with Administrator privileges. This could result in a user disabling anti-tampering... |
| CVE-2022-27609 | 2022-04-04 | Forcepoint One Endpoint prior to version 22.01 installed on Microsoft Windows does not provide sufficient anti-tampering protection of services by users with Administrator privileges. This could result in a user... |
| CVE-2022-23697 | 2022-04-04 | A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView. |
| CVE-2022-23698 | 2022-04-04 | A remote unauthenticated disclosure of information vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView. |
| CVE-2022-23699 | 2022-04-04 | A local authentication restriction bypass vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView. |
| CVE-2022-23700 | 2022-04-04 | A local unauthorized read access to files vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView. |
| CVE-2022-27649 | 2022-04-04 | A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby (Docker Engine), where containers were started incorrectly with non-empty... |
| CVE-2022-27651 | 2022-04-04 | A flaw was found in buildah where containers were incorrectly started with non-empty default permissions. A bug was found in Moby (Docker Engine) where containers were incorrectly started with non-empty... |
| CVE-2022-27650 | 2022-04-04 | A flaw was found in crun where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers were started incorrectly with non-empty... |
| CVE-2021-32977 | 2022-04-04 | AVEVA System Platform Improper Verification of Cryptographic Signature |
| CVE-2021-33010 | 2022-04-04 | AVEVA System Platform Uncaught Exception |
| CVE-2021-32985 | 2022-04-04 | AVEVA System Platform Origin Validation Error |
| CVE-2021-32981 | 2022-04-04 | AVEVA System Platform Path Traversal |