Lista CVE - 2022 / Aprile
Visualizzazione 201 - 300 di 2039 CVE per Aprile 2022 (Pagina 3 di 21)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2021-33008 | 2022-04-04 | AVEVA System Platform Missing Authentication for Critical Function |
| CVE-2021-32980 | 2022-04-04 | Automation Direct CLICK PLC CPU Modules Authentication Bypass Using an Alternate Path or Channel |
| CVE-2021-32978 | 2022-04-04 | Automation Direct CLICK PLC CPU Modules Plaintext Storage of a Password |
| CVE-2021-32984 | 2022-04-04 | Automation Direct CLICK PLC CPU Modules Authentication Bypass Using an Alternate Path or Channel |
| CVE-2021-32986 | 2022-04-04 | Automation Direct CLICK PLC CPU Modules Authentication Bypass Using an Alternate Path or Channel |
| CVE-2021-32982 | 2022-04-04 | Automation Direct CLICK PLC CPU Modules Cleartext Transmission of Sensitive Information |
| CVE-2021-32994 | 2022-04-04 | Softing OPC-UA C++ SDK Improper Restriction of Operations within the Bounds of a Memory Buffer |
| CVE-2022-0740 | 2022-04-04 | Incorrect authorization in the Asana integration's branch restriction feature in all versions of GitLab CE/EE starting from version 7.8.0 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions... |
| CVE-2022-1189 | 2022-04-04 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.2 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2... |
| CVE-2022-1100 | 2022-04-04 | A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions from 13.1 prior to 14.7.7, 14.8.0 prior to 14.8.5, and 14.9.0 prior to 14.9.2. The api to update... |
| CVE-2022-1099 | 2022-04-04 | Adding a very large number of tags to a runner in GitLab CE/EE affecting all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an... |
| CVE-2022-1105 | 2022-04-04 | An improper access control vulnerability in GitLab CE/EE affecting all versions from 13.11 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an unauthorized user to... |
| CVE-2022-1188 | 2022-04-04 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.1 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2... |
| CVE-2022-1174 | 2022-04-04 | A potential DoS vulnerability was discovered in Gitlab CE/EE versions 13.7 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 allowed an attacker... |
| CVE-2022-1120 | 2022-04-04 | Missing filtering in an error message in GitLab CE/EE affecting all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 exposed sensitive information when an include... |
| CVE-2022-1185 | 2022-04-04 | A denial of service vulnerability when rendering RDoc files in GitLab CE/EE versions 10 to 14.7.7, 14.8.0 to 14.8.5, and 14.9.0 to 14.9.2 allows an attacker to crash the GitLab... |
| CVE-2022-1111 | 2022-04-04 | A business logic error in Project Import in GitLab CE/EE versions 14.9 prior to 14.9.2, 14.8 prior to 14.8.5, and 14.0 prior to 14.7.7 under certain conditions caused imported projects... |
| CVE-2022-1121 | 2022-04-04 | A lack of appropriate timeouts in GitLab Pages included in GitLab CE/EE all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an attacker to... |
| CVE-2022-1148 | 2022-04-04 | Improper authorization in GitLab Pages included with GitLab CE/EE affecting all versions from 11.5 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowed an attacker to... |
| CVE-2022-1162 | 2022-04-04 | A hardcoded password was set for accounts registered using an OmniAuth provider (e.g. OAuth, LDAP, SAML) in GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9... |
| CVE-2022-1175 | 2022-04-04 | Improper neutralization of user input in GitLab CE/EE versions 14.4 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 allowed an attacker to... |
| CVE-2022-1190 | 2022-04-04 | Improper handling of user input in GitLab CE/EE versions 8.3 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowed an attacker to exploit a stored XSS... |
| CVE-2022-25613 | 2022-04-04 | WordPress FV Flowplayer Video Player plugin <= 7.5.18.727 - Authenticated Persistent Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-25618 | 2022-04-04 | WordPress wpDataTables plugin <= 2.1.27 - Stored Cross-Site Scripting (XSS) vulnerability |
| CVE-2021-36851 | 2022-04-04 | WordPress Testimonial Slider plugin <= 3.5.8.3 - Cross-Site Scripting (XSS) vulnerability |
| CVE-2021-36826 | 2022-04-04 | WordPress WP Project Manager plugin <= 2.4.13 - Stored Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-27441 | 2022-04-04 | A stored cross-site scripting (XSS) vulnerability in TPCMS v3.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Phone text box. |
| CVE-2022-27442 | 2022-04-04 | TPCMS v3.2 allows attackers to access the ThinkPHP log directory and obtain sensitive information such as the administrator's user name and password. |
| CVE-2022-0603 | 2022-04-04 | Use after free in File Manager in Google Chrome on Chrome OS prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2022-0604 | 2022-04-04 | Heap buffer overflow in Tab Groups in Google Chrome prior to 98.0.4758.102 allowed an attacker who convinced a user to install a malicious extension and engage in specific user interaction... |
| CVE-2022-0605 | 2022-04-04 | Use after free in Webstore API in Google Chrome prior to 98.0.4758.102 allowed an attacker who convinced a user to install a malicious extension and convinced a user to enage... |
| CVE-2022-0606 | 2022-04-04 | Use after free in ANGLE in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2022-0607 | 2022-04-04 | Use after free in GPU in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2022-0608 | 2022-04-04 | Integer overflow in Mojo in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2022-0609 | 2022-04-04 | Use after free in Animation in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2022-0610 | 2022-04-04 | Inappropriate implementation in Gamepad API in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2022-26356 | 2022-04-05 | Racy interactions between dirty vram tracking and paging log dirty hypercalls Activation of log dirty mode done by XEN_DMOP_track_dirty_vram (was named HVMOP_track_dirty_vram before Xen 4.9) is racy with ongoing log... |
| CVE-2022-26357 | 2022-04-05 | race in VT-d domain ID cleanup Xen domain IDs are up to 15 bits wide. VT-d hardware may allow for only less than 15 bits to hold a domain ID... |
| CVE-2022-26358 | 2022-04-05 | IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in... |
| CVE-2022-26359 | 2022-04-05 | IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in... |
| CVE-2022-26360 | 2022-04-05 | IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in... |
| CVE-2022-26361 | 2022-04-05 | IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in... |
| CVE-2022-26982 | 2022-04-05 | SimpleMachinesForum 2.1.1 and earlier allows remote authenticated administrators to execute arbitrary code by inserting a vulnerable php code because the themes can be modified by an administrator. NOTE: the vendor's... |
| CVE-2022-26986 | 2022-04-05 | SQL Injection in ImpressCMS 1.4.3 and earlier allows remote attackers to inject into the code in unintended way, this allows an attacker to read and modify the sensitive information from... |
| CVE-2022-24795 | 2022-04-05 | Buffer Overflow and Integer Overflow in yajl-ruby |
| CVE-2022-23732 | 2022-04-05 | Path traversal in GitHub Enterprise Server management console leading to a bypass of CSRF protections |
| CVE-2022-26585 | 2022-04-05 | Mingsoft MCMS v5.2.7 was discovered to contain a SQL injection vulnerability via /cms/content/list. |
| CVE-2022-0789 | 2022-04-05 | Heap buffer overflow in ANGLE in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2022-0790 | 2022-04-05 | Use after free in Cast UI in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially perform a... |
| CVE-2022-0791 | 2022-04-05 | Use after free in Omnibox in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption... |
| CVE-2022-0792 | 2022-04-05 | Out of bounds read in ANGLE in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2022-0793 | 2022-04-05 | Use after free in Cast in Google Chrome prior to 99.0.4844.51 allowed an attacker who convinced a user to install a malicious extension and engage in specific user interaction to... |
| CVE-2022-0794 | 2022-04-05 | Use after free in WebShare in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption... |
| CVE-2022-0795 | 2022-04-05 | Type confusion in Blink Layout in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2022-0796 | 2022-04-05 | Use after free in Media in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2022-0797 | 2022-04-05 | Out of bounds memory access in Mojo in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. |
| CVE-2022-0798 | 2022-04-05 | Use after free in MediaStream in Google Chrome prior to 99.0.4844.51 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a... |
| CVE-2022-0799 | 2022-04-05 | Insufficient policy enforcement in Installer in Google Chrome on Windows prior to 99.0.4844.51 allowed a remote attacker to perform local privilege escalation via a crafted offline installer file. |
| CVE-2022-0800 | 2022-04-05 | Heap buffer overflow in Cast UI in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap... |
| CVE-2022-0802 | 2022-04-05 | Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 99.0.4844.51 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted... |
| CVE-2022-0803 | 2022-04-05 | Inappropriate implementation in Permissions in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to tamper with the contents of the Omnibox (URL bar) via a crafted HTML page. |
| CVE-2022-0804 | 2022-04-05 | Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 99.0.4844.51 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted... |
| CVE-2022-0805 | 2022-04-05 | Use after free in Browser Switcher in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap... |
| CVE-2022-0806 | 2022-04-05 | Data leak in Canvas in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in screen sharing to potentially leak cross-origin data via a... |
| CVE-2022-0807 | 2022-04-05 | Inappropriate implementation in Autofill in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. |
| CVE-2022-0808 | 2022-04-05 | Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in a series of... |
| CVE-2022-0809 | 2022-04-05 | Out of bounds memory access in WebXR in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2022-26619 | 2022-04-05 | Halo Blog CMS v1.4.17 was discovered to allow attackers to upload arbitrary files via the Attachment Upload function. |
| CVE-2022-0452 | 2022-04-05 | Use after free in Safe Browsing in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. |
| CVE-2022-0453 | 2022-04-05 | Use after free in Reader Mode in Google Chrome prior to 98.0.4758.80 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted... |
| CVE-2022-0454 | 2022-04-05 | Heap buffer overflow in ANGLE in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2022-0455 | 2022-04-05 | Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 98.0.4758.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted... |
| CVE-2022-0456 | 2022-04-05 | Use after free in Web Search in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via profile destruction. |
| CVE-2022-0457 | 2022-04-05 | Type confusion in V8 in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2022-0458 | 2022-04-05 | Use after free in Thumbnail Tab Strip in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2022-0459 | 2022-04-05 | Use after free in Screen Capture in Google Chrome prior to 98.0.4758.80 allowed a remote attacker who had compromised the renderer process and convinced a user to engage in specific... |
| CVE-2022-0460 | 2022-04-05 | Use after free in Window Dialogue in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2022-0461 | 2022-04-05 | Policy bypass in COOP in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to bypass iframe sandbox via a crafted HTML page. |
| CVE-2022-0462 | 2022-04-05 | Inappropriate implementation in Scroll in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |
| CVE-2022-0463 | 2022-04-05 | Use after free in Accessibility in Google Chrome prior to 98.0.4758.80 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption... |
| CVE-2022-0464 | 2022-04-05 | Use after free in Accessibility in Google Chrome prior to 98.0.4758.80 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption... |
| CVE-2022-0465 | 2022-04-05 | Use after free in Extensions in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via user interaction. |
| CVE-2022-0466 | 2022-04-05 | Inappropriate implementation in Extensions Platform in Google Chrome prior to 98.0.4758.80 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via... |
| CVE-2022-0467 | 2022-04-05 | Inappropriate implementation in Pointer Lock in Google Chrome on Windows prior to 98.0.4758.80 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. |
| CVE-2022-0468 | 2022-04-05 | Use after free in Payments in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2022-0469 | 2022-04-05 | Use after free in Cast in Google Chrome prior to 98.0.4758.80 allowed a remote attacker who convinced a user to engage in specific interactions to potentially exploit heap corruption via... |
| CVE-2022-0470 | 2022-04-05 | Out of bounds memory access in V8 in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2022-25584 | 2022-04-05 | Seyeon Tech Co., Ltd FlexWATCH FW3170-PS-E Network Video System 4.23-3000_GY allows attackers to access sensitive information. |
| CVE-2021-45894 | 2022-04-05 | An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4. There is Cleartext Transmission of Sensitive Information. |
| CVE-2021-42324 | 2022-04-05 | An issue was discovered on DCN (Digital China Networks) S4600-10P-SI devices before R0241.0470. Due to improper parameter validation in the console interface, it is possible for a low-privileged authenticated attacker... |
| CVE-2021-45893 | 2022-04-05 | An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4. There is Improper Handling of Case Sensitivity, which makes password guessing easier. |
| CVE-2021-45892 | 2022-04-05 | An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4. There is storage of Passwords in a Recoverable Format. |
| CVE-2022-24231 | 2022-04-05 | Simple Student Information System v1.0 was discovered to contain a SQL injection vulnerability via add/Student. |
| CVE-2022-26615 | 2022-04-05 | A cross-site scripting (XSS) vulnerability in College Website Content Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the User Profile... |
| CVE-2021-44108 | 2022-04-05 | A null pointer dereference in src/amf/namf-handler.c in Open5GS 2.3.6 and earlier allows remote attackers to Denial of Service via a crafted sbi request to amf. |
| CVE-2021-44109 | 2022-04-05 | A buffer overflow in lib/sbi/message.c in Open5GS 2.3.6 and earlier allows remote attackers to Denial of Service via a crafted sbi request. |
| CVE-2021-45891 | 2022-04-05 | An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4., that allows attackers to escalate privileges within the application, since all permission checks are done client-side, not server-side. |
| CVE-2021-43008 | 2022-04-05 | Improper Access Control in Adminer versions 1.12.0 to 4.6.2 (fixed in version 4.6.3) allows an attacker to achieve Arbitrary File Read on the remote server by requesting the Adminer to... |
| CVE-2022-26281 | 2022-04-05 | BigAnt Server v5.6.06 was discovered to contain an incorrect access control issue. |
| CVE-2022-25356 | 2022-04-05 | Alt-N MDaemon Security Gateway through 8.5.0 allows SecurityGateway.dll?view=login XML Injection. |