Lista CVE - 2022 / Aprile
Visualizzazione 501 - 600 di 2039 CVE per Aprile 2022 (Pagina 6 di 21)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2022-1283 | 2022-04-08 | NULL Pointer Dereference in r_bin_ne_get_entrypoints function in radareorg/radare2 |
| CVE-2021-43498 | 2022-04-08 | An Access Control vulnerability exists in ATutor 2.2.4 in password_reminder.php when the g, id, h, form_password_hidden, and form_change HTTP POST parameters are set. |
| CVE-2022-1284 | 2022-04-08 | heap-use-after-free in radareorg/radare2 |
| CVE-2022-24821 | 2022-04-08 | Incorrect Use of Privileged APIs in org.xwiki.platform.skin.skinx |
| CVE-2022-24819 | 2022-04-08 | Unauthenticated user can retrieve the list of users through uorgsuggest.vm |
| CVE-2022-24820 | 2022-04-08 | Unauthenticated user can list hidden document from multiple velocity templates |
| CVE-2021-36287 | 2022-04-08 | Dell VNX2 for file version 8.1.21.266 and earlier, contain an unauthenticated remote code execution vulnerability which may lead unauthenticated users to execute commands on the system. |
| CVE-2021-36288 | 2022-04-08 | Dell VNX2 for File version 8.1.21.266 and earlier, contain a path traversal vulnerability which may lead unauthenticated users to read/write restricted files |
| CVE-2021-36290 | 2022-04-08 | Dell VNX2 for File version 8.1.21.266 and earlier, contain a privilege escalation vulnerability. A local malicious admin may potentially exploit vulnerability and gain privileges. |
| CVE-2021-36293 | 2022-04-08 | Dell VNX2 for File version 8.1.21.266 and earlier, contain a privilege escalation vulnerability. A local malicious admin may potentially exploit vulnerability and gain elevated privileges. |
| CVE-2022-22563 | 2022-04-08 | Dell EMC Powerscale OneFS 8.2.x - 9.2.x omit security-relevant information in /etc/master.passwd. A high-privileged user can exploit this vulnerability to not record information identifying the source of account information changes. |
| CVE-2022-24428 | 2022-04-08 | Dell PowerScale OneFS, versions 8.2.x, 9.0.0.x, 9.1.0.x, 9.2.0.x, 9.2.1.x, and 9.3.0.x, contain an improper preservation of privileges. A remote filesystem user with a local account could potentially exploit this vulnerability,... |
| CVE-2022-26851 | 2022-04-08 | Dell PowerScale OneFS, 8.2.2-9.3.x, contains a predictable file name from observable state vulnerability. An unprivileged network attacker could potentially exploit this vulnerability, leading to data loss. |
| CVE-2022-26852 | 2022-04-08 | Dell PowerScale OneFS, versions 8.2.x-9.3.x, contain a predictable seed in pseudo-random number generator. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to an account compromise. |
| CVE-2022-26854 | 2022-04-08 | Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain risky cryptographic algorithms. A remote unprivileged malicious attacker could potentially exploit this vulnerability, leading to full system access |
| CVE-2022-26855 | 2022-04-08 | Dell PowerScale OneFS, versions 8.2.x-9.3.0.x, contains an incorrect default permissions vulnerability. A local malicious user could potentially exploit this vulnerability, leading to a denial of service. |
| CVE-2021-43009 | 2022-04-08 | A Cross Site Scripting (XSS) vulnerability exists in OpServices OpMon through 9.11 via the search parameter in the request URL. |
| CVE-2022-26180 | 2022-04-08 | qdPM 9.2 allows Cross-Site Request Forgery (CSRF) via the index.php/myAccount/update URI. |
| CVE-2022-26588 | 2022-04-08 | A Cross-Site Request Forgery (CSRF) in IceHrm 31.0.0.OS allows attackers to delete arbitrary users or achieve account takeover via the app/service.php URI. |
| CVE-2022-28365 | 2022-04-09 | Reprise License Manager 14.2 is affected by an Information Disclosure vulnerability via a GET request to /goforms/rlminfo. No authentication is required. The information disclosed is associated with software versions, process... |
| CVE-2022-27883 | 2022-04-09 | A link following vulnerability in Trend Micro Antivirus for Mac 11.5 could allow an attacker to create a specially-crafted file as a symlink that can lead to privilege escalation. Please... |
| CVE-2022-26877 | 2022-04-09 | Asana Desktop before 1.6.0 allows remote attackers to exfiltrate local files if they can trick the Asana desktop app into loading a malicious web page. |
| CVE-2022-28363 | 2022-04-09 | Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability (XSS) in the /goform/login_process username parameter via GET. No authentication is required. |
| CVE-2022-28364 | 2022-04-09 | Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability (XSS) in the /goform/rlmswitchr_process file parameter via GET. Authentication is required. |
| CVE-2022-1287 | 2022-04-09 | School Club Application System resource injection |
| CVE-2022-1288 | 2022-04-09 | School Club Application System cross site scripting |
| CVE-2022-1276 | 2022-04-10 | Out-of-bounds Read in mrb_get_args in mruby/mruby |
| CVE-2022-1286 | 2022-04-10 | heap-buffer-overflow in mrb_vm_exec in mruby/mruby in mruby/mruby |
| CVE-2022-1289 | 2022-04-10 | tildearrow Furnace Incomplete Fix CVE-2022-1211 denial of service |
| CVE-2022-1290 | 2022-04-10 | Stored XSS in "Name", "Group Name" & "Title" in polonel/trudesk |
| CVE-2022-1291 | 2022-04-10 | XSS vulnerability with default `onCellHtmlData` function in hhurz/tableexport.jquery.plugin |
| CVE-2022-27295 | 2022-04-10 | D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formAdvanceSetup. This vulnerability allows attackers to cause a Denial of Service (DoS) via the webpage parameter. |
| CVE-2022-27294 | 2022-04-10 | D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formWlanWizardSetup. This vulnerability allows attackers to cause a Denial of Service (DoS) via the webpage parameter. |
| CVE-2022-27293 | 2022-04-10 | D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formWlanSetup. This vulnerability allows attackers to cause a Denial of Service (DoS) via the webpage parameter. |
| CVE-2022-27291 | 2022-04-10 | D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formdumpeasysetup. This vulnerability allows attackers to cause a Denial of Service (DoS) via the config.save_network_enabled parameter. |
| CVE-2022-27292 | 2022-04-10 | D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formLanguageChange. This vulnerability allows attackers to cause a Denial of Service (DoS) via the nextPage parameter. |
| CVE-2022-27290 | 2022-04-10 | D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formSetWanDhcpplus. This vulnerability allows attackers to cause a Denial of Service (DoS) via the curTime parameter. |
| CVE-2022-27289 | 2022-04-10 | D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formSetWanL2TP. This vulnerability allows attackers to cause a Denial of Service (DoS) via the curTime parameter. |
| CVE-2022-27287 | 2022-04-10 | D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formSetWanPPPoE. This vulnerability allows attackers to cause a Denial of Service (DoS) via the curTime parameter. |
| CVE-2022-27288 | 2022-04-10 | D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formSetWanPPTP. This vulnerability allows attackers to cause a Denial of Service (DoS) via the curTime parameter. |
| CVE-2022-27286 | 2022-04-10 | D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formSetWanNonLogin. This vulnerability allows attackers to cause a Denial of Service (DoS) via the curTime parameter. |
| CVE-2022-27280 | 2022-04-10 | InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the web_exec parameter at /apply.cgi. |
| CVE-2022-27279 | 2022-04-10 | InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain an arbitrary file read via the function sub_177E0. |
| CVE-2022-27276 | 2022-04-10 | InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_10F2C. This vulnerability is triggered via a crafted... |
| CVE-2022-27277 | 2022-04-10 | InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain an arbitrary file deletion vulnerability via the function sub_17C08. |
| CVE-2022-27274 | 2022-04-10 | InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_12028. This vulnerability is triggered via a crafted... |
| CVE-2022-27275 | 2022-04-10 | InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_122D0. This vulnerability is triggered via a crafted... |
| CVE-2022-27272 | 2022-04-10 | InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_1791C. This vulnerability is triggered via a crafted... |
| CVE-2022-27273 | 2022-04-10 | InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_12168. This vulnerability is triggered via a crafted... |
| CVE-2022-27270 | 2022-04-10 | InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the component ipsec_secrets. This vulnerability is triggered via a crafted... |
| CVE-2022-27271 | 2022-04-10 | InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the component python-lib. This vulnerability is triggered via a crafted... |
| CVE-2022-27268 | 2022-04-10 | InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the component get_cgi_from_memory. This vulnerability is triggered via a crafted... |
| CVE-2022-27269 | 2022-04-10 | InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the component config_ovpn. This vulnerability is triggered via a crafted... |
| CVE-2022-27133 | 2022-04-10 | zbzcms v1.0 was discovered to contain an arbitrary file deletion vulnerability via /include/up.php. |
| CVE-2022-27131 | 2022-04-10 | An arbitrary file upload vulnerability at /zbzedit/php/zbz.php in zbzcms v1.0 allows attackers to execute arbitrary code via a crafted PHP file. |
| CVE-2022-27129 | 2022-04-10 | An arbitrary file upload vulnerability at /admin/ajax.php in zbzcms v1.0 allows attackers to execute arbitrary code via a crafted PHP file. |
| CVE-2022-27127 | 2022-04-10 | zbzcms v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php/ajax.php. |
| CVE-2022-27128 | 2022-04-10 | An incorrect access control issue at /admin/run_ajax.php in zbzcms v1.0 allows attackers to arbitrarily add administrator accounts. |
| CVE-2022-27126 | 2022-04-10 | zbzcms v1.0 was discovered to contain a SQL injection vulnerability via the art parameter at /include/make.php. |
| CVE-2022-27125 | 2022-04-10 | zbzcms v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the neirong parameter at /php/ajax.php. |
| CVE-2022-27476 | 2022-04-10 | A cross-site scripting (XSS) vulnerability at /admin/goods/update in Newbee-Mall v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the goodsName parameter. |
| CVE-2022-27958 | 2022-04-10 | Insecure permissions configured in the userid parameter at /user/getuserprofile of FEBS-Security v1.0 allows attackers to access and arbitrarily modify users' personal information. |
| CVE-2022-27477 | 2022-04-10 | Newbee-Mall v1.0.0 was discovered to contain an arbitrary file upload via the Upload function at /admin/goods/edit. |
| CVE-2022-27960 | 2022-04-10 | Insecure permissions configured in the user_id parameter at SysUserController.java of OFCMS v1.1.4 allows attackers to access and arbitrarily modify users' personal information. |
| CVE-2022-27961 | 2022-04-10 | A cross-site scripting (XSS) vulnerability at /ofcms/company-c-47 in OFCMS v1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment text box. |
| CVE-2022-24836 | 2022-04-11 | Inefficient Regular Expression Complexity in Nokogiri |
| CVE-2022-25794 | 2022-04-11 | An Out-Of-Bounds Read Vulnerability in Autodesk FBX Review version 1.5.2 and prior may lead to code execution through maliciously crafted ActionScript Byte Code 'ABC' files or information disclosure. ABC files... |
| CVE-2022-28893 | 2022-04-11 | The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state. |
| CVE-2021-32156 | 2022-04-11 | A cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs feature. |
| CVE-2021-32157 | 2022-04-11 | A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs feature. |
| CVE-2021-32158 | 2022-04-11 | A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Upload and Download feature. |
| CVE-2021-32159 | 2022-04-11 | A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 via the Upload and Download feature. |
| CVE-2021-32160 | 2022-04-11 | A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 through the Add Users feature. |
| CVE-2021-32161 | 2022-04-11 | A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 through the File Manager feature. |
| CVE-2021-32162 | 2022-04-11 | A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 through the File Manager feature. |
| CVE-2022-0936 | 2022-04-11 | Cross-site Scripting (XSS) - Stored in autolab/autolab |
| CVE-2022-1045 | 2022-04-11 | Stored XSS viva .svg file upload in polonel/trudesk |
| CVE-2022-1252 | 2022-04-11 | Use of a Broken or Risky Cryptographic Algorithm in gnuboard/gnuboard5 |
| CVE-2022-1295 | 2022-04-11 | Prototype Pollution in alvarotrigo/fullpage.js |
| CVE-2022-1296 | 2022-04-11 | Out-of-bounds read in `r_bin_ne_get_relocs` function in radareorg/radare2 |
| CVE-2022-1297 | 2022-04-11 | Out-of-bounds Read in r_bin_ne_get_entrypoints function in radareorg/radare2 |
| CVE-2022-0556 | 2022-04-11 | A local privilege escalation vulnerability caused by incorrect permission assignment in some directories of the Zyxel AP Configurator (ZAC) version 1.1.4, which could allow an attacker to execute arbitrary code... |
| CVE-2022-26413 | 2022-04-11 | A command injection vulnerability in the CGI program of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0 could allow a local authenticated attacker to execute arbitrary OS commands on a vulnerable device via... |
| CVE-2022-26414 | 2022-04-11 | A potential buffer overflow vulnerability was identified in some internal functions of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0, which could be exploited by a local authenticated attacker to cause a denial... |
| CVE-2022-27041 | 2022-04-11 | Due to lack of protection, parameter student_id in OpenSIS Classic 8.0 /modules/eligibility/Student.php can be used to inject SQL queries to extract information from databases. |
| CVE-2022-27089 | 2022-04-11 | In Fujitsu PlugFree Network <= 7.3.0.3, an Unquoted service path in PFNService.exe software allows a local attacker to potentially escalate privileges to system level. |
| CVE-2022-27088 | 2022-04-11 | Ivanti DSM Remote <= 6.3.1.1862 is vulnerable to an unquoted service path allowing local users to launch processes with elevated privileges. |
| CVE-2022-27115 | 2022-04-11 | In Studio-42 elFinder 2.1.60, there is a vulnerability that causes remote code execution through file name bypass for file upload. |
| CVE-2022-27156 | 2022-04-11 | Daylight Studio Fuel CMS 1.5.1 is vulnerable to HTML Injection. |
| CVE-2021-24986 | 2022-04-11 | Post Grid < 2.1.16 - Reflected Cross-Site Scripting via keyword |
| CVE-2021-24987 | 2022-04-11 | Super Socializer < 7.13.30 - Reflected Cross-Site Scripting |
| CVE-2021-25090 | 2022-04-11 | GridKit Portfolio < 2.1.0 - Subscriber+ Stored Cross-Site Scripting |
| CVE-2022-0246 | 2022-04-11 | iQ Block Country < 1.2.13 - Admin+ Arbitrary File Deletion via Zip Slip |
| CVE-2022-0271 | 2022-04-11 | LearnPress < 4.1.6 - Reflected Cross-Site Scripting |
| CVE-2022-0314 | 2022-04-11 | Nimble Page Builder < 3.2.2 - Reflected Cross-Site Scripting |
| CVE-2022-0447 | 2022-04-11 | Post Grid < 2.1.16 - Reflected Cross-Site Scripting via post_types |
| CVE-2022-0471 | 2022-04-11 | Favicon by RealFaviconGenerator < 1.3.23 - Reflected Cross-Site Scripting |
| CVE-2022-0531 | 2022-04-11 | WPvivid Backup and Migration Plugin < 0.9.70 - Reflected Cross-Site Scripting |
| CVE-2022-0728 | 2022-04-11 | Easy Smooth Scroll Links < 2.23.1 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-0828 | 2022-04-11 | Download Manager < 3.2.39 - Unauthenticated brute force of files master key |