Lista CVE - 2022 / Aprile
Visualizzazione 601 - 700 di 2039 CVE per Aprile 2022 (Pagina 7 di 21)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2022-0840 | 2022-04-11 | Easy Social Icons < 3.2.1 - Admin+ Stored Cross-Site Scripting in add icon |
| CVE-2022-0892 | 2022-04-11 | Export All URLs < 4.2 - Reflected Cross-Site Scripting |
| CVE-2022-0914 | 2022-04-11 | Export All URLs < 4.3 - Private/Draft Post/Page Title Disclosure via CSRF |
| CVE-2022-0919 | 2022-04-11 | Salon booking system < 7.6.3 - Unauthenticated Sensitive Data Disclosure |
| CVE-2022-0920 | 2022-04-11 | Salon booking system < 7.6.3 - Customer+ Bookings/Customers Data Disclosure |
| CVE-2022-0949 | 2022-04-11 | WP Block and Stop Bad Bots < 6.930 - Unauthenticated SQLi |
| CVE-2022-0969 | 2022-04-11 | Image optimization & Lazy Load < 3.3.2 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-0989 | 2022-04-11 | NS WooCommerce Watermark <= 2.11.3 - Abuse of Functionality |
| CVE-2022-1006 | 2022-04-11 | Advanced Booking Calendar < 1.7.1 - Admin+ SQLi |
| CVE-2022-1007 | 2022-04-11 | Advanced Booking Calendar < 1.7.1 - Reflected Cross-Site Scripting |
| CVE-2022-1008 | 2022-04-11 | One Click Demo Import < 3.1.0 - Admin+ Arbitrary File Upload |
| CVE-2022-1023 | 2022-04-11 | Podcast Importer SecondLine < 1.3.8 - Admin+ SQLi |
| CVE-2022-27111 | 2022-04-11 | Jfinal_CMS 5.1.0 allows attackers to use the feedback function to send malicious XSS code to the administrator backend and execute it. |
| CVE-2021-40219 | 2022-04-11 | Bolt CMS <= 4.2 is vulnerable to Remote Code Execution. Unsafe theme rendering allows an authenticated attacker to edit theme to inject server-side template injection that leads to remote code... |
| CVE-2021-37291 | 2022-04-11 | An SQL Injection vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 ivia the input_id POST parameter in index.php. |
| CVE-2021-37293 | 2022-04-11 | A Directory Traversal vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 via the page GET parameter in index.php. |
| CVE-2022-29035 | 2022-04-11 | In JetBrains Ktor Native before version 2.0.0 random values used for nonce generation weren't using SecureRandom implementations |
| CVE-2021-37292 | 2022-04-11 | An Access Control vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 due to an undocumented backdoor account. A malicious user can log in using the backdor... |
| CVE-2021-38929 | 2022-04-11 | IBM System Storage DS8000 Management Console (HMC) R8.5 88.5x.x.x, R9.1 89.1x.0.0, and R9.2 89.2x.0.0 could allow a remote attacker to obtain sensitive information through unpublished URLs. IBM X-Force ID: 210330. |
| CVE-2021-38930 | 2022-04-11 | IBM System Storage DS8000 Management Console (HMC) R8.5 88.5x.x.x, R9.1 89.1x.0.0, and R9.2 89.2x.0.0 could allow a remote attacker to obtain sensitive information through unpublished URLs. IBM X-Force ID: 210331. |
| CVE-2021-39068 | 2022-04-11 | IBM Curam Social Program Management 8.0.1 and 7.0.11 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended... |
| CVE-2021-43442 | 2022-04-11 | A Logic Flaw vulnerability exists in i3 International Inc Annexxus Camera V5.2.0 build 150317 (Ax46), V5.0.9 build 151106 (Ax68), and V5.0.9 build 150615 (Ax78) due to a failure to allow... |
| CVE-2022-24804 | 2022-04-11 | Private group name exposure in discourse |
| CVE-2022-24815 | 2022-04-11 | SQL Injection when creating an application with Reactive SQL backend |
| CVE-2021-36910 | 2022-04-11 | WordPress WP-Appbox plugin <= 4.3.20 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability |
| CVE-2021-36848 | 2022-04-11 | WordPress Social Media Feather plugin <= 2.0.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-25831 | 2022-04-11 | Improper access control vulnerability in S Secure prior to SMR Apr-2022 Release 1 allows physical attackers to access secured data in certain conditions. |
| CVE-2021-36896 | 2022-04-11 | WordPress Pricing Table plugin <= 1.5.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-25832 | 2022-04-11 | Improper authentication vulnerability in S Secure prior to SMR Apr-2022 Release 1 allows physical attackers to use locked Myfiles app without authentication. |
| CVE-2022-25833 | 2022-04-11 | Improper authentication in ImsService prior to SMR Apr-2022 Release 1 allows attackers to get IMSI without READ_PRIVILEGED_PHONE_STATE permission. |
| CVE-2022-26090 | 2022-04-11 | Improper access control vulnerability in SamsungContacts prior to SMR Apr-2022 Release 1 allows that attackers can access contact information without permission. |
| CVE-2022-26091 | 2022-04-11 | Improper access control vulnerability in Knox Manage prior to SMR Apr-2022 Release 1 allows that physical attackers can bypass Knox Manage using a function key of hardware keyboard. |
| CVE-2022-26092 | 2022-04-11 | Improper boundary check in Quram Agif library prior to SMR Apr-2022 Release 1 allows arbitrary code execution. |
| CVE-2022-26093 | 2022-04-11 | Null pointer dereference vulnerability in parser_irot function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker. |
| CVE-2022-26094 | 2022-04-11 | Null pointer dereference vulnerability in parser_auxC function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker. |
| CVE-2022-26095 | 2022-04-11 | Null pointer dereference vulnerability in parser_colr function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker. |
| CVE-2022-26096 | 2022-04-11 | Null pointer dereference vulnerability in parser_ispe function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker. |
| CVE-2022-26097 | 2022-04-11 | Null pointer dereference vulnerability in parser_unknown_property function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker. |
| CVE-2022-26098 | 2022-04-11 | Heap-based buffer overflow vulnerability in sheifd_create function of libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attackers. |
| CVE-2022-26099 | 2022-04-11 | Null pointer dereference vulnerability in parser_infe function of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds read by remote attackers. |
| CVE-2022-27567 | 2022-04-11 | Null pointer dereference vulnerability in parser_hvcC function of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attackers. |
| CVE-2022-27568 | 2022-04-11 | Heap-based buffer overflow vulnerability in parser_iloc function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker. |
| CVE-2022-27569 | 2022-04-11 | Heap-based buffer overflow vulnerability in parser_infe function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker. |
| CVE-2022-27570 | 2022-04-11 | Heap-based buffer overflow vulnerability in parser_single_iref function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker. |
| CVE-2022-27571 | 2022-04-11 | Heap-based buffer overflow vulnerability in sheifd_get_info_image function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker. |
| CVE-2022-27572 | 2022-04-11 | Heap-based buffer overflow vulnerability in parser_ipma function of libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attackers. |
| CVE-2022-27573 | 2022-04-11 | Improper input validation vulnerability in parser_infe and sheifd_find_itemIndexin fuctions of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by privileged attackers. |
| CVE-2022-27574 | 2022-04-11 | Improper input validation vulnerability in parser_iloc and sheifd_find_itemIndexin fuctions of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by privileged attacker. |
| CVE-2022-27575 | 2022-04-11 | Information exposure vulnerability in One UI Home prior to SMR April-2022 Release 1 allows to access currently launched foreground app information without permission. |
| CVE-2022-27576 | 2022-04-11 | Information exposure vulnerability in Samsung DeX Home prior to SMR April-2022 Release 1 allows to access currently launched foreground app information without permission |
| CVE-2022-27821 | 2022-04-11 | Improper boundary check in Quram Agif library prior to SMR Apr-2022 Release 1 allows attackers to cause denial of service via crafted image file. |
| CVE-2022-27822 | 2022-04-11 | Information exposure vulnerability in ril property setting prior to SMR April-2022 Release 1 allows access to EF_RUIMID value without permission. |
| CVE-2022-27823 | 2022-04-11 | Improper size check in sapefd_parse_meta_HEADER_old function of libsapeextractor library prior to SMR Apr-2022 Release 1 allows out of bounds read via a crafted media file. |
| CVE-2022-27824 | 2022-04-11 | Improper size check of in sapefd_parse_meta_DESCRIPTION function of libsapeextractor library prior to SMR Apr-2022 Release 1 allows out of bounds read via a crafted media file |
| CVE-2022-27825 | 2022-04-11 | Improper size check in sapefd_parse_meta_HEADER function of libsapeextractor library prior to SMR Apr-2022 Release 1 allows out of bounds read via a crafted media file. |
| CVE-2022-27826 | 2022-04-11 | Improper validation vulnerability in SemSuspendDialogInfo prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities. |
| CVE-2022-27827 | 2022-04-11 | Improper validation vulnerability in MediaMonitorDimension prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities. |
| CVE-2022-27828 | 2022-04-11 | Improper validation vulnerability in MediaMonitorEvent prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities. |
| CVE-2022-27829 | 2022-04-11 | Improper validation vulnerability in VerifyCredentialResponse prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities. |
| CVE-2022-27830 | 2022-04-11 | Improper validation vulnerability in SemBlurInfo prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities. |
| CVE-2022-27831 | 2022-04-11 | Improper boundary check in sflvd_rdbuf_bits of libsflvextractor prior to SMR Apr-2022 Release 1 allows attackers to read out of bounds memory. |
| CVE-2022-27832 | 2022-04-11 | Improper boundary check in media.extractor library prior to SMR Apr-2022 Release 1 allows attackers to cause denial of service via a crafted media file. |
| CVE-2022-27833 | 2022-04-11 | Improper input validation in DSP driver prior to SMR Apr-2022 Release 1 allows out-of-bounds write by integer overflow. |
| CVE-2022-27834 | 2022-04-11 | Use after free vulnerability in dsp_context_unload_graph function of DSP driver prior to SMR Apr-2022 Release 1 allows attackers to perform malicious actions. |
| CVE-2022-27835 | 2022-04-11 | Improper boundary check in UWB firmware prior to SMR Apr-2022 Release 1 allows arbitrary memory write. |
| CVE-2022-27836 | 2022-04-11 | Improper access control and path traversal vulnerability in Storage Manager and Storage Manager Service prior to SMR Apr-2022 Release 1 allow local attackers to access arbitrary system files without a... |
| CVE-2022-27837 | 2022-04-11 | A vulnerability using PendingIntent in Accessibility prior to version 12.5.3.2 in Android R(11.0) and 13.0.1.1 in Android S(12.0) allows attacker to access the file with system privilege. |
| CVE-2022-27838 | 2022-04-11 | Improper access control vulnerability in FactoryCamera prior to version 2.1.96 allows attacker to access the file with system privilege. |
| CVE-2022-27839 | 2022-04-11 | Improper authentication vulnerability in SecretMode in Samsung Internet prior to version 16.2.1 allows attackers to access bookmark tab without proper credentials. |
| CVE-2022-27840 | 2022-04-11 | Improper access control vulnerability in SamsungRecovery prior to version 8.1.43.0 allows local attckers to delete arbitrary files as SamsungRecovery permission. |
| CVE-2022-27841 | 2022-04-11 | Improper exception handling in Samsung Pass prior to version 3.7.07.5 allows physical attacker to view the screen that is previously running without authentication |
| CVE-2022-27842 | 2022-04-11 | DLL hijacking vulnerability in Smart Switch PC prior to version 4.2.22022_4 allows attacker to execute abitrary code. |
| CVE-2022-27843 | 2022-04-11 | DLL hijacking vulnerability in Kies prior to version 2.6.4.22014_2 allows attacker to execute abitrary code. |
| CVE-2022-28541 | 2022-04-11 | Uncontrolled search path element vulnerability in Samsung Update prior to version 3.0.77.0 allows attackers to execute arbitrary code as Samsung Update permission. |
| CVE-2022-28542 | 2022-04-11 | Improper sanitization of incoming intent in Galaxy Store prior to version 4.5.40.5 allows local attackers to access privileged content providers as Galaxy Store permission. |
| CVE-2022-28543 | 2022-04-11 | Path traversal vulnerability in Samsung Flow prior to version 4.8.07.4 allows local attackers to read arbitrary files as Samsung Flow permission. |
| CVE-2022-28544 | 2022-04-11 | Path traversal vulnerability in unzip method of InstallAgentCommonHelper in Galaxy store prior to version 4.5.40.5 allows attacker to access the file of Galaxy store. |
| CVE-2021-22055 | 2022-04-11 | The SchedulerServer in Vmware photon allows remote attackers to inject logs through \r in the package parameter. Attackers can also insert malicious data and fake entries. |
| CVE-2022-22954 | 2022-04-11 | VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection... |
| CVE-2021-43177 | 2022-04-11 | As a result of an incomplete fix for CVE-2015-7225, in versions of devise-two-factor prior to 4.0.2 it is possible to reuse a One-Time-Password (OTP) for one (and only one) immediately... |
| CVE-2021-36846 | 2022-04-11 | WordPress Chaty plugin <= 2.8.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-28775 | 2022-04-11 | Improper access control vulnerability in Samsung Flow prior to version 4.8.06.5 allows attacker to write the file without Samsung Flow permission. |
| CVE-2022-28776 | 2022-04-11 | Improper access control vulnerability in Galaxy Store prior to version 4.5.36.4 allows attacker to install applications from Galaxy Store without user interactions. |
| CVE-2022-28777 | 2022-04-11 | Improper access control vulnerability in Samsung Members prior to version 13.6.08.5 allows local attacker to execute call function without CALL_PHONE permission. |
| CVE-2022-28778 | 2022-04-11 | Improper access control vulnerability in Samsung Security Supporter prior to version 1.2.40.0 allows attacker to set the arbitrary folder as Secret Folder without Samsung Security Supporter permission |
| CVE-2022-28779 | 2022-04-11 | Uncontrolled search path element vulnerability in Samsung Android USB Driver windows installer program prior to version 1.7.50 allows attacker to execute arbitrary code. |
| CVE-2022-27578 | 2022-04-11 | An attacker can perform a privilege escalation through the SICK OEE if the application is installed in a directory where non authenticated or low privilege users can modify its content. |
| CVE-2022-27577 | 2022-04-11 | The vulnerability in the MSC800 in all versions before 4.15 allows for an attacker to predict the TCP initial sequence number. When the TCP sequence is predictable, an attacker can... |
| CVE-2021-36893 | 2022-04-11 | WordPress Responsive Tabs plugin <= 4.0.5 - Cross-Site Scripting (XSS) vulnerability |
| CVE-2021-38125 | 2022-04-11 | Unauthenticated remote code execution in Micro Focus Operations Bridge containerized, affecting versions 2021.05, 2021.08, and newer versions of Micro Focus Operations Bridge containerized if the deployment was upgraded from 2021.05... |
| CVE-2022-25789 | 2022-04-11 | A maliciously crafted DWF, 3DS and DWFX files in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code... |
| CVE-2022-25790 | 2022-04-11 | A maliciously crafted DWF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 can be used to write beyond the allocated boundaries when parsing the DWF files.... |
| CVE-2022-25791 | 2022-04-11 | A Memory Corruption vulnerability for DWF and DWFX files in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 may lead to code execution through maliciously crafted DLL files. |
| CVE-2022-25792 | 2022-04-11 | A maliciously crafted DXF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 can be used to write beyond the allocated buffer through Buffer overflow vulnerability. This... |
| CVE-2022-25796 | 2022-04-11 | A Double Free vulnerability allows remote malicious actors to execute arbitrary code on DWF file in Autodesk Navisworks 2022 within affected installations. User interaction is required to exploit this vulnerability... |
| CVE-2022-20081 | 2022-04-11 | In A-GPS, there is a possible man in the middle attack due to improper certificate validation. This could lead to remote information disclosure with no additional execution privileges needed. User... |
| CVE-2022-27528 | 2022-04-11 | A maliciously crafted DWFX and SKP files in Autodesk Navisworks 2022 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution. |
| CVE-2022-20062 | 2022-04-11 | In mdp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is... |
| CVE-2022-20063 | 2022-04-11 | In atf (spm), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed.... |
| CVE-2022-20064 | 2022-04-11 | In ccci, there is a possible leak of kernel pointer due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction... |