Lista CVE - 2022 / Maggio
Visualizzazione 1001 - 1100 di 2161 CVE per Maggio 2022 (Pagina 11 di 22)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2021-33123 | 2022-05-12 | Improper access control in the BIOS authenticated code module for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access. |
| CVE-2021-0190 | 2022-05-12 | Uncaught exception in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access. |
| CVE-2021-33122 | 2022-05-12 | Insufficient control flow management in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access. |
| CVE-2021-0189 | 2022-05-12 | Use of out-of-range pointer offset in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access. |
| CVE-2021-33124 | 2022-05-12 | Out-of-bounds write in the BIOS authenticated code module for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access. |
| CVE-2021-33103 | 2022-05-12 | Unintended intermediary in the BIOS authenticated code module for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access. |
| CVE-2021-0159 | 2022-05-12 | Improper input validation in the BIOS authenticated code module for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access. |
| CVE-2021-0188 | 2022-05-12 | Return of pointer value outside of expected range in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access. |
| CVE-2021-0155 | 2022-05-12 | Unchecked return value in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access. |
| CVE-2021-40399 | 2022-05-12 | An exploitable use-after-free vulnerability exists in WPS Spreadsheets ( ET ) as part of WPS Office, version 11.2.0.10351. A specially-crafted XLS file can cause a use-after-free condition, resulting in remote... |
| CVE-2022-21147 | 2022-05-12 | An out of bounds read vulnerability exists in the malware scan functionality of ESTsoft Alyac 2.5.7.7. A specially-crafted PE file can trigger this vulnerability to cause denial of service and... |
| CVE-2022-21182 | 2022-05-12 | A privilege escalation vulnerability exists in the router configuration import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to increased privileges. An attacker can send an... |
| CVE-2022-21238 | 2022-05-12 | A cross-site scripting (xss) vulnerability exists in the info.jsp functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an... |
| CVE-2022-21809 | 2022-05-12 | A file write vulnerability exists in the httpd upload.cgi functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to arbitrary file upload. An attacker can upload a... |
| CVE-2022-24910 | 2022-05-12 | A buffer overflow vulnerability exists in the httpd parse_ping_result API functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a... |
| CVE-2022-25172 | 2022-05-12 | An information disclosure vulnerability exists in the web interface session cookie functionality of InHand Networks InRouter302 V3.5.4. The session cookie misses the HttpOnly flag, making it accessible via JavaScript and... |
| CVE-2022-25995 | 2022-05-12 | A command execution vulnerability exists in the console inhand functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a... |
| CVE-2022-26002 | 2022-05-12 | A stack-based buffer overflow vulnerability exists in the console factory functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to remote code execution. An attacker can send... |
| CVE-2022-26007 | 2022-05-12 | An OS command injection vulnerability exists in the console factory functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to command execution. An attacker can send a... |
| CVE-2022-26020 | 2022-05-12 | An information disclosure vulnerability exists in the router configuration export functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to increased privileges. An attacker can send an... |
| CVE-2022-26042 | 2022-05-12 | An OS command injection vulnerability exists in the daretools binary functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to arbitrary command execution. An attacker can send... |
| CVE-2022-26075 | 2022-05-12 | An OS command injection vulnerability exists in the console infactory_wlan functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted series of network requests can lead to remote code execution. An attacker... |
| CVE-2022-26085 | 2022-05-12 | An OS command injection vulnerability exists in the httpd wlscan_ASP functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make... |
| CVE-2022-26420 | 2022-05-12 | An OS command injection vulnerability exists in the console infactory_port functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted series of network requests can lead to remote code execution. An attacker... |
| CVE-2022-26510 | 2022-05-12 | A firmware update vulnerability exists in the iburn firmware checks functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted HTTP request can lead to firmware update. An attacker can send a... |
| CVE-2022-26518 | 2022-05-12 | An OS command injection vulnerability exists in the console infactory_net functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted series of network requests can lead to remote code execution. An attacker... |
| CVE-2022-26780 | 2022-05-12 | Multiple improper input validation vulnerabilities exists in the libnvram.so nvram_import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a... |
| CVE-2022-26781 | 2022-05-12 | Multiple improper input validation vulnerabilities exists in the libnvram.so nvram_import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a... |
| CVE-2022-26782 | 2022-05-12 | Multiple improper input validation vulnerabilities exists in the libnvram.so nvram_import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a... |
| CVE-2022-27172 | 2022-05-12 | A hard-coded password vulnerability exists in the console infactory functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted network request can lead to privileged operation execution. An attacker can send a... |
| CVE-2021-26369 | 2022-05-12 | A malicious or compromised UApp or ABL may be used by an attacker to send a malformed system call to the bootloader, resulting in out-of-bounds memory accesses. |
| CVE-2021-26366 | 2022-05-12 | An attacker, who gained elevated privileges via some other vulnerability, may be able to read data from Boot ROM resulting in a loss of system integrity. |
| CVE-2022-29363 | 2022-05-12 | Phpok v6.1 was discovered to contain a deserialization vulnerability via the update_f() function in login_control.php. This vulnerability allows attackers to getshell via writing arbitrary files. |
| CVE-2021-26351 | 2022-05-12 | Insufficient DRAM address validation in System Management Unit (SMU) may result in a DMA (Direct Memory Access) read/write from/to invalid DRAM address that could result in denial of service. |
| CVE-2021-26362 | 2022-05-12 | A malicious or compromised UApp or ABL may be used by an attacker to issue a malformed system call which results in mapping sensitive System Management Network (SMN) registers leading... |
| CVE-2021-26361 | 2022-05-12 | A malicious or compromised User Application (UApp) or AGESA Boot Loader (ABL) could be used by an attacker to exfiltrate arbitrary memory from the ASP stage 2 bootloader potentially leading... |
| CVE-2021-26368 | 2022-05-12 | Insufficient check of the process type in Trusted OS (TOS) may allow an attacker with privileges to enable a lesser privileged process to unmap memory owned by a higher privileged... |
| CVE-2021-26317 | 2022-05-12 | Failure to verify the protocol in SMM may allow an attacker to control the protocol and modify SPI flash resulting in a potential arbitrary code execution. |
| CVE-2021-26386 | 2022-05-12 | A malicious or compromised UApp or ABL may be used by an attacker to issue a malformed system call to the Stage 2 Bootloader potentially leading to corrupt memory and... |
| CVE-2021-26363 | 2022-05-12 | A malicious or compromised UApp or ABL could potentially change the value that the ASP uses for its reserved DRAM, to one outside of the fenced area, potentially leading to... |
| CVE-2022-29368 | 2022-05-12 | Moddable commit before 135aa9a4a6a9b49b60aa730ebc3bcc6247d75c45 was discovered to contain an out-of-bounds read via the function fxUint8Getter at /moddable/xs/sources/xsDataView.c. |
| CVE-2022-29369 | 2022-05-12 | Nginx NJS v0.7.2 was discovered to contain a segmentation violation via njs_lvlhsh_bucket_find at njs_lvlhsh.c. |
| CVE-2021-22531 | 2022-05-12 | A bug exist in the input parameter of Access Manager that allows supply of invalid character to trigger cross-site scripting vulnerability. This affects NetIQ Access Manager 4.5 and 5.0 |
| CVE-2022-28819 | 2022-05-12 | Adobe Character Animator SVG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2022-28818 | 2022-05-12 | ColdFusion Reflected Cross-Site Scripting could lead to Arbitrary Code Execution |
| CVE-2021-27478 | 2022-05-12 | EIPStackGroup OpENer Ethernet/IP Incorrect Conversion between Numeric Types |
| CVE-2021-27482 | 2022-05-12 | EIPStackGroup OpENer Ethernet/IP Out-of-bounds Read |
| CVE-2021-27498 | 2022-05-12 | EIPStackGroup OpENer Ethernet/IP Reachable Assertion |
| CVE-2021-27500 | 2022-05-12 | EIPStackGroup OpENer Ethernet/IP Reachable Assertion |
| CVE-2022-23742 | 2022-05-12 | Check Point Endpoint Security Client for Windows versions earlier than E86.40 copy files for forensics reports from a directory with low privileges. An attacker can replace those files with malicious... |
| CVE-2022-23139 | 2022-05-12 | ZTE's ZXMP M721 product has a permission and access control vulnerability. Since the folder permission viewed by sftp is 666, which is inconsistent with the actual permission. It’s easy for?users... |
| CVE-2022-22970 | 2022-05-12 | In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to... |
| CVE-2022-22971 | 2022-05-12 | In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an... |
| CVE-2022-22796 | 2022-05-12 | Sysaid – Sysaid System Takeover |
| CVE-2022-22797 | 2022-05-12 | Sysaid – sysaid Open Redirect |
| CVE-2022-22798 | 2022-05-12 | Sysaid – Pro Plus Edition, SysAid Help Desk Broken Access Control |
| CVE-2022-23165 | 2022-05-12 | Sysaid – Sysaid 14.2.0 Reflected Cross-Site Scripting (XSS) |
| CVE-2022-23166 | 2022-05-12 | Sysaid – Sysaid Local File Inclusion (LFI) |
| CVE-2020-22984 | 2022-05-12 | Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via key parameter to the getGoogleExtraConfig task. |
| CVE-2020-22987 | 2022-05-12 | Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the fileToUpload parameter to the uploadFile task. |
| CVE-2020-22986 | 2022-05-12 | Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the searchString parameter to the wikiScrapper task. |
| CVE-2020-22985 | 2022-05-12 | Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the key parameter to the getESRIExtraConfig task. |
| CVE-2021-27768 | 2022-05-12 | An SSL certificate host verification vulnerability affects HCL Verse for Android |
| CVE-2021-27769 | 2022-05-12 | HCL Sametime is vulnerable to an information disclosure |
| CVE-2021-27770 | 2022-05-12 | HCL Sametime is vulnerable to arbitrary HTTP requests |
| CVE-2021-27771 | 2022-05-12 | HCL Sametime is susceptible a file transfer service vulnerability |
| CVE-2021-27772 | 2022-05-12 | HCL Sametime is vulnerable to an information disclosure |
| CVE-2021-27773 | 2022-05-12 | HCL Sametime is vulnerable to clickjacking |
| CVE-2021-27777 | 2022-05-12 | HCL Unica Platform is vulnerable to XML External Entity (XXE) injection |
| CVE-2022-27134 | 2022-05-12 | EOSIO batdappboomx v327c04cf has an Access-control vulnerability in the `transfer` function of the smart contract which allows remote attackers to win the cryptocurrency without paying ticket fee via the `std::string... |
| CVE-2022-29218 | 2022-05-12 | Unauthorized takeover for new versions of some platform-specific gems |
| CVE-2022-1714 | 2022-05-13 | Out-of-bounds Read in radareorg/radare2 |
| CVE-2022-25762 | 2022-05-13 | Response mix-up with WebSocket concurrent send and close |
| CVE-2021-42967 | 2022-05-13 | Unrestricted file upload in /novel-admin/src/main/java/com/java2nb/common/controller/FileController.java in novel-plus all versions allows allows an attacker to upload malicious JSP files. |
| CVE-2021-42969 | 2022-05-13 | Certain Anaconda3 2021.05 are affected by OS command injection. When a user installs Anaconda, an attacker can create a new file and write something in usercustomize.py. When the user opens... |
| CVE-2020-22983 | 2022-05-13 | A Server-Side Request Forgery (SSRF) vulnerability exists in MicroStrategy Web SDK 11.1 and earlier, allows remote unauthenticated attackers to conduct a server-side request forgery (SSRF) attack via the srcURL parameter... |
| CVE-2022-30374 | 2022-05-13 | Air Cargo Management System 1.0 is vulnerable to SQL Injection via /acms/admin/?page=transactions/manage_transaction&id=. |
| CVE-2022-30373 | 2022-05-13 | Air Cargo Management System 1.0 is vulnerable to SQL Injection via /acms/admin/cargo_types/manage_cargo_type.php?id=. |
| CVE-2022-30372 | 2022-05-13 | Air Cargo Management System 1.0 is vulnerable to SQL Injection via /acms/classes/Master.php?f=delete_cargo. |
| CVE-2022-30371 | 2022-05-13 | Air Cargo Management System 1.0 is vulnerable to SQL Injection via /acms/admin/cargo_types/view_cargo_type.php?id=. |
| CVE-2022-30370 | 2022-05-13 | Air Cargo Management System 1.0 is vulnerable to SQL Injection via /acms/classes/Master.php?f=delete_cargo_type. |
| CVE-2022-29383 | 2022-05-13 | NETGEAR ProSafe SSL VPN firmware FVS336Gv2 and FVS336Gv3 was discovered to contain a SQL injection vulnerability via USERDBDomains.Domainname at cgi-bin/platform.cgi. |
| CVE-2022-30489 | 2022-05-13 | WAVLINK WN535 G3 was discovered to contain a cross-site scripting (XSS) vulnerability via the hostname parameter at /cgi-bin/login.cgi. |
| CVE-2022-29854 | 2022-05-13 | A vulnerability in Mitel 6900 Series IP (MiNet) phones excluding 6970, versions 1.8 (1.8.0.12) and earlier, could allow a unauthenticated attacker with physical access to the phone to gain root... |
| CVE-2022-30367 | 2022-05-13 | Air Cargo Management System v1.0 is vulnerable to file deletion via /acms/classes/Master.php?f=delete_img. |
| CVE-2022-30379 | 2022-05-13 | Sourcecodester Simple Social Networking Site v1.0 is vulnerable to SQL Injection via /sns/admin/?page=user/manage_user&id=. |
| CVE-2022-30378 | 2022-05-13 | Sourcecodester Simple Social Networking Site v1.0 is vulnerable to SQL Injection via /sns/admin/?page=posts/view_post&id=. |
| CVE-2022-30376 | 2022-05-13 | Sourcecodester Simple Social Networking Site v1.0 is vulnerable to SQL Injection via /sns/admin/members/view_member.php?id=. |
| CVE-2022-30375 | 2022-05-13 | Sourcecodester Simple Social Networking Site v1.0 is vulnerable to file deletion via /sns/classes/Master.php?f=delete_img. |
| CVE-2022-30403 | 2022-05-13 | Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/?p=products&c=. |
| CVE-2022-30402 | 2022-05-13 | Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=maintenance/manage_sub_category&id=. |
| CVE-2022-30401 | 2022-05-13 | Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/?p=view_product&id=. |
| CVE-2022-30400 | 2022-05-13 | Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/orders/view_order.php?view=user&id=. |
| CVE-2022-30399 | 2022-05-13 | Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=maintenance/manage_category&id=. |
| CVE-2022-30398 | 2022-05-13 | Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=orders/view_order&id=. |
| CVE-2022-30396 | 2022-05-13 | Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=inventory/manage_inventory&id=. |
| CVE-2022-30395 | 2022-05-13 | Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_cart. |
| CVE-2022-30393 | 2022-05-13 | Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=product/manage_product&id=. |
| CVE-2022-30392 | 2022-05-13 | Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_sub_category. |
| CVE-2022-30391 | 2022-05-13 | Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_category. |