Lista CVE - 2022 / Maggio
Visualizzazione 1701 - 1800 di 2161 CVE per Maggio 2022 (Pagina 18 di 22)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2021-45915 | 2022-05-24 | In LuxSoft LuxCal Web Calendar before 5.2.0, an unauthenticated attacker can manipulate a cookie value. This allows the attacker's session to be authenticated as any registered LuxCal user, including the... |
| CVE-2021-45914 | 2022-05-24 | In LuxSoft LuxCal Web Calendar before 5.2.0, an unauthenticated attacker can manipulate a POST request. This allows the attacker's session to be authenticated as any registered LuxCal user, including the... |
| CVE-2022-22306 | 2022-05-24 | An improper certificate validation vulnerability [CWE-295] in FortiOS 6.0.0 through 6.0.14, 6.2.0 through 6.2.10, 6.4.0 through 6.4.8, 7.0.0 may allow a network adjacent and unauthenticated attacker to man-in-the-middle the communication... |
| CVE-2021-44975 | 2022-05-24 | radareorg radare2 5.5.2 is vulnerable to Buffer Overflow via /libr/core/anal_objc.c mach-o parser. |
| CVE-2022-29237 | 2022-05-24 | Limited Authentication Bypass for Media Files in Opencast |
| CVE-2022-31261 | 2022-05-24 | An XXE issue was discovered in Morpheus through 5.2.16 and 5.4.x through 5.4.4. A successful attack requires a SAML identity provider to be configured. In order to exploit the vulnerability,... |
| CVE-2022-29242 | 2022-05-24 | Buffer Overflow on creating key transport blob in GOST Engine |
| CVE-2022-29246 | 2022-05-24 | Potential buffer overflow in function DFU upload in Azure RTOS USBX |
| CVE-2022-29249 | 2022-05-24 | Reversible One-Way Hash and Use of a Broken or Risky Cryptographic Algorithm in io.github.javaezlib.JavaEZ |
| CVE-2013-10002 | 2022-05-24 | Telecommunication Software SAMwin Contact Center Suite Credential SAMwinLIBVB.dll getCurrentDBVersion hard-coded credentials |
| CVE-2013-10003 | 2022-05-24 | Telecommunication Software SAMwin Contact Center Suite Database SAMwinLIBVB.dll getCurrentDBVersion sql injection |
| CVE-2013-10004 | 2022-05-24 | Telecommunication Software SAMwin Contact Center Suite Password SAMwinLIBVB.dll passwordScramble improper authentication |
| CVE-2014-125001 | 2022-05-24 | Cardo Systems Scala Rider Q3 Cardo-Updater api privileges management |
| CVE-2021-4229 | 2022-05-24 | ua-parser-js Crypto Mining backdoor |
| CVE-2021-4230 | 2022-05-24 | Airfield Online MySQL Backup improper authentication |
| CVE-2020-4926 | 2022-05-24 | A vulnerability in the Spectrum Scale 5.1 core component and IBM Elastic Storage System 6.1 could allow unauthorized access to user data or injection of arbitrary data in the communication... |
| CVE-2022-22309 | 2022-05-24 | The POWER systems FSP is vulnerable to unauthenticated logins through the serial port/TTY interface. This vulnerability can be more critical if the serial port is connected to a serial-over-lan device.... |
| CVE-2022-22495 | 2022-05-24 | IBM i 7.3, 7.4, and 7.5 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or... |
| CVE-2022-1669 | 2022-05-24 | Circutor COMPACT DC-S BASIC |
| CVE-2021-32964 | 2022-05-24 | Claroty Secure Remote Access Site - Authentication Bypass Using an Alternate Path or Channel |
| CVE-2021-32962 | 2022-05-24 | Claroty Secure Remote Access Site - Authentication Bypass Using an Alternate Path or Channel |
| CVE-2021-32965 | 2022-05-24 | Delta Electronics DIAScreen - Type Confusion, Out-of-bounds Write |
| CVE-2021-32969 | 2022-05-24 | Delta Electronics DIAScreen - Type Confusion, Out-of-bounds Write |
| CVE-2022-23050 | 2022-05-24 | ManageEngine AppManager15 (Build No:15510) allows an authenticated admin user to upload a DLL file to perform a DLL hijack attack inside the 'working' folder through the 'Upload Files / Binaries'... |
| CVE-2021-42612 | 2022-05-24 | A use after free in cleanup_index in index.c in Halibut 1.2 allows an attacker to cause a segmentation fault or possibly have other unspecified impact via a crafted text document. |
| CVE-2022-22977 | 2022-05-24 | VMware Tools for Windows(12.0.0, 11.x.y and 10.x.y) contains an XML External Entity (XXE) vulnerability. A malicious actor with non-administrative local user privileges in the Windows guest OS, where VMware Tools... |
| CVE-2021-42613 | 2022-05-24 | A double free in cleanup_index in index.c in Halibut 1.2 allows an attacker to cause a denial of service or possibly have other unspecified impact via a crafted text document. |
| CVE-2021-3717 | 2022-05-24 | A flaw was found in Wildfly. An incorrect JBOSS_LOCAL_USER challenge location when using the elytron configuration may lead to JBOSS_LOCAL_USER access to all users on the machine. The highest threat... |
| CVE-2021-3629 | 2022-05-24 | A flaw was found in Undertow. A potential security issue in flow control handling by the browser over http/2 may potentially cause overhead or a denial of service in the... |
| CVE-2021-3597 | 2022-05-24 | A flaw was found in undertow. The HTTP2SourceChannel fails to write the final frame under some circumstances, resulting in a denial of service. The highest threat from this vulnerability is... |
| CVE-2021-42614 | 2022-05-24 | A use after free in info_width_internal in bk_info.c in Halibut 1.2 allows an attacker to cause a segmentation fault or possibly have unspecified other impact via a crafted text document. |
| CVE-2022-29333 | 2022-05-24 | A vulnerability in CyberLink Power Director v14 allows attackers to escalate privileges via a crafted .exe file. |
| CVE-2022-29334 | 2022-05-24 | An issue in H v1.0 allows attackers to bypass authentication via a session replay attack. |
| CVE-2022-29337 | 2022-05-24 | C-DATA FD702XW-X-R430 v2.1.13_X001 was discovered to contain a command injection vulnerability via the va_cmd parameter in formlanipv6. This vulnerability allows attackers to execute arbitrary commands via a crafted HTTP request. |
| CVE-2022-22497 | 2022-05-24 | IBM Aspera Faspex 4.4.1 and 5.0.0 could allow unauthorized access due to an incorrectly computed security token. IBM X-Force ID: 226951. |
| CVE-2022-29349 | 2022-05-24 | kkFileView v4.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the url parameter at /controller/OnlinePreviewController.java. |
| CVE-2022-29358 | 2022-05-24 | epub2txt2 v2.04 was discovered to contain an integer overflow via the function bug in _parse_special_tag at sxmlc.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a... |
| CVE-2022-29359 | 2022-05-24 | A stored cross-site scripting (XSS) vulnerability in /scas/?page=clubs/application_form&id=7 of School Club Application System v0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the... |
| CVE-2022-29361 | 2022-05-24 | Improper parsing of HTTP requests in Pallets Werkzeug v2.1.0 and below allows attackers to perform HTTP Request Smuggling using a crafted HTTP request with multiple requests included inside the body.... |
| CVE-2022-29710 | 2022-05-24 | A cross-site scripting (XSS) vulnerability in uploadConfirm.php of LimeSurvey v5.3.9 and below allows attackers to execute arbitrary web scripts or HTML via a crafted plugin. |
| CVE-2022-1851 | 2022-05-25 | Out-of-bounds Read in vim/vim |
| CVE-2022-31621 | 2022-05-25 | MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_xbstream.cc, when an error occurs (stream_ctxt->dest_file == NULL) while executing the method xbstream_open, the held lock is not released... |
| CVE-2022-31622 | 2022-05-25 | MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads, the held lock is... |
| CVE-2022-31623 | 2022-05-25 | MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (i.e., going to the err label) while executing the method create_worker_threads, the held lock... |
| CVE-2022-31650 | 2022-05-25 | In SoX 14.4.2, there is a floating-point exception in lsx_aiffstartwrite in aiff.c in libsox.a. |
| CVE-2022-31651 | 2022-05-25 | In SoX 14.4.2, there is an assertion failure in rate_init in rate.c in libsox.a. |
| CVE-2022-29248 | 2022-05-25 | Cross-domain cookie leakage in Guzzle |
| CVE-2022-29362 | 2022-05-25 | A cross-site scripting (XSS) vulnerability in /navigation/create?ParentID=%23 of ZKEACMS v3.5.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ParentID parameter. |
| CVE-2022-29405 | 2022-05-25 | Apache Archiva Arbitrary user password reset vulnerability |
| CVE-2022-1815 | 2022-05-25 | Exposure of Sensitive Information to an Unauthorized Actor in jgraph/drawio |
| CVE-2022-21951 | 2022-05-25 | Rancher: Weave CNI password is not set if RKE template is used with CNI value overridden |
| CVE-2022-1883 | 2022-05-25 | SQL Injection in camptocamp/terraboard |
| CVE-2022-28862 | 2022-05-25 | In Archibus Web Central before 26.2, multiple SQL Injection vulnerabilities occur in dwr/call/plaincall/workflow.runWorkflowRule.dwr. Through the injection of arbitrary SQL statements, a potential attacker can modify query syntax and perform unauthorized... |
| CVE-2022-30323 | 2022-05-25 | go-getter up to 1.5.11 and 2.0.2 panicked when processing password-protected ZIP files. Fixed in 1.6.1 and 2.1.0. |
| CVE-2022-30322 | 2022-05-25 | go-getter up to 1.5.11 and 2.0.2 allowed asymmetric resource exhaustion when go-getter processed malicious HTTP responses. Fixed in 1.6.1 and 2.1.0. |
| CVE-2022-30321 | 2022-05-25 | go-getter up to 1.5.11 and 2.0.2 allowed arbitrary host access via go-getter path traversal, symlink processing, and command injection flaws. Fixed in 1.6.1 and 2.1.0. |
| CVE-2022-26945 | 2022-05-25 | go-getter up to 1.5.11 and 2.0.2 allowed protocol switching, endless redirect, and configuration bypass via abuse of custom HTTP response header processing. Fixed in 1.6.1 and 2.1.0. |
| CVE-2022-30595 | 2022-05-25 | libImaging/TgaRleDecode.c in Pillow 9.1.0 has a heap buffer overflow in the processing of invalid TGA image files. |
| CVE-2021-44974 | 2022-05-25 | radareorg radare2 version 5.5.2 is vulnerable to NULL Pointer Dereference via libr/bin/p/bin_symbols.c binary symbol parser. |
| CVE-2022-29650 | 2022-05-25 | Online Food Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the Search parameter at /online-food-order/food-search.php. |
| CVE-2022-29651 | 2022-05-25 | An arbitrary file upload vulnerability in the Select Image function of Online Food Ordering System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. |
| CVE-2022-29379 | 2022-05-25 | Nginx NJS v0.7.3 was discovered to contain a stack overflow in the function njs_default_module_loader at /src/njs/src/njs_module.c. NOTE: multiple third parties dispute this report, e.g., the behavior is only found in... |
| CVE-2022-29380 | 2022-05-25 | Academy-LMS v4.3 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the SEO panel. |
| CVE-2021-32966 | 2022-05-25 | Philips Interoperability Solution XDS - Clear Text Transmission of Sensitive Information |
| CVE-2021-32989 | 2022-05-25 | LCDS LAquis SCADA - Cross-site Scripting |
| CVE-2021-32997 | 2022-05-25 | Baker Hughes Bently Nevada 3500 - Use of Password Hash with Insufficient Computational Effort |
| CVE-2021-35487 | 2022-05-25 | Nokia Broadcast Message Center through 11.1.0 allows an authenticated user to perform a Boolean Blind SQL Injection attack on the endpoint /owui/block/send-receive-updates (for the Manage Alerts page) via the extIdentifier... |
| CVE-2022-22127 | 2022-05-25 | Tableau is aware of a broken access control vulnerability present in Tableau Server affecting Tableau Server customers using Local Identity Store for managing users. The vulnerability allows a malicious site... |
| CVE-2022-1678 | 2022-05-25 | An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference in TCP pacing can lead to memory/netns leak, which can be used... |
| CVE-2022-28875 | 2022-05-25 | Denial-of-Service (DoS) Vulnerability |
| CVE-2022-1348 | 2022-05-25 | A vulnerability was found in logrotate in how the state file is created. The state file is used to prevent parallel executions of multiple instances of logrotate by acquiring and... |
| CVE-2021-27779 | 2022-05-25 | A Security Misconfiguration vulnerability affects HCL VersionVault Express |
| CVE-2021-27783 | 2022-05-25 | HCL BigFix Mobile / Modern Client Management is vulnerable to sensitive information exposure |
| CVE-2022-30428 | 2022-05-25 | In ginadmin through 05-10-2022, the incoming path value is not filtered, resulting in arbitrary file reading. |
| CVE-2022-30427 | 2022-05-25 | In ginadmin through 05-10-2022 the incoming path value is not filtered, resulting in directory traversal. |
| CVE-2021-44719 | 2022-05-25 | Docker Desktop 4.3.0 has Incorrect Access Control. |
| CVE-2022-27305 | 2022-05-25 | Gibbon v23 does not generate a new session ID cookie after a user authenticates, making the application vulnerable to session fixation. |
| CVE-2022-23775 | 2022-05-25 | TrueStack Direct Connect 1.4.7 has Incorrect Access Control. |
| CVE-2022-29408 | 2022-05-25 | WordPress Advanced Contact form 7 DB plugin <= 1.8.7 - Unauthenticated Persistent Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-29402 | 2022-05-25 | TP-Link TL-WR840N EU v6.20 was discovered to contain insecure protections for its UART console. This vulnerability allows attackers to connect to the UART port via a serial connection and execute... |
| CVE-2022-31620 | 2022-05-25 | In libjpeg before 1.64, BitStream<false>::Get in bitstream.hpp has an assertion failure that may cause denial of service. This is related to out-of-bounds array access during arithmetically coded lossless scan or... |
| CVE-2022-26026 | 2022-05-25 | A denial of service vulnerability exists in the OAS Engine SecureConfigValues functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted network request can lead to loss of communications. An... |
| CVE-2022-26043 | 2022-05-25 | An external config control vulnerability exists in the OAS Engine SecureAddSecurity functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to the creation... |
| CVE-2022-26067 | 2022-05-25 | An information disclosure vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to arbitrary file read.... |
| CVE-2022-26077 | 2022-05-25 | A cleartext transmission of sensitive information vulnerability exists in the OAS Engine configuration communications functionality of Open Automation Software OAS Platform V16.00.0112. A targeted network sniffing attack can lead to... |
| CVE-2022-26082 | 2022-05-25 | A file write vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to remote code execution.... |
| CVE-2022-26303 | 2022-05-25 | An external config control vulnerability exists in the OAS Engine SecureAddUser functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to the creation... |
| CVE-2022-26833 | 2022-05-25 | An improper authentication vulnerability exists in the REST API functionality of Open Automation Software OAS Platform V16.00.0121. A specially-crafted series of HTTP requests can lead to unauthenticated use of the... |
| CVE-2022-27169 | 2022-05-25 | An information disclosure vulnerability exists in the OAS Engine SecureBrowseFile functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted network request can lead to a disclosure of sensitive information.... |
| CVE-2022-31624 | 2022-05-25 | MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released correctly, which allows local users to trigger... |
| CVE-2022-29253 | 2022-05-25 | Path Traversal in XWiki Platform |
| CVE-2022-29252 | 2022-05-25 | Cross-site Scripting in XWiki Platform Wiki UI Main Wiki |
| CVE-2022-29251 | 2022-05-25 | Cross-site Scripting in the Flamingo theme manager |
| CVE-2022-29256 | 2022-05-25 | Possible vulnerability at 'npm install' time in sharp if an attacker has control over build environment |
| CVE-2022-30999 | 2022-05-25 | Possible cross-site scripting attack via unsanitized SVG files in FoF Upload |
| CVE-2022-31004 | 2022-05-25 | Potential secrets being logged to disk in CVE Services |
| CVE-2022-1882 | 2022-05-26 | A use-after-free flaw was found in the Linux kernel’s pipes functionality in how a user performs manipulations with the pipe post_one_notification() after free_pipe_info() that is already called. This flaw allows... |
| CVE-2022-1886 | 2022-05-26 | Heap-based Buffer Overflow in vim/vim |
| CVE-2022-21831 | 2022-05-26 | A code injection vulnerability exists in the Active Storage >= v5.2.0 that could allow an attacker to execute code via image_processing arguments. |
| CVE-2022-22576 | 2022-05-26 | An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same... |