Lista CVE - 2022 / Maggio
Visualizzazione 401 - 500 di 2161 CVE per Maggio 2022 (Pagina 5 di 22)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2022-27411 | 2022-05-05 | TOTOLINK N600R v5.3c.5507_B20171031 was discovered to contain a command injection vulnerability via the QUERY_STRING parameter in the "Main" function. |
| CVE-2022-27360 | 2022-05-05 | SpringBlade v3.2.0 and below was discovered to contain a SQL injection vulnerability via the component customSqlSegment. |
| CVE-2022-27359 | 2022-05-05 | Foxit PDF Reader before 12.0.1 and PDF Editor before 12.0.1 allow a this.maildoc NULL pointer dereference. |
| CVE-2022-27337 | 2022-05-05 | A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. |
| CVE-2022-29176 | 2022-05-05 | Unauthorized gem takeover for some gems on rubygems.org |
| CVE-2022-29535 | 2022-05-05 | Zoho ManageEngine OPManager through 125588 allows SQL Injection via a few default reports. |
| CVE-2022-29173 | 2022-05-05 | No protection against rollback attacks in go-tuf |
| CVE-2022-29172 | 2022-05-05 | HTML injection with additional signup fields |
| CVE-2022-29167 | 2022-05-05 | ReDoS vulnerability in header parsing in hawk |
| CVE-2022-29166 | 2022-05-05 | Improper handling of multiline messages in matrix-appservice-irc |
| CVE-2022-29164 | 2022-05-05 | Privilege Escalation in argo-workflows |
| CVE-2022-29171 | 2022-05-05 | Remote Code Execution in sourcegraph |
| CVE-2022-24902 | 2022-05-05 | Memory issue in playing videos |
| CVE-2022-29161 | 2022-05-05 | Crypto script service uses hashing algorithm SHA1 with RSA for certificate signature in xwiki-platform |
| CVE-2022-24899 | 2022-05-05 | Cross site scripting via canonical tag |
| CVE-2022-24884 | 2022-05-05 | Trivial signature forgery in ecdsautils |
| CVE-2022-28005 | 2022-05-06 | An issue was discovered in the 3CX Phone System Management Console prior to version 18 Update 3 FINAL. An unauthenticated attacker could abuse improperly secured access to arbitrary files on... |
| CVE-2022-24817 | 2022-05-06 | Improper kubeconfig validation allows arbitrary code execution |
| CVE-2021-25745 | 2022-05-06 | Ingress-nginx path can be pointed to service account token file |
| CVE-2021-25746 | 2022-05-06 | Ingress-nginx directive injection via annotations |
| CVE-2022-24877 | 2022-05-06 | Improper path handling in kustomization files allows path traversal |
| CVE-2022-24878 | 2022-05-06 | Improper path handling in Kustomization files allows for denial of service |
| CVE-2022-30293 | 2022-05-06 | In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp. |
| CVE-2022-30295 | 2022-05-06 | uClibc-ng through 1.0.40 and uClibc through 0.9.33.2 use predictable DNS transaction IDs that may lead to DNS cache poisoning. This is related to a reset of a value to 0x2. |
| CVE-2022-24823 | 2022-05-06 | Local Information Disclosure Vulnerability in io.netty:netty-codec-http |
| CVE-2022-28969 | 2022-05-06 | Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the shareSpeed parameter in the function fromSetWifiGusetBasic. This vulnerability allows attackers to cause a Denial of Service (DoS). |
| CVE-2022-28970 | 2022-05-06 | Tenda AX1806 v1.0.0.1 was discovered to contain a heap overflow via the mac parameter in the function GetParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS). |
| CVE-2022-28971 | 2022-05-06 | Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the list parameter in the function fromSetIpMacBind. This vulnerability allows attackers to cause a Denial of Service (DoS). |
| CVE-2022-28972 | 2022-05-06 | Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the timeZone parameter in the function form_fast_setting_wifi_set. This vulnerability allows attackers to cause a Denial of Service (DoS). |
| CVE-2022-28973 | 2022-05-06 | Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the wanMTU parameter in the function fromAdvSetMacMtuWan. This vulnerability allows attackers to cause a Denial of Service (DoS). |
| CVE-2020-19212 | 2022-05-06 | SQL Injection vulnerability in admin/group_list.php in piwigo v2.9.5, via the group parameter to delete. |
| CVE-2020-19213 | 2022-05-06 | SQL Injection vulnerability in cat_move.php in piwigo v2.9.5, via the selection parameter to move_categories. |
| CVE-2020-19215 | 2022-05-06 | SQL Injection vulnerability in admin/user_perm.php in piwigo v2.9.5, via the cat_false parameter to admin.php?page=user_perm. |
| CVE-2020-19216 | 2022-05-06 | SQL Injection vulnerability in admin/user_perm.php in piwigo v2.9.5, via the cat_false parameter to admin.php?page=group_perm. |
| CVE-2020-19217 | 2022-05-06 | SQL Injection vulnerability in admin/batch_manager.php in piwigo v2.9.5, via the filter_category parameter to admin.php?page=batch_manager. |
| CVE-2021-39023 | 2022-05-06 | IBM Guardium Data Encryption (GDE) 4.0.0 and 5.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information... |
| CVE-2021-39027 | 2022-05-06 | IBM Guardium Data Encryption (GDE) 4.0.0 and 5.0.0 prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly.... |
| CVE-2022-21934 | 2022-05-06 | Metasys Unverified Password Change |
| CVE-2022-28164 | 2022-05-06 | Brocade SANnav before SANnav 2.2.0 application uses the Blowfish symmetric encryption algorithm for the storage of passwords. This could allow an authenticated attacker to decrypt stored account passwords. |
| CVE-2022-28163 | 2022-05-06 | In Brocade SANnav before Brocade SANnav 2.2.0, multiple endpoints associated with Zone management are susceptible to SQL injection, allowing an attacker to run arbitrary SQL commands. |
| CVE-2022-28165 | 2022-05-06 | A vulnerability in the role-based access control (RBAC) functionality of the Brocade SANNav before 2.2.0 could allow an authenticated, remote attacker to access resources that they should not be able... |
| CVE-2022-28545 | 2022-05-06 | FUDforum 3.1.1 is vulnerable to Stored XSS. |
| CVE-2021-26253 | 2022-05-06 | Bypass of Splunk Enterprise's implementation of DUO MFA |
| CVE-2021-31559 | 2022-05-06 | S2S TcpToken authentication bypass |
| CVE-2021-33845 | 2022-05-06 | Username enumeration through lockout message in REST API |
| CVE-2021-42743 | 2022-05-06 | Local privilege escalation via a default path in Splunk Enterprise Windows |
| CVE-2022-26070 | 2022-05-06 | Error message discloses internal path |
| CVE-2022-26889 | 2022-05-06 | Path Traversal in search parameter results in external content injection |
| CVE-2022-27183 | 2022-05-06 | Reflected XSS in a query parameter of the Monitoring Console |
| CVE-2022-28507 | 2022-05-06 | Dragon Path Technologies Bharti Airtel Routers Hardware BDT-121 version 1.0 is vulnerable to Cross Site Scripting (XSS) via Dragon path router admin page. |
| CVE-2022-1053 | 2022-05-06 | Keylime does not enforce that the agent registrar data is the same when the tenant uses it for validation of the EK and identity quote and the verifier for validating... |
| CVE-2021-36912 | 2022-05-06 | Andrea Pernici News Sitemap for Google plugin <= 1.0.16 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-29420 | 2022-05-06 | WordPress Countdown & Clock plugin <= 2.3.2 - Auth. Stored Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-29421 | 2022-05-06 | WordPress Countdown & Clock plugin <= 2.3.2 - Reflected Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-23205 | 2022-05-06 | Adobe Photoshop Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2022-24098 | 2022-05-06 | Adobe Photoshop PCX File Parsing Memory Corruption Remote Code Execution Vulnerability |
| CVE-2022-24099 | 2022-05-06 | Adobe Photoshop Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2022-24105 | 2022-05-06 | Adobe Photoshop U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2022-28270 | 2022-05-06 | Adobe Photoshop SVG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2022-28271 | 2022-05-06 | Adobe Photoshop PDF File Parsing Use-After-Free Remote Code Execution Vulnerability |
| CVE-2022-28272 | 2022-05-06 | Adobe Photoshop Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2022-28273 | 2022-05-06 | Adobe Photoshop Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2022-28274 | 2022-05-06 | Adobe Photoshop Font Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| CVE-2022-28275 | 2022-05-06 | Adobe Photoshop Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2022-28276 | 2022-05-06 | Adobe Photoshop Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2022-28277 | 2022-05-06 | Adobe Photoshop PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2022-28278 | 2022-05-06 | Adobe Photoshop Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2022-28279 | 2022-05-06 | Adobe Photoshop Font Parsing Use-After-Free Remote Code Execution Vulnerability |
| CVE-2022-27783 | 2022-05-06 | Adobe After Effects Stack Buffer Overflow Could Lead To RCE |
| CVE-2022-27784 | 2022-05-06 | Adobe After Effects Stack Buffer Overflow Could Lead To RCE |
| CVE-2019-12254 | 2022-05-06 | TECSON/GOK: Improper Authentication and Access Control on multiple devices |
| CVE-2022-29422 | 2022-05-06 | WordPress Countdown & Clock plugin <= 2.3.2 - Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities |
| CVE-2022-29423 | 2022-05-06 | WordPress Countdown & Clock plugin <= 2.3.2 - Pro Features Lock Bypass vulnerability |
| CVE-2022-23802 | 2022-05-06 | Extension - Insecure Permissions within Joomla Guru extensions |
| CVE-2022-27909 | 2022-05-06 | Extension - Incorrect Access Control within jdownloads extension |
| CVE-2021-27751 | 2022-05-06 | HCL Commerce is affected by an Insufficient Session Expiration vulnerability. |
| CVE-2021-27758 | 2022-05-06 | There is a security vulnerability in login form related to Cross-site Request Forgery which prevents user to login after attacker spam to login and system blocked victim's account. |
| CVE-2021-27759 | 2022-05-06 | This vulnerability arises because the application allows the user to perform some sensitive action without verifying that the request was sent intentionally. An attacker can cause a victim's browser to... |
| CVE-2021-27760 | 2022-05-06 | HCL Notes 11.0 - 11.0.1 FP4 Sametime Embedded chat clients are vulnerable to group chats loading script on restart |
| CVE-2021-27761 | 2022-05-06 | HCL BigFix Platform is affected by weak web transport security |
| CVE-2021-27762 | 2022-05-06 | HCL BigFix Platform is affected by misconfigured security-related HTTP headers |
| CVE-2021-27764 | 2022-05-06 | HCL BigFix WebUI Cookie missing attributes |
| CVE-2021-27765 | 2022-05-06 | HCL BigFix Platform Server API is affected by Privilege Escalation Vulnerability |
| CVE-2021-27766 | 2022-05-06 | HCL BigFix Platform Client is affected by a Privilege Escalation Vulnerability |
| CVE-2021-27767 | 2022-05-06 | HCL BigFix Platform Console is affected by a Privilege Escalation Vulnerability |
| CVE-2022-25324 | 2022-05-06 | Denial of Service (DoS) |
| CVE-2021-23792 | 2022-05-06 | XML External Entity (XXE) Injection |
| CVE-2021-23592 | 2022-05-06 | Deserialization of Untrusted Data |
| CVE-2022-1616 | 2022-05-07 | Use after free in append_command in vim/vim |
| CVE-2022-30330 | 2022-05-07 | In the KeepKey firmware before 7.3.2,Flaws in the supervisor interface can be exploited to bypass important security restrictions on firmware operations. Using these flaws, malicious firmware code can elevate privileges,... |
| CVE-2022-29180 | 2022-05-07 | Charm vulnerable to server-side request forgery (SSRF) |
| CVE-2022-30334 | 2022-05-07 | Brave before 1.34, when a Private Window with Tor Connectivity is used, leaks .onion URLs in Referer and Origin headers. NOTE: although this was fixed by Brave, the Brave documentation... |
| CVE-2022-1619 | 2022-05-08 | Heap-based Buffer Overflow in function cmdline_erase_chars in vim/vim |
| CVE-2022-1620 | 2022-05-08 | NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in vim/vim |
| CVE-2022-28463 | 2022-05-08 | ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow. |
| CVE-2018-25033 | 2022-05-08 | ADMesh through 0.98.4 has a heap-based buffer over-read in stl_update_connects_remove_1 (called from stl_remove_degenerate) in connect.c in libadmesh.a. |
| CVE-2022-28470 | 2022-05-08 | marcador package in PyPI 0.1 through 0.13 included a code-execution backdoor. |
| CVE-2022-1621 | 2022-05-09 | Heap buffer overflow in vim_strncpy find_word in vim/vim |
| CVE-2022-28738 | 2022-05-09 | A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. If a victim attempts to create a Regexp from untrusted user input,... |
| CVE-2022-28739 | 2022-05-09 | There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f. |