Lista CVE - 2022 / Maggio
Visualizzazione 1301 - 1400 di 2161 CVE per Maggio 2022 (Pagina 14 di 22)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2022-30955 | 2022-05-17 | Jenkins GitLab Plugin 1.5.31 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. |
| CVE-2022-30956 | 2022-05-17 | Jenkins Rundeck Plugin 3.6.10 and earlier does not restrict URL schemes in Rundeck webhook submissions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to submit crafted... |
| CVE-2022-30957 | 2022-05-17 | A missing permission check in Jenkins SSH Plugin 2.6.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. |
| CVE-2022-30958 | 2022-05-17 | A cross-site request forgery (CSRF) vulnerability in Jenkins SSH Plugin 2.6.1 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method,... |
| CVE-2022-30959 | 2022-05-17 | A missing permission check in Jenkins SSH Plugin 2.6.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another... |
| CVE-2022-30960 | 2022-05-17 | Jenkins Application Detector Plugin 1.0.8 and earlier does not escape the name of Chois Application Version parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable... |
| CVE-2022-30961 | 2022-05-17 | Jenkins Autocomplete Parameter Plugin 1.1 and earlier does not escape the name of Dropdown Autocomplete and Auto Complete String parameters on views displaying parameters, resulting in a stored cross-site scripting... |
| CVE-2022-30962 | 2022-05-17 | Jenkins Global Variable String Parameter Plugin 1.2 and earlier does not escape the name and description of Global Variable String parameters on views displaying parameters, resulting in a stored cross-site... |
| CVE-2022-30963 | 2022-05-17 | Jenkins JDK Parameter Plugin 1.0 and earlier does not escape the name and description of JDK parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable... |
| CVE-2022-30964 | 2022-05-17 | Jenkins Multiselect parameter Plugin 1.3 and earlier does not escape the name and description of Multiselect parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable... |
| CVE-2022-30965 | 2022-05-17 | Jenkins Promoted Builds (Simple) Plugin 1.9 and earlier does not escape the name and description of Promotion Level parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS)... |
| CVE-2022-30966 | 2022-05-17 | Jenkins Random String Parameter Plugin 1.0 and earlier does not escape the name and description of Random String parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS)... |
| CVE-2022-30967 | 2022-05-17 | Jenkins Selection tasks Plugin 1.0 and earlier does not escape the name and description of Script Selection task variable parameters on views displaying parameters, resulting in a stored cross-site scripting... |
| CVE-2022-30968 | 2022-05-17 | Jenkins vboxwrapper Plugin 1.3 and earlier does not escape the name and description of VBox node parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable... |
| CVE-2022-30969 | 2022-05-17 | A cross-site request forgery (CSRF) vulnerability in Jenkins Autocomplete Parameter Plugin 1.1 and earlier allows attackers to execute arbitrary code without sandbox protection if the victim is an administrator. |
| CVE-2022-30970 | 2022-05-17 | Jenkins Autocomplete Parameter Plugin 1.1 and earlier references Dropdown Autocomplete parameter and Auto Complete String parameter names in an unsafe manner from Javascript embedded in view definitions, resulting in a... |
| CVE-2022-30971 | 2022-05-17 | Jenkins Storable Configs Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. |
| CVE-2022-30972 | 2022-05-17 | A cross-site request forgery (CSRF) vulnerability in Jenkins Storable Configs Plugin 1.0 and earlier allows attackers to have Jenkins parse a local XML file (e.g., archived artifacts) that uses external... |
| CVE-2022-24856 | 2022-05-17 | Server-Side Request Forgery in FlyteConsole |
| CVE-2022-24108 | 2022-05-17 | The Skyoftech So Listing Tabs module 2.2.0 for OpenCart allows a remote attacker to inject a serialized PHP object via the setting parameter, potentially resulting in the ability to write... |
| CVE-2020-4957 | 2022-05-17 | IBM Security Identity Governance and Intelligence 5.2.6 could disclose sensitive information in URL parameters that could aid in future attacks against the system. IBM X-Force ID: 192208. |
| CVE-2022-22484 | 2022-05-17 | IBM Spectrum Protect Operations Center 8.1.12 and 8.1.13 could allow a local attacker to obtain sensitive information, caused by plain text user account passwords potentially being stored in the browser's... |
| CVE-2022-30073 | 2022-05-17 | WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS) via /admin/users/save.php. |
| CVE-2022-30072 | 2022-05-17 | WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS) via \admin\pages\sections_save.php namesection2 parameters. |
| CVE-2020-4994 | 2022-05-17 | IBM DataPower Gateway 10.0.1.0 through 10.0.1.4 and 2018.4.1.0 through 2018.4.1.17 could allow a remote user to cause a temporary denial of service by sending invalid HTTP requests. IBM X-Force ID:... |
| CVE-2021-29726 | 2022-05-17 | IBM Sterling Secure Proxy 6.0.3 and IBM Secure External Authentication Server 6.0.3 does not properly ensure that a certificate is actually associated with the host due to improper validation of... |
| CVE-2021-38872 | 2022-05-17 | IBM DataPower Gateway 10.0.2.0, 10.0.3.0, 10.0.1.0 through 10.0.1.4, and 2018.4.1.0 through 2018.4.1.17 could allow a remote user to cause a denial of service by consuming resources with multiple requests. IBM... |
| CVE-2022-22475 | 2022-05-17 | IBM WebSphere Application Server Liberty and Open Liberty 17.0.0.3 through 22.0.0.5 are vulnerable to identity spoofing by an authenticated user. IBM X-Force ID: 225603. |
| CVE-2022-22482 | 2022-05-17 | IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5 and 6.1.0.0 through 6.1.1.0 could allow an authenticated user to upload files that could fill up the filesystem and cause a... |
| CVE-2022-1116 | 2022-05-17 | Integer Overflow or Wraparound vulnerability in io_uring of Linux Kernel allows local attacker to cause memory corruption and escalate privileges to root. This issue affects: Linux Kernel versions prior to... |
| CVE-2022-29581 | 2022-05-17 | Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version... |
| CVE-2022-30689 | 2022-05-17 | HashiCorp Vault and Vault Enterprise from 1.10.0 to 1.10.2 did not correctly configure and enforce MFA on login after server restarts. This affects the Login MFA feature introduced in Vault... |
| CVE-2022-24611 | 2022-05-17 | Denial of Service (DoS) in the Z-Wave S0 NonceGet protocol specification in Silicon Labs Z-Wave 500 series allows local attackers to block S0/S2 protected Z-Wave network via crafted S0 NonceGet... |
| CVE-2022-22773 | 2022-05-17 | TIBCO JasperReports Server Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2022-22775 | 2022-05-17 | TIBCO ActiveMatrix BPM Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2022-23669 | 2022-05-17 | A remote authorization bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to... |
| CVE-2022-23672 | 2022-05-17 | A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates... |
| CVE-2022-23671 | 2022-05-17 | A remote authenticated information disclosure vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates... |
| CVE-2022-23673 | 2022-05-17 | A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates... |
| CVE-2022-23675 | 2022-05-17 | A remote authenticated stored cross-site scripting (xss) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has... |
| CVE-2022-23674 | 2022-05-17 | A remote authenticated stored cross-site scripting (xss) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has... |
| CVE-2022-29429 | 2022-05-17 | WordPress Code Snippets Extended plugin <= 1.4.7 - Cross-Site Request Forgery (CSRF) leading to Remote Code Execution (RCE) vulnerability |
| CVE-2022-30688 | 2022-05-17 | needrestart 0.8 through 3.5 before 3.6 is prone to local privilege escalation. Regexes to detect the Perl, Python, and Ruby interpreters are not anchored, allowing a local user to escalate... |
| CVE-2022-24890 | 2022-05-17 | Exposure of Private Personal Information to an Unauthorized Actor in Nextcloud Talk |
| CVE-2022-28182 | 2022-05-17 | NVIDIA GPU Display Driver for Windows contains a vulnerability in the DirectX11 user mode driver (nvwgf2um/x.dll), where an unauthorized attacker on the network can cause an out-of-bounds write through a... |
| CVE-2022-28186 | 2022-05-17 | NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where the product receives input or data, but does not validate or... |
| CVE-2022-28187 | 2022-05-17 | NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where the memory management software does not release a resource after its effective lifetime has... |
| CVE-2022-28188 | 2022-05-17 | NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where the product receives input or data, but does not validate or... |
| CVE-2022-28189 | 2022-05-17 | NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a NULL pointer dereference may lead to a system crash. |
| CVE-2022-28190 | 2022-05-17 | NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where improper input validation can cause denial of service. |
| CVE-2022-28191 | 2022-05-17 | NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (nvidia.ko), where uncontrolled resource consumption can be triggered by an unprivileged regular user, which may lead to denial of... |
| CVE-2022-28192 | 2022-05-17 | NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (nvidia.ko), where it may lead to a use-after-free, which in turn may cause denial of service. This attack is... |
| CVE-2022-24394 | 2022-05-17 | Authenticated Command Injection Vulnerability in Fidelis Network and Deception |
| CVE-2022-24393 | 2022-05-17 | Authenticated Command Injection Vulnerability in Fidelis Network and Deception |
| CVE-2022-30045 | 2022-05-17 | An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_decode() performs incorrect memory handling while parsing crafted XML files, leading to a heap out-of-bounds read. |
| CVE-2022-24392 | 2022-05-17 | Authenticated Command Injection Vulnerability in Fidelis Network and Deception |
| CVE-2022-24391 | 2022-05-17 | Authenticated SQL Injection Vulnerability in Fidelis Network and Deception |
| CVE-2022-24390 | 2022-05-17 | Authenticated Command Injection Vulnerability in Fidelis Network and Deception |
| CVE-2022-24389 | 2022-05-17 | Authenticated Privileged Command Injection Vulnerability in Fidelis Network and Deception |
| CVE-2022-24388 | 2022-05-17 | Authenticated Privileged Command Injection Vulnerability in Fidelis Network and Deception |
| CVE-2022-0997 | 2022-05-17 | Local Privilege Escalation Vulnerability in Fidelis Network and Deception |
| CVE-2022-0486 | 2022-05-17 | Privileged Command Injection Vulnerability in Fidelis Network and Deception |
| CVE-2022-30052 | 2022-05-17 | In Home Clean Service System 1.0, the password parameter is vulnerable to SQL injection attacks. |
| CVE-2022-30053 | 2022-05-17 | In Toll Tax Management System 1.0, the id parameter appears to be vulnerable to SQL injection attacks. |
| CVE-2022-30054 | 2022-05-17 | In Covid 19 Travel Pass Management 1.0, the code parameter is vulnerable to SQL injection attacks. |
| CVE-2021-35249 | 2022-05-17 | Domain Admin Broken Access Control |
| CVE-2022-1118 | 2022-05-17 | Rockwell Automation ISaGRAF Deserialization of Untrusted Data |
| CVE-2022-29436 | 2022-05-17 | WordPress Code Snippets Extended plugin <= 1.4.7 - Cross-Site Request Forgery (CSRF) vulnerability leading to Persistent Cross-Site Scripting (XSS) |
| CVE-2022-29435 | 2022-05-17 | WordPress Code Snippets Extended plugin <= 1.4.7 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-28617 | 2022-05-17 | A remote bypass security restrictions vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView. |
| CVE-2022-23706 | 2022-05-17 | A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView. |
| CVE-2022-28616 | 2022-05-17 | A remote server-side request forgery (ssrf) vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView. |
| CVE-2022-1357 | 2022-05-17 | Cambium Networks cnMaestro OS Command Injection |
| CVE-2022-1356 | 2022-05-17 | Cambium Networks cnMaestro use of Potentially Dangerous Function |
| CVE-2022-1358 | 2022-05-17 | Cambium Networks cnMaestro SQL Injection |
| CVE-2022-1359 | 2022-05-17 | Cambium Networks cnMaestro Path Traversal |
| CVE-2022-1360 | 2022-05-17 | Cambium Networks cnMaestro OS Command Injection |
| CVE-2022-1361 | 2022-05-17 | Cambium Networks cnMaestro SQL Injection |
| CVE-2022-1362 | 2022-05-17 | Cambium Networks cnMaestro OS Command Injection |
| CVE-2022-29174 | 2022-05-17 | Predictable password reset token may lead to account takeover in countly-server |
| CVE-2022-1771 | 2022-05-18 | Uncontrolled Recursion in vim/vim |
| CVE-2022-1795 | 2022-05-18 | Use After Free in gpac/gpac |
| CVE-2022-30065 | 2022-05-18 | A use-after-free in Busybox 1.35-x's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the copyvar function. |
| CVE-2022-30974 | 2022-05-18 | compile in regexp.c in Artifex MuJS through 1.2.0 results in stack consumption because of unlimited recursion, a different issue than CVE-2019-11413. |
| CVE-2022-30975 | 2022-05-18 | In Artifex MuJS through 1.2.0, jsP_dumpsyntax in jsdump.c has a NULL pointer dereference, as demonstrated by mujs-pp. |
| CVE-2022-30976 | 2022-05-18 | GPAC 2.0.0 misuses a certain Unicode utf8_wcslen (renamed gf_utf8_wcslen) function in utils/utf.c, resulting in a heap-based buffer over-read, as demonstrated by MP4Box. |
| CVE-2019-25061 | 2022-05-18 | The random_password_generator (aka RandomPasswordGenerator) gem through 1.0.0 for Ruby uses Kernel#rand to generate passwords, which, due to its cyclic nature, can facilitate password prediction. |
| CVE-2022-1782 | 2022-05-18 | Cross-site Scripting (XSS) - Generic in erudika/para |
| CVE-2022-27632 | 2022-05-18 | Cross-site request forgery (CSRF) vulnerability in Rebooter(WATCH BOOT nino RPC-M2C [End of Sale] all firmware versions, WATCH BOOT light RPC-M5C [End of Sale] all firmware versions, WATCH BOOT L-zero RPC-M4L... |
| CVE-2022-28717 | 2022-05-18 | Cross-site scripting vulnerability in Rebooter(WATCH BOOT nino RPC-M2C [End of Sale] all firmware versions, WATCH BOOT light RPC-M5C [End of Sale] all firmware versions, WATCH BOOT L-zero RPC-M4L [End of... |
| CVE-2022-29516 | 2022-05-18 | The web console of FUJITSU Network IPCOM series (IPCOM EX2 IN(3200, 3500), IPCOM EX2 LB(1100, 3200, 3500), IPCOM EX2 SC(1100, 3200, 3500), IPCOM EX2 NW(1100, 3200, 3500), IPCOM EX2 DC,... |
| CVE-2022-29518 | 2022-05-18 | Screen Creator Advance2, HMI GC-A2 series, and Real time remote monitoring and control tool Screen Creator Advance2 versions prior to Ver.0.1.1.3 Build01, HMI GC-A2 series(GC-A22W-CW, GC-A24W-C(W), GC-A26W-C(W), GC-A24, GC-A24-M, GC-A25,... |
| CVE-2022-1430 | 2022-05-18 | Cross-site Scripting (XSS) - DOM in octoprint/octoprint |
| CVE-2021-41946 | 2022-05-18 | In FiberHome VDSL2 Modem HG150-Ub_V3.0, a stored cross-site scripting (XSS) vulnerability in Parental Control --> Access Time Restriction --> Username field, a user cannot delete the rule due to the... |
| CVE-2022-1432 | 2022-05-18 | Cross-site Scripting (XSS) - Generic in octoprint/octoprint |
| CVE-2022-1727 | 2022-05-18 | Improper Input Validation in jgraph/drawio |
| CVE-2022-23067 | 2022-05-18 | ToolJet - Token Leakage via Referer Header |
| CVE-2022-23068 | 2022-05-18 | ToolJet - HTML Injection in Invite New User |
| CVE-2022-28955 | 2022-05-18 | An access control issue in D-Link DIR816L_FW206b01 allows unauthenticated attackers to access folders folder_view.php and category_view.php. |
| CVE-2022-28956 | 2022-05-18 | An issue in the getcfg.php component of D-Link DIR816L_FW206b01 allows attackers to access the device via a crafted payload. |