Lista CVE - 2022 / Maggio
Visualizzazione 1401 - 1500 di 2161 CVE per Maggio 2022 (Pagina 15 di 22)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2022-29638 | 2022-05-18 | TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the comment parameter in the function setIpQosRules. This vulnerability allows attackers to cause a Denial of Service... |
| CVE-2022-29639 | 2022-05-18 | TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a command injection vulnerability via the magicid parameter in the function uci_cloudupdate_config. |
| CVE-2022-29640 | 2022-05-18 | TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the comment parameter in the function setPortForwardRules. This vulnerability allows attackers to cause a Denial of Service... |
| CVE-2022-29641 | 2022-05-18 | TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the startTime and endTime parameters in the function setParentalRules. This vulnerability allows attackers to cause a Denial... |
| CVE-2022-29642 | 2022-05-18 | TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the url parameter in the function setUrlFilterRules. This vulnerability allows attackers to cause a Denial of Service... |
| CVE-2022-29643 | 2022-05-18 | TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the macAddress parameter in the function setMacQos. This vulnerability allows attackers to cause a Denial of Service... |
| CVE-2022-29644 | 2022-05-18 | TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a hard coded password for the telnet service stored in the component /web_cste/cgi-bin/product.ini. |
| CVE-2022-29645 | 2022-05-18 | TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a hard coded password for root stored in the component /etc/shadow.sample. |
| CVE-2022-29646 | 2022-05-18 | An access control issue in TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 allows attackers to obtain sensitive information via a crafted web request. |
| CVE-2021-27548 | 2022-05-18 | There is a Null Pointer Dereference vulnerability in the XFAScanner::scanNode() function in XFAScanner.cc in xpdf 4.03. |
| CVE-2022-28917 | 2022-05-18 | Tenda AX12 v22.03.01.21_cn was discovered to contain a stack overflow via the lanIp parameter in /goform/AdvSetLanIp. |
| CVE-2022-22784 | 2022-05-18 | Improper XML Parsing in Zoom Client for Meetings |
| CVE-2022-22785 | 2022-05-18 | Improperly constrained session cookies in Zoom Client for Meetings |
| CVE-2022-22786 | 2022-05-18 | Update package downgrade in Zoom Client for Meetings for Windows |
| CVE-2022-1767 | 2022-05-18 | Server-Side Request Forgery (SSRF) in jgraph/drawio |
| CVE-2022-30105 | 2022-05-18 | In Belkin N300 Firmware 1.00.08, the script located at /setting_hidden.asp, which is accessible before and after configuring the device, exhibits multiple remote command injection vulnerabilities. The following parameters in the... |
| CVE-2022-22787 | 2022-05-18 | Insufficient hostname validation during Clusterswitch message in Zoom Client for Meetings |
| CVE-2021-3922 | 2022-05-18 | A race condition vulnerability was reported in IMController, a software component of Lenovo System Interface Foundation, prior to version 1.1.20.3 that could allow a local attacker to connect and interact... |
| CVE-2021-3956 | 2022-05-18 | A read-only authentication bypass vulnerability was reported in the Third Quarter 2021 release of Lenovo XClarity Controller (XCC) firmware affecting XCC devices configured in LDAP Authentication Only Mode and using... |
| CVE-2021-3969 | 2022-05-18 | A Time of Check Time of Use (TOCTOU) vulnerability was reported in IMController, a software component of Lenovo System Interface Foundation, prior to version 1.1.20.3that could allow a local attacker... |
| CVE-2021-42848 | 2022-05-18 | An information disclosure vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an unauthenticated user to retrieve device and networking details. |
| CVE-2021-42849 | 2022-05-18 | A weak default password for the serial port was reported in some Lenovo Personal Cloud Storage devices that could allow unauthorized device access to an attacker with physical access. |
| CVE-2021-42850 | 2022-05-18 | A weak default administrator password for the web interface and serial port was reported in some Lenovo Personal Cloud Storage devices that could allow unauthorized device access to an attacker... |
| CVE-2021-42851 | 2022-05-18 | A vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an unauthenticated user to create a standard user account. |
| CVE-2021-42852 | 2022-05-18 | A command injection vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an authenticated user to execute operating system commands by sending a crafted packet to... |
| CVE-2022-1110 | 2022-05-18 | A buffer overflow vulnerability in Lenovo Smart Standby Driver prior to version 4.1.50.0 could allow a local attacker to cause denial of service. |
| CVE-2021-42700 | 2022-05-18 | Inkscape Out-of-bounds Read |
| CVE-2021-42702 | 2022-05-18 | Inkscape Access of Uninitialized Pointer |
| CVE-2021-42704 | 2022-05-18 | Inkscape Out-of-bounds Write |
| CVE-2022-1734 | 2022-05-18 | A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine. |
| CVE-2022-25161 | 2022-05-18 | Improper Input Validation vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 17X**** or later and versions prior to 1.270, Mitsubishi Electric Mitsubishi Electric MELSEC iQ-F... |
| CVE-2022-28924 | 2022-05-18 | An information disclosure vulnerability in UniverSIS-Students before v1.5.0 allows attackers to obtain sensitive information via a crafted GET request to the endpoint /api/students/me/courses/. |
| CVE-2022-25162 | 2022-05-18 | Improper Input Validation vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 17X**** or later and versions prior to 1.270, Mitsubishi Electric Mitsubishi Electric MELSEC iQ-F... |
| CVE-2022-0883 | 2022-05-18 | Windows Unquoted/Trusted Service Paths |
| CVE-2022-29445 | 2022-05-18 | WordPress Popup Box plugin <= 2.1.2 - Authenticated Local File Inclusion (LFI) vulnerability |
| CVE-2022-30596 | 2022-05-18 | A flaw was found in moodle where ID numbers displayed when bulk allocating markers to assignments required additional sanitizing to prevent a stored XSS risk. |
| CVE-2022-22776 | 2022-05-18 | TIBCO BusinessConnect Trading Community Management Stored Cross Site Scripting Vulnerability |
| CVE-2022-22777 | 2022-05-18 | TIBCO BusinessConnect Trading Community Management Reflected Cross Site Scripting Vulnerability |
| CVE-2022-22778 | 2022-05-18 | TIBCO BusinessConnect Trading Community Management Cross-Site Request Forgery Vulnerability |
| CVE-2022-30597 | 2022-05-18 | A flaw was found in moodle where the description user field was not hidden when being set as a hidden user field. |
| CVE-2022-30598 | 2022-05-18 | A flaw was found in moodle where global search results could include author information on some activities where a user may not otherwise have access to it. |
| CVE-2022-30599 | 2022-05-18 | A flaw was found in moodle where an SQL injection risk was identified in Badges code relating to configuring criteria. |
| CVE-2022-28921 | 2022-05-18 | A Cross-Site Request Forgery (CSRF) vulnerability discovered in BlogEngine.Net v3.3.8.0 allows unauthenticated attackers to read arbitrary files on the hosting web server. |
| CVE-2022-30111 | 2022-05-18 | Due to the use of an insecure algorithm for rolling codes in MCK Smartlock 1.0, allows attackers to unlock the mechanism via replay attacks. |
| CVE-2022-30600 | 2022-05-18 | A flaw was found in moodle where logic used to count failed login attempts could result in the account lockout threshold being bypassed. |
| CVE-2022-25617 | 2022-05-18 | WordPress Code Snippets plugin <= 2.14.3 - Reflected Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-30033 | 2022-05-18 | Tenda TX9 Pro V22.03.02.10 is vulnerable to Buffer Overflow via the functtion setIPv6Status() in httpd module. |
| CVE-2021-38944 | 2022-05-18 | IBM DataPower Gateway 10.0.2.0 through 1.0.3.0, 10.0.1.0 through 10.0.1.5, and 2018.4.1.0 through 2018.4.1.18 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This... |
| CVE-2022-30990 | 2022-05-18 | Sensitive information disclosure due to insecure folder permissions |
| CVE-2022-30994 | 2022-05-18 | Cleartext transmission of sensitive information |
| CVE-2022-30993 | 2022-05-18 | Cleartext transmission of sensitive information |
| CVE-2022-30992 | 2022-05-18 | Open redirect via user-controlled query parameter |
| CVE-2022-30991 | 2022-05-18 | HTML injection via report name |
| CVE-2022-29230 | 2022-05-18 | Potential cross-site scripting (XSS) vulnerability in Hydrogen |
| CVE-2022-1774 | 2022-05-18 | Exposure of Sensitive Information to an Unauthorized Actor in jgraph/drawio |
| CVE-2022-29229 | 2022-05-18 | Missing Cryptographic Step in cassproject |
| CVE-2022-30138 | 2022-05-18 | Windows Print Spooler Elevation of Privilege Vulnerability |
| CVE-2022-1796 | 2022-05-19 | Use After Free in vim/vim |
| CVE-2022-22978 | 2022-05-19 | In spring security versions prior to 5.4.11+, 5.5.7+ , 5.6.4+ and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with... |
| CVE-2022-1785 | 2022-05-19 | Out-of-bounds Write in vim/vim |
| CVE-2022-28348 | 2022-05-19 | Arm Mali GPU Kernel Driver (Midgard r4p0 through r31p0, Bifrost r0p0 through r36p0 before r37p0, and Valhall r19p0 through r36p0 before r37p0) allows improper GPU memory operations to reach a... |
| CVE-2022-28350 | 2022-05-19 | Arm Mali GPU Kernel Driver allows improper GPU operations in Valhall r29p0 through r36p0 before r37p0 to reach a use-after-free situation. |
| CVE-2022-28349 | 2022-05-19 | Arm Mali GPU Kernel Driver has a use-after-free: Midgard r28p0 through r29p0 before r30p0, Bifrost r17p0 through r23p0 before r24p0, and Valhall r19p0 through r23p0 before r24p0. |
| CVE-2022-1670 | 2022-05-19 | When generating a user invitation code in Octopus Server, the validity of this code can be set for a specific number of users. It was possible to bypass this restriction... |
| CVE-2022-1183 | 2022-05-19 | Destroying a TLS session early causes assertion failure |
| CVE-2022-30018 | 2022-05-19 | Mobotix Control Center (MxCC) through 2.5.4.5 has Insufficiently Protected Credentials, Storing Passwords in a Recoverable Format via the MxCC.ini config file. The credential storage method in this software enables an... |
| CVE-2022-1730 | 2022-05-19 | Cross-site Scripting (XSS) - Stored in jgraph/drawio |
| CVE-2021-41938 | 2022-05-19 | An issue was discovered in ShopXO CMS 2.2.0. After entering the management page, there is an arbitrary file upload vulnerability in three locations. |
| CVE-2021-45730 | 2022-05-19 | JFrog Artifactory prior to 7.31.10, is vulnerable to Broken Access Control where a Project Admin is able to create, edit and delete Repository Layouts while Repository Layouts configuration should only... |
| CVE-2022-22976 | 2022-05-19 | Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability. When using the BCrypt class with the maximum work factor... |
| CVE-2021-26630 | 2022-05-19 | HANDY Groupware file download and execute vulnerability |
| CVE-2021-26631 | 2022-05-19 | Mangboard parameter modulation vulnerability |
| CVE-2021-37413 | 2022-05-19 | GRANDCOM DynWEB before 4.2 contains a SQL Injection vulnerability in the admin login interface. A remote unauthenticated attacker can exploit this vulnerability to obtain administrative access to the webpage, access... |
| CVE-2022-29446 | 2022-05-19 | WordPress Counter Box plugin <= 1.1.1 - Authenticated Local File Inclusion (LFI) vulnerability |
| CVE-2022-29449 | 2022-05-19 | WordPress Opal Hotel Room Booking plugin <= 1.2.7 - Stored Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-28927 | 2022-05-19 | A remote code execution (RCE) vulnerability in Subconverter v0.7.2 allows attackers to execute arbitrary code via crafted config and url parameters. |
| CVE-2020-4970 | 2022-05-19 | IBM Security Identity Governance and Intelligence 5.2.4, 5.2.5, and 5.2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.... |
| CVE-2022-30617 | 2022-05-19 | An authenticated user with access to the Strapi admin panel can view private and sensitive data, such as email and password reset tokens, for other admin panel users that have... |
| CVE-2022-30618 | 2022-05-19 | An authenticated user with access to the Strapi admin panel can view private and sensitive data, such as email and password reset tokens, for API users if content types accessible... |
| CVE-2022-1416 | 2022-05-19 | Missing sanitization of data in Pipeline error messages in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0... |
| CVE-2022-1413 | 2022-05-19 | Missing input masking in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 before 14.10.1 causes potentially sensitive... |
| CVE-2022-1423 | 2022-05-19 | Improper access control in the CI/CD cache mechanism in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0... |
| CVE-2020-16209 | 2022-05-19 | Fieldcomm Group HART-IP and hipserver - Stack-based Buffer Overflow |
| CVE-2021-32934 | 2022-05-19 | ThroughTek P2P SDK - Cleartext Transmission of Sensitive Information |
| CVE-2020-16231 | 2022-05-19 | All Bachmann M1 System Processor Modules - Use of Password Hash with Insufficient Computational Effort |
| CVE-2020-16235 | 2022-05-19 | Emerson OpenEnterprise - Inadequate Encryption Strength |
| CVE-2020-14496 | 2022-05-19 | Mitsubishi Electric Multiple Factory Automation Engineering Software Products (Update A) - Permission Issues |
| CVE-2022-28946 | 2022-05-19 | An issue in the component ast/parser.go of Open Policy Agent v0.39.0 causes the application to incorrectly interpret every expression, causing a Denial of Service (DoS) via triggering out-of-range memory access. |
| CVE-2022-28948 | 2022-05-19 | An issue in the Unmarshal function in Go-Yaml v3 causes the program to crash when attempting to deserialize invalid input. |
| CVE-2022-28959 | 2022-05-19 | Multiple cross-site scripting (XSS) vulnerabilities in the component /spip.php of Spip Web Framework v3.1.13 and below allows attackers to execute arbitrary web scripts or HTML. |
| CVE-2022-28960 | 2022-05-19 | A PHP injection vulnerability in Spip before v3.2.8 allows attackers to execute arbitrary PHP code via the _oups parameter at /ecrire. |
| CVE-2022-28961 | 2022-05-19 | Spip Web Framework v3.1.13 and below was discovered to contain multiple SQL injection vulnerabilities at /ecrire via the lier_trad and where parameters. |
| CVE-2022-28962 | 2022-05-19 | Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/classes/Users.php?f=delete_client. |
| CVE-2022-29304 | 2022-05-19 | Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /classes/master.php?f=delete_ Facility. |
| CVE-2022-29652 | 2022-05-19 | Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/classes/Users.php?f=save_client. |
| CVE-2020-4107 | 2022-05-19 | HCL Domino is affected by an Insufficient Access Control vulnerability |
| CVE-2022-21500 | 2022-05-19 | Vulnerability in Oracle E-Business Suite (component: Manage Proxies). The supported version that is affected is 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle... |
| CVE-2022-29181 | 2022-05-20 | Improper Handling of Unexpected Data Type in Nokogiri |
| CVE-2022-28964 | 2022-05-20 | An arbitrary file write vulnerability in Avast Premium Security before v21.11.2500 (build 21.11.6809.528) allows attackers to cause a Denial of Service (DoS) via a crafted DLL file. |
| CVE-2022-28965 | 2022-05-20 | Multiple DLL hijacking vulnerabilities via the components instup.exe and wsc_proxy.exe in Avast Premium Security before v21.11.2500 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via... |