Lista CVE - 2022 / Maggio
Visualizzazione 1801 - 1900 di 2161 CVE per Maggio 2022 (Pagina 19 di 22)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2022-22577 | 2022-05-26 | An XSS Vulnerability in Action Pack >= 5.2.0 and < 5.2.0 that could allow an attacker to bypass CSP for non HTML like responses. |
| CVE-2022-26702 | 2022-05-26 | A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 8.6, tvOS 15.5, iOS 15.5 and iPadOS 15.5. An application may be able... |
| CVE-2022-26744 | 2022-05-26 | A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with... |
| CVE-2022-27777 | 2022-05-26 | A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes. |
| CVE-2022-30783 | 2022-05-26 | An invalid return code in fuse_kern_mount enables intercepting of libfuse-lite protocol traffic between NTFS-3G and the kernel in NTFS-3G through 2021.8.22 when using libfuse-lite. |
| CVE-2022-30784 | 2022-05-26 | A crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value in NTFS-3G through 2021.8.22. |
| CVE-2022-30785 | 2022-05-26 | A file handle created in fuse_lib_opendir, and later used in fuse_lib_readdir, enables arbitrary memory read and write operations in NTFS-3G through 2021.8.22 when using libfuse-lite. |
| CVE-2022-30786 | 2022-05-26 | A crafted NTFS image can cause a heap-based buffer overflow in ntfs_names_full_collate in NTFS-3G through 2021.8.22. |
| CVE-2022-30787 | 2022-05-26 | An integer underflow in fuse_lib_readdir enables arbitrary memory read operations in NTFS-3G through 2021.8.22 when using libfuse-lite. |
| CVE-2022-30788 | 2022-05-26 | A crafted NTFS image can cause a heap-based buffer overflow in ntfs_mft_rec_alloc in NTFS-3G through 2021.8.22. |
| CVE-2022-30789 | 2022-05-26 | A crafted NTFS image can cause a heap-based buffer overflow in ntfs_check_log_client_array in NTFS-3G through 2021.8.22. |
| CVE-2021-4231 | 2022-05-26 | Angular Comment cross site scripting |
| CVE-2021-34360 | 2022-05-26 | CSRF Bypass in Proxy Server |
| CVE-2022-1664 | 2022-05-26 | directory traversal for in-place extracts with untrusted v2 and v3 source packages with debian.tar |
| CVE-2021-42692 | 2022-05-26 | There is a stack-overflow vulnerability in tinytoml v0.4 that can cause a crash or DoS. |
| CVE-2021-42859 | 2022-05-26 | A memory leak issue was discovered in Mini-XML v3.2 that could cause a denial of service. NOTE: testing reports are inconsistent, with some testers seeing the issue in both the... |
| CVE-2021-42860 | 2022-05-26 | A stack buffer overflow exists in Mini-XML v3.2. When inputting an unformed XML string to the mxmlLoadString API, it will cause a stack-buffer-overflow in mxml_string_getc:2611. NOTE: it is unclear whether... |
| CVE-2021-40317 | 2022-05-26 | Piwigo 11.5.0 is affected by a SQL injection vulnerability via admin.php and the id parameter. |
| CVE-2022-29720 | 2022-05-26 | 74cmsSE v3.5.1 was discovered to contain an arbitrary file read vulnerability via the component \index\controller\Download.php. |
| CVE-2022-29721 | 2022-05-26 | 74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/jobfairol/resumelist. |
| CVE-2022-29660 | 2022-05-26 | CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/pic/del. |
| CVE-2022-29661 | 2022-05-26 | CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/save. |
| CVE-2022-29662 | 2022-05-26 | CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/news/admin/news/save. |
| CVE-2022-29663 | 2022-05-26 | CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/hy. |
| CVE-2022-29664 | 2022-05-26 | CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/pl_save. |
| CVE-2022-29665 | 2022-05-26 | CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/news/admin/topic/save. |
| CVE-2022-29666 | 2022-05-26 | CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/lists/zhuan. |
| CVE-2022-29667 | 2022-05-26 | CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via /admin.php/pic/admin/pic/hy. This vulnerability is exploited via restoring deleted photos. |
| CVE-2022-29669 | 2022-05-26 | CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/news/admin/lists/zhuan. |
| CVE-2022-29670 | 2022-05-26 | CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/del. |
| CVE-2022-29676 | 2022-05-26 | CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/lists/zhuan. |
| CVE-2022-29680 | 2022-05-26 | CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/user/zu_del. |
| CVE-2022-29681 | 2022-05-26 | CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/Links/del. |
| CVE-2022-29682 | 2022-05-26 | CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/vod/admin/topic/del. |
| CVE-2022-29683 | 2022-05-26 | CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/Label/page_del. |
| CVE-2022-29684 | 2022-05-26 | CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/Label/js_del. |
| CVE-2022-29685 | 2022-05-26 | CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/User/level_sort. |
| CVE-2022-29686 | 2022-05-26 | CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/singer/admin/lists/zhuan. |
| CVE-2022-29687 | 2022-05-26 | CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/user/level_del. |
| CVE-2022-29688 | 2022-05-26 | CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/singer/admin/singer/hy. |
| CVE-2022-29689 | 2022-05-26 | CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/singer/admin/singer/del. |
| CVE-2022-20809 | 2022-05-26 | Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities |
| CVE-2022-20821 | 2022-05-26 | Cisco IOS XR Software Health Check Open Port Vulnerability |
| CVE-2022-30473 | 2022-05-26 | Tenda AC Series Router AC18_V15.03.05.19(6318) has a stack-based buffer overflow vulnerability in function form_fast_setting_wifi_set |
| CVE-2022-24414 | 2022-05-26 | Dell EMC CloudLink 7.1.3 and all earlier versions, Auth Token is exposed in GET requests. These request parameters can get logged in reverse proxies and server logs. Attackers may potentially... |
| CVE-2022-24417 | 2022-05-26 | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. |
| CVE-2022-24418 | 2022-05-26 | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. |
| CVE-2022-24422 | 2022-05-26 | Dell iDRAC9 versions 5.00.00.00 and later but prior to 5.10.10.00, contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access to the VNC... |
| CVE-2022-26857 | 2022-05-26 | Dell OpenManage Enterprise Versions 3.8.3 and prior contain an improper authorization vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to bypass blocked functionalities and... |
| CVE-2022-26865 | 2022-05-26 | Dell Support Assist OS Recovery versions before 5.5.2 contain an Authentication Bypass vulnerability. An unauthenticated attacker with physical access to the system may exploit this vulnerability by bypassing OS Recovery... |
| CVE-2022-29082 | 2022-05-26 | Dell EMC NetWorker versions 19.1.x, 19.1.0.x, 19.1.1.x, 19.2.x, 19.2.0.x, 19.2.1.x 19.3.x, 19.3.0.x, 19.4.x, 19.4.0.x, 19.5.x,19.5.0.x, 19.6 and 19.6.0.1 and 19.6.0.2 contain an Improper Validation of Certificate with Host Mismatch vulnerability... |
| CVE-2022-29091 | 2022-05-26 | Dell Unity, Dell UnityVSA, and Dell UnityXT versions prior to 5.2.0.0.5.173 contain a Reflected Cross-Site Scripting Vulnerability in Unisphere GUI. An Unauthenticated Remote Attacker could potentially exploit this vulnerability, leading... |
| CVE-2022-30472 | 2022-05-26 | Tenda AC Seris Router AC18_V15.03.05.19(6318) has a stack-based buffer overflow vulnerability in function fromAddressNat |
| CVE-2022-30474 | 2022-05-26 | Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a heap overflow in the httpd module when handling /goform/saveParentControlInfo request. |
| CVE-2022-30475 | 2022-05-26 | Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a stack-based buffer overflow in the httpd module when handling /goform/WifiExtraSet request. |
| CVE-2022-30476 | 2022-05-26 | Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a stack-based buffer overflow in the httpd module when handling /goform/SetFirewallCfg request. |
| CVE-2022-30477 | 2022-05-26 | Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a stack-based buffer overflow in the httpd module when handling /goform/SetClientState request. |
| CVE-2022-30500 | 2022-05-26 | Jfinal cms 5.1.0 is vulnerable to SQL Injection. |
| CVE-2022-30516 | 2022-05-26 | In Hospital-Management-System v1.0, the editid parameter in the doctor.php page is vulnerable to SQL injection attacks. |
| CVE-2022-1899 | 2022-05-26 | Out-of-bounds Read in radareorg/radare2 |
| CVE-2022-30494 | 2022-05-26 | In oretnom23 Automotive Shop Management System v1.0, the first and last name user fields suffer from a stored XSS Injection Vulnerability allowing remote attackers to gain admin access and view... |
| CVE-2022-30493 | 2022-05-26 | In oretnom23 Automotive Shop Management System v1.0, the product id parameter suffers from a blind SQL Injection Vulnerability allowing remote attackers to dump all database credential and gain admin access(privilege... |
| CVE-2021-33016 | 2022-05-26 | KUKA KR C4 - Use of Hard-Coded Credentials |
| CVE-2022-30495 | 2022-05-26 | In oretnom23 Automotive Shop Management System v1.0, the name id parameter is vulnerable to IDOR - Broken Access Control allowing attackers to change the admin password(vertical privilege escalation) |
| CVE-2021-33014 | 2022-05-26 | KUKA KR C4 - Use of Hard-Coded Credentials |
| CVE-2022-1261 | 2022-05-26 | Matrikon OPC Server Improper Access Control |
| CVE-2022-21827 | 2022-05-26 | An improper privilege vulnerability has been discovered in Citrix Gateway Plug-in for Windows (Citrix Secure Access for Windows) <21.9.1.2 what could allow an attacker who has gained local access to... |
| CVE-2021-4232 | 2022-05-26 | Zoo Management System manage-ticket.php cross site scripting |
| CVE-2022-31265 | 2022-05-26 | The replay feature in the client in Wargaming World of Warships 0.11.4 allows remote attackers to execute code when a user launches a replay from an untrusted source. |
| CVE-2022-30508 | 2022-05-26 | DedeCMS v5.7.93 was discovered to contain arbitrary file deletion vulnerability in upload.php via the delete parameter. |
| CVE-2022-22616 | 2022-05-26 | This issue was addressed with improved checks. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. A maliciously crafted ZIP archive may bypass... |
| CVE-2022-22662 | 2022-05-26 | A cookie management issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may disclose... |
| CVE-2022-22663 | 2022-05-26 | This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in iOS 15.4 and iPadOS 15.4, Security Update 2022-004 Catalina, macOS Monterey 12.3, macOS Big... |
| CVE-2022-22672 | 2022-05-26 | A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 15.4 and iPadOS 15.4, Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur... |
| CVE-2022-22673 | 2022-05-26 | This issue was addressed with improved checks. This issue is fixed in iOS 15.5 and iPadOS 15.5. Processing a large input may lead to a denial of service. |
| CVE-2022-22674 | 2022-05-26 | An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Monterey 12.3.1, Security Update... |
| CVE-2022-22675 | 2022-05-26 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.3.1, iOS 15.4.1 and iPadOS... |
| CVE-2022-22676 | 2022-05-26 | An event handler validation issue in the XPC Services API was addressed by removing the service. This issue is fixed in macOS Monterey 12.2. An application may be able to... |
| CVE-2022-26688 | 2022-05-26 | An issue in the handling of symlinks was addressed with improved validation. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. A malicious... |
| CVE-2022-26690 | 2022-05-26 | Description: A race condition was addressed with additional validation. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to modify protected parts of the file... |
| CVE-2022-26691 | 2022-05-26 | A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able... |
| CVE-2022-26693 | 2022-05-26 | This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4. A plug-in may be able to inherit the application's permissions and access user data. |
| CVE-2022-26694 | 2022-05-26 | This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4. A plug-in may be able to inherit the application's permissions and access user data. |
| CVE-2022-26697 | 2022-05-26 | An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing a maliciously crafted... |
| CVE-2022-26698 | 2022-05-26 | An out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing a maliciously crafted... |
| CVE-2022-26701 | 2022-05-26 | A race condition was addressed with improved locking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute... |
| CVE-2022-26703 | 2022-05-26 | An authorization issue was addressed with improved state management. This issue is fixed in iOS 15.5 and iPadOS 15.5. A person with physical access to an iOS device may be... |
| CVE-2022-26704 | 2022-05-26 | A validation issue existed in the handling of symlinks and was addressed with improved validation of symlinks. This issue is fixed in macOS Monterey 12.4. An app may be able... |
| CVE-2022-26706 | 2022-05-26 | An access issue was addressed with additional sandbox restrictions on third-party applications. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Big Sur 11.6.6,... |
| CVE-2022-26708 | 2022-05-26 | This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4. An attacker may be able to cause unexpected application termination or arbitrary code execution. |
| CVE-2022-26711 | 2022-05-26 | An integer overflow issue was addressed with improved input validation. This issue is fixed in tvOS 15.5, iTunes 12.12.4 for Windows, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey... |
| CVE-2022-26712 | 2022-05-26 | This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to modify protected... |
| CVE-2022-26714 | 2022-05-26 | A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur... |
| CVE-2022-26715 | 2022-05-26 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. An application may be... |
| CVE-2022-26718 | 2022-05-26 | An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. An application may be able to gain elevated... |
| CVE-2022-26720 | 2022-05-26 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may... |
| CVE-2022-26721 | 2022-05-26 | A memory initialization issue was addressed. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to gain... |
| CVE-2022-26722 | 2022-05-26 | A memory initialization issue was addressed. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to gain... |
| CVE-2022-26723 | 2022-05-26 | A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. Mounting a maliciously crafted Samba network share may... |
| CVE-2022-26724 | 2022-05-26 | An authentication issue was addressed with improved state management. This issue is fixed in tvOS 15.5. A local user may be able to enable iCloud Photos without authentication. |