Lista CVE - 2022 / Maggio
Visualizzazione 101 - 200 di 2161 CVE per Maggio 2022 (Pagina 2 di 22)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2020-23620 | 2022-05-02 | The Java Remote Management Interface of all versions of Orlansoft ERP was discovered to contain a vulnerability due to insecure deserialization of user-supplied content, which can allow attackers to execute... |
| CVE-2020-23621 | 2022-05-02 | The Java Remote Management Interface of all versions of SVI MS Management System was discovered to contain a vulnerability due to insecure deserialization of user-supplied content, which can allow attackers... |
| CVE-2022-29824 | 2022-05-03 | In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim... |
| CVE-2022-28118 | 2022-05-03 | SiteServer CMS v7.x allows attackers to execute arbitrary code via a crafted plug-in. |
| CVE-2022-20745 | 2022-05-03 | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Interface Denial of Service Vulnerability |
| CVE-2022-20746 | 2022-05-03 | Cisco Firepower Threat Defense Software TCP Proxy Denial of Service Vulnerability |
| CVE-2022-20748 | 2022-05-03 | Cisco Firepower Threat Defense Software Local Malware Analysis Denial of Service Vulnerability |
| CVE-2022-20751 | 2022-05-03 | Cisco Firepower Threat Defense Software Snort Out of Memory Denial of Service Vulnerability |
| CVE-2022-20757 | 2022-05-03 | Cisco Firepower Threat Defense Software Denial of Service Vulnerability |
| CVE-2022-20760 | 2022-05-03 | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software DNS Inspection Denial of Service Vulnerability |
| CVE-2022-20759 | 2022-05-03 | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Interface Privilege Escalation Vulnerability |
| CVE-2022-20767 | 2022-05-03 | Cisco Firepower Threat Defense Software DNS Enforcement Denial of Service Vulnerability |
| CVE-2022-20743 | 2022-05-03 | Cisco Firepower Management Center File Upload Security Bypass Vulnerability |
| CVE-2022-20742 | 2022-05-03 | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software IPsec IKEv2 VPN Information Disclosure Vulnerability |
| CVE-2022-20740 | 2022-05-03 | Cisco Firepower Management Center Software Cross-Site Scripting Vulnerability |
| CVE-2022-20737 | 2022-05-03 | Cisco Adaptive Security Appliance Software Clientless SSL VPN Heap Overflow Vulnerability |
| CVE-2022-20730 | 2022-05-03 | Cisco Firepower Threat Defense Software Security Intelligence DNS Feed Bypass Vulnerability |
| CVE-2022-20729 | 2022-05-03 | Cisco Firepower Threat Defense Software XML Injection Vulnerability |
| CVE-2022-20715 | 2022-05-03 | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Remote Access SSL VPN Denial of Service Vulnerability |
| CVE-2022-20629 | 2022-05-03 | Cisco Firepower Management Center Software Cross-Site Scripting Vulnerabilities |
| CVE-2022-20628 | 2022-05-03 | Cisco Firepower Management Center Software Cross-Site Scripting Vulnerabilities |
| CVE-2022-20627 | 2022-05-03 | Cisco Firepower Management Center Software Cross-Site Scripting Vulnerabilities |
| CVE-2022-20744 | 2022-05-03 | Cisco Firepower Management Center Software Information Disclosure Vulnerability |
| CVE-2022-21949 | 2022-05-03 | Multiple XXE vulnerabilities in OBS |
| CVE-2022-1554 | 2022-05-03 | Path Traversal due to `send_file` call in clinical-genomics/scout |
| CVE-2022-23063 | 2022-05-03 | Shopizer - Insufficient Session Expiration |
| CVE-2021-42218 | 2022-05-03 | OMPL v1.5.2 contains a memory leak in VFRRT.cpp |
| CVE-2021-41959 | 2022-05-03 | JerryScript Git version 14ff5bf does not sufficiently track and release allocated memory via jerry-core/ecma/operations/ecma-regexp-object.c after RegExp, which causes a memory leak. |
| CVE-2021-42165 | 2022-05-03 | MitraStar GPT-2541GNAC-N1 (HGU) 100VNZ0b33 devices allow remote authenticated users to obtain root access by executing command "deviceinfo show file &&/bin/bash" because of incorrect sanitization of parameter "path". |
| CVE-2021-39390 | 2022-05-03 | Stored XSS in PartKeepr 1.4.0 Edit section in multiple api endpoints via name parameter. |
| CVE-2022-0916 | 2022-05-03 | Broken authentication on Logitech Options due to misvalidation of Oauth state parameter |
| CVE-2022-28590 | 2022-05-03 | A Remote Code Execution (RCE) vulnerability exists in Pixelimity 1.0 via admin/admin-ajax.php?action=install_theme. |
| CVE-2022-28589 | 2022-05-03 | A stored cross-site scripting (XSS) vulnerability in Pixelimity 1.0 allows attackers to execute arbitrary web scripts or HTML via the Title field in admin/pages.php?action=add_new |
| CVE-2022-1292 | 2022-05-03 | The c_rehash script allows command injection |
| CVE-2022-1343 | 2022-05-03 | OCSP_basic_verify may incorrectly verify the response signing certificate |
| CVE-2022-1434 | 2022-05-03 | Incorrect MAC key used in the RC4-MD5 ciphersuite |
| CVE-2022-1473 | 2022-05-03 | Resource leakage when decoding certificates and keys |
| CVE-2022-28560 | 2022-05-03 | There is a stack overflow vulnerability in the goform/fast_setting_wifi_set function in the httpd service of Tenda ac9 15.03.2.21_cn router. An attacker can obtain a stable shell through a carefully constructed... |
| CVE-2022-28561 | 2022-05-03 | There is a stack overflow vulnerability in the /goform/setMacFilterCfg function in the httpd service of Tenda ax12 22.03.01.21_cn router. An attacker can obtain a stable shell through a carefully constructed... |
| CVE-2021-22573 | 2022-05-03 | Incorrect signature verification on Google-oauth-java-client |
| CVE-2021-22556 | 2022-05-03 | Integer Overflow in Fuchsia Kernel |
| CVE-2022-0882 | 2022-05-03 | Illegal access to Kernel log in Fuchsia |
| CVE-2022-22137 | 2022-05-03 | A memory corruption vulnerability exists in the ioca_mys_rgb_allocate functionality of Accusoft ImageGear 19.10. A specially-crafted malformed file can lead to an arbitrary free. An attacker can provide a malicious file... |
| CVE-2022-23400 | 2022-05-03 | A stack-based buffer overflow vulnerability exists in the IGXMPXMLParser::parseDelimiter functionality of Accusoft ImageGear 19.10. A specially-crafted PSD file can overflow a stack buffer, which could either lead to denial of... |
| CVE-2022-28505 | 2022-05-03 | Jfinal_cms 5.1.0 is vulnerable to SQL Injection via com.jflyfox.system.log.LogController.java. |
| CVE-2022-27962 | 2022-05-03 | Bluecms 1.6 has a SQL injection vulnerability at cooike. |
| CVE-2022-28585 | 2022-05-03 | EmpireCMS 7.5 has a SQL injection vulnerability in AdClass.php |
| CVE-2021-46440 | 2022-05-03 | Storing passwords in a recoverable format in the DOCUMENTATION plugin component of Strapi before 3.6.9 and 4.x before 4.1.5 allows an attacker to access a victim's HTTP request, get the... |
| CVE-2022-28588 | 2022-05-03 | In SpringBootMovie <=1.2 when adding movie names, malicious code can be stored because there are no filtering parameters, resulting in stored XSS. |
| CVE-2022-29001 | 2022-05-03 | In SpringBootMovie <=1.2, the uploaded file suffix parameter is not filtered, resulting in arbitrary file upload vulnerability |
| CVE-2022-28599 | 2022-05-03 | A stored cross-site scripting (XSS) vulnerability exists in FUEL-CMS 1.5.1 that allows an authenticated user to upload a malicious .pdf file which acts as a stored XSS payload. If this... |
| CVE-2021-29854 | 2022-05-03 | IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request,... |
| CVE-2022-22368 | 2022-05-03 | IBM Spectrum Scale 5.1.0 through 5.1.3.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 221012. |
| CVE-2022-1331 | 2022-05-03 | Delta Electronics DMARS Improper Restriction of XML External Entity Reference |
| CVE-2022-28780 | 2022-05-03 | Improper access control vulnerability in Weather prior to SMR May-2022 Release 1 allows that attackers can access location information that set in Weather without permission. The patch adds proper protection... |
| CVE-2022-28781 | 2022-05-03 | Improper input validation in Settings prior to SMR-May-2022 Release 1 allows attackers to launch arbitrary activity with system privilege. The patch adds proper validation logic to check the caller. |
| CVE-2022-28782 | 2022-05-03 | Improper access control vulnerability in Contents To Window prior to SMR May-2022 Release 1 allows physical attacker to install package before completion of Setup wizard. The patch blocks entry point... |
| CVE-2022-28783 | 2022-05-03 | Improper validation of removing package name in Galaxy Themes prior to SMR May-2022 Release 1 allows attackers to uninstall arbitrary packages without permission. The patch adds proper validation logic for... |
| CVE-2022-28784 | 2022-05-03 | Path traversal vulnerability in Galaxy Themes prior to SMR May-2022 Release 1 allows attackers to list file names in arbitrary directory as system user. The patch addresses incorrect implementation of... |
| CVE-2022-28785 | 2022-05-03 | Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer... |
| CVE-2022-28786 | 2022-05-03 | Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer... |
| CVE-2022-28787 | 2022-05-03 | Improper buffer size check logic in wmfextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer... |
| CVE-2022-28788 | 2022-05-03 | Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer... |
| CVE-2022-28789 | 2022-05-03 | Unprotected activities in Voice Note prior to version 21.3.51.11 allows attackers to record voice without user interaction. The patch adds proper permission for vulnerable activities. |
| CVE-2022-28790 | 2022-05-03 | Improper authentication in Link to Windows Service prior to version 2.3.04.1 allows attacker to lock the device. The patch adds proper caller signature check logic. |
| CVE-2022-28791 | 2022-05-03 | Improper input validation vulnerability in InstallAgent in Galaxy Store prior to version 4.5.41.8 allows attacker to overwrite files stored in a specific path. The patch adds proper protection to prevent... |
| CVE-2022-28792 | 2022-05-03 | DLL hijacking vulnerability in Gear IconX PC Manager prior to version 2.1.220405.51 allows attacker to execute arbitrary code. The patch adds proper absolute path to prevent dll hijacking. |
| CVE-2022-28793 | 2022-05-03 | Given the TEE is compromised and controlled by the attacker, improper state maintenance in StrongBox allows attackers to change Android ROT during device boot cycle after compromising TEE. The patch... |
| CVE-2022-20084 | 2022-05-03 | In telephony, there is a possible way to disable receiving emergency broadcasts due to a missing permission check. This could lead to local escalation of privilege with no additional execution... |
| CVE-2022-20109 | 2022-05-03 | In ion, there is a possible use after free due to improper update of reference count. This could lead to local escalation of privilege with no additional execution privileges needed.... |
| CVE-2022-20110 | 2022-05-03 | In ion, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction... |
| CVE-2022-20085 | 2022-05-03 | In netdiag, there is a possible symbolic link following due to an improper link resolution. This could lead to local escalation of privilege with System execution privileges needed. User interaction... |
| CVE-2022-27313 | 2022-05-03 | An arbitrary file deletion vulnerability in Gitea v1.16.3 allows attackers to cause a Denial of Service (DoS) via deleting the configuration file. |
| CVE-2022-20087 | 2022-05-03 | In ccu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2022-20088 | 2022-05-03 | In aee driver, there is a possible reference count mistake due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction... |
| CVE-2022-20089 | 2022-05-03 | In aee driver, there is a possible memory corruption due to active debug code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is... |
| CVE-2022-20090 | 2022-05-03 | In aee driver, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction... |
| CVE-2022-20091 | 2022-05-03 | In aee driver, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction... |
| CVE-2022-20092 | 2022-05-03 | In alac decoder, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed.... |
| CVE-2022-20093 | 2022-05-03 | In telephony, there is a possible way to disable receiving SMS messages due to a missing permission check. This could lead to local escalation of privilege with no additional execution... |
| CVE-2022-20094 | 2022-05-03 | In imgsensor, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2022-20095 | 2022-05-03 | In imgsensor, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2022-20096 | 2022-05-03 | In camera, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is no needed for... |
| CVE-2022-20097 | 2022-05-03 | In aee daemon, there is a possible information disclosure due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. User interaction is... |
| CVE-2022-20098 | 2022-05-03 | In aee daemon, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is... |
| CVE-2022-20099 | 2022-05-03 | In aee daemon, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2022-20100 | 2022-05-03 | In aee daemon, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is... |
| CVE-2022-27330 | 2022-05-03 | A cross-site scripting (XSS) vulnerability in /public/admin/index.php?add_product of E-Commerce Website v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Title text... |
| CVE-2022-20101 | 2022-05-03 | In aee daemon, there is a possible information disclosure due to a path traversal. This could lead to local information disclosure with no additional execution privileges needed. User interaction is... |
| CVE-2022-20102 | 2022-05-03 | In aee daemon, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is... |
| CVE-2022-20103 | 2022-05-03 | In aee daemon, there is a possible information disclosure due to symbolic link following. This could lead to local information disclosure with System execution privileges needed. User interaction is not... |
| CVE-2022-20104 | 2022-05-03 | In aee daemon, there is a possible information disclosure due to improper access control. This could lead to local information disclosure with no additional execution privileges needed. User interaction is... |
| CVE-2022-20105 | 2022-05-03 | In MM service, there is a possible out of bounds write due to a stack-based buffer overflow. This could lead to local escalation of privilege with System execution privileges needed.... |
| CVE-2022-20106 | 2022-05-03 | In MM service, there is a possible out of bounds write due to a heap-based buffer overflow. This could lead to local escalation of privilege with System execution privileges needed.... |
| CVE-2022-20107 | 2022-05-03 | In subtitle service, there is a possible application crash due to an integer overflow. This could lead to local denial of service with System execution privileges needed. User interaction is... |
| CVE-2022-20108 | 2022-05-03 | In voice service, there is a possible out of bounds write due to a stack-based buffer overflow. This could lead to local escalation of privilege with System execution privileges needed.... |
| CVE-2022-20111 | 2022-05-03 | In ion, there is a possible use after free due to incorrect error handling. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction... |
| CVE-2022-21743 | 2022-05-03 | In ion, there is a possible use after free due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction... |
| CVE-2022-1548 | 2022-05-03 | Playbook members are allowed to escalate their membership privileges and perform actions restricted to playbook admins. |
| CVE-2021-27427 | 2022-05-03 | RIOT OS Integer Overflow or Wraparound |