Lista CVE - 2022 / Maggio
Visualizzazione 201 - 300 di 2161 CVE per Maggio 2022 (Pagina 3 di 22)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2021-27417 | 2022-05-03 | eCosCentric eCosPro RTOS Integer Overflow or Wraparound |
| CVE-2021-27411 | 2022-05-03 | Micrium OS Integer Overflow or Wraparound |
| CVE-2021-27419 | 2022-05-03 | uClibc-ng Integer Overflow or Wraparound |
| CVE-2021-27425 | 2022-05-03 | Cesanta Software Mongoose-OS Integer Overflow or Wraparound |
| CVE-2021-27435 | 2022-05-03 | ARM mbed Integer Overflow or Wraparound |
| CVE-2021-27431 | 2022-05-03 | ARM CMSIS RTOS2 Integer Overflow or Wraparound |
| CVE-2022-27413 | 2022-05-03 | Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the adminname parameter in admin.php. |
| CVE-2021-27421 | 2022-05-03 | NXP MCUXpresso SDK Integer Overflow or Wraparound |
| CVE-2021-22680 | 2022-05-03 | NXP MQX Integer Overflow or Wraparound |
| CVE-2021-27439 | 2022-05-03 | TencentOS-tiny Integer Overflow or Wraparound |
| CVE-2021-27433 | 2022-05-03 | ARM mbed-ualloc memory library Integer Overflow or Wraparound |
| CVE-2021-42192 | 2022-05-04 | Konga v0.14.9 is affected by an incorrect access control vulnerability where a specially crafted request can lead to privilege escalation. |
| CVE-2022-28111 | 2022-05-04 | MyBatis PageHelper v1.x.x-v3.7.0 v4.0.0-v5.0.0,v5.1.0-v5.3.0 was discovered to contain a time-blind SQL injection vulnerability via the orderBy parameter. |
| CVE-2022-28487 | 2022-05-04 | Tcpreplay version 4.4.1 contains a memory leakage flaw in fix_ipv6_checksums() function. The highest threat from this vulnerability is to data confidentiality. |
| CVE-2021-43164 | 2022-05-04 | A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the updateVersion function in /cgi-bin/luci/api/wireless. |
| CVE-2021-43163 | 2022-05-04 | A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the checkNet function in /cgi-bin/luci/api/auth. |
| CVE-2021-43161 | 2022-05-04 | A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the doSwitchApi function in /cgi-bin/luci/api/switch. |
| CVE-2021-43160 | 2022-05-04 | A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the switchFastDhcp function in /cgi-bin/luci/api/diagnose. |
| CVE-2021-43162 | 2022-05-04 | A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the runPackDiagnose function in /cgi-bin/luci/api/diagnose. |
| CVE-2021-43159 | 2022-05-04 | A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the setSessionTime function in /cgi-bin/luci/api/common.. |
| CVE-2022-24901 | 2022-05-04 | Authentication bypass and denial of service (DoS) vulnerabilities in Apple Game Center auth adapter |
| CVE-2022-27420 | 2022-05-04 | Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the patient_contact parameter in patientsearch.php. |
| CVE-2022-27431 | 2022-05-04 | Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the groupid parameter at /coreframe/app/member/admin/group.php. |
| CVE-2022-27470 | 2022-05-04 | SDL_ttf v2.0.18 and below was discovered to contain an arbitrary memory write via the function TTF_RenderText_Solid(). This vulnerability is triggered via a crafted TTF file. |
| CVE-2022-28055 | 2022-05-04 | Fusionpbx v4.4 and below contains a command injection vulnerability via the download email logs function. |
| CVE-2022-1502 | 2022-05-04 | Permissions were not properly verified in the API on projects using version control in Git. This allowed projects to be modified by users with only ProjectView permissions. |
| CVE-2022-1555 | 2022-05-04 | DOM XSS in microweber ver 1.2.15 in microweber/microweber |
| CVE-2022-1571 | 2022-05-04 | Cross-site scripting - Reflected in Create Subaccount in neorazorx/facturascripts |
| CVE-2021-42185 | 2022-05-04 | wdja v2.1 is affected by a SQL injection vulnerability in the foreground search function. |
| CVE-2022-28096 | 2022-05-04 | Skycaiji v2.4 was discovered to contain a remote code execution (RCE) vulnerability via /SkycaijiApp/admin/controller/Develop.php. |
| CVE-2022-28090 | 2022-05-04 | Jspxcms v10.2.0 allows attackers to execute a Server-Side Request Forgery (SSRF) via /cmscp/ext/collect/fetch_url.do?url=. |
| CVE-2022-28082 | 2022-05-04 | Tenda AX12 v22.03.01.21_CN was discovered to contain a stack overflow via the list parameter at /goform/SetNetControlList. |
| CVE-2022-28081 | 2022-05-04 | A reflected cross-site scripting (XSS) vulnerability in the component Query.php of arPHP v3.6.0 allows attackers to execute arbitrary web scripts. |
| CVE-2022-27903 | 2022-05-04 | An OS Command Injection vulnerability in the configuration parser of Eve-NG Professional through 4.0.1-65 and Eve-NG Community through 2.0.3-112 allows a remote authenticated attacker to execute commands as root by... |
| CVE-2022-28076 | 2022-05-04 | Seacms v11.6 was discovered to contain a remote command execution (RCE) vulnerability via the Mail Server Settings. |
| CVE-2022-28099 | 2022-05-04 | Poultry Farm Management System v1.0 was discovered to contain a SQL injection vulnerability via the Item parameter at /farm/store.php. |
| CVE-2022-28067 | 2022-05-04 | An incorrect access control issue in Sandboxie Classic v5.55.13 allows attackers to cause a Denial of Service (DoS) in the Sandbox via a crafted executable. |
| CVE-2021-32010 | 2022-05-04 | Clients may connect to a GateManager with TLS 1.0 |
| CVE-2022-25778 | 2022-05-04 | Unload handlers may unintentionally defeat CSRF guards |
| CVE-2022-28508 | 2022-05-04 | An XSS issue was discovered in browser_search_plugin.php in MantisBT before 2.25.2. Unescaped output of the return parameter allows an attacker to inject code into a hidden input field. |
| CVE-2022-25779 | 2022-05-04 | Insufficient scope checks allows adding unrelated audit log entries |
| CVE-2022-25780 | 2022-05-04 | Information leak via device availability query function |
| CVE-2022-25781 | 2022-05-04 | Reflected XSS issues in GateManager |
| CVE-2022-25782 | 2022-05-04 | Insufficient privilege checks on object access and updates. |
| CVE-2022-25783 | 2022-05-04 | Hacking attempts from logged-in users are not properly logged by GM |
| CVE-2022-25784 | 2022-05-04 | User controllable HTML element attribute (potential XSS) |
| CVE-2022-25785 | 2022-05-04 | Buffer overrun |
| CVE-2022-25787 | 2022-05-04 | GTA URLs issued by LMM WEB API may leak information |
| CVE-2022-27461 | 2022-05-04 | In nopCommerce 4.50.1, an open redirect vulnerability can be triggered by luring a user to authenticate to a nopCommerce page by clicking on a crafted link. |
| CVE-2022-28806 | 2022-05-04 | An issue was discovered on certain Fujitsu LIEFBOOK devices (A3510, U9310, U7511/U7411/U7311, U9311, E5510/E5410, U7510/U7410/U7310, E459/E449) with BIOS versions before v1.09 (A3510), v2.17 (U9310), v2.30 (U7511/U7411/U7311), v2.33 (U9311), v2.23 (E5510),... |
| CVE-2022-28488 | 2022-05-04 | The function wav_format_write in libwav.c in libwav through 2017-04-20 has an Use of Uninitialized Variable vulnerability. |
| CVE-2022-29950 | 2022-05-04 | Experian Hunter 1.16 allows remote authenticated users to modify assumed-immutable elements via the (1) rule name parameter to the Rules page or the (2) subrule name or (3) categories name... |
| CVE-2022-28512 | 2022-05-04 | A SQL injection vulnerability exists in Sourcecodester Fantastic Blog CMS 1.0 . An attacker can inject query in "/fantasticblog/single.php" via the "id=5" parameters. |
| CVE-2022-29347 | 2022-05-04 | An arbitrary file upload vulnerability in Web@rchiv 1.0 allows attackers to execute arbitrary commands via a crafted PHP file. |
| CVE-2022-28568 | 2022-05-04 | Sourcecodester Doctor's Appointment System 1.0 is vulnerable to File Upload to RCE via Image upload from the administrator panel. An attacker can obtain remote command execution just by knowing the... |
| CVE-2022-28552 | 2022-05-04 | Cscms 4.1 is vulnerable to SQL Injection. Log into the background, open the song module, create a new song, delete it to the recycle bin, and SQL injection security problems... |
| CVE-2022-28556 | 2022-05-04 | Tenda AC15 US_AC15V1.0BR_V15.03.05.20_multi_TDE01.bin is vulnerable to Buffer Overflow. The stack overflow vulnerability lies in the /goform/setpptpservercfg interface of the web. The sent post data startip and endip are copied to... |
| CVE-2022-28557 | 2022-05-04 | There is a command injection vulnerability at the /goform/setsambacfg interface of Tenda AC15 US_AC15V1.0BR_V15.03.05.20_multi_TDE01.bin device web, which can also cooperate with CVE-2021-44971 to cause unconditional arbitrary command execution |
| CVE-2021-20051 | 2022-05-04 | SonicWall Global VPN Client 4.10.7.1117 installer (32-bit and 64-bit) and earlier versions have a DLL Search Order Hijacking vulnerability in one of the installer components. Successful exploitation via a local... |
| CVE-2021-41020 | 2022-05-04 | An improper access control vulnerability [CWE-284] in FortiIsolator versions 2.3.2 and below may allow an authenticated, non privileged attacker to regenerate the CA certificate via the regeneration URL. |
| CVE-2021-41032 | 2022-05-04 | An improper access control vulnerability [CWE-284] in FortiOS versions 6.4.8 and prior and 7.0.3 and prior may allow an authenticated attacker with a restricted user profile to gather sensitive information... |
| CVE-2022-23443 | 2022-05-04 | An improper access control in Fortinet FortiSOAR before 7.2.0 allows unauthenticated attackers to access gateway API data via crafted HTTP GET requests. |
| CVE-2021-43206 | 2022-05-04 | A server-generated error message containing sensitive information in Fortinet FortiOS 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.x, 6.0.x and FortiProxy 7.0.0 through 7.0.1, 2.0.x allows malicious webservers to retrieve a... |
| CVE-2022-28940 | 2022-05-04 | In H3C MagicR100 <=V100R005, the / Ajax / ajaxget interface can be accessed without authorization. It sends a large amount of data through ajaxmsg to carry out DOS attack. |
| CVE-2022-23724 | 2022-05-04 | PingID Integration for Windows Login MFA Bypass |
| CVE-2021-42235 | 2022-05-04 | SQL injection in osTicket before 1.14.8 and 1.15.4 login and password reset process allows attackers to access the osTicket administration profile functionality. |
| CVE-2022-1584 | 2022-05-04 | Reflected XSS in microweber/microweber |
| CVE-2022-20734 | 2022-05-04 | Cisco SD-WAN vManage Software Information Disclosure Vulnerability |
| CVE-2022-20753 | 2022-05-04 | Cisco Small Business RV Series Routers Remote Code Execution Vulnerability |
| CVE-2022-20764 | 2022-05-04 | Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities |
| CVE-2022-20770 | 2022-05-04 | ClamAV CHM File Parsing Denial of Service Vulnerability Affecting Cisco Products: April 2022 |
| CVE-2022-20771 | 2022-05-04 | ClamAV TIFF File Parsing Denial of Service Vulnerability Affecting Cisco Products: April 2022 |
| CVE-2022-20777 | 2022-05-04 | Cisco Enterprise NFV Infrastructure Software Vulnerabilities |
| CVE-2022-20779 | 2022-05-04 | Cisco Enterprise NFV Infrastructure Software Vulnerabilities |
| CVE-2022-20780 | 2022-05-04 | Cisco Enterprise NFV Infrastructure Software Vulnerabilities |
| CVE-2022-20785 | 2022-05-04 | ClamAV HTML Scanning Memory Leak Vulnerability Affecting Cisco Products: April 2022 |
| CVE-2022-20794 | 2022-05-04 | Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities |
| CVE-2022-20796 | 2022-05-04 | ClamAV Truncated File Denial of Service Vulnerability Affecting Cisco Products: April 2022 |
| CVE-2022-20801 | 2022-05-04 | Cisco Small Business RV Series Routers Command Injection Vulnerabilities |
| CVE-2022-20799 | 2022-05-04 | Cisco Small Business RV Series Routers Command Injection Vulnerabilities |
| CVE-2022-25786 | 2022-05-04 | GateManager debug interface is included in production builds |
| CVE-2022-29942 | 2022-05-04 | Talend Administration Center has a vulnerability that allows an authenticated user to use the Service Registry 'Add' functionality to perform SSRF HTTP GET requests on URLs in the internal network.... |
| CVE-2022-29943 | 2022-05-04 | Talend Administration Center has a vulnerability that allows an authenticated user to use XML External Entity (XXE) processing to achieve read access as root on the remote filesystem. The issue... |
| CVE-2022-30241 | 2022-05-04 | The jquery.json-viewer library through 1.4.0 for Node.js does not properly escape characters such as < in a JSON object, as demonstrated by a SCRIPT element. |
| CVE-2022-29155 | 2022-05-04 | In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This... |
| CVE-2022-30284 | 2022-05-04 | In the python-libnmap package through 0.7.2 for Python, remote command execution can occur (if used in a client application that does not validate arguments). NOTE: the vendor believes it would... |
| CVE-2022-30288 | 2022-05-04 | Agoo before 2.14.3 does not reject GraphQL fragment spreads that form cycles, leading to an application crash. NOTE: the vendor has disputed this on the grounds that it is not... |
| CVE-2022-30292 | 2022-05-04 | Heap-based buffer overflow in sqbaselib.cpp in SQUIRREL 3.2 due to lack of a certain sq_reservestack call. |
| CVE-2022-24903 | 2022-05-05 | Buffer overflow in TCP syslog server (receiver) components in rsyslog |
| CVE-2022-28890 | 2022-05-05 | Processing external DTDs |
| CVE-2022-1590 | 2022-05-05 | Bludit New Content Module new-content cross site scripting |
| CVE-2022-1592 | 2022-05-05 | Server-Side Request Forgery in scout in clinical-genomics/scout |
| CVE-2021-45783 | 2022-05-05 | Bookeen Notea Firmware BK_R_1.0.5_20210608 is affected by a directory traversal vulnerability that allows an attacker to obtain sensitive information. |
| CVE-2022-1411 | 2022-05-05 | Unrestructed file upload in yetiforcecompany/yetiforcecrm |
| CVE-2021-41739 | 2022-05-05 | A OS Command Injection vulnerability was discovered in Artica Proxy 4.30.000000. Attackers can execute OS commands in cyrus.events.php with GET param logs and POST param rp. |
| CVE-2022-29940 | 2022-05-05 | In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters formseq and formid in interface\orders\find_order_popup.php leads to multiple cross-site scripting (XSS) vulnerabilities. |
| CVE-2022-29939 | 2022-05-05 | In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters debug and InsId in interface\billing\sl_eob_process.php leads to multiple cross-site scripting (XSS) vulnerabilities. |
| CVE-2022-29938 | 2022-05-05 | In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameter payment_id in interface\billing\new_payment.php via interface\billing\payment_master.inc.php leads to SQL injection. |
| CVE-2022-1575 | 2022-05-05 | Arbitrary Code Execution through Sanitizer Bypass in jgraph/drawio |
| CVE-2021-42242 | 2022-05-05 | A command execution vulnerability exists in jfinal_cms 5.0.1 via com.jflyfox.component.controller.Ueditor. |