Lista CVE - 2022 / Luglio
Visualizzazione 901 - 1000 di 1977 CVE per Luglio 2022 (Pagina 10 di 20)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2022-31158 | 2022-07-15 | Authentication Bypass by Capture-replay in packbackbooks/lti-1-3-php-library |
| CVE-2022-31157 | 2022-07-15 | Use of a Broken or Risky Cryptographic Algorithm in packbackbooks/lti-1-3-php-library |
| CVE-2022-31159 | 2022-07-15 | Partial Path Traversal in com.amazonaws:aws-java-sdk-s3 |
| CVE-2022-31153 | 2022-07-15 | OpenZeppelin Contracts for Cairo account cannot process transactions on Goerli |
| CVE-2021-34986 | 2022-07-15 | This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.5.0 (49183). An attacker must first obtain the ability to execute low-privileged code on the target... |
| CVE-2021-34987 | 2022-07-15 | This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.5.1 (49187). An attacker must first obtain the ability to execute high-privileged code on the target... |
| CVE-2022-30634 | 2022-07-15 | Indefinite hang with large buffers on Windows in crypto/rand |
| CVE-2022-25858 | 2022-07-15 | Regular Expression Denial of Service (ReDoS) |
| CVE-2022-25891 | 2022-07-15 | Denial of Service (DoS) |
| CVE-2022-25869 | 2022-07-15 | All versions of the package angular; all versions of the package angularjs.core; all versions of the package angularjs are vulnerable to Cross-site Scripting (XSS) due to insecure page caching in... |
| CVE-2022-32434 | 2022-07-15 | EIPStackGroup OpENer v2.3.0 was discovered to contain a stack overflow via /bin/posix/src/ports/POSIX/OpENer+0x56073d. |
| CVE-2022-35890 | 2022-07-15 | An issue was discovered in Inductive Automation Ignition before 7.9.20 and 8.x before 8.1.17. Designer and Vision Client Session IDs are mishandled. An attacker can determine which session IDs were... |
| CVE-2022-34889 | 2022-07-15 | This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 17.1.1 (51537). An attacker must first obtain the ability to execute high-privileged code on the target... |
| CVE-2022-34890 | 2022-07-15 | This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 17.1.1 (51537). An attacker must first obtain the ability to execute low-privileged code on the... |
| CVE-2022-34891 | 2022-07-15 | This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop Parallels Desktop 17.1.1. An attacker must first obtain the ability to execute low-privileged code on the... |
| CVE-2022-35900 | 2022-07-15 | An issue was discovered in Bentley MicroStation before 10.17.0.x and Bentley View before 10.17.0.x. Using an affected version of MicroStation or MicroStation-based application to open a JP2 file containing crafted... |
| CVE-2022-35901 | 2022-07-15 | An issue was discovered in Bentley MicroStation before 10.17.0.x and Bentley View before 10.17.0.x. Using an affected version of MicroStation or MicroStation-based application to open a J2K file containing crafted... |
| CVE-2022-35902 | 2022-07-15 | An issue was discovered in Bentley MicroStation before 10.17.0.x and Bentley View before 10.17.0.x. Using an affected version of MicroStation or MicroStation-based application to open an OBJ file containing crafted... |
| CVE-2022-35903 | 2022-07-15 | An issue was discovered in Bentley MicroStation before 10.17.0.x and Bentley View before 10.17.0.x. Using an affected version of MicroStation or MicroStation-based application to open a 3DS file containing crafted... |
| CVE-2022-35904 | 2022-07-15 | An issue was discovered in Bentley MicroStation before 10.17.0.x and Bentley View before 10.17.0.x. Using an affected version of MicroStation or MicroStation-based application to open an IFC file containing crafted... |
| CVE-2022-35905 | 2022-07-15 | An issue was discovered in Bentley MicroStation before 10.17.0.x and Bentley View before 10.17.0.x. Using an affected version of MicroStation or MicroStation-based application to open an FBX file containing crafted... |
| CVE-2022-35906 | 2022-07-15 | An issue was discovered in Bentley MicroStation before 10.17.0.x and Bentley View before 10.17.0.x. Using an affected version of MicroStation or MicroStation-based application to open a DGN file containing crafted... |
| CVE-2017-20130 | 2022-07-16 | Itech Real Estate Script search_property.php sql injection |
| CVE-2017-20131 | 2022-07-16 | Itech News Portal information.php sql injection |
| CVE-2017-20132 | 2022-07-16 | Itech Multi Vendor Script product-list.php sql injection |
| CVE-2017-20133 | 2022-07-16 | Itech Job Portal Script admin improper authentication |
| CVE-2017-20134 | 2022-07-16 | Itech Freelancer Script category.php sql injection |
| CVE-2017-20135 | 2022-07-16 | Itech Dating Script see_more_details.php sql injection |
| CVE-2017-20136 | 2022-07-16 | Itech Classifieds Script subpage.php sql injection |
| CVE-2017-20137 | 2022-07-16 | Itech B2B Script catcompany.php sql injection |
| CVE-2017-20138 | 2022-07-16 | Itech Auction Script mcategory.php Blind sql injection |
| CVE-2021-34538 | 2022-07-16 | Apache Hive Security vulnerability in Hive with UDFs |
| CVE-2021-36711 | 2022-07-16 | WebInterface in OctoBot before 0.4.4 allows remote code execution because Tentacles upload is mishandled. |
| CVE-2022-36126 | 2022-07-16 | An issue was discovered in Inductive Automation Ignition before 7.9.20 and 8.x before 8.1.17. The ScriptInvoke function allows remote attackers to execute arbitrary code by supplying a Python script. |
| CVE-2020-16093 | 2022-07-17 | In LemonLDAP::NG (aka lemonldap-ng) through 2.0.8, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module... |
| CVE-2021-46784 | 2022-07-17 | In Squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 5.6, due to improper buffer management, a Denial of Service can occur when processing long Gopher server responses. |
| CVE-2022-30550 | 2022-07-17 | An issue was discovered in the auth component in Dovecot 2.2 and 2.3 before 2.3.20. When two passdb configuration entries exist with the same driver and args settings, incorrect username_filter... |
| CVE-2022-31212 | 2022-07-17 | An issue was discovered in dbus-broker before 31. It depends on c-uitl/c-shquote to parse the DBus service's Exec line. c-shquote contains a stack-based buffer over-read if a malicious Exec line... |
| CVE-2022-31213 | 2022-07-17 | An issue was discovered in dbus-broker before 31. Multiple NULL pointer dereferences can be found when supplying a malformed XML config file. |
| CVE-2022-33903 | 2022-07-17 | Tor 0.4.7.x before 0.4.7.8 allows a denial of service via the wedging of RTT estimation. |
| CVE-2015-10003 | 2022-07-17 | FileZilla Server PORT confused deputy |
| CVE-2020-7641 | 2022-07-17 | Prototype Pollution |
| CVE-2021-24655 | 2022-07-17 | WP User Manager < 2.6.3 - Arbitrary User Password Reset to Account Compromise |
| CVE-2022-1672 | 2022-07-17 | Insights from Google PageSpeed < 4.0.7 - Multiple CSRF |
| CVE-2022-1933 | 2022-07-17 | CDI < 5.1.9 - Reflected Cross-Site-Scripting |
| CVE-2022-2090 | 2022-07-17 | Woo Discount Rules < 2.4.2 - Reflected Cross-Site Scripting |
| CVE-2022-2099 | 2022-07-17 | WooCommerce < 6.6.0 - Admin+ Stored HTML Injection |
| CVE-2022-2100 | 2022-07-17 | Page Generator Plugin < 1.6.5 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-2114 | 2022-07-17 | Data Tables Generator by Supsystic < 1.10.20 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-2118 | 2022-07-17 | 404s < 3.5.1 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-2133 | 2022-07-17 | OAuth Single Sign On < 6.22.6 - Authentication Bypass |
| CVE-2022-2144 | 2022-07-17 | Jquery Validation For Contact Form 7 < 5.3 - Arbitrary Options Update via CSRF |
| CVE-2022-2146 | 2022-07-17 | Import CSV Files <= 1.0 - Reflected Cross-Site Scripting |
| CVE-2022-2148 | 2022-07-17 | LinkedIn Company Updates <= 1.5.3 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-2149 | 2022-07-17 | Very Simple Breadcrumb <= 1.0 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-2151 | 2022-07-17 | Best Contact Management Software <= 3.7.3 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-2168 | 2022-07-17 | Download Manager < 3.2.44 - Reflected Cross-Site Scripting |
| CVE-2022-2169 | 2022-07-17 | Loading Page with Loading Screen < 1.0.83 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-2173 | 2022-07-17 | Advanced Database Cleaner < 3.1.1 - Reflected Cross-Site Scripting |
| CVE-2022-2186 | 2022-07-17 | Simple Post Notes < 1.7.6 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-2187 | 2022-07-17 | Contact Form 7 Captcha < 0.1.2 - Reflected Cross-Site Scripting |
| CVE-2022-2194 | 2022-07-17 | Accept Stripe Payments < 2.0.64 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-2222 | 2022-07-17 | Download Monitor < 4.5.91 - Admin+ Arbitrary File Download |
| CVE-2022-32320 | 2022-07-17 | A Cross-Site Request Forgery (CSRF) in Ferdi through 5.8.1 and Ferdium through 6.0.0-nightly.98 allows attackers to read files via an uploaded file such as a settings/preferences file. |
| CVE-2022-35861 | 2022-07-17 | pyenv 1.2.24 through 2.3.2 allows local users to gain privileges via a .python-version file in the current working directory. An attacker can craft a Python version string in .python-version to... |
| CVE-2022-31260 | 2022-07-17 | In Montala ResourceSpace through 9.8 before r19636, csv_export_results_metadata.php allows attackers to export collection metadata via a non-NULL k value. |
| CVE-2022-25357 | 2022-07-17 | Pexip Infinity 27.x before 27.2 has Improper Access Control. An attacker can sometimes join a conference (call join) if it has a lock but not a PIN. |
| CVE-2022-30622 | 2022-07-17 | Chcnav - P5E GNSS Information disclosure |
| CVE-2022-26654 | 2022-07-17 | Pexip Infinity before 27.3 allows remote attackers to force a software abort via HTTP. |
| CVE-2022-26655 | 2022-07-17 | Pexip Infinity 27.x before 27.3 has Improper Input Validation. The client API allows remote attackers to trigger a software abort via a gateway call into Teams. |
| CVE-2022-26656 | 2022-07-17 | Pexip Infinity before 27.3 allows remote attackers to trigger a software abort, and possibly enumerate usernames, via One Touch Join. |
| CVE-2022-26657 | 2022-07-17 | Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join. |
| CVE-2022-27928 | 2022-07-17 | Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via the Session Initiation Protocol. |
| CVE-2022-27929 | 2022-07-17 | Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via HTTP. |
| CVE-2022-27930 | 2022-07-17 | Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via single-sign-on if a random Universally Unique Identifier is guessed. |
| CVE-2022-27931 | 2022-07-17 | Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via the Session Initiation Protocol. |
| CVE-2022-27932 | 2022-07-17 | Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join. |
| CVE-2022-27933 | 2022-07-17 | Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join. |
| CVE-2022-27934 | 2022-07-17 | Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via HTTP. |
| CVE-2022-27935 | 2022-07-17 | Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via Epic Telehealth. |
| CVE-2022-27936 | 2022-07-17 | Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via H.323. |
| CVE-2022-27937 | 2022-07-17 | Pexip Infinity before 27.3 allows remote attackers to trigger excessive resource consumption via H.264. |
| CVE-2022-29286 | 2022-07-17 | Pexip Infinity 27 before 28.0 allows remote attackers to trigger excessive resource consumption and termination because of registrar resource mishandling. |
| CVE-2022-32263 | 2022-07-17 | Pexip Infinity before 28.1 allows remote attackers to trigger a software abort via G.719. |
| CVE-2021-40149 | 2022-07-17 | The web server of the E1 Zoom camera through 3.0.0.716 discloses its SSL private key via the root web server directory. In this way an attacker can download the entire... |
| CVE-2022-26352 | 2022-07-17 | An issue was discovered in the ContentResource API in dotCMS 3.0 through 22.02. Attackers can craft a multipart form request to post a file whose filename is not initially sanitized.... |
| CVE-2022-26479 | 2022-07-17 | An issue was discovered in Poly EagleEye Director II before 2.2.2.1. Existence of a certain file (which can be created via an rsync backdoor) causes all API calls to execute... |
| CVE-2022-26482 | 2022-07-17 | An issue was discovered in Poly EagleEye Director II before 2.2.2.1. os.system command injection can be achieved by an admin. |
| CVE-2022-26481 | 2022-07-17 | An issue was discovered in Poly Studio before 3.7.0. Command Injection can occur via the CN field of a Create Certificate Signing Request (CSR) action. |
| CVE-2022-28807 | 2022-07-17 | An issue was discovered in Open Design Alliance Drawings SDK before 2023.2. An Out-of-Bounds Read vulnerability exists when rendering a .dwg file after it's opened in the recovery mode. An... |
| CVE-2022-28808 | 2022-07-17 | An issue was discovered in Open Design Alliance Drawings SDK before 2023.3. An Out-of-Bounds Read vulnerability exists when reading DWG files in a recovery mode. An attacker can leverage this... |
| CVE-2022-28809 | 2022-07-17 | An issue was discovered in Open Design Alliance Drawings SDK before 2023.3. An Out-of-Bounds Read vulnerability exists when reading a DWG file with an invalid vertex number in a recovery... |
| CVE-2022-30981 | 2022-07-17 | An issue was discovered in Gentics CMS before 5.43.1. By uploading a malicious ZIP file, an attacker is able to deserialize arbitrary data and hence can potentially achieve Java code... |
| CVE-2022-30982 | 2022-07-17 | An issue was discovered in Gentics CMS before 5.43.1. There is stored XSS in the profile description and in the username. |
| CVE-2022-31202 | 2022-07-17 | The export function in SoftGuard Web (SGW) before 5.1.5 allows directory traversal to read an arbitrary local file via export or man.tcl. |
| CVE-2022-31208 | 2022-07-17 | An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The webserver contains an endpoint that can execute arbitrary commands by manipulating the cmd_string URL parameter. |
| CVE-2022-31209 | 2022-07-17 | An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The firmware contains a potential buffer overflow by calling strcpy() without checking the string length beforehand. |
| CVE-2022-31210 | 2022-07-17 | An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The binary file /usr/local/sbin/webproject/set_param.cgi contains hardcoded credentials to the web application. Because these accounts cannot be deactivated or have their passwords changed,... |
| CVE-2022-31211 | 2022-07-17 | An issue was discovered in Infiray IRAY-A8Z3 1.0.957. There is a blank root password for TELNET by default. |
| CVE-2022-32985 | 2022-07-17 | libnx_apl.so on Nexans FTTO GigaSwitch before 6.02N and 7.x before 7.02 implements a Backdoor Account for SSH logins on port 50200 or 50201. |