Lista CVE - 2022 / Luglio
Visualizzazione 1301 - 1400 di 1977 CVE per Luglio 2022 (Pagina 14 di 20)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2022-2199 | 2022-07-20 | ICSA-22-200-01 MiCODUS MV720 GPS tracker Cross-site Scripting |
| CVE-2022-2141 | 2022-07-20 | ICSA-22-200-01 MiCODUS MV720 GPS tracker Improper Authentication |
| CVE-2022-33944 | 2022-07-20 | ICSA-22-200-01 MiCODUS MV720 GPS tracker Authorization Bypass Through User-Controlled Key |
| CVE-2022-2107 | 2022-07-20 | ICSA-22-200-01 MiCODUS MV720 GPS tracker Use of Hard-coded Credentials |
| CVE-2022-1264 | 2022-07-20 | Inductive Automation Ignition |
| CVE-2022-2179 | 2022-07-20 | ICSA-22-188-01 Rockwell Automation MicroLogix Improper Restriction of Rendered UI Layers or Frames |
| CVE-2022-34042 | 2022-07-20 | Barangay Management System v1.0 was discovered to contain a SQL injection vulnerability via the hidden_id parameter at /pages/household/household.php. |
| CVE-2022-1766 | 2022-07-20 | Anchore Enterprise anchorectl version 0.1.4 improperly stored credentials when generating a Software Bill of Materials. anchorectl will add the credentials used to access Anchore Enterprise API in the Software Bill... |
| CVE-2022-29834 | 2022-07-20 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ICONICS GENESIS64 versions 10.97 to 10.97.1 allows a remote unauthenticated attacker to access to arbitrary files in... |
| CVE-2022-34045 | 2022-07-20 | Wavlink WN530HG4 M30HG4.V5030.191116 was discovered to contain a hardcoded encryption/decryption key for its configuration files at /etc_ro/lighttpd/www/cgi-bin/ExportAllSettings.sh. |
| CVE-2022-34047 | 2022-07-20 | An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows attackers to obtain usernames and passwords via view-source:http://IP_ADDRESS/set_safety.shtml?r=52300 and searching for [var syspasswd]. |
| CVE-2022-34048 | 2022-07-20 | Wavlink WN533A8 M33A8.V5030.190716 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the login_page parameter. |
| CVE-2022-34049 | 2022-07-20 | An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows unauthenticated attackers to download log files and configuration data. |
| CVE-2022-34046 | 2022-07-20 | An access control issue in Wavlink WN533A8 M33A8.V5030.190716 allows attackers to obtain usernames and passwords via view-source:http://IP_ADDRESS/sysinit.shtml?r=52300 and searching for [logincheck(user);]. |
| CVE-2022-33316 | 2022-07-20 | Deserialization of Untrusted Data vulnerability in ICONICS GENESIS64 versions 10.97.1 and prior and Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior allows an unauthenticated attacker to execute an arbitrary... |
| CVE-2022-33317 | 2022-07-20 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in ICONICS GENESIS64 versions 10.97.1 and prior and Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior allows an unauthenticated attacker to... |
| CVE-2022-33315 | 2022-07-20 | Deserialization of Untrusted Data vulnerability in ICONICS GENESIS64 versions 10.97.1 and prior and Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior allows an unauthenticated attacker to execute an arbitrary... |
| CVE-2022-33320 | 2022-07-20 | Deserialization of Untrusted Data vulnerability in ICONICS GENESIS64 versions 10.97.1 and prior and Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior allows an unauthenticated attacker to execute an arbitrary... |
| CVE-2022-33318 | 2022-07-20 | Deserialization of Untrusted Data vulnerability in ICONICS GENESIS64 versions 10.97.1 and prior and Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior allows a remote unauthenticated attacker to execute an... |
| CVE-2022-33319 | 2022-07-20 | Out-of-bounds Read vulnerability in ICONICS GENESIS64 versions 10.97.1 and prior and Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior allows a remote unauthenticated attacker to disclose information on memory... |
| CVE-2022-26136 | 2022-07-20 | A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used... |
| CVE-2022-26137 | 2022-07-20 | A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. Atlassian has confirmed and... |
| CVE-2022-26138 | 2022-07-20 | The Atlassian Questions For Confluence app for Confluence Server and Data Center creates a Confluence user account in the confluence-users group with the username disabledsystemuser and a hardcoded password. A... |
| CVE-2021-29755 | 2022-07-20 | IBM QRadar SIEM 7.3, 7.4, and 7.5 does not preform proper certificate validation for some inter-host communications. IBM X-Force ID: 202015. |
| CVE-2021-38936 | 2022-07-20 | IBM QRadar SIEM 7.3, 7.4, and 7.5 could disclose highly sensitive information to a privileged user. IBM X-Force ID: 210893. |
| CVE-2022-22424 | 2022-07-20 | IBM QRadar SIEM 7.3, 7.4, and 7.5 could allow a local user to obtain sensitive information from the TLS key file due to incorrect file permissions. IBM X-Force ID: 223597. |
| CVE-2022-35569 | 2022-07-20 | Blogifier v3.0 was discovered to contain an arbitrary file upload vulnerability at /api/storage/upload/PostImage. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted file. |
| CVE-2021-36849 | 2022-07-20 | WordPress Social Media Share Buttons plugin <= 3.8.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-29454 | 2022-07-20 | WordPress Better Messages plugin <= 1.9.9.148 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-29923 | 2022-07-20 | WordPress Quick Restaurant Reservations plugin <= 1.4.1 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability |
| CVE-2020-21405 | 2022-07-20 | An issue was discovered in H96 Smart TV Box H96 Pro Plus allows attackers to corrupt files via calls to the saveDeepColorAttr service.unk |
| CVE-2020-21406 | 2022-07-20 | An issue was discovered in RK Smart TV Box MAX and V88 SmartTV box that allows attackers to cause a denial of service via the switchNextDisplayInterface service. |
| CVE-2022-34588 | 2022-07-20 | itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via the grade parameter at /school/view/timetable_insert_form.php. |
| CVE-2022-34586 | 2022-07-20 | itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via the grade parameter at /school/view/student_grade_wise.php. |
| CVE-2022-34590 | 2022-07-20 | Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in /HMS/admin.php. |
| CVE-2022-22555 | 2022-07-20 | Dell EMC PowerStore, contains an OS command injection Vulnerability. A locally authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the PowerStore underlying... |
| CVE-2022-31234 | 2022-07-20 | Dell EMC PowerStore, contain(s) an Improper Restriction of Excessive Authentication Attempts Vulnerability in PowerStore Manager GUI. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to password brute-forcing. Account... |
| CVE-2022-32498 | 2022-07-20 | Dell EMC PowerStore, Versions prior to v3.0.0.0 contain a DLL Hijacking vulnerability in PSTCLI. A local attacker can potentially exploit this vulnerability to execute arbitrary code, escalate privileges, and bypass... |
| CVE-2022-33923 | 2022-07-20 | Dell PowerStore, versions prior to 3.0.0.0, contains an OS Command Injection vulnerability in PowerStore T environment. A locally authenticated attacker could potentially exploit this vulnerability, leading to the execution of... |
| CVE-2022-34367 | 2022-07-20 | Dell EMC Data Protection Central versions 19.1, 19.2, 19.3, 19.4, 19.5, 19.6, contain(s) a Cross-Site Request Forgery Vulnerability. A(n) remote unauthenticated attacker could potentially exploit this vulnerability, leading to processing... |
| CVE-2022-31146 | 2022-07-20 | Use After Free in Wasmtime |
| CVE-2022-31151 | 2022-07-20 | Uncleared cookies on cross-host/cross-origin redirect in undici |
| CVE-2022-28860 | 2022-07-21 | An authentication downgrade in the server in Citilog 8.0 allows an attacker (in a man in the middle position between the server and its smart camera Axis M1125) to achieve... |
| CVE-2022-28861 | 2022-07-21 | The server in Citilog 8.0 allows an attacker (in a man in the middle position between the server and its smart camera Axis M1125) to see FTP credentials in a... |
| CVE-2022-20877 | 2022-07-21 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2022-20876 | 2022-07-21 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2022-20875 | 2022-07-21 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2022-20874 | 2022-07-21 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2022-20873 | 2022-07-21 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2022-20861 | 2022-07-21 | Cisco Nexus Dashboard Unauthorized Access Vulnerabilities |
| CVE-2022-20860 | 2022-07-21 | Cisco Nexus Dashboard SSL Certificate Validation Vulnerability |
| CVE-2022-20858 | 2022-07-21 | Cisco Nexus Dashboard Unauthorized Access Vulnerabilities |
| CVE-2022-20857 | 2022-07-21 | Cisco Nexus Dashboard Unauthorized Access Vulnerabilities |
| CVE-2020-36558 | 2022-07-21 | A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault. |
| CVE-2020-36557 | 2022-07-21 | A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of ttys could lead to a use-after-free. |
| CVE-2022-20908 | 2022-07-21 | Cisco Nexus Dashboard Privilege Escalation Vulnerabilities |
| CVE-2022-20907 | 2022-07-21 | Cisco Nexus Dashboard Privilege Escalation Vulnerabilities |
| CVE-2022-20906 | 2022-07-21 | Cisco Nexus Dashboard Privilege Escalation Vulnerabilities |
| CVE-2022-20904 | 2022-07-21 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2022-20903 | 2022-07-21 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2022-20902 | 2022-07-21 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2022-20901 | 2022-07-21 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2022-20900 | 2022-07-21 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2022-20899 | 2022-07-21 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2022-20898 | 2022-07-21 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2022-20897 | 2022-07-21 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2022-20896 | 2022-07-21 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2022-20895 | 2022-07-21 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2022-20894 | 2022-07-21 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2022-20893 | 2022-07-21 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2022-20892 | 2022-07-21 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2022-20891 | 2022-07-21 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2022-20890 | 2022-07-21 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2022-20889 | 2022-07-21 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2022-20888 | 2022-07-21 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2022-20887 | 2022-07-21 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2022-20886 | 2022-07-21 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2022-20885 | 2022-07-21 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2022-20884 | 2022-07-21 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2022-20883 | 2022-07-21 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2022-20882 | 2022-07-21 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2022-20881 | 2022-07-21 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2022-20880 | 2022-07-21 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2022-20879 | 2022-07-21 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2022-20878 | 2022-07-21 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2022-20911 | 2022-07-21 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2022-20910 | 2022-07-21 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2022-20909 | 2022-07-21 | Cisco Nexus Dashboard Privilege Escalation Vulnerabilities |
| CVE-2022-20916 | 2022-07-21 | Cisco IoT Control Center Cross-Site Scripting Vulnerability |
| CVE-2022-20913 | 2022-07-21 | Cisco Nexus Dashboard Arbitrary File Write Vulnerability |
| CVE-2022-20912 | 2022-07-21 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2022-32556 | 2022-07-21 | An issue was discovered in Couchbase Server before 7.0.4. A private key is leaked to the log files with certain crashes. |
| CVE-2022-31162 | 2022-07-21 | Slack Morphism for Rust before 0.41.0 can accidentally leak Slack OAuth client information in application debug logs |
| CVE-2022-31163 | 2022-07-21 | TZInfo relative path traversal vulnerability allows loading of arbitrary files |
| CVE-2022-31164 | 2022-07-21 | Tovy before v0.7.51 vulnerable to users logging in as and impersonating other users |
| CVE-2022-31169 | 2022-07-21 | Cranelift vulnerable to miscompilation of constant values in division on AArch64 |
| CVE-2022-31172 | 2022-07-21 | OpenZeppelin Contracts's SignatureChecker may revert on invalid EIP-1271 signers |
| CVE-2022-31170 | 2022-07-21 | OpenZeppelin Contracts's ERC165Checker may revert instead of returning false |
| CVE-2022-32289 | 2022-07-21 | WordPress Popup Builder plugin <= 4.1.0 - Cross-Site Request Forgery (CSRF) vulnerability leading to Popup Status Change |
| CVE-2022-36313 | 2022-07-21 | An issue was discovered in the file-type package before 16.5.4 and 17.x before 17.1.3 for Node.js. A malformed MKV file could cause the file type detector to get caught in... |