Lista CVE - 2022 / Luglio
Visualizzazione 1601 - 1700 di 1977 CVE per Luglio 2022 (Pagina 17 di 20)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2022-34574 | 2022-07-25 | An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to obtain the key information of the device via accessing Tftpd32.ini. |
| CVE-2022-34575 | 2022-07-25 | An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to obtain the key information of the device via accessing fctest.shtml. |
| CVE-2022-34576 | 2022-07-25 | A vulnerability in /cgi-bin/ExportAllSettings.sh of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to execute arbitrary code via a crafted POST request. |
| CVE-2022-34577 | 2022-07-25 | A vulnerability in adm.cgi of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to execute arbitrary code via a crafted POST request. |
| CVE-2022-33745 | 2022-07-26 | insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in... |
| CVE-2022-22686 | 2022-07-26 | Cross-Site Request Forgery (CSRF) vulnerability in webapi component in Synology Calendar before 2.3.4-0631 allows remote authenticated users to hijack the authentication of administrators via unspecified vectors. |
| CVE-2020-36290 | 2022-07-26 | The Livesearch macro in Confluence Server and Data Center before version 7.4.5, from version 7.5.0 before 7.6.3, and from version 7.7.0 before version 7.7.4 allows remote attackers with permission to... |
| CVE-2022-1041 | 2022-07-26 | Out-of-bound write vulnerability in the Bluetooth mesh core stack can be triggered during provisioning |
| CVE-2022-1042 | 2022-07-26 | Out-of-bound write vulnerability in the Bluetooth mesh core stack can be triggered during provisioning |
| CVE-2022-30706 | 2022-07-26 | Open redirect vulnerability in Booked versions prior to 3.3 allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having... |
| CVE-2022-31471 | 2022-07-26 | untangle is a python library to convert XML data to python objects. untangle versions 1.2.0 and earlier improperly restricts XML external entity references. By exploiting this vulnerability, a remote unauthenticated... |
| CVE-2022-33977 | 2022-07-26 | untangle is a python library to convert XML data to python objects. untangle versions 1.2.0 and earlier improperly restricts recursive entity references in DTDs. By exploiting this vulnerability, a remote... |
| CVE-2021-43959 | 2022-07-26 | Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to access the content of internal network resources via a Server-Side Request Forgery (SSRF) vulnerability... |
| CVE-2022-2225 | 2022-07-26 | Zero Trust Secure Web Gateway policies bypass using WARP client subcommands |
| CVE-2021-33437 | 2022-07-26 | An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There are memory leaks in frozen_cb() in mjs.c. |
| CVE-2021-33438 | 2022-07-26 | An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is stack buffer overflow in json_parse_array() in mjs.c. |
| CVE-2021-33439 | 2022-07-26 | An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is Integer overflow in gc_compact_strings() in mjs.c. |
| CVE-2021-33440 | 2022-07-26 | An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in mjs_bcode_commit() in mjs.c. |
| CVE-2021-33441 | 2022-07-26 | An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in exec_expr() in mjs.c. |
| CVE-2021-33442 | 2022-07-26 | An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in json_printf() in mjs.c. |
| CVE-2021-33450 | 2022-07-26 | An issue was discovered in NASM version 2.16rc0. There are memory leaks in nasm_calloc() in nasmlib/alloc.c. |
| CVE-2021-33449 | 2022-07-26 | An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in mjs_bcode_part_get_by_offset() in mjs.c. |
| CVE-2021-33448 | 2022-07-26 | An issue was discovered in mjs(mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is stack buffer overflow at 0x7fffe9049390. |
| CVE-2021-33447 | 2022-07-26 | An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in mjs_print() in mjs.c. |
| CVE-2021-33446 | 2022-07-26 | An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in mjs_next() in mjs.c. |
| CVE-2021-33445 | 2022-07-26 | An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in mjs_string_char_code_at() in mjs.c. |
| CVE-2021-33444 | 2022-07-26 | An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in getprop_builtin_foreign() in mjs.c. |
| CVE-2021-33443 | 2022-07-26 | An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is stack buffer overflow in mjs_execute() in mjs.c. |
| CVE-2021-33451 | 2022-07-26 | An issue was discovered in lrzip version 0.641. There are memory leaks in fill_buffer() in stream.c. |
| CVE-2021-33452 | 2022-07-26 | An issue was discovered in NASM version 2.16rc0. There are memory leaks in nasm_malloc() in nasmlib/alloc.c. |
| CVE-2021-33453 | 2022-07-26 | An issue was discovered in lrzip version 0.641. There is a use-after-free in ucompthread() in stream.c:1538. |
| CVE-2021-33454 | 2022-07-26 | An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in yasm_expr_get_intnum() in libyasm/expr.c. |
| CVE-2021-33455 | 2022-07-26 | An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in do_directive() in modules/preprocs/nasm/nasm-pp.c. |
| CVE-2021-33456 | 2022-07-26 | An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in hash() in modules/preprocs/nasm/nasm-pp.c. |
| CVE-2021-33457 | 2022-07-26 | An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in expand_mmac_params() in modules/preprocs/nasm/nasm-pp.c. |
| CVE-2021-33458 | 2022-07-26 | An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in find_cc() in modules/preprocs/nasm/nasm-pp.c. |
| CVE-2021-33459 | 2022-07-26 | An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in nasm_parser_directive() in modules/parsers/nasm/nasm-parse.c. |
| CVE-2021-33460 | 2022-07-26 | An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in if_condition() in modules/preprocs/nasm/nasm-pp.c. |
| CVE-2021-33468 | 2022-07-26 | An issue was discovered in yasm version 1.3.0. There is a use-after-free in error() in modules/preprocs/nasm/nasm-pp.c. |
| CVE-2021-33467 | 2022-07-26 | An issue was discovered in yasm version 1.3.0. There is a use-after-free in pp_getline() in modules/preprocs/nasm/nasm-pp.c. |
| CVE-2021-33466 | 2022-07-26 | An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in expand_smacro() in modules/preprocs/nasm/nasm-pp.c. |
| CVE-2021-33465 | 2022-07-26 | An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in expand_mmacro() in modules/preprocs/nasm/nasm-pp.c. |
| CVE-2021-33464 | 2022-07-26 | An issue was discovered in yasm version 1.3.0. There is a heap-buffer-overflow in inc_fopen() in modules/preprocs/nasm/nasm-pp.c. |
| CVE-2021-33463 | 2022-07-26 | An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in yasm_expr__copy_except() in libyasm/expr.c. |
| CVE-2021-33462 | 2022-07-26 | An issue was discovered in yasm version 1.3.0. There is a use-after-free in expr_traverse_nodes_post() in libyasm/expr.c. |
| CVE-2021-33461 | 2022-07-26 | An issue was discovered in yasm version 1.3.0. There is a use-after-free in yasm_intnum_destroy() in libyasm/intnum.c. |
| CVE-2022-31879 | 2022-07-26 | Online Fire Reporting System 1.0 is vulnerable to SQL Injection via the date parameter. |
| CVE-2022-34067 | 2022-07-26 | Warehouse Management System v1.0 was discovered to contain a SQL injection vulnerability via the cari parameter. |
| CVE-2022-36161 | 2022-07-26 | Orange Station 1.0 was discovered to contain a SQL injection vulnerability via the username parameter. |
| CVE-2022-34989 | 2022-07-26 | Fruits Bazar v1.0 was discovered to contain a SQL injection vulnerability via the recover_email parameter at user_password_recover.php. |
| CVE-2022-34988 | 2022-07-26 | Inout Blockchain AltExchanger v1.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/js. |
| CVE-2022-34991 | 2022-07-26 | Paymoney v3.3 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities via the first_name and last_name parameters. |
| CVE-2022-36412 | 2022-07-26 | In Zoho ManageEngine SupportCenter Plus before 11023, V3 API requests are vulnerable to authentication bypass. (An API request may, in effect, be executed with the credentials of a user who... |
| CVE-2022-1648 | 2022-07-26 | Relative Path Traversal to Remote Code Execution in File Manager |
| CVE-2022-22412 | 2022-07-26 | IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a user with access to the local host (client machine) to obtain a login access token. IBM X-Force ID: 223019. |
| CVE-2022-35286 | 2022-07-26 | IBM Security Verify Information Queue 10.0.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website... |
| CVE-2022-35639 | 2022-07-26 | IBM Sterling Partner Engagement Manager 6.1, 6.2, and Cloud 22.2 do not limit the length of a connection which could cause the server to become unresponsive. IBM X-Force ID: 230932. |
| CVE-2022-1671 | 2022-07-26 | A NULL pointer dereference flaw was found in rxrpc_preparse_s in net/rxrpc/server_key.c in the Linux kernel. This flaw allows a local attacker to crash the system or leak internal kernel information. |
| CVE-2022-1651 | 2022-07-26 | A memory leak flaw was found in the Linux kernel in acrn_dev_ioctl in the drivers/virt/acrn/hsm.c function in how the ACRN Device Model emulates virtual NICs in VM. This flaw allows... |
| CVE-2022-29958 | 2022-07-26 | JTEKT TOYOPUC PLCs through 2022-04-29 do not ensure data integrity. They utilize the unauthenticated CMPLink/TCP protocol for engineering purposes, including downloading projects and control logic to the PLC. Control logic... |
| CVE-2022-29951 | 2022-07-26 | JTEKT TOYOPUC PLCs through 2022-04-29 mishandle authentication. They utilize the CMPLink/TCP protocol (configurable on ports 1024-65534 on either TCP or UDP) for a wide variety of engineering purposes such as... |
| CVE-2022-27105 | 2022-07-26 | InMailX Outlook Plugin < 3.22.0101 is vulnerable to Cross Site Scripting (XSS). InMailX Connection names are not sanitzed in the Outlook tab, which allows a local user or network administrator... |
| CVE-2022-29965 | 2022-07-26 | The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. Access to privileged operations on the maintenance port TELNET interface (23/TCP) on M-series and SIS... |
| CVE-2022-29963 | 2022-07-26 | The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. TELNET on port 18550 provides access to a root shell via hardcoded credentials. This affects... |
| CVE-2022-29964 | 2022-07-26 | The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. WIOC SSH provides access to a shell as root, DeltaV, or backup via hardcoded credentials.... |
| CVE-2022-29962 | 2022-07-26 | The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. FTP has hardcoded credentials (but may often be disabled in production). This affects S-series, P-series,... |
| CVE-2022-29960 | 2022-07-26 | Emerson OpenBSI through 2022-04-29 uses weak cryptography. It is an engineering environment for the ControlWave and Bristol Babcock line of RTUs. DES with hardcoded cryptographic keys is used for protection... |
| CVE-2022-29957 | 2022-07-26 | The Emerson DeltaV Distributed Control System (DCS) through 2022-04-29 mishandles authentication. It utilizes several proprietary protocols for a wide variety of functionality. These protocols include Firmware upgrade (18508/TCP, 18518/TCP); Plug-and-Play... |
| CVE-2022-30273 | 2022-07-26 | The Motorola MDLC protocol through 2022-05-02 mishandles message integrity. It supports three security modes: Plain, Legacy Encryption, and New Encryption. In Legacy Encryption mode, traffic is encrypted via the Tiny... |
| CVE-2022-30275 | 2022-07-26 | The Motorola MOSCAD Toolbox software through 2022-05-02 relies on a cleartext password. It utilizes an MDLC driver to communicate with MOSCAD/ACE RTUs for engineering purposes. Access to these communications is... |
| CVE-2022-31204 | 2022-07-26 | Omron CS series, CJ series, and CP series PLCs through 2022-05-18 use cleartext passwords. They feature a UM Protection setting that allows users or system integrators to configure a password... |
| CVE-2022-31205 | 2022-07-26 | In Omron CS series, CJ series, and CP series PLCs through 2022-05-18, the password for access to the Web UI is stored in memory area D1449...D1452 and can be read... |
| CVE-2022-31206 | 2022-07-26 | The Omron SYSMAC Nx product family PLCs (NJ series, NY series, NX series, and PMAC series) through 2022-005-18 lack cryptographic authentication. These PLCs are programmed using the SYMAC Studio engineering... |
| CVE-2022-31207 | 2022-07-26 | The Omron SYSMAC Cx product family PLCs (CS series, CJ series, and CP series) through 2022-05-18 lack cryptographic authentication. They utilize the Omron FINS (9600/TCP) protocol for engineering purposes, including... |
| CVE-2022-1364 | 2022-07-26 | Type confusion in V8 Turbofan in Google Chrome prior to 100.0.4896.127 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2022-1477 | 2022-07-26 | Use after free in Vulkan in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2022-1478 | 2022-07-26 | Use after free in SwiftShader in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2022-1479 | 2022-07-26 | Use after free in ANGLE in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2022-1481 | 2022-07-26 | Use after free in Sharing in Google Chrome on Mac prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit... |
| CVE-2022-1482 | 2022-07-26 | Inappropriate implementation in WebGL in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2022-1483 | 2022-07-26 | Heap buffer overflow in WebGPU in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML... |
| CVE-2022-1484 | 2022-07-26 | Heap buffer overflow in Web UI Settings in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2022-1485 | 2022-07-26 | Use after free in File System API in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2022-1486 | 2022-07-26 | Type confusion in V8 in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. |
| CVE-2022-1487 | 2022-07-26 | Use after free in Ozone in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via running a Wayland test. |
| CVE-2022-1488 | 2022-07-26 | Inappropriate implementation in Extensions API in Google Chrome prior to 101.0.4951.41 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted... |
| CVE-2022-1489 | 2022-07-26 | Out of bounds memory access in UI Shelf in Google Chrome on Chrome OS, Lacros prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific user... |
| CVE-2022-1490 | 2022-07-26 | Use after free in Browser Switcher in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap... |
| CVE-2022-1491 | 2022-07-26 | Use after free in Bookmarks in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific and direct user interaction. |
| CVE-2022-1492 | 2022-07-26 | Insufficient data validation in Blink Editing in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to inject arbitrary scripts or HTML via a crafted HTML page. |
| CVE-2022-1493 | 2022-07-26 | Use after free in Dev Tools in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific and direct user interaction. |
| CVE-2022-1494 | 2022-07-26 | Insufficient data validation in Trusted Types in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass trusted types policy via a crafted HTML page. |
| CVE-2022-1495 | 2022-07-26 | Incorrect security UI in Downloads in Google Chrome on Android prior to 101.0.4951.41 allowed a remote attacker to spoof the APK downloads dialog via a crafted HTML page. |
| CVE-2022-1496 | 2022-07-26 | Use after free in File Manager in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific and direct user interaction. |
| CVE-2022-1497 | 2022-07-26 | Inappropriate implementation in Input in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to spoof the contents of cross-origin websites via a crafted HTML page. |
| CVE-2022-1498 | 2022-07-26 | Inappropriate implementation in HTML Parser in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |
| CVE-2022-1499 | 2022-07-26 | Inappropriate implementation in WebAuthentication in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass same origin policy via a crafted HTML page. |
| CVE-2022-1500 | 2022-07-26 | Insufficient data validation in Dev Tools in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass content security policy via a crafted HTML page. |
| CVE-2022-1501 | 2022-07-26 | Inappropriate implementation in iframe in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |
| CVE-2022-29952 | 2022-07-26 | Bently Nevada condition monitoring equipment through 2022-04-29 mishandles authentication. It utilizes the TDI command and data protocols (60005/TCP, 60007/TCP) for communications between the monitoring controller and System 1 and/or Bently... |