Lista CVE - 2022 / Luglio
Visualizzazione 601 - 700 di 1977 CVE per Luglio 2022 (Pagina 7 di 20)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2022-22998 | 2022-07-12 | Protecting AWS credentials stored in plaintext on My Cloud Home |
| CVE-2022-22997 | 2022-07-12 | Command Injection Vulnerability on My Cloud Home |
| CVE-2022-32246 | 2022-07-12 | SAP Busines Objects Business Intelligence Platform (Visual Difference Application) - versions 420, 430, allows an authenticated attacker who has access to BI admin console to send crafted queries and extract... |
| CVE-2022-31598 | 2022-07-12 | Due to insufficient input validation, SAP Business Objects - version 420, allows an authenticated attacker to submit a malicious request through an allowed operation. On successful exploitation, an attacker can... |
| CVE-2022-31592 | 2022-07-12 | The application SAP Enterprise Extension Defense Forces & Public Security - versions 605, 606, 616,617,618, 802, 803, 804, 805, 806, does not perform necessary authorization checks for an authenticated user... |
| CVE-2022-29619 | 2022-07-12 | Under certain conditions SAP BusinessObjects Business Intelligence Platform 4.x - versions 420,430 allows user Administrator to view, edit or modify rights of objects it doesn't own and which would otherwise... |
| CVE-2022-28771 | 2022-07-12 | Due to missing authentication check, SAP Business one License service API - version 10.0 allows an unauthenticated attacker to send malicious http requests over the network. On successful exploitation, an... |
| CVE-2022-31597 | 2022-07-12 | Within SAP S/4HANA - versions S4CORE 101, 102, 103, 104, 105, 106, SAPSCORE 127, the application business partner extension for Spain/Slovakia does not perform necessary authorization checks for a low... |
| CVE-2022-31591 | 2022-07-12 | SAP BusinessObjects BW Publisher Service - versions 420, 430, uses a search path that contains an unquoted element. A local attacker can gain elevated privileges by inserting an executable file... |
| CVE-2022-31593 | 2022-07-12 | SAP Business One client - version 10.0 allows an attacker with low privileges, to inject code that can be executed by the application. An attacker could thereby control the behavior... |
| CVE-2022-32248 | 2022-07-12 | Due to missing input validation in the Manage Checkbooks component of SAP S/4HANA - version 101, 102, 103, 104, 105, 106, an attacker could insert or edit the value of... |
| CVE-2022-32247 | 2022-07-12 | SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the User... |
| CVE-2022-35168 | 2022-07-12 | Due to improper input sanitization of XML input in SAP Business One - version 10.0, an attacker can perform a denial-of-service attack rendering the system temporarily inoperative. |
| CVE-2022-35170 | 2022-07-12 | SAP NetWeaver Enterprise Portal does - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, not sufficiently encode user-controlled inputs over the network, resulting in reflected Cross-Site Scripting (XSS) vulnerability, therefore... |
| CVE-2022-35169 | 2022-07-12 | SAP BusinessObjects Business Intelligence Platform (LCM) - versions 420, 430, allows an attacker with an admin privilege to read and decrypt LCMBIAR file's password under certain conditions, enabling the attacker... |
| CVE-2022-35171 | 2022-07-12 | When a user opens manipulated JPEG 2000 (.jp2, jp2k.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user... |
| CVE-2022-35172 | 2022-07-12 | SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability. |
| CVE-2022-35227 | 2022-07-12 | A vulnerability in SAP NW EP (WPC) - versions 7.30, 7.31, 7.40, 7.50, which does not sufficiently validate user-controlled input, allows a remote attacker to conduct a Cross-Site (XSS) scripting... |
| CVE-2022-35225 | 2022-07-12 | SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs over the network, resulting in reflected Cross-Site Scripting (XSS) vulnerability, therefore... |
| CVE-2022-35228 | 2022-07-12 | SAP BusinessObjects CMC allows an unauthenticated attacker to retrieve token information over the network which would otherwise be restricted. This can be achieved only when a legitimate user accesses the... |
| CVE-2022-35224 | 2022-07-12 | SAP Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. This attack can be used to... |
| CVE-2022-32249 | 2022-07-12 | Under special integration scenario of SAP Business one and SAP HANA - version 10.0, an attacker can exploit HANA cockpit�s data volume to gain access to highly sensitive information (e.g.,... |
| CVE-2022-2211 | 2022-07-12 | A vulnerability was found in libguestfs. This issue occurs while calculating the greatest possible number of matching keys in the get_keys() function. This flaw leads to a denial of service,... |
| CVE-2022-31134 | 2022-07-12 | Zulip Server public data export contains attachments that are non-public |
| CVE-2022-31012 | 2022-07-12 | Git for Windows' installer can be tricked into executing an untrusted binary |
| CVE-2011-4916 | 2022-07-12 | Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /dev/pts/ and /dev/tty*. |
| CVE-2022-1025 | 2022-07-12 | All unpatched versions of Argo CD starting with v1.0.0 are vulnerable to an improper access control bug, allowing a malicious user to potentially escalate their privileges to admin-level. |
| CVE-2022-1737 | 2022-07-12 | Pyramid Solutions EtherNet/IP Adapter Development Kit Out-of-bound Write |
| CVE-2022-31654 | 2022-07-12 | VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in configurations. |
| CVE-2022-31655 | 2022-07-12 | VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in alerts. |
| CVE-2022-29601 | 2022-07-12 | The seminars (aka Seminar Manager) extension through 4.1.3 for TYPO3 allows SQL Injection. |
| CVE-2022-29600 | 2022-07-12 | The oelib (aka One is Enough Library) extension through 4.1.5 for TYPO3 allows SQL Injection. |
| CVE-2022-33154 | 2022-07-12 | The schema (aka Embedding schema.org vocabulary) extension before 1.13.1 and 2.x before 2.5.1 for TYPO3 allows XSS. |
| CVE-2022-35403 | 2022-07-12 | Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP before 10606, and SupportCenter Plus before 11022 are affected by an unauthenticated local file disclosure vulnerability via ticket-creation email. (This also... |
| CVE-2022-33155 | 2022-07-12 | The ameos_tarteaucitron (aka AMEOS - TarteAuCitron GDPR cookie banner and tracking management / French RGPD compatible) extension before 1.2.23 for TYPO3 allows XSS. |
| CVE-2022-35628 | 2022-07-12 | A SQL injection issue was discovered in the lux extension before 17.6.1, and 18.x through 24.x before 24.0.2, for TYPO3. |
| CVE-2022-31105 | 2022-07-12 | Argo CD's certificate verification is skipped for connections to OIDC providers |
| CVE-2022-31102 | 2022-07-12 | Cross-site Scripting for Argo CD single sign on users |
| CVE-2022-21845 | 2022-07-12 | Windows Kernel Information Disclosure Vulnerability |
| CVE-2022-22022 | 2022-07-12 | Windows Print Spooler Elevation of Privilege Vulnerability |
| CVE-2022-22023 | 2022-07-12 | Windows Portable Device Enumerator Service Security Feature Bypass Vulnerability |
| CVE-2022-22024 | 2022-07-12 | Windows Fax Service Remote Code Execution Vulnerability |
| CVE-2022-22025 | 2022-07-12 | Windows Internet Information Services Cachuri Module Denial of Service Vulnerability |
| CVE-2022-22026 | 2022-07-12 | Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability |
| CVE-2022-22027 | 2022-07-12 | Windows Fax Service Remote Code Execution Vulnerability |
| CVE-2022-22028 | 2022-07-12 | Windows Network File System Information Disclosure Vulnerability |
| CVE-2022-33157 | 2022-07-12 | The libconnect extension before 7.0.8 and 8.x before 8.1.0 for TYPO3 allows XSS. |
| CVE-2022-22029 | 2022-07-12 | Windows Network File System Remote Code Execution Vulnerability |
| CVE-2022-22031 | 2022-07-12 | Windows Credential Guard Domain-joined Public Key Elevation of Privilege Vulnerability |
| CVE-2022-22034 | 2022-07-12 | Windows Graphics Component Elevation of Privilege Vulnerability |
| CVE-2022-22036 | 2022-07-12 | Performance Counters for Windows Elevation of Privilege Vulnerability |
| CVE-2022-22037 | 2022-07-12 | Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability |
| CVE-2022-22038 | 2022-07-12 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
| CVE-2022-22039 | 2022-07-12 | Windows Network File System Remote Code Execution Vulnerability |
| CVE-2022-22040 | 2022-07-12 | Internet Information Services Dynamic Compression Module Denial of Service Vulnerability |
| CVE-2022-22041 | 2022-07-12 | Windows Print Spooler Elevation of Privilege Vulnerability |
| CVE-2022-22042 | 2022-07-12 | Windows Hyper-V Information Disclosure Vulnerability |
| CVE-2022-22043 | 2022-07-12 | Windows Fast FAT File System Driver Elevation of Privilege Vulnerability |
| CVE-2022-22045 | 2022-07-12 | Windows.Devices.Picker.dll Elevation of Privilege Vulnerability |
| CVE-2022-22047 | 2022-07-12 | Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability |
| CVE-2022-22048 | 2022-07-12 | BitLocker Security Feature Bypass Vulnerability |
| CVE-2022-22049 | 2022-07-12 | Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability |
| CVE-2022-22050 | 2022-07-12 | Windows Fax Service Elevation of Privilege Vulnerability |
| CVE-2022-22711 | 2022-07-12 | Windows BitLocker Information Disclosure Vulnerability |
| CVE-2022-30181 | 2022-07-12 | Azure Site Recovery Elevation of Privilege Vulnerability |
| CVE-2022-30187 | 2022-07-12 | Azure Storage Library Information Disclosure Vulnerability |
| CVE-2022-30202 | 2022-07-12 | Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability |
| CVE-2022-30203 | 2022-07-12 | Windows Boot Manager Security Feature Bypass Vulnerability |
| CVE-2022-30205 | 2022-07-12 | Windows Group Policy Elevation of Privilege Vulnerability |
| CVE-2022-30206 | 2022-07-12 | Windows Print Spooler Elevation of Privilege Vulnerability |
| CVE-2022-30208 | 2022-07-12 | Windows Security Account Manager (SAM) Denial of Service Vulnerability |
| CVE-2022-30209 | 2022-07-12 | Windows IIS Server Elevation of Privilege Vulnerability |
| CVE-2022-30211 | 2022-07-12 | Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability |
| CVE-2022-30212 | 2022-07-12 | Windows Connected Devices Platform Service Information Disclosure Vulnerability |
| CVE-2022-30213 | 2022-07-12 | Windows GDI+ Information Disclosure Vulnerability |
| CVE-2022-30214 | 2022-07-12 | Windows DNS Server Remote Code Execution Vulnerability |
| CVE-2022-30215 | 2022-07-12 | Active Directory Federation Services Elevation of Privilege Vulnerability |
| CVE-2022-30216 | 2022-07-12 | Windows Server Service Tampering Vulnerability |
| CVE-2022-30220 | 2022-07-12 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
| CVE-2022-30221 | 2022-07-12 | Windows Graphics Component Remote Code Execution Vulnerability |
| CVE-2022-30222 | 2022-07-12 | Windows Shell Remote Code Execution Vulnerability |
| CVE-2022-30223 | 2022-07-12 | Windows Hyper-V Information Disclosure Vulnerability |
| CVE-2022-30224 | 2022-07-12 | Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability |
| CVE-2022-30225 | 2022-07-12 | Windows Media Player Network Sharing Service Elevation of Privilege Vulnerability |
| CVE-2022-30226 | 2022-07-12 | Windows Print Spooler Elevation of Privilege Vulnerability |
| CVE-2022-33632 | 2022-07-12 | Microsoft Office Security Feature Bypass Vulnerability |
| CVE-2022-33633 | 2022-07-12 | Skype for Business and Lync Remote Code Execution Vulnerability |
| CVE-2022-33637 | 2022-07-12 | Microsoft Defender for Endpoint Tampering Vulnerability |
| CVE-2022-33641 | 2022-07-12 | Azure Site Recovery Elevation of Privilege Vulnerability |
| CVE-2022-33642 | 2022-07-12 | Azure Site Recovery Elevation of Privilege Vulnerability |
| CVE-2022-33643 | 2022-07-12 | Azure Site Recovery Elevation of Privilege Vulnerability |
| CVE-2022-33644 | 2022-07-12 | Xbox Live Save Service Elevation of Privilege Vulnerability |
| CVE-2022-33650 | 2022-07-12 | Azure Site Recovery Elevation of Privilege Vulnerability |
| CVE-2022-33651 | 2022-07-12 | Azure Site Recovery Elevation of Privilege Vulnerability |
| CVE-2022-33652 | 2022-07-12 | Azure Site Recovery Elevation of Privilege Vulnerability |
| CVE-2022-33653 | 2022-07-12 | Azure Site Recovery Elevation of Privilege Vulnerability |
| CVE-2022-33654 | 2022-07-12 | Azure Site Recovery Elevation of Privilege Vulnerability |
| CVE-2022-33655 | 2022-07-12 | Azure Site Recovery Elevation of Privilege Vulnerability |
| CVE-2022-33656 | 2022-07-12 | Azure Site Recovery Elevation of Privilege Vulnerability |
| CVE-2022-33657 | 2022-07-12 | Azure Site Recovery Elevation of Privilege Vulnerability |