Lista CVE - 2022 / Luglio
Visualizzazione 701 - 800 di 1977 CVE per Luglio 2022 (Pagina 8 di 20)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2022-33658 | 2022-07-12 | Azure Site Recovery Elevation of Privilege Vulnerability |
| CVE-2022-33659 | 2022-07-12 | Azure Site Recovery Elevation of Privilege Vulnerability |
| CVE-2022-33660 | 2022-07-12 | Azure Site Recovery Elevation of Privilege Vulnerability |
| CVE-2022-33661 | 2022-07-12 | Azure Site Recovery Elevation of Privilege Vulnerability |
| CVE-2022-33662 | 2022-07-12 | Azure Site Recovery Elevation of Privilege Vulnerability |
| CVE-2022-33663 | 2022-07-12 | Azure Site Recovery Elevation of Privilege Vulnerability |
| CVE-2022-33664 | 2022-07-12 | Azure Site Recovery Elevation of Privilege Vulnerability |
| CVE-2022-33665 | 2022-07-12 | Azure Site Recovery Elevation of Privilege Vulnerability |
| CVE-2022-33666 | 2022-07-12 | Azure Site Recovery Elevation of Privilege Vulnerability |
| CVE-2022-33667 | 2022-07-12 | Azure Site Recovery Elevation of Privilege Vulnerability |
| CVE-2022-33668 | 2022-07-12 | Azure Site Recovery Elevation of Privilege Vulnerability |
| CVE-2022-33669 | 2022-07-12 | Azure Site Recovery Elevation of Privilege Vulnerability |
| CVE-2022-33671 | 2022-07-12 | Azure Site Recovery Elevation of Privilege Vulnerability |
| CVE-2022-33672 | 2022-07-12 | Azure Site Recovery Elevation of Privilege Vulnerability |
| CVE-2022-33673 | 2022-07-12 | Azure Site Recovery Elevation of Privilege Vulnerability |
| CVE-2022-33674 | 2022-07-12 | Azure Site Recovery Elevation of Privilege Vulnerability |
| CVE-2022-33675 | 2022-07-12 | Azure Site Recovery Elevation of Privilege Vulnerability |
| CVE-2022-33676 | 2022-07-12 | Azure Site Recovery Remote Code Execution Vulnerability |
| CVE-2022-33677 | 2022-07-12 | Azure Site Recovery Elevation of Privilege Vulnerability |
| CVE-2022-33678 | 2022-07-12 | Azure Site Recovery Remote Code Execution Vulnerability |
| CVE-2022-33156 | 2022-07-12 | The matomo_integration (aka Matomo Integration) extension before 1.3.2 for TYPO3 allows XSS. |
| CVE-2022-29602 | 2022-07-12 | The gridelements (aka Grid Elements) extension through 7.6.1, 8.x through 8.7.0, 9.x through 9.7.0, and 10.x through 10.2.0 extension for TYPO3 allows XSS. |
| CVE-2022-30517 | 2022-07-12 | Mogu blog 5.2 is vulnerable to Cross Site Scripting (XSS). |
| CVE-2022-28888 | 2022-07-13 | Spryker Commerce OS 1.4.2 allows Remote Command Execution. |
| CVE-2022-32114 | 2022-07-13 | An unrestricted file upload vulnerability in the Add New Assets function of Strapi 4.1.12 allows attackers to conduct XSS attacks via a crafted PDF file. NOTE: the project documentation suggests... |
| CVE-2021-46827 | 2022-07-13 | An issue was discovered in Oxygen XML WebHelp before 22.1 build 2021082006 and 23.x before 23.1 build 2021090310. An XSS vulnerability in search terms proposals (in online documentation generated using... |
| CVE-2022-31781 | 2022-07-13 | Regular Expression Denial of Service (ReDoS) in ContentType.java. (GHSL-2022-022) |
| CVE-2019-10761 | 2022-07-13 | Sandbox Bypass |
| CVE-2019-10800 | 2022-07-13 | Command Injection |
| CVE-2022-32274 | 2022-07-13 | The Transition Scheduler add-on 6.5.0 for Atlassian Jira is prone to stored XSS via the project name to the creation function. |
| CVE-2022-32065 | 2022-07-13 | An arbitrary file upload vulnerability in the background management module of RuoYi v4.7.3 and below allows attackers to execute arbitrary code via a crafted HTML file. |
| CVE-2022-32073 | 2022-07-13 | WolfSSH v1.4.7 was discovered to contain an integer overflow via the function wolfSSH_SFTP_RecvRMDIR. |
| CVE-2022-32074 | 2022-07-13 | A stored cross-site scripting (XSS) vulnerability in the component audit/class.audit.php of osTicket-plugins - Storage-FS before commit a7842d494889fd5533d13deb3c6a7789768795ae allows attackers to execute arbitrary web scripts or HTML via a crafted SVG... |
| CVE-2022-32096 | 2022-07-13 | Rhonabwy before v1.1.5 was discovered to contain a buffer overflow via the component r_jwe_aesgcm_key_unwrap. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted JWE token. |
| CVE-2022-34358 | 2022-07-13 | IBM i 7.2, 7.3, 7.4, and 7.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality... |
| CVE-2017-20126 | 2022-07-13 | KB Affiliate Referral Script index.php sql injection |
| CVE-2017-20127 | 2022-07-13 | KB Login Authentication Script sql injection |
| CVE-2017-20128 | 2022-07-13 | KB Messages PHP Script sql injection |
| CVE-2022-22982 | 2022-07-13 | The vCenter Server contains a server-side request forgery (SSRF) vulnerability. A malicious actor with network access to 443 on the vCenter Server may exploit this issue by accessing a URL... |
| CVE-2022-20216 | 2022-07-13 | android exported is used to set third-party app access permissions, and the default value of intent-filter is true. com.sprd.firewall has set exported as true.Product: AndroidVersions: Android SoCAndroid ID: A-231911916 |
| CVE-2022-20217 | 2022-07-13 | There is a unauthorized broadcast in the SprdContactsProvider. A third-party app could use this issue to delete Fdn contact.Product: AndroidVersions: Android SoCAndroid ID: A-232441378 |
| CVE-2022-20218 | 2022-07-13 | In PermissionController, there is a possible way to get and retain permissions without user's consent due to a logic error in the code. This could lead to local escalation of... |
| CVE-2022-20219 | 2022-07-13 | In multiple functions of StorageManagerService.java and UserManagerService.java, there is a possible way to leave user's directories unencrypted due to a logic error in the code. This could lead to local... |
| CVE-2022-20220 | 2022-07-13 | In openFile of CallLogProvider.java, there is a possible permission bypass due to a path traversal error. This could lead to local escalation of privilege with User execution privileges needed. User... |
| CVE-2022-20221 | 2022-07-13 | In avrc_ctrl_pars_vendor_cmd of avrc_pars_ct.cc, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure over Bluetooth with no additional execution... |
| CVE-2022-20222 | 2022-07-13 | In read_attr_value of gatt_db.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges... |
| CVE-2022-20223 | 2022-07-13 | In assertSafeToStartCustomActivity of AppRestrictionsFragment.java, there is a possible way to start a phone call without permissions due to a confused deputy. This could lead to local escalation of privilege with... |
| CVE-2022-20224 | 2022-07-13 | In AT_SKIP_REST of bta_hf_client_at.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure in the Bluetooth stack with... |
| CVE-2022-20225 | 2022-07-13 | In getSubscriptionProperty of SubscriptionController.java, there is a possible read of a sensitive identifier due to a missing permission check. This could lead to local information disclosure with no additional execution... |
| CVE-2022-20226 | 2022-07-13 | In finishDrawingWindow of WindowManagerService.java, there is a possible tapjacking due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is... |
| CVE-2022-20227 | 2022-07-13 | In USB driver, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with User execution privileges needed. User... |
| CVE-2022-20228 | 2022-07-13 | In various functions of C2DmaBufAllocator.cpp, there is a possible memory corruption due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed.... |
| CVE-2022-20229 | 2022-07-13 | In bta_hf_client_handle_cind_list_item of bta_hf_client_at.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges... |
| CVE-2022-20230 | 2022-07-13 | In choosePrivateKeyAlias of KeyChain.java, there is a possible access to the user's certificate due to improper input validation. This could lead to local information disclosure with no additional execution privileges... |
| CVE-2022-20236 | 2022-07-13 | A drm driver have oob problem, could cause the system crash or EOPProduct: AndroidVersions: Android SoCAndroid ID: A-233124709 |
| CVE-2022-20238 | 2022-07-13 | 'remap_pfn_range' here may map out of size kernel memory (for example, may map the kernel area), and because the 'vma->vm_page_prot' can also be controlled by userspace, so userspace may map... |
| CVE-2022-20212 | 2022-07-13 | In wifi.RequestToggleWifiActivity of AndroidManifest.xml, there is a possible EoP due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction... |
| CVE-2022-20234 | 2022-07-13 | In Car Settings app, the NotificationAccessConfirmationActivity is exported. In NotificationAccessConfirmationActivity, it gets both 'mComponentName' and 'pkgTitle' from user.An unprivileged app can use a malicous mComponentName with a benign pkgTitle (e.g.... |
| CVE-2022-2380 | 2022-07-13 | The Linux kernel was found vulnerable out of bounds memory access in the drivers/video/fbdev/sm712fb.c:smtcfb_read() function. The vulnerability could result in local attackers being able to crash the kernel. |
| CVE-2020-21967 | 2022-07-13 | File upload vulnerability in the Catalog feature in Prestashop 1.7.6.7 allows remote attackers to run arbitrary code via the add new file page. |
| CVE-2022-32308 | 2022-07-13 | Cross Site Scripting (XSS) vulnerability in uBlock Origin extension before 1.41.1 allows remote attackers to run arbitrary code via a spoofed 'MessageSender.url' to the browser renderer process. |
| CVE-2022-31145 | 2022-07-13 | Insufficient AccessToken Expiration Check in FlyteAdmin |
| CVE-2022-32117 | 2022-07-13 | Jerryscript v2.4.0 was discovered to contain a stack buffer overflow via the function jerryx_print_unhandled_exception in /util/print.c. |
| CVE-2022-34753 | 2022-07-13 | A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote root exploit when the command is compromised. Affected Products:... |
| CVE-2022-34754 | 2022-07-13 | A CWE-269: Improper Privilege Management vulnerability exists that could allow elevated functionality when guessing credentials. Affected Products: Acti9 PowerTag Link C (A9XELC10-A) (V1.7.5 and prior), Acti9 PowerTag Link C (A9XELC10-B)... |
| CVE-2022-34756 | 2022-07-13 | A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in remote code execution or the crash of HTTPs stack which is used for the device... |
| CVE-2022-34757 | 2022-07-13 | A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists where weak cipher suites can be used for the SSH connection between Easergy Pro software and the device,... |
| CVE-2022-34758 | 2022-07-13 | A CWE-20: Improper Input Validation vulnerability exists that could cause the device watchdog function to be disabled if the attacker had access to privileged user credentials. Affected Products: Easergy P5... |
| CVE-2022-34759 | 2022-07-13 | A CWE-787: Out-of-bounds Write vulnerability exists that could cause a denial of service of the webserver due to improper parsing of the HTTP Headers. Affected Products: X80 advanced RTU Communication... |
| CVE-2022-34760 | 2022-07-13 | A CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability exists that could cause a denial of service of the webserver due to improper handling of the cookies. Affected Products:... |
| CVE-2022-34761 | 2022-07-13 | A CWE-476: NULL Pointer Dereference vulnerability exists that could cause a denial of service of the webserver when parsing JSON content type. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H)... |
| CVE-2022-34762 | 2022-07-13 | A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause unauthorized firmware image loading when unsigned images are added to the firmware... |
| CVE-2022-34763 | 2022-07-13 | A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists that could cause loading of unauthorized firmware images due to improper verification of the firmware signature. Affected Products: X80 advanced RTU... |
| CVE-2022-34764 | 2022-07-13 | A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause denial of service when parsing the URL. Affected Products: X80 advanced RTU... |
| CVE-2022-34765 | 2022-07-13 | A CWE-73: External Control of File Name or Path vulnerability exists that could cause loading of unauthorized firmware images when user-controlled data is written to the file path. Affected Products:... |
| CVE-2022-35857 | 2022-07-13 | kvf-admin through 2022-02-12 allows remote attackers to execute arbitrary code because deserialization is mishandled. The rememberMe parameter is encrypted with a hardcoded key from the com.kalvin.kvf.common.shiro.ShiroConfig file. |
| CVE-2022-32212 | 2022-07-14 | A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if... |
| CVE-2022-32213 | 2022-07-14 | The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling (HRS). |
| CVE-2022-32214 | 2022-07-14 | The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request... |
| CVE-2022-32215 | 2022-07-14 | The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS). |
| CVE-2022-32222 | 2022-07-14 | A cryptographic vulnerability exists on Node.js on linux in versions of 18.x prior to 18.40.0 which allowed a default path for openssl.cnf that might be accessible under some circumstances to... |
| CVE-2022-32317 | 2022-07-14 | The MPlayer Project v1.5 was discovered to contain a heap use-after-free resulting in a double free in the preinit function at libvo/vo_v4l2.c. This vulnerability can lead to a Denial of... |
| CVE-2017-20129 | 2022-07-14 | LogoStore search.php sql injection |
| CVE-2022-25800 | 2022-07-14 | Best Practical RT for Incident Response (RTIR) before 4.0.3 and 5.x before 5.0.3 allows SSRF via the whois lookup tool. |
| CVE-2022-25801 | 2022-07-14 | Best Practical RT for Incident Response (RTIR) before 4.0.3 and 5.x before 5.0.3 allows SSRF via Scripted Action tools. |
| CVE-2022-25802 | 2022-07-14 | Best Practical Request Tracker (RT) before 4.4.6 and 5.x before 5.0.3 allows XSS via a crafted content type for an attachment. |
| CVE-2022-25803 | 2022-07-14 | Best Practical Request Tracker (RT) before 5.0.3 has an Open Redirect via a ticket search. |
| CVE-2022-2396 | 2022-07-14 | SourceCodester Simple e-Learning System claire_blake cross site scripting |
| CVE-2022-28377 | 2022-07-14 | On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices, the CRTC and ODU RPC endpoints rely on a static account username/password for access control. This password... |
| CVE-2022-28375 | 2022-07-14 | Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 does not property sanitize user-controlled parameters within the crtcswitchsimprofile function of the crtcrpc JSON listener. A remote attacker on the local network can... |
| CVE-2022-28374 | 2022-07-14 | Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 does not property sanitize user-controlled parameters within the DMACC URLs on the Settings page of the Engineering portal. An authenticated remote attacker on... |
| CVE-2022-28373 | 2022-07-14 | Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 does not properly sanitize user-controlled parameters within the crtcreadpartition function of the crtcrpc JSON listener in /usr/lib/lua/luci/crtc.lua. A remote attacker on the local... |
| CVE-2022-28372 | 2022-07-14 | On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices, the CRTC and ODU RPC endpoints provide a means of provisioning a firmware update for the device... |
| CVE-2022-28371 | 2022-07-14 | On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices, the CRTC and ODU RPC endpoints rely on a static certificate for access control. This certificate is... |
| CVE-2022-28370 | 2022-07-14 | On Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 devices, the RPC endpoint crtc_fw_upgrade provides a means of provisioning a firmware update for the device. /lib/functions/wnc_jsonsh/wnc_crtc_fw.sh has no cryptographic validation of... |
| CVE-2022-28369 | 2022-07-14 | Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 does not validate the user-provided URL within the crtcmode function's enable_ssh sub-operation of the crtcrpc JSON listener (found at /lib/functions/wnc_jsonsh/crtcmode.sh) A remote attacker... |
| CVE-2022-30113 | 2022-07-14 | Electronic mall system 1.0_build20200203 is affected vulnerable to SQL Injection. |
| CVE-2022-30024 | 2022-07-14 | A buffer overflow in the httpd daemon on TP-Link TL-WR841N V12 (firmware version 3.16.9) devices allows an authenticated remote attacker to execute arbitrary code via a GET request to the... |
| CVE-2022-28876 | 2022-07-14 | Denial-of-Service (DoS) Vulnerability |
| CVE-2020-14127 | 2022-07-14 | A denial of service vulnerability exists in some Xiaomi models of phones. The vulnerability is caused by heap overflow and can be exploited by attackers to make remote denial of... |