Lista CVE - 2022 / Luglio
Visualizzazione 1901 - 1977 di 1977 CVE per Luglio 2022 (Pagina 20 di 20)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2022-30316 | 2022-07-28 | Honeywell Experion PKS Safety Manager 5.02 has Insufficient Verification of Data Authenticity. According to FSCT-2022-0054, there is a Honeywell Experion PKS Safety Manager unauthenticated firmware update issue. The affected components... |
| CVE-2022-30315 | 2022-07-28 | Honeywell Experion PKS Safety Manager (SM and FSC) through 2022-05-06 has Insufficient Verification of Data Authenticity. According to FSCT-2022-0053, there is a Honeywell Experion PKS Safety Manager insufficient logic security... |
| CVE-2022-30314 | 2022-07-28 | Honeywell Experion PKS Safety Manager 5.02 uses Hard-coded Credentials. According to FSCT-2022-0052, there is a Honeywell Experion PKS Safety Manager hardcoded credentials issue. The affected components are characterized as: POLO... |
| CVE-2022-30313 | 2022-07-28 | Honeywell Experion PKS Safety Manager through 2022-05-06 has Missing Authentication for a Critical Function. According to FSCT-2022-0051, there is a Honeywell Experion PKS Safety Manager multiple proprietary protocols with unauthenticated... |
| CVE-2022-30320 | 2022-07-28 | Saia Burgess Controls (SBC) PCD through 2022-05-06 uses a Broken or Risky Cryptographic Algorithm. According to FSCT-2022-0063, there is a Saia Burgess Controls (SBC) PCD S-Bus weak credential hashing scheme... |
| CVE-2022-30319 | 2022-07-28 | Saia Burgess Controls (SBC) PCD through 2022-05-06 allows Authentication bypass. According to FSCT-2022-0062, there is a Saia Burgess Controls (SBC) PCD S-Bus authentication bypass issue. The affected components are characterized... |
| CVE-2016-4426 | 2022-07-28 | In zulip before 1.3.12, bot API keys were accessible to other users in the same realm. |
| CVE-2016-4427 | 2022-07-28 | In zulip before 1.3.12, deactivated users could access messages if SSO was enabled. |
| CVE-2016-4991 | 2022-07-28 | Input passed to the Pdf() function is shell escaped and passed to child_process.exec() during PDF rendering. However, the shell escape does not properly encode all special characters, namely, semicolon and... |
| CVE-2016-0796 | 2022-07-28 | WordPress Plugin mb.miniAudioPlayer-an HTML5 audio player for your mp3 files is prone to multiple vulnerabilities, including open proxy and security bypass vulnerabilities because it fails to properly verify user-supplied input.... |
| CVE-2016-3709 | 2022-07-28 | Possible cross-site scripting vulnerability in libxml after commit 960f0e2. |
| CVE-2022-34578 | 2022-07-28 | Open Source Point of Sale v3.3.7 was discovered to contain an arbitrary file upload vulnerability via the Update Branding Settings page. |
| CVE-2022-34593 | 2022-07-28 | DPTech VPN v8.1.28.0 was discovered to contain an arbitrary file read vulnerability. |
| CVE-2021-41556 | 2022-07-28 | sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1 allows an out-of-bounds read (in the core interpreter) that can lead to Code Execution. If a victim executes an attacker-controlled squirrel... |
| CVE-2022-30287 | 2022-07-28 | Horde Groupware Webmail Edition through 5.2.22 allows a reflection injection attack through which an attacker can instantiate a driver class. This then leads to arbitrary deserialization of PHP objects. |
| CVE-2022-34580 | 2022-07-28 | Advanced School Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the address parameter at ip/school/index.php. |
| CVE-2022-29558 | 2022-07-28 | Realtek rtl819x-SDK before v3.6.1 allows command injection over the web interface. |
| CVE-2022-2399 | 2022-07-28 | Use after free in WebGPU in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2021-39088 | 2022-07-28 | IBM QRadar SIEM 7.3, 7.4, and 7.5 is vulnerable to local privilege escalation if this could be combined with other unknown vulnerabilities then privilege escalation could be performed. IBM X-Force... |
| CVE-2022-34558 | 2022-07-28 | WMAgent v1.3.3rc2 and 1.3.3rc1, reqmgr 2 1.4.1rc5 and 1.4.0rc2, reqmon 1.4.1rc5, and global-workqueue 1.4.1rc5 allows attackers to execute arbitrary code via a crafted dbs-client package. |
| CVE-2022-34557 | 2022-07-28 | Barangay Management System v1.0 was discovered to contain a SQL injection vulnerability via the hidden_id parameter at /pages/permit/permit.php. |
| CVE-2022-34556 | 2022-07-28 | PicoC v3.2.2 was discovered to contain a NULL pointer dereference at variable.c. |
| CVE-2022-36234 | 2022-07-28 | SimpleNetwork TCP Server commit 29bc615f0d9910eb2f59aa8dff1f54f0e3af4496 was discovered to contain a double free vulnerability which is exploited via crafted TCP packets. |
| CVE-2022-36752 | 2022-07-28 | png2webp v1.0.4 was discovered to contain an out-of-bounds write via the function w2p. This vulnerability is exploitable via a crafted png file. |
| CVE-2022-34555 | 2022-07-28 | TP-LINK TL-R473G 2.0.1 Build 220529 Rel.65574n was discovered to contain a remote code execution vulnerability which is exploited via a crafted packet. |
| CVE-2022-34526 | 2022-07-29 | A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit v4.4.0. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted TIFF file parsed by... |
| CVE-2022-1799 | 2022-07-29 | Incorrect signature verification on Google play-services-basement in Google Play SDK |
| CVE-2022-24912 | 2022-07-29 | Timing Attack |
| CVE-2022-1277 | 2022-07-29 | SQL Injection in Inavitas Solar Log |
| CVE-2022-2576 | 2022-07-29 | In Eclipse Californium version 2.0.0 to 2.7.2 and 3.0.0-3.5.0 a DTLS resumption handshake falls back to a DTLS full handshake on a parameter mismatch without using a HelloVerifyRequest. Especially, if... |
| CVE-2022-36123 | 2022-07-29 | The Linux kernel before 5.18.13 lacks a certain clear operation for the block starting symbol (.bss). This allows Xen PV guest OS users to cause a denial of service or... |
| CVE-2022-35643 | 2022-07-29 | IBM PowerVM VIOS 3.1 could allow a remote attacker to tamper with system configuration or cause a denial of service. IBM X-Force ID: 230956. |
| CVE-2022-27873 | 2022-07-29 | An attacker can force the victim’s device to perform arbitrary HTTP requests in WAN through a malicious SVG file being parsed by Autodesk Fusion 360’s document parser. The vulnerability exists... |
| CVE-2022-33881 | 2022-07-29 | Parsing a maliciously crafted PRT file can force Autodesk AutoCAD 2023 to read beyond allocated boundaries. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the... |
| CVE-2022-2577 | 2022-07-29 | SourceCodester Garage Management System edituser.php sql injection |
| CVE-2022-2578 | 2022-07-29 | SourceCodester Garage Management System createUser.php access control |
| CVE-2022-2579 | 2022-07-29 | SourceCodester Garage Management System createUser.php cross site scripting |
| CVE-2022-35629 | 2022-07-29 | Velociraptor Client ID Spoofing |
| CVE-2022-35630 | 2022-07-29 | Unsafe HTML Injection in Artifact Collection Report |
| CVE-2022-35631 | 2022-07-29 | Filesystem race on temporary files |
| CVE-2022-35632 | 2022-07-29 | XSS in User Interface |
| CVE-2022-23001 | 2022-07-29 | Sweet-B Library: Point compress/decompress using the wrong bit for sign |
| CVE-2022-23002 | 2022-07-29 | Point Compression/Decompression of NIST P-256 points with X coordinate of zero |
| CVE-2022-23003 | 2022-07-29 | Shared secret or Point multiplication of NIST P-256 points with X coordinate of zero |
| CVE-2022-23004 | 2022-07-29 | Algorithm incorrectly returning error and Invalid unreduced value written to output buffer |
| CVE-2022-36378 | 2022-07-29 | WordPress Floating Div plugin <= 3.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-2414 | 2022-07-29 | Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files... |
| CVE-2022-27865 | 2022-07-29 | A maliciously crafted TGA or PCX file may be used to write beyond the allocated buffer through DesignReview.exe application while parsing TGA and PCX files. This vulnerability may be exploited... |
| CVE-2022-27866 | 2022-07-29 | A maliciously crafted TIFF file when consumed through DesignReview.exe application can be forced to read beyond allocated boundaries when parsing the TIFF file. This vulnerability in conjunction with other vulnerabilities... |
| CVE-2022-27864 | 2022-07-29 | A Double Free vulnerability allows remote attackers to execute arbitrary code through DesignReview.exe application on PDF files within affected installations. User interaction is required to exploit this vulnerability in that... |
| CVE-2022-2323 | 2022-07-29 | Improper neutralization of special elements used in a user input allows an authenticated malicious user to perform remote code execution in the host system. This vulnerability impacts SonicWall Switch 1.1.1.0-2s... |
| CVE-2022-36447 | 2022-07-29 | An inflation issue was discovered in Chia Network CAT1 Standard 1.0.0. Previously minted tokens minted on the Chia blockchain using the CAT1 standard can be inflated to an arbitrary extent... |
| CVE-2022-22280 | 2022-07-29 | Improper Neutralization of Special Elements used in an SQL Command leading to Unauthenticated SQL Injection vulnerability, impacting SonicWall GMS 9.3.1-SP2-Hotfix1, Analytics On-Prem 2.5.0.3-2520 and earlier versions. |
| CVE-2022-2324 | 2022-07-29 | Improperly Implemented Security Check vulnerability in the SonicWall Hosted Email Security leads to bypass of Capture ATP security service in the appliance. This vulnerability impacts 10.0.17.7319 and earlier versions |
| CVE-2022-34496 | 2022-07-29 | Hiby R3 PRO firmware v1.5 to v1.7 was discovered to contain a file upload vulnerability via the file upload feature. |
| CVE-2022-34527 | 2022-07-29 | D-Link DSL-3782 v1.03 and below was discovered to contain a command injection vulnerability via the function byte_4C0160. |
| CVE-2022-34528 | 2022-07-29 | D-Link DSL-3782 v1.03 and below was discovered to contain a stack overflow via the function getAttrValue. |
| CVE-2022-34531 | 2022-07-29 | DedeCMS v5.7.95 was discovered to contain a remote code execution (RCE) vulnerability via the component mytag_ main.php. |
| CVE-2022-33158 | 2022-07-29 | Trend Micro VPN Proxy Pro version 5.2.1026 and below contains a vulnerability involving some overly permissive folders in a key directory which could allow a local attacker to obtain privilege... |
| CVE-2022-35234 | 2022-07-29 | Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure Vulnerability that could allow an attacker to read sensitive information from other memory locations and... |
| CVE-2022-36336 | 2022-07-29 | A link following vulnerability in the scanning function of Trend Micro Apex One and Worry-Free Business Security agents could allow a local attacker to escalate privileges on affected installations. The... |
| CVE-2022-30083 | 2022-07-29 | EllieGrid Android Application version 3.4.1 is vulnerable to Code Injection. The application appears to evaluate user input as code (remote). |
| CVE-2021-27785 | 2022-07-29 | HCL Commerce could allow a local attacker to obtain sensitive personal information (CVE-2021-27785) |
| CVE-2022-33994 | 2022-07-30 | The Gutenberg plugin through 13.7.3 for WordPress allows stored XSS by the Contributor role via an SVG document to the "Insert from URL" feature. NOTE: the XSS payload does not... |
| CVE-2022-2591 | 2022-07-31 | TEM FLEX-1085 reboot denial of service |
| CVE-2022-22326 | 2022-07-31 | IBM Datapower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.5, and 2018.4.1.0 through 2018.4.1.18 could allow unauthorized viewing of logs and files due to insufficient authorization checks. IBM X-Force ID: 218856. |
| CVE-2022-31774 | 2022-07-31 | IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the... |
| CVE-2022-31775 | 2022-07-31 | IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote... |
| CVE-2022-31776 | 2022-07-31 | IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized... |
| CVE-2022-32750 | 2022-07-31 | IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the... |
| CVE-2022-35716 | 2022-07-31 | IBM UrbanCode Deploy (UCD) 6.2.0.0 through 6.2.7.16, 7.0.0.0 through 7.0.5.11, 7.1.0.0 through 7.1.2.7, and 7.2.0.0 through 7.2.3.0 could allow an authenticated user to obtain sensitive information in some instances due... |
| CVE-2022-22334 | 2022-07-31 | IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a user to access information from a tenant of which they should not have access. IBM X-Force ID: 219391. |
| CVE-2022-22505 | 2022-07-31 | IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 contains a vulnerability that could allow IBM tenant credentials to be exposed. IBM X-Force ID: 227288. |
| CVE-2022-30616 | 2022-07-31 | IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a privileged user to elevate their privilege to platform administrator through manipulation of APIs. IBM X-Force ID: 227978. |
| CVE-2022-33169 | 2022-07-31 | IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to insufficiently protected credentials for users created via a bulk upload. IBM X-Force ID: 228888. |
| CVE-2022-34338 | 2022-07-31 | IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could disclose sensitive information due to improper privilege management for storage provider types. IBM X-Force ID: 229962. |
| CVE-2022-2598 | 2022-08-01 | Out-of-bounds Write to API in vim/vim |
| CVE-2022-31188 | 2022-08-01 | Server-Side Request Forgery Vulnerability in Computer Vision Annotation Tool (CVAT) |
| CVE-2022-35919 | 2022-08-01 | Authenticated requests for server update admin API allows path traversal in minio |
| CVE-2022-36799 | 2022-08-01 | This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been implemented. Affected versions of Atlassian Jira Server and... |
| CVE-2022-27255 | 2022-08-01 | In Realtek eCos RSDK 1.5.7p1 and MSDK 4.9.4p1, the SIP ALG function that rewrites SDP data has a stack-based buffer overflow. This allows an attacker to remotely execute code without... |
| CVE-2022-26308 | 2022-08-01 | Improper Access Control in Configuration (Credential store) |
| CVE-2022-26309 | 2022-08-01 | Cross-Site Request en Bulk operation (User operation) |
| CVE-2022-26310 | 2022-08-01 | Improper Authorization in User Management to Vertical Privilege Escalation |
| CVE-2022-0598 | 2022-08-01 | Login with phone number < 1.3.8 - Multiple Admin+ Stored XSS |
| CVE-2022-1324 | 2022-08-01 | Event Timeline <= 1.1.5 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-1561 | 2022-08-01 | Crafted backend URLs in Lura Project |
| CVE-2022-1585 | 2022-08-01 | Project Source Code Download <= 1.0.0 - Unauthenticated Backup Download |
| CVE-2022-1600 | 2022-08-01 | YOP Poll < 6.4.3 - IP Spoofing |
| CVE-2022-1906 | 2022-08-01 | Copyright Proof <= 4.16 - Reflected Cross-Site-Scripting |
| CVE-2022-1950 | 2022-08-01 | Youzify < 1.2.0 - Unauthenticated SQLi |
| CVE-2022-2170 | 2022-08-01 | Microsoft Advertising Universal Event Tracking < 1.0.4 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-2171 | 2022-08-01 | Progressive License <= 1.1.0 - CSRF to Stored XSS |
| CVE-2022-2181 | 2022-08-01 | Advanced WordPress Reset < 1.6 - Reflected Cross-Site Scripting |
| CVE-2022-2184 | 2022-08-01 | CAPTCHA 4WP < 7.1.0 - Local File Inclusion via CSRF |
| CVE-2022-2215 | 2022-08-01 | GiveWP < 2.21.3 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-2241 | 2022-08-01 | Featured Image from URL < 4.0.0 - Arbitrary Settings Update to Stored XSS via CSRF |
| CVE-2022-2245 | 2022-08-01 | Counter Box < 1.2.1 - Arbitrary Counter Activation/Deactivation via CSRF |
| CVE-2022-2260 | 2022-08-01 | GiveWP < 2.21.3 - DoS via CSRF |
| CVE-2022-2273 | 2022-08-01 | Simple Membership < 4.1.3 - Membership Privilege Escalation |