Lista CVE - 2022 / Luglio
Visualizzazione 201 - 300 di 1977 CVE per Luglio 2022 (Pagina 3 di 20)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2022-21771 | 2022-07-06 | In GED driver, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction... |
| CVE-2022-21772 | 2022-07-06 | In TEEI driver, there is a possible type confusion due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is... |
| CVE-2022-21773 | 2022-07-06 | In TEEI driver, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction... |
| CVE-2022-21774 | 2022-07-06 | In TEEI driver, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction... |
| CVE-2022-21775 | 2022-07-06 | In sched driver, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is... |
| CVE-2022-21776 | 2022-07-06 | In MDP, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is... |
| CVE-2022-21777 | 2022-07-06 | In Autoboot, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction... |
| CVE-2022-21779 | 2022-07-06 | In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed.... |
| CVE-2022-21780 | 2022-07-06 | In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed.... |
| CVE-2022-21781 | 2022-07-06 | In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed.... |
| CVE-2022-21782 | 2022-07-06 | In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed.... |
| CVE-2022-21783 | 2022-07-06 | In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed.... |
| CVE-2022-21784 | 2022-07-06 | In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed.... |
| CVE-2022-21785 | 2022-07-06 | In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed.... |
| CVE-2022-21786 | 2022-07-06 | In audio DSP, there is a possible memory corruption due to improper casting. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not... |
| CVE-2022-21787 | 2022-07-06 | In audio DSP, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed.... |
| CVE-2022-23172 | 2022-07-06 | Priority - Priority User Enumeration |
| CVE-2022-23173 | 2022-07-06 | Priority - Priority web Insecure direct object references (IDOR) |
| CVE-2022-30619 | 2022-07-06 | Agile Point - Agile Point NX SQL injection (SQLi) |
| CVE-2022-23713 | 2022-07-06 | A cross-site-scripting (XSS) vulnerability was discovered in the Vega Charts Kibana integration which could allow arbitrary JavaScript to be executed in a victim’s browser. |
| CVE-2022-23714 | 2022-07-06 | A local privilege escalation (LPE) issue was discovered in the ransomware canaries features of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those... |
| CVE-2022-30929 | 2022-07-06 | Mini-Tmall v1.0 is vulnerable to Insecure Permissions via tomcat-embed-jasper. |
| CVE-2021-3695 | 2022-07-06 | A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually... |
| CVE-2021-3696 | 2022-07-06 | A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity... |
| CVE-2021-3697 | 2022-07-06 | A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker... |
| CVE-2022-33737 | 2022-07-06 | The OpenVPN Access Server installer creates a log file readable for everyone, which from version 2.10.0 and before 2.11.0 may contain a random generated admin password |
| CVE-2022-33738 | 2022-07-06 | OpenVPN Access Server before 2.11 uses a weak random generator used to create user session token for the web portal |
| CVE-2022-26078 | 2022-07-06 | Gallagher Controller 6000 is vulnerable to a Denial of Service attack via conflicting ARP packets with a duplicate IP address. This issue affects: Gallagher Gallagher Controller 6000 vCR8.60 versions prior... |
| CVE-2022-26348 | 2022-07-06 | Command Centre Server is vulnerable to SQL Injection via Windows Registry settings for date fields on the server. The Windows Registry setting allows an attacker using the Visitor Management Kiosk,... |
| CVE-2022-34595 | 2022-07-06 | Tenda AX1803 v1.0.0.1_2890 was discovered to contain a command injection vulnerability via the function setipv6status. |
| CVE-2022-34596 | 2022-07-06 | Tenda AX1803 v1.0.0.1_2890 was discovered to contain a command injection vulnerability via the function WanParameterSetting. |
| CVE-2022-34597 | 2022-07-06 | Tenda AX1806 v1.0.0.1 was discovered to contain a command injection vulnerability via the function WanParameterSetting. |
| CVE-2022-34598 | 2022-07-06 | The udpserver in H3C Magic R100 V200R004 and V100R005 has the 9034 port opened, allowing attackers to execute arbitrary commands. |
| CVE-2022-31111 | 2022-07-06 | Discrepency in transfer value and actual value due to incorrect truncation in Frontier |
| CVE-2022-31126 | 2022-07-06 | Unauthenticated Remote Code Execution in Roxy-wi |
| CVE-2022-31124 | 2022-07-06 | Possible leak of key's raw field if declared length is incorrect in openssh_key_parser |
| CVE-2022-31131 | 2022-07-06 | Ownership check missing when updating or deleting mail attachments in Nextcloud mail |
| CVE-2022-31127 | 2022-07-06 | Improper handling of email input in next-auth |
| CVE-2022-33047 | 2022-07-06 | OTFCC v0.10.4 was discovered to contain a heap buffer overflow after free via otfccbuild.c. |
| CVE-2022-2316 | 2022-07-06 | HTML injection vulnerability in secure messages of Devolutions Server before 2022.2 allows attackers to alter the rendering of the page or redirect a user to another site. |
| CVE-2015-3172 | 2022-07-06 | EidoGo is susceptible to Cross-Site Scripting (XSS) attacks via maliciously crafted SGF input. |
| CVE-2015-3173 | 2022-07-06 | custom-content-type-manager Wordpress plugin can be used by an administrator to achieve arbitrary PHP remote code execution. |
| CVE-2014-8164 | 2022-07-06 | A insecure configuration for certificate verification (http.verify_mode = OpenSSL::SSL::VERIFY_NONE) may lead to verification bypass in Red Hat CloudForms 5.x. |
| CVE-2021-4234 | 2022-07-06 | OpenVPN Access Server 2.10 and prior versions are susceptible to resending multiple packets in a response to a reset packet sent from the client which the client again does not... |
| CVE-2022-27548 | 2022-07-06 | HCL Launch is vulnerable to information disclosure which can be read by a local user. |
| CVE-2022-27549 | 2022-07-06 | HCL Launch could disclose sensitive database information to a local user in plain text. |
| CVE-2022-20752 | 2022-07-06 | Cisco Unified Communications Products Timing Attack Vulnerability |
| CVE-2022-20768 | 2022-07-06 | Cisco TelePresence Collaboration Endpoint and RoomOS Software Information Disclosure Vulnerability |
| CVE-2022-20791 | 2022-07-06 | Cisco Unified Communications Products Arbitrary File Read Vulnerability |
| CVE-2022-20800 | 2022-07-06 | Cisco Unified Communications Products Cross-Site Scripting Vulnerability |
| CVE-2022-20808 | 2022-07-06 | Cisco Smart Software Manager On-Prem Denial of Service Vulnerability |
| CVE-2022-20812 | 2022-07-06 | Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities |
| CVE-2022-20813 | 2022-07-06 | Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities |
| CVE-2022-20815 | 2022-07-06 | Cisco Unified Communications Products Cross-Site Scripting Vulnerability |
| CVE-2022-20859 | 2022-07-06 | Cisco Unified Communications Products Access Control Vulnerability |
| CVE-2022-20862 | 2022-07-06 | Cisco Unified Communications Manager Arbitrary File Read Vulnerability |
| CVE-2022-32060 | 2022-07-07 | An arbitrary file upload vulnerability in the Update Branding Settings component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file. |
| CVE-2022-32449 | 2022-07-07 | TOTOLINK EX300_V2 V4.0.3c.7484 was discovered to contain a command injection vulnerability via the langType parameter in the setLanguageCfg function. This vulnerability is exploitable via a crafted MQTT data packet. |
| CVE-2022-34592 | 2022-07-07 | Wavlink WL-WN575A3 RPT75A3.V4300.201217 was discovered to contain a command injection vulnerability via the function obtw. This vulnerability allows attackers to execute arbitrary commands via a crafted POST request. |
| CVE-2022-32205 | 2022-07-07 | A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. A sufficiently large amount of (big)... |
| CVE-2022-32206 | 2022-07-07 | curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression... |
| CVE-2022-32207 | 2022-07-07 | When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to... |
| CVE-2022-32208 | 2022-07-07 | When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even... |
| CVE-2022-2339 | 2022-07-07 | Server-Side Request Forgery (SSRF) in nocodb/nocodb |
| CVE-2022-2342 | 2022-07-07 | Cross-site Scripting (XSS) - Stored in outline/outline |
| CVE-2022-32567 | 2022-07-07 | The Appfire Jira Misc Custom Fields (JMCF) app 2.4.6 for Atlassian Jira allows XSS via a crafted project name to the Add Auto Indexing Rule function. |
| CVE-2022-34007 | 2022-07-07 | EQS Integrity Line Professional through 2022-07-01 allows a stored XSS via a crafted whistleblower entry. |
| CVE-2022-33996 | 2022-07-07 | Incorrect permission management in Devolutions Server before 2022.2 allows a new user with a preexisting username to inherit the permissions of that previous user. |
| CVE-2022-25046 | 2022-07-07 | A path traversal vulnerability in loader.php of CWP v0.9.8.1122 allows attackers to execute arbitrary code via a crafted POST request. |
| CVE-2022-25047 | 2022-07-07 | The password reset token in CWP v0.9.8.1126 is generated using known or predictable values. |
| CVE-2022-25048 | 2022-07-07 | Command injection vulnerability in CWP v0.9.8.1126 that allows normal users to run commands as the root user. |
| CVE-2015-3207 | 2022-07-07 | In Openshift Origin 3 the cookies being set in console have no 'secure', 'HttpOnly' attributes. |
| CVE-2015-1785 | 2022-07-07 | In nextgen-galery wordpress plugin before 2.0.77.3 there are two vulnerabilities which can allow an attacker to gain full access over the web application. The vulnerabilities lie in how the application... |
| CVE-2015-1784 | 2022-07-07 | In nextgen-galery wordpress plugin before 2.0.77.3 there are two vulnerabilities which can allow an attacker to gain full access over the web application. The vulnerabilities lie in how the application... |
| CVE-2022-31854 | 2022-07-07 | Codoforum v5.1 was discovered to contain an arbitrary file upload vulnerability via the logo change option in the admin panel. |
| CVE-2022-32441 | 2022-07-07 | A memory corruption in Hex Rays Ida Pro v6.6 allows attackers to cause a Denial of Service (DoS) via a crafted file. Related to Data from Faulting Address controls subsequent... |
| CVE-2021-46825 | 2022-07-07 | Symantec Advanced Secure Gateway (ASG) and ProxySG are susceptible to an HTTP desync vulnerability. When a remote unauthenticated attacker and other web clients communicate through the proxy with the same... |
| CVE-2022-23744 | 2022-07-07 | Check Point Endpoint before version E86.50 failed to protect against specific registry change which allowed to disable endpoint protection by a local administrator. |
| CVE-2015-5236 | 2022-07-07 | It was discovered that the IcedTea-Web used codebase attribute of the <applet> tag on the HTML page that hosts Java applet in the Same Origin Policy (SOP) checks. As the... |
| CVE-2022-32054 | 2022-07-07 | Tenda AC10 US_AC10V1.0RTL_V15.03.06.26_multi_TD01 was discovered to contain a remote code execution (RCE) vulnerability via the lanIp parameter. |
| CVE-2022-32055 | 2022-07-07 | Inout Homestay v2.2 was discovered to contain a SQL injection vulnerability via the guests parameter at /index.php?page=search/rentals. |
| CVE-2022-32056 | 2022-07-07 | Online Accreditation Management v1.0 was discovered to contain a SQL injection vulnerability via the USERNAME parameter at process.php. |
| CVE-2022-31133 | 2022-07-07 | Cross site scripting in HumHub |
| CVE-2022-32058 | 2022-07-07 | An infinite loop in the function httpRpmPass of TP-Link TL-WR741N/TL-WR742N V1/V2/V3_130415 allows attackers to cause a Denial of Service (DoS) via a crafted packet. |
| CVE-2022-31135 | 2022-07-07 | Maliciously crafted evidence packet may cause denial of service |
| CVE-2022-31136 | 2022-07-07 | Cross-site Scripting in BookWyrm |
| CVE-2022-31121 | 2022-07-07 | Improper Input Validation in fabric hyperledger |
| CVE-2021-44791 | 2022-07-07 | Reflected XSS on certain HTTP endpoints |
| CVE-2022-28889 | 2022-07-07 | Clickjacking in the web console |
| CVE-2015-5298 | 2022-07-07 | The Google Login Plugin (versions 1.0 and 1.1) allows malicious anonymous users to authenticate successfully against Jenkins instances that are supposed to be locked down to a particular Google Apps... |
| CVE-2021-31645 | 2022-07-07 | An issue was discovered in glFTPd 2.11a that allows remote attackers to cause a denial of service via exceeding the connection limit. |
| CVE-2022-33098 | 2022-07-07 | Magnolia CMS v6.2.19 was discovered to contain a cross-site scripting (XSS) vulnerability via the Edit Contact function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a... |
| CVE-2021-35283 | 2022-07-07 | SQL Injection vulnerability in product_admin.php in atoms183 CMS 1.0, allows attackers to execute arbitrary commands via the Name, Fname, and ID parameters to search.php. |
| CVE-2021-29281 | 2022-07-07 | File upload vulnerability in GFI Mail Archiver versions up to and including 15.1 via insecure implementation of Telerik Web UI plugin which is affected by CVE-2014-2217, and CVE-2017-11317. |
| CVE-2022-33680 | 2022-07-07 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability |
| CVE-2022-2048 | 2022-07-07 | In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and... |
| CVE-2022-2047 | 2022-07-07 | In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI... |
| CVE-2022-2191 | 2022-07-07 | In Eclipse Jetty versions 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, SslConnection does not release ByteBuffers from configured ByteBufferPool in case of error code paths. |
| CVE-2021-41042 | 2022-07-07 | In Eclipse Lyo versions 1.0.0 to 4.1.0, a TransformerFactory is initialized with the defaults that do not restrict DTD loading when working with RDF/XML. This allows an attacker to cause... |
| CVE-2022-31029 | 2022-07-07 | Authenticated XSS in Pi-hole AdminLTE |