Lista CVE - 2022 / Agosto
Visualizzazione 1001 - 1100 di 2306 CVE per Agosto 2022 (Pagina 11 di 24)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2022-2800 | 2022-08-12 | SourceCodester Gym Management System clickjacking |
| CVE-2022-2801 | 2022-08-12 | SourceCodester Automated Beer Parlour Billing System Login sql injection |
| CVE-2022-2802 | 2022-08-12 | SourceCodester Gas Agency Management System login.php sql injection |
| CVE-2022-2803 | 2022-08-12 | SourceCodester Zoo Management System animals.php sql injection |
| CVE-2022-2804 | 2022-08-12 | SourceCodester Zoo Management System apply_vacancy.php unrestricted upload |
| CVE-2022-35953 | 2022-08-12 | URL Redirection to Untrusted Site ('Open Redirect') in bookwyrm |
| CVE-2022-35956 | 2022-08-12 | update_by_case before 0.1.3 vulnerable to sql injection |
| CVE-2022-35943 | 2022-08-12 | SameSite may allow cross-site request forgery (CSRF) protection to be bypassed |
| CVE-2022-35942 | 2022-08-12 | loopback-connector-postgresql Vulnerable to Improper Sanitization of `contains` Filter |
| CVE-2022-35948 | 2022-08-13 | CRLF Injection in Nodejs ‘undici’ via Content-Type |
| CVE-2022-37400 | 2022-08-13 | Apache OpenOffice Static Initialization Vector Allows to Recover Passwords for Web Connections Without Knowing the Master Password |
| CVE-2022-37401 | 2022-08-13 | Apache OpenOffice Weak Master Keys |
| CVE-2022-35954 | 2022-08-13 | Delimiter injection vulnerability in @actions/core exportVariable |
| CVE-2022-35961 | 2022-08-14 | ECDSA signature malleability in OpenZeppelin Contracts |
| CVE-2022-36006 | 2022-08-14 | Authenticated remote code execution due to insecure deserialization (GHSL-2022-063) |
| CVE-2022-36007 | 2022-08-14 | Partial Path Traversal in com.github.jlangch:venice |
| CVE-2022-2811 | 2022-08-14 | SourceCodester Guest Management System myform.php cross site scripting |
| CVE-2022-2812 | 2022-08-14 | SourceCodester Guest Management System index.php sql injection |
| CVE-2022-2813 | 2022-08-14 | SourceCodester Guest Management System cleartext storage |
| CVE-2020-21365 | 2022-08-15 | Directory traversal vulnerability in wkhtmltopdf through 0.12.5 allows remote attackers to read local files and disclose sensitive information via a crafted html file running with the default configurations. |
| CVE-2022-2816 | 2022-08-15 | Out-of-bounds Read in vim/vim |
| CVE-2022-2817 | 2022-08-15 | Use After Free in vim/vim |
| CVE-2022-2819 | 2022-08-15 | Heap-based Buffer Overflow in vim/vim |
| CVE-2022-38223 | 2022-08-15 | There is an out-of-bounds write in checkType located in etc.c in w3m 0.5.3. It can be triggered by sending a crafted HTML file to the w3m binary. It allows an... |
| CVE-2022-38221 | 2022-08-15 | A buffer overflow in the FTcpListener thread in The Isle Evrima (the dedicated server on Windows and Linux) 0.9.88.07 before 2022-08-12 allows a remote attacker to crash any server with... |
| CVE-2022-38222 | 2022-08-15 | There is a use-after-free issue in JBIG2Stream::close() located in JBIG2Stream.cc in Xpdf 4.04. It can be triggered by sending a crafted PDF file to (for example) the pdfimages binary. It... |
| CVE-2022-2814 | 2022-08-15 | SourceCodester Simple and Nice Shopping Cart Script login.php cross site scripting |
| CVE-2022-2116 | 2022-08-15 | Elementor Contact Form DB < 1.8.0 - Reflected Cross-Site Scripting |
| CVE-2022-2152 | 2022-08-15 | Duplicate Page and Post Plugin < 2.8 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-2180 | 2022-08-15 | GREYD.SUITE < 1.2.7 - Unauthenticated File Upload to RCE |
| CVE-2022-2314 | 2022-08-15 | VR Calendar < 2.3.2 - Unauthenticated Arbitrary Function Call |
| CVE-2022-2354 | 2022-08-15 | WP-DBManager < 2.80.8 - Admin+ Remote Command Execution |
| CVE-2022-2378 | 2022-08-15 | Easy Student Results <= 2.2.8 - Reflected Cross-Site Scripting |
| CVE-2022-2379 | 2022-08-15 | Easy Student Results <= 2.2.8 - Sensitive Information Disclosure via REST API |
| CVE-2022-2381 | 2022-08-15 | E Unlocked - Student Result <= 1.0.4 - Arbitrary File Upload via CSRF |
| CVE-2022-2384 | 2022-08-15 | Digital Publications by Supsystic < 1.7.4 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-2535 | 2022-08-15 | SearchWP Live Ajax Search < 1.6.2 - Unauthenticated Arbitrary Post Title Disclosure |
| CVE-2022-2818 | 2022-08-15 | Improper Removal of Sensitive Information Before Storage or Transfer in cockpit-hq/cockpit |
| CVE-2022-2822 | 2022-08-15 | Authentication Bypass by Primary Weakness in octoprint/octoprint |
| CVE-2022-2821 | 2022-08-15 | Missing Critical Step in Authentication in namelessmc/nameless |
| CVE-2022-2820 | 2022-08-15 | Session Fixation in namelessmc/nameless |
| CVE-2022-36262 | 2022-08-15 | An issue was discovered in taocms 3.0.2. in the website settings that allows arbitrary php code to be injected by modifying config.php. |
| CVE-2022-33993 | 2022-08-15 | Misinterpretation of special domain name characters in DNRD (aka Domain Name Relay Daemon) 2.20.3 leads to cache poisoning because domain names and their associated IP addresses are cached in their... |
| CVE-2022-33992 | 2022-08-15 | DNRD (aka Domain Name Relay Daemon) 2.20.3 forwards and caches DNS queries with the CD (aka checking disabled) bit set to 1. This leads to disabling of DNSSEC protection provided... |
| CVE-2022-34294 | 2022-08-15 | totd 1.5.3 uses a fixed UDP source port in upstream queries sent to DNS resolvers. This allows DNS cache poisoning because there is not enough entropy to prevent traffic injection... |
| CVE-2022-33988 | 2022-08-15 | dproxy-nexgen (aka dproxy nexgen) re-uses the DNS transaction id (TXID) value from client queries, which allows attackers (able to send queries to the resolver) to conduct DNS cache-poisoning attacks because... |
| CVE-2022-33989 | 2022-08-15 | dproxy-nexgen (aka dproxy nexgen) uses a static UDP source port (selected randomly only at boot time) in upstream queries sent to DNS resolvers. This allows DNS cache poisoning because there... |
| CVE-2022-33990 | 2022-08-15 | Misinterpretation of special domain name characters in dproxy-nexgen (aka dproxy nexgen) leads to cache poisoning because domain names and their associated IP addresses are cached in their misinterpreted form. |
| CVE-2022-33991 | 2022-08-15 | dproxy-nexgen (aka dproxy nexgen) forwards and caches DNS queries with the CD (aka checking disabled) bit set to 1. This leads to disabling of DNSSEC protection provided by upstream resolvers. |
| CVE-2022-2824 | 2022-08-15 | Authorization Bypass Through User-Controlled Key in openemr/openemr |
| CVE-2022-35623 | 2022-08-15 | In Nordic nRF5 SDK for Mesh 5.0, a heap overflow vulnerability can be triggered by sending a series of segmented control packets and access packets with the same SeqAuth |
| CVE-2022-35624 | 2022-08-15 | In Nordic nRF5 SDK for Mesh 5.0, a heap overflow vulnerability can be triggered by sending a series of segmented packets with SegO > SegN |
| CVE-2022-36523 | 2022-08-15 | D-Link Go-RT-AC750 GORTAC750_revA_v101b03 & GO-RT-AC750_revB_FWv200b02 is vulnerable to command injection via /htdocs/upnpinc/gena.php. |
| CVE-2022-36524 | 2022-08-15 | D-Link GO-RT-AC750 GORTAC750_revA_v101b03 & GO-RT-AC750_revB_FWv200b02 is vulnerable to Static Default Credentials via /etc/init0.d/S80telnetd.sh. |
| CVE-2022-36525 | 2022-08-15 | D-Link Go-RT-AC750 GORTAC750_revA_v101b03 & GO-RT-AC750_revB_FWv200b02 is vulnerable to Buffer Overflow via authenticationcgi_main. |
| CVE-2022-36526 | 2022-08-15 | D-Link GO-RT-AC750 GORTAC750_revA_v101b03 & GO-RT-AC750_revB_FWv200b02 is vulnerable to Authentication Bypass via function phpcgi_main in cgibin. |
| CVE-2022-36010 | 2022-08-15 | Arbitrary code execution via function parsing in react-editable-json-tree |
| CVE-2022-24654 | 2022-08-15 | Authenticated stored cross-site scripting (XSS) vulnerability in "Field Server Address" field in INTELBRAS ATA 200 Firmware 74.19.10.21 allows attackers to inject JavaScript code through a crafted payload. |
| CVE-2022-35978 | 2022-08-15 | Lua sandbox escape from mod in Minetest |
| CVE-2020-21641 | 2022-08-15 | Out-of-Band XML External Entity (OOB-XXE) vulnerability in Zoho ManageEngine Analytics Plus before 4.3.5 allows remote attackers to read arbitrary files, enumerate folders and scan internal ports via crafted XML license... |
| CVE-2020-21642 | 2022-08-15 | Directory Traversal vulnerability ZDBQAREFSUBDIR parameter in /zropusermgmt API in Zoho ManageEngine Analytics Plus before 4350 allows remote attackers to run arbitrary code. |
| CVE-2020-23622 | 2022-08-15 | An issue in the UPnP protocol in 4thline cling 2.0.0 through 2.1.2 allows remote attackers to cause a denial of service via an unchecked CALLBACK parameter in the request header |
| CVE-2022-34711 | 2022-08-15 | Windows Defender Credential Guard Elevation of Privilege Vulnerability |
| CVE-2022-35822 | 2022-08-15 | Windows Defender Credential Guard Security Feature Bypass Vulnerability |
| CVE-2022-38186 | 2022-08-15 | There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.8.1 and below which may allow a remote attacker able to convince a user to click on a... |
| CVE-2022-38190 | 2022-08-15 | Stored cross-site scripting vulnerability in Esri Portal for ArcGIS Configurable Apps |
| CVE-2022-38188 | 2022-08-15 | There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 which may allow a remote attacker able to convince a user to click on a crafted link... |
| CVE-2022-38368 | 2022-08-15 | An issue was discovered in Aviatrix Gateway before 6.6.5712 and 6.7.x before 6.7.1376. Because Gateway API functions mishandle authentication, an authenticated VPN user can inject arbitrary commands. |
| CVE-2022-38187 | 2022-08-15 | Prevent access to sharing/rest/content/features/analyze to unauthorized users |
| CVE-2022-38191 | 2022-08-15 | HTML injection vulnerability in Portal for ArcGIS |
| CVE-2022-38358 | 2022-08-15 | Improper neutralization of input during web page generation leaves the Eyes of Network web application vulnerable to cross-site scripting attacks at /module/admin_notifiers/rules.php and /module/report_event/indext.php via the parameters rule_notification, rule_name, and... |
| CVE-2022-38359 | 2022-08-15 | Cross-site request forgery attacks can be carried out against the Eyes of Network web application, due to an absence of adequate protections. An attacker can, for instance, delete the admin... |
| CVE-2022-38357 | 2022-08-15 | Improper neutralization of special elements leaves the Eyes of Network Web application vulnerable to an iFrame injection attack, via the url parameter of /module/module_frame/index.php. |
| CVE-2022-28756 | 2022-08-15 | Local Privilege Escalation in Auto Updater for Zoom Client for Meetings for macOS |
| CVE-2020-10710 | 2022-08-16 | A flaw was found where the Plaintext Candlepin password is disclosed while updating Red Hat Satellite through the satellite-installer. This flaw allows an attacker with sufficiently high privileges, such as... |
| CVE-2020-14321 | 2022-08-16 | In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, teachers of a course were able to assign themselves the manager role within that course. |
| CVE-2020-14322 | 2022-08-16 | In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, yui_combo needed to limit the amount of files it can load to help mitigate the risk of denial of service. |
| CVE-2022-24950 | 2022-08-16 | A race condition exists in Eternal Terminal prior to version 6.2.0 that allows an authenticated attacker to hijack other users' SSH authorization socket, enabling the attacker to login to other... |
| CVE-2022-24951 | 2022-08-16 | A race condition exists in Eternal Terminal prior to version 6.2.0 which allows a local attacker to hijack Eternal Terminal's IPC socket, enabling access to Eternal Terminal clients which attempt... |
| CVE-2022-24952 | 2022-08-16 | Several denial of service vulnerabilities exist in Eternal Terminal prior to version 6.2.0, including a DoS triggered remotely by an invalid sequence number and a local bug triggered by invalid... |
| CVE-2022-2846 | 2022-08-16 | Calendar Event Multi View < 1.4.07 - Unauthenticated Arbitrary Event Creation to Stored XSS |
| CVE-2022-24949 | 2022-08-16 | A privilege escalation to root exists in Eternal Terminal prior to version 6.2.0. This is due to the combination of a race condition, buffer overflow, and logic bug all in... |
| CVE-2022-36306 | 2022-08-16 | An authenticated attacker can enumerate and download sensitive files, including the eNodeB's web management UI's TLS private key, the web server binary, and the web server configuration file. These vulnerabilities... |
| CVE-2022-36307 | 2022-08-16 | The AirVelocity 1500 prints SNMP credentials on its physically accessible serial port during boot. This was fixed in AirVelocity 1500 software version 15.18.00.2511 and may affect other AirVelocity and AirSpeed... |
| CVE-2022-36308 | 2022-08-16 | Airspan AirVelocity 1500 web management UI displays SNMP credentials in plaintext on software versions older than 15.18.00.2511, and stores SNMPv3 credentials unhashed on the filesystem, enabling anyone with web access... |
| CVE-2022-36309 | 2022-08-16 | Airspan AirVelocity 1500 software versions prior to 15.18.00.2511 have a root command injection vulnerability in the ActiveBank parameter of the recoverySubmit.cgi script running on the eNodeB's web management UI. This... |
| CVE-2022-36310 | 2022-08-16 | Airspan AirVelocity 1500 software prior to version 15.18.00.2511 had NET-SNMP-EXTEND-MIB enabled on its snmpd service, enabling an attacker with SNMP write abilities to execute commands as root on the eNodeB.... |
| CVE-2022-36311 | 2022-08-16 | Airspan AirVelocity 1500 prior to software version 15.18.00.2511 is vulnerable to injection leading to XSS in the SNMP community field in the eNodeB's web management UI. This issue may affect... |
| CVE-2022-36312 | 2022-08-16 | Airspan AirVelocity 1500 software version 15.18.00.2511 lacks CSRF protections in the eNodeB's web management UI. This issue may affect other AirVelocity and AirSpeed models. |
| CVE-2022-38216 | 2022-08-16 | An integer overflow exists in Mapbox's closed source gl-native library prior to version 10.6.1, which is bundled with multiple Mapbox products including open source libraries. The overflow is caused by... |
| CVE-2022-33939 | 2022-08-16 | CENTUM VP / CS 3000 controller FCS (CP31, CP33, CP345, CP401, and CP451) contains an issue in processing communication packets, which may lead to resource consumption. If this vulnerability is... |
| CVE-2022-34156 | 2022-08-16 | 'Hulu / フールー' App for iOS versions prior to 3.0.81 improperly verifies server certificates, which may allow an attacker to eavesdrop on an encrypted communication via a man-in-the-middle attack. |
| CVE-2022-35239 | 2022-08-16 | The image file management page of SolarView Compact SV-CPT-MC310 Ver.7.23 and earlier, and SV-CPT-MC310F Ver.7.23 and earlier contains an insufficient verification vulnerability when uploading files. If this vulnerability is exploited,... |
| CVE-2022-35734 | 2022-08-16 | 'Hulu / フールー' App for Android from version 3.0.47 to the version prior to 3.1.2 uses a hard-coded API key for an external service. By exploiting this vulnerability, API key... |
| CVE-2022-36293 | 2022-08-16 | Buffer overflow vulnerability in Nintendo Wi-Fi Network Adaptor WAP-001 All versions allows an attacker with an administrative privilege to execute arbitrary code via unspecified vectors. |
| CVE-2022-36344 | 2022-08-16 | An unquoted search path vulnerability exists in 'JustSystems JUST Online Update for J-License' bundled with multiple products for corporate users as in Ichitaro through Pro5 and others. Since the affected... |
| CVE-2022-36381 | 2022-08-16 | OS command injection vulnerability in Nintendo Wi-Fi Network Adaptor WAP-001 All versions allows an attacker with an administrative privilege to execute arbitrary OS commands via unspecified vectors. |
| CVE-2022-2838 | 2022-08-16 | In Eclipse Sphinx™ before version 0.13.1, Apache Xerces XML Parser was used without disabling processing of referenced external entities allowing the injection of arbitrary definitions which is able to access... |
| CVE-2022-29959 | 2022-08-16 | Emerson OpenBSI through 2022-04-29 mishandles credential storage. It is an engineering environment for the ControlWave and Bristol Babcock line of RTUs. This environment provides access control functionality through user authentication... |
| CVE-2021-30490 | 2022-08-16 | upsMonitor in ViewPower (aka ViewPowerHTML) 1.04-21012 through 1.04-21353 has insecure permissions for the service binary that enable an Authenticated User to modify files, allowing for privilege escalation. |