Lista CVE - 2022 / Agosto
Visualizzazione 1201 - 1300 di 2306 CVE per Agosto 2022 (Pagina 13 di 24)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2022-35475 | 2022-08-16 | OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6e41a8. |
| CVE-2022-35477 | 2022-08-16 | OTFCC v0.10.4 was discovered to contain a segmentation violation via /release-x64/otfccdump+0x4fe954. |
| CVE-2022-35479 | 2022-08-16 | OTFCC v0.10.4 was discovered to contain a segmentation violation via /release-x64/otfccdump+0x4fbbb6. |
| CVE-2022-35471 | 2022-08-16 | OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6e41b0. |
| CVE-2022-35481 | 2022-08-16 | OTFCC v0.10.4 was discovered to contain a segmentation violation via /multiarch/memmove-vec-unaligned-erms.S. |
| CVE-2022-35482 | 2022-08-16 | OTFCC v0.10.4 was discovered to contain a segmentation violation via /release-x64/otfccdump+0x65f724. |
| CVE-2022-35483 | 2022-08-16 | OTFCC v0.10.4 was discovered to contain a segmentation violation via /release-x64/otfccdump+0x5266a8. |
| CVE-2022-35484 | 2022-08-16 | OTFCC v0.10.4 was discovered to contain a segmentation violation via /release-x64/otfccdump+0x6b6a8f. |
| CVE-2022-35485 | 2022-08-16 | OTFCC v0.10.4 was discovered to contain a segmentation violation via /release-x64/otfccdump+0x703969. |
| CVE-2022-35486 | 2022-08-16 | OTFCC v0.10.4 was discovered to contain a segmentation violation via /release-x64/otfccdump+0x6badae. |
| CVE-2022-36139 | 2022-08-16 | SWFMill commit 53d7690 was discovered to contain a heap-buffer overflow via SWF::Writer::writeByte(unsigned char). |
| CVE-2022-36140 | 2022-08-16 | SWFMill commit 53d7690 was discovered to contain a segmentation violation via SWF::DeclareFunction2::write(SWF::Writer*, SWF::Context*). |
| CVE-2022-36141 | 2022-08-16 | SWFMill commit 53d7690 was discovered to contain a segmentation violation via SWF::MethodBody::write(SWF::Writer*, SWF::Context*). |
| CVE-2022-36142 | 2022-08-16 | SWFMill commit 53d7690 was discovered to contain a heap-buffer overflow via SWF::Reader::getU30(). |
| CVE-2022-36143 | 2022-08-16 | SWFMill commit 53d7690 was discovered to contain a heap-buffer overflow via __interceptor_strlen.part at /sanitizer_common/sanitizer_common_interceptors.inc. |
| CVE-2022-36144 | 2022-08-16 | SWFMill commit 53d7690 was discovered to contain a heap-buffer overflow via base64_encode. |
| CVE-2022-36145 | 2022-08-16 | SWFMill commit 53d7690 was discovered to contain a segmentation violation via SWF::Reader::getWord(). |
| CVE-2022-36146 | 2022-08-16 | SWFMill commit 53d7690 was discovered to contain a memory allocation issue via operator new[](unsigned long) at asan_new_delete.cpp. |
| CVE-2022-36149 | 2022-08-16 | tifig v0.2.2 was discovered to contain a heap-use-after-free via temInfoEntry(). |
| CVE-2022-36150 | 2022-08-16 | tifig v0.2.2 was discovered to contain a heap-buffer overflow via __asan_memmove at /asan/asan_interceptors_memintrinsics.cpp. |
| CVE-2022-36151 | 2022-08-16 | tifig v0.2.2 was discovered to contain a segmentation violation via getType() at /common/bbox.cpp. |
| CVE-2022-36153 | 2022-08-16 | tifig v0.2.2 was discovered to contain a segmentation violation via std::vector<unsigned int, std::allocator<unsigned int> >::size() const at /bits/stl_vector.h. |
| CVE-2022-37781 | 2022-08-16 | fdkaac v1.0.3 was discovered to contain a heap buffer overflow via __interceptor_memcpy.part.46 at /sanitizer_common/sanitizer_common_interceptors.inc. |
| CVE-2022-38227 | 2022-08-16 | XPDF commit ffaf11c was discovered to contain a stack overflow via __asan_memcpy at asan_interceptors_memintrinsics.cpp. |
| CVE-2022-38228 | 2022-08-16 | XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::transformDataUnit at /xpdf/Stream.cc. |
| CVE-2022-38229 | 2022-08-16 | XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::readHuffSym(DCTHuffTable*) at /xpdf/Stream.cc. |
| CVE-2022-38230 | 2022-08-16 | XPDF commit ffaf11c was discovered to contain a floating point exception (FPE) via DCTStream::decodeImage() at /xpdf/Stream.cc. |
| CVE-2022-38231 | 2022-08-16 | XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::getChar() at /xpdf/Stream.cc. |
| CVE-2022-38233 | 2022-08-16 | XPDF commit ffaf11c was discovered to contain a segmentation violation via DCTStream::readMCURow() at /xpdf/Stream.cc. |
| CVE-2022-38234 | 2022-08-16 | XPDF commit ffaf11c was discovered to contain a segmentation violation via Lexer::getObj(Object*) at /xpdf/Lexer.cc. |
| CVE-2022-38235 | 2022-08-16 | XPDF commit ffaf11c was discovered to contain a segmentation violation via DCTStream::getChar() at /xpdf/Stream.cc. |
| CVE-2022-38236 | 2022-08-16 | XPDF commit ffaf11c was discovered to contain a global-buffer overflow via Lexer::getObj(Object*) at /xpdf/Lexer.cc. |
| CVE-2022-38237 | 2022-08-16 | XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::readScan() at /xpdf/Stream.cc. |
| CVE-2022-38238 | 2022-08-16 | XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::lookChar() at /xpdf/Stream.cc. |
| CVE-2021-42052 | 2022-08-16 | IPESA e-Flow 3.3.6 allows path traversal for reading any file within the web root directory via the lib/js/build/STEResource.res path and the R query parameter. |
| CVE-2022-25799 | 2022-08-16 | An open redirect vulnerability exists in CERT/CC VINCE software prior to version 1.50.0 |
| CVE-2022-1399 | 2022-08-16 | Remote code execution in scheduled tasks component |
| CVE-2022-1400 | 2022-08-16 | Hardcoded encryption key IV in Exago WebReportsApi.dll |
| CVE-2022-1410 | 2022-08-16 | Remote Code Execution in Device42 ApplianceManager console |
| CVE-2022-1401 | 2022-08-16 | Insufficient validation of provided paths in Exago WrImageResource.axd |
| CVE-2020-14394 | 2022-08-17 | An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block (TRB) Ring. This flaw allows a privileged... |
| CVE-2022-2845 | 2022-08-17 | Improper Validation of Specified Quantity in Input in vim/vim |
| CVE-2022-2849 | 2022-08-17 | Heap-based Buffer Overflow in vim/vim |
| CVE-2022-2862 | 2022-08-17 | Use After Free in vim/vim |
| CVE-2022-2867 | 2022-08-17 | libtiff's tiffcrop utility has a uint32_t underflow that can lead to out of bounds read and write. An attacker who supplies a crafted file to tiffcrop (likely via tricking a... |
| CVE-2022-2868 | 2022-08-17 | libtiff's tiffcrop utility has a improper input validation flaw that can lead to out of bounds read and ultimately cause a crash if an attacker is able to supply a... |
| CVE-2022-2869 | 2022-08-17 | libtiff's tiffcrop tool has a uint32_t underflow which leads to out of bounds read and write in the extractContigSamples8bits routine. An attacker who supplies a crafted file to tiffcrop could... |
| CVE-2022-36190 | 2022-08-17 | GPAC mp4box 2.1-DEV-revUNKNOWN-master has a use-after-free vulnerability in function gf_isom_dovi_config_get. This vulnerability was fixed in commit fef6242. |
| CVE-2022-36191 | 2022-08-17 | A heap-buffer-overflow had occurred in function gf_isom_dovi_config_get of isomedia/avc_ext.c:2490, as demonstrated by MP4Box. This vulnerability was fixed in commit fef6242. |
| CVE-2022-38392 | 2022-08-17 | Certain 5400 RPM hard drives, for laptops and other PCs in approximately 2005 and later, allow physically proximate attackers to cause a denial of service (device malfunction and system crash)... |
| CVE-2022-2871 | 2022-08-17 | Cross-site Scripting (XSS) - Stored in notrinos/notrinoserp |
| CVE-2021-45454 | 2022-08-17 | Ampere Altra before SRP 1.08b and Altra Max before SRP 2.05 allow information disclosure of power telemetry via HWmon. |
| CVE-2022-37459 | 2022-08-17 | Ampere Altra devices before 1.08g and Ampere Altra Max devices before 2.05a allow attackers to control the predictions for return addresses and potentially hijack code flow to execute arbitrary code... |
| CVE-2022-30262 | 2022-08-17 | The Emerson ControlWave 'Next Generation' RTUs through 2022-05-02 mishandle firmware integrity. They utilize the BSAP-IP protocol to transmit firmware updates. Firmware updates are supplied as CAB archive files containing a... |
| CVE-2022-38149 | 2022-08-17 | HashiCorp Consul Template up to 0.27.2, 0.28.2, and 0.29.1 may expose the contents of Vault secrets in the error returned by the *template.Template.Execute method, when given a template using Vault... |
| CVE-2022-31262 | 2022-08-17 | An exploitable local privilege escalation vulnerability exists in GOG Galaxy 2.0.46. Due to insufficient folder permissions, an attacker can hijack the %ProgramData%\GOG.com folder structure and change the GalaxyCommunication service executable... |
| CVE-2022-36186 | 2022-08-17 | A Null Pointer dereference vulnerability exists in GPAC 2.1-DEV-revUNKNOWN-master via the function gf_filter_pid_set_property_full () at filter_core/filter_pid.c:5250,which causes a Denial of Service (DoS). This vulnerability was fixed in commit b43f9d1. |
| CVE-2022-22455 | 2022-08-17 | IBM Security Verify Governance Identity Manager 10.0 virtual appliance component performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or... |
| CVE-2022-35117 | 2022-08-17 | Clinic's Patient Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via update_medicine_details.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted... |
| CVE-2022-2870 | 2022-08-17 | laravel deserialization |
| CVE-2022-36216 | 2022-08-17 | DedeCMS v5.7.94 - v5.7.97 was discovered to contain a remote code execution vulnerability in member_toadmin.php. |
| CVE-2022-35516 | 2022-08-17 | DedeCMS v5.7.93 - v5.7.96 was discovered to contain a remote code execution vulnerability in login.php. |
| CVE-2022-36215 | 2022-08-17 | DedeBIZ v6 was discovered to contain a remote code execution vulnerability in sys_info.php. |
| CVE-2022-35121 | 2022-08-17 | Novel-Plus v3.6.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /service/impl/BookServiceImpl.java. |
| CVE-2022-2547 | 2022-08-17 | Softing Secure Integration Server NULL Pointer Dereference |
| CVE-2022-2336 | 2022-08-17 | Softing Secure Integration Server Improper Authentication |
| CVE-2022-1748 | 2022-08-17 | Softing Secure Integration Server NULL Pointer Dereference |
| CVE-2022-1373 | 2022-08-17 | Softing Secure Integration Server Relative Path Traversal |
| CVE-2022-2334 | 2022-08-17 | Softing Secure Integration Server Uncontrolled Search Path Element |
| CVE-2022-2335 | 2022-08-17 | Softing Secure Integration Server Integer Underflow |
| CVE-2022-2338 | 2022-08-17 | Softing Secure Integration Server Cleartext Transmission of Sensitive Information |
| CVE-2022-1069 | 2022-08-17 | Softing Secure Integration Server Out-of-bounds Read |
| CVE-2022-2337 | 2022-08-17 | Softing Secure Integration Server NULL Pointer Dereference |
| CVE-2021-26639 | 2022-08-17 | WISA Smart Wing CMS File Download Vulnerability |
| CVE-2022-23764 | 2022-08-17 | TERUTEN WebCube update remote code execution vulnerability |
| CVE-2022-23765 | 2022-08-17 | IPTIME NAS family CSRF vulnerability |
| CVE-2022-35122 | 2022-08-17 | An access control issue in Ecowitt GW1100 Series Weather Stations <=GW1100B_v2.1.5 allows unauthenticated attackers to access sensitive information including device and local WiFi passwords. |
| CVE-2022-35133 | 2022-08-17 | A cross-site scripting (XSS) vulnerability in CherryTree v0.99.30 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field when creating a... |
| CVE-2022-35147 | 2022-08-17 | DoraCMS v2.18 and earlier allows attackers to bypass login authentication via a crafted HTTP request. |
| CVE-2022-23747 | 2022-08-17 | In Sony Xperia series 1, 5, and Pro, an out of bound memory access can occur due to lack of validation of the number of frames being passed during music... |
| CVE-2022-35148 | 2022-08-17 | maccms10 v2021.1000.1081 to v2022.1000.3031 was discovered to contain a SQL injection vulnerability via the table parameter at database/columns.html. |
| CVE-2022-28751 | 2022-08-17 | Local Privilege Escalation in Zoom Client for Meetings for MacOS |
| CVE-2022-28752 | 2022-08-17 | Local Privilege Escalation in the Zoom Rooms for Windows Client |
| CVE-2022-35151 | 2022-08-17 | kkFileView v4.1.0 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the urls and currentUrl parameters at /controller/OnlinePreviewController.java. |
| CVE-2021-32862 | 2022-08-18 | nbconvert vulnerable to cross-site scripting (XSS) via multiple exploit paths |
| CVE-2022-2625 | 2022-08-18 | A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait for an administrator to create... |
| CVE-2022-2874 | 2022-08-18 | NULL Pointer Dereference in vim/vim |
| CVE-2022-37047 | 2022-08-18 | The component tcprewrite in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in get_ipv6_next at common/get.c:713. NOTE: this is different from CVE-2022-27940. |
| CVE-2022-37048 | 2022-08-18 | The component tcprewrite in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in get_l2len_protocol at common/get.c:344. NOTE: this is different from CVE-2022-27941. |
| CVE-2022-37049 | 2022-08-18 | The component tcpprep in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in parse_mpls at common/get.c:150. NOTE: this is different from CVE-2022-27942. |
| CVE-2021-23168 | 2022-08-18 | Out of bounds read for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow an unauthenticated user to potentially enable denial of service via adjacent access. |
| CVE-2021-23223 | 2022-08-18 | Improper initialization for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2021-37409 | 2022-08-18 | Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2021-44545 | 2022-08-18 | Improper input validation for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow an unauthenticated user to potentially enable denial of service via adjacent access. |
| CVE-2022-21181 | 2022-08-18 | Improper input validation for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2022-21225 | 2022-08-18 | Improper neutralization in the Intel(R) Data Center Manager software before version 4.1 may allow an authenticated user to potentially enable escalation of privilege via adjacent access. |
| CVE-2022-21229 | 2022-08-18 | Improper buffer restrictions for some Intel(R) NUC 9 Extreme Laptop Kit drivers before version 2.2.0.22 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2022-21233 | 2022-08-18 | Improper isolation of shared resources in some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access. |
| CVE-2022-26373 | 2022-08-18 | Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. |
| CVE-2022-28697 | 2022-08-18 | Improper access control in firmware for Intel(R) AMT and Intel(R) Standard Manageability may allow an unauthenticated user to potentially enable escalation of privilege via physical access. |