Lista CVE - 2022 / Agosto
Visualizzazione 1301 - 1400 di 2306 CVE per Agosto 2022 (Pagina 14 di 24)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2022-30601 | 2022-08-18 | Insufficiently protected credentials for Intel(R) AMT and Intel(R) Standard Manageability may allow an unauthenticated user to potentially enable information disclosure and escalation of privilege via network access. |
| CVE-2022-30944 | 2022-08-18 | Insufficiently protected credentials for Intel(R) AMT and Intel(R) Standard Manageability may allow a privileged user to potentially enable information disclosure via local access. |
| CVE-2022-36023 | 2022-08-18 | Remote denial of service in Hyperledger Fabric Gateway |
| CVE-2022-37060 | 2022-08-18 | FLIR AX8 thermal sensor cameras version up to and including 1.46.16 is vulnerable to Directory Traversal due to an improper access restriction. An unauthenticated, remote attacker can exploit this by... |
| CVE-2022-37061 | 2022-08-18 | All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are vulnerable to Remote Command Injection. This can be exploited to inject and execute arbitrary shell commands as... |
| CVE-2022-35598 | 2022-08-18 | A SQL injection vulnerability in ConnectionFactoryDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter username. |
| CVE-2022-35599 | 2022-08-18 | A SQL injection vulnerability in Stocks.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter productcode. |
| CVE-2022-35601 | 2022-08-18 | A SQL injection vulnerability in SupplierDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter searchTxt. |
| CVE-2022-35602 | 2022-08-18 | A SQL injection vulnerability in UserDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter user. |
| CVE-2022-35603 | 2022-08-18 | A SQL injection vulnerability in CustomerDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter searchTxt. |
| CVE-2022-35605 | 2022-08-18 | A SQL injection vulnerability in UserDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as 'users', 'pass', etc. |
| CVE-2022-35606 | 2022-08-18 | A SQL injection vulnerability in CustomerDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameter 'customerCode.' |
| CVE-2021-30070 | 2022-08-18 | An issue was discovered in HestiaCP before v1.3.5. Attackers are able to arbitrarily install packages due to values taken from the pgk [] parameter in the update request being transmitted... |
| CVE-2022-35153 | 2022-08-18 | FusionPBX 5.0.1 was discovered to contain a command injection vulnerability via /fax/fax_send.php. |
| CVE-2021-30071 | 2022-08-18 | A cross-site scripting (XSS) vulnerability in /admin/list_key.html of HestiaCP before v1.3.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. |
| CVE-2022-35154 | 2022-08-18 | Shopro Mall System v1.3.8 was discovered to contain a SQL injection vulnerability via the value parameter. |
| CVE-2022-35164 | 2022-08-18 | LibreDWG v0.12.4.4608 & commit f2dea29 was discovered to contain a heap use-after-free via bit_copy_chain. |
| CVE-2022-35165 | 2022-08-18 | An issue in AP4_SgpdAtom::AP4_SgpdAtom() of Bento4-1.6.0-639 allows attackers to cause a Denial of Service (DoS) via a crafted mp4 input. |
| CVE-2022-35166 | 2022-08-18 | libjpeg commit 842c7ba was discovered to contain an infinite loop via the component JPEG::ReadInternal. |
| CVE-2022-35173 | 2022-08-18 | An issue was discovered in Nginx NJS v0.7.5. The JUMP offset for a break instruction was not set to a correct offset during code generation, leading to a segmentation violation. |
| CVE-2022-35198 | 2022-08-18 | Contract Management System v2.0 contains a weak default password which gives attackers to access database connection information. |
| CVE-2022-25986 | 2022-08-18 | Browse restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Scheduler. |
| CVE-2022-28715 | 2022-08-18 | Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors. |
| CVE-2022-29487 | 2022-08-18 | Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors. |
| CVE-2022-29891 | 2022-08-18 | Browse restriction bypass vulnerability in Custom Ap of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Custom App via unspecified vectors. |
| CVE-2022-30604 | 2022-08-18 | Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors. |
| CVE-2022-30693 | 2022-08-18 | Information disclosure vulnerability in the system configuration of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to obtain the data of the product via unspecified vectors. |
| CVE-2022-32283 | 2022-08-18 | Browse restriction bypass vulnerability in Cabinet of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Cabinet via unspecified vectors. |
| CVE-2022-32453 | 2022-08-18 | HTTP header injection vulnerability in Cybozu Office 10.0.0 to 10.8.5 may allow a remote attacker to obtain and/or alter the data of the product via unspecified vectors. |
| CVE-2022-32544 | 2022-08-18 | Operation restriction bypass vulnerability in Project of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to alter the data of Project via unspecified vectors. |
| CVE-2022-32583 | 2022-08-18 | Operation restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to alter the data of Scheduler via unspecified vectors. |
| CVE-2022-33151 | 2022-08-18 | Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows remote attackers to inject an arbitrary script via unspecified vectors. |
| CVE-2022-33311 | 2022-08-18 | Browse restriction bypass vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Address Book via unspecified vectors. |
| CVE-2022-2876 | 2022-08-18 | SourceCodester Student Management System index.php sql injection |
| CVE-2022-29550 | 2022-08-18 | An issue was discovered in Qualys Cloud Agent 4.8.0-49. It writes "ps auxwwe" output to the /var/log/qualys/qualys-cloud-agent-scan.log file. This may, for example, unexpectedly write credentials (from environment variables) to disk... |
| CVE-2022-29549 | 2022-08-18 | An issue was discovered in Qualys Cloud Agent 4.8.0-49. It executes programs at various full pathnames without first making ownership and permission checks (e.g., to help ensure that a program... |
| CVE-2022-37025 | 2022-08-18 | An improper privilege management vulnerability in McAfee Security Scan Plus (MSS+) before 4.1.262.1 could allow a local user to modify a configuration file and perform a LOLBin (Living off the... |
| CVE-2022-36024 | 2022-08-18 | Bots using py-cord as discord api wrapper are vulnerable to shutdowns through remote code execution |
| CVE-2022-37062 | 2022-08-18 | All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are affected by an insecure design vulnerability due to an improper directory access restriction. An unauthenticated, remote attacker... |
| CVE-2022-37063 | 2022-08-18 | All FLIR AX8 thermal sensor cameras versions up to and including 1.46.16 are vulnerable to Cross Site Scripting (XSS) due to improper input sanitization. An authenticated remote attacker can execute... |
| CVE-2022-35174 | 2022-08-18 | A stored cross-site scripting (XSS) vulnerability in Kirby's Starterkit v3.7.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Tags field. |
| CVE-2022-35175 | 2022-08-18 | Barangay Management System v1.0 was discovered to contain a SQL injection vulnerability via the hidden_id parameter at /blotter/blotter.php. |
| CVE-2022-35975 | 2022-08-18 | Improper object validation allows for arbitrary code execution in GitOps Tools Extension for VSCode |
| CVE-2022-37422 | 2022-08-18 | Payara through 5.2022.2 allows directory traversal without authentication. This affects Payara Server, Payara Micro, and Payara Server Embedded. |
| CVE-2022-35204 | 2022-08-18 | Vitejs Vite before v2.9.13 was discovered to allow attackers to perform a directory traversal via a crafted URL to the victim's service. |
| CVE-2020-27787 | 2022-08-18 | A Segmentaation fault was found in UPX in invert_pt_dynamic() function in p_lx_elf.cpp. An attacker with a crafted input file allows invalid memory address access that could lead to a denial... |
| CVE-2022-35976 | 2022-08-18 | Improper KubeConfig handling allows arbitrary code execution |
| CVE-2020-27790 | 2022-08-18 | A floating point exception issue was discovered in UPX in PackLinuxElf64::invert_pt_dynamic() function of p_lx_elf.cpp file. An attacker with a crafted input file could trigger this issue that could cause a... |
| CVE-2020-27788 | 2022-08-18 | An out-of-bounds read access vulnerability was discovered in UPX in PackLinuxElf64::canPack() function of p_lx_elf.cpp file. An attacker with a crafted input file could trigger this issue that could cause a... |
| CVE-2022-2568 | 2022-08-18 | A privilege escalation flaw was found in the Ansible Automation Platform. This flaw allows a remote authenticated user with 'change user' permissions to modify the account settings of the superuser... |
| CVE-2022-25228 | 2022-08-18 | CandidATS Version 3.0.0 Beta allows an authenticated user to inject SQL queries in '/index.php?m=settings&a=show' via the 'userID' parameter, in '/index.php?m=candidates&a=show' via the 'candidateID', in '/index.php?m=joborders&a=show' via the 'jobOrderID' and '/index.php?m=companies&a=show'... |
| CVE-2022-35212 | 2022-08-18 | osCommerce2 before v2.3.4.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the function tep_db_error(). |
| CVE-2022-35213 | 2022-08-18 | Ecommerce-CodeIgniter-Bootstrap before commit 56465f was discovered to contain a cross-site scripting (XSS) vulnerability via the function base_url() at /blog/blogpublish.php. |
| CVE-2022-37768 | 2022-08-18 | libjpeg commit 281daa9 was discovered to contain an infinite loop via the component Frame::ParseTrailer. |
| CVE-2022-37769 | 2022-08-18 | libjpeg commit 281daa9 was discovered to contain a segmentation fault via HuffmanDecoder::Get at huffmandecoder.hpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file. |
| CVE-2022-37770 | 2022-08-18 | libjpeg commit 281daa9 was discovered to contain a segmentation fault via LineMerger::GetNextLowpassLine at linemerger.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file. |
| CVE-2022-28757 | 2022-08-18 | Local Privilege Escalation in Auto Updater for Zoom Client for Meetings for macOS |
| CVE-2021-33126 | 2022-08-18 | Improper access control in the firmware for some Intel(R) 700 and 722 Series Ethernet Controllers and Adapters before versions 8.5 and 1.5.5 may allow a privileged user to potentially enable... |
| CVE-2021-33128 | 2022-08-18 | Improper access control in the firmware for some Intel(R) E810 Ethernet Controllers before version 1.6.0.6 may allow a privileged user to potentially enable denial of service via local access. |
| CVE-2022-28709 | 2022-08-18 | Improper access control in the firmware for some Intel(R) E810 Ethernet Controllers before version 1.6.1.9 may allow a privileged user to potentially enable denial of service via local access. |
| CVE-2021-44470 | 2022-08-18 | Incorrect default permissions for the Intel(R) Connect M Android application before version 1.7.4 may allow an authenticated user to potentially enable information disclosure via local access. |
| CVE-2021-26254 | 2022-08-18 | Out of bounds read for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow a privileged user to potentially enable denial of service via local access. |
| CVE-2022-21172 | 2022-08-18 | Out of bounds write for some Intel(R) PROSet/Wireless WiFi products may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2022-21240 | 2022-08-18 | Out of bounds read for some Intel(R) PROSet/Wireless WiFi products may allow a privileged user to potentially enable information disclosure via local access. |
| CVE-2022-21139 | 2022-08-18 | Inadequate encryption strength for some Intel(R) PROSet/Wireless WiFi products may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. |
| CVE-2022-21197 | 2022-08-18 | Improper input validation for some Intel(R) PROSet/Wireless WiFi products may allow an unauthenticated user to potentially enable denial of service via network access. |
| CVE-2022-21160 | 2022-08-18 | Improper buffer restrictions for some Intel(R) PROSet/Wireless WiFi products may allow an unauthenticated user to potentially enable denial of service via network access. |
| CVE-2021-23188 | 2022-08-18 | Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow an authenticated user to potentially enable information disclosure via local access. |
| CVE-2022-21212 | 2022-08-18 | Improper input validation for some Intel(R) PROSet/Wireless WiFi products may allow an unauthenticated user to potentially enable denial of service via adjacent access. |
| CVE-2022-21140 | 2022-08-18 | Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow a privileged user to potentially enable information disclosure via local access. |
| CVE-2021-33847 | 2022-08-18 | Improper buffer restrictions in firmware for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products before version 22.120 may allow an authenticated user to potentially enable escalation of privilege via local... |
| CVE-2021-26257 | 2022-08-18 | Improper buffer restrictions in firmware for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products before version 22.120 may allow an authenticated user to potentially enable denial of service via local... |
| CVE-2021-26950 | 2022-08-18 | Out of bounds read in firmware for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products before version 22.120 may allow an authenticated user to potentially enable denial of service via... |
| CVE-2021-23179 | 2022-08-18 | Out of bounds read in firmware for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products before version 22.120 may allow a privileged user to potentially enable information disclosure via local... |
| CVE-2022-21793 | 2022-08-18 | Insufficient control flow management in the Intel(R) Ethernet 500 Series Controller drivers for VMWare before version 1.11.4.0 and in the Intel(R) Ethernet 700 Series Controller drivers for VMWare before version... |
| CVE-2022-22730 | 2022-08-18 | Improper authentication in the Intel(R) Edge Insights for Industrial software before version 2.6.1 may allow an unauthenticated user to potentially enable escalation of privilege via network access. |
| CVE-2022-25966 | 2022-08-18 | Improper access control in the Intel(R) Edge Insights for Industrial software before version 2.6.1 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2022-21148 | 2022-08-18 | Improper access control in the Intel(R) Edge Insights for Industrial software before version 2.6.1 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2022-21152 | 2022-08-18 | Improper access control in the Intel(R) Edge Insights for Industrial software before version 2.6.1 may allow an authenticated user to potentially enable information disclosure via local access. |
| CVE-2022-21812 | 2022-08-18 | Improper access control in the Intel(R) HAXM software before version 7.7.1 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2022-21807 | 2022-08-18 | Uncontrolled search path elements in the Intel(R) VTune(TM) Profiler software before version 2022.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2022-27500 | 2022-08-18 | Incorrect default permissions for the Intel(R) Support Android application before 21.07.40 may allow an authenticated user to potentially enable information disclosure via local access. |
| CVE-2022-23182 | 2022-08-18 | Improper access control in the Intel(R) Data Center Manager software before version 4.1 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. |
| CVE-2022-24378 | 2022-08-18 | Improper initialization in the Intel(R) Data Center Manager software before version 4.1 may allow an authenticated user to potentially enable denial of service via local access. |
| CVE-2022-36729 | 2022-08-18 | Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the M_Id parameter at /librarian/del.php. |
| CVE-2022-36725 | 2022-08-18 | Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the M_Id parameter at /student/dele.php. |
| CVE-2022-36728 | 2022-08-18 | Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the RollNo parameter at /staff/delstu.php. |
| CVE-2022-36722 | 2022-08-18 | Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the title parameter at /librarian/history.php. |
| CVE-2022-36727 | 2022-08-18 | Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at /staff/delete.php. |
| CVE-2022-23403 | 2022-08-18 | Improper input validation in the Intel(R) Data Center Manager software before version 4.1 may allow an authenticated user to potentially enable denial of service via local access. |
| CVE-2022-26074 | 2022-08-18 | Incomplete cleanup in a firmware subsystem for Intel(R) SPS before versions SPS_E3_04.08.04.330.0 and SPS_E3_04.01.04.530.0 may allow a privileged user to potentially enable denial of service via local access. |
| CVE-2022-25999 | 2022-08-18 | Uncontrolled search path element in the Intel(R) Enpirion(R) Digital Power Configurator GUI software, all versions may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2022-25841 | 2022-08-18 | Uncontrolled search path elements in the Intel(R) Datacenter Group Event Android application, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2022-26017 | 2022-08-18 | Improper access control in the Intel(R) DSA software for before version 22.2.14 may allow an authenticated user to potentially enable escalation of privilege via adjacent access. |
| CVE-2022-28696 | 2022-08-18 | Uncontrolled search path in the Intel(R) Distribution for Python before version 2022.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2021-33060 | 2022-08-18 | Out-of-bounds write in the BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2022-25899 | 2022-08-18 | Authentication bypass for the Open AMT Cloud Toolkit software maintained by Intel(R) before versions 2.0.2 and 2.2.2 may allow an unauthenticated user to potentially enable escalation of privilege via network... |
| CVE-2022-26844 | 2022-08-18 | Insufficiently protected credentials in the installation binaries for Intel(R) SEAPI in all versions may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2022-26344 | 2022-08-18 | Incorrect default permissions in the installation binaries for Intel(R) SEAPI all versions may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2022-26374 | 2022-08-18 | Uncontrolled search path in the installation binaries for Intel(R) SEAPI all versions may allow an authenticated user to potentially enable escalation of privilege via local access. |