Lista CVE - 2022 / Agosto
Visualizzazione 1501 - 1600 di 2306 CVE per Agosto 2022 (Pagina 16 di 24)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2022-35655 | 2022-08-22 | Pega Platform from 7.3 to 8.7.3 is affected by an XSS issue due to a misconfiguration of a datapage setting. |
| CVE-2022-35656 | 2022-08-22 | Pega Platform from 8.3 to 8.7.3 vulnerability may allow authenticated security administrators to alter CSRF settings directly. |
| CVE-2021-3590 | 2022-08-22 | A flaw was found in Foreman project. A credential leak was identified which will expose Azure Compute Profile password through JSON of the API output. The highest threat from this... |
| CVE-2022-33900 | 2022-08-22 | WordPress Easy Digital Downloads plugin <= 3.0.1 - PHP Object Injection vulnerability |
| CVE-2021-3639 | 2022-08-22 | A flaw was found in mod_auth_mellon where it does not sanitize logout URLs properly. This issue could be used by an attacker to facilitate phishing attacks by tricking users into... |
| CVE-2022-34858 | 2022-08-22 | WordPress OAuth 2.0 client for SSO plugin <= 1.11.3 - Authentication Bypass vulnerability |
| CVE-2021-3659 | 2022-08-22 | A NULL pointer dereference flaw was found in the Linux kernel’s IEEE 802.15.4 wireless networking subsystem in the way the user closes the LR-WPAN connection. This flaw allows a local... |
| CVE-2022-34149 | 2022-08-22 | WordPress WP OAuth Server plugin <= 3.0.4 - Authentication Bypass vulnerability |
| CVE-2022-36346 | 2022-08-22 | WordPress MaxButtons plugin <= 9.2 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities |
| CVE-2022-34857 | 2022-08-22 | WordPress SP Project & Document Manager plugin <= 4.59 - Reflected Cross-Site Scripting (XSS) vulnerability |
| CVE-2021-24910 | 2022-08-22 | Transposh WordPress Translation < 1.0.8 - Reflected Cross-Site Scripting |
| CVE-2021-24911 | 2022-08-22 | Transposh WordPress Translation < 1.0.8 - Stored Cross-Site Scripting |
| CVE-2021-24912 | 2022-08-22 | Transposh WordPress Translation < 1.0.8 - CSRF to Stored XSS |
| CVE-2022-0446 | 2022-08-22 | Simple Banner < 2.12.0 - Admin+ Stored Cross Site Scripting |
| CVE-2022-1251 | 2022-08-22 | Ask Me < 6.8.4 - CSRF in Edit Profile |
| CVE-2022-1322 | 2022-08-22 | Coming Soon - Under Construction <= 1.1.9 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-1932 | 2022-08-22 | Rezgo Online Booking < 4.1.8 - Reflected Cross-Site-Scripting |
| CVE-2022-25810 | 2022-08-22 | Transposh WordPress Translation <= 1.0.8 - Subscriber+ Unauthorised Calls |
| CVE-2022-25811 | 2022-08-22 | Transposh WordPress Translation <= 1.0.8 - Admin+ SQL Injection |
| CVE-2022-25812 | 2022-08-22 | Transposh WordPress Translation < 1.0.8 - Admin+ RCE |
| CVE-2022-2172 | 2022-08-22 | LinkWorth Plugin < 3.3.4 - Arbitrary Setting Update via CSRF |
| CVE-2022-2198 | 2022-08-22 | WPQA < 5.7 - Subscriber+ Private Message Disclosure via IDOR |
| CVE-2022-2275 | 2022-08-22 | WP Edit Menu <= 1.5.0 - Arbitrary Post Deletion via CSRF |
| CVE-2022-2276 | 2022-08-22 | WP Edit Menu < 1.5.0 - Unauthenticated Arbitrary Post Deletion |
| CVE-2022-2312 | 2022-08-22 | Student Result or Employee Database < 1.7.5 - Stored Cross Site Scripting via CSRF |
| CVE-2022-2361 | 2022-08-22 | Social Chat < 6.0.5 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-2362 | 2022-08-22 | Download Manager < 3.2.50 - Bypass IP Address Blocking Restriction |
| CVE-2022-2375 | 2022-08-22 | WP Sticky Button < 1.4.1 - Unauthenticated Arbitrary Settings Update to Stored XSS |
| CVE-2022-2377 | 2022-08-22 | Directorist < 7.3.0 - Subscriber+ Arbitrary E-mail Sending |
| CVE-2022-2382 | 2022-08-22 | Product Slider for WooCommerce < 2.5.7 - Subscriber+ Arbitrary Options Deletion |
| CVE-2022-2383 | 2022-08-22 | Feed Them Social < 3.0.1 - Reflected Cross-Site Scripting |
| CVE-2022-2388 | 2022-08-22 | WP Coder < 2.5.3 - Code Deletion via CSRF |
| CVE-2022-2389 | 2022-08-22 | Automations By Autonami < 2.1.2 - Subscriber+ Automation Creation |
| CVE-2022-2392 | 2022-08-22 | Lana Downloads Manager < 1.8.0 - Contributor+ Arbitrary File Download |
| CVE-2022-2407 | 2022-08-22 | WP phpMyAdmin < 5.2.0.4 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-2532 | 2022-08-22 | Feed Them Social < 3.0.1 - Reflected Cross-Site Scripting |
| CVE-2022-2544 | 2022-08-22 | Ninja Job Board < 1.3.3 - Resume Disclosure via Directory Listing |
| CVE-2022-2551 | 2022-08-22 | Duplicator < 1.4.7 - Unauthenticated Backup Download |
| CVE-2022-2552 | 2022-08-22 | Duplicator < 1.4.7.1 - Unauthenticated System Information Disclosure |
| CVE-2022-2555 | 2022-08-22 | Yotpo Reviews for WooCommerce <= 2.0.4 - Arbitrary Settings Update via CSRF |
| CVE-2022-2557 | 2022-08-22 | WordPress Team Members Showcase < 4.1.2 - Subscriber+ Arbitrary File Read and Deletion |
| CVE-2022-2558 | 2022-08-22 | Simple Job Board < 2.10.0 - Resume Disclosure via Directory Listing |
| CVE-2022-2593 | 2022-08-22 | Better Search and Replace < 1.4.1 - Admin+ SQLi |
| CVE-2022-2594 | 2022-08-22 | Advanced Custom Fields 5.0-5.12.2 - Unauthenticated File Upload |
| CVE-2022-2600 | 2022-08-22 | Auto-hyperlink URLs <= 5.4.1 - Tab Nabbing |
| CVE-2022-35150 | 2022-08-22 | Baijicms v4 was discovered to contain an arbitrary file upload vulnerability. |
| CVE-2022-31237 | 2022-08-22 | Dell PowerScale OneFS, versions 9.2.0 up to and including 9.2.1.12 and 9.3.0.5 contain an improper preservation of permissions vulnerability in SyncIQ. A low privileged local attacker may potentially exploit this... |
| CVE-2022-31238 | 2022-08-22 | Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain a process invoked with sensitive information vulnerability. A CLI user may potentially exploit this vulnerability,... |
| CVE-2022-32480 | 2022-08-22 | Dell PowerScale OneFS, versions 9.0.0, up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain an insecure default initialization of a resource vulnerability. A remote authenticated attacker may potentially exploit... |
| CVE-2022-33932 | 2022-08-22 | Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain an unprotected primary channel vulnerability. An unauthenticated network malicious attacker may potentially exploit this vulnerability,... |
| CVE-2022-1930 | 2022-08-22 | ReDoS in eth-account encode_structured_data function |
| CVE-2022-2842 | 2022-08-22 | SourceCodester Gym Management System login.php sql injection |
| CVE-2022-25942 | 2022-08-22 | An out-of-bounds read vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. A specially-crafted GIF file can lead to code execution. An attacker can provide a malicious file... |
| CVE-2022-25972 | 2022-08-22 | An out-of-bounds write vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. A specially-crafted GIF file can lead to code execution. An attacker can provide a malicious file... |
| CVE-2022-26061 | 2022-08-22 | A heap-based buffer overflow vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. A specially-crafted GIF file can lead to code execution. An attacker can provide a malicious... |
| CVE-2022-26842 | 2022-08-22 | A reflected cross-site scripting (xss) vulnerability exists in the charts tab selection functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary... |
| CVE-2022-28710 | 2022-08-22 | An information disclosure vulnerability exists in the chunkFile functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary file read. An attacker... |
| CVE-2022-28712 | 2022-08-22 | A cross-site scripting (xss) vulnerability exists in the videoAddNew functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An... |
| CVE-2022-29468 | 2022-08-22 | A cross-site request forgery (CSRF) vulnerability exists in WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to increased privileges. An attacker can get an... |
| CVE-2022-30534 | 2022-08-22 | An OS command injection vulnerability exists in the aVideoEncoder chunkfile functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary command execution.... |
| CVE-2022-30547 | 2022-08-22 | A directory traversal vulnerability exists in the unzipDirectory functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker... |
| CVE-2022-30605 | 2022-08-22 | A privilege escalation vulnerability exists in the session id functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to increased privileges. An attacker... |
| CVE-2022-30690 | 2022-08-22 | A cross-site scripting (xss) vulnerability exists in the image403 functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An... |
| CVE-2022-32282 | 2022-08-22 | An improper password check exists in the login functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. An attacker that owns a users' password hash will be able to... |
| CVE-2022-32572 | 2022-08-22 | An os command injection vulnerability exists in the aVideoEncoder wget functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary command execution.... |
| CVE-2022-32761 | 2022-08-22 | An information disclosure vulnerability exists in the aVideoEncoderReceiveImage functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary file read. An attacker... |
| CVE-2022-32768 | 2022-08-22 | Multiple authentication bypass vulnerabilities exist in the objects id handling functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request by an authenticated user can lead... |
| CVE-2022-32769 | 2022-08-22 | Multiple authentication bypass vulnerabilities exist in the objects id handling functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request by an authenticated user can lead... |
| CVE-2022-32770 | 2022-08-22 | A cross-site scripting (xss) vulnerability exists in the footer alerts functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution.... |
| CVE-2022-32771 | 2022-08-22 | A cross-site scripting (xss) vulnerability exists in the footer alerts functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution.... |
| CVE-2022-32772 | 2022-08-22 | A cross-site scripting (xss) vulnerability exists in the footer alerts functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution.... |
| CVE-2022-32777 | 2022-08-22 | An information disclosure vulnerability exists in the cookie functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. The session cookie and the pass cookie miss the HttpOnly flag, making... |
| CVE-2022-32778 | 2022-08-22 | An information disclosure vulnerability exists in the cookie functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. The session cookie and the pass cookie miss the HttpOnly flag, making... |
| CVE-2022-33147 | 2022-08-22 | A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to a SQL injection. An attacker... |
| CVE-2022-33148 | 2022-08-22 | A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to a SQL injection. An attacker... |
| CVE-2022-33149 | 2022-08-22 | A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to a SQL injection. An attacker... |
| CVE-2022-34652 | 2022-08-22 | A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to a SQL injection. An attacker... |
| CVE-2022-38171 | 2022-08-22 | Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIG2Stream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash... |
| CVE-2022-38668 | 2022-08-22 | HTTP applications (servers) based on Crow through 1.0+4 may reveal potentially sensitive uninitialized data from stack memory when fulfilling a request for a static file smaller than 16 KB. |
| CVE-2022-38667 | 2022-08-22 | HTTP applications (servers) based on Crow through 1.0+4 may allow a Use-After-Free and code execution when HTTP pipelining is used. The HTTP parser supports HTTP pipelining, but the asynchronous Connection... |
| CVE-2021-29891 | 2022-08-22 | IBM OPENBMC OP910 and OP940 could allow a privileged user to upload an improper site identity certificate that may cause it to lose network services. IBM X-Force ID: 207221. |
| CVE-2022-35191 | 2022-08-22 | D-Link Wireless AC1200 Dual Band VDSL ADSL Modem Router DSL-3782 Firmware v1.01 allows unauthenticated attackers to cause a Denial of Service (DoS) via a crafted HTTP connection request. |
| CVE-2020-35511 | 2022-08-23 | A global buffer overflow was discovered in pngcheck function in pngcheck-2.4.0(5 patches applied) via a crafted png file. |
| CVE-2021-20298 | 2022-08-23 | A flaw was found in OpenEXR's B44Compressor. This flaw allows an attacker who can submit a crafted file to be processed by OpenEXR, to exhaust all memory accessible to the... |
| CVE-2021-20304 | 2022-08-23 | A flaw was found in OpenEXR's hufDecode functionality. This flaw allows an attacker who can pass a crafted file to be processed by OpenEXR, to trigger an undefined right shift... |
| CVE-2021-20316 | 2022-08-23 | A flaw was found in the way Samba handled file/directory metadata. This flaw allows an authenticated attacker with permissions to read or modify share metadata, to perform this operation outside... |
| CVE-2021-23177 | 2022-08-23 | An improper link resolution flaw while extracting an archive can lead to changing the access control list (ACL) of the target of the link. An attacker may provide a malicious... |
| CVE-2021-31566 | 2022-08-23 | An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive. An attacker... |
| CVE-2021-3759 | 2022-08-23 | A memory overflow vulnerability was found in the Linux kernel’s ipc functionality of the memcg subsystem, in the way a user calls the semget function multiple times, creating semaphores. This... |
| CVE-2021-3800 | 2022-08-23 | A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak content from files owned by privileged users to unprivileged ones under the right... |
| CVE-2021-3905 | 2022-08-23 | A memory leak was found in Open vSwitch (OVS) during userspace IP fragmentation processing. An attacker could use this flaw to potentially exhaust available memory by keeping sending packet fragments. |
| CVE-2021-3975 | 2022-08-23 | A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered... |
| CVE-2021-3995 | 2022-08-23 | A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows an unprivileged local... |
| CVE-2021-3996 | 2022-08-23 | A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows a local user... |
| CVE-2021-3997 | 2022-08-23 | A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp. |
| CVE-2022-2938 | 2022-08-23 | A flaw was found in the Linux kernel's implementation of Pressure Stall Information. While the feature is disabled by default, it could allow an attacker to crash the system or... |
| CVE-2022-2946 | 2022-08-23 | Use After Free in vim/vim |
| CVE-2022-31676 | 2022-08-23 | VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user... |
| CVE-2022-35278 | 2022-08-23 | HTML Injection in ActiveMQ Artemis Web Console |
| CVE-2021-28861 | 2022-08-23 | Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure.... |