Lista CVE - 2022 / Agosto
Visualizzazione 1901 - 2000 di 2306 CVE per Agosto 2022 (Pagina 20 di 24)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2022-36358 | 2022-08-25 | WordPress SEO Scout plugin <= 0.9.83 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-23715 | 2022-08-25 | A flaw was discovered in ECE before 3.4.0 that might lead to the disclosure of sensitive information such as user passwords and Elasticsearch keystore settings values in logs such as... |
| CVE-2022-23235 | 2022-08-25 | Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.10P1 are susceptible to a vulnerability which could allow an attacker to discover cluster, node and... |
| CVE-2022-37953 | 2022-08-25 | WorkstationST - Response Splitting in AM Gateway Challenge-Response |
| CVE-2022-37952 | 2022-08-25 | WorkstationST - Reflected XSS in iHistorian Data Display Tags |
| CVE-2022-2255 | 2022-08-25 | A vulnerability was found in mod_wsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target... |
| CVE-2021-4022 | 2022-08-25 | A vulnerability was found in rizin. The bug involves an ELF64 binary for the HPPA architecture. When a specially crafted binarygets analysed by rizin, it causes rizin to crash by... |
| CVE-2021-42522 | 2022-08-25 | There is a Information Disclosure vulnerability in anjuta/plugins/document-manager/anjuta-bookmarks.c. This issue was caused by the incorrect use of libxml2 API. The vendor forgot to call 'g_free()' to release the return value... |
| CVE-2021-42523 | 2022-08-25 | There are two Information Disclosure vulnerabilities in colord, and they lie in colord/src/cd-device-db.c and colord/src/cd-profile-db.c separately. They exist because the 'err_msg' of 'sqlite3_exec' is not releasing after use, while libxml2... |
| CVE-2021-43766 | 2022-08-25 | Odyssey passes to server unencrypted bytes from man-in-the-middle When Odyssey is configured to use certificate Common Name for client authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a... |
| CVE-2021-43767 | 2022-08-25 | Odyssey passes to client unencrypted bytes from man-in-the-middle When Odyssey storage is configured to use the PostgreSQL server using 'trust' authentication with a 'clientcert' requirement or to use 'cert' authentication,... |
| CVE-2022-20921 | 2022-08-25 | Cisco ACI Multi-Site Orchestrator Privilege Escalation Vulnerability |
| CVE-2022-20865 | 2022-08-25 | Cisco FXOS Software Command Injection Vulnerability |
| CVE-2022-20823 | 2022-08-25 | Cisco NX-OS Software OSPFv3 Denial of Service Vulnerability |
| CVE-2022-20824 | 2022-08-25 | Cisco FXOS and NX-OS Software Cisco Discovery Protocol Denial of Service and Arbitrary Code Execution Vulnerability |
| CVE-2022-36527 | 2022-08-25 | Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the post title text field under the publish blog module. |
| CVE-2021-33844 | 2022-08-25 | A floating point exception (divide-by-zero) issue was discovered in SoX in functon startread() of wav.c file. An attacker with a crafted wav file, could cause an application to crash. |
| CVE-2021-23210 | 2022-08-25 | A floating point exception (divide-by-zero) issue was discovered in SoX in functon read_samples() of voc.c file. An attacker with a crafted file, could cause an application to crash. |
| CVE-2021-23159 | 2022-08-25 | A vulnerability was found in SoX, where a heap-buffer-overflow occurs in function lsx_read_w_buf() in formats_i.c file. The vulnerability is exploitable with a crafted file, that could cause an application to... |
| CVE-2021-4112 | 2022-08-25 | A flaw was found in ansible-tower where the default installation is vulnerable to job isolation escape. This flaw allows an attacker to elevate the privilege from a low privileged user... |
| CVE-2021-23172 | 2022-08-25 | A vulnerability was found in SoX, where a heap-buffer-overflow occurs in function startread() in hcom.c file. The vulnerability is exploitable with a crafted hcomn file, that could cause an application... |
| CVE-2021-3929 | 2022-08-25 | A DMA reentrancy issue was found in the NVM Express Controller (NVME) emulation in QEMU. This CVE is similar to CVE-2021-3750 and, just like it, when the reentrancy write triggers... |
| CVE-2021-3914 | 2022-08-25 | It was found that the smallrye health metrics UI component did not properly sanitize some user inputs. An attacker could use this flaw to conduct cross-site scripting attacks. |
| CVE-2020-27796 | 2022-08-25 | A heap-based buffer over-read was discovered in the invert_pt_dynamic function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file. |
| CVE-2020-27797 | 2022-08-25 | An invalid memory address reference was discovered in the elf_lookup function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file. |
| CVE-2020-27798 | 2022-08-25 | An invalid memory address reference was discovered in the adjABS function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file. |
| CVE-2020-27799 | 2022-08-25 | A heap-based buffer over-read was discovered in the acc_ua_get_be32 function in miniacc.h in UPX 4.0.0 via a crafted Mach-O file. |
| CVE-2020-27800 | 2022-08-25 | A heap-based buffer over-read was discovered in the get_le32 function in bele.h in UPX 4.0.0 via a crafted Mach-O file. |
| CVE-2020-27801 | 2022-08-25 | A heap-based buffer over-read was discovered in the get_le64 function in bele.h in UPX 4.0.0 via a crafted Mach-O file. |
| CVE-2020-27802 | 2022-08-25 | An floating point exception was discovered in the elf_lookup function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file. |
| CVE-2022-2997 | 2022-08-25 | Session Fixation in snipe/snipe-it |
| CVE-2022-36699 | 2022-08-25 | Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /categories/manage_category.php. |
| CVE-2022-36703 | 2022-08-25 | Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /stocks/manage_stockin.php. |
| CVE-2022-36698 | 2022-08-25 | Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /categories/view_category.php. |
| CVE-2022-36701 | 2022-08-25 | Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /items/view_item.php. |
| CVE-2022-36700 | 2022-08-25 | Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /items/manage_item.php. |
| CVE-2022-36692 | 2022-08-25 | Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_category. |
| CVE-2022-36693 | 2022-08-25 | Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_item. |
| CVE-2022-36695 | 2022-08-25 | Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_stockin. |
| CVE-2022-36696 | 2022-08-25 | Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_stockout. |
| CVE-2022-36697 | 2022-08-25 | Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_waste. |
| CVE-2021-43329 | 2022-08-25 | A SQL injection vulnerability in license_update.php in Mumara Classic through 2.93 allows a remote unauthenticated attacker to execute arbitrary SQL commands via the license parameter. |
| CVE-2022-36715 | 2022-08-25 | Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the name parameter at /admin/search.php. |
| CVE-2022-36716 | 2022-08-25 | Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/changestock.php. |
| CVE-2022-36719 | 2022-08-25 | Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the ok parameter at /admin/history.php. |
| CVE-2022-36720 | 2022-08-25 | Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/modify1.php. |
| CVE-2022-36721 | 2022-08-25 | Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the Textbook parameter at /admin/modify.php. |
| CVE-2022-31269 | 2022-08-25 | Nortek Linear eMerge E3-Series devices through 0.32-09c place admin credentials in /test.txt that allow an attacker to open a building's doors. (This occurs in situations where the CVE-2019-7271 default credentials... |
| CVE-2022-31499 | 2022-08-25 | Nortek Linear eMerge E3-Series devices before 0.32-08f allow an unauthenticated attacker to inject OS commands via ReaderNo. NOTE: this issue exists because of an incomplete fix for CVE-2019-7256. |
| CVE-2022-31798 | 2022-08-25 | Nortek Linear eMerge E3-Series 0.32-07p devices are vulnerable to /card_scan.php?CardFormatNo= XSS with session fixation (via PHPSESSID) when they are chained together. This would allow an attacker to take over an... |
| CVE-2022-28747 | 2022-08-25 | Key reuse in GoSecure Titan Inbox Detection & Response (IDR) through 2022-04-05 leads to remote code execution. To exploit this vulnerability, an attacker must craft and sign a serialized payload. |
| CVE-2022-37317 | 2022-08-25 | Archer Platform 6.x before 6.11 P3 contain an HTML injection vulnerability. An authenticated remote attacker could potentially exploit this vulnerability by tricking a victim application user to execute malicious code... |
| CVE-2022-37318 | 2022-08-25 | Archer Platform 6.9 SP2 P2 before 6.11 P3 (6.11.0.3) contain a reflected XSS vulnerability. A remote unauthenticated malicious Archer user could potentially exploit this vulnerability by tricking a victim application... |
| CVE-2022-37316 | 2022-08-25 | Archer Platform 6.8 before 6.11 P3 (6.11.0.3) contains an improper API access control vulnerability in a multi-instance system that could potentially present unauthorized metadata to an authenticated user of the... |
| CVE-2022-36115 | 2022-08-25 | An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to... |
| CVE-2022-36116 | 2022-08-25 | An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to... |
| CVE-2022-36117 | 2022-08-25 | An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to... |
| CVE-2022-36118 | 2022-08-25 | An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to... |
| CVE-2022-36119 | 2022-08-25 | An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for a domain authenticated user... |
| CVE-2022-36120 | 2022-08-25 | An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to... |
| CVE-2022-36121 | 2022-08-25 | An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to... |
| CVE-2022-29850 | 2022-08-25 | Various Lexmark products through 2022-04-27 allow an attacker who has already compromised an affected Lexmark device to maintain persistence across reboots. |
| CVE-2022-30984 | 2022-08-25 | A buffer overflow vulnerability in the Rubrik Backup Service (RBS) Agent for Linux or Unix-based systems in Rubrik CDM 7.0.1, 7.0.1-p1, 7.0.1-p2 or 7.0.1-p3 before CDM 7.0.2-p2 could allow a... |
| CVE-2022-35192 | 2022-08-25 | D-Link Wireless AC1200 Dual Band VDSL ADSL Modem Router DSL-3782 Firmware v1.01 allows unauthenticated attackers to cause a Denial of Service (DoS) via the User parameter or Pwd parameter to... |
| CVE-2021-32570 | 2022-08-25 | In Ericsson Network Manager (ENM) releases before 21.2, users belonging to the same AMOS authorization group can retrieve the data from certain log files. All AMOS users are considered to... |
| CVE-2021-3020 | 2022-08-25 | An issue was discovered in ClusterLabs Hawk (aka HA Web Konsole) through 2.3.0-15. It ships the binary hawk_invoke (built from tools/hawk_invoke.c), intended to be used as a setuid program. This... |
| CVE-2022-36226 | 2022-08-25 | SiteServerCMS 5.X has a Remote-download-Getshell-vulnerability via /SiteServer/Ajax/ajaxOtherService.aspx. |
| CVE-2022-36168 | 2022-08-25 | A directory traversal vulnerability was discovered in Wuzhicms 4.1.0. via /coreframe/app/attachment/admin/index.php: |
| CVE-2021-3427 | 2022-08-26 | The Deluge Web-UI is vulnerable to XSS through a crafted torrent file. The the data from torrent files is not properly sanitised as it's interpreted directly as HTML. Someone who... |
| CVE-2021-3574 | 2022-08-26 | A vulnerability was found in ImageMagick-7.0.11-5, where executing a crafted file with the convert command, ASAN detects memory leaks. |
| CVE-2021-35939 | 2022-08-26 | It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged... |
| CVE-2021-3859 | 2022-08-26 | A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks. |
| CVE-2022-0171 | 2022-08-26 | A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root (host) user-level application to crash the host kernel by creating... |
| CVE-2022-0175 | 2022-08-26 | A flaw was found in the VirGL virtual OpenGL renderer (virglrenderer). The virgl did not properly initialize memory when allocating a host-backed memory resource. A malicious guest could use this... |
| CVE-2022-0216 | 2022-08-26 | A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing repeated messages to cancel the current SCSI request via the... |
| CVE-2022-34301 | 2022-08-26 | A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and... |
| CVE-2022-34302 | 2022-08-26 | A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and... |
| CVE-2022-34303 | 2022-08-26 | A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary... |
| CVE-2022-36537 | 2022-08-26 | ZK Framework v9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 allows attackers to access sensitive information via a crafted POST request sent to the component AuUploader. |
| CVE-2022-37150 | 2022-08-26 | An issue was discovered in Online Diagnostic Lab Management System 1.0. There is a stored XSS vulnerability via firstname, address, middlename, lastname , gender, email, contact parameters. |
| CVE-2022-37152 | 2022-08-26 | An issue was discovered in Online Diagnostic Lab Management System 1.0, There is a SQL injection vulnerability via "dob" parameter in "/classes/Users.php?f=save_client" |
| CVE-2022-37151 | 2022-08-26 | There is an unauthorized access vulnerability in Online Diagnostic Lab Management System 1.0. |
| CVE-2021-39393 | 2022-08-26 | mm-wiki v0.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the markdown editor. |
| CVE-2021-40285 | 2022-08-26 | htmly v2.8.1 was discovered to contain an arbitrary file deletion vulnerability via the component \views\backup.html.php. |
| CVE-2022-36678 | 2022-08-26 | Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_category. |
| CVE-2022-36679 | 2022-08-26 | Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=user/manage_user. |
| CVE-2022-36680 | 2022-08-26 | Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_schedule. |
| CVE-2022-36682 | 2022-08-26 | Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_student. |
| CVE-2021-39394 | 2022-08-26 | mm-wiki v0.2.1 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add user accounts and modify user information. |
| CVE-2022-36683 | 2022-08-26 | Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_payment. |
| CVE-2022-36681 | 2022-08-26 | Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_account. |
| CVE-2022-36521 | 2022-08-26 | Insecure permissions in cskefu v7.0.1 allows unauthenticated attackers to arbitrarily add administrator accounts. |
| CVE-2021-20260 | 2022-08-26 | A flaw was found in the Foreman project. The Datacenter plugin exposes the password through the API to an authenticated local attacker with view_hosts permission. The highest threat from this... |
| CVE-2021-3856 | 2022-08-26 | ClassLoaderTheme and ClasspathThemeResourceProviderFactory allows reading any file available as a resource to the classloader. By sending requests for theme resources with a relative path from an external HTTP client, the... |
| CVE-2021-3864 | 2022-08-26 | A flaw was found in the way the dumpable flag setting was handled when certain SUID binaries executed its descendants. The prerequisite is a SUID binary that sets real UID... |
| CVE-2021-3644 | 2022-08-26 | A flaw was found in wildfly-core in all versions. If a vault expression is in the form of a single attribute that contains multiple expressions, a user who was granted... |
| CVE-2021-3688 | 2022-08-26 | A flaw was found in Red Hat JBoss Core Services HTTP Server in all versions, where it does not properly normalize the path component of a request URL contains dot-dot-semicolon(s).... |
| CVE-2021-3703 | 2022-08-26 | It was found that the CVE-2021-27918, CVE-2021-31525 and CVE-2021-33196 have been incorrectly mentioned as fixed in RHSA for Serverless 1.16.0 and Serverless client kn 1.16.0. These have been fixed with... |
| CVE-2021-3754 | 2022-08-26 | A flaw was found in keycloak where an attacker is able to register himself with the username same as the email ID of any existing user. This may cause trouble... |
| CVE-2021-3669 | 2022-08-26 | A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and... |