Lista CVE - 2022 / Agosto
Visualizzazione 401 - 500 di 2306 CVE per Agosto 2022 (Pagina 5 di 24)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2022-24012 | 2022-08-05 | A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a... |
| CVE-2022-24013 | 2022-08-05 | A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a... |
| CVE-2022-24014 | 2022-08-05 | A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a... |
| CVE-2022-24015 | 2022-08-05 | A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a... |
| CVE-2022-24016 | 2022-08-05 | A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a... |
| CVE-2022-24017 | 2022-08-05 | A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a... |
| CVE-2022-24018 | 2022-08-05 | A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a... |
| CVE-2022-24019 | 2022-08-05 | A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a... |
| CVE-2022-24020 | 2022-08-05 | A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a... |
| CVE-2022-24021 | 2022-08-05 | A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a... |
| CVE-2022-24022 | 2022-08-05 | A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a... |
| CVE-2022-24023 | 2022-08-05 | A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a... |
| CVE-2022-24024 | 2022-08-05 | A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a... |
| CVE-2022-24025 | 2022-08-05 | A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a... |
| CVE-2022-24026 | 2022-08-05 | A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a... |
| CVE-2022-24027 | 2022-08-05 | A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a... |
| CVE-2022-24028 | 2022-08-05 | A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a... |
| CVE-2022-24029 | 2022-08-05 | A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a... |
| CVE-2022-25996 | 2022-08-05 | A stack-based buffer overflow vulnerability exists in the confsrv addTimeGroup functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to a buffer overflow. An attacker can... |
| CVE-2022-26009 | 2022-08-05 | A stack-based buffer overflow vulnerability exists in the confsrv ucloud_set_node_location functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to stack-based buffer overflow. An attacker can... |
| CVE-2022-26342 | 2022-08-05 | A buffer overflow vulnerability exists in the confsrv ucloud_set_node_location functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to a buffer overflow. An attacker can send... |
| CVE-2022-26346 | 2022-08-05 | A denial of service vulnerability exists in the ucloud_del_node functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to denial of service. An attacker can send... |
| CVE-2022-26376 | 2022-08-05 | A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt prior to 3.0.0.4.386_48706 and Asuswrt-Merlin New Gen prior to 386.7.. A specially-crafted HTTP request can lead to memory... |
| CVE-2022-27178 | 2022-08-05 | A denial of service vulnerability exists in the confctl_set_wan_cfg functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to denial of service. An attacker can send... |
| CVE-2022-27185 | 2022-08-05 | A denial of service vulnerability exists in the confctl_set_master_wlan functionality of TCL LinkHub Mesh Wifi MS1G_00_01.00_14. A specially-crafted network packet can lead to denial of service. An attacker can send... |
| CVE-2022-27630 | 2022-08-05 | An information disclosure vulnerability exists in the confctl_get_master_wlan functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to information disclosure. An attacker can send packets to... |
| CVE-2022-27631 | 2022-08-05 | A memory corruption vulnerability exists in the httpd unescape functionality of DD-WRT Revision 32270 - Revision 48599. A specially-crafted HTTP request can lead to memory corruption. An attacker can send... |
| CVE-2022-27633 | 2022-08-05 | An information disclosure vulnerability exists in the confctl_get_guest_wlan functionality of TCL LinkHub Mesh Wifi MS1G_00_01.00_14. A specially-crafted network packet can lead to information disclosure. An attacker can send packets to... |
| CVE-2022-27660 | 2022-08-05 | A denial of service vulnerability exists in the confctl_set_guest_wlan functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to denial of service. An attacker can send... |
| CVE-2022-28664 | 2022-08-05 | A memory corruption vulnerability exists in the httpd unescape functionality of FreshTomato 2022.1. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to... |
| CVE-2022-28665 | 2022-08-05 | A memory corruption vulnerability exists in the httpd unescape functionality of FreshTomato 2022.1. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to... |
| CVE-2022-29465 | 2022-08-05 | An out-of-bounds write vulnerability exists in the PSD Header processing memory allocation functionality of Accusoft ImageGear 20.0. A specially-crafted malformed file can lead to memory corruption. An attacker can provide... |
| CVE-2022-29886 | 2022-08-05 | An integer overflow vulnerability exists in the way ESTsoft Alyac 2.5.8.544 parses OLE files. A specially-crafted OLE file can lead to a heap buffer overflow, which can result in arbitrary... |
| CVE-2022-32543 | 2022-08-05 | An integer overflow vulnerability exists in the way ESTsoft Alyac 2.5.8.544 parses OLE files. A specially-crafted OLE file can lead to a heap buffer overflow which can result in arbitrary... |
| CVE-2022-2686 | 2022-08-06 | oretnom23 Fast Food Ordering System Menu List Page cross site scripting |
| CVE-2022-2687 | 2022-08-06 | SourceCodester Gym Management System sql injection |
| CVE-2022-37451 | 2022-08-06 | Exim before 4.96 has an invalid free in pam_converse in auths/call_pam.c because store_free is not used after store_malloc. |
| CVE-2022-2688 | 2022-08-06 | SourceCodester Expense Management System POST Parameter report.php fetch_report_credit sql injection |
| CVE-2022-2689 | 2022-08-06 | SourceCodester Wedding Hall Booking System Contact Page cross site scripting |
| CVE-2022-2690 | 2022-08-06 | SourceCodester Wedding Hall Booking System Booking Form cross site scripting |
| CVE-2022-2691 | 2022-08-06 | SourceCodester Wedding Hall Booking System Profile Page cross site scripting |
| CVE-2022-2692 | 2022-08-06 | SourceCodester Wedding Hall Booking System Staff User Profile cross site scripting |
| CVE-2022-2693 | 2022-08-06 | SourceCodester Electronic Medical Records System UPDATE Statement register.php sql injection |
| CVE-2022-2694 | 2022-08-06 | SourceCodester Company Website CMS unrestricted upload |
| CVE-2022-27944 | 2022-08-06 | Foxit PDF Reader before 12.0.1 and PDF Editor before 12.0.1 allow an exportXFAData NULL pointer dereference. |
| CVE-2022-26979 | 2022-08-06 | Foxit PDF Reader before 12.0.1 and PDF Editor before 12.0.1 allow a NULL pointer dereference when this.Span is used for oState of Collab.addStateModel, because this.Span.text can be NULL. |
| CVE-2022-37452 | 2022-08-07 | Exim before 4.95 has a heap-based buffer overflow for the alias list in host_name_lookup in host.c when sender_host_name is set. |
| CVE-2022-2697 | 2022-08-07 | SourceCodester Simple E-Learning System comment_frame.php sql injection |
| CVE-2022-2698 | 2022-08-07 | SourceCodester Simple E-Learning System search.php sql injection |
| CVE-2022-2699 | 2022-08-08 | SourceCodester Simple E-Learning System claire_blake sql injection |
| CVE-2022-2700 | 2022-08-08 | SourceCodester Gym Management System GET Parameter sql injection |
| CVE-2022-2701 | 2022-08-08 | SourceCodester Simple E-Learning System claire_blake cross site scripting |
| CVE-2022-2702 | 2022-08-08 | SourceCodester Company Website CMS Cookie site-settings.php access control |
| CVE-2022-2703 | 2022-08-08 | SourceCodester Gym Management System Exercises Module sql injection |
| CVE-2022-2704 | 2022-08-08 | SourceCodester Simple E-Learning System downloadFiles.php information disclosure |
| CVE-2022-2705 | 2022-08-08 | SourceCodester Simple Student Information System manage_department.php sql injection |
| CVE-2022-2706 | 2022-08-08 | SourceCodester Online Class and Exam Scheduling System class_sched.php sql injection |
| CVE-2022-2707 | 2022-08-08 | SourceCodester Online Class and Exam Scheduling System faculty_sched.php sql injection |
| CVE-2022-2708 | 2022-08-08 | SourceCodester Gym Management System login.php sql injection |
| CVE-2022-1323 | 2022-08-08 | Discy < 5.0 - Subscriber+ Broken Access Control to change settings |
| CVE-2022-2046 | 2022-08-08 | Directorist - Business Directory Plugin < 7.2.3 - Admin+ Arbitrary File Upload |
| CVE-2022-2269 | 2022-08-08 | Website File Changes Monitor < 1.8.3 - Admin+ SQLi |
| CVE-2022-2355 | 2022-08-08 | Easy Username Updater < 1.0.5 - Arbitrary Username Update via CSRF |
| CVE-2022-2356 | 2022-08-08 | User Private Files < 1.1.3 - Subscriber+ Arbitrary File Upload |
| CVE-2022-2357 | 2022-08-08 | WSM Downloader <= 1.4.0 - Unauthenticated Arbitrary File Download |
| CVE-2022-2367 | 2022-08-08 | WSM Downloader <= 1.4.0 - Domain Name Restriction Bypass |
| CVE-2022-2371 | 2022-08-08 | YaySMTP < 2.2.1 - Subscriber+ Stored Cross-Site Scripting |
| CVE-2022-2372 | 2022-08-08 | YaySMTP < 2.2.2 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-2386 | 2022-08-08 | Crowdsignal Polls & Ratings < 3.0.8 - Reflected Cross-Site Scripting |
| CVE-2022-2391 | 2022-08-08 | Inspiro Pro < 7.2.3 - Contributor+ Stored Cross-Site Scripting |
| CVE-2022-2395 | 2022-08-08 | weForms < 1.6.14 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-2398 | 2022-08-08 | WP Comments Fields < 4.1 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-2409 | 2022-08-08 | Rough Chart <= 1.0.0 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-2410 | 2022-08-08 | mTouch Quiz <= 3.1.3 - Admin+ Stored Cross Site Scripting |
| CVE-2022-2411 | 2022-08-08 | Auto More Tag <= 4.0.0 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-2412 | 2022-08-08 | Better Tag Cloud <= 0.99.5 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-2423 | 2022-08-08 | DW Promobar <= 1.0.4 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-2424 | 2022-08-08 | Google Maps Anywhere <= 1.2.6.3 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-2425 | 2022-08-08 | WP DS Blog Map <= 3.1.3 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-2426 | 2022-08-08 | Thinkific Uploader <= 1.0.0 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-2460 | 2022-08-08 | WPDating < 7.4.0 - Multiple Unauthenticated SQLi |
| CVE-2022-35487 | 2022-08-08 | Zammad 5.2.0 suffers from Incorrect Access Control. Zammad did not correctly perform authorization on certain attachment endpoints. This could be abused by an unauthenticated attacker to gain access to attachments,... |
| CVE-2022-35488 | 2022-08-08 | In Zammad 5.2.0, an attacker could manipulate the rate limiting in the 'forgot password' feature of Zammad, and thereby send many requests for a known account to cause Denial Of... |
| CVE-2022-35489 | 2022-08-08 | In Zammad 5.2.0, customers who have secondary organizations assigned were able to see all organizations of the system rather than only those to which they are assigned. |
| CVE-2022-35490 | 2022-08-08 | Zammad 5.2.0 is vulnerable to privilege escalation. Zammad has a prevention against brute-force attacks trying to guess login credentials. After a configurable amount of attempts, users are invalidated and logins... |
| CVE-2022-35493 | 2022-08-08 | A Cross-site scripting (XSS) vulnerability in json search parse and the json response in wrteam.in, eShop - Multipurpose Ecommerce Store Website version 3.0.4 allows remote attackers to inject arbitrary web... |
| CVE-2022-2713 | 2022-08-08 | Insufficient Session Expiration in cockpit-hq/cockpit |
| CVE-2022-36267 | 2022-08-08 | In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Unauthenticated remote command injection vulnerability. The ping functionality can be called without user authentication when crafting a malicious http... |
| CVE-2022-36266 | 2022-08-08 | In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a stored XSS vulnerability. As the binary file /home/www/cgi-bin/login.cgi does not check if the user is authenticated, a malicious actor... |
| CVE-2022-36265 | 2022-08-08 | In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Hidden system command web page. After performing a reverse engineering of the firmware, it was discovered that a hidden... |
| CVE-2022-36264 | 2022-08-08 | In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists an Unauthenticated remote Arbitrary File Upload vulnerability which allows overwriting arbitrary files. A malicious actor can remotely upload a file... |
| CVE-2022-34293 | 2022-08-08 | wolfSSL before 5.4.0 allows remote attackers to cause a denial of service via DTLS because a check for return-routability can be skipped. |
| CVE-2021-41615 | 2022-08-08 | websda.c in GoAhead WebServer 2.1.8 has insufficient nonce entropy because the nonce calculation relies on the hardcoded onceuponatimeinparadise value, which does not follow the secret-data guideline for HTTP Digest Access... |
| CVE-2022-28131 | 2022-08-09 | Stack exhaustion from deeply nested XML documents in encoding/xml |
| CVE-2022-29804 | 2022-08-09 | Path traversal via Clean on Windows in path/filepath |
| CVE-2022-32429 | 2022-08-09 | An authentication-bypass issue in the component http://MYDEVICEIP/cgi-bin-sdb/ExportSettings.sh of Mega System Technologies Inc MSNSwitch MNT.2408 allows unauthenticated attackers to arbitrarily configure settings within the application, leading to remote code execution. |
| CVE-2022-35812 | 2022-08-09 | Azure Site Recovery Elevation of Privilege Vulnerability |
| CVE-2021-33643 | 2022-08-09 | An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink, causing an... |
| CVE-2021-33644 | 2022-08-09 | An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longname, causing an... |
| CVE-2021-33645 | 2022-08-09 | The th_read() function doesn’t free a variable t->th_buf.gnu_longlink after allocating memory, which may cause a memory leak. |