Lista CVE - 2022 / Settembre
Visualizzazione 501 - 600 di 2148 CVE per Settembre 2022 (Pagina 6 di 22)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2022-38070 | 2022-09-09 | WordPress Pop-up plugin <= 1.1.5 - Privilege Escalation vulnerability |
| CVE-2022-35725 | 2022-09-09 | WordPress wp-forecast plugin <= 7.5 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-36422 | 2022-09-09 | WP-PostRatings plugin <= 1.89 - Rating increase/decrease via race condition |
| CVE-2022-36376 | 2022-09-09 | WordPress Rank Math SEO plugin <= 1.0.95 - Server-Side Request Forgery (SSRF) vulnerability |
| CVE-2022-36356 | 2022-09-09 | WordPress Culture Object plugin <= 4.0.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-40191 | 2022-09-09 | WordPress Contact Form By Mega Forms plugin <= 1.2.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-38144 | 2022-09-09 | WordPress wpForo Forum plugin <= 2.0.5 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-38093 | 2022-09-09 | WordPress All in One SEO plugin <= 4.2.3.1 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities |
| CVE-2022-38058 | 2022-09-09 | WordPress WP Shamsi plugin <= 4.1.1 - Authenticated Plugin Setting change vulnerability |
| CVE-2022-3077 | 2022-09-09 | A buffer overflow vulnerability was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way it handled the I2C_SMBUS_BLOCK_PROC_CALL case (via the ioctl I2C_SMBUS) with malicious... |
| CVE-2022-37405 | 2022-09-09 | WordPress Better Font Awesome plugin <= 2.0.1 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-37403 | 2022-09-09 | WordPress Add User Role plugin <= 0.0.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-37404 | 2022-09-09 | WordPress add2fav plugin <= 1.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-36793 | 2022-09-09 | WordPress WP Shop plugin <= 3.9.6 - Unauthenticated Plugin Settings Change & Data Deletion vulnerabilities |
| CVE-2022-37412 | 2022-09-09 | WordPress Better Delete Revision plugin <= 1.6.1 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-38067 | 2022-09-09 | WordPress Event Calendar – Calendar plugin <= 1.4.6 - Unauthenticated Event Deletion vulnerability |
| CVE-2022-35277 | 2022-09-09 | WordPress GetResponse plugin <= 5.5.20 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-37411 | 2022-09-09 | WordPress Captcha Code plugin <= 2.7 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-35275 | 2022-09-09 | WordPress Advanced Order Export For WooCommerce plugin <= 3.3.1 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-36423 | 2022-09-09 | Incorrect configuration of the cJSON library lead a Stack overflow vulnerability during recursive parsing. LAN attackers can lead a DoS attack to all network devices. |
| CVE-2022-38064 | 2022-09-09 | windowmanager in window subsystem has a permission bypass vulnerability. Local attackers can bypass permission control and get sensitive information. |
| CVE-2022-38700 | 2022-09-09 | multimedia subsystem has a permission bypass vulnerability. LAN attackers can bypass permission control and get control of camera service. |
| CVE-2022-38081 | 2022-09-09 | Tokensync in security subsystem has a permission bypass vulnerability. LAN attackers can bypass the distributed permission control.To take advantage of this weakness, attackers need another vulnerability to obtain system. |
| CVE-2022-36877 | 2022-09-09 | Exposure of Sensitive Information in FaqSymptomCardViewModel in Samsung Members prior to versions 4.3.00.11 in Global and 14.0.02.4 in China allows local attackers to access device identification via log. |
| CVE-2022-36878 | 2022-09-09 | Exposure of Sensitive Information in Find My Mobile prior to version 7.2.25.14 allows local attacker to access IMEI via log. |
| CVE-2022-39844 | 2022-09-09 | Improper validation of integrity check vulnerability in Smart Switch PC prior to version 4.3.22083 allows local attackers to delete arbitrary directory using directory junction. |
| CVE-2022-39845 | 2022-09-09 | Improper validation of integrity check vulnerability in Samsung Kies prior to version 2.6.4.22074 allows local attackers to delete arbitrary directory using directory junction. |
| CVE-2022-39846 | 2022-09-09 | DLL hijacking vulnerability in Smart Switch PC prior to version 4.3.22083_3 allows attacker to execute arbitrary code. |
| CVE-2022-38701 | 2022-09-09 | IPC in communication subsystem has a heap overflow vulnerability. Local attackers can trigger a heap overflow and get network sensitive information. |
| CVE-2022-36841 | 2022-09-09 | A heap-based overflow vulnerability in PrepareRecogLibrary_Part function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault. |
| CVE-2022-36845 | 2022-09-09 | A heap-based overflow vulnerability in MHW_RECOG_LIB_INFO function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault. |
| CVE-2022-36847 | 2022-09-09 | Use after free vulnerability in mtp_send_signal function of MTP driver prior to SMR Sep-2022 Release 1 allows attackers to perform malicious actions. |
| CVE-2022-36849 | 2022-09-09 | Use after free vulnerability in sdp_mm_set_process_sensitive function of sdpmm driver prior to SMR Sep-2022 Release 1 allows attackers to perform malicious actions. |
| CVE-2022-36859 | 2022-09-09 | Improper input validation vulnerability in SmartTagPlugin prior to version 1.2.21-6 allows privileged attackers to trigger a XSS on a victim's devices. |
| CVE-2022-36876 | 2022-09-09 | Improper authorization in UPI payment in Samsung Pass prior to version 4.0.04.10 allows physical attackers to access account list without authentication. |
| CVE-2022-36842 | 2022-09-09 | A heap-based overflow vulnerability in prepareRecogLibrary function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault. |
| CVE-2022-36843 | 2022-09-09 | A heap-based overflow vulnerability in MHW_RECOG_LIB_INFO function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault. |
| CVE-2022-36844 | 2022-09-09 | A heap-based overflow vulnerability in HWR::EngJudgeModel::Construct() in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault. |
| CVE-2022-36846 | 2022-09-09 | A heap-based overflow vulnerability in ConstructDictionary function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault. |
| CVE-2022-36860 | 2022-09-09 | A heap-based overflow vulnerability in LoadEnvironment function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault. |
| CVE-2022-36862 | 2022-09-09 | A heap-based overflow vulnerability in HWR::EngineCJK::Impl::Construct() in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault. |
| CVE-2022-36863 | 2022-09-09 | A heap-based overflow vulnerability in GetCorrectDbLanguageTypeEsPKc function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault. |
| CVE-2022-36854 | 2022-09-09 | Out of bound read in libapexjni.media.samsung.so prior to SMR Sep-2022 Release 1 allows attacker access unauthorized information. |
| CVE-2022-36858 | 2022-09-09 | A heap-based overflow vulnerability in GetCorrectDbLanguageTypeEsPKc() function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault. |
| CVE-2022-36874 | 2022-09-09 | Improper Handling of Insufficient Permissions or Privileges vulnerability in Waterplugin prior to 2.2.11.22040751 allows attacker to access device IMEI and Serial number. |
| CVE-2022-36875 | 2022-09-09 | Improper restriction of broadcasting Intent in SaWebViewRelayActivity of?Waterplugin prior to version 2.2.11.22081151 allows attacker to access the file without permission. |
| CVE-2022-36870 | 2022-09-09 | Pending Intent hijacking vulnerability in MTransferNotificationManager in Samsung Pay prior to version 5.0.63 for KR and 5.1.47 for Global allows attackers to access files without permission via implicit Intent. |
| CVE-2022-36871 | 2022-09-09 | Pending Intent hijacking vulnerability in NotiCenterUtils in Samsung Pay prior to version 5.0.63 for KR and 5.1.47 for Global allows attackers to access files without permission via implicit Intent. |
| CVE-2022-36873 | 2022-09-09 | Improper restriction of broadcasting Intent in GalaxyStoreBridgePageLinker of?Waterplugin prior to version 2.2.11.22081151 leaks MAC address of the connected Bluetooth device. |
| CVE-2022-36848 | 2022-09-09 | Improper Authorization vulnerability in setDualDARPolicyCmd prior to SMR Sep-2022 Release 1 allows local attackers to cause local permanent denial of service. |
| CVE-2022-36872 | 2022-09-09 | Pending Intent hijacking vulnerability in SpayNotification in Samsung Pay prior to version 5.0.63 for KR and 5.1.47 for Global allows attackers to access files without permission via implicit Intent. |
| CVE-2022-36852 | 2022-09-09 | Improper Authorization vulnerability in Video Editor prior to SMR Sep-2022 Release 1 allows local attacker to access internal application data. |
| CVE-2022-36853 | 2022-09-09 | Intent redirection in Photo Editor prior to SMR Sep-2022 Release 1 allows attacker to get sensitive information. |
| CVE-2022-36856 | 2022-09-09 | Improper access control vulnerability in Telecom application prior to SMR Sep-2022 Release 1 allows attacker to start emergency calls via undefined permission. |
| CVE-2022-36861 | 2022-09-09 | Custom permission misuse vulnerability in SystemUI prior to SMR Sep-2022 Release 1 allows attacker to use some protected functions with SystemUI privilege. |
| CVE-2022-36850 | 2022-09-09 | Path traversal vulnerability in CallBGProvider prior to SMR Sep-2022 Release 1 allows attacker to overwrite arbitrary file with phone uid. |
| CVE-2022-36857 | 2022-09-09 | Improper Authorization vulnerability in Photo Editor prior to SMR Sep-2022 Release 1 allows physical attackers to read internal application data. |
| CVE-2022-36865 | 2022-09-09 | Improper access control in Group Sharing prior to versions 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below allows attackers to access device information. |
| CVE-2022-36866 | 2022-09-09 | Improper access control vulnerability in Broadcaster in Group Sharing prior to versions 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below allows attackers to identify the device. |
| CVE-2022-36867 | 2022-09-09 | Improper access control vulnerability in Editor Lite prior to version 4.0.40.14 allows attackers to access sensitive information. |
| CVE-2022-36851 | 2022-09-09 | Improper access control vulnerability in Samsung pass prior to version 4.0.03.1 allow physical attackers to access data of Samsung pass on a certain state of an unlocked device. |
| CVE-2022-36855 | 2022-09-09 | A use after free vulnerability in iva_ctl driver prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault. |
| CVE-2022-36864 | 2022-09-09 | Improper access control and intent redirection in Samsung Email prior to 6.1.70.20 allows attacker to access specific formatted file and execute privileged behavior. |
| CVE-2022-36869 | 2022-09-09 | Improper access control vulnerability in ContactsDumpActivity of?Contacts Provider prior to version 12.7.59 allows attacker to access the file without permission. |
| CVE-2022-26394 | 2022-09-09 | Unauthenticated network reconfiguration via TCP/UDP |
| CVE-2022-26392 | 2022-09-09 | Format String vulnerability |
| CVE-2022-26390 | 2022-09-09 | Unencrypted internal storage of security credentials |
| CVE-2022-26393 | 2022-09-09 | Format String vulnerability |
| CVE-2022-37407 | 2022-09-09 | WordPress Gallery PhotoBlocks plugin <= 1.2.6 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities |
| CVE-2022-37335 | 2022-09-09 | WordPress Word Search Puzzles game plugin <= 2.0.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-36617 | 2022-09-09 | Arq Backup 7.19.5.0 and below stores backup encryption passwords using reversible encryption. This issue allows attackers with administrative privileges to recover cleartext passwords. |
| CVE-2022-38613 | 2022-09-09 | A Path Traversal vulnerability in SmartVista Cardgen v3.28.0 allows authenticated attackers to read arbitrary files in the system. |
| CVE-2022-28741 | 2022-09-09 | aEnrich a+HRD 5.x Learning Management Key Performance Indicator System has a local file inclusion (LFI) vulnerability that occurs due to missing input validation in v5.x |
| CVE-2022-28742 | 2022-09-09 | aEnrich eHRD Learning Management Key Performance Indicator System 5+ has Improper Access Control. The web application does not validate user session when accessing many application pages. This can allow an... |
| CVE-2022-28740 | 2022-09-09 | aEnrich eHRD Learning Management Key Performance Indicator System 5+ exposes Sensitive Information to an Unauthorized Actor. |
| CVE-2022-34165 | 2022-09-09 | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.9 are vulnerable to HTTP header injection, caused by improper validation. This could... |
| CVE-2022-38615 | 2022-09-09 | SmartVista SVFE2 v2.2.22 was discovered to contain multiple SQL injection vulnerabilities via the UserForm:j_id88, UserForm:j_id90, and UserForm:j_id92 parameters at /SVFE2/pages/feegroups/service_group.jsf. |
| CVE-2022-38614 | 2022-09-09 | An issue in the IGB Files and OutfileService features of SmartVista Cardgen v3.28.0 allows attackers to list and download arbitrary files via modifying the PATH parameter. |
| CVE-2022-39809 | 2022-09-09 | An issue was discovered in WSO2 Enterprise Integrator 6.4.0. A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Management Console under /carbon/mediation_secure_vault/properties/ajaxprocessor.jsp via the name parameter. Session hijacking... |
| CVE-2022-39810 | 2022-09-09 | An issue was discovered in WSO2 Enterprise Integrator 6.4.0. A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Management Console under /carbon/ndatasource/validateconnection/ajaxprocessor.jsp via the driver parameter. Session hijacking... |
| CVE-2022-40317 | 2022-09-09 | OpenKM 6.3.11 allows stored XSS related to the javascript: substring in an A element. |
| CVE-2022-36109 | 2022-09-09 | Moby vulnerability relating to supplementary group permissions |
| CVE-2022-3133 | 2022-09-09 | OS Command Injection in jgraph/drawio |
| CVE-2021-40647 | 2022-09-09 | In man2html 1.6g, a specific string being read in from a file will overwrite the size parameter in the top chunk of the heap. This at least causes the program... |
| CVE-2021-40648 | 2022-09-09 | In man2html 1.6g, a filename can be created to overwrite the previous size parameter of the next chunk and the fd, bk, fd_nextsize, bk_nextsize of the current chunk. The next... |
| CVE-2021-44835 | 2022-09-09 | An issue was discovered in Active Intelligent Visualization 5. The Vdc header is used in a SQL query without being sanitized. This causes SQL injection. |
| CVE-2022-38639 | 2022-09-09 | A cross-site scripting (XSS) vulnerability in Markdown-Nice v1.8.22 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Community Posting field. |
| CVE-2022-31006 | 2022-09-09 | Hyperledger Indy DOS vulnerability |
| CVE-2022-36110 | 2022-09-09 | Netmaker vulnerable to Insufficient Granularity of Access Control |
| CVE-2022-38638 | 2022-09-09 | Casdoor v1.97.3 was discovered to contain an arbitrary file write vulnerability via the fullFilePath parameter at /api/upload-resource. |
| CVE-2022-40320 | 2022-09-09 | cfg_tilde_expand in confuse.c in libConfuse 3.3 has a heap-based buffer over-read. |
| CVE-2021-37819 | 2022-09-09 | PDF Labs pdftk-java v3.2.3 was discovered to contain an infinite loop via the component /text/pdf/PdfReader.java. |
| CVE-2022-39135 | 2022-09-11 | Apache Calcite: potential XEE attacks |
| CVE-2022-26049 | 2022-09-11 | Arbitrary File Write via Archive Extraction (Zip Slip) |
| CVE-2022-25295 | 2022-09-11 | Open Redirect |
| CVE-2022-40322 | 2022-09-11 | SysAid Help Desk before 22.1.65 allows XSS, aka FR# 66542 and 65579. |
| CVE-2022-40323 | 2022-09-11 | SysAid Help Desk before 22.1.65 allows XSS in the Password Services module, aka FR# 67241. |
| CVE-2022-40324 | 2022-09-11 | SysAid Help Desk before 22.1.65 allows XSS via the Linked SRs field, aka FR# 67258. |
| CVE-2022-40325 | 2022-09-11 | SysAid Help Desk before 22.1.65 allows XSS via the Asset Dashboard, aka FR# 67262. |
| CVE-2022-37794 | 2022-09-11 | In Library Management System 1.0 the /card/in-card.php file id_no parameters are vulnerable to SQL injection. |