Lista CVE - 2022 / Settembre
Visualizzazione 1201 - 1300 di 2148 CVE per Settembre 2022 (Pagina 13 di 22)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2022-40762 | 2022-09-16 | A Memory Allocation with Excessive Size Value vulnerablity in the TEE_Realloc function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking... |
| CVE-2022-40761 | 2022-09-16 | The function tee_obj_free in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_AllocateOperation with a disturbed heap layout, related... |
| CVE-2022-40760 | 2022-09-16 | A Buffer Access with Incorrect Length Value vulnerablity in the TEE_MACUpdate function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking... |
| CVE-2022-40759 | 2022-09-16 | A NULL pointer dereference issue in the TEE_MACCompareFinal function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_MACCompareFinal... |
| CVE-2022-40758 | 2022-09-16 | A Buffer Access with Incorrect Length Value vulnerablity in the TEE_CipherUpdate function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking... |
| CVE-2022-40757 | 2022-09-16 | A Buffer Access with Incorrect Length Value vulnerablity in the TEE_MACComputeFinal function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking... |
| CVE-2022-35983 | 2022-09-16 | `CHECK` fail in `Save` and `SaveSlices` in TensorFlow |
| CVE-2022-35984 | 2022-09-16 | `CHECK` fail in `ParameterizedTruncatedNormal` in TensorFlow |
| CVE-2022-35985 | 2022-09-16 | `CHECK` fail in `LRNGrad` in TensorFlow |
| CVE-2022-35987 | 2022-09-16 | `CHECK` fail in `DenseBincount` in TensorFlow |
| CVE-2022-35986 | 2022-09-16 | Segfault in `RaggedBincount` in TensorFlow |
| CVE-2022-35990 | 2022-09-16 | `CHECK` fail in `FakeQuantWithMinMaxVarsPerChannelGradient` in TensorFlow |
| CVE-2022-36019 | 2022-09-16 | `CHECK` fail in `FakeQuantWithMinMaxVarsPerChannel` in TensorFlow |
| CVE-2022-36018 | 2022-09-16 | `CHECK` fail in `RaggedTensorToVariant` in TensorFlow |
| CVE-2022-36026 | 2022-09-16 | `CHECK` fail in `QuantizeAndDequantizeV3` in TensorFlow |
| CVE-2022-36001 | 2022-09-16 | `CHECK` fail in `DrawBoundingBoxes` in TensorFlow |
| CVE-2022-36002 | 2022-09-16 | `CHECK` fail in `Unbatch` in TensorFlow |
| CVE-2022-36003 | 2022-09-16 | `CHECK` fail in `RandomPoissonV2` in TensorFlow |
| CVE-2022-36004 | 2022-09-16 | `CHECK` fail in `tf.random.gamma` in TensorFlow |
| CVE-2022-36005 | 2022-09-16 | `CHECK` fail in `FakeQuantWithMinMaxVarsGradient` in TensorFlow |
| CVE-2022-36016 | 2022-09-16 | `CHECK`-fail in `tensorflow::full_type::SubstituteFromAttrs` in TensorFlow |
| CVE-2022-35995 | 2022-09-16 | `CHECK` fail in `AudioSummaryV2` in TensorFlow |
| CVE-2022-35997 | 2022-09-16 | `CHECK` fail in `tf.sparse.cross` in TensorFlow |
| CVE-2022-35998 | 2022-09-16 | `CHECK` fail in `EmptyTensorList` in TensorFlow |
| CVE-2022-35999 | 2022-09-16 | `CHECK` fail in `Conv2DBackpropInput` in TensorFlow |
| CVE-2022-35991 | 2022-09-16 | `CHECK` fail in `TensorListScatter` and `TensorListScatterV2` in TensorFlow |
| CVE-2022-35992 | 2022-09-16 | `CHECK` fail in `TensorListFromTensor` in TensorFlow |
| CVE-2022-35993 | 2022-09-16 | `CHECK` fail in `SetSize` in TensorFlow |
| CVE-2022-35994 | 2022-09-16 | `CHECK` fail in `CollectiveGather` in TensorFlow |
| CVE-2022-36013 | 2022-09-16 | Null-dereference in `mlir::tfg::GraphDefImporter::ConvertNodeDef` in TensorFlow |
| CVE-2022-36011 | 2022-09-16 | Null dereference on MLIR on empty function attributes in TensorFlow |
| CVE-2022-36000 | 2022-09-16 | Null dereference on MLIR on empty function attributes in TensorFlow |
| CVE-2022-36014 | 2022-09-16 | Null-dereference in `mlir::tfg::TFOp::nameAttr` in TensorFlow |
| CVE-2022-40300 | 2022-09-16 | Zoho ManageEngine Password Manager Pro through 12120 before 12121, PAM360 through 5550 before 5600, and Access Manager Plus through 4304 before 4305 have multiple SQL injection vulnerabilities. |
| CVE-2022-36017 | 2022-09-16 | Segfault in `Requantize` in TensorFlow |
| CVE-2022-36027 | 2022-09-16 | Segfault TFLite converter on per-channel quantized transposed convolutions in TensorFlow |
| CVE-2022-35996 | 2022-09-16 | Floating point exception in `Conv2D` in TensorFlow |
| CVE-2022-36012 | 2022-09-16 | Assertion fail on MLIR empty edge names in TensorFlow |
| CVE-2022-36015 | 2022-09-16 | Integer overflow in math ops in TensorFlow |
| CVE-2022-39211 | 2022-09-16 | Server-Side Request Forgery (SSRF) via potential filter bypass in Nextcloud Server |
| CVE-2022-39210 | 2022-09-16 | Access to internal files of the Nextcloud Android app |
| CVE-2022-39212 | 2022-09-16 | Last video frame is still sent after video is disabled in a call in Nextcloud Talk |
| CVE-2022-39217 | 2022-09-16 | Improper Neutralization of Formula Elements in a CSV File in ghas-to-csv |
| CVE-2022-3234 | 2022-09-17 | Heap-based Buffer Overflow in vim/vim |
| CVE-2022-3173 | 2022-09-17 | Improper Authentication in snipe/snipe-it |
| CVE-2022-3231 | 2022-09-17 | Cross-site Scripting (XSS) - Stored in librenms/librenms |
| CVE-2022-39960 | 2022-09-17 | The Netic Group Export add-on before 1.0.3 for Atlassian Jira does not perform authorization checks. This might allow an unauthenticated user to export all groups from the Jira instance by... |
| CVE-2022-3232 | 2022-09-17 | Cross-Site Request Forgery (CSRF) in ikus060/rdiffweb |
| CVE-2022-3235 | 2022-09-18 | Use After Free in vim/vim |
| CVE-2022-40768 | 2022-09-18 | drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case. |
| CVE-2022-40766 | 2022-09-18 | Modern Campus Omni CMS (formerly OU Campus) 10.2.4 allows login-page SQL injection via a '" OR 1 = 1 -- - , <?php' substring. |
| CVE-2022-25873 | 2022-09-18 | Cross-site Scripting (XSS) |
| CVE-2022-40769 | 2022-09-18 | profanity through 1.60 has only four billion possible RNG initializations. Thus, attackers can recover private keys from Ethereum vanity addresses and steal cryptocurrency, as exploited in the wild in June... |
| CVE-2022-40775 | 2022-09-18 | An issue was discovered in Bento4 through 1.6.0-639. A NULL pointer dereference occurs in AP4_StszAtom::WriteFields. |
| CVE-2022-40774 | 2022-09-18 | An issue was discovered in Bento4 through 1.6.0-639. There is a NULL pointer dereference in AP4_StszAtom::GetSampleSize. |
| CVE-2022-28201 | 2022-09-19 | An issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. Users with the editinterface permission can trigger infinite recursion, because a bare local interwiki is... |
| CVE-2022-28203 | 2022-09-19 | A denial-of-service issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. When many files exist, requesting Special:NewFiles with actor as a condition can result in... |
| CVE-2022-2840 | 2022-09-19 | Zephyr Project Manager < 3.2.5 - Multiple Unauthenticated SQLi |
| CVE-2022-3141 | 2022-09-19 | Translatepress Multilinugal < 2.3.3 - Admin+ SQLi |
| CVE-2022-3142 | 2022-09-19 | NEX-Forms < 7.9.7 - Authenticated SQLi |
| CVE-2022-3239 | 2022-09-19 | A flaw use after free in the Linux kernel video4linux driver was found in the way user triggers em28xx_usb_probe() for the Empia 28xx based TV cards. A local user could... |
| CVE-2022-37032 | 2022-09-19 | An out-of-bounds read in the BGP daemon of FRRouting FRR before 8.4 may lead to a segmentation fault and denial of service. This occurs in bgp_capability_msg_parse in bgpd/bgp_packet.c. |
| CVE-2022-38339 | 2022-09-19 | Safe Software FME Server v2021.2.5, v2022.0.0.2 and below contains a cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into... |
| CVE-2022-38341 | 2022-09-19 | Safe Software FME Server v2021.2.5 and below does not employ server-side validation. |
| CVE-2022-40144 | 2022-09-19 | A vulnerability in Trend Micro Apex One and Trend Micro Apex One as a Service could allow an attacker to bypass the product's login authentication by falsifying request parameters on... |
| CVE-2022-35914 | 2022-09-19 | /vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI through 10.0.2 allows PHP code injection. |
| CVE-2022-40468 | 2022-09-19 | Potential leak of left-over heap data if custom error page templates containing special non-standard variables are used. Tinyproxy commit 84f203f and earlier use uninitialized buffers in process_request() function. |
| CVE-2022-40778 | 2022-09-19 | A stored Cross-Site Scripting (XSS) vulnerability in OPSWAT MetaDefender ICAP Server before 4.13.0 allows attackers to execute arbitrary JavaScript or HTML because of the blocked page response. |
| CVE-2022-38617 | 2022-09-19 | SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the voiceAudit:j_id97 parameter at /SVFE2/pages/audit/voiceaudit.jsf. |
| CVE-2022-38880 | 2022-09-19 | The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The affected version is 0.1.0. |
| CVE-2022-1580 | 2022-09-19 | Site Offline < 1.5.3 - Access Bypass |
| CVE-2022-1591 | 2022-09-19 | WordPress Ping Optimizer < 2.35.1.3.0 - Arbitrary Settings Update via CSRF |
| CVE-2022-2567 | 2022-09-19 | Form Builder CP < 1.2.32 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-2709 | 2022-09-19 | Float to Top Button <= 2.3.6 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-2710 | 2022-09-19 | Scroll To Top < 1.4.1 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-2753 | 2022-09-19 | Ketchup Restaurant Reservations <= 1.0.0 - Unauthenticated Stored XSS |
| CVE-2022-2754 | 2022-09-19 | Ketchup Restaurant Reservations <= 1.0.0 - Unauthenticated Blind SQLi |
| CVE-2022-2958 | 2022-09-19 | BadgeOS < 3.7.1.3 - Subscriber+ SQLi |
| CVE-2022-3021 | 2022-09-19 | Slickr Flickr <= 2.8.1 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-3036 | 2022-09-19 | Gettext override translations < 2.0.0 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-40076 | 2022-09-19 | Tenda AC21 V16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, function: fromSetWifiGusetBasic. |
| CVE-2022-40075 | 2022-09-19 | Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, form_fast_setting_wifi_set. |
| CVE-2022-40074 | 2022-09-19 | Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, setSchedWifi. |
| CVE-2022-40073 | 2022-09-19 | Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, saveParentControlInfo. |
| CVE-2022-40072 | 2022-09-19 | Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, function: setSmartPowerManagement. |
| CVE-2022-40071 | 2022-09-19 | Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, formSetDeviceName. |
| CVE-2022-40070 | 2022-09-19 | Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via bin/httpd, function: formSetFirewallCfg. |
| CVE-2022-40069 | 2022-09-19 | ]Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, function: fromSetSysTime. |
| CVE-2022-40068 | 2022-09-19 | Tenda AC21 V16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, function: formSetQosBand. |
| CVE-2022-40067 | 2022-09-19 | Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, function: formSetVirtualSer. |
| CVE-2022-40424 | 2022-09-19 | The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-networking... |
| CVE-2022-40805 | 2022-09-19 | The d8s-urls for python 0.1.0, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the... |
| CVE-2022-40811 | 2022-09-19 | The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0. |
| CVE-2022-40806 | 2022-09-19 | The d8s-uuids for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0 |
| CVE-2022-40427 | 2022-09-19 | The d8s-domains for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0 |
| CVE-2022-40807 | 2022-09-19 | The d8s-domains for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0 |
| CVE-2022-40808 | 2022-09-19 | The d8s-dates for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0 |
| CVE-2022-40809 | 2022-09-19 | The d8s-dicts for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0 |
| CVE-2022-40810 | 2022-09-19 | The d8s-ip-addresses for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0 |
| CVE-2022-40429 | 2022-09-19 | The d8s-ip-addresses for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0. |