CVE List - 2022 / April
Showing 1 - 100 of 2039 CVEs for April 2022 (Page 1 of 21)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-33657 | 2022-04-01 | There is a heap overflow problem in video/SDL_pixels.c in SDL (Simple DirectMedia Layer) 2.x to 2.0.18 versions. By crafting a malicious .BMP file, an attacker can cause the application using... |
| CVE-2022-26562 | 2022-04-01 | An issue in provider/libserver/ECKrbAuth.cpp of Kopano Core <= v11.0.2.51 contains an issue which allows attackers to authenticate even if the user account or password is expired. It also exists in... |
| CVE-2022-22963 | 2022-04-01 | In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression... |
| CVE-2021-1942 | 2022-04-01 | Improper handling of permissions of a shared memory region can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon... |
| CVE-2021-1950 | 2022-04-01 | Improper cleaning of secure memory between authenticated users can lead to face authentication bypass in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and... |
| CVE-2021-30328 | 2022-04-01 | Possible assertion due to improper validation of invalid NR CSI-IM resource configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile |
| CVE-2021-30329 | 2022-04-01 | Possible assertion due to improper validation of TCI configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile |
| CVE-2021-30331 | 2022-04-01 | Possible buffer overflow due to improper data validation of external commands sent via DIAG interface in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile,... |
| CVE-2021-30332 | 2022-04-01 | Possible assertion due to improper validation of OTA configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile |
| CVE-2021-30333 | 2022-04-01 | Improper validation of buffer size input to the EFS file can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile,... |
| CVE-2021-35088 | 2022-04-01 | Possible out of bound read due to improper validation of IE length during SSID IE parse when channel is DFS in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT,... |
| CVE-2021-35089 | 2022-04-01 | Possible buffer overflow due to lack of input IB amount validation while processing the user command in Snapdragon Auto |
| CVE-2021-35103 | 2022-04-01 | Possible out of bound write due to improper validation of number of timer values received from firmware while syncing timers in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT,... |
| CVE-2021-35105 | 2022-04-01 | Possible out of bounds access due to improper input validation during graphics profiling in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice... |
| CVE-2021-35106 | 2022-04-01 | Possible out of bound read due to improper length calculation of WMI message. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice... |
| CVE-2021-35110 | 2022-04-01 | Possible buffer overflow to improper validation of hash segment of file while allocating memory in Snapdragon Connectivity, Snapdragon Mobile |
| CVE-2021-35115 | 2022-04-01 | Improper handling of multiple session supported by PVM backend can lead to use after free in Snapdragon Auto, Snapdragon Mobile |
| CVE-2021-35117 | 2022-04-01 | An Out of Bounds read may potentially occur while processing an IBSS beacon, in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice... |
| CVE-2022-25017 | 2022-04-01 | Hitron CHITA 7.2.2.0.3b6-CD devices contain a command injection vulnerability via the Device/DDNS ddnsUsername field. |
| CVE-2022-21947 | 2022-04-01 | rancher desktop: Dashboard API is network accessible |
| CVE-2021-36775 | 2022-04-01 | Deleting PRTBs associated to a group doesn't cause deletion of corresponding RoleBindings |
| CVE-2021-36776 | 2022-04-01 | Steve API proxy impersonation |
| CVE-2022-24181 | 2022-04-01 | Cross-site scripting (XSS) via Host Header injection in PKP Open Journals System 2.4.8 >= 3.3 allows remote attackers to inject arbitary code via the X-Forwarded-Host Header. |
| CVE-2021-44135 | 2022-04-01 | pagekit all versions, as of 15-10-2021, is vulnerable to SQL Injection via Comment listing. |
| CVE-2022-21235 | 2022-04-01 | Command Injection |
| CVE-2022-22327 | 2022-04-01 | IBM UrbanCode Deploy (UCD) 7.0.5, 7.1.0, 7.1.1, and 7.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 218859. |
| CVE-2022-22328 | 2022-04-01 | IBM SterlingPartner Engagement Manager 6.2.0 could allow a malicious user to elevate their privileges and perform unintended operations to another users data. IBM X-Force ID: 218871. |
| CVE-2022-22331 | 2022-04-01 | IBM SterlingPartner Engagement Manager 6.2.0 could allow a remote authenticated attacker to obtain sensitive information or modify user details caused by an insecure direct object vulnerability (IDOR). IBM X-Force ID:... |
| CVE-2022-22332 | 2022-04-01 | IBM Sterling Partner Engagement Manager 6.2.0 could allow an attacker to impersonate another user due to missing revocation mechanism for the JWT token. IBM X-Force ID: 219131. |
| CVE-2022-22404 | 2022-04-01 | IBM App Connect Enterprise Certified Container Dashboard UI (IBM App Connect Enterprise Certified Container 1.5, 2.0, 2.1, 3.0, and 3.1) may be vulnerable to denial of service due to excessive... |
| CVE-2022-24440 | 2022-04-01 | Command Injection |
| CVE-2022-21223 | 2022-04-01 | Command Injection |
| CVE-2022-1207 | 2022-04-01 | Out-of-bounds read in radareorg/radare2 |
| CVE-2022-24066 | 2022-04-01 | Command Injection |
| CVE-2022-23155 | 2022-04-01 | Dell Wyse Management Suite versions 2.0 through 3.5.2 contain an unrestricted file upload vulnerability. A malicious user with admin privileges can exploit this vulnerability in order to execute arbitrary code... |
| CVE-2022-23156 | 2022-04-01 | Wyse Device Agent version 14.6.1.4 and below contain an Improper Authentication vulnerability. A malicious user could potentially exploit this vulnerability by providing invalid input in order to obtain a connection... |
| CVE-2022-23157 | 2022-04-01 | Wyse Device Agent version 14.6.1.4 and below contain a sensitive data exposure vulnerability. A authenticated malicious user could potentially exploit this vulnerability in order to view sensitive information from the... |
| CVE-2022-23158 | 2022-04-01 | Wyse Device Agent version 14.6.1.4 and below contain a sensitive data exposure vulnerability. A local authenticated user with standard privilege could potentially exploit this vulnerability and provide incorrect port information... |
| CVE-2022-24426 | 2022-04-01 | Dell Command | Update, Dell Update, and Alienware Update version 4.4.0 contains a Local Privilege Escalation Vulnerability in the Advanced Driver Restore component. A local malicious user could potentially exploit... |
| CVE-2022-26565 | 2022-04-01 | A cross-site scripting (XSS) vulnerability in Totaljs all versions before commit 95f54a5commit, allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page Name... |
| CVE-2022-21830 | 2022-04-01 | A blind self XSS vulnerability exists in RocketChat LiveChat <v1.9 that could allow an attacker to trick a victim pasting malicious code in their chat instance. |
| CVE-2022-22570 | 2022-04-01 | A buffer overflow vulnerability found in the UniFi Door Access Reader Lite’s (UA Lite) firmware (Version 3.8.28.24 and earlier) allows a malicious actor who has gained access to a network... |
| CVE-2022-27177 | 2022-04-01 | A Python format string issue leading to information disclosure and potentially remote code execution in ConsoleMe for all versions prior to 1.2.2 |
| CVE-2021-32961 | 2022-04-01 | MDT AutoSave Unrestricted Upload of File with Dangerous Type |
| CVE-2021-32953 | 2022-04-01 | MDT AutoSave SQL Injection |
| CVE-2021-32933 | 2022-04-01 | MDT AutoSave Command Injection |
| CVE-2021-32937 | 2022-04-01 | MDT AutoSave Generation of Error Message Containing Sensitive Information |
| CVE-2021-32957 | 2022-04-01 | MDT AutoSave Uncontrolled Search Path Element |
| CVE-2021-32949 | 2022-04-01 | MDT AutoSave Relative Path Traversal |
| CVE-2021-32945 | 2022-04-01 | MDT AutoSave Inadequate Encryption Strength |
| CVE-2021-32960 | 2022-04-01 | Rockwell Automation FactoryTalk Services Platform Protection Mechanism Failure |
| CVE-2021-32968 | 2022-04-01 | Moxa NPort IAW5000A-I/O Series Serial Device Server Classic Buffer Overflow |
| CVE-2021-32970 | 2022-04-01 | Moxa NPort IAW5000A-I/O Series Serial Device Server Improper Input Validation |
| CVE-2021-32974 | 2022-04-01 | Moxa NPort IAW5000A-I/O Series Serial Device Server Improper Input Validation |
| CVE-2021-32976 | 2022-04-01 | Moxa NPort IAW5000A-I/O Series Serial Device Server Stack-based Buffer Overflow |
| CVE-2021-27493 | 2022-04-01 | Philips Vue PACS |
| CVE-2021-27501 | 2022-04-01 | Philips Vue PACS Improper Adherence to Coding Standards |
| CVE-2021-33020 | 2022-04-01 | Philips Vue PACS Use of a Key Past its Expiration Date |
| CVE-2021-33024 | 2022-04-01 | Philips Vue PACS Insufficiently Protected Credentials |
| CVE-2021-27497 | 2022-04-01 | Philips Vue PACS Protection Mechanism Failure |
| CVE-2021-33022 | 2022-04-01 | Philips Vue PACS Cleartext Transmission of Sensitive Information |
| CVE-2021-33018 | 2022-04-01 | Philips Vue PACS Use of a Broken or Risky Cryptographic Algorithm |
| CVE-2022-1098 | 2022-04-01 | Delta Electronics DIAEnergie Uncontrolledly Search Path Element |
| CVE-2022-0922 | 2022-04-01 | ICSMA-22-088-01 Philips e-Alert |
| CVE-2022-1018 | 2022-04-01 | ICSA-22-088-01 Rockwell Automation ISaGRAF |
| CVE-2021-20238 | 2022-04-01 | It was found in OpenShift Container Platform 4 that ignition config, served by the Machine Config Server, can be accessed externally from clusters without authentication. The MCS endpoint (port 22623)... |
| CVE-2021-23247 | 2022-04-01 | A command injection vulerability found in quick game engine allows arbitrary remote code in quick app. Allows remote attacke0rs to gain arbitrary code execution in quick game engine |
| CVE-2019-14839 | 2022-04-01 | It was observed that while login into Business-central console, HTTP request discloses sensitive information like username and password when intercepted using some tool like burp suite etc. |
| CVE-2021-3847 | 2022-04-01 | An unauthorized access to the execution of the setuid file with capabilities flaw in the Linux kernel OverlayFS subsystem was found in the way user copying a capable file from... |
| CVE-2022-22965 | 2022-04-01 | A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run... |
| CVE-2022-22950 | 2022-04-01 | n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of... |
| CVE-2021-23287 | 2022-04-01 | Security issues in Intelligent Power Manager (IPM 1) |
| CVE-2021-23288 | 2022-04-01 | Security issues in Intelligent Power Protector |
| CVE-2022-0489 | 2022-04-01 | An issue has been discovered in GitLab CE/EE affecting all versions starting with 8.15 . It was possible to trigger a DOS by using the math feature with a specific... |
| CVE-2022-0390 | 2022-04-01 | Improper access control in Gitlab CE/EE versions 12.7 to 14.5.4, 14.6 to 14.6.4, and 14.7 to 14.7.1 allowed for project non-members to retrieve issue details when it was linked to... |
| CVE-2022-0373 | 2022-04-01 | Improper access control in GitLab CE/EE versions 12.4 to 14.5.4, 14.5 to 14.6.4, and 12.6 to 14.7.1 allows project non-members to retrieve the service desk email address |
| CVE-2021-39908 | 2022-04-01 | In all versions of GitLab CE/EE starting from 0.8.0 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 certain Unicode characters can... |
| CVE-2022-0425 | 2022-04-01 | A DNS rebinding vulnerability in the Irker IRC Gateway integration in all versions of GitLab CE/EE since version 7.9 allows an attacker to trigger Server Side Request Forgery (SSRF) attacks. |
| CVE-2022-0741 | 2022-04-01 | Improper input validation in all versions of GitLab CE/EE using sendmail to send emails allowed an attacker to steal environment variables via specially crafted email addresses. |
| CVE-2021-26623 | 2022-04-01 | Bandisoft ARK Library Out-of-bound Vulnerability |
| CVE-2021-26624 | 2022-04-01 | eScan Anti-Virus Local privilege escalation Vulnerability |
| CVE-2021-22277 | 2022-04-01 | AC 800M MMS - Denial of Service vulnerability in MMS communication |
| CVE-2021-32503 | 2022-04-01 | Unauthenticated users can access sensitive web URLs through GET request, which should be restricted to maintenance users only. A malicious attacker could use this sensitive information’s to launch further attacks... |
| CVE-2021-3461 | 2022-04-01 | A flaw was found in keycloak where keycloak may fail to logout user session if the logout request comes from external SAML identity provider and Principal Type is set to... |
| CVE-2021-20295 | 2022-04-01 | It was discovered that the update for the virt:rhel module in the RHSA-2020:4676 (https://access.redhat.com/errata/RHSA-2020:4676) erratum released as part of Red Hat Enterprise Linux 8.3 failed to include the fix for... |
| CVE-2021-27223 | 2022-04-01 | A denial-of-service issue existed in one of modules that was incorporated in Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security. A local user could cause Windows crash by running... |
| CVE-2022-27534 | 2022-04-01 | Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security with antivirus databases released before 12 March 2022 had a bug in a data parsing module that potentially allowed an attacker... |
| CVE-2021-28504 | 2022-04-01 | On Arista Strata family products which have “TCAM profile” feature enabled when Port IPv4 access-list has a rule which matches on “vxlan” as protocol then that rule and subsequent rules ( rules declared after it in ACL ) do not match on IP protocol fi ... |
| CVE-2022-1159 | 2022-04-01 | Rockwell Automation Studio 5000 Logix Designer Code Injection |
| CVE-2020-14479 | 2022-04-01 | ICSA-20-147-01 Inductive Automation Ignition (Update B) |
| CVE-2022-25959 | 2022-04-01 | Rockwell Automation Studio 5000 Logix Designer Improper Restriction of Operations within the Bounds of a Memory Buffer |
| CVE-2022-26417 | 2022-04-01 | Rockwell Automation Studio 5000 Logix Designer Use After Free |
| CVE-2022-26022 | 2022-04-01 | Rockwell Automation Studio 5000 Logix Designer Out-of-Bounds Write |
| CVE-2022-26419 | 2022-04-01 | Rockwell Automation Studio 5000 Logix Designer Code Injection |
| CVE-2022-1068 | 2022-04-01 | Modbus Tools Modbus Slave Stack-Based Buffer Overflow |
| CVE-2022-25155 | 2022-04-01 | Use of Password Hash Instead of Password for Authentication vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi... |
| CVE-2022-25156 | 2022-04-01 | Use of Weak Hash vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU... |
| CVE-2022-25157 | 2022-04-01 | Use of Password Hash Instead of Password for Authentication vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi... |
| CVE-2022-25159 | 2022-04-01 | Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU... |
| CVE-2022-25158 | 2022-04-01 | Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series... |