CVE List - 2022 / April
Showing 901 - 1000 of 2039 CVEs for April 2022 (Page 10 of 21)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-29039 | 2022-04-12 | Jenkins Gerrit Trigger Plugin 2.35.2 and earlier does not escape the name and description of Base64 Encoded String parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS)... |
| CVE-2022-29040 | 2022-04-12 | Jenkins Git Parameter Plugin 0.9.15 and earlier does not escape the name and description of Git parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable... |
| CVE-2022-29041 | 2022-04-12 | Jenkins Jira Plugin 3.7 and earlier, except 3.6.1, does not escape the name and description of Jira Issue and Jira Release Version parameters on views displaying parameters, resulting in a... |
| CVE-2022-29042 | 2022-04-12 | Jenkins Job Generator Plugin 1.22 and earlier does not escape the name and description of Generator Parameter and Generator Choice parameters on Job Generator jobs' Build With Parameters views, resulting... |
| CVE-2022-29043 | 2022-04-12 | Jenkins Mask Passwords Plugin 3.0 and earlier does not escape the name and description of Non-Stored Password parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability... |
| CVE-2022-29044 | 2022-04-12 | Jenkins Node and Label parameter Plugin 1.10.3 and earlier does not escape the name and description of Node and Label parameters on views displaying parameters, resulting in a stored cross-site... |
| CVE-2022-29046 | 2022-04-12 | Jenkins Subversion Plugin 2.15.3 and earlier does not escape the name and description of List Subversion tags (and more) parameters on views displaying parameters, resulting in a stored cross-site scripting... |
| CVE-2022-29047 | 2022-04-12 | Jenkins Pipeline: Shared Groovy Libraries Plugin 564.ve62a_4eb_b_e039 and earlier, except 2.21.3, allows attackers able to submit pull requests (or equivalent), but not able to commit directly to the configured SCM,... |
| CVE-2022-29048 | 2022-04-12 | A cross-site request forgery (CSRF) vulnerability in Jenkins Subversion Plugin 2.15.3 and earlier allows attackers to connect to an attacker-specified URL. |
| CVE-2022-29050 | 2022-04-12 | A cross-site request forgery (CSRF) vulnerability in Jenkins Publish Over FTP Plugin 1.16 and earlier allows attackers to connect to an FTP server using attacker-specified credentials. |
| CVE-2022-29051 | 2022-04-12 | Missing permission checks in Jenkins Publish Over FTP Plugin 1.16 and earlier allow attackers with Overall/Read permission to connect to an FTP server using attacker-specified credentials. |
| CVE-2022-29052 | 2022-04-12 | Jenkins Google Compute Engine Plugin 4.3.8 and earlier stores private keys unencrypted in cloud agent config.xml files on the Jenkins controller where they can be viewed by users with Extended... |
| CVE-2022-27419 | 2022-04-12 | rtl_433 21.12 was discovered to contain a stack overflow in the function acurite_00275rm_decode at /devices/acurite.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file. |
| CVE-2022-1330 | 2022-04-12 | stored xss due to unsantized anchor url in alvarotrigo/fullpage.js |
| CVE-2021-44520 | 2022-04-12 | In Citrix XenMobile Server through 10.12 RP9, there is an Authenticated Command Injection vulnerability, leading to remote code execution with root privileges. |
| CVE-2022-26151 | 2022-04-12 | Citrix XenMobile Server 10.12 through RP11, 10.13 through RP7, and 10.14 through RP4 allows Command Injection. |
| CVE-2022-26589 | 2022-04-12 | A Cross-Site Request Forgery (CSRF) in Pluck CMS v4.7.15 allows attackers to delete arbitrary pages. |
| CVE-2022-25795 | 2022-04-13 | A Memory Corruption Vulnerability in Autodesk TrueView 2022 and 2021 may lead to remote code execution through maliciously crafted DWG files. |
| CVE-2022-25797 | 2022-04-13 | A maliciously crafted PDF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to dereference for a write beyond the allocated buffer while parsing PDF files. The vulnerability... |
| CVE-2015-20107 | 2022-04-13 | In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell... |
| CVE-2022-22956 | 2022-04-13 | VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due... |
| CVE-2022-22957 | 2022-04-13 | VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data... |
| CVE-2022-22960 | 2022-04-13 | VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. A malicious actor with local access can escalate privileges... |
| CVE-2022-22279 | 2022-04-13 | A post-authentication arbitrary file read vulnerability impacting end-of-life Secure Remote Access (SRA) products and older firmware versions of Secure Mobile Access (SMA) 100 series products, specifically the SRA appliances running... |
| CVE-2022-29156 | 2022-04-13 | drivers/infiniband/ulp/rtrs/rtrs-clt.c in the Linux kernel before 5.16.12 has a double free related to rtrs_clt_dev_release. |
| CVE-2022-1339 | 2022-04-13 | SQL injection in ElementController.php in pimcore/pimcore |
| CVE-2022-27475 | 2022-04-13 | Cross site scripting (XSS) vulnerability in tramyardg hotel-mgmt-system, allows attackers to execute arbitrary code when when /admin.php is loaded. |
| CVE-2020-29653 | 2022-04-13 | Froxlor through 0.10.22 does not perform validation on user input passed in the customermail GET parameter. The value of this parameter is reflected in the login webpage, allowing the injection... |
| CVE-2022-24308 | 2022-04-13 | Automox Agent prior to version 37 on Windows and Linux and Version 36 on OSX could allow for a non privileged user to obtain sensitive information during the install process. |
| CVE-2021-43742 | 2022-04-13 | CMSimple 5.4 is vulnerable to Cross Site Scripting (XSS) via the file upload feature. |
| CVE-2021-43741 | 2022-04-13 | CMSimple 5.4 is vulnerable to Directory Traversal. The vulnerability exists when a user changes the file name to malicious file on config.php leading to remote code execution. |
| CVE-2022-26643 | 2022-04-13 | An issue in EasyIO CPT Graphics v0.8 allows attackers to discover valid users in the application. |
| CVE-2022-27256 | 2022-04-13 | A PHP Local File inclusion vulnerability in the Redbasic theme for Hubzilla before version 7.2 allows remote attackers to include arbitrary php files via the schema parameter. |
| CVE-2022-26144 | 2022-04-13 | An XSS issue was discovered in MantisBT before 2.25.3. Improper escaping of a Plugin name allows execution of arbitrary code (if CSP allows it) in manage_plugin_page.php and manage_plugin_uninstall.php when a... |
| CVE-2022-28052 | 2022-04-13 | Directory Traversal vulnerability in file cn/roothub/store/FileSystemStorageService in function store in Roothub 2.6.0 allows remote attackers with low privlege to arbitrarily upload files via /common/upload API, which could lead to remote... |
| CVE-2021-46167 | 2022-04-13 | An access control issue in the authentication module of wizplat PD065 v1.19 allows attackers to access sensitive data and cause a Denial of Service (DoS). |
| CVE-2021-42136 | 2022-04-13 | A stored Cross-Site Scripting (XSS) vulnerability in the Missing Data Codes functionality of REDCap before 11.4.0 allows remote attackers to execute JavaScript code in the client's browser by storing said... |
| CVE-2022-1280 | 2022-04-13 | A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial... |
| CVE-2022-27847 | 2022-04-13 | WordPress Yoo Slider plugin <= 2.0.0 - Cross-Site Request Forgery (CSRF) vulnerability leading to Template Import |
| CVE-2022-27846 | 2022-04-13 | WordPress Yoo Slider plugin <= 2.0.0 - Cross-Site Request Forgery (CSRF) vulnerability leading to Slider Creation / Modification |
| CVE-2022-22959 | 2022-04-13 | VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability. A malicious actor can trick a user through a cross site request forgery to... |
| CVE-2022-27503 | 2022-04-13 | Cross-site Scripting (XSS) vulnerability in Citrix StoreFront affects version 1912 before CU5 and version 3.12 before CU9 |
| CVE-2022-22961 | 2022-04-13 | VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information. A malicious actor with remote access may leak the hostname of... |
| CVE-2022-22955 | 2022-04-13 | VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due... |
| CVE-2022-22958 | 2022-04-13 | VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data... |
| CVE-2022-1337 | 2022-04-13 | OOM DoS in Mattermost image proxy |
| CVE-2022-1333 | 2022-04-13 | A specifically drafted Playbook could trigger large amount of webhook requests leading to Denial of Service |
| CVE-2022-1332 | 2022-04-13 | Restricted custom admin role can bypass the restrictions and view the server logs and server config.json file contents |
| CVE-2022-27506 | 2022-04-13 | Hard-coded credentials allow administrators to access the shell via the SD-WAN CLI |
| CVE-2022-27505 | 2022-04-13 | Reflected cross site scripting (XSS) |
| CVE-2022-27523 | 2022-04-13 | A buffer over-read can be exploited in Autodesk TrueView 2022 may lead to an exposure of sensitive information or a crash through using a maliciously crafted DWG file as an... |
| CVE-2022-27524 | 2022-04-13 | An out-of-bounds read can be exploited in Autodesk TrueView 2022 may lead to an exposure of sensitive information or a crash through using a maliciously crafted DWG file as an... |
| CVE-2022-1344 | 2022-04-13 | Stored XSS due to no sanitization in the filename in causefx/organizr |
| CVE-2022-1346 | 2022-04-13 | Multiple Stored XSS in causefx/organizr |
| CVE-2022-1345 | 2022-04-13 | Stored XSS viva .svg file upload in causefx/organizr |
| CVE-2022-1347 | 2022-04-13 | Stored XSS in the "Username" & "Email" input fields leads to account takeover of Admin & Co-admin users in causefx/organizr |
| CVE-2021-41119 | 2022-04-13 | DoS vulnerabiliity in wire-server json parser |
| CVE-2022-24788 | 2022-04-13 | Buffer overflow in Vyper |
| CVE-2022-0023 | 2022-04-13 | PAN-OS: Denial-of-Service (DoS) Vulnerability in DNS Proxy |
| CVE-2022-27479 | 2022-04-13 | SQL injection vulnerability in chart data API |
| CVE-2022-24816 | 2022-04-13 | Improper Control of Generation of Code in jai-ext |
| CVE-2022-24818 | 2022-04-13 | Unchecked JNDI lookups in GeoTools |
| CVE-2022-24828 | 2022-04-13 | Missing input validation can lead to command execution in composer |
| CVE-2022-24844 | 2022-04-13 | SQL Injection in github.com/flipped-aurora/gin-vue-admin |
| CVE-2022-24843 | 2022-04-13 | Path Traversal in github.com/flipped-aurora/gin-vue-admin |
| CVE-2022-24845 | 2022-04-13 | Integer bounds error in Vyper |
| CVE-2022-24847 | 2022-04-13 | Improper Input Validation in GeoServer |
| CVE-2021-43154 | 2022-04-13 | Cross Site Scripting (XSS) vulnerability exists in CMS Made Simple 2.2.15 via the Name field in an Add Category action in moduleinterface.php. |
| CVE-2022-1328 | 2022-04-14 | Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before 2.2.3 allows read past end of input line |
| CVE-2022-1350 | 2022-04-14 | GhostPCL gsmchunk.c chunk_free_object memory corruption |
| CVE-2022-1279 | 2022-04-14 | Insecure EBICS messages encryption implementation in ebics-java/ebics-java-client could allow an adjacent attacker to decrypt EBICS payloads |
| CVE-2022-1351 | 2022-04-14 | Stored XSS in Tooltip in pimcore/pimcore |
| CVE-2021-43287 | 2022-04-14 | An issue was discovered in ThoughtWorks GoCD before 21.3.0. The business continuity add-on, which is enabled by default, leaks all secrets known to the GoCD server to unauthenticated attackers. |
| CVE-2022-26507 | 2022-04-14 | A heap-based buffer overflow exists in XML Decompression DecodeTreeBlock in AT&T Labs Xmill 0.7. A crafted input file can lead to remote code execution. This is not the same as... |
| CVE-2021-43633 | 2022-04-14 | Sourcecodester Messaging Web Application 1.0 is vulnerable to stored XSS. If a sender inserts valid scripts into the chat, the script will be executed on the receiver chat. |
| CVE-2021-43290 | 2022-04-14 | An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker who has compromised a GoCD agent can upload a malicious file into a directory of a GoCD server. They... |
| CVE-2021-43289 | 2022-04-14 | An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker who has compromised a GoCD agent can upload a malicious file into an arbitrary directory of a GoCD server,... |
| CVE-2021-43288 | 2022-04-14 | An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker in control of a GoCD Agent can plant malicious JavaScript into a failed Job Report. |
| CVE-2021-43286 | 2022-04-14 | An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker with privileges to create a new pipeline on a GoCD server can abuse a command-line injection in the Git... |
| CVE-2022-27444 | 2022-04-14 | MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_subselect.cc. |
| CVE-2022-27445 | 2022-04-14 | MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc. |
| CVE-2022-27446 | 2022-04-14 | MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.h. |
| CVE-2022-27447 | 2022-04-14 | MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h. |
| CVE-2022-27448 | 2022-04-14 | There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON' at /row/row0mysql.cc. |
| CVE-2022-27449 | 2022-04-14 | MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148. |
| CVE-2022-27451 | 2022-04-14 | MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/field_conv.cc. |
| CVE-2022-27452 | 2022-04-14 | MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc. |
| CVE-2022-27455 | 2022-04-14 | MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c. |
| CVE-2022-27456 | 2022-04-14 | MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc. |
| CVE-2022-27457 | 2022-04-14 | MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c. |
| CVE-2022-1256 | 2022-04-14 | Improper Privilege Management in McAfee Agent for Windows |
| CVE-2022-1258 | 2022-04-14 | SQL injection vulnerability in McAfee Agent's ePO extension |
| CVE-2022-1257 | 2022-04-14 | Improper Verification of Cryptographic Signature by McAfee Agent |
| CVE-2021-45228 | 2022-04-14 | An XSS issue was discovered in COINS Construction Cloud 11.12. Due to insufficient neutralization of user input in the description of a task, it is possible to store malicious JavaScript... |
| CVE-2022-27008 | 2022-04-14 | nginx njs 0.7.2 is vulnerable to Buffer Overflow. Type confused in Array.prototype.concat() when a slow array appended element is fast array. |
| CVE-2022-27007 | 2022-04-14 | nginx njs 0.7.2 is affected suffers from Use-after-free in njs_function_frame_alloc() when it try to invoke from a restored frame saved with njs_function_frame_save(). |
| CVE-2021-45227 | 2022-04-14 | An issue was discovered in COINS Construction Cloud 11.12. Due to an inappropriate use of HTML IFRAME elements, the file upload functionality is vulnerable to a persistent Cross-Site Scripting (XSS)... |
| CVE-2022-25166 | 2022-04-14 | An issue was discovered in Amazon AWS VPN Client 2.0.0. It is possible to include a UNC path in the OpenVPN configuration file when referencing file paths for parameters (such... |
| CVE-2022-25165 | 2022-04-14 | An issue was discovered in Amazon AWS VPN Client 2.0.0. A TOCTOU race condition exists during the validation of VPN configuration files. This allows parameters outside of the AWS VPN... |
| CVE-2022-22181 | 2022-04-14 | Junos OS: J-Web can be compromised through reflected XSS attacks |