CVE List - 2022 / April
Showing 1001 - 1100 of 2039 CVEs for April 2022 (Page 11 of 21)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-22182 | 2022-04-14 | Junos OS: A XSS vulnerability allows an attacker to execute commands on a target J-Web session |
| CVE-2022-22183 | 2022-04-14 | Junos OS Evolved: A remote attacker may cause a CPU Denial of Service by sending genuine traffic to a device on a specific IPv4 port. |
| CVE-2022-22185 | 2022-04-14 | Junos OS: SRX Series: Denial of service vulnerability in flowd daemon upon receipt of a specific fragmented packet |
| CVE-2022-22186 | 2022-04-14 | Junos OS: EX4650 Series: Certain traffic received by the Junos OS device on the management interface may be forwarded to egress interfaces instead of discarded |
| CVE-2022-22187 | 2022-04-14 | JIMS: Local Privilege Escalation vulnerability via repair functionality |
| CVE-2022-22188 | 2022-04-14 | Junos OS: QFX5100/QFX5110/QFX5120/QFX5200/QFX5210/EX4600/EX4650 Series: When storm control profiling is enabled and a device is under an active storm, a Heap-based Buffer Overflow in the PFE will cause a device to hang. |
| CVE-2022-22189 | 2022-04-14 | Contrail Service Orchestration: An authenticated local user may have their permissions elevated via the device via management interface without authentication |
| CVE-2022-22190 | 2022-04-14 | Paragon Active Assurance Control Center: Information disclosure vulnerability in crafted URL |
| CVE-2022-22191 | 2022-04-14 | Junos OS: EX4300: PFE Denial of Service (DoS) upon receipt of a flood of specific ARP traffic |
| CVE-2022-22193 | 2022-04-14 | Junos OS and Junos OS Evolved: In a BGP rib-sharding scenario when a certain CLI command is executed the rpd process might crash |
| CVE-2022-22194 | 2022-04-14 | Junos OS Evolved: PTX series: An attacker sending a crafted GRE packet will cause the PFE to restart |
| CVE-2022-22195 | 2022-04-14 | Junos OS Evolved: Specific packets reaching the RE lead to a counter overflow and eventually a crash |
| CVE-2022-22196 | 2022-04-14 | Junos OS and Junos OS Evolved: The rpd CPU spikes to 100% after a malformed ISIS TLV has been received |
| CVE-2022-22197 | 2022-04-14 | Junos OS and Junos OS Evolved: An rpd core will be observed with proxy BGP route-target filtering enabled and certain route add and delete event happening |
| CVE-2022-22198 | 2022-04-14 | Junos OS: MX MS-MPC or MS-MIC, or SRX SPC crashes if it receives a SIP message with a specific contact header format |
| CVE-2022-27814 | 2022-04-14 | SWHKD 1.1.5 allows arbitrary file-existence tests via the -c option. |
| CVE-2022-27817 | 2022-04-14 | SWHKD 1.1.5 consumes the keyboard events of unintended users. This could potentially cause an information leak, but is usually a denial of functionality. |
| CVE-2022-22391 | 2022-04-14 | IBM Aspera High-Speed Transfer 4.3.1 and earlier could allow an authenticated user to obtain information from non sensitive operating system files that they should not have access to. IBM X-Force... |
| CVE-2021-43257 | 2022-04-14 | Lack of Neutralization of Formula Elements in the CSV API of MantisBT before 2.25.3 allows an unprivileged attacker to execute code or gain access to information when a user opens... |
| CVE-2021-21914 | 2022-04-14 | A heap-based buffer overflow vulnerability exists in the DecoderStream::Append functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to code execution. An attacker can provide a malicious file to... |
| CVE-2021-21938 | 2022-04-14 | A heap-based buffer overflow vulnerability exists in the Palette box parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to code execution. An attacker can provide a malicious... |
| CVE-2021-21939 | 2022-04-14 | A heap-based buffer overflow vulnerability exists in the XWD parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to code execution. An attacker can provide a malicious file... |
| CVE-2021-21942 | 2022-04-14 | An out-of-bounds write vulnerability exists in the TIFF YCbCr image parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to remote code execution. An attacker can provide a... |
| CVE-2021-21943 | 2022-04-14 | A heap-based buffer overflow vulnerability exists in the XWD parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to code execution. An attacker can provide a malicious file... |
| CVE-2021-21944 | 2022-04-14 | Two heap-based buffer overflow vulnerabilities exist in the TIFF parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a... |
| CVE-2021-21945 | 2022-04-14 | Two heap-based buffer overflow vulnerabilities exist in the TIFF parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a... |
| CVE-2021-21946 | 2022-04-14 | Two heap-based buffer overflow vulnerabilities exists in the JPEG-JFIF lossless Huffman image parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to a heap buffer overflow. An attacker... |
| CVE-2021-21947 | 2022-04-14 | Two heap-based buffer overflow vulnerabilities exists in the JPEG-JFIF lossless Huffman image parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to a heap buffer overflow. An attacker... |
| CVE-2021-21948 | 2022-04-14 | A heap-based buffer overflow vulnerability exists in the readDatHeadVec functionality of AnyCubic Chitubox AnyCubic Plugin 1.0.0. A specially-crafted GF file can lead to a heap buffer overflow. An attacker can... |
| CVE-2021-21949 | 2022-04-14 | An improper array index validation vulnerability exists in the JPEG-JFIF Scan header parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to an out-of-bounds write and potential code... |
| CVE-2021-21956 | 2022-04-14 | A php unserialize vulnerability exists in the Ai-Bolit functionality of CloudLinux Inc Imunify360 5.10.2. A specially-crafted malformed file can lead to potential arbitrary command execution. An attacker can provide a... |
| CVE-2021-21967 | 2022-04-14 | An out-of-bounds write vulnerability exists in the OTA update task functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted MQTT payload can lead to denial of service. An attacker... |
| CVE-2021-40390 | 2022-04-14 | An authentication bypass vulnerability exists in the Web Application functionality of Moxa MXView Series 3.2.4. A specially-crafted HTTP request can lead to unauthorized access. An attacker can send an HTTP... |
| CVE-2021-40392 | 2022-04-14 | An information disclosure vulnerability exists in the Web Application functionality of Moxa MXView Series 3.2.4. Network sniffing can lead to a disclosure of sensitive information. An attacker can sniff network... |
| CVE-2021-40398 | 2022-04-14 | An out-of-bounds write vulnerability exists in the parse_raster_data functionality of Accusoft ImageGear 19.10. A specially-crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to... |
| CVE-2021-40400 | 2022-04-14 | An out-of-bounds read vulnerability exists in the RS-274X aperture macro outline primitive functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit d7f42a9a). A specially-crafted... |
| CVE-2021-40402 | 2022-04-14 | An out-of-bounds read vulnerability exists in the RS-274X aperture macro multiple outline primitives functionality of Gerbv 2.7.0 and dev (commit b5f1eacd), and Gerbv forked 2.7.1 and 2.8.0. A specially-crafted Gerber... |
| CVE-2021-40405 | 2022-04-14 | A denial of service vulnerability exists in the cgiserver.cgi Upgrade API functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an... |
| CVE-2021-40422 | 2022-04-14 | An authentication bypass vulnerability exists in the device password generation functionality of Swift Sensors Gateway SG3-1010. A specially-crafted network request can lead to remote code execution. An attacker can send... |
| CVE-2021-40424 | 2022-04-14 | An out-of-bounds read vulnerability exists in the IOCTL GetProcessCommand and B_03 of Webroot Secure Anywhere 21.4. A specially-crafted executable can lead to denial of service. An attacker can issue an... |
| CVE-2021-40425 | 2022-04-14 | An out-of-bounds read vulnerability exists in the IOCTL GetProcessCommand and B_03 of Webroot Secure Anywhere 21.4. A specially-crafted executable can lead to denial of service. An attacker can issue an... |
| CVE-2021-40426 | 2022-04-14 | A heap-based buffer overflow vulnerability exists in the sphere.c start_read() functionality of Sound Exchange libsox 14.4.2 and master commit 42b3557e. A specially-crafted file can lead to a heap buffer overflow.... |
| CVE-2021-44354 | 2022-04-14 | Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send... |
| CVE-2021-44355 | 2022-04-14 | Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send... |
| CVE-2021-44356 | 2022-04-14 | Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send... |
| CVE-2021-44357 | 2022-04-14 | Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send... |
| CVE-2021-44366 | 2022-04-14 | Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send... |
| CVE-2021-44375 | 2022-04-14 | Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send... |
| CVE-2021-44394 | 2022-04-14 | Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send... |
| CVE-2022-21145 | 2022-04-14 | A stored cross-site scripting vulnerability exists in the WebUserActions.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an... |
| CVE-2022-21154 | 2022-04-14 | An integer overflow vulnerability exists in the fltSaveCMP functionality of Leadtools 22. A specially-crafted BMP file can lead to an integer overflow, that in turn causes a buffer overflow. An... |
| CVE-2022-21210 | 2022-04-14 | An SQL injection vulnerability exists in the AssetActions.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially-crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to... |
| CVE-2022-21234 | 2022-04-14 | An SQL injection vulnerability exists in the EchoAssets.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially-crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to... |
| CVE-2022-22149 | 2022-04-14 | A SQL injection vulnerability exists in the HelpdeskEmailActions.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially-crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to... |
| CVE-2022-28711 | 2022-04-14 | A memory corruption vulnerability exists in the cgi.c unescape functionality of ArduPilot APWeb master branch 50b6b7ac - master branch 46177cb9. A specially-crafted HTTP request can lead to memory corruption. An... |
| CVE-2022-1304 | 2022-04-14 | An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem. |
| CVE-2022-27848 | 2022-04-14 | WordPress Modern Events Calendar Lite plugin <= 6.5.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-22966 | 2022-04-14 | An authenticated, high privileged malicious actor with network access to the VMware Cloud Director tenant or provider may be able to exploit a remote code execution vulnerability to gain access... |
| CVE-2022-22968 | 2022-04-14 | In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not... |
| CVE-2021-28505 | 2022-04-14 | On affected Arista EOS platforms, if a VXLAN match rule exists in an IPv4 access-list that is applied to the ingress of an L2 or an L3 port/SVI, the VXLAN rule and subsequent ACL rules in that access list will ignore the specified IP protocol. |
| CVE-2020-25150 | 2022-04-14 | B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus |
| CVE-2020-16238 | 2022-04-14 | B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus |
| CVE-2020-25156 | 2022-04-14 | B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus |
| CVE-2020-25152 | 2022-04-14 | B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus |
| CVE-2020-25160 | 2022-04-14 | B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus |
| CVE-2020-25158 | 2022-04-14 | B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus |
| CVE-2020-25162 | 2022-04-14 | B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus |
| CVE-2020-25154 | 2022-04-14 | B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus |
| CVE-2020-25166 | 2022-04-14 | B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus |
| CVE-2020-25164 | 2022-04-14 | B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus |
| CVE-2020-25168 | 2022-04-14 | B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus |
| CVE-2022-24824 | 2022-04-14 | Anonymous user cache poisoning in discourse |
| CVE-2022-24846 | 2022-04-14 | Unchecked JNDI lookups in GeoWebCache |
| CVE-2022-24850 | 2022-04-14 | Category group permissions leaked in Discourse |
| CVE-2022-24849 | 2022-04-14 | Contact to DisCatSharp-owned server using authenticated client |
| CVE-2022-24855 | 2022-04-14 | XSS vulnerability in Metabase |
| CVE-2022-24854 | 2022-04-14 | Database bypassing any permissions in Metabase via SQlite attach |
| CVE-2022-24853 | 2022-04-14 | File system exposure in Metabase |
| CVE-2022-26498 | 2022-04-15 | An issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it is possible to download files that are not certificates. These files could be much larger than what one... |
| CVE-2022-26499 | 2022-04-15 | An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it's possible to send arbitrary requests (such as GET) to interfaces such as localhost by using the Identity... |
| CVE-2022-26651 | 2022-04-15 | An issue was discovered in Asterisk through 19.x and Certified Asterisk through 16.8-cert13. The func_odbc module provides possibly inadequate escaping functionality for backslash characters in SQL queries, resulting in user-provided... |
| CVE-2022-28041 | 2022-04-15 | stb_image.h v2.27 was discovered to contain an integer overflow via the function stbi__jpeg_decode_block_prog_dc. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors. |
| CVE-2022-28042 | 2022-04-15 | stb_image.h v2.27 was discovered to contain an heap-based use-after-free via the function stbi__jpeg_huff_decode. |
| CVE-2022-26034 | 2022-04-15 | Improper authentication vulnerability in the communication protocol provided by AD (Automation Design) server of CENTUM VP R6.01.10 to R6.09.00, CENTUM VP Small R6.01.10 to R6.09.00, CENTUM VP Basic R6.01.10 to... |
| CVE-2022-27188 | 2022-04-15 | OS command injection vulnerability exists in CENTUM VP R4.01.00 to R4.03.00, CENTUM VP Small R4.01.00 to R4.03.00, CENTUM VP Basic R4.01.00 to R4.03.00, and B/M9000 VP R6.01.01 to R6.03.02, which... |
| CVE-2021-40386 | 2022-04-15 | Kaseya Unitrends Client/Agent through 10.5,5 allows remote attackers to execute arbitrary code. |
| CVE-2022-28345 | 2022-04-15 | The Signal app before 5.34 for iOS allows URI spoofing via RTLO injection. It incorrectly renders RTLO encoded URLs beginning with a non-breaking space, when there is a hash character... |
| CVE-2022-28870 | 2022-04-15 | Address Bar Spoofing Vulnerability in F-Secure SAFE Browser for Android |
| CVE-2022-28868 | 2022-04-15 | Address Bar Spoofing Vulnerability in F-Secure SAFE Browser for Android |
| CVE-2022-28869 | 2022-04-15 | Address Bar Spoofing Vulnerability in F-Secure SAFE Browser for Android |
| CVE-2022-27474 | 2022-04-15 | SuiteCRM v7.11.23 was discovered to allow remote code execution via a crafted payload injected into the FirstName text field. |
| CVE-2022-28044 | 2022-04-15 | Irzip v0.640 was discovered to contain a heap memory corruption via the component lrzip.c:initialise_control. |
| CVE-2022-28048 | 2022-04-15 | STB v2.27 was discovered to contain an integer shift of invalid size in the component stbi__jpeg_decode_block_prog_ac. |
| CVE-2022-28049 | 2022-04-15 | NGINX NJS 0.7.2 was discovered to contain a NULL pointer dereference via the component njs_vmcode_array at /src/njs_vmcode.c. |
| CVE-2022-27043 | 2022-04-15 | Yearning versions 2.3.1 and 2.3.2 Interstellar GA and 2.3.4 - 2.3.6 Neptune is vulnerable to Directory Traversal. |
| CVE-2022-20719 | 2022-04-15 | Cisco IOx Application Hosting Environment Vulnerabilities |
| CVE-2022-20718 | 2022-04-15 | Cisco IOx Application Hosting Environment Vulnerabilities |
| CVE-2022-20717 | 2022-04-15 | Cisco SD-WAN vEdge Routers Denial of Service Vulnerability |
| CVE-2022-20716 | 2022-04-15 | Cisco SD-WAN Solution Improper Access Control Vulnerability |
| CVE-2022-20714 | 2022-04-15 | Cisco IOS XR Software for ASR 9000 Series Routers Lightspeed-Plus Line Cards Denial of Service Vulnerability |