CVE List - 2022 / April
Showing 1301 - 1400 of 2039 CVEs for April 2022 (Page 14 of 21)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-26924 | 2022-04-15 | YARP Denial of Service Vulnerability |
| CVE-2022-27421 | 2022-04-15 | Chamilo LMS v1.11.13 lacks validation on the user modification form, allowing attackers to escalate privileges to Platform Admin. |
| CVE-2022-27422 | 2022-04-15 | A reflected cross-site scripting (XSS) vulnerability in Chamilo LMS v1.11.13 allows attackers to execute arbitrary web scripts or HTML via user interaction with a crafted URL. |
| CVE-2022-27423 | 2022-04-15 | Chamilo LMS v1.11.13 was discovered to contain a SQL injection vulnerability via the blog_id parameter at /blog/blog.php. |
| CVE-2022-27425 | 2022-04-15 | Chamilo LMS v1.11.13 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /blog/blog.php. |
| CVE-2022-27426 | 2022-04-15 | A Server-Side Request Forgery (SSRF) in Chamilo LMS v1.11.13 allows attackers to enumerate the internal network and execute arbitrary system commands via a crafted Phar file. |
| CVE-2022-29072 | 2022-04-15 | 7-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area. This is caused by misconfiguration of... |
| CVE-2022-24279 | 2022-04-15 | Prototype Pollution |
| CVE-2022-29281 | 2022-04-15 | Notable before 1.9.0-beta.8 doesn't effectively prevent the opening of executable files when clicking on a link. There is improper validation of the file URI scheme. A hyperlink to an SMB... |
| CVE-2022-1365 | 2022-04-15 | Exposure of Private Personal Information to an Unauthorized Actor in lquixada/cross-fetch |
| CVE-2022-29020 | 2022-04-15 | ForestBlog through 2022-02-16 allows admin/profile/save userAvatar XSS during addition of a user avatar. |
| CVE-2022-29287 | 2022-04-15 | Kentico CMS before 13.0.66 has an Insecure Direct Object Reference vulnerability. It allows an attacker with user management rights (default is Administrator) to export the user options of any user,... |
| CVE-2022-1380 | 2022-04-16 | Stored Cross Site Scripting vulnerability in Item name parameter in snipe/snipe-it |
| CVE-2022-26777 | 2022-04-16 | Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view license details. |
| CVE-2022-26653 | 2022-04-16 | Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view domain details (such as the username and GUID of an administrator). |
| CVE-2022-28966 | 2022-04-16 | Wasm3 0.5.0 has a heap-based buffer overflow in NewCodePage in m3_code.c (called indirectly from Compile_BranchTable in m3_compile.c). |
| CVE-2022-1382 | 2022-04-16 | NULL Pointer Dereference in radareorg/radare2 |
| CVE-2022-1381 | 2022-04-17 | global heap buffer overflow in skip_range in vim/vim |
| CVE-2022-1383 | 2022-04-17 | Heap-based Buffer Overflow in radareorg/radare2 |
| CVE-2021-3652 | 2022-04-18 | A flaw was found in 389-ds-base. If an asterisk is imported as password hashes, either accidentally or maliciously, then instead of being inactive, any password will successfully match during authentication.... |
| CVE-2021-42779 | 2022-04-18 | A heap use after free issue was found in Opensc before version 0.22.0 in sc_file_valid. |
| CVE-2021-42780 | 2022-04-18 | A use after return issue was found in Opensc before version 0.22.0 in insert_pin function that could potentially crash programs using the library. |
| CVE-2021-42781 | 2022-04-18 | Heap buffer overflow issues were found in Opensc before version 0.22.0 in pkcs15-oberthur.c that could potentially crash programs using the library. |
| CVE-2021-42782 | 2022-04-18 | Stack buffer overflow issues were found in Opensc before version 0.22.0 in various places that could potentially crash programs using the library. |
| CVE-2022-24859 | 2022-04-18 | Manipulated inline images can cause Infinite Loop in PyPDF2 |
| CVE-2022-29458 | 2022-04-18 | ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library. |
| CVE-2022-29464 | 2022-04-18 | Certain WSO2 products allow unrestricted file upload with resultant remote code execution. The attacker must use a /fileupload endpoint with a Content-Disposition directory traversal sequence to reach a directory under... |
| CVE-2022-27908 | 2022-04-18 | Zoho ManageEngine OpManager before 125588 (and before 125603) is vulnerable to authenticated SQL Injection in the Inventory Reports module. |
| CVE-2022-28810 | 2022-04-18 | Zoho ManageEngine ADSelfService Plus before build 6122 allows a remote authenticated administrator to execute arbitrary operating OS commands as SYSTEM via the policy custom script feature. Due to the use... |
| CVE-2022-26631 | 2022-04-18 | Automatic Question Paper Generator v1.0 contains a Time-Based Blind SQL injection vulnerability via the id GET parameter. |
| CVE-2022-26665 | 2022-04-18 | An Insecure Direct Object Reference issue exists in the Tyler Odyssey Portal platform before 17.1.20. This may allow an external party to access sensitive case records. |
| CVE-2021-46122 | 2022-04-18 | Tp-Link TL-WR840N (EU) v6.20 Firmware (0.9.1 4.17 v0001.0 Build 201124 Rel.64328n) is vulnerable to Buffer Overflow via the Password reset feature. |
| CVE-2020-13495 | 2022-04-18 | An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles file offsets in binary USD files. A specially crafted malformed file can trigger an arbitrary out-of-bounds memory access that... |
| CVE-2020-13567 | 2022-04-18 | Multiple SQL injection vulnerabilities exist in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability. |
| CVE-2020-13590 | 2022-04-18 | Multiple exploitable SQL injection vulnerabilities exist in the 'entities/fields' page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can... |
| CVE-2020-6099 | 2022-04-18 | An exploitable code execution vulnerability exists in the file format parsing functionality of Graphisoft BIMx Desktop Viewer 2019.2.2328. A specially crafted file can cause a heap buffer overflow resulting in... |
| CVE-2022-27525 | 2022-04-18 | A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could... |
| CVE-2022-27526 | 2022-04-18 | A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the... |
| CVE-2022-27529 | 2022-04-18 | A maliciously crafted PICT, BMP, PSD or TIF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 may be used to write beyond the allocated buffer while parsing PICT, BMP, PSD... |
| CVE-2022-27530 | 2022-04-18 | A maliciously crafted TIF or PICT file in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to write beyond the allocated buffer through Buffer overflow vulnerability. This vulnerability may... |
| CVE-2022-27652 | 2022-04-18 | A flaw was found in cri-o, where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers started incorrectly with non-empty inheritable... |
| CVE-2022-23976 | 2022-04-18 | WordPress Access Demo Importer plugin <= 1.0.7 - Cross-Site Request Forgery (CSRF) vulnerability leading to Data Reset (Posts / Pages / Media) |
| CVE-2022-23975 | 2022-04-18 | WordPress Access Demo Importer plugin <= 1.0.7 - Cross-Site Request Forgery (CSRF) vulnerability leading to Arbitrary Plugin Activation |
| CVE-2021-23285 | 2022-04-18 | Security issues in Eaton Intelligent Power Manager Infrastructure |
| CVE-2021-23284 | 2022-04-18 | Security issues in Eaton Intelligent Power Manager Infrastructure |
| CVE-2021-23286 | 2022-04-18 | Security issues in Eaton Intelligent Power Manager Infrastructure |
| CVE-2022-1341 | 2022-04-18 | An issue was discovered in in bwm-ng v0.6.2. An arbitrary null write exists in get_cmdln_options() function in src/options.c. |
| CVE-2022-27853 | 2022-04-18 | WordPress Contest Gallery plugin <= 13.1.0.9 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability |
| CVE-2021-3624 | 2022-04-18 | There is an integer overflow vulnerability in dcraw. When the victim runs dcraw with a maliciously crafted X3F input image, arbitrary code may be executed in the victim's system. |
| CVE-2021-3503 | 2022-04-18 | A flaw was found in Wildfly where insufficient RBAC restrictions may lead to expose metrics data. The highest threat from this vulnerability is to the confidentiality. |
| CVE-2021-3681 | 2022-04-18 | A flaw was found in Ansible Galaxy Collections. When collections are built manually, any files in the repository directory that are not explicitly excluded via the ``build_ignore`` list in "galaxy.yml"... |
| CVE-2011-1762 | 2022-04-18 | A flaw exists in Wordpress related to the 'wp-admin/press-this.php 'script improperly checking user permissions when publishing posts. This may allow a user with 'Contributor-level' privileges to post as if they... |
| CVE-2021-42778 | 2022-04-18 | A heap double free issue was found in Opensc before version 0.22.0 in sc_pkcs15_free_tokeninfo. |
| CVE-2011-4917 | 2022-04-18 | In the Linux kernel through 3.1 there is an information disclosure issue via /proc/stat. |
| CVE-2022-25226 | 2022-04-18 | ThinVNC version 1.0b1 allows an unauthenticated user to bypass the authentication process via 'http://thin-vnc:8080/cmd?cmd=connect' by obtaining a valid SID without any kind of authentication. It is possible to achieve code... |
| CVE-2020-25163 | 2022-04-18 | OSIsoft PI Vision Cross-site Scripting |
| CVE-2020-25167 | 2022-04-18 | OSIsoft PI Vision Incorrect Authorization |
| CVE-2020-28602 | 2022-04-18 | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could... |
| CVE-2020-28603 | 2022-04-18 | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could... |
| CVE-2020-28604 | 2022-04-18 | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could... |
| CVE-2020-28605 | 2022-04-18 | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could... |
| CVE-2020-28606 | 2022-04-18 | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could... |
| CVE-2020-28607 | 2022-04-18 | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could... |
| CVE-2020-28608 | 2022-04-18 | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could... |
| CVE-2020-28609 | 2022-04-18 | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could... |
| CVE-2020-28610 | 2022-04-18 | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could... |
| CVE-2020-28611 | 2022-04-18 | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could... |
| CVE-2020-28612 | 2022-04-18 | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could... |
| CVE-2020-28613 | 2022-04-18 | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could... |
| CVE-2020-28614 | 2022-04-18 | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could... |
| CVE-2020-28615 | 2022-04-18 | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could... |
| CVE-2020-28616 | 2022-04-18 | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could... |
| CVE-2020-28617 | 2022-04-18 | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could... |
| CVE-2020-28618 | 2022-04-18 | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could... |
| CVE-2020-28619 | 2022-04-18 | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could... |
| CVE-2020-28620 | 2022-04-18 | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could... |
| CVE-2020-28621 | 2022-04-18 | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could... |
| CVE-2020-28622 | 2022-04-18 | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could... |
| CVE-2020-28623 | 2022-04-18 | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could... |
| CVE-2020-28624 | 2022-04-18 | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could... |
| CVE-2020-28625 | 2022-04-18 | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could... |
| CVE-2020-28626 | 2022-04-18 | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could... |
| CVE-2020-28627 | 2022-04-18 | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could... |
| CVE-2020-28628 | 2022-04-18 | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could... |
| CVE-2020-28629 | 2022-04-18 | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could... |
| CVE-2020-28630 | 2022-04-18 | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could... |
| CVE-2020-28631 | 2022-04-18 | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could... |
| CVE-2020-28632 | 2022-04-18 | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could... |
| CVE-2020-28633 | 2022-04-18 | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could... |
| CVE-2020-28634 | 2022-04-18 | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could... |
| CVE-2020-28635 | 2022-04-18 | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could... |
| CVE-2020-35629 | 2022-04-18 | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could... |
| CVE-2020-35630 | 2022-04-18 | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could... |
| CVE-2020-35631 | 2022-04-18 | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could... |
| CVE-2020-35632 | 2022-04-18 | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could... |
| CVE-2021-25120 | 2022-04-18 | Easy Social Feed < 6.2.7 - Reflected Cross-Site Scripting |
| CVE-2022-0661 | 2022-04-18 | Ad Injection <= 1.2.0.19 - Admin+ Stored Cross-Site Scripting & RCE |
| CVE-2022-0706 | 2022-04-18 | Easy Digital Downloads < 2.11.6 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-0707 | 2022-04-18 | Easy Digital Downloads < 2.11.6 - Arbitrary Payment Note Insertion via CSRF |
| CVE-2022-0737 | 2022-04-18 | Text Hover < 4.2 - Admin+ Stored Cross-Site Scripting |