CVE List - 2022 / April
Showing 1501 - 1600 of 2039 CVEs for April 2022 (Page 16 of 21)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-21458 | 2022-04-19 | Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Navigation Pages, Portal, Query). Supported versions that are affected are 8.58 and 8.59. Easily exploitable vulnerability allows unauthenticated attacker... |
| CVE-2022-21459 | 2022-04-19 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network... |
| CVE-2022-21460 | 2022-04-19 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Logging). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows... |
| CVE-2022-21461 | 2022-04-19 | Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the... |
| CVE-2022-21462 | 2022-04-19 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network... |
| CVE-2022-21463 | 2022-04-19 | Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the... |
| CVE-2022-21464 | 2022-04-19 | Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Business Logic Infra SEC). The supported version that is affected is Prior to 9.2.6.3. Easily exploitable vulnerability... |
| CVE-2022-21465 | 2022-04-19 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.34. Easily exploitable vulnerability allows high privileged attacker with... |
| CVE-2022-21466 | 2022-04-19 | Vulnerability in the Oracle Commerce Guided Search product of Oracle Commerce (component: Tools and Frameworks). The supported version that is affected is 11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with... |
| CVE-2022-21467 | 2022-04-19 | Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Attachments). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows low privileged attacker with network... |
| CVE-2022-21468 | 2022-04-19 | Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Popups). Supported versions that are affected are 12.2.4-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via... |
| CVE-2022-21469 | 2022-04-19 | Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: UI Framework). Supported versions that are affected are 13.4.0.0 and 13.5.0.0. Easily exploitable vulnerability allows unauthenticated attacker... |
| CVE-2022-21470 | 2022-04-19 | Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Process Scheduler). Supported versions that are affected are 8.58 and 8.59. Easily exploitable vulnerability allows unauthenticated attacker with network... |
| CVE-2022-21471 | 2022-04-19 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.34. Easily exploitable vulnerability allows low privileged attacker with... |
| CVE-2022-21472 | 2022-04-19 | Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.4, 14.0-14.3 and 14.5. Difficult to exploit vulnerability allows... |
| CVE-2022-21473 | 2022-04-19 | Vulnerability in the Oracle Banking Treasury Management product of Oracle Financial Services Applications (component: Infrastructure). The supported version that is affected is 14.5. Difficult to exploit vulnerability allows low privileged... |
| CVE-2022-21474 | 2022-04-19 | Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure). The supported version that is affected is 14.5. Difficult to exploit vulnerability allows low privileged... |
| CVE-2022-21475 | 2022-04-19 | Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Infrastructure). The supported version that is affected is 14.5. Difficult to exploit vulnerability allows low privileged attacker... |
| CVE-2022-21476 | 2022-04-19 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2,... |
| CVE-2022-21477 | 2022-04-19 | Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Attachments, File Upload). Supported versions that are affected are 12.2.6-12.2.11. Easily exploitable vulnerability allows low privileged attacker with... |
| CVE-2022-21478 | 2022-04-19 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network... |
| CVE-2022-21479 | 2022-04-19 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network... |
| CVE-2022-1019 | 2022-04-19 | Automated Logic WebCtrl Server Open Redirection Vulnerability |
| CVE-2022-21480 | 2022-04-19 | Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain (component: User Interface). Supported versions that are affected are 6.4.3 and 6.5.1. Easily exploitable vulnerability allows unauthenticated attacker with... |
| CVE-2022-21481 | 2022-04-19 | Vulnerability in the PeopleSoft Enterprise FIN Cash Management product of Oracle PeopleSoft (component: Financial Gateway). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker... |
| CVE-2022-21482 | 2022-04-19 | Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with... |
| CVE-2022-21483 | 2022-04-19 | Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.35 and prior, 7.5.25 and prior, 7.6.21 and prior and 8.0.28 and... |
| CVE-2022-21484 | 2022-04-19 | Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.35 and prior, 7.5.25 and prior, 7.6.21 and prior and 8.0.28 and... |
| CVE-2022-21485 | 2022-04-19 | Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.35 and prior, 7.5.25 and prior, 7.6.21 and prior and 8.0.28 and... |
| CVE-2022-21486 | 2022-04-19 | Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.35 and prior, 7.5.25 and prior, 7.6.21 and prior and 8.0.28 and... |
| CVE-2022-21487 | 2022-04-19 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.34. Easily exploitable vulnerability allows low privileged attacker with... |
| CVE-2022-21488 | 2022-04-19 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.34. Easily exploitable vulnerability allows low privileged attacker with... |
| CVE-2022-21489 | 2022-04-19 | Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.35 and prior, 7.5.25 and prior, 7.6.21 and prior and 8.0.28 and... |
| CVE-2022-21490 | 2022-04-19 | Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.35 and prior, 7.5.25 and prior, 7.6.21 and prior and 8.0.28 and... |
| CVE-2022-21491 | 2022-04-19 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.34. Easily exploitable vulnerability allows low privileged attacker with... |
| CVE-2022-21492 | 2022-04-19 | Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Server). The supported version that is affected is 5.9.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker... |
| CVE-2022-21493 | 2022-04-19 | Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the... |
| CVE-2022-21494 | 2022-04-19 | Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. Difficult to exploit vulnerability allows high privileged attacker with logon to... |
| CVE-2022-21496 | 2022-04-19 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2,... |
| CVE-2022-21497 | 2022-04-19 | Vulnerability in the Oracle Web Services Manager product of Oracle Fusion Middleware (component: Web Services Security). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated... |
| CVE-2022-21498 | 2022-04-19 | Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Procedure... |
| CVE-2021-3100 | 2022-04-19 | Log4j hot patch package privilege escalation |
| CVE-2021-3101 | 2022-04-19 | Hotdog Container Escape |
| CVE-2022-0070 | 2022-04-19 | Log4j hot patch package privilege escalation |
| CVE-2022-0071 | 2022-04-19 | Hotdog Container Escape |
| CVE-2022-24858 | 2022-04-19 | Default redirect callback vulnerable to open redirects |
| CVE-2022-24860 | 2022-04-19 | Databasir 1.01 has Use of Hard-coded Cryptographic Key vulnerability. |
| CVE-2022-24826 | 2022-04-19 | Git LFS can execute a binary from the current directory on Windows |
| CVE-2022-24675 | 2022-04-20 | encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data. |
| CVE-2022-27536 | 2022-04-20 | Certificate.Verify in crypto/x509 in Go 1.18.x before 1.18.1 can be caused to panic on macOS when presented with certain malformed certificates. This allows a remote TLS server to cause a... |
| CVE-2022-28327 | 2022-04-20 | The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input. |
| CVE-2022-29528 | 2022-04-20 | An issue was discovered in MISP before 2.4.158. PHAR deserialization can occur. |
| CVE-2022-29529 | 2022-04-20 | An issue was discovered in MISP before 2.4.158. There is stored XSS via the LinOTP login field. |
| CVE-2022-29530 | 2022-04-20 | An issue was discovered in MISP before 2.4.158. There is stored XSS in the galaxy clusters. |
| CVE-2022-29531 | 2022-04-20 | An issue was discovered in MISP before 2.4.158. There is stored XSS in the event graph via a tag name. |
| CVE-2022-29532 | 2022-04-20 | An issue was discovered in MISP before 2.4.158. There is XSS in the cerebrate view if one administrator puts a javascript: URL in the URL field, and another administrator clicks... |
| CVE-2022-29533 | 2022-04-20 | An issue was discovered in MISP before 2.4.158. There is XSS in app/Controller/OrganisationsController.php in a situation with a "weird single checkbox page." |
| CVE-2022-29534 | 2022-04-20 | An issue was discovered in MISP before 2.4.158. In UsersController.php, password confirmation can be bypassed via vectors involving an "Accept: application/json" header. |
| CVE-2022-29537 | 2022-04-20 | gp_rtp_builder_do_hevc in ietf/rtp_pck_mpeg4.c in GPAC 2.0.0 has a heap-based buffer over-read, as demonstrated by MP4Box. |
| CVE-2022-27629 | 2022-04-20 | Cross-site request forgery (CSRF) vulnerability in 'MicroPayments - Paid Author Subscriptions, Content, Downloads, Membership' versions prior to 1.9.6 allows a remote unauthenticated attacker to hijack the authentication of an administrator... |
| CVE-2022-29266 | 2022-04-20 | apisix/jwt-auth may leak secrets in error response |
| CVE-2022-29527 | 2022-04-20 | Amazon AWS amazon-ssm-agent before 3.1.1208.0 creates a world-writable sudoers file, which allows local attackers to inject Sudo rules and escalate privileges to root. This occurs in certain situations involving a... |
| CVE-2022-25342 | 2022-04-20 | An issue was discovered on Olivetti d-COLOR MF3555 2XD_S000.002.271 devices. The Web Application is affected by Broken Access Control. It does not properly validate requests for access to data and... |
| CVE-2022-25343 | 2022-04-20 | An issue was discovered on Olivetti d-COLOR MF3555 2XD_S000.002.271 devices. The Web Application is affected by Denial of Service. An unauthenticated attacker, who can send POST requests to the /download/set.cgi... |
| CVE-2022-25344 | 2022-04-20 | An XSS issue was discovered on Olivetti d-COLOR MF3555 2XD_S000.002.271 devices. The Web Application doesn't properly check parameters, sent in a /dvcset/sysset/set.cgi POST request via the arg01.Hostname field, before saving... |
| CVE-2022-1254 | 2022-04-20 | SWG URL redirection vulnerability |
| CVE-2021-43990 | 2022-04-20 | ICSA-22-109-03 FANUC ROBOGUIDE Simulation Platform |
| CVE-2021-43986 | 2022-04-20 | ICSA-22-109-03 FANUC ROBOGUIDE Simulation Platform |
| CVE-2021-38483 | 2022-04-20 | ICSA-22-109-03 FANUC ROBOGUIDE Simulation Platform |
| CVE-2021-43933 | 2022-04-20 | ICSA-22-109-03 FANUC ROBOGUIDE Simulation Platform |
| CVE-2021-43988 | 2022-04-20 | ICSA-22-109-03 FANUC ROBOGUIDE Simulation Platform |
| CVE-2022-27179 | 2022-04-20 | ICSA-22-104-03 Red Lion DA50N |
| CVE-2022-26516 | 2022-04-20 | ICSA-22-104-03 Red Lion DA50N |
| CVE-2022-1039 | 2022-04-20 | ICSA-22-104-03 Red Lion DA50N |
| CVE-2022-0567 | 2022-04-20 | A flaw was found in ovn-kubernetes. This flaw allows a system administrator or privileged attacker to create an egress network policy that bypasses existing ingress policies of other pods in... |
| CVE-2022-1318 | 2022-04-20 | Hills ComNav Inadequate Encryption Strength |
| CVE-2022-26519 | 2022-04-20 | Interlogix Hills ComNav Improper Restriction of Excessive Authentication Attempts |
| CVE-2022-24799 | 2022-04-20 | Cross Site Scripting in Wire Webapp |
| CVE-2022-24861 | 2022-04-20 | Remote Code Execution in Databasir |
| CVE-2022-24862 | 2022-04-20 | Server-Side Request Forgery in Databasir |
| CVE-2022-24864 | 2022-04-20 | Malicious Javascript injection in OriginProtocol/origin-website |
| CVE-2022-0540 | 2022-04-20 | A vulnerability in Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP request. This affects Atlassian Jira Server and Data Center versions before... |
| CVE-2022-26133 | 2022-04-20 | SharedSecretClusterAuthenticator in Atlassian Bitbucket Data Center versions 5.14.0 and later before 7.6.14, 7.7.0 and later prior to 7.17.6, 7.18.0 and later prior to 7.18.4, 7.19.0 and later prior to 7.19.4,... |
| CVE-2022-24871 | 2022-04-20 | Server-Side Request Forgery (SSRF) in Shopware |
| CVE-2022-24872 | 2022-04-20 | Improper Access Control in shopware |
| CVE-2021-37740 | 2022-04-20 | A denial of service vulnerability exists in MDT's firmware for the KNXnet/IP Secure router SCN-IP100.03 and KNX IP interface SCN-IP000.03 before v3.0.4, that allows a remote attacker to turn the... |
| CVE-2021-43481 | 2022-04-20 | An SQL Injection vulnerability exists in Webtareas 2.4p3 and earlier via the $uq HTTP POST parameter in editapprovalstage.php. |
| CVE-2022-24865 | 2022-04-20 | Improper access control in humhub |
| CVE-2022-29536 | 2022-04-20 | In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow (in ephy_string_shorten in the UI process) via a long page title. The... |
| CVE-2022-27924 | 2022-04-20 | Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 allows an unauthenticated attacker to inject arbitrary memcache commands into a targeted instance. These memcache commands becomes unescaped, causing an overwrite of arbitrary... |
| CVE-2022-27925 | 2022-04-20 | Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. An authenticated user with administrator rights has the ability to... |
| CVE-2022-27926 | 2022-04-20 | A reflected cross-site scripting (XSS) vulnerability in the /public/launchNewWindow.jsp component of Zimbra Collaboration (aka ZCS) 9.0 allows unauthenticated attackers to execute arbitrary web script or HTML via request parameters. |
| CVE-2022-1420 | 2022-04-21 | Use of Out-of-range Pointer Offset in vim/vim |
| CVE-2022-29548 | 2022-04-21 | A reflected XSS issue exists in the Management Console of several WSO2 products. This affects API Manager 2.2.0, 2.5.0, 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; API Manager Analytics 2.2.0, 2.5.0,... |
| CVE-2022-29547 | 2022-04-21 | The CreateRedirect extension before 2022-04-14 for MediaWiki does not properly check whether the user has permissions to edit the target page. This could lead to an unauthorised (or blocked) user... |
| CVE-2016-20014 | 2022-04-21 | In pam_tacplus.c in pam_tacplus before 1.4.1, pam_sm_acct_mgmt does not zero out the arep data structure. |
| CVE-2022-29498 | 2022-04-21 | Blazer before 2.6.0 allows SQL Injection. In certain circumstances, an attacker could get a user to run a query they would not have normally run. |
| CVE-2022-27237 | 2022-04-21 | There is a cross-site scripting (XSS) vulnerability in an NI Web Server component installed with several NI products. Depending on the product(s) in use, remediation guidance includes: install SystemLink version... |
| CVE-2022-24272 | 2022-04-21 | MongoDB Server (mongod) may crash in response to unexpected requests |
| CVE-2022-1022 | 2022-04-21 | Cross-site Scripting (XSS) - Stored in chatwoot/chatwoot |