CVE List - 2022 / April
Showing 401 - 500 of 2039 CVEs for April 2022 (Page 5 of 21)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-20781 | 2022-04-06 | Cisco Web Security Appliance Stored Cross-Site Scripting Vulnerability |
| CVE-2022-20774 | 2022-04-06 | Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Cross-Site Request Forgery Vulnerability |
| CVE-2022-20763 | 2022-04-06 | Cisco Webex Meetings Java Deserialization Vulnerability |
| CVE-2022-20741 | 2022-04-06 | Cisco Secure Network Analytics Network Diagrams Application Cross-Site Scripting Vulnerability |
| CVE-2022-20665 | 2022-04-06 | Cisco StarOS Command Injection Vulnerability |
| CVE-2022-20675 | 2022-04-06 | Multiple Cisco Security Products Simple Network Management Protocol Service Denial of Service Vulnerability |
| CVE-2022-20754 | 2022-04-06 | Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities |
| CVE-2022-20755 | 2022-04-06 | Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities |
| CVE-2022-20756 | 2022-04-06 | Cisco Identity Services Engine RADIUS Service Denial of Service Vulnerability |
| CVE-2022-20762 | 2022-04-06 | Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure Privilege Escalation Vulnerability |
| CVE-2022-26591 | 2022-04-06 | FANTEC GmbH MWiD25-DS Firmware v2.000.030 allows unauthenticated attackers to access and download arbitrary files via a crafted GET request. |
| CVE-2022-26605 | 2022-04-06 | eZiosuite v2.0.7 contains an authenticated arbitrary file upload via the Avatar upload functionality. |
| CVE-2022-26607 | 2022-04-06 | A remote code execution (RCE) vulnerability in baigo CMS v3.0-alpha-2 was discovered to allow attackers to execute arbitrary code via uploading a crafted PHP file. |
| CVE-2022-26613 | 2022-04-06 | PHP-CMS v1.0 was discovered to contain a SQL injection vulnerability via the category parameter in categorymenu.php. |
| CVE-2020-22253 | 2022-04-06 | Xiongmai Technology Co devices AHB7008T-MH-V2, AHB7804R-ELS, AHB7804R-MH-V2, AHB7808R-MS-V2, AHB7808R-MS, AHB7808T-MS-V2, AHB7804R-LMS, and HI3518E_50H10L_S39 were all discovered to have port 9530 open which allows unauthenticated attackers to make arbitrary Telnet connections... |
| CVE-2020-27376 | 2022-04-07 | Dr Trust USA iCheck Connect BP Monitor BP Testing 118 version 1.2.1 is vulnerable to Missing Authentication. |
| CVE-2020-27375 | 2022-04-07 | Dr Trust USA iCheck Connect BP Monitor BP Testing 118 version 1.2.1 is vulnerable to Transmitting Write Requests and Chars. |
| CVE-2020-27374 | 2022-04-07 | Dr Trust USA iCheck Connect BP Monitor BP Testing 118 1.2.1 is vulnerable to a Replay Attack to BP Monitoring. |
| CVE-2020-27373 | 2022-04-07 | Dr Trust USA iCheck Connect BP Monitor BP Testing 118 1.2.1 is vulnerable to Plain text command over BLE. |
| CVE-2022-27819 | 2022-04-07 | SWHKD 1.1.5 allows unsafe parsing via the -c option. An information leak might occur but there is a simple denial of service (memory exhaustion) upon an attempt to parse a... |
| CVE-2022-27818 | 2022-04-07 | SWHKD 1.1.5 unsafely uses the /tmp/swhkd.sock pathname. There can be an information leak or denial of service. |
| CVE-2022-23900 | 2022-04-07 | A command injection vulnerability in the API of the Wavlink WL-WN531P3 router, version M31G3.V5030.201204, allows an attacker to achieve unauthorized remote code execution via a malicious POST request through /cgi-bin/adm.cgi. |
| CVE-2021-46416 | 2022-04-07 | Insecure direct object reference in SUNNY TRIPOWER 5.0 Firmware version 3.10.16.R leads to unauthorized user groups accessing due to insecure cookie handling. |
| CVE-2021-46417 | 2022-04-07 | Insecure handling of a download function leads to disclosure of internal files due to path traversal with root privileges in Franklin Fueling Systems Colibri Controller Module 1.8.19.8580. |
| CVE-2021-46418 | 2022-04-07 | An unauthorized file creation vulnerability in Telesquare TLR-2855KS6 via PUT method can allow creation of CGI scripts. |
| CVE-2021-46419 | 2022-04-07 | An unauthorized file deletion vulnerability in Telesquare TLR-2855KS6 via DELETE method can allow deletion of system files and scripts. |
| CVE-2022-25338 | 2022-04-07 | ownCloud owncloud/android before 2.20 has Incorrect Access Control for physically proximate attackers. |
| CVE-2022-27016 | 2022-04-07 | There is a stack overflow vulnerability in the SetStaticRouteCfg() function in the httpd service of Tenda AC9 15.03.2.21_cn. |
| CVE-2022-25339 | 2022-04-07 | ownCloud owncloud/android 2.20 has Incorrect Access Control for local attackers. |
| CVE-2022-26627 | 2022-04-07 | Online Project Time Management System v1.0 was discovered to contain an arbitrary file write vulnerability which allows attackers to execute arbitrary code via a crafted HTML file. |
| CVE-2022-27022 | 2022-04-07 | There is a stack overflow vulnerability in the SetSysTimeCfg() function in the httpd service of Tenda AC9 V15.03.2.21_cn. The attacker can obtain a stable root shell through a constructed payload. |
| CVE-2021-43421 | 2022-04-07 | A File Upload vulnerability exists in Studio-42 elFinder 2.0.4 to 2.1.59 via connector.minimal.php, which allows a remote malicious user to upload arbitrary files and execute PHP code. |
| CVE-2021-43429 | 2022-04-07 | A Denial of Service vulnerability exists in CORTX-S3 Server as of 11/7/2021 via the mempool_destroy method due to a failture to release locks pool->lock. |
| CVE-2021-43430 | 2022-04-07 | An Access Control vulnerability exists in BigAntSoft BigAnt office messenger 5.6 via im_webserver, which could let a malicious user upload PHP Trojan files. |
| CVE-2021-43432 | 2022-04-07 | A Cross Site Scripting (XSS) vulnerability exists in Exrick XMall Admin Panel as of 11/7/2021 via the GET parameter in product-add.jsp. |
| CVE-2022-26612 | 2022-04-07 | Arbitrary file write in FileUtil#unpackEntries on Windows |
| CVE-2022-22513 | 2022-04-07 | Null Pointer Dereference in multiple CODESYS products can lead to a DoS. |
| CVE-2022-22514 | 2022-04-07 | Untrusted Pointer Dereference in multiple CODESYS products can lead to a DoS. |
| CVE-2022-22515 | 2022-04-07 | A component of the CODESYS Control runtime system allows read and write access to configuration files |
| CVE-2022-22516 | 2022-04-07 | CODESYS driver SysDrv3S allows SYSTEM users on Microsoft Windows to read and write in restricted memory space. |
| CVE-2022-22517 | 2022-04-07 | Communication Components in multiple CODESYS products vulnerable to communication channel disruption |
| CVE-2022-22518 | 2022-04-07 | A bug in the CODESYS V3 CmpUserMgr component fails to correctly apply a security policy. |
| CVE-2022-22519 | 2022-04-07 | Special HTTP(s) Requests can cause a buffer-read causing a crash of the webserver and the runtime system. |
| CVE-2022-0677 | 2022-04-07 | Improper Handling of Length Parameter Inconsistency vulnerability in Bitdefender Update Server (VA-10144) |
| CVE-2022-0935 | 2022-04-07 | Host Header injection in password Reset in livehelperchat/livehelperchat |
| CVE-2022-23970 | 2022-04-07 | ASUS RT-AX56U - Path Traversal |
| CVE-2022-23971 | 2022-04-07 | ASUS RT-AX56U - Path Traversal |
| CVE-2022-23972 | 2022-04-07 | ASUS RT-AX56U - SQL Injection |
| CVE-2022-23973 | 2022-04-07 | ASUS RT-AX56U - Stack overflew |
| CVE-2022-25594 | 2022-04-07 | Microprogram parking lot management system - Exposure of Sensitive Information to an Unauthorized Actor |
| CVE-2022-25595 | 2022-04-07 | ASUS RT-AC86U - Improper Input Validation |
| CVE-2022-25596 | 2022-04-07 | ASUS RT-AC86U - Heap-based buffer overflow |
| CVE-2022-25597 | 2022-04-07 | ASUS RT-AC86U - Command Injection |
| CVE-2022-26670 | 2022-04-07 | D-Link DIR-878 - Command Injection |
| CVE-2022-26671 | 2022-04-07 | TAIWAN SECOM CO., LTD., a xDoor Access Control and Personnel Attendance Management system - Hard-coded Credentials |
| CVE-2022-26675 | 2022-04-07 | aEnrich a+HRD - Path Traversal |
| CVE-2022-26676 | 2022-04-07 | aEnrich a+HRD - Broken Access Control |
| CVE-2021-36202 | 2022-04-07 | Metasys UI |
| CVE-2021-43453 | 2022-04-07 | A Heap-based Buffer Overflow vulnerability exists in JerryScript 2.4.0 and prior versions via an out-of-bounds read in parser_parse_for_statement_start in the js-parser-statm.c file. This issue is similar to CVE-2020-29657. |
| CVE-2021-43474 | 2022-04-07 | An Access Control vulnerability exists in D-Link DIR-823G REVA1 1.02B05 (Lastest) via any parameter in the HNAP1 function |
| CVE-2022-24681 | 2022-04-07 | Zoho ManageEngine ADSelfService Plus before 6121 allows XSS via the welcome name attribute to the Reset Password, Unlock Account, or User Must Change Password screen. |
| CVE-2022-27145 | 2022-04-08 | GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a stack-overflow vulnerability in function gf_isom_get_sample_for_movie_time of mp4box. |
| CVE-2022-27147 | 2022-04-08 | GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a use-after-free vulnerability in function gf_node_get_attribute_by_tag. |
| CVE-2022-27152 | 2022-04-08 | Roku devices running RokuOS v9.4.0 build 4200 or earlier that uses a Realtek WiFi chip is vulnerable to Arbitrary file modification. |
| CVE-2022-28805 | 2022-04-08 | singlevar in lparser.c in Lua from (including) 5.4.0 up to (excluding) 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles... |
| CVE-2022-28796 | 2022-04-08 | jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition. |
| CVE-2022-26624 | 2022-04-08 | Bootstrap v3.1.11 and v3.3.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the Title parameter in /vendor/views/add_product.php. |
| CVE-2022-27061 | 2022-04-08 | AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the Post Image function under the Admin panel. This vulnerability allows attackers to execute arbitrary code via a... |
| CVE-2022-27062 | 2022-04-08 | AeroCMS v0.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via add_post.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected... |
| CVE-2022-27063 | 2022-04-08 | AeroCMS v0.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via view_all_comments.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected... |
| CVE-2022-27064 | 2022-04-08 | Musical World v1 was discovered to contain an arbitrary file upload vulnerability via uploaded_songs.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. |
| CVE-2022-27346 | 2022-04-08 | Ecommece-Website v1.1.0 was discovered to contain an arbitrary file upload vulnerability via /admin/index.php?slides. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. |
| CVE-2022-27348 | 2022-04-08 | Social Codia SMS v1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via add_post.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted... |
| CVE-2022-27349 | 2022-04-08 | Social Codia SMS v1 was discovered to contain an arbitrary file upload vulnerability via addteacher.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. |
| CVE-2022-27351 | 2022-04-08 | Zoo Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via /public_html/apply_vacancy. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. |
| CVE-2022-27352 | 2022-04-08 | Simple House Rental System v1 was discovered to contain an arbitrary file upload vulnerability via /app/register.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. |
| CVE-2022-27357 | 2022-04-08 | Ecommerce-Website v1 was discovered to contain an arbitrary file upload vulnerability via /customer_register.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. |
| CVE-2022-27991 | 2022-04-08 | Online Banking System in PHP v1 was discovered to contain multiple SQL injection vulnerabilities at /staff_login.php via the Staff ID and Staff Password parameters. |
| CVE-2022-27992 | 2022-04-08 | Zoo Management System v1.0 was discovered to contain a SQL injection vulnerability at /public_html/animals via the class_id parameter. |
| CVE-2022-28000 | 2022-04-08 | Car Rental System v1.0 was discovered to contain a SQL injection vulnerability at /Car_Rental/booking.php via the id parameter. |
| CVE-2022-28001 | 2022-04-08 | Movie Seat Reservation v1 was discovered to contain a SQL injection vulnerability at /index.php?page=reserve via the id parameter. |
| CVE-2022-28002 | 2022-04-08 | Movie Seat Reservation v1 was discovered to contain an unauthenticated file disclosure vulnerability via /index.php?page=home. |
| CVE-2022-1219 | 2022-04-08 | SQL injection in RecyclebinController.php in pimcore/pimcore |
| CVE-2021-46436 | 2022-04-08 | An issue was discovered in ZZCMS 2021. There is a SQL injection vulnerability in ad_manage.php. |
| CVE-2021-46437 | 2022-04-08 | An issue was discovered in ZZCMS 2021. There is a cross-site scripting (XSS) vulnerability in ad_manage.php. |
| CVE-2022-24229 | 2022-04-08 | A cross-site scripting (XSS) vulnerability in ONLYOFFICE Document Server Example before v7.0.0 allows remote attackers inject arbitrary HTML or JavaScript through /example/editor. |
| CVE-2021-46367 | 2022-04-08 | RiteCMS version 3.1.0 and below suffers from a remote code execution vulnerability in the admin panel. An authenticated attacker can upload a PHP file and bypass the .htacess configuration to... |
| CVE-2022-27046 | 2022-04-08 | libsixel 1.8.6 suffers from a Heap Use After Free vulnerability in in libsixel/src/dither.c:388. |
| CVE-2021-41715 | 2022-04-08 | libsixel 1.10.0 is vulnerable to Use after free in libsixel/src/dither.c:379. |
| CVE-2022-27044 | 2022-04-08 | libsixel 1.8.6 is affected by Buffer Overflow in libsixel/src/quant.c:876. |
| CVE-2021-40656 | 2022-04-08 | libsixel before 1.10 is vulnerable to Buffer Overflow in libsixel/src/quant.c:867. |
| CVE-2021-43483 | 2022-04-08 | An Access Control vulnerability exists in CLARO KAON CG3000 1.00.67 in the router configuration, which could allow a malicious user to read or update the configuraiton without authentication. |
| CVE-2020-4668 | 2022-04-08 | IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.3, and 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized... |
| CVE-2022-22339 | 2022-04-08 | IBM Planning Analytics 2.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or... |
| CVE-2022-27146 | 2022-04-08 | GPAC mp4box 1.1.0-DEV-rev1759-geb2d1e6dd-has a heap-buffer-overflow vulnerability in function gf_isom_apple_enum_tag. |
| CVE-2022-27148 | 2022-04-08 | GPAC mp4box 1.1.0-DEV-rev1663-g881c6a94a-master is vulnerable to Integer Overflow. |
| CVE-2022-27047 | 2022-04-08 | mogu_blog_cms 5.2 suffers from upload arbitrary files without any limitation. |
| CVE-2021-43521 | 2022-04-08 | A Buffer Overflow vulnerability exists in zlog 1.2.15 via zlog_conf_build_with_file in src/zlog/src/conf.c. |
| CVE-2021-43517 | 2022-04-08 | FOSCAM Camera FI9805E with firmware V4.02.R12.00018510.10012.143900.00000 contains a backdoor that opens Telnet port when special command is sent on port 9530. |
| CVE-2021-43515 | 2022-04-08 | CSV Injection (aka Excel Macro Injection or Formula Injection) exists in creating new timesheet in Kimai. By filling the Description field with malicious payload, it will be mistreated while exporting... |