CVE List - 2022 / April
Showing 701 - 800 of 2039 CVEs for April 2022 (Page 8 of 21)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-20065 | 2022-04-11 | In ccci, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction... |
| CVE-2022-20066 | 2022-04-11 | In atf (hwfde), there is a possible leak of sensitive information due to incorrect error handling. This could lead to local information disclosure with System execution privileges needed. User interaction... |
| CVE-2022-20067 | 2022-04-11 | In mdp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2022-20052 | 2022-04-11 | In mdp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is... |
| CVE-2022-20068 | 2022-04-11 | In mobile_log_d, there is a possible symbolic link following due to an improper link resolution. This could lead to local escalation of privilege with System execution privileges needed. User interaction... |
| CVE-2022-20069 | 2022-04-11 | In preloader (usb), there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege, for an attacker who has physical... |
| CVE-2022-20070 | 2022-04-11 | In ssmr, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2022-20071 | 2022-04-11 | In ccu, there is a possible escalation of privilege due to a missing certificate validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction... |
| CVE-2022-20072 | 2022-04-11 | In search engine service, there is a possible way to change the default search engine due to an incorrect comparison. This could lead to local escalation of privilege with System... |
| CVE-2022-20073 | 2022-04-11 | In preloader (usb), there is a possible out of bounds write due to a integer underflow. This could lead to local escalation of privilege, for an attacker who has physical... |
| CVE-2022-20074 | 2022-04-11 | In preloader (partition), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an attacker who has... |
| CVE-2022-20075 | 2022-04-11 | In ged, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction... |
| CVE-2022-20076 | 2022-04-11 | In ged, there is a possible memory corruption due to an incorrect error handling. This could lead to local information disclosure with System execution privileges needed. User interaction is not... |
| CVE-2022-20077 | 2022-04-11 | In vow, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no... |
| CVE-2022-20078 | 2022-04-11 | In vow, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no... |
| CVE-2022-20079 | 2022-04-11 | In vow, there is a possible read of uninitialized data due to a improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction... |
| CVE-2022-20080 | 2022-04-11 | In SUB2AF, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no... |
| CVE-2022-22571 | 2022-04-11 | An authenticated high privileged user can perform a stored XSS attack due to incorrect output encoding in Incapptic connect and affects all current versions. |
| CVE-2022-1262 | 2022-04-11 | A command injection vulnerability in the protest binary allows an attacker with access to the remote command line interface to execute arbitrary commands as root. |
| CVE-2022-22572 | 2022-04-11 | A non-admin user with user management permission can escalate his privilege to admin user via password reset functionality. The vulnerability affects Incapptic Connect version < 1.40.1. |
| CVE-2022-1161 | 2022-04-11 | ICSA-22-090-05 Rockwell Automation Logix Controllers |
| CVE-2022-1067 | 2022-04-11 | ICSMA-22-095-01 LifePoint Informatics Patient Portal |
| CVE-2022-27844 | 2022-04-11 | WordPress WPvivid plugin <= 0.9.70 - Arbitrary File Read vulnerability |
| CVE-2022-27845 | 2022-04-11 | WordPress Plausible Analytics plugin <= 1.2.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-22257 | 2022-04-11 | The customization framework has a vulnerability of improper permission control.Successful exploitation of this vulnerability may affect data integrity. |
| CVE-2022-22258 | 2022-04-11 | The Wi-Fi module has an event notification vulnerability.Successful exploitation of this vulnerability may allow third-party applications to intercept event notifications and add information and result in elevation-of-privilege. |
| CVE-2022-22256 | 2022-04-11 | The DFX module has an access control vulnerability.Successful exploitation of this vulnerability may affect data confidentiality. |
| CVE-2022-22255 | 2022-04-11 | The application framework has a common DoS vulnerability.Successful exploitation of this vulnerability may affect the availability. |
| CVE-2022-22254 | 2022-04-11 | A permission bypass vulnerability exists when the NFC CAs access the TEE.Successful exploitation of this vulnerability may affect data confidentiality. |
| CVE-2021-46742 | 2022-04-11 | The multi-window module has a vulnerability of unauthorized insertion and tampering of Settings.Secure data.Successful exploitation of this vulnerability may affect the availability. |
| CVE-2022-22253 | 2022-04-11 | The DFX module has a vulnerability of improper validation of integrity check values.Successful exploitation of this vulnerability may affect system stability. |
| CVE-2021-46740 | 2022-04-11 | The device authentication service module has a defect vulnerability introduced in the design process.Successful exploitation of this vulnerability may affect data confidentiality. |
| CVE-2021-40065 | 2022-04-11 | The communication module has a service logic error vulnerability.Successful exploitation of this vulnerability may affect data confidentiality. |
| CVE-2022-1193 | 2022-04-11 | Improper access control in GitLab CE/EE versions 10.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows a malicious actor to obtain details of the latest... |
| CVE-2022-1157 | 2022-04-11 | Missing sanitization of logged exception messages in all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 of GitLab CE/EE causes potential sensitive values in invalid... |
| CVE-2022-22962 | 2022-04-11 | VMware Horizon Agent for Linux (prior to 22.x) contains a local privilege escalation as a user is able to change the default shared folder location due to a vulnerable symbolic... |
| CVE-2022-22964 | 2022-04-11 | VMware Horizon Agent for Linux (prior to 22.x) contains a local privilege escalation that allows a user to escalate to root due to a vulnerable configuration file. |
| CVE-2022-0835 | 2022-04-11 | AVEVA System Platform Cleartext Storage of Sensitive Information in Memory |
| CVE-2022-0999 | 2022-04-11 | mySCADA myPRO Command Injection |
| CVE-2021-4047 | 2022-04-11 | The release of OpenShift 4.9.6 included four CVE fixes for the haproxy package, however the patch for CVE-2021-39242 was missing. This issue only affects Red Hat OpenShift 4.9. |
| CVE-2022-0552 | 2022-04-11 | A flaw was found in the original fix for the netty-codec-http CVE-2021-21409, where the OpenShift Logging openshift-logging/elasticsearch6-rhel8 container was incomplete. The vulnerable netty-codec-http maven package was not removed from the... |
| CVE-2022-25615 | 2022-04-11 | WordPress eRoom plugin <= 1.3.8 - Cross-Site Request Forgery (CSRF) vulnerability leading to Cache Deletion |
| CVE-2022-25614 | 2022-04-11 | WordPress eRoom plugin <= 1.3.7 - Cross-Site Request Forgery (CSRF) leading to Sync with Zoom Meetings vulnerability |
| CVE-2022-24829 | 2022-04-11 | Missing authentication in Garden |
| CVE-2022-1316 | 2022-04-11 | Incorrect Permission Assignment for Critical Resource in zerotier/zerotierone |
| CVE-2022-24827 | 2022-04-11 | SQL Injection in elide-datastore-aggregation |
| CVE-2022-24832 | 2022-04-11 | Bundled ldap-authentication-plugin fails to neutralise LDAP special elements in usernames |
| CVE-2022-24837 | 2022-04-11 | Enumerable upload file names in hedgedoc |
| CVE-2022-24833 | 2022-04-11 | Persistent Cross-site Scripting (XSS) vulnerability in PrivateBin |
| CVE-2022-24838 | 2022-04-11 | Command Injection in Appointment Emails for Nextcloud Calendar |
| CVE-2022-24839 | 2022-04-11 | Uncontrolled Resource Consumption in org.cyberneko.html (nokogiri fork) |
| CVE-2022-0436 | 2022-04-12 | Path Traversal in gruntjs/grunt |
| CVE-2022-27140 | 2022-04-12 | An arbitrary file upload vulnerability in the file upload module of express-fileupload 1.3.1 allows attackers to execute arbitrary code via a crafted PHP file. NOTE: the vendor's position is that... |
| CVE-2022-27416 | 2022-04-12 | Tcpreplay v4.4.1 was discovered to contain a double-free via __interceptor_free. |
| CVE-2022-27418 | 2022-04-12 | Tcpreplay v4.4.1 has a heap-based buffer overflow in do_checksum_math at /tcpedit/checksum.c. |
| CVE-2022-29036 | 2022-04-12 | Jenkins Credentials Plugin 1111.v35a_307992395 and earlier, except 1087.1089.v2f1b_9a_b_040e4, 1074.1076.v39c30cecb_0e2, and 2.6.1.1, does not escape the name and description of Credentials parameters on views displaying parameters, resulting in a stored cross-site... |
| CVE-2022-29045 | 2022-04-12 | Jenkins promoted builds Plugin 873.v6149db_d64130 and earlier, except 3.10.1, does not escape the name and description of Promoted Build parameters on views displaying parameters, resulting in a stored cross-site scripting... |
| CVE-2022-29049 | 2022-04-12 | Jenkins promoted builds Plugin 873.v6149db_d64130 and earlier, except 3.10.1, does not validate the names of promotions defined in Job DSL, allowing attackers with Job/Configure permission to create a promotion with... |
| CVE-2022-24765 | 2022-04-12 | Uncontrolled search for the Git directory in Git for Windows |
| CVE-2022-25622 | 2022-04-12 | The PROFINET (PNIO) stack, when integrated with the Interniche IP stack, improperly handles internal resources for TCP segments where the minimum TCP-Header length is less than defined. This could allow... |
| CVE-2022-28346 | 2022-04-12 | An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via... |
| CVE-2022-28347 | 2022-04-12 | A SQL injection issue was discovered in QuerySet.explain() in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary (with dictionary expansion)... |
| CVE-2022-29080 | 2022-04-12 | The npm-dependency-versions package through 0.3.0 for Node.js allows command injection if an attacker is able to call dependencyVersions with a JSON object in which pkgs is a key, and there... |
| CVE-2022-1302 | 2022-04-12 | Malformed Goose Message in LibIEC61850 may result in a denial of service |
| CVE-2021-40368 | 2022-04-12 | A vulnerability has been identified in SIMATIC S7-400 CPU 412-1 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 PN/DP V7 (All versions... |
| CVE-2021-42029 | 2022-04-12 | A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) V15 (All versions), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 5), SIMATIC STEP 7 (TIA... |
| CVE-2022-23448 | 2022-04-12 | A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.3 Update 1), SIMATIC Energy Manager PRO (All versions < V7.3 Update 1). Affected applications improperly assign... |
| CVE-2022-23449 | 2022-04-12 | A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.3 Update 1), SIMATIC Energy Manager PRO (All versions < V7.3 Update 1). A DLL Hijacking vulnerability... |
| CVE-2022-23450 | 2022-04-12 | A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.3 Update 1), SIMATIC Energy Manager PRO (All versions < V7.3 Update 1). The affected system allows... |
| CVE-2022-25650 | 2022-04-12 | A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.27), Mendix Applications using Mendix 8 (All versions < V8.18.14), Mendix Applications using Mendix 9 (All... |
| CVE-2022-25751 | 2022-04-12 | A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE... |
| CVE-2022-25752 | 2022-04-12 | A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE... |
| CVE-2022-25753 | 2022-04-12 | A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE... |
| CVE-2022-25754 | 2022-04-12 | A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE... |
| CVE-2022-25755 | 2022-04-12 | A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE... |
| CVE-2022-25756 | 2022-04-12 | A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE... |
| CVE-2022-26334 | 2022-04-12 | A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE... |
| CVE-2022-26335 | 2022-04-12 | A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE... |
| CVE-2022-26380 | 2022-04-12 | A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE... |
| CVE-2022-27194 | 2022-04-12 | A vulnerability has been identified in SIMATIC PCS neo (Administration Console) (All versions < V3.1 SP1), SINETPLAN (All versions), TIA Portal (V15, V15.1, V16 and V17). The affected system cannot... |
| CVE-2022-27241 | 2022-04-12 | A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.31), Mendix Applications using Mendix 8 (All versions < V8.18.18), Mendix Applications using Mendix 9 (All... |
| CVE-2022-27480 | 2022-04-12 | A vulnerability has been identified in SICAM A8000 CP-8031 (All versions < V4.80), SICAM A8000 CP-8050 (All versions < V4.80). Affected devices do not require an user to be authenticated... |
| CVE-2022-27481 | 2022-04-12 | A vulnerability has been identified in SCALANCE W1788-1 M12 (All versions < V3.0.0), SCALANCE W1788-2 EEC M12 (All versions < V3.0.0), SCALANCE W1788-2 M12 (All versions < V3.0.0), SCALANCE W1788-2IA... |
| CVE-2022-28328 | 2022-04-12 | A vulnerability has been identified in SCALANCE W1788-1 M12 (All versions < V3.0.0), SCALANCE W1788-2 EEC M12 (All versions < V3.0.0), SCALANCE W1788-2 M12 (All versions < V3.0.0), SCALANCE W1788-2IA... |
| CVE-2022-28329 | 2022-04-12 | A vulnerability has been identified in SCALANCE W1788-1 M12 (All versions < V3.0.0), SCALANCE W1788-2 EEC M12 (All versions < V3.0.0), SCALANCE W1788-2 M12 (All versions < V3.0.0), SCALANCE W1788-2IA... |
| CVE-2022-28661 | 2022-04-12 | A vulnerability has been identified in Simcenter Femap (All versions < V2022.1.2). The affected application contains an out of bounds read past the end of an allocated buffer while parsing... |
| CVE-2022-28662 | 2022-04-12 | A vulnerability has been identified in Simcenter Femap (All versions < V2022.1.2). The affected application contains an out of bounds write past the end of an allocated buffer while parsing... |
| CVE-2022-28663 | 2022-04-12 | A vulnerability has been identified in Simcenter Femap (All versions < V2022.1.2). The affected application contains an out of bounds write past the end of an allocated structure while parsing... |
| CVE-2022-24247 | 2022-04-12 | RiteCMS version 3.1.0 and below suffers from an arbitrary file overwrite via path traversal vulnerability in Admin Panel. Exploiting the vulnerability allows an authenticated attacker to overwrite any file in... |
| CVE-2022-0140 | 2022-04-12 | Visual Form Builder < 3.0.6 - Unauthenticated Information Disclosure |
| CVE-2022-0141 | 2022-04-12 | Visual Form Builder < 3.0.8 - Entries Deletion/Restoration via CSRF |
| CVE-2022-0142 | 2022-04-12 | Visual Form Builder < 3.0.6 - CSV Injection |
| CVE-2022-24248 | 2022-04-12 | RiteCMS version 3.1.0 and below suffers from an arbitrary file deletion via path traversal vulnerability in Admin Panel. Exploiting the vulnerability allows an authenticated attacker to delete any file in... |
| CVE-2022-0878 | 2022-04-12 | Novel attack against the Combined Charging System (CCS) in electric vehicles to remotely cause a denial of service |
| CVE-2021-32040 | 2022-04-12 | Large aggregation pipelines with a specific stage can crash mongod under default configuration |
| CVE-2022-27161 | 2022-04-12 | Csz Cms 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Members_viewUsers |
| CVE-2022-27162 | 2022-04-12 | CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Members_editUser |
| CVE-2022-27163 | 2022-04-12 | CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Users_editUser |
| CVE-2022-27164 | 2022-04-12 | CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Users_viewUsers |
| CVE-2022-27165 | 2022-04-12 | CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Plugin_manager_setstatus |