CVE List - 2022 / April
Showing 801 - 900 of 2039 CVEs for April 2022 (Page 9 of 21)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-28032 | 2022-04-12 | AtomCMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_ajax_pages.php |
| CVE-2022-28033 | 2022-04-12 | Atom.CMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_uploads.php |
| CVE-2022-28034 | 2022-04-12 | AtomCMS 2.0 is vulnerabie to SQL Injection via Atom.CMS_admin_ajax_list-sort.php |
| CVE-2022-28035 | 2022-04-12 | Atom.CMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_ajax_blur-save.php |
| CVE-2022-28036 | 2022-04-12 | AtomCMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_ajax_navigation.php |
| CVE-2022-21803 | 2022-04-12 | Prototype Pollution |
| CVE-2021-31805 | 2022-04-12 | Forced OGNL evaluation, when evaluated on raw not validated user input in tag attributes, may lead to RCE. |
| CVE-2022-27472 | 2022-04-12 | SQL injection vulnerability in Topics Counting feature of Roothub 2.6.0 allows unauthorized attackers to execute arbitrary SQL commands via the "s" parameter remotely. |
| CVE-2022-27473 | 2022-04-12 | SQL injection vulnerability in Topics Searching feature of Roothub 2.6.0 allows unauthorized attackers to execute arbitrary SQL commands via the "s" parameter remotely. |
| CVE-2021-42255 | 2022-04-12 | AppGuard Enterprise before 6.7.100.1 creates a Temporary File in a Directory with Insecure Permissions. Local users can gain SYSTEM privileges because a repair operation relies on the %TEMP% directory of... |
| CVE-2021-36914 | 2022-04-12 | WordPress CalderaWP License Manager plugin <= 1.2.11 - Cross-Site Request Forgery (CSRF) vulnerability leading to Reflected Cross-Site Scripting (XSS) |
| CVE-2022-26107 | 2022-04-12 | When a user opens a manipulated Jupiter Tesselation (.jt, JTReader.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable... |
| CVE-2022-27667 | 2022-04-12 | Under certain conditions, SAP BusinessObjects Business Intelligence platform, Client Management Console (CMC) - version 430, allows an attacker to access information which would otherwise be restricted, leading to Information Disclosure. |
| CVE-2022-26109 | 2022-04-12 | When a user opens a manipulated Portable Document Format (.pdf, PDFView.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily... |
| CVE-2022-26105 | 2022-04-12 | SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the user... |
| CVE-2022-26108 | 2022-04-12 | When a user opens a manipulated Picture Exchange (.pcx, 2d.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable... |
| CVE-2022-26106 | 2022-04-12 | When a user opens a manipulated Computer Graphics Metafile (.cgm, CgmCore.dll) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily... |
| CVE-2022-27655 | 2022-04-12 | When a user opens a manipulated Universal 3D (.u3d, 3difr.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable... |
| CVE-2022-22541 | 2022-04-12 | SAP BusinessObjects Business Intelligence Platform - versions 420, 430, may allow legitimate users to access information they shouldn't see through relational or OLAP connections. The main impact is the disclosure... |
| CVE-2022-27670 | 2022-04-12 | SAP SQL Anywhere - version 17.0, allows an authenticated attacker to prevent legitimate users from accessing a SQL Anywhere database server by crashing the server with some queries that use... |
| CVE-2022-27654 | 2022-04-12 | When a user opens a manipulated Photoshop Document (.psd, 2d.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable... |
| CVE-2022-28213 | 2022-04-12 | When a user access SOAP Web services in SAP BusinessObjects Business Intelligence Platform - version 420, 430, it does not sufficiently validate the XML document accepted from an untrusted source,... |
| CVE-2022-28216 | 2022-04-12 | SAP BusinessObjects Business Intelligence Platform (BI Workspace) - version 420, is susceptible to a Cross-Site Scripting attack by an unauthenticated attacker due to improper sanitization of the user inputs on... |
| CVE-2022-28770 | 2022-04-12 | Due to insufficient input validation, SAPUI5 library(vbm) - versions 750, 753, 754, 755, 75, allows an unauthenticated attacker to inject a script into the URL and execute code. On successful... |
| CVE-2022-27657 | 2022-04-12 | A highly privileged remote attacker, can gain unauthorized access to display contents of restricted directories by exploiting insufficient validation of path information in SAP Focused Run (Simple Diagnostics Agent 1.0)... |
| CVE-2022-28773 | 2022-04-12 | Due to an uncontrolled recursion in SAP Web Dispatcher and SAP Internet Communication Manager, the application may crash, leading to denial of service, but can be restarted automatically. |
| CVE-2022-27669 | 2022-04-12 | An unauthenticated user can use functions of XML Data Archiving Service of SAP NetWeaver Application Server for Java - version 7.50, to which access should be restricted. This may result... |
| CVE-2022-27671 | 2022-04-12 | A CSRF token visible in the URL may possibly lead to information disclosure vulnerability. |
| CVE-2022-28772 | 2022-04-12 | By overlong input values an attacker may force overwrite of the internal program stack in SAP Web Dispatcher - versions 7.53, 7.77, 7.81, 7.85, 7.86, or Internet Communication Manager -... |
| CVE-2022-28215 | 2022-04-12 | SAP NetWeaver ABAP Server and ABAP Platform - versions 740, 750, 787, allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation. This could... |
| CVE-2022-28795 | 2022-04-12 | A vulnerability within the Avira Password Manager Browser Extensions provided a potential loophole where, if a user visited a page crafted by an attacker, the discovered vulnerability could trigger the... |
| CVE-2021-41004 | 2022-04-12 | A remote vulnerability was discovered in Aruba Instant On 1930 Switch Series version(s): Firmware below v1.0.7.0. |
| CVE-2021-41005 | 2022-04-12 | A remote vulnerability was discovered in Aruba Instant On 1930 Switch Series version(s): Firmware below v1.0.7.0. |
| CVE-2022-23702 | 2022-04-12 | A potential security vulnerability has been identified in HPE Superdome Flex and Superdome Flex 280 Servers. The vulnerability could be locally exploited to allow an user with Administrator access to... |
| CVE-2022-23703 | 2022-04-12 | A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays and HPE Nimble Storage Secondary Flash Arrays during update. This would... |
| CVE-2021-0694 | 2022-04-12 | In setServiceForegroundInnerLocked of ActiveServices.java, there is a possible way for a background application to regain foreground permissions due to insufficient background restrictions. This could lead to local escalation of privilege... |
| CVE-2021-0707 | 2022-04-12 | In dma_buf_release of dma-buf.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed.... |
| CVE-2021-39794 | 2022-04-12 | In broadcastPortInfo of AdbService.java, there is a possible way for apps to run code as the shell user, if wireless debugging is enabled, due to a missing permission check. This... |
| CVE-2021-39796 | 2022-04-12 | In HarmfulAppWarningActivity of HarmfulAppWarningActivity.java, there is a possible way to trick victim to install harmful app due to a tapjacking/overlay attack. This could lead to local escalation of privilege with... |
| CVE-2021-39797 | 2022-04-12 | In several functions of of LauncherApps.java, there is a possible escalation of privilege due to a logic error in the code. This could lead to local escalation of privilege with... |
| CVE-2021-39798 | 2022-04-12 | In Bitmap_createFromParcel of Bitmap.cpp, there is a possible arbitrary code execution due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed.... |
| CVE-2021-39799 | 2022-04-12 | In AttributionSource of AttributionSource.java, there is a possible permission bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User... |
| CVE-2021-39800 | 2022-04-12 | In ion_ioctl of ion-ioctl.c, there is a possible way to leak kernel head data due to a use after free. This could lead to local information disclosure with no additional... |
| CVE-2021-39801 | 2022-04-12 | In ion_ioctl of ion-ioctl.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User... |
| CVE-2021-39802 | 2022-04-12 | In change_pte_range of mprotect.c , there is a possible way to make a shared mmap writable due to a permissions bypass. This could lead to local escalation of privilege with... |
| CVE-2021-39803 | 2022-04-12 | In ~Impl of C2AllocatorIon.cpp, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure with no additional execution privileges... |
| CVE-2021-39804 | 2022-04-12 | In reinit of HeifDecoderImpl.cpp, there is a possible crash due to a missing null check. This could lead to remote persistent denial of service in the file picker with no... |
| CVE-2021-39805 | 2022-04-12 | In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure through Bluetooth with no additional... |
| CVE-2021-39807 | 2022-04-12 | In handleNfcStateChanged of SecureNfcEnabler.java, there is a possible way to enable NFC from the Guest account due to a missing permission check. This could lead to local escalation of privilege... |
| CVE-2021-39808 | 2022-04-12 | In createNotificationChannelGroup of PreferencesHelper.java, there is a possible way for a service to run in foreground without user notification due to improper input validation. This could lead to local escalation... |
| CVE-2021-39809 | 2022-04-12 | In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges... |
| CVE-2022-21168 | 2022-04-12 | ICSA-22-090-03 Fuji Electric Alpha5 |
| CVE-2022-21214 | 2022-04-12 | ICSA-22-090-03 Fuji Electric Alpha5 |
| CVE-2022-21228 | 2022-04-12 | ICSA-22-090-03 Fuji Electric Alpha5 |
| CVE-2022-24383 | 2022-04-12 | ICSA-22-090-03 Fuji Electric Alpha5 |
| CVE-2021-39812 | 2022-04-12 | In TBD of TBD, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with no additional execution... |
| CVE-2022-21202 | 2022-04-12 | ICSA-22-090-03 Fuji Electric Alpha5 |
| CVE-2021-39814 | 2022-04-12 | In ppmp_validate_wsm of drm_fw.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges... |
| CVE-2022-21155 | 2022-04-12 | Fernhill SCADA Uncontrolled Resource Consumption |
| CVE-2022-27139 | 2022-04-12 | An arbitrary file upload vulnerability in the file upload module of Ghost v4.39.0 allows attackers to execute arbitrary code via a crafted SVG file. NOTE: Vendor states that as outlined... |
| CVE-2022-27260 | 2022-04-12 | An arbitrary file upload vulnerability in the file upload component of ButterCMS v1.2.8 allows attackers to execute arbitrary code via a crafted SVG file. |
| CVE-2022-27261 | 2022-04-12 | An arbitrary file write vulnerability in Express-FileUpload v1.3.1 allows attackers to upload multiple files with the same name, causing an overwrite of files in the web application server. |
| CVE-2022-27262 | 2022-04-12 | An arbitrary file upload vulnerability in the file upload module of Skipper v0.9.1 allows attackers to execute arbitrary code via a crafted file. |
| CVE-2022-27263 | 2022-04-12 | An arbitrary file upload vulnerability in the file upload module of Strapi v4.1.5 allows attackers to execute arbitrary code via a crafted file. |
| CVE-2022-27952 | 2022-04-12 | An arbitrary file upload vulnerability in the file upload module of PayloadCMS v0.15.0 allows attackers to execute arbitrary code via a crafted SVG file. |
| CVE-2022-28397 | 2022-04-12 | An arbitrary file upload vulnerability in the file upload module of Ghost CMS v4.42.0 allows attackers to execute arbitrary code via a crafted file. NOTE: Vendor states as detailed in... |
| CVE-2022-24812 | 2022-04-12 | FGAC API Key privilege escalation in Grafana |
| CVE-2022-24842 | 2022-04-12 | Improper Privilege Management in MinIO |
| CVE-2021-28544 | 2022-04-12 | Apache Subversion SVN authz protected copyfrom paths regression |
| CVE-2022-24070 | 2022-04-12 | Apache Subversion mod_dav_svn is vulnerable to memory corruption |
| CVE-2022-22549 | 2022-04-12 | Dell PowerScale OneFS, 8.2.x-9.3.x, contains a Improper Certificate Validation. A unauthenticated remote attacker could potentially exploit this vulnerability, leading to a man-in-the-middle capture of administrative credentials. |
| CVE-2022-22550 | 2022-04-12 | Dell PowerScale OneFS, versions 8.2.2 and above, contain a password disclosure vulnerability. An unprivileged local attacker could potentially exploit this vulnerability, leading to account take over. |
| CVE-2022-22559 | 2022-04-12 | Dell PowerScale OneFS, version 9.3.0, contains a use of a broken or risky cryptographic algorithm. An unprivileged network attacker could exploit this vulnerability, leading to the potential for information disclosure. |
| CVE-2022-22560 | 2022-04-12 | Dell EMC PowerScale OneFS 8.1.x - 9.1.x contain hard coded credentials. This allows a local user with knowledge of the credentials to login as the admin user to the backend... |
| CVE-2022-22561 | 2022-04-12 | Dell PowerScale OneFS, versions 8.2.x-9.3.0.x, contain an improper restriction of excessive authentication attempts. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to compromised accounts. |
| CVE-2022-22562 | 2022-04-12 | Dell PowerScale OneFS, versions 8.2.0-9.3.0, contain a improper handling of missing values exploit. An unauthenticated network attacker could potentially exploit this denial-of-service vulnerability. |
| CVE-2022-22565 | 2022-04-12 | Dell PowerScale OneFS, versions 9.0.0-9.3.0, contain an improper authorization of index containing sensitive information. An authenticated and privileged user could potentially exploit this vulnerability, leading to disclosure or modification of... |
| CVE-2022-23159 | 2022-04-12 | Dell PowerScale OneFS, 8.2.2 - 9.3.0.x, contain a missing release of memory after effective lifetime vulnerability. An authenticated user with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE and ISI_PRIV_AUTH_PROVIDERS privileges could exploit this vulnerability,... |
| CVE-2022-23160 | 2022-04-12 | Dell PowerScale OneFS, versions 8.2.0-9.3.0, contains an Improper Handling of Insufficient Permissions vulnerability. An remote malicious user could potentially exploit this vulnerability, leading to gaining write permissions on read-only files. |
| CVE-2022-23161 | 2022-04-12 | Dell PowerScale OneFS versions 8.2.x - 9.3.0.x contain a denial-of-service vulnerability in SmartConnect. An unprivileged network attacker may potentially exploit this vulnerability, leading to denial-of-service. |
| CVE-2022-23163 | 2022-04-12 | Dell PowerScale OneFS, 8.2,x, 9.1.0.x, 9.2.1.x, and 9.3.0.x contain a denial of service vulnerability. A local malicious user could potentially exploit this vulnerability, leading to denial of service/data unavailability. |
| CVE-2022-24411 | 2022-04-12 | Dell PowerScale OneFS 8.2.2 and above contain an elevation of privilege vulnerability. A local attacker with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE could potentially exploit this vulnerability, leading to elevation of privilege. This... |
| CVE-2022-24412 | 2022-04-12 | Dell EMC PowerScale OneFS 8.2.x - 9.3.0.x contain an improper handling of value vulnerability. An unprivileged network attacker could potentially exploit this vulnerability, leading to denial-of-service. |
| CVE-2022-24413 | 2022-04-12 | Dell PowerScale OneFS, versions 8.2.2-9.3.x, contain a time-of-check-to-time-of-use vulnerability. A local user with access to the filesystem could potentially exploit this vulnerability, leading to data loss. |
| CVE-2022-24767 | 2022-04-12 | GitHub: Git for Windows' uninstaller vulnerable to DLL hijacking when run under the SYSTEM user account. |
| CVE-2022-0915 | 2022-04-12 | Logitech Sync desktop application prior to 2.4.574 - TOCTOU during installation leads to privelege escalation |
| CVE-2022-27376 | 2022-04-12 | MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially crafted SQL statements. |
| CVE-2022-27377 | 2022-04-12 | MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. |
| CVE-2022-27378 | 2022-04-12 | An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. |
| CVE-2022-27379 | 2022-04-12 | An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. |
| CVE-2022-27380 | 2022-04-12 | An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. |
| CVE-2022-27381 | 2022-04-12 | An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. |
| CVE-2022-27382 | 2022-04-12 | MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component Item_field::used_tables/update_depend_map_for_order. |
| CVE-2022-27383 | 2022-04-12 | MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. |
| CVE-2022-27384 | 2022-04-12 | An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. |
| CVE-2022-27385 | 2022-04-12 | An issue in the component Used_tables_and_const_cache::used_tables_and_const_cache_join of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. |
| CVE-2022-27386 | 2022-04-12 | MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc. |
| CVE-2022-27387 | 2022-04-12 | MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially crafted SQL statements. |
| CVE-2022-29037 | 2022-04-12 | Jenkins CVS Plugin 2.19 and earlier does not escape the name and description of CVS Symbolic Name parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability... |
| CVE-2022-29038 | 2022-04-12 | Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier does not escape the name and description of Extended Choice parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS)... |