CVE List - 2022 / April
Showing 1101 - 1200 of 2039 CVEs for April 2022 (Page 12 of 21)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-20697 | 2022-04-15 | Cisco IOS and IOS XE Software Web Services Denial of Service Vulnerability |
| CVE-2022-20695 | 2022-04-15 | Cisco Wireless LAN Controller Management Interface Authentication Bypass Vulnerability |
| CVE-2022-20694 | 2022-04-15 | Cisco IOS XE Software Border Gateway Protocol Resource Public Key Infrastructure Denial of Service Vulnerability |
| CVE-2022-20693 | 2022-04-15 | Cisco IOS XE Software Web UI API Injection Vulnerability |
| CVE-2022-20692 | 2022-04-15 | Cisco IOS XE Software NETCONF Over SSH Denial of Service Vulnerability |
| CVE-2022-20684 | 2022-04-15 | Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family SNMP Trap Denial of Service Vulnerability |
| CVE-2022-20683 | 2022-04-15 | Cisco IOS XE Software for Catalyst 9800 Series Wireless Controllers Application Visibility and Control Denial of Service Vulnerability |
| CVE-2022-20682 | 2022-04-15 | Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family CAPWAP Denial of Service Vulnerability |
| CVE-2022-20681 | 2022-04-15 | Cisco IOS XE Software for Cisco Catalyst 9000 Family Switches and Catalyst 9000 Family Wireless Controllers Privilege Escalation Vulnerability |
| CVE-2022-20679 | 2022-04-15 | Cisco IOS XE Software IPSec Denial of Service Vulnerability |
| CVE-2022-20678 | 2022-04-15 | Cisco IOS XE Software AppNav-XE Denial of Service Vulnerability |
| CVE-2022-20677 | 2022-04-15 | Cisco IOx Application Hosting Environment Vulnerabilities |
| CVE-2022-20676 | 2022-04-15 | Cisco IOS XE Software Tool Command Language Privilege Escalation Vulnerability |
| CVE-2022-20661 | 2022-04-15 | Cisco Catalyst Digital Building Series Switches and Cisco Catalyst Micro Switches Vulnerabilities |
| CVE-2022-20622 | 2022-04-15 | Cisco Embedded Wireless Controller with Catalyst Access Points IP Flood Denial of Service Vulnerability |
| CVE-2022-20761 | 2022-04-15 | Cisco 1000 Series Connected Grid Router Integrated Wireless Access Point Denial of Service Vulnerability |
| CVE-2022-20758 | 2022-04-15 | Cisco IOS XR Software Border Gateway Protocol Ethernet VPN Denial of Service Vulnerability |
| CVE-2022-20747 | 2022-04-15 | Cisco SD-WAN vManage Software Information Disclosure Vulnerability |
| CVE-2022-20739 | 2022-04-15 | Cisco SD-WAN vManage Software Privilege Escalation Vulnerability |
| CVE-2022-20735 | 2022-04-15 | Cisco SD-WAN vManage Software Cross-Site Request Forgery Vulnerability |
| CVE-2022-20731 | 2022-04-15 | Cisco Catalyst Digital Building Series Switches and Cisco Catalyst Micro Switches Vulnerabilities |
| CVE-2022-20727 | 2022-04-15 | Cisco IOx Application Hosting Environment Vulnerabilities |
| CVE-2022-20726 | 2022-04-15 | Cisco IOx Application Hosting Environment Vulnerabilities |
| CVE-2022-20725 | 2022-04-15 | Cisco IOx Application Hosting Environment Vulnerabilities |
| CVE-2022-20724 | 2022-04-15 | Cisco IOx Application Hosting Environment Vulnerabilities |
| CVE-2022-20723 | 2022-04-15 | Cisco IOx Application Hosting Environment Vulnerabilities |
| CVE-2022-20722 | 2022-04-15 | Cisco IOx Application Hosting Environment Vulnerabilities |
| CVE-2022-20721 | 2022-04-15 | Cisco IOx Application Hosting Environment Vulnerabilities |
| CVE-2022-20720 | 2022-04-15 | Cisco IOx Application Hosting Environment Vulnerabilities |
| CVE-2022-1231 | 2022-04-15 | XSS via Embedded SVG in SVG Diagram Format in plantuml/plantuml |
| CVE-2022-23865 | 2022-04-15 | Nyron 1.0 is affected by a SQL injection vulnerability through Nyron/Library/Catalog/winlibsrch.aspx. To exploit this vulnerability, an attacker must inject '"> on the thes1 parameter. |
| CVE-2022-26594 | 2022-04-15 | Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.3.5 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allow remote attackers to inject arbitrary web script or HTML via... |
| CVE-2022-28109 | 2022-04-15 | Selenium Selenium Grid (formerly Selenium Standalone Server) Fixed in 4.0.0-alpha-7 is affected by: DNS rebinding. The impact is: execute arbitrary code (remote). The component is: WebDriver endpoint of Selenium Grid... |
| CVE-2022-21159 | 2022-04-15 | A denial of service vulnerability exists in the parseNormalModeParameters functionality of MZ Automation GmbH libiec61850 1.5.0. A specially-crafted series of network requests can lead to denial of service. An attacker... |
| CVE-2022-27258 | 2022-04-15 | Multiple Cross-Site Scripting (XSS) vulnerabilities in Hubzilla 7.0.3 and earlier allows remote attacker to include arbitrary web script or HTML via the rpath parameter. |
| CVE-2021-42230 | 2022-04-15 | Seowon 130-SLC router all versions as of 2021-09-15 is vulnerable to Remote Code Execution via the queriesCnt parameter. |
| CVE-2022-27849 | 2022-04-15 | WordPress Simple Ajax Chat plugin <= 20220115 - Sensitive Information Disclosure vulnerability |
| CVE-2022-27850 | 2022-04-15 | WordPress Simple Ajax Chat plugin <= 20220115 - Multiple Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-27851 | 2022-04-15 | WordPress Use Any Font plugin <= 6.1.7 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2021-36828 | 2022-04-15 | WordPress WP Maintenance plugin <= 6.0.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-27852 | 2022-04-15 | WordPress KB Support plugin <= 1.5.5 - Multiple Unauth. Stored Cross-Site Scripting (XSS) vulnerabilities |
| CVE-2021-36205 | 2022-04-15 | Metasys session token |
| CVE-2021-44481 | 2022-04-15 | An issue was discovered in YottaDB through r1.32 and V7.0-000. A lack of parameter validation in calls to memcpy in check_and_set_timeout in sr_unix/ztimeoutroutines.c allows attackers to attempt to read from... |
| CVE-2021-44482 | 2022-04-15 | An issue was discovered in YottaDB through r1.32 and V7.0-000. A lack of input validation in calls to do_verify in sr_unix/do_verify.c allows attackers to attempt to jump to a NULL... |
| CVE-2021-44483 | 2022-04-15 | An issue was discovered in YottaDB through r1.32 and V7.0-000. A lack of input validation in calls to eb_div in sr_port/eb_muldiv.c allows attackers to crash the application by performing a... |
| CVE-2021-44484 | 2022-04-15 | An issue was discovered in YottaDB through r1.32 and V7.0-000. A lack of NULL checks in calls to emit_trip in sr_port/emit_code.c allows attackers to crash the application by dereferencing a... |
| CVE-2021-44485 | 2022-04-15 | An issue was discovered in YottaDB through r1.32 and V7.0-000. A lack of NULL checks in trip_gen in sr_port/emit_code.c allows attackers to crash the application by dereferencing a NULL pointer. |
| CVE-2021-44486 | 2022-04-15 | An issue was discovered in YottaDB through r1.32 and V7.0-000. Using crafted input, attackers can manipulate the value of a function pointer used in op_write in sr_port/op_write.c in order to... |
| CVE-2021-44487 | 2022-04-15 | An issue was discovered in YottaDB through r1.32 and V7.0-000. A lack of NULL checks in calls to ious_open in sr_unix/ious_open.c allows attackers to crash the application by dereferencing a... |
| CVE-2021-44488 | 2022-04-15 | An issue was discovered in YottaDB through r1.32 and V7.0-000. Using crafted input, attackers can control the size and input to calls to memcpy in op_fnfnumber in sr_port/op_fnfnumber.c in order... |
| CVE-2021-44489 | 2022-04-15 | An issue was discovered in YottaDB through r1.32 and V7.0-000. Using crafted input, attackers can cause an integer underflow of the size of calls to memset in op_fnj3 in sr_port/op_fnj3.c... |
| CVE-2021-44490 | 2022-04-15 | An issue was discovered in YottaDB through r1.32 and V7.0-000. Using crafted input, attackers can cause a calculation of the size of calls to memset in op_fnj3 in sr_port/op_fnj3.c to... |
| CVE-2021-44491 | 2022-04-15 | An issue was discovered in YottaDB through r1.32 and V7.0-000. Using crafted input, attackers can cause a calculation of the size of calls to memset in op_fnj3 in sr_port/op_fnj3.c to... |
| CVE-2021-44492 | 2022-04-15 | An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS GT.M through V7.0-000. Using crafted input, attackers can cause a type to be incorrectly initialized in the function... |
| CVE-2022-27365 | 2022-04-15 | Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component dance_Dance.php_del. |
| CVE-2022-27366 | 2022-04-15 | Cscms Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the component dance_Dance.php_hy. |
| CVE-2022-27368 | 2022-04-15 | Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component dance_Lists.php_zhuan. |
| CVE-2022-27369 | 2022-04-15 | Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component news_News.php_hy. |
| CVE-2022-27367 | 2022-04-15 | Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component dance_Topic.php_del. |
| CVE-2021-44493 | 2022-04-15 | An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS GT.M through V7.0-000. Using crafted input, an attacker can cause a call to $Extract to force an signed... |
| CVE-2021-44494 | 2022-04-15 | An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS GT.M through V7.0-000. Using crafted input, an attacker can cause calls to ZRead to crash due to a... |
| CVE-2021-44495 | 2022-04-15 | An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS GT.M through V7.0-000. Using crafted input, an attacker can cause a NULL pointer dereference after calls to ZPrint. |
| CVE-2021-44496 | 2022-04-15 | An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, an attacker can control the size variable and buffer that is passed... |
| CVE-2021-44497 | 2022-04-15 | An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, can cause the bounds of a for loop to be miscalculated, which... |
| CVE-2021-44498 | 2022-04-15 | An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, attackers can cause a type to be incorrectly initialized in the function... |
| CVE-2021-44499 | 2022-04-15 | An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, an attacker can cause a call to $Extract to force an signed... |
| CVE-2021-44500 | 2022-04-15 | An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). A lack of input validation in calls to eb_div in sr_port/eb_muldiv.c allows attackers to crash... |
| CVE-2021-44501 | 2022-04-15 | An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, an attacker can cause calls to ZRead to crash due to a... |
| CVE-2021-44502 | 2022-04-15 | An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, an attacker can control the size of a memset that occurs in... |
| CVE-2021-44503 | 2022-04-15 | An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, an attacker can cause a call to va_arg on an empty variadic... |
| CVE-2021-44504 | 2022-04-15 | An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, an attacker can cause a size variable, stored as an signed int,... |
| CVE-2021-44505 | 2022-04-15 | An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, an attacker can cause a NULL pointer dereference after calls to ZPrint. |
| CVE-2022-27257 | 2022-04-15 | A PHP Local File Inclusion vulneraility in the default Redbasic theme for Hubzilla before version 7.2 allows remote attackers to include arbitrary php files via the schema parameter. |
| CVE-2021-44506 | 2022-04-15 | An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). A lack of input validation in calls to do_verify in sr_unix/do_verify.c allows attackers to attempt... |
| CVE-2021-44508 | 2022-04-15 | An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). A lack of NULL checks in calls to ious_open in sr_unix/ious_open.c allows attackers to crash... |
| CVE-2021-44509 | 2022-04-15 | An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, attackers can cause an integer underflow of the size of calls to... |
| CVE-2021-44510 | 2022-04-15 | An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, attackers can cause a calculation of the size of calls to memset... |
| CVE-2022-27157 | 2022-04-15 | pearweb < 1.32 is suffers from a Weak Password Recovery Mechanism via include/users/passwordmanage.php. |
| CVE-2021-44507 | 2022-04-15 | An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). A lack of parameter validation in calls to memcpy in str_tok in sr_unix/ztimeoutroutines.c allows attackers... |
| CVE-2022-27158 | 2022-04-15 | pearweb < 1.32 suffers from Deserialization of Untrusted Data. |
| CVE-2022-28113 | 2022-04-15 | An issue in upload.csp of FANTEC GmbH MWiD25-DS Firmware v2.000.030 allows attackers to write files and reset the user passwords without having a valid session cookie. |
| CVE-2022-27048 | 2022-04-15 | A vulnerability has been discovered in Moxa MGate which allows an attacker to perform a man-in-the-middle (MITM) attack on the device. This affects MGate MB3170 Series Firmware Version 4.2 or... |
| CVE-2022-24851 | 2022-04-15 | Stored XSS and path traversal in LDAPAccountManager/lam |
| CVE-2022-24857 | 2022-04-15 | Multi factor authentication bypass in django-mfa3 |
| CVE-2022-21983 | 2022-04-15 | Win32 Stream Enumeration Remote Code Execution Vulnerability |
| CVE-2022-22008 | 2022-04-15 | Windows Hyper-V Remote Code Execution Vulnerability |
| CVE-2022-22009 | 2022-04-15 | Windows Hyper-V Remote Code Execution Vulnerability |
| CVE-2022-23257 | 2022-04-15 | Windows Hyper-V Remote Code Execution Vulnerability |
| CVE-2022-23259 | 2022-04-15 | Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability |
| CVE-2022-23268 | 2022-04-15 | Windows Hyper-V Denial of Service Vulnerability |
| CVE-2022-23292 | 2022-04-15 | Microsoft Power BI Spoofing Vulnerability |
| CVE-2022-24472 | 2022-04-15 | Microsoft SharePoint Server Spoofing Vulnerability |
| CVE-2022-24473 | 2022-04-15 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2022-24474 | 2022-04-15 | Windows Win32k Elevation of Privilege Vulnerability |
| CVE-2022-24479 | 2022-04-15 | Connected User Experiences and Telemetry Elevation of Privilege Vulnerability |
| CVE-2022-24481 | 2022-04-15 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
| CVE-2022-24482 | 2022-04-15 | Windows ALPC Elevation of Privilege Vulnerability |
| CVE-2022-24483 | 2022-04-15 | Windows Kernel Information Disclosure Vulnerability |
| CVE-2022-24484 | 2022-04-15 | Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability |
| CVE-2022-24485 | 2022-04-15 | Win32 File Enumeration Remote Code Execution Vulnerability |