CVE List - 2022 / May
Showing 1901 - 2000 of 2161 CVEs for May 2022 (Page 20 of 22)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-26725 | 2022-05-26 | A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4. Photo location information may persist after it is removed with Preview Inspector. |
| CVE-2022-26726 | 2022-05-26 | This issue was addressed with improved checks. This issue is fixed in Security Update 2022-004 Catalina, watchOS 8.6, macOS Monterey 12.4, macOS Big Sur 11.6.6. An app may be able... |
| CVE-2022-26727 | 2022-05-26 | This issue was addressed with improved entitlements. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4. A malicious application may be able to modify protected parts of... |
| CVE-2022-26728 | 2022-05-26 | This issue was addressed with improved entitlements. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to... |
| CVE-2022-26731 | 2022-05-26 | A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. A malicious website may be able to track... |
| CVE-2022-26736 | 2022-05-26 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able... |
| CVE-2022-26737 | 2022-05-26 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able... |
| CVE-2022-26738 | 2022-05-26 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able... |
| CVE-2022-26739 | 2022-05-26 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able... |
| CVE-2022-26740 | 2022-05-26 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able... |
| CVE-2022-26741 | 2022-05-26 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges. |
| CVE-2022-26742 | 2022-05-26 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges. |
| CVE-2022-26743 | 2022-05-26 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.4. An attacker that has already achieved code execution in macOS Recovery may... |
| CVE-2022-26745 | 2022-05-26 | A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.6.6. A malicious application may disclose restricted memory. |
| CVE-2022-31648 | 2022-05-26 | Talend Administration Center is vulnerable to a reflected Cross-Site Scripting (XSS) issue in the SSO login endpoint. The issue is fixed for versions 8.0.x in TPS-5233, for versions 7.3.x in... |
| CVE-2022-26746 | 2022-05-26 | This issue was addressed by removing the vulnerable code. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be... |
| CVE-2022-26747 | 2022-05-26 | This issue was addressed with improved checks. This issue is fixed in Xcode 13.4. An app may be able to gain elevated privileges. |
| CVE-2022-26748 | 2022-05-26 | An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing maliciously crafted web... |
| CVE-2022-26749 | 2022-05-26 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges. |
| CVE-2022-26750 | 2022-05-26 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges. |
| CVE-2022-26751 | 2022-05-26 | A memory corruption issue was addressed with improved input validation. This issue is fixed in iTunes 12.12.4 for Windows, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, macOS Big... |
| CVE-2022-26752 | 2022-05-26 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges. |
| CVE-2022-26753 | 2022-05-26 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges. |
| CVE-2022-26754 | 2022-05-26 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges. |
| CVE-2022-26755 | 2022-05-26 | This issue was addressed with improved environment sanitization. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able... |
| CVE-2022-26756 | 2022-05-26 | An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. An application may be... |
| CVE-2022-26757 | 2022-05-26 | A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS... |
| CVE-2022-30585 | 2022-05-26 | The REST API in Archer Platform 6.x before 6.11 (6.11.0.0) contains an Authorization Bypass Vulnerability. A remote authenticated malicious user could potentially exploit this vulnerability to view sensitive information. 6.10... |
| CVE-2022-26761 | 2022-05-26 | A memory corruption issue was addressed with improved memory handling. This issue is fixed in Security Update 2022-004 Catalina, macOS Big Sur 11.6.6. An application may be able to execute... |
| CVE-2022-30584 | 2022-05-26 | Archer Platform 6.3 before 6.11 (6.11.0.0) contains an Improper Access Control Vulnerability within SSO ADFS functionality that could potentially be exploited by malicious users to compromise the affected system. 6.10... |
| CVE-2022-26763 | 2022-05-26 | An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big... |
| CVE-2022-26764 | 2022-05-26 | A memory corruption issue was addressed with improved validation. This issue is fixed in watchOS 8.6, tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An attacker that has... |
| CVE-2022-26765 | 2022-05-26 | A race condition was addressed with improved state handling. This issue is fixed in watchOS 8.6, tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. A malicious attacker with... |
| CVE-2022-26766 | 2022-05-26 | A certificate parsing issue was addressed with improved checks. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur... |
| CVE-2022-26767 | 2022-05-26 | The issue was addressed with additional permissions checks. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to bypass Privacy preferences. |
| CVE-2022-26768 | 2022-05-26 | A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4, watchOS 8.6, tvOS 15.5, macOS Big Sur 11.6.6. An application may be... |
| CVE-2022-26769 | 2022-05-26 | A memory corruption issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may... |
| CVE-2022-26770 | 2022-05-26 | An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may... |
| CVE-2022-26771 | 2022-05-26 | A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 8.6, tvOS 15.5, iOS 15.5 and iPadOS 15.5. A malicious application may be able... |
| CVE-2022-26772 | 2022-05-26 | A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges. |
| CVE-2022-26773 | 2022-05-26 | A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for Windows. An application may be able to delete files for which it does... |
| CVE-2022-26774 | 2022-05-26 | A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for Windows. A local attacker may be able to elevate their privileges. |
| CVE-2022-26775 | 2022-05-26 | An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4. An attacker may be able to cause unexpected application... |
| CVE-2022-26776 | 2022-05-26 | This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. An attacker may be able to cause unexpected application termination or... |
| CVE-2021-28508 | 2022-05-26 | TerminAttr streams IPsec sensitive data in clear text to other authorized users in CVP |
| CVE-2021-28509 | 2022-05-26 | TerminAttr streams MACsec sensitive data in clear text to other authorized users in CVP |
| CVE-2022-29632 | 2022-05-26 | An arbitrary file upload vulnerability in the component /course/api/upload/pic of Roncoo Education v9.0.0 allows attackers to execute arbitrary code via a crafted file. |
| CVE-2022-29633 | 2022-05-26 | An access control issue in Linglong v1.0 allows attackers to access the background of the application via a crafted cookie. |
| CVE-2022-29637 | 2022-05-26 | An arbitrary file upload vulnerability in Mindoc v2.1-beta.5 allows attackers to execute arbitrary commands via a crafted Zip file. |
| CVE-2022-28394 | 2022-05-26 | EOL Product CVE - Installer of Trend Micro Password Manager (Consumer) versions 3.7.0.1223 and below provided by Trend Micro Incorporated contains an issue with the DLL search path, which may... |
| CVE-2022-30687 | 2022-05-26 | Trend Micro Maximum Security 2022 is vulnerable to a link following vulnerability that could allow a low privileged local user to manipulate the product's secure erase feature to delete arbitrary... |
| CVE-2022-30700 | 2022-05-26 | An incorrect permission assignment vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to load a DLL with escalated privileges on affected... |
| CVE-2022-30701 | 2022-05-26 | An uncontrolled search path element vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to craft a special configuration file to load... |
| CVE-2022-1898 | 2022-05-27 | Use After Free in vim/vim |
| CVE-2022-30521 | 2022-05-27 | The LAN-side Web-Configuration Interface has Stack-based Buffer Overflow vulnerability in the D-Link Wi-Fi router firmware DIR-890L DIR890LA1_FW107b09.bin and previous versions. The function created at 0x17958 of /htdocs/cgibin will call sprintf... |
| CVE-2022-31783 | 2022-05-27 | Liblouis 3.21.0 has an out-of-bounds write in compileRule in compileTranslationTable.c, as demonstrated by lou_trace. |
| CVE-2022-1897 | 2022-05-27 | Out-of-bounds Write in vim/vim |
| CVE-2022-1907 | 2022-05-27 | Buffer Over-read in bfabiszewski/libmobi |
| CVE-2022-1909 | 2022-05-27 | Cross-site Scripting (XSS) - Stored in causefx/organizr |
| CVE-2022-1908 | 2022-05-27 | Buffer Over-read in bfabiszewski/libmobi |
| CVE-2022-30510 | 2022-05-27 | School Dormitory Management System 1.0 is vulnerable to SQL Injection via reports/daily_collection_report.php:59. |
| CVE-2022-29729 | 2022-05-27 | Verizon 4G LTE Network Extender GA4.38 - V0.4.038.2131 utilizes a weak default admin password generation algorithm which generates passwords that are accessible to unauthenticated attackers via the webUI login page. |
| CVE-2022-29730 | 2022-05-27 | USR IOT 4G LTE Industrial Cellular VPN Router v1.0.36 was discovered to contain hard-coded credentials for its highest privileged account. The credentials cannot be altered through normal operation of the... |
| CVE-2022-29731 | 2022-05-27 | An access control issue in ICT Protege GX/WX 2.08 allows attackers to leak SHA1 password hashes of other users. |
| CVE-2022-29732 | 2022-05-27 | Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was discovered to contain a cross-site scripting (XSS) vulnerability via the Username parameter. This vulnerability allows attackers to execute arbitrary web scripts or... |
| CVE-2022-29733 | 2022-05-27 | Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was discovered to transmit and store sensitive information in cleartext. This vulnerability allows attackers to intercept HTTP Cookie authentication credentials via a man-in-the-middle... |
| CVE-2022-29734 | 2022-05-27 | A cross-site scripting (XSS) vulnerability in ICT Protege GX/WX v2.08 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter. |
| CVE-2022-29735 | 2022-05-27 | Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 allows attackers to execute arbitrary commands via a crafted HTTP request. |
| CVE-2022-30425 | 2022-05-27 | Tenda Technology Co.,Ltd HG6 3.3.0-210926 was discovered to contain a command injection vulnerability via the pingAddr and traceAddr parameters. This vulnerability is exploited via a crafted POST request. |
| CVE-2022-29779 | 2022-05-27 | Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_value_own_enumerate at src/njs_value.c. |
| CVE-2022-29780 | 2022-05-27 | Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_array_prototype_sort at src/njs_array.c. |
| CVE-2022-30503 | 2022-05-27 | Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_set_number at src/njs_value.h. |
| CVE-2022-30506 | 2022-05-27 | An arbitrary file upload vulnerability was discovered in MCMS 5.2.7, allowing an attacker to execute arbitrary code through a crafted ZIP file. |
| CVE-2022-30423 | 2022-05-27 | Merchandise Online Store v1.0 by oretnom23 has an arbitrary code execution (RCE) vulnerability in the user profile upload point in the system information. |
| CVE-2022-30352 | 2022-05-27 | phpABook 0.9i is vulnerable to SQL Injection due to insufficient sanitization of user-supplied data in the "auth_user" parameter in index.php script. |
| CVE-2022-30512 | 2022-05-27 | School Dormitory Management System 1.0 is vulnerable to SQL Injection via accounts/payment_history.php:31. |
| CVE-2022-20666 | 2022-05-27 | Cisco Common Services Platform Collector Cross-Site Scripting Vulnerabilities |
| CVE-2022-20667 | 2022-05-27 | Cisco Common Services Platform Collector Cross-Site Scripting Vulnerabilities |
| CVE-2022-20668 | 2022-05-27 | Cisco Common Services Platform Collector Cross-Site Scripting Vulnerabilities |
| CVE-2022-20669 | 2022-05-27 | Cisco Common Services Platform Collector Cross-Site Scripting Vulnerabilities |
| CVE-2022-20670 | 2022-05-27 | Cisco Common Services Platform Collector Cross-Site Scripting Vulnerabilities |
| CVE-2022-20671 | 2022-05-27 | Cisco Common Services Platform Collector Cross-Site Scripting Vulnerabilities |
| CVE-2022-20672 | 2022-05-27 | Cisco Common Services Platform Collector Cross-Site Scripting Vulnerabilities |
| CVE-2022-20673 | 2022-05-27 | Cisco Common Services Platform Collector Cross-Site Scripting Vulnerabilities |
| CVE-2022-20674 | 2022-05-27 | Cisco Common Services Platform Collector Cross-Site Scripting Vulnerabilities |
| CVE-2022-20765 | 2022-05-27 | Cisco UCS Director JavaScript Cross-Site Scripting Vulnerability |
| CVE-2022-20797 | 2022-05-27 | Cisco Secure Network Analytics Remote Code Execution Vulnerability |
| CVE-2022-20802 | 2022-05-27 | Cisco Enterprise Chat and Email Stored Cross-Site Scripting Vulnerability |
| CVE-2022-20806 | 2022-05-27 | Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities |
| CVE-2022-20807 | 2022-05-27 | Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities |
| CVE-2022-30324 | 2022-05-27 | HashiCorp Nomad and Nomad Enterprise version 0.2.0 up to 1.3.0 were impacted by go-getter vulnerabilities enabling privilege escalation through the artifact stanza in submitted jobs onto the client agent host.... |
| CVE-2022-30514 | 2022-05-27 | School Dormitory Management System v1.0 is vulnerable to reflected cross-site scripting (XSS) via admin/inc/navigation.php:126. |
| CVE-2022-30511 | 2022-05-27 | School Dormitory Management System 1.0 is vulnerable to SQL Injection via accounts/view_details.php:4. |
| CVE-2021-27780 | 2022-05-27 | HCL BigFix Mobile / Modern Client Management is vulnerable to unauthenticated XML interaction |
| CVE-2021-27781 | 2022-05-27 | HCL BigFix Mobile / Modern Client Management is vulnerable to stored cross-site scripting |
| CVE-2022-30513 | 2022-05-27 | School Dormitory Management System v1.0 is vulnerable to reflected cross-site scripting (XSS) via admin/inc/navigation.php:125 |
| CVE-2022-25237 | 2022-05-27 | Bonita Web 2021.2 is affected by a authentication/authorization bypass vulnerability due to an overly broad exclude pattern used in the RestAPIAuthorizationFilter. By appending ;i18ntranslation or /../i18ntranslation/ to the end of... |
| CVE-2022-29598 | 2022-05-27 | Solutions Atlantic Regulatory Reporting System (RRS) v500 is vulnerable to an reflected Cross-Site Scripting (XSS) vulnerability via RRSWeb/maint/ShowDocument/ShowDocument.aspx . |
| CVE-2022-30349 | 2022-05-27 | siteserver SSCMS 6.15.51 is vulnerable to Cross Site Scripting (XSS). |
| CVE-2022-30496 | 2022-05-27 | SQL injection in Logon Page of IDCE MV's application, version 1.0, allows an attacker to inject SQL payloads in the user field, connecting to a database to access enterprise's private... |