CVE List - 2022 / May
Showing 601 - 700 of 2161 CVEs for May 2022 (Page 7 of 22)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-28913 | 2022-05-10 | TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/setUploadSetting. |
| CVE-2022-28901 | 2022-05-10 | A command injection vulnerability in the component /SetTriggerLEDBlink/Blink of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload. |
| CVE-2022-28895 | 2022-05-10 | A command injection vulnerability in the component /setnetworksettings/IPAddress of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload. |
| CVE-2022-28896 | 2022-05-10 | A command injection vulnerability in the component /setnetworksettings/SubnetMask of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload. |
| CVE-2022-26987 | 2022-05-10 | TP-Link TL-WDR7660 2.0.30, Mercury D196G 20200109_2.0.4, and Fast FAC1900R 20190827_2.0.2 routers have a stack overflow issue in `MmtAtePrase` function. Local users could get remote code execution. |
| CVE-2022-26988 | 2022-05-10 | TP-Link TL-WDR7660 2.0.30, Mercury D196G 20200109_2.0.4, and Fast FAC1900R 20190827_2.0.2 routers have a stack overflow issue in `MntAte` function. Local users could get remote code execution. |
| CVE-2021-39024 | 2022-05-10 | IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended... |
| CVE-2022-22454 | 2022-05-10 | IBM InfoSphere Information Server 11.7 could allow a locally authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. |
| CVE-2022-22774 | 2022-05-10 | TIBCO Managed File Transfer Command Center XXE Vulnerability |
| CVE-2022-23676 | 2022-05-10 | A remote execution of arbitrary code vulnerability was discovered in ArubaOS-Switch Devices version(s): ArubaOS-Switch 15.xx.xxxx: All versions; ArubaOS-Switch 16.01.xxxx: All versions; ArubaOS-Switch 16.02.xxxx: K.16.02.0033 and below; ArubaOS-Switch 16.03.xxxx: All versions;... |
| CVE-2022-23677 | 2022-05-10 | A remote execution of arbitrary code vulnerability was discovered in ArubaOS-Switch Devices version(s): ArubaOS-Switch 15.xx.xxxx: All versions; ArubaOS-Switch 16.01.xxxx: All versions; ArubaOS-Switch 16.02.xxxx: K.16.02.0033 and below; ArubaOS-Switch 16.03.xxxx: All versions;... |
| CVE-2021-26408 | 2022-05-10 | Insufficient validation of elliptic curve points in SEV-legacy firmware may compromise SEV-legacy guest migration potentially resulting in loss of guest's integrity or confidentiality. |
| CVE-2021-26390 | 2022-05-10 | A malicious or compromised UApp or ABL may coerce the bootloader into corrupting arbitrary memory potentially leading to loss of integrity of data. |
| CVE-2021-26370 | 2022-05-10 | Improper validation of destination address in SVC_LOAD_FW_IMAGE_BY_INSTANCE and SVC_LOAD_BINARY_BY_ATTRIB in a malicious UApp or ABL may allow an attacker to overwrite arbitrary bootloader memory with SPI ROM contents resulting in... |
| CVE-2021-26352 | 2022-05-10 | Insufficient bound checks in System Management Unit (SMU) PCIe Hot Plug table may result in access/updates from/to invalid address space that could result in denial of service. |
| CVE-2021-26332 | 2022-05-10 | Failure to verify SEV-ES TMR is not in MMIO space, SEV-ES FW could result in a potential loss of integrity or availability. |
| CVE-2021-26324 | 2022-05-10 | A bug with the SEV-ES TMR may lead to a potential loss of memory integrity for SNP-active VMs. |
| CVE-2021-43010 | 2022-05-10 | In Safedog Apache v4.0.30255, attackers can bypass this product for SQL injection. Attackers can bypass access to sensitive data. |
| CVE-2021-46771 | 2022-05-10 | Insufficient validation of addresses in AMD Secure Processor (ASP) firmware system call may potentially lead to arbitrary code execution by a compromised user application. |
| CVE-2021-26353 | 2022-05-10 | Failure to validate inputs in SMM may allow an attacker to create a mishandled error leaving the DRTM UApp in a partially initialized state potentially resulting in loss of memory... |
| CVE-2022-28986 | 2022-05-10 | LMS Doctor Simple 2 Factor Authentication Plugin For Moodle Affected: 2021072900 has an Insecure direct object references (IDOR) vulnerability, which allows remote attackers to update sensitive records such as email,... |
| CVE-2022-0947 | 2022-05-10 | Arctic Wireless Gateway Firewall vulnerability |
| CVE-2022-1476 | 2022-05-10 | The All-in-One WP Migration plugin for WordPress is vulnerable to arbitrary file deletion via directory traversal due to insufficient file validation via the ~/lib/model/class-ai1wm-backups.php file, in versions up to, and... |
| CVE-2022-1453 | 2022-05-10 | The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the rsvpmaker-util.php... |
| CVE-2022-1442 | 2022-05-10 | The Metform WordPress plugin is vulnerable to sensitive information disclosure due to improper access control in the ~/core/forms/action.php file which can be exploited by an unauthenticated attacker to view all... |
| CVE-2022-1209 | 2022-05-10 | The Ultimate Member plugin for WordPress is vulnerable to arbitrary redirects due to insufficient validation on supplied URLs in the social fields of the Profile Page, which makes it possible... |
| CVE-2022-1505 | 2022-05-10 | The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the rsvpmaker-api-endpoints.php... |
| CVE-2022-1463 | 2022-05-10 | Booking Calendar <= 9.1 - PHP Object Injection via Shortcode |
| CVE-2022-1567 | 2022-05-10 | The WP-JS plugin for WordPress contains a script called wp-js.php with the function wp_js_admin, that accepts unvalidated user input and echoes it back to the user. This can be used... |
| CVE-2022-27167 | 2022-05-10 | Arbitrary File Deletion in ESET products for Windows |
| CVE-2022-30278 | 2022-05-10 | A vulnerability in Black Duck Hub’s embedded MadCap Flare documentation files could allow an unauthenticated remote attacker to conduct a cross-site scripting attack. The vulnerability is due to improper validation... |
| CVE-2022-29391 | 2022-05-10 | TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_004200c8. |
| CVE-2022-29392 | 2022-05-10 | TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_00418c24. |
| CVE-2022-29393 | 2022-05-10 | TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_004192cc. |
| CVE-2022-29394 | 2022-05-10 | TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the macAddress parameter in the function FUN_0041b448. |
| CVE-2022-29395 | 2022-05-10 | TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the apcliKey parameter in the function FUN_0041bac4. |
| CVE-2022-29396 | 2022-05-10 | TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_00418f10. |
| CVE-2022-29397 | 2022-05-10 | TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_004196c8. |
| CVE-2022-29398 | 2022-05-10 | TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the File parameter in the function FUN_0041309c. |
| CVE-2022-29399 | 2022-05-10 | TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the url parameter in the function FUN_00415bf0. |
| CVE-2021-39670 | 2022-05-10 | In setStream of WallpaperManager.java, there is a possible way to cause a permanent DoS due to improper input validation. This could lead to local denial of service with User execution... |
| CVE-2021-39700 | 2022-05-10 | In the policies of adbd.te, there was a logic error which caused the CTS Listening Ports Test to report invalid results. This could lead to local information disclosure with no... |
| CVE-2022-20004 | 2022-05-10 | In checkSlicePermission of SliceManagerService.java, it is possible to access any slice URI due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges... |
| CVE-2022-20005 | 2022-05-10 | In validateApkInstallLocked of PackageInstallerSession.java, there is a way to force a mismatch between running code and a parsed APK . This could lead to local escalation of privilege with User... |
| CVE-2022-20006 | 2022-05-10 | In several functions of KeyguardServiceWrapper.java and related files,, there is a possible way to briefly view what's under the lockscreen due to a race condition. This could lead to local... |
| CVE-2022-20007 | 2022-05-10 | In startActivityForAttachedApplicationIfNeeded of RootWindowContainer.java, there is a possible way to overlay an app that believes it's still in the foreground, when it is not, due to a race condition. This... |
| CVE-2022-20008 | 2022-05-10 | In mmc_blk_read_single of block.c, there is a possible way to read kernel heap memory due to uninitialized data. This could lead to local information disclosure if reading from an SD... |
| CVE-2022-20009 | 2022-05-10 | In various functions of the USB gadget subsystem, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege... |
| CVE-2022-20010 | 2022-05-10 | In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure through Bluetooth with no additional... |
| CVE-2022-20011 | 2022-05-10 | In getArray of NotificationManagerService.java , there is a possible leak of one user notifications to another due to missing check. This could lead to local information disclosure with no additional... |
| CVE-2022-20112 | 2022-05-10 | In getAvailabilityStatus of PrivateDnsPreferenceController.java, there is a possible way for a guest user to change private DNS settings due to a permissions bypass. This could lead to local escalation of... |
| CVE-2022-20113 | 2022-05-10 | In mPreference of DefaultUsbConfigurationPreferenceController.java, there is a possible way to enable file transfer mode due to a logic error in the code. This could lead to local escalation of privilege... |
| CVE-2022-20114 | 2022-05-10 | In placeCall of TelecomManager.java, there is a possible way for an application to keep itself running with foreground service importance due to a permissions bypass. This could lead to local... |
| CVE-2022-20115 | 2022-05-10 | In broadcastServiceStateChanged of TelephonyRegistry.java, there is a possible way to learn base station information without location permission due to a missing permission check. This could lead to local information disclosure... |
| CVE-2022-20116 | 2022-05-10 | In onEntryUpdated of OngoingCallController.kt, it is possible to launch non-exported activities due to intent redirection. This could lead to local escalation of privilege with User execution privileges needed. User interaction... |
| CVE-2021-39738 | 2022-05-10 | In CarSetings, there is a possible to pair BT device bypassing user's consent due to a missing permission check. This could lead to local escalation of privilege with no additional... |
| CVE-2022-20117 | 2022-05-10 | In (TBD) of (TBD), there is a possible way to decrypt local data encrypted by the GSC due to improperly used crypto. This could lead to local information disclosure with... |
| CVE-2022-20118 | 2022-05-10 | In ion_ioctl and related functions of ion.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional... |
| CVE-2022-20119 | 2022-05-10 | In private_handle_t of mali_gralloc_buffer.h, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is... |
| CVE-2022-20120 | 2022-05-10 | Product: AndroidVersions: Android kernelAndroid ID: A-203213034References: N/A |
| CVE-2022-20121 | 2022-05-10 | In getNodeValue of USCCDMPlugin.java, there is a possible disclosure of ICCID due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.... |
| CVE-2022-0866 | 2022-05-10 | This is a concurrency issue that can result in the wrong caller principal being returned from the session context of an EJB that is configured with a RunAs principal. In... |
| CVE-2022-1431 | 2022-05-10 | An issue has been discovered in GitLab affecting all versions starting from 12.10 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab... |
| CVE-2022-1417 | 2022-05-10 | Improper access control in GitLab CE/EE affecting all versions starting from 8.12 before 14.8.6, all versions starting from 14.9 before 14.9.4, and all versions starting from 14.10 before 14.10.1 allows... |
| CVE-2022-21972 | 2022-05-10 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability |
| CVE-2022-21978 | 2022-05-10 | Microsoft Exchange Server Elevation of Privilege Vulnerability |
| CVE-2022-22011 | 2022-05-10 | Windows Graphics Component Information Disclosure Vulnerability |
| CVE-2022-22012 | 2022-05-10 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability |
| CVE-2022-22013 | 2022-05-10 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability |
| CVE-2022-22014 | 2022-05-10 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability |
| CVE-2022-22015 | 2022-05-10 | Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability |
| CVE-2022-22016 | 2022-05-10 | Windows PlayToManager Elevation of Privilege Vulnerability |
| CVE-2022-22017 | 2022-05-10 | Remote Desktop Client Remote Code Execution Vulnerability |
| CVE-2022-22019 | 2022-05-10 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
| CVE-2022-22713 | 2022-05-10 | Windows Hyper-V Denial of Service Vulnerability |
| CVE-2022-23267 | 2022-05-10 | .NET and Visual Studio Denial of Service Vulnerability |
| CVE-2022-23270 | 2022-05-10 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability |
| CVE-2022-23279 | 2022-05-10 | Windows ALPC Elevation of Privilege Vulnerability |
| CVE-2022-24466 | 2022-05-10 | Windows Hyper-V Security Feature Bypass Vulnerability |
| CVE-2022-26913 | 2022-05-10 | Windows Authentication Information Disclosure Vulnerability |
| CVE-2022-26923 | 2022-05-10 | Active Directory Domain Services Elevation of Privilege Vulnerability |
| CVE-2022-26925 | 2022-05-10 | Windows LSA Spoofing Vulnerability |
| CVE-2022-26926 | 2022-05-10 | Windows Address Book Remote Code Execution Vulnerability |
| CVE-2022-26927 | 2022-05-10 | Windows Graphics Component Remote Code Execution Vulnerability |
| CVE-2022-26930 | 2022-05-10 | Windows Remote Access Connection Manager Information Disclosure Vulnerability |
| CVE-2022-26931 | 2022-05-10 | Windows Kerberos Elevation of Privilege Vulnerability |
| CVE-2022-26932 | 2022-05-10 | Storage Spaces Direct Elevation of Privilege Vulnerability |
| CVE-2022-26933 | 2022-05-10 | Windows NTFS Information Disclosure Vulnerability |
| CVE-2022-26934 | 2022-05-10 | Windows Graphics Component Information Disclosure Vulnerability |
| CVE-2022-26935 | 2022-05-10 | Windows WLAN AutoConfig Service Information Disclosure Vulnerability |
| CVE-2022-26936 | 2022-05-10 | Windows Server Service Information Disclosure Vulnerability |
| CVE-2022-26937 | 2022-05-10 | Windows Network File System Remote Code Execution Vulnerability |
| CVE-2022-26938 | 2022-05-10 | Storage Spaces Direct Elevation of Privilege Vulnerability |
| CVE-2022-26939 | 2022-05-10 | Storage Spaces Direct Elevation of Privilege Vulnerability |
| CVE-2022-26940 | 2022-05-10 | Remote Desktop Protocol Client Information Disclosure Vulnerability |
| CVE-2022-29102 | 2022-05-10 | Windows Failover Cluster Information Disclosure Vulnerability |
| CVE-2022-29103 | 2022-05-10 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability |
| CVE-2022-29104 | 2022-05-10 | Windows Print Spooler Elevation of Privilege Vulnerability |
| CVE-2022-29105 | 2022-05-10 | Microsoft Windows Media Foundation Remote Code Execution Vulnerability |
| CVE-2022-29106 | 2022-05-10 | Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability |