CVE List - 2022 / May
Showing 701 - 800 of 2161 CVEs for May 2022 (Page 8 of 22)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-29107 | 2022-05-10 | Microsoft Office Security Feature Bypass Vulnerability |
| CVE-2022-29108 | 2022-05-10 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| CVE-2022-29109 | 2022-05-10 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2022-29110 | 2022-05-10 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2022-29112 | 2022-05-10 | Windows Graphics Component Information Disclosure Vulnerability |
| CVE-2022-29113 | 2022-05-10 | Windows Digital Media Receiver Elevation of Privilege Vulnerability |
| CVE-2022-29114 | 2022-05-10 | Windows Print Spooler Information Disclosure Vulnerability |
| CVE-2022-29115 | 2022-05-10 | Windows Fax Service Remote Code Execution Vulnerability |
| CVE-2022-29116 | 2022-05-10 | Windows Kernel Information Disclosure Vulnerability |
| CVE-2022-29117 | 2022-05-10 | .NET and Visual Studio Denial of Service Vulnerability |
| CVE-2022-29120 | 2022-05-10 | Windows Clustered Shared Volume Information Disclosure Vulnerability |
| CVE-2022-29121 | 2022-05-10 | Windows WLAN AutoConfig Service Denial of Service Vulnerability |
| CVE-2022-29122 | 2022-05-10 | Windows Clustered Shared Volume Information Disclosure Vulnerability |
| CVE-2022-29123 | 2022-05-10 | Windows Clustered Shared Volume Information Disclosure Vulnerability |
| CVE-2022-29125 | 2022-05-10 | Windows Push Notifications Apps Elevation of Privilege Vulnerability |
| CVE-2022-29126 | 2022-05-10 | Tablet Windows User Interface Application Core Elevation of Privilege Vulnerability |
| CVE-2022-29127 | 2022-05-10 | BitLocker Security Feature Bypass Vulnerability |
| CVE-2022-29128 | 2022-05-10 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability |
| CVE-2022-29129 | 2022-05-10 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability |
| CVE-2022-29130 | 2022-05-10 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability |
| CVE-2022-29131 | 2022-05-10 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability |
| CVE-2022-29132 | 2022-05-10 | Windows Print Spooler Elevation of Privilege Vulnerability |
| CVE-2022-29133 | 2022-05-10 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2022-29134 | 2022-05-10 | Windows Clustered Shared Volume Information Disclosure Vulnerability |
| CVE-2022-29135 | 2022-05-10 | Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability |
| CVE-2022-29137 | 2022-05-10 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability |
| CVE-2022-29138 | 2022-05-10 | Windows Clustered Shared Volume Elevation of Privilege Vulnerability |
| CVE-2022-29139 | 2022-05-10 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability |
| CVE-2022-29140 | 2022-05-10 | Windows Print Spooler Information Disclosure Vulnerability |
| CVE-2022-29141 | 2022-05-10 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability |
| CVE-2022-29142 | 2022-05-10 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2022-29145 | 2022-05-10 | .NET and Visual Studio Denial of Service Vulnerability |
| CVE-2022-29148 | 2022-05-10 | Visual Studio Remote Code Execution Vulnerability |
| CVE-2022-29150 | 2022-05-10 | Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability |
| CVE-2022-29151 | 2022-05-10 | Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability |
| CVE-2022-30129 | 2022-05-10 | Visual Studio Code Remote Code Execution Vulnerability |
| CVE-2022-30130 | 2022-05-10 | .NET Framework Denial of Service Vulnerability |
| CVE-2022-28601 | 2022-05-10 | A Two-Factor Authentication (2FA) bypass vulnerability in "Simple 2FA Plugin for Moodle" by LMS Doctor allows remote attackers to overwrite the phone number used for confirmation via the profile.php file.... |
| CVE-2021-42646 | 2022-05-11 | XML External Entity (XXE) vulnerability in the file based service provider creation feature of the Management Console in WSO2 API Manager 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; and WSO2 IS... |
| CVE-2022-1622 | 2022-05-11 | LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the... |
| CVE-2022-1623 | 2022-05-11 | LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:624, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the... |
| CVE-2022-23743 | 2022-05-11 | Check Point ZoneAlarm before version 15.8.200.19118 allows a local actor to escalate privileges during the upgrade process. In addition, weak permissions in the ProgramData\CheckPoint\ZoneAlarm\Data\Updates directory allow a local attacker the... |
| CVE-2022-26116 | 2022-05-11 | Multiple improper neutralization of special elements used in SQL commands ('SQL Injection') vulnerability [CWE-89] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and... |
| CVE-2021-3254 | 2022-05-11 | Asus DSL-N14U-B1 1.1.2.3_805 allows remote attackers to cause a Denial of Service (DoS) via a TCP SYN scan using nmap. |
| CVE-2020-19228 | 2022-05-11 | An issue was found in bludit v3.13.0, unsafe implementation of the backup plugin allows attackers to upload arbitrary files. |
| CVE-2022-29975 | 2022-05-11 | An Authenticated Reflected Cross-site scripting at CC Parameter was discovered in MDaemon before 22.0.0 . |
| CVE-2022-29976 | 2022-05-11 | An Authenticated Reflected Cross-site scripting at BCC Parameter was discovered in MDaemon before 22.0.0 . |
| CVE-2022-29727 | 2022-05-11 | Survey Sparrow Enterprise Survey Software 2022 has a Stored cross-site scripting (XSS) vulnerability in the Signup parameter. |
| CVE-2022-29316 | 2022-05-11 | Complete Online Job Search System v1.0 was discovered to contain a SQL injection vulnerability via /eris/index.php?q=result&searchfor=advancesearch. |
| CVE-2022-29317 | 2022-05-11 | Simple Bus Ticket Booking System v1.0 was discovered to contain multiple SQL injection vulnerbilities via the username and password parameters at /assets/partials/_handleLogin.php. |
| CVE-2022-29318 | 2022-05-11 | An arbitrary file upload vulnerability in the New Entry module of Car Rental Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. |
| CVE-2022-29655 | 2022-05-11 | An arbitrary file upload vulnerability in the Upload Photos module of Wedding Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. |
| CVE-2022-29656 | 2022-05-11 | Wedding Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /Wedding-Management/package_detail.php. |
| CVE-2022-29728 | 2022-05-11 | Survey Sparrow Enterprise Survey Software 2022 has a Reflected cross-site scripting (XSS) vulnerability in the test parameter. |
| CVE-2022-29006 | 2022-05-11 | Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Directory Management System v1.0 allows attackers to bypass authentication. |
| CVE-2022-29007 | 2022-05-11 | Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Dairy Farm Shop Management System v1.0 allows attackers to bypass authentication. |
| CVE-2022-29008 | 2022-05-11 | An insecure direct object reference (IDOR) vulnerability in the viewid parameter of Bus Pass Management System v1.0 allows attackers to access sensitive information. |
| CVE-2022-29009 | 2022-05-11 | Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Cyber Cafe Management System Project v1.0 allows attackers to bypass authentication. |
| CVE-2022-29977 | 2022-05-11 | There is an assertion failure error in stbi__jpeg_huff_decode, stb_image.h:1894 in libsixel img2sixel 1.8.6. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted JPEG file. |
| CVE-2022-29978 | 2022-05-11 | There is a floating point exception error in sixel_encoder_do_resize, encoder.c:633 in libsixel img2sixel 1.8.6. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted JPEG file. |
| CVE-2022-29932 | 2022-05-11 | The HTTP Server in PRIMEUR SPAZIO 2.5.1.954 (File Transfer) allows an unauthenticated attacker to obtain sensitive data (related to the content of transferred files) via a crafted HTTP request. |
| CVE-2022-28077 | 2022-05-11 | Home Owners Collection Management v1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the Admin panel via the $_GET['s'] parameter. |
| CVE-2022-28078 | 2022-05-11 | Home Owners Collection Management v1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the Admin panel via the $_GET['page'] parameter. |
| CVE-2021-37851 | 2022-05-11 | Local Privilege Escalation in ESET product for Windows |
| CVE-2021-42651 | 2022-05-11 | A Server Side Template Injection (SSTI) vulnerability in Pentest-Collaboration-Framework v1.0.8 allows an authenticated remote attacker to execute arbitrary code through /project/PROJECTNAME/reports/. |
| CVE-2021-44167 | 2022-05-11 | An incorrect permission assignment for critical resource vulnerability [CWE-732] in FortiClient for Linux version 6.0.8 and below, 6.2.9 and below, 6.4.7 and below, 7.0.2 and below may allow an unauthenticated... |
| CVE-2022-1545 | 2022-05-11 | It was possible to disclose details of confidential notes created via the API in Gitlab CE/EE affecting all versions from 13.2 prior to 14.8.6, 14.9 prior to 14.9.4, and 14.10... |
| CVE-2021-34605 | 2022-05-11 | Xinje XD/E Series PLC Program Tool Zip Slip |
| CVE-2021-34606 | 2022-05-11 | XINJE XD/E Series PLC Program Tool DLL Hijacking |
| CVE-2022-29897 | 2022-05-11 | Remote Code Execution in all versions of various RAD-ISM-900-EN-* devices by PHOENIX CONTACT |
| CVE-2022-29898 | 2022-05-11 | Remote Code Execution in all versions of various RAD-ISM-900-EN-* devices by PHOENIX CONTACT |
| CVE-2022-1433 | 2022-05-11 | An issue has been discovered in GitLab affecting all versions starting from 14.4 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. Missing... |
| CVE-2022-1352 | 2022-05-11 | Due to an insecure direct object reference vulnerability in Gitlab EE/CE affecting all versions from 11.0 prior to 14.8.6, 14.9 prior to 14.9.4, and 14.10 prior to 14.10.1, an endpoint... |
| CVE-2021-43081 | 2022-05-11 | An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiOS version 7.0.3 and below, 6.4.8 and below, 6.2.10 and below, 6.0.14 to 6.0.0. and in FortiProxy version... |
| CVE-2022-1426 | 2022-05-11 | An issue has been discovered in GitLab affecting all versions starting from 12.6 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab... |
| CVE-2022-1428 | 2022-05-11 | An issue has been discovered in GitLab affecting all versions before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was incorrectly verifying... |
| CVE-2022-1406 | 2022-05-11 | Improper input validation in GitLab CE/EE affecting all versions from 8.12 prior to 14.8.6, all versions from 14.9.0 prior to 14.9.4, and 14.10.0 allows a Developer to read protected Group... |
| CVE-2022-1460 | 2022-05-11 | An issue has been discovered in GitLab affecting all versions starting from 9.2 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab... |
| CVE-2022-1510 | 2022-05-11 | An issue has been discovered in GitLab affecting all versions starting from 13.9 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab... |
| CVE-2022-1124 | 2022-05-11 | An improper authorization issue has been discovered in GitLab CE/EE affecting all versions prior to 14.8.6, all versions from 14.9.0 prior to 14.9.4, and 14.10.0, allowing Guest project members to... |
| CVE-2022-27656 | 2022-05-11 | The Web administration UI of SAP Web Dispatcher and the Internet Communication Manager (ICM) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. |
| CVE-2022-28214 | 2022-05-11 | During an update of SAP BusinessObjects Enterprise, Central Management Server (CMS) - versions 420, 430, authentication credentials are being exposed in Sysmon event logs. This Information Disclosure could cause a... |
| CVE-2022-28774 | 2022-05-11 | Under certain conditions, the SAP Host Agent logfile shows information which would otherwise be restricted. |
| CVE-2022-29610 | 2022-05-11 | SAP NetWeaver Application Server ABAP allows an authenticated attacker to upload malicious files and delete (theme) data, which could result in Stored Cross-Site Scripting (XSS) attack. |
| CVE-2022-29611 | 2022-05-11 | SAP NetWeaver Application Server for ABAP and ABAP Platform do not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. |
| CVE-2022-29613 | 2022-05-11 | Due to insufficient input validation, SAP Employee Self Service allows an authenticated attacker with user privileges to alter employee number. On successful exploitation, the attacker can view personal details of... |
| CVE-2022-29616 | 2022-05-11 | SAP Host Agent, SAP NetWeaver and ABAP Platform allow an attacker to leverage logical errors in memory management to cause a memory corruption. |
| CVE-2022-23137 | 2022-05-11 | ZTE's ZXCDN product has a reflective XSS vulnerability. The attacker could modify the parameters in the content clearing request url, and when a user clicks the url, an XSS attack... |
| CVE-2022-22975 | 2022-05-11 | An issue was discovered in the Pinniped Supervisor with either LADPIdentityProvider or ActiveDirectoryIdentityProvider resources. An attack would involve the malicious user changing the common name (CN) of their user entry... |
| CVE-2021-3611 | 2022-05-11 | A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host,... |
| CVE-2021-43066 | 2022-05-11 | A external control of file name or path in Fortinet FortiClientWindows version 7.0.2 and below, version 6.4.6 and below, version 6.2.9 and below, version 6.0.10 and below allows attacker to... |
| CVE-2021-38969 | 2022-05-11 | IBM Spectrum Virtualize 8.2, 8.3, and 8.4 could allow an attacker to allow unauthorized access due to the reuse of support generated credentials. IBM X-Force ID: 212609. |
| CVE-2021-39059 | 2022-05-11 | IBM Jazz Foundation (IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web... |
| CVE-2022-22320 | 2022-05-11 | IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially... |
| CVE-2021-26350 | 2022-05-11 | A TOCTOU race condition in SMU may allow for the caller to obtain and manipulate the address of a message port register which may result in a potential denial of... |
| CVE-2021-26339 | 2022-05-11 | A bug in AMD CPU’s core logic may allow for an attacker, using specific code from an unprivileged VM, to trigger a CPU core hang resulting in a potential denial... |
| CVE-2021-26372 | 2022-05-11 | Insufficient bound checks related to PCIE in the System Management Unit (SMU) may result in access to an invalid address space that could result in denial of service. |
| CVE-2021-26375 | 2022-05-11 | Insufficient General Purpose IO (GPIO) bounds check in System Management Unit (SMU) may result in access/updates from/to invalid address space that could result in denial of service. |
| CVE-2021-26342 | 2022-05-11 | In SEV guest VMs, the CPU may fail to flush the Translation Lookaside Buffer (TLB) following a particular sequence of operations that includes creation of a new virtual machine control... |
| CVE-2021-26347 | 2022-05-11 | Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting... |