CVE List - 2022 / May
Showing 501 - 600 of 2161 CVEs for May 2022 (Page 6 of 22)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-30333 | 2022-05-09 | RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. NOTE: WinRAR... |
| CVE-2022-23066 | 2022-05-09 | Solana rBPF - Incorrect Calculation in sdiv instruction |
| CVE-2022-30286 | 2022-05-09 | pyscriptjs (aka PyScript Demonstrator) in PyScript through 2022-05-04 allows a remote user to read Python source code. |
| CVE-2022-23332 | 2022-05-09 | Command injection vulnerability in Manual Ping Form (Web UI) in Shenzhen Ejoin Information Technology Co., Ltd. ACOM508/ACOM516/ACOM532 609-915-041-100-020 allows a remote attacker to inject arbitrary code via the field. |
| CVE-2022-1631 | 2022-05-09 | Users Account Pre-Takeover or Users Account Takeover. in microweber/microweber |
| CVE-2022-27224 | 2022-05-09 | An issue was discovered in Galleon NTS-6002-GPS 4.14.103-Galleon-NTS-6002.V12 4. An authenticated attacker can perform command injection as root via shell metacharacters within the Network Tools section of the web-management interface.... |
| CVE-2022-28162 | 2022-05-09 | Brocade SANnav before version SANnav 2.2.0 logs the REST API Authentication token in plain text. |
| CVE-2022-28161 | 2022-05-09 | An information exposure through log file vulnerability in Brocade SANNav versions before Brocade SANnav 2.2.0 could allow an authenticated, local attacker to view sensitive information such as ssh passwords in... |
| CVE-2021-20479 | 2022-05-09 | IBM Cloud Pak System 2.3.0 through 2.3.3.3 Interim Fix 1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 197498. |
| CVE-2022-22319 | 2022-05-09 | IBM Robotic Process Automation 21.0.1 could allow a register user on the system to physically delete a queue that could cause disruption for any scripts dependent on the queue. IBM... |
| CVE-2022-22481 | 2022-05-09 | IBM Navigator for i 7.2, 7.3, and 7.4 (heritage version) could allow a remote attacker to obtain access to the web interface without valid credentials. By modifying the sign on... |
| CVE-2019-25060 | 2022-05-09 | WP-GraphQL < 0.3.5 - Improper Access Control |
| CVE-2022-0424 | 2022-05-09 | Popup by Supsystic < 1.10.9 - Unauthenticated Subscriber Email Addresses Disclosure |
| CVE-2022-0592 | 2022-05-09 | MapSVG < 6.2.20 - Unauthenticated SQLi |
| CVE-2022-0625 | 2022-05-09 | Admin Menu Editor <= 1.0.4 - Reflected Cross-Site Scripting |
| CVE-2022-0814 | 2022-05-09 | Ubigeo de Peru < 3.6.4 - Unauthenticated SQLi |
| CVE-2022-0817 | 2022-05-09 | BadgeOS <= 3.7.0 - Unauthenticated SQLi |
| CVE-2022-0826 | 2022-05-09 | WP Video Gallery <= 1.7.1 - Unauthenticated SQLi |
| CVE-2022-0836 | 2022-05-09 | SEMA API < 4.02 - Unauthenticated SQLi |
| CVE-2022-0874 | 2022-05-09 | WP Social Buttons <= 2.1 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-0898 | 2022-05-09 | IgniteUp <= 3.4.1 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-0948 | 2022-05-09 | Order Listener for WooCommerce < 3.2.2 - Unauthenticated SQLi |
| CVE-2022-1013 | 2022-05-09 | Personal Dictionary < 1.3.4 - Unauthenticated SQLi |
| CVE-2022-1047 | 2022-05-09 | Themify - Post Type Builder Search Addon < 1.4.0 - Reflected Cross-Site Scripting |
| CVE-2022-1104 | 2022-05-09 | Popup Maker < 1.16.5 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-1171 | 2022-05-09 | Vertical scroll recent post < 14.0 - Reflected Cross-Site Scripting |
| CVE-2022-1303 | 2022-05-09 | Slide Anything < 2.3.44 - Editor+ Stored Cross-Site Scripting |
| CVE-2022-1338 | 2022-05-09 | Easily Generate Rest API Url <= 1.0.0 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-27114 | 2022-05-09 | There is a vulnerability in htmldoc 1.9.16. In image_load_jpeg function image.cxx when it calls malloc,'img->width' and 'img->height' they are large enough to cause an integer overflow. So, the malloc function... |
| CVE-2022-29971 | 2022-05-09 | An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Athena ODBC Driver 1.1.1 through 1.1.x before 1.1.17 may allow a local user to execute arbitrary... |
| CVE-2022-29972 | 2022-05-09 | An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Redshift ODBC Driver (1.4.14 through 1.4.21.1001 and 1.4.22 through 1.4.x before 1.4.52) may allow a local... |
| CVE-2022-30239 | 2022-05-09 | An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Athena JDBC Driver 2.0.25 through 2.0.28 may allow a local user to execute code. NOTE: this... |
| CVE-2022-30240 | 2022-05-09 | An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Redshift JDBC Driver 1.2.40 through 1.2.55 may allow a local user to execute code. NOTE: this... |
| CVE-2022-27308 | 2022-05-09 | A stored cross-site scripting (XSS) vulnerability in PHProjekt PhpSimplyGest v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a project title. |
| CVE-2022-27412 | 2022-05-09 | Explore CMS v1.0 was discovered to contain a SQL injection vulnerability via a /page.php?id= request. |
| CVE-2022-29933 | 2022-05-09 | Craft CMS through 3.7.36 allows a remote unauthenticated attacker, who knows at least one valid username, to reset the account's password and take over the account by providing a crafted... |
| CVE-2022-30524 | 2022-05-09 | There is an invalid memory access in the TextLine class in TextOutputDev.cc in Xpdf 4.0.4 because the text extractor mishandles characters at large y coordinates. It can be triggered by... |
| CVE-2022-29868 | 2022-05-09 | 1Password for Mac 7.2.4 through 7.9.x before 7.9.3 is vulnerable to a process validation bypass. Malicious software running on the same computer can exfiltrate secrets from 1Password provided that 1Password... |
| CVE-2022-30335 | 2022-05-09 | Bonanza Wealth Management System (BWM) 7.3.2 allows SQL injection via the login form. Users who supply the application with a SQL injection payload in the User Name textbox could collect... |
| CVE-2022-23704 | 2022-05-09 | A potential security vulnerability has been identified in Integrated Lights-Out 4 (iLO 4). The vulnerability could allow remote Denial of Service. The vulnerability is resolved in Integrated Lights-Out 4 (iLO... |
| CVE-2022-23705 | 2022-05-09 | A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays, and HPE Nimble Storage Secondary Flash Arrays which could potentially allow... |
| CVE-2021-43712 | 2022-05-09 | Stored XSS in Add New Employee Form in Sourcecodester Employee Daily Task Management System 1.0 Allows Remote Attacker to Inject/Store Arbitrary Code via the Name Field. |
| CVE-2022-1537 | 2022-05-10 | file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write in gruntjs/grunt |
| CVE-2022-1629 | 2022-05-10 | Buffer Over-read in function find_next_quote in vim/vim |
| CVE-2021-41545 | 2022-05-10 | A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884).... |
| CVE-2022-24039 | 2022-05-10 | A vulnerability has been identified in Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The “addCell” JavaScript function fails to properly sanitize user-controllable input before including... |
| CVE-2022-24040 | 2022-05-10 | A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884).... |
| CVE-2022-24041 | 2022-05-10 | A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884).... |
| CVE-2022-24042 | 2022-05-10 | A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884).... |
| CVE-2022-24043 | 2022-05-10 | A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884).... |
| CVE-2022-24044 | 2022-05-10 | A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884).... |
| CVE-2022-24045 | 2022-05-10 | A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884).... |
| CVE-2022-24287 | 2022-05-10 | A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3 UC06), SIMATIC PCS 7 V9.1 (All versions < V9.1... |
| CVE-2022-24290 | 2022-05-10 | A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13), Teamcenter V13.0 (All versions < V13.0.0.9), Teamcenter V13.1 (All versions), Teamcenter V13.2 (All versions < V13.2.0.8), Teamcenter V13.3... |
| CVE-2022-27242 | 2022-05-10 | A vulnerability has been identified in OpenV2G (V0.9.4). The OpenV2G EXI parsing feature is missing a length check when parsing X509 serial numbers. Thus, an attacker could introduce a buffer... |
| CVE-2022-27640 | 2022-05-10 | A vulnerability has been identified in SIMATIC CP 442-1 RNA (All versions < V1.5.18), SIMATIC CP 443-1 RNA (All versions < V1.5.18). The affected devices improperly handles excessive ARP broadcast... |
| CVE-2022-27653 | 2022-05-10 | A vulnerability has been identified in Simcenter Femap (All versions < V2022.2). The affected application contains an out of bounds write past the end of an allocated structure while parsing... |
| CVE-2022-29028 | 2022-05-10 | A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The Tiff_Loader.dll is vulnerable to... |
| CVE-2022-29029 | 2022-05-10 | A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The CGM_NIST_Loader.dll contains a null... |
| CVE-2022-29030 | 2022-05-10 | A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The Mono_Loader.dll library is vulnerable... |
| CVE-2022-29031 | 2022-05-10 | A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The CGM_NIST_Loader.dll contains a null... |
| CVE-2022-29032 | 2022-05-10 | A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The CGM_NIST_Loader.dll library contains a... |
| CVE-2022-29033 | 2022-05-10 | A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The CGM_NIST_Loader.dll library is vulnerable... |
| CVE-2022-29801 | 2022-05-10 | A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13), Teamcenter V13.0 (All versions < V13.0.0.9). The application contains a XML External Entity Injection (XXE) vulnerability. This could... |
| CVE-2022-29872 | 2022-05-10 | A vulnerability has been identified in SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00),... |
| CVE-2022-29873 | 2022-05-10 | A vulnerability has been identified in SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00),... |
| CVE-2022-29874 | 2022-05-10 | A vulnerability has been identified in SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00),... |
| CVE-2022-29876 | 2022-05-10 | A vulnerability has been identified in SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00),... |
| CVE-2022-29877 | 2022-05-10 | A vulnerability has been identified in SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00),... |
| CVE-2022-29878 | 2022-05-10 | A vulnerability has been identified in SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00),... |
| CVE-2022-29879 | 2022-05-10 | A vulnerability has been identified in SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00),... |
| CVE-2022-29880 | 2022-05-10 | A vulnerability has been identified in SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00),... |
| CVE-2022-29881 | 2022-05-10 | A vulnerability has been identified in SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00),... |
| CVE-2022-29882 | 2022-05-10 | A vulnerability has been identified in SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00),... |
| CVE-2022-29883 | 2022-05-10 | A vulnerability has been identified in SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00),... |
| CVE-2022-1649 | 2022-05-10 | Null pointer dereference in libr/bin/format/mach0/mach0.c in radareorg/radare2 in radareorg/radare2 |
| CVE-2022-1397 | 2022-05-10 | API Privilege Escalation in alextselegidis/easyappointments |
| CVE-2021-42581 | 2022-05-10 | Prototype poisoning in function mapObjIndexed in Ramda 0.27.0 and earlier allows attackers to compromise integrity or availability of application via supplying a crafted object (that contains an own property "__proto__")... |
| CVE-2021-42645 | 2022-05-10 | CMSimple_XH 1.7.4 is affected by a remote code execution (RCE) vulnerability. To exploit this vulnerability, an attacker must use the "File" parameter to upload a PHP payload to get a... |
| CVE-2021-43094 | 2022-05-10 | An SQL Injection vulnerability exists in OpenMRS Reference Application Standalone Edition <=2.11 and Platform Standalone Edition <=2.4.0 via GET requests on arbitrary parameters in patient.page. |
| CVE-2022-29591 | 2022-05-10 | Tenda TX9 Pro 22.03.02.10 devices have a SetNetControlList buffer overflow. |
| CVE-2022-28110 | 2022-05-10 | Hotel Management System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at the login page. |
| CVE-2022-29328 | 2022-05-10 | D-Link DAP-1330_OSS-firmware_1.00b21 was discovered to contain a stack overflow via the function checkvalidupgrade. |
| CVE-2022-29329 | 2022-05-10 | D-Link DAP-1330_OSS-firmware_1.00b21 was discovered to contain a heap overflow via the devicename parameter in /goform/setDeviceSettings. |
| CVE-2022-29326 | 2022-05-10 | D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the addhostfilter parameter in /goform/websHostFilter. |
| CVE-2022-29324 | 2022-05-10 | D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the proto parameter in /goform/form2IPQoSTcAdd. |
| CVE-2022-29325 | 2022-05-10 | D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the addurlfilter parameter in /goform/websURLFilter. |
| CVE-2022-29323 | 2022-05-10 | D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the MAC parameter in /goform/editassignment. |
| CVE-2022-29321 | 2022-05-10 | D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the lanip parameter in /goform/setNetworkLan. |
| CVE-2022-29322 | 2022-05-10 | D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the IPADDR and nvmacaddr parameters in /goform/form2Dhcpip. |
| CVE-2022-29327 | 2022-05-10 | D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the urladd parameter in /goform/websURLFilterAddDel. |
| CVE-2022-28915 | 2022-05-10 | D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a command injection vulnerability via the admuser and admpass parameters in /goform/setSysAdm. |
| CVE-2022-28905 | 2022-05-10 | TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the devicemac parameter in /setting/setDeviceName. |
| CVE-2022-28906 | 2022-05-10 | TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the langtype parameter in /setting/setLanguageCfg. |
| CVE-2022-28907 | 2022-05-10 | TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the hosttime function in /setting/NTPSyncWithHost. |
| CVE-2022-28908 | 2022-05-10 | TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the ipdoamin parameter in /setting/setDiagnosisCfg. |
| CVE-2022-28909 | 2022-05-10 | TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the webwlanidx parameter in /setting/setWebWlanIdx. |
| CVE-2022-28910 | 2022-05-10 | TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the devicename parameter in /setting/setDeviceName. |
| CVE-2022-28911 | 2022-05-10 | TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/CloudACMunualUpdate. |
| CVE-2022-28912 | 2022-05-10 | TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/setUpgradeFW. |