CVE List - 2022 / July
Showing 1 - 100 of 1977 CVEs for July 2022 (Page 1 of 20)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-32081 | 2022-07-01 | MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison in prepare_inplace_add_virtual at /storage/innobase/handler/handler0alter.cc. |
| CVE-2022-32082 | 2022-07-01 | MariaDB v10.5 to v10.7 was discovered to contain an assertion failure at table->get_ref_count() == 0 in dict0dict.cc. |
| CVE-2022-32084 | 2022-07-01 | MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select. |
| CVE-2022-32089 | 2022-07-01 | MariaDB v10.5 to v10.7 was discovered to contain a segmentation fault via the component st_select_lex_unit::exclude_level. |
| CVE-2022-32091 | 2022-07-01 | MariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc. |
| CVE-2022-32325 | 2022-07-01 | JPEGOPTIM v1.4.7 was discovered to contain a segmentation violation which is caused by a READ memory access at jpegoptim.c. |
| CVE-2022-2274 | 2022-07-01 | RSA implementation bug in AVX512IFMA instructions |
| CVE-2022-2280 | 2022-07-01 | Cross-site Scripting (XSS) - Stored in microweber/microweber |
| CVE-2022-2279 | 2022-07-01 | NULL Pointer Dereference in bfabiszewski/libmobi |
| CVE-2022-34894 | 2022-07-01 | In JetBrains Hub before 2022.2.14799, insufficient access control allowed the hijacking of untrusted services |
| CVE-2022-33099 | 2022-07-01 | An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs. |
| CVE-2022-33103 | 2022-07-01 | Das U-Boot from v2020.10 to v2022.07-rc3 was discovered to contain an out-of-bounds write via the function sqfs_readdir(). |
| CVE-2014-3648 | 2022-07-01 | The simplepush server iterates through the application installations and pushes a notification to the server provided by deviceToken. But this is user controlled. If a bogus applications is registered with... |
| CVE-2014-3650 | 2022-07-01 | Multiple persistent cross-site scripting (XSS) flaws were found in the way Aerogear handled certain user-supplied content. A remote attacker could use these flaws to compromise the application with specially crafted... |
| CVE-2022-2253 | 2022-07-01 | Distributed Data Systems WebHMI OS Command Injection |
| CVE-2022-2254 | 2022-07-01 | Distributed Data Systems WebHMI Cross-site Scripting |
| CVE-2022-2250 | 2022-07-01 | An open redirect vulnerability in GitLab EE/CE affecting all versions from 11.1 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows an attacker to redirect users... |
| CVE-2022-2244 | 2022-07-01 | An improper authorization vulnerability in GitLab EE/CE affecting all versions from 14.8 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows project memebers with reporter role... |
| CVE-2022-2281 | 2022-07-01 | An information disclosure vulnerability in GitLab EE affecting all versions from 12.5 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows disclosure of release titles if... |
| CVE-2022-2185 | 2022-07-01 | A critical issue has been discovered in GitLab affecting all versions starting from 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 where an authenticated user... |
| CVE-2022-2235 | 2022-07-01 | Insufficient sanitization in GitLab EE's external issue tracker affecting all versions from 14.5 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to perform... |
| CVE-2022-2243 | 2022-07-01 | An access control vulnerability in GitLab EE/CE affecting all versions from 14.8 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows authenticated users to enumerate issues... |
| CVE-2022-2227 | 2022-07-01 | Improper access control in the runner jobs API in GitLab CE/EE affecting all versions prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows a previous maintainer... |
| CVE-2022-2230 | 2022-07-01 | A Stored Cross-Site Scripting vulnerability in the project settings page in GitLab CE/EE affecting all versions from 14.4 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1,... |
| CVE-2022-1983 | 2022-07-01 | Incorrect authorization in GitLab EE affecting all versions from 10.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allowed an attacker already in possession of a... |
| CVE-2022-1981 | 2022-07-01 | An issue has been discovered in GitLab EE affecting all versions starting from 12.2 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. In GitLab, if a... |
| CVE-2022-1999 | 2022-07-01 | An issue has been discovered in GitLab CE/EE affecting all versions from 8.13 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. Under certain conditions, using the... |
| CVE-2022-2228 | 2022-07-01 | Information exposure in GitLab EE affecting all versions from 12.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker with the appropriate access tokens... |
| CVE-2022-31113 | 2022-07-01 | Cross-Site Scripting in Canarytoken history |
| CVE-2022-2229 | 2022-07-01 | An improper authorization issue in GitLab CE/EE affecting all versions from 13.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to extract the... |
| CVE-2022-2270 | 2022-07-01 | An issue has been discovered in GitLab affecting all versions starting from 12.4 before 14.10.5, all versions starting from 15.0 before 15.0.4, all versions starting from 15.1 before 15.1.1. GitLab... |
| CVE-2022-1963 | 2022-07-01 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 14.10.5, all versions starting from 15.0 before 15.0.4, all versions starting from 15.1 before 15.1.1.... |
| CVE-2022-1954 | 2022-07-01 | A Regular Expression Denial of Service vulnerability in GitLab CE/EE affecting all versions from 1.0.2 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker... |
| CVE-2022-0167 | 2022-07-01 | An issue has been discovered in GitLab affecting all versions starting from 14.0 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab... |
| CVE-2022-31604 | 2022-07-01 | NVFLARE, versions prior to 2.1.2, contains a vulnerability in its PKI implementation module, where The CA credentials are transported via pickle and no safe deserialization. The deserialization of Untrusted Data... |
| CVE-2022-31605 | 2022-07-01 | NVFLARE, versions prior to 2.1.2, contains a vulnerability in its utils module, where YAML files are loaded via yaml.load() instead of yaml.safe_load(). The deserialization of Untrusted Data, may allow an... |
| CVE-2021-37524 | 2022-07-01 | Cross Site Scripting (XSS) vulnerability in FusionPBX 4.5.26 allows remote unauthenticated users to inject arbitrary web script or HTML via an unsanitized "path" parameter in resources/login.php. |
| CVE-2022-32053 | 2022-07-01 | TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the cloneMac parameter in the function FUN_0041621c. |
| CVE-2022-32052 | 2022-07-01 | TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_004137a4. |
| CVE-2022-32050 | 2022-07-01 | TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the cloneMac parameter in the function FUN_0041af40. |
| CVE-2022-32051 | 2022-07-01 | TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc, week, sTime, eTime parameters in the function FUN_004133c4. |
| CVE-2022-32049 | 2022-07-01 | TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the url parameter in the function FUN_00418540. |
| CVE-2022-32048 | 2022-07-01 | TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the command parameter in the function FUN_0041cc88. |
| CVE-2022-32046 | 2022-07-01 | TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_0041880c. |
| CVE-2022-32047 | 2022-07-01 | TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_00412ef4. |
| CVE-2022-32045 | 2022-07-01 | TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_00413be4. |
| CVE-2022-32044 | 2022-07-01 | TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the password parameter in the function FUN_00413f80. |
| CVE-2022-32043 | 2022-07-01 | Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formSetAccessCodeInfo. |
| CVE-2022-32041 | 2022-07-01 | Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formGetPassengerAnalyseData. |
| CVE-2022-32040 | 2022-07-01 | Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formSetCfm. |
| CVE-2022-32039 | 2022-07-01 | Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the listN parameter in the function fromDhcpListClient. |
| CVE-2022-32036 | 2022-07-01 | Tenda M3 V1.0.0.12 was discovered to contain multiple stack overflow vulnerabilities via the ssidList, storeName, and trademark parameters in the function formSetStoreWeb. |
| CVE-2022-32037 | 2022-07-01 | Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formSetAPCfg. |
| CVE-2022-32035 | 2022-07-01 | Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formMasterMng. |
| CVE-2022-32034 | 2022-07-01 | Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the items parameter in the function formdelMasteraclist. |
| CVE-2022-32033 | 2022-07-01 | Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the function formSetVirtualSer. |
| CVE-2022-32032 | 2022-07-01 | Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the deviceList parameter in the function formAddMacfilterRule. |
| CVE-2022-32031 | 2022-07-01 | Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the list parameter in the function fromSetRouteStatic. |
| CVE-2022-32030 | 2022-07-01 | Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the list parameter in the function formSetQosBand. |
| CVE-2022-22366 | 2022-07-01 | IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 22106. |
| CVE-2022-22367 | 2022-07-01 | IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 could disclose sensitive database information to a local user in plain text. IBM X-Force ID: 221008. |
| CVE-2022-22373 | 2022-07-01 | An improper validation vulnerability in IBM InfoSphere Information Server 11.7 Pack for SAP Apps and BW Packs may lead to creation of directories and files on the server file system... |
| CVE-2022-32083 | 2022-07-01 | MariaDB v10.2 to v10.6.1 was discovered to contain a segmentation fault via the component Item_subselect::init_expr_cache_tracker. |
| CVE-2022-32085 | 2022-07-01 | MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_func_in::cleanup/Item::cleanup_processor. |
| CVE-2022-32086 | 2022-07-01 | MariaDB v10.4 to v10.8 was discovered to contain a segmentation fault via the component Item_field::fix_outer_field. |
| CVE-2022-32087 | 2022-07-01 | MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_args::walk_args. |
| CVE-2022-32088 | 2022-07-01 | MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort. |
| CVE-2022-25876 | 2022-07-01 | Server-side Request Forgery (SSRF) |
| CVE-2022-25758 | 2022-07-01 | Regular Expression Denial of Service (ReDoS) |
| CVE-2022-25898 | 2022-07-01 | Improper Verification of Cryptographic Signature |
| CVE-2022-25900 | 2022-07-01 | Command Injection |
| CVE-2022-25896 | 2022-07-01 | Session Fixation |
| CVE-2022-31943 | 2022-07-01 | MCMS v5.2.8 was discovered to contain an arbitrary file upload vulnerability. |
| CVE-2022-32384 | 2022-07-01 | Tenda AC23 v16.03.07.44 was discovered to contain a stack overflow via the security_5g parameter in the function formWifiBasicSet. |
| CVE-2022-32420 | 2022-07-01 | College Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via /College/admin/teacher.php. This vulnerability is exploited via a crafted PHP file. |
| CVE-2022-32093 | 2022-07-01 | Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the loginid parameter at adminlogin.php. |
| CVE-2022-32094 | 2022-07-01 | Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the loginid parameter at doctorlogin.php. |
| CVE-2022-32095 | 2022-07-01 | Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter at orders.php. |
| CVE-2022-34903 | 2022-07-01 | GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via... |
| CVE-2022-32324 | 2022-07-01 | PDFAlto v0.4 was discovered to contain a heap buffer overflow via the component /pdfalto/src/pdfalto.cc. |
| CVE-2022-32411 | 2022-07-01 | An issue in the languages config file of HongCMS v3.0 allows attackers to getshell. |
| CVE-2022-32412 | 2022-07-01 | An issue in the /template/edit component of HongCMS v3.0 allows attackers to getshell. |
| CVE-2022-32551 | 2022-07-01 | Zoho ManageEngine ServiceDesk Plus MSP before 10604 allows path traversal (to WEBINF/web.xml from sample/WEB-INF/web.xml or sample/META-INF/web.xml). |
| CVE-2022-2284 | 2022-07-02 | Heap-based Buffer Overflow in vim/vim |
| CVE-2022-2285 | 2022-07-02 | Integer Overflow or Wraparound in vim/vim |
| CVE-2022-2286 | 2022-07-02 | Out-of-bounds Read in vim/vim |
| CVE-2022-2287 | 2022-07-02 | Out-of-bounds Read in vim/vim |
| CVE-2022-34911 | 2022-07-02 | An issue was discovered in MediaWiki before 1.35.7, 1.36.x and 1.37.x before 1.37.3, and 1.38.x before 1.38.1. XSS can occur in configurations that allow a JavaScript payload in a username.... |
| CVE-2022-34912 | 2022-07-02 | An issue was discovered in MediaWiki before 1.37.3 and 1.38.x before 1.38.1. The contributions-title, used on Special:Contributions, is used as page title without escaping. Hence, in a non-default configuration where... |
| CVE-2022-28200 | 2022-07-02 | NVIDIA DGX A100 contains a vulnerability in SBIOS in the BiosCfgTool, where a local user with elevated privileges can read and write beyond intended bounds in SMRAM, which may lead... |
| CVE-2022-34913 | 2022-07-02 | md2roff 1.7 has a stack-based buffer overflow via a Markdown file containing a large number of consecutive characters to be processed. NOTE: the vendor's position is that the product is... |
| CVE-2022-2288 | 2022-07-03 | Out-of-bounds Write in vim/vim |
| CVE-2022-2289 | 2022-07-03 | Use After Free in vim/vim |
| CVE-2022-2290 | 2022-07-03 | Cross-site Scripting (XSS) - Reflected in zadam/trilium |
| CVE-2022-34265 | 2022-07-04 | An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as... |
| CVE-2022-32284 | 2022-07-04 | Use of insufficiently random values vulnerability exists in Vnet/IP communication module VI461 of YOKOGAWA Wide Area Communication Router (WAC Router) AW810D, which may allow a remote attacker to cause denial-of-service... |
| CVE-2022-33208 | 2022-07-04 | Authentication bypass by capture-replay vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Machine automation... |
| CVE-2022-33948 | 2022-07-04 | HOME SPOT CUBE2 V102 contains an OS command injection vulnerability due to improper processing of data received from DHCP server. An adjacent attacker may execute an arbitrary OS command on... |
| CVE-2022-33971 | 2022-07-04 | Authentication bypass by capture-replay vulnerability exists in Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, and Machine automation... |
| CVE-2022-34151 | 2022-07-04 | Use of hard-coded credentials vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Machine automation... |