CVE List - 2022 / July
Showing 1001 - 1100 of 1977 CVEs for July 2022 (Page 11 of 20)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-40150 | 2022-07-17 | The web server of the E1 Zoom camera through 3.0.0.716 discloses its configuration via the /conf/ directory that is mapped to a publicly accessible path. In this way an attacker... |
| CVE-2022-31201 | 2022-07-17 | SoftGuard Web (SGW) before 5.1.5 allows HTML injection. |
| CVE-2020-23561 | 2022-07-17 | IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x0000000000005722. |
| CVE-2020-23562 | 2022-07-17 | IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x000000000000aefe. |
| CVE-2020-23563 | 2022-07-17 | IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x0000000000002cba. |
| CVE-2021-40874 | 2022-07-17 | An issue was discovered in LemonLDAP::NG (aka lemonldap-ng) 2.0.13. When using the RESTServer plug-in to operate a REST password validation service (for another LemonLDAP::NG instance, for example) and using the... |
| CVE-2021-41419 | 2022-07-17 | QVIS NVR DVR before 2021-12-13 is vulnerable to Remote Code Execution via Java deserialization. |
| CVE-2021-42923 | 2022-07-17 | ShowMyPC 3606 on Windows suffers from a DLL hijack vulnerability. If an attacker overwrites the file %temp%\ShowMyPC\-ShowMyPC3606\wodVPN.dll, it will run any malicious code contained in that file. The code will... |
| CVE-2021-44954 | 2022-07-17 | In QVIS NVR DVR before 2021-12-13, an attacker can escalate privileges from a qvisdvr user to the root user by abusing a Sudo misconfiguration. |
| CVE-2022-27434 | 2022-07-17 | UNIT4 TETA Mobile Edition (ME) before 29.5.HF17 was discovered to contain a SQL injection vulnerability via the ProfileName parameter in the errorReporting page. |
| CVE-2022-2400 | 2022-07-18 | External Control of File Name or Path in dompdf/dompdf |
| CVE-2022-26117 | 2022-07-18 | An empty password in configuration file vulnerability [CWE-258] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and... |
| CVE-2022-1565 | 2022-07-18 | The plugin WP All Import is vulnerable to arbitrary file uploads due to missing file type validation via the wp_all_import_get_gz.php file in versions up to, and including, 3.6.7. This makes... |
| CVE-2022-33891 | 2022-07-18 | Apache Spark shell command injection vulnerability via Spark UI |
| CVE-2016-15003 | 2022-07-18 | FileZilla Client Installer uninstall.exe unquoted search path |
| CVE-2022-36127 | 2022-07-18 | Service unavailability impact in NodeJS agent(version <= 0.5.0) |
| CVE-2022-32450 | 2022-07-18 | AnyDesk 7.0.9 allows a local user to gain SYSTEM privileges via a symbolic link because the user can write to their own %APPDATA% folder (used for ad.trace and chat) but... |
| CVE-2022-35404 | 2022-07-18 | ManageEngine Password Manager Pro 12100 and prior and OPManager 126100 and prior are vulnerable to unauthorized file and directory creation on a server machine. |
| CVE-2022-24688 | 2022-07-18 | An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. The Touch settings allow unrestricted file upload (and consequently Remote Code Execution) via PDF upload with PHP content and a... |
| CVE-2022-24689 | 2022-07-18 | An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. It mishandles access control. This allows a remote attacker to access account information pages (including personal data) without being authenticated.... |
| CVE-2022-24690 | 2022-07-18 | An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. A PresAbs.php SQL Injection vulnerability allows unauthenticated users to taint database data and extract sensitive information via crafted HTTP requests.... |
| CVE-2022-24691 | 2022-07-18 | An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. A SQL Injection vulnerability allows authenticated users to taint database data and extract sensitive information via crafted HTTP requests. The... |
| CVE-2022-24692 | 2022-07-18 | An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. The new menu option within the general Parameters page is vulnerable to stored XSS. The attacker can create a menu... |
| CVE-2022-30620 | 2022-07-18 | Cellinx NVT – IP PTZ Camera Privilege Escalation |
| CVE-2022-30621 | 2022-07-18 | Cellinx NVT – IP PTZ Camera local file inclusion |
| CVE-2022-30627 | 2022-07-18 | Chcnav - P5E GNSS Information disclosure hard coded credentials. |
| CVE-2022-30624 | 2022-07-18 | Chcnav - P5E GNSS Authentication bypass admin password reset |
| CVE-2022-30626 | 2022-07-18 | Chcnav - P5E GNSS API not secure |
| CVE-2022-30625 | 2022-07-18 | Chcnav - P5E GNSS Directory listing |
| CVE-2022-30623 | 2022-07-18 | Chcnav - P5E GNSS Authentication bypass |
| CVE-2022-34892 | 2022-07-18 | This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop Parallels Desktop 17.1.1. An attacker must first obtain the ability to execute low-privileged code on the... |
| CVE-2022-34899 | 2022-07-18 | This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access 6.5.4 (39316) Agent. An attacker must first obtain the ability to execute low-privileged code on the... |
| CVE-2022-34900 | 2022-07-18 | This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access 6.5.3 (39313) Agent. An attacker must first obtain the ability to execute low-privileged code on the... |
| CVE-2022-34901 | 2022-07-18 | This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access 6.5.4 (39316) Agent. An attacker must first obtain the ability to execute low-privileged code on the... |
| CVE-2022-34902 | 2022-07-18 | This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access 6.5.4 (39316) Agent. An attacker must first obtain the ability to execute low-privileged code on the... |
| CVE-2022-35741 | 2022-07-18 | Apache CloudStack SAML Single Sign-On XXE |
| CVE-2021-33656 | 2022-07-18 | When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds. |
| CVE-2021-33655 | 2022-07-18 | When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds. |
| CVE-2022-23142 | 2022-07-18 | ZXEN CG200 has a DoS vulnerability. An attacker could construct and send a large number of HTTP GET requests in a short time, which can make the product management websites... |
| CVE-2022-32387 | 2022-07-18 | In Kentico before 13.0.66, attackers can achieve Denial of Service via a crafted request to the GetResource handler. |
| CVE-2022-23745 | 2022-07-18 | A potential memory corruption issue was found in Capsule Workspace Android app (running on GrapheneOS). This could result in application crashing but could not be used to gather any sensitive... |
| CVE-2022-2039 | 2022-07-18 | The Free Live Chat Support plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.0.11. This is due to missing nonce protection on the... |
| CVE-2022-2108 | 2022-07-18 | The plugin Wbcom Designs – BuddyPress Group Reviews for WordPress is vulnerable to unauthorized settings changes and review modification due to missing capability checks and improper nonce checks in several... |
| CVE-2022-2223 | 2022-07-18 | The WordPress plugin Image Slider is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.1.121 due to failure to properly check for the existence of a nonce... |
| CVE-2022-2101 | 2022-07-18 | The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `file[files][]` parameter in versions up to, and including, 3.2.46 due to insufficient input sanitization and output... |
| CVE-2022-2435 | 2022-07-18 | The AnyMind Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.1. This is due to missing nonce protection on the createDOMStructure() function... |
| CVE-2022-2444 | 2022-07-18 | The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to deserialization of untrusted input via the 'remote_data' parameter in versions up to, and including 3.7.9. This... |
| CVE-2022-2437 | 2022-07-18 | The Feed Them Social – for Twitter feed, Youtube and more plugin for WordPress is vulnerable to deserialization of untrusted input via the 'fts_url' parameter in versions up to, and... |
| CVE-2022-1912 | 2022-07-18 | The Button Widget Smartsoft plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due to missing nonce validation on the smartsoftbutton_settings... |
| CVE-2022-2117 | 2022-07-18 | The GiveWP plugin for WordPress is vulnerable to Sensitive Information Disclosure in versions up to, and including, 2.20.2 via the /donor-wall REST-API endpoint which provides unauthenticated users with donor information... |
| CVE-2022-2001 | 2022-07-18 | The DX Share Selection plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.4. This is due to missing nonce protection on the dxss_admin_page()... |
| CVE-2022-2443 | 2022-07-18 | The FreeMind WP Browser plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.2. This is due to missing nonce protection on the FreemindOptions()... |
| CVE-2022-2224 | 2022-07-18 | The WordPress plugin Gallery for Social Photo is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.0.0.27 due to failure to properly check for the existence of... |
| CVE-2021-44170 | 2022-07-18 | A stack-based buffer overflow vulnerability [CWE-121] in the command line interpreter of FortiOS before 7.0.4 and FortiProxy before 2.0.8 may allow an authenticated attacker to execute unauthorized code or commands... |
| CVE-2021-42755 | 2022-07-18 | An integer overflow / wraparound vulnerability [CWE-190] in FortiSwitch 7.0.2 and below, 6.4.9 and below, 6.2.x, 6.0.x; FortiRecorder 6.4.2 and below, 6.0.10 and below; FortiOS 7.0.2 and below, 6.4.8 and... |
| CVE-2022-22304 | 2022-07-18 | An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiAuthenticator OWA Agent for Microsoft version 2.2 and 2.1 may allow an unauthenticated attacker to perform an XSS... |
| CVE-2022-29060 | 2022-07-18 | A use of hard-coded cryptographic key vulnerability [CWE-321] in FortiDDoS API 5.5.0 through 5.5.1, 5.4.0 through 5.4.2, 5.3.0 through 5.3.1, 5.2.0, 5.1.0 may allow an attacker who managed to retrieve... |
| CVE-2022-30301 | 2022-07-18 | A path traversal vulnerability [CWE-22] in FortiAP-U CLI 6.2.0 through 6.2.3, 6.0.0 through 6.0.4, 5.4.0 through 5.4.6 may allow an admin user to delete and access unauthorized files and data... |
| CVE-2021-22131 | 2022-07-18 | A improper validation of certificate with host mismatch in Fortinet FortiTokenAndroid version 5.0.3 and below, Fortinet FortiTokeniOS version 5.2.0 and below, Fortinet FortiTokenWinApp version 4.0.3 and below allows attacker to... |
| CVE-2022-26113 | 2022-07-18 | An execution with unnecessary privileges vulnerability [CWE-250] in FortiClientWindows 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, 6.0.0 through 6.0.10 may allow a local attacker to perform an arbitrary... |
| CVE-2021-41031 | 2022-07-18 | A relative path traversal vulnerability [CWE-23] in FortiClient for Windows versions 7.0.2 and prior, 6.4.6 and prior and 6.2.9 and below may allow a local unprivileged attacker to escalate their... |
| CVE-2022-27483 | 2022-07-18 | A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiManager version 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.x and 6.0.x and FortiAnalyzer version... |
| CVE-2022-30302 | 2022-07-18 | Multiple relative path traversal vulnerabilities [CWE-23] in FortiDeceptor management interface 1.0.0 through 3.2.x, 3.3.0 through 3.3.2, 4.0.0 through 4.0.1 may allow a remote and authenticated attacker to retrieve and delete... |
| CVE-2022-23438 | 2022-07-18 | An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in FortiOS version 7.0.5 and prior and 6.4.9 and prior may allow an unauthenticated remote attacker to... |
| CVE-2022-26118 | 2022-07-18 | A privilege chaining vulnerability [CWE-268] in FortiManager and FortiAnalyzer 6.0.x, 6.2.x, 6.4.0 through 6.4.7, 7.0.0 through 7.0.3 may allow a local and authenticated attacker with a restricted shell to escalate... |
| CVE-2022-26120 | 2022-07-18 | Multiple improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerabilities [CWE-89] in FortiADC management interface 7.0.0 through 7.0.1, 5.0.0 through 6.2.2 may allow an authenticated attacker... |
| CVE-2022-29057 | 2022-07-18 | A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiEDR version 5.1.0, 5.0.0 through 5.0.3 Patch 6 and 4.0.0 allows a remote authenticated attacker to perform... |
| CVE-2021-29788 | 2022-07-18 | IBM Engineering Requirements Quality Assistant On-Premises (All versions) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended... |
| CVE-2021-29790 | 2022-07-18 | IBM Engineering Requirements Quality Assistant On-Premises (All versions) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended... |
| CVE-2021-29799 | 2022-07-18 | IBM Engineering Requirements Quality Assistant On-Premises (All versions) could allow an authenticated user to obtain sensitive information due to improper client side validation. IBM X-Force ID: 203738. |
| CVE-2021-38868 | 2022-07-18 | IBM Engineering Requirements Quality Assistant On-Premises (All versions) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that... |
| CVE-2022-22445 | 2022-07-18 | An attacker that gains service access to the FSP (POWER9 only) or gains admin authority to a partition can compromise partition firmware. |
| CVE-2022-28669 | 2022-07-18 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2022-28670 | 2022-07-18 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2022-28671 | 2022-07-18 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2022-28672 | 2022-07-18 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2022-28673 | 2022-07-18 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2022-28674 | 2022-07-18 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2022-28675 | 2022-07-18 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2022-28676 | 2022-07-18 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2022-28677 | 2022-07-18 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2022-28678 | 2022-07-18 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2022-28679 | 2022-07-18 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2022-28680 | 2022-07-18 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2022-28681 | 2022-07-18 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2022-28682 | 2022-07-18 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2022-28683 | 2022-07-18 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2022-34873 | 2022-07-18 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2022-34874 | 2022-07-18 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 11.2.2.53575. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2022-34875 | 2022-07-18 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2022-34027 | 2022-07-18 | Nginx NJS v0.7.4 was discovered to contain a segmentation violation via njs_value_property at njs_value.c. |
| CVE-2022-34028 | 2022-07-18 | Nginx NJS v0.7.5 was discovered to contain a segmentation violation via njs_utf8_next at src/njs_utf8.h. |
| CVE-2022-34029 | 2022-07-18 | Nginx NJS v0.7.4 was discovered to contain an out-of-bounds read via njs_scope_value at njs_scope.h. |
| CVE-2022-34030 | 2022-07-18 | Nginx NJS v0.7.5 was discovered to contain a segmentation violation via njs_djb_hash at src/njs_djb_hash.c. |
| CVE-2022-34031 | 2022-07-18 | Nginx NJS v0.7.5 was discovered to contain a segmentation violation via njs_value_to_number at src/njs_value_conversion.h. |
| CVE-2022-34032 | 2022-07-18 | Nginx NJS v0.7.5 was discovered to contain a segmentation violation in the function njs_value_own_enumerate at src/njs_value.c. |
| CVE-2022-34033 | 2022-07-18 | HTMLDoc v1.9.15 was discovered to contain a heap overflow via (write_header) /htmldoc/htmldoc/html.cxx:273. |
| CVE-2022-34035 | 2022-07-18 | HTMLDoc v1.9.12 and below was discovered to contain a heap overflow via e_node htmldoc/htmldoc/html.cxx:588. |
| CVE-2015-8031 | 2022-07-18 | Hudson (aka org.jvnet.hudson.main:hudson-core) before 3.3.2 allows XXE attacks. |
| CVE-2022-34632 | 2022-07-18 | Rocket-Chip commit 4f8114374d8824dfdec03f576a8cd68bebce4e56 was discovered to contain insufficient cryptography via the component /rocket/RocketCore.scala. |