CVE List - 2022 / July
Showing 1401 - 1500 of 1977 CVEs for July 2022 (Page 15 of 20)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-28877 | 2022-07-21 | Local Privilege Escalation Vulnerability in F-Secure & WithSecure Windows Endpoint Products |
| CVE-2022-0902 | 2022-07-21 | ABB Flow Computer and Remote Controllers Path Traversal Vulnerability in Totalflow TCP protocol can lead to root access |
| CVE-2022-34767 | 2022-07-21 | ALLNET Gmbh - ADSL/VDSL Router inkl. Modem and Wlan Authorization Bypass |
| CVE-2022-30628 | 2022-07-21 | Supersmart.me – Walk Through access to business information without authentication |
| CVE-2022-32430 | 2022-07-21 | An access control issue in Lin CMS Spring Boot v0.2.1 allows attackers to access the backend information and functions within the application. |
| CVE-2022-30337 | 2022-07-21 | WordPress WP Meta SEO plugin <= 4.4.8 - Social Settings Update vis Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-35899 | 2022-07-21 | There is an unquoted service path in ASUSTeK Aura Ready Game SDK service (GameSDK.exe) 1.0.0.4. This might allow a local user to escalate privileges by creating a %PROGRAMFILES(X86)%\ASUS\GameSDK.exe file. |
| CVE-2022-28666 | 2022-07-21 | WordPress Custom Product Tabs for WooCommerce plugin <= 1.7.7 - Broken Access Control vulnerability |
| CVE-2022-30536 | 2022-07-21 | WordPress WP Maintenance plugin <= 6.0.7 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-28700 | 2022-07-21 | WordPress GiveWP plugin <= 2.20.2 - Authenticated Arbitrary File Creation via Export function vulnerability |
| CVE-2022-31475 | 2022-07-21 | WordPress GiveWP plugin <= 2.20.2 - Authenticated Arbitrary File Read via Export function vulnerability |
| CVE-2022-33198 | 2022-07-21 | WordPress Accordions plugin <= 2.0.2 - Unauthenticated WordPress Options Change vulnerability |
| CVE-2022-34487 | 2022-07-21 | WordPress Shortcode Addons plugin <= 3.0.2 - Unauthenticated Arbitrary Option Update vulnerability |
| CVE-2022-0971 | 2022-07-21 | Use after free in Blink Layout in Google Chrome on Android prior to 99.0.4844.74 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via... |
| CVE-2022-0972 | 2022-07-21 | Use after free in Extensions in Google Chrome prior to 99.0.4844.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a... |
| CVE-2022-0973 | 2022-07-21 | Use after free in Safe Browsing in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2022-0974 | 2022-07-21 | Use after free in Splitscreen in Google Chrome on Chrome OS prior to 99.0.4844.74 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially... |
| CVE-2022-0975 | 2022-07-21 | Use after free in ANGLE in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2022-0976 | 2022-07-21 | Heap buffer overflow in GPU in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2022-0977 | 2022-07-21 | Use after free in Browser UI in Google Chrome on Chrome OS prior to 99.0.4844.74 allowed a remote attacker who convinced a user to engage in specific user interaction to... |
| CVE-2022-0978 | 2022-07-21 | Use after free in ANGLE in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2022-0979 | 2022-07-21 | Use after free in Safe Browsing in Google Chrome on Android prior to 99.0.4844.74 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially... |
| CVE-2022-0980 | 2022-07-21 | Use after free in New Tab Page in Google Chrome prior to 99.0.4844.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption... |
| CVE-2022-1134 | 2022-07-22 | Type confusion in V8 in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2022-34037 | 2022-07-22 | An out-of-bounds read in the rewrite function at /modules/caddyhttp/rewrite/rewrite.go in Caddy v2.5.1 allows attackers to cause a Denial of Service (DoS) via a crafted URI. Note: This has been disputed... |
| CVE-2022-2327 | 2022-07-22 | Use-after-free in io_uring ad work_flags in Linux Kernel |
| CVE-2022-2493 | 2022-07-22 | Data Access from Outside Expected Data Manager Component in openemr/openemr |
| CVE-2022-2494 | 2022-07-22 | Cross-site Scripting (XSS) - Stored in openemr/openemr |
| CVE-2022-2495 | 2022-07-22 | Cross-site Scripting (XSS) - Stored in microweber/microweber |
| CVE-2022-36131 | 2022-07-22 | The Better PDF Exporter add-on 10.0.0 for Atlassian Jira is prone to stored XSS via a crafted description to the PDF Templates overview page. |
| CVE-2022-31168 | 2022-07-22 | Zulip Server insufficient authorization for changing bot roles |
| CVE-2022-34500 | 2022-07-22 | The bin-collect package in PyPI before v0.1 included a code execution backdoor inserted by a third party. |
| CVE-2022-34501 | 2022-07-22 | The bin-collection package in PyPI before v0.1 included a code execution backdoor inserted by a third party. |
| CVE-2022-34502 | 2022-07-22 | Radare2 v5.7.0 was discovered to contain a heap buffer overflow via the function consume_encoded_name_new at format/wasm/wasm.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted... |
| CVE-2022-34503 | 2022-07-22 | QPDF v8.4.2 was discovered to contain a heap buffer overflow via the function QPDF::processXRefStream. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. |
| CVE-2022-34520 | 2022-07-22 | Radare2 v5.7.2 was discovered to contain a NULL pointer dereference via the function r_bin_file_xtr_load_buffer at bin/bfile.c. This vulnerability allows attackers to cause a Denial of Service (DOS) via a crafted... |
| CVE-2022-34981 | 2022-07-22 | The PyCrowdTangle package in PyPI before v0.0.1 included a code execution backdoor inserted by a third party. |
| CVE-2022-34509 | 2022-07-22 | The wikifaces package in PyPI v1.0 included a code execution backdoor inserted by a third party. |
| CVE-2022-34983 | 2022-07-22 | The scu-captcha package in PyPI v0.0.1 to v0.0.4 included a code execution backdoor inserted by a third party. |
| CVE-2022-34982 | 2022-07-22 | The eziod package in PyPI before v0.0.1 included a code execution backdoor inserted by a third party. |
| CVE-2022-2470 | 2022-07-22 | Cross-site Scripting (XSS) - Reflected in microweber/microweber |
| CVE-2022-1655 | 2022-07-22 | An Incorrect Permission Assignment for Critical Resource flaw was found in Horizon on Red Hat OpenStack. Horizon session cookies are created without the HttpOnly flag despite HorizonSecureCookies being set to... |
| CVE-2021-36200 | 2022-07-22 | Metasys ADS/ADX/OAS with MUI |
| CVE-2022-2137 | 2022-07-22 | Advantech iView |
| CVE-2022-2139 | 2022-07-22 | Advantech iView |
| CVE-2022-2138 | 2022-07-22 | Advantech iView |
| CVE-2022-2135 | 2022-07-22 | Advantech iView |
| CVE-2022-2136 | 2022-07-22 | Advantech iView |
| CVE-2022-2143 | 2022-07-22 | Advantech iView |
| CVE-2022-2142 | 2022-07-22 | Advantech iView |
| CVE-2022-28879 | 2022-07-22 | Denial-of-Service (DoS) Vulnerability |
| CVE-2022-28878 | 2022-07-22 | Denial-of-Service (DoS) Vulnerability |
| CVE-2020-14126 | 2022-07-22 | Information leakage vulnerability exists in the Mi Sound APP. This vulnerability is caused by illegal calls of some sensitive JS interfaces, which can be exploited by attackers to leak sensitive... |
| CVE-2020-14114 | 2022-07-22 | information leakage vulnerability exists in the Xiaomi SmartHome APP. This vulnerability is caused by illegal calls of some sensitive JS interfaces, which can be exploited by attackers to leak sensitive... |
| CVE-2022-2511 | 2022-07-22 | Potential XSS in title URL parameter |
| CVE-2022-2510 | 2022-07-22 | Potential XSS on Special:SearchCenter |
| CVE-2017-20139 | 2022-07-22 | Itech Movie Portal Script show_news.php Error sql injection |
| CVE-2017-20140 | 2022-07-22 | Itech Movie Portal Script movie.php Reflected cross site scripting |
| CVE-2022-29495 | 2022-07-22 | WordPress Popup Builder plugin <= 4.1.11 - Cross-Site Request Forgery (CSRF) leading to plugin settings update |
| CVE-2022-33960 | 2022-07-22 | WordPress Social Share Buttons by Supsystic plugin <= 2.2.3 - Multiple Authenticated SQL Injection (SQLi) vulnerabilities |
| CVE-2022-27235 | 2022-07-22 | WordPress Social Share Buttons by Supsystic plugin <= 2.2.3 - Multiple Broken Access Control vulnerabilities |
| CVE-2022-34839 | 2022-07-22 | WordPress WP OAuth2 Server plugin <= 1.0.1 - Authentication Bypass vulnerability |
| CVE-2022-33191 | 2022-07-22 | WordPress Testimonials plugin <= 3.0.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-30998 | 2022-07-22 | WordPress Homepage Product Organizer for WooCommerce plugin <= 1.1 - Multiple Authenticated SQL Injection (SQLi) vulnerabilities |
| CVE-2022-34853 | 2022-07-22 | WordPress Team plugin <= 1.2.6 - Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities |
| CVE-2022-34650 | 2022-07-22 | WordPress Team plugin <= 1.2.6 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities |
| CVE-2022-33901 | 2022-07-22 | WordPress MultiSafepay plugin for WooCommerce plugin <= 4.13.1 - Unauthenticated Arbitrary File Read vulnerability |
| CVE-2017-20141 | 2022-07-22 | Itech Movie Portal Script movie.php Union sql injection |
| CVE-2017-20142 | 2022-07-22 | Itech Movie Portal Script artist-display.php Union sql injection |
| CVE-2017-20143 | 2022-07-22 | Itech Movie Portal Script film-rating.php Error sql injection |
| CVE-2022-25759 | 2022-07-22 | Remote Code Injection |
| CVE-2022-34115 | 2022-07-22 | DataEase v1.11.1 was discovered to contain a arbitrary file write vulnerability via the parameter dataSourceId. |
| CVE-2022-34113 | 2022-07-22 | An issue in the component /api/plugin/upload of Dataease v1.11.1 allows attackers to execute arbitrary code via a crafted plugin. |
| CVE-2022-34112 | 2022-07-22 | An access control issue in the component /api/plugin/uninstall Dataease v1.11.1 allows attackers to arbitrarily uninstall the plugin, a right normally reserved for the administrator. |
| CVE-2022-34114 | 2022-07-22 | Dataease v1.11.1 was discovered to contain a SQL injection vulnerability via the parameter dataSourceId. |
| CVE-2022-1096 | 2022-07-22 | Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2022-1125 | 2022-07-22 | Use after free in Portals in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption... |
| CVE-2022-1127 | 2022-07-22 | Use after free in QR Code Generator in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit... |
| CVE-2022-1128 | 2022-07-22 | Inappropriate implementation in Web Share API in Google Chrome on Windows prior to 100.0.4896.60 allowed an attacker on the local network segment to leak cross-origin data via a crafted HTML... |
| CVE-2022-1129 | 2022-07-22 | Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 100.0.4896.60 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted... |
| CVE-2022-1130 | 2022-07-22 | Insufficient validation of trust input in WebOTP in Google Chrome on Android prior to 100.0.4896.60 allowed a remote attacker to send arbitrary intents from any app via a malicious app. |
| CVE-2022-1131 | 2022-07-22 | Use after free in Cast UI in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2022-1132 | 2022-07-22 | Inappropriate implementation in Virtual Keyboard in Google Chrome on Chrome OS prior to 100.0.4896.60 allowed a local attacker to bypass navigation restrictions via physical access to the device. |
| CVE-2022-1133 | 2022-07-22 | Use after free in WebRTC Perf in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2022-1135 | 2022-07-22 | Use after free in Shopping Cart in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption via standard feature user interaction. |
| CVE-2022-1136 | 2022-07-22 | Use after free in Tab Strip in Google Chrome prior to 100.0.4896.60 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via... |
| CVE-2022-1137 | 2022-07-22 | Inappropriate implementation in Extensions in Google Chrome prior to 100.0.4896.60 allowed an attacker who convinced a user to install a malicious extension to leak potentially sensitive information via a crafted... |
| CVE-2022-1138 | 2022-07-22 | Inappropriate implementation in Web Cursor in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who had compromised the renderer process to obscure the contents of the Omnibox (URL bar)... |
| CVE-2022-1139 | 2022-07-22 | Inappropriate implementation in Background Fetch API in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |
| CVE-2022-1141 | 2022-07-22 | Use after free in File Manager in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap... |
| CVE-2022-1142 | 2022-07-22 | Heap buffer overflow in WebUI in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption... |
| CVE-2022-1143 | 2022-07-22 | Heap buffer overflow in WebUI in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption... |
| CVE-2022-1144 | 2022-07-22 | Use after free in WebUI in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption... |
| CVE-2022-1145 | 2022-07-22 | Use after free in Extensions in Google Chrome prior to 100.0.4896.60 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific... |
| CVE-2022-1146 | 2022-07-22 | Inappropriate implementation in Resource Timing in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |
| CVE-2018-25045 | 2022-07-23 | Django REST framework (aka django-rest-framework) before 3.9.1 allows XSS because the default DRF Browsable API view templates disable autoescaping. |
| CVE-2022-36415 | 2022-07-23 | A DLL hijacking vulnerability exists in the uninstaller in Scooter Beyond Compare 1.8a through 4.4.2 before 4.4.3 when installed via the EXE installer. The uninstaller attempts to load DLLs out... |
| CVE-2022-36414 | 2022-07-23 | There is an elevation of privilege breakout vulnerability in the Windows EXE installer in Scooter Beyond Compare 4.2.0 through 4.4.2 before 4.4.3. Affected versions allow a logged-in user to run... |
| CVE-2016-15004 | 2022-07-23 | InfiniteWP Client Plugin injection |
| CVE-2022-24294 | 2022-07-24 | ReDoS in Apache MXNet RTC Module |