CVE List - 2022 / July
Showing 1501 - 1600 of 1977 CVEs for July 2022 (Page 16 of 20)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-46829 | 2022-07-24 | GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buffer overflow when compositing or clearing frames in GIF files, as demonstrated by io-gif-animation.c composite_frame. This overflow is controllable and could... |
| CVE-2017-20144 | 2022-07-24 | Anvsoft PDFMate PDF Converter Pro memory corruption |
| CVE-2022-1314 | 2022-07-25 | Type confusion in V8 in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2022-2522 | 2022-07-25 | Heap-based Buffer Overflow in vim/vim |
| CVE-2022-26305 | 2022-07-25 | Execution of Untrusted Macros Due to Improper Certificate Validation |
| CVE-2022-26306 | 2022-07-25 | Execution of Untrusted Macros Due to Improper Certificate Validation |
| CVE-2022-26307 | 2022-07-25 | Weak Master Keys |
| CVE-2022-34749 | 2022-07-25 | In mistune through 2.0.2, support of inline markup is implemented by using regular expressions that can involve a high amount of backtracking on certain edge cases. This behavior is commonly... |
| CVE-2022-34965 | 2022-07-25 | OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain an arbitrary file upload vulnerability via the component /ossn/administrator/com_installer. This vulnerability allows attackers to execute arbitrary code... |
| CVE-2017-20145 | 2022-07-25 | Tecrail Responsive Filemanger path traversal |
| CVE-2022-36444 | 2022-07-25 | An issue was discovered in Atos Unify OpenScape SBC 9 and 10 before 10R2.2.1, Atos Unify OpenScape Branch 9 and 10 before version 10R2.1.1, and Atos Unify OpenScape BCF 10... |
| CVE-2022-36446 | 2022-07-25 | software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command. |
| CVE-2022-36450 | 2022-07-25 | Obsidian 0.14.x and 0.15.x before 0.15.5 allows obsidian://hook-get-address remote code execution because window.open is used without checking the URL. |
| CVE-2022-29709 | 2022-07-25 | CommuniLink Internet Limited CLink Office v2.0 was discovered to contain multiple SQL injection vulnerabilities via the username and password parameters. |
| CVE-2022-0594 | 2022-07-25 | Shareaholic < 9.7.6 - Information Disclosure |
| CVE-2022-0899 | 2022-07-25 | Header Footer Code Manager < 1.1.24 - Reflected Cross-Site Scripting |
| CVE-2022-1539 | 2022-07-25 | Exports and Reports < 0.9.2 - Contributor+ CSV Injection |
| CVE-2022-1551 | 2022-07-25 | SP Project & Document Manager < 4.58 - Sensitive File Disclosure |
| CVE-2022-2071 | 2022-07-25 | Name Directory < 1.25.4 - Stored Cross-Site Scripting via CSRF |
| CVE-2022-2072 | 2022-07-25 | Name Directory < 1.25.3 - Reflected Cross-Site Scripting |
| CVE-2022-2115 | 2022-07-25 | Popup Anything < 2.1.7 - Reflected Cross-Site Scripting |
| CVE-2022-2189 | 2022-07-25 | WP Video Lightbox < 1.9.5 - Reflected Cross-Site Scripting |
| CVE-2022-2219 | 2022-07-25 | Unyson < 2.7.27 - Reflected Cross-Site Scripting |
| CVE-2022-2239 | 2022-07-25 | Request a Quote < 2.3.9 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-2240 | 2022-07-25 | Request a Quote <= 2.3.7 - CSV Injection |
| CVE-2022-2299 | 2022-07-25 | Allow SVG Files <= 1.1 - Author+ Stored Cross Site Scripting via SVG |
| CVE-2022-2340 | 2022-07-25 | W-DALIL <= 2.0 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-2341 | 2022-07-25 | Simple Page Transition <= 1.4.1 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-1232 | 2022-07-25 | Type confusion in V8 in Google Chrome prior to 100.0.4896.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2022-1305 | 2022-07-25 | Use after free in storage in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2022-1306 | 2022-07-25 | Inappropriate implementation in compositing in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. |
| CVE-2022-1307 | 2022-07-25 | Inappropriate implementation in full screen in Google Chrome on Android prior to 100.0.4896.88 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML... |
| CVE-2022-1308 | 2022-07-25 | Use after free in BFCache in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2022-1309 | 2022-07-25 | Insufficient policy enforcement in developer tools in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. |
| CVE-2022-1310 | 2022-07-25 | Use after free in regular expressions in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2022-1311 | 2022-07-25 | Use after free in shell in Google Chrome on ChromeOS prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2022-1312 | 2022-07-25 | Use after free in storage in Google Chrome prior to 100.0.4896.88 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via... |
| CVE-2022-1313 | 2022-07-25 | Use after free in tab groups in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2022-2514 | 2022-07-25 | Cross-site Scripting (XSS) - Reflected in beancount/fava |
| CVE-2022-2523 | 2022-07-25 | Cross-site Scripting (XSS) - Reflected in beancount/fava |
| CVE-2022-21802 | 2022-07-25 | Cross-site Scripting (XSS) |
| CVE-2022-0670 | 2022-07-25 | A flaw was found in Openstack manilla owning a Ceph File system "share", which enables the owner to read/write any manilla share or entire file system. The vulnerability is due... |
| CVE-2022-33965 | 2022-07-25 | WordPress WP Visitor Statistics plugin <= 5.7 - Multiple Unauthenticated SQL Injection (SQLi) vulnerabilities |
| CVE-2020-28443 | 2022-07-25 | Command Injection |
| CVE-2020-28446 | 2022-07-25 | Command Injection |
| CVE-2020-28459 | 2022-07-25 | Cross-site Scripting (XSS) |
| CVE-2020-28438 | 2022-07-25 | Command Injection |
| CVE-2020-28422 | 2022-07-25 | Command Injection |
| CVE-2020-28441 | 2022-07-25 | Prototype Pollution |
| CVE-2020-28461 | 2022-07-25 | Prototype Pollution |
| CVE-2020-28462 | 2022-07-25 | Prototype Pollution |
| CVE-2020-7649 | 2022-07-25 | Directory Traversal |
| CVE-2021-23397 | 2022-07-25 | Prototype Pollution |
| CVE-2020-7678 | 2022-07-25 | Arbitrary Code Execution |
| CVE-2020-7677 | 2022-07-25 | Arbitrary Code Execution |
| CVE-2020-28471 | 2022-07-25 | Prototype Pollution |
| CVE-2020-28436 | 2022-07-25 | Command Injection |
| CVE-2020-28445 | 2022-07-25 | Command Injection |
| CVE-2020-28435 | 2022-07-25 | Command Injection |
| CVE-2020-28455 | 2022-07-25 | Cross-site Scripting (XSS) |
| CVE-2021-23373 | 2022-07-25 | Prototype Pollution |
| CVE-2021-23451 | 2022-07-25 | Insecure Randomness |
| CVE-2020-28447 | 2022-07-25 | Command Injection |
| CVE-2022-2131 | 2022-07-25 | OpenKM XXE Injection |
| CVE-2022-34963 | 2022-07-25 | OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the News Feed module. |
| CVE-2021-40335 | 2022-07-25 | Cross Site Request Forgery (CSRF) in Hitachi Energy’s MSM Product |
| CVE-2021-40336 | 2022-07-25 | HTTP Response Splitting in Hitachi Energy’s MSM Product |
| CVE-2022-34961 | 2022-07-25 | OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Users Timeline module. |
| CVE-2022-34964 | 2022-07-25 | OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the SitePages module. |
| CVE-2022-35649 | 2022-07-25 | The vulnerability was found in Moodle, occurs due to improper input validation when parsing PostScript code. An omitted execution parameter results in a remote code execution risk for sites running... |
| CVE-2022-35650 | 2022-07-25 | The vulnerability was found in Moodle, occurs due to input validation error when importing lesson questions. This insufficient path checks results in arbitrary file read risk. This vulnerability allows a... |
| CVE-2022-35651 | 2022-07-25 | A stored XSS and blind SSRF vulnerability was found in Moodle, occurs due to insufficient sanitization of user-supplied data in the SCORM track details. A remote attacker can trick the... |
| CVE-2022-35652 | 2022-07-25 | An open redirect issue was found in Moodle due to improper sanitization of user-supplied data in mobile auto-login feature. A remote attacker can create a link that leads to a... |
| CVE-2022-35653 | 2022-07-25 | A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can... |
| CVE-2022-24083 | 2022-07-25 | Password authentication bypass vulnerability for local accounts can be used to bypass local authentication checks. |
| CVE-2022-34962 | 2022-07-25 | OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Group Timeline module. |
| CVE-2022-35284 | 2022-07-25 | IBM Security Verify Information Queue 10.0.2 could disclose sensitive information due to a missing or insecure SameSite attribute for a sensitive cookie. IBM X-Force ID: 230811. |
| CVE-2022-35285 | 2022-07-25 | IBM Security Verify Information Queue 10.0.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website... |
| CVE-2022-35287 | 2022-07-25 | IBM Security Verify Information Queue 10.0.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or... |
| CVE-2022-35288 | 2022-07-25 | IBM Security Verify Information Queue 10.0.2 could allow a user to obtain sensitive information that could be used in further attacks against the system. IBM X-Force ID: 230818. |
| CVE-2022-24992 | 2022-07-25 | A vulnerability in the component process.php of QR Code Generator v5.2.7 allows attackers to perform directory traversal. |
| CVE-2022-33969 | 2022-07-25 | WordPress Flipbox plugin <= 2.6.0 - Authenticated WordPress Options Change vulnerability |
| CVE-2022-2032 | 2022-07-25 | Stored Cross Site-Scripting in File Manager |
| CVE-2022-2059 | 2022-07-25 | Stored Cross Site-Scripting in Agent Manager |
| CVE-2022-35869 | 2022-07-25 | This vulnerability allows remote attackers to bypass authentication on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Authentication is not required to exploit this vulnerability. The specific flaw exists within... |
| CVE-2022-35870 | 2022-07-25 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Although authentication is required to exploit this vulnerability, the existing authentication mechanism... |
| CVE-2022-35871 | 2022-07-25 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Authentication is not required to exploit this vulnerability. The specific flaw exists... |
| CVE-2022-35872 | 2022-07-25 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). User interaction is required to exploit this vulnerability in that the target... |
| CVE-2022-35873 | 2022-07-25 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). User interaction is required to exploit this vulnerability in that the target... |
| CVE-2022-34966 | 2022-07-25 | OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain an HTML injection vulnerability via the location parameter at http://ip_address/:port/ossn/home. |
| CVE-2022-23000 | 2022-07-25 | Weak Default SSL use in Port Forwarding Service |
| CVE-2022-22999 | 2022-07-25 | Cross-site Scripting Vulnerability in USB Backups App |
| CVE-2022-36375 | 2022-07-25 | WordPress Tabs plugin <= 3.6.0 - Authenticated WordPress Options Change vulnerability |
| CVE-2022-34907 | 2022-07-25 | An authentication bypass vulnerability exists in FileWave before 14.6.3 and 14.7.x before 14.7.2. Exploitation could allow an unauthenticated actor to gain access to the system with the highest authority possible... |
| CVE-2022-34906 | 2022-07-25 | A hard-coded cryptographic key is used in FileWave before 14.6.3 and 14.7.x before 14.7.2. Exploitation could allow an unauthenticated actor to decrypt sensitive information saved in FileWave, and even send... |
| CVE-2022-35131 | 2022-07-25 | Joplin v2.8.8 allows attackers to execute arbitrary commands via a crafted payload injected into the Node titles. |
| CVE-2022-34570 | 2022-07-25 | WAVLINK WN579 X3 M79X3.V5030.191012/M79X3.V5030.191012 contains an information leak which allows attackers to obtain the key information via accessing the messages.txt page. |
| CVE-2022-34571 | 2022-07-25 | An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to obtain the system key information and execute arbitrary commands via accessing the page syslog.shtml. |
| CVE-2022-34572 | 2022-07-25 | An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to obtain the telnet password via accessing the page tftp.txt. |
| CVE-2022-34573 | 2022-07-25 | An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to arbitrarily configure device settings via accessing the page mb_wifibasic.shtml. |