CVE List - 2022 / July
Showing 1701 - 1800 of 1977 CVEs for July 2022 (Page 18 of 20)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-29953 | 2022-07-26 | The Bently Nevada 3700 series of condition monitoring equipment through 2022-04-29 has a maintenance interface on port 4001/TCP with undocumented, hardcoded credentials. An attacker capable of connecting to this interface... |
| CVE-2022-1633 | 2022-07-26 | Use after free in Sharesheet in Google Chrome on Chrome OS prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially... |
| CVE-2022-1634 | 2022-07-26 | Use after free in Browser UI in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who had convinced a user to engage in specific UI interaction to potentially exploit... |
| CVE-2022-1635 | 2022-07-26 | Use after free in Permission Prompts in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap... |
| CVE-2022-1636 | 2022-07-26 | Use after free in Performance APIs in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2022-1637 | 2022-07-26 | Inappropriate implementation in Web Contents in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |
| CVE-2022-1638 | 2022-07-26 | Heap buffer overflow in V8 Internationalization in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2022-1639 | 2022-07-26 | Use after free in ANGLE in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2022-1640 | 2022-07-26 | Use after free in Sharing in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption... |
| CVE-2022-1641 | 2022-07-26 | Use after free in Web UI Diagnostics in Google Chrome on Chrome OS prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions... |
| CVE-2022-30274 | 2022-07-26 | The Motorola ACE1000 RTU through 2022-05-02 uses ECB encryption unsafely. It can communicate with an XRT LAN-to-radio gateway by means of an embedded client. Credentials for accessing this gateway are... |
| CVE-2022-30272 | 2022-07-26 | The Motorola ACE1000 RTU through 2022-05-02 mishandles firmware integrity. It utilizes either the STS software suite or ACE1000 Easy Configurator for performing firmware updates. In case of the Easy Configurator,... |
| CVE-2022-30271 | 2022-07-26 | The Motorola ACE1000 RTU through 2022-05-02 ships with a hardcoded SSH private key and initialization scripts (such as /etc/init.d/sshd_service) only generate a new key if no private-key file exists. Thus,... |
| CVE-2022-30270 | 2022-07-26 | The Motorola ACE1000 RTU through 2022-05-02 has default credentials. It exposes an SSH interface on port 22/TCP. This interface is used for remote maintenance and for SFTP file-transfer operations that... |
| CVE-2022-30269 | 2022-07-26 | Motorola ACE1000 RTUs through 2022-05-02 mishandle application integrity. They allow for custom application installation via either STS software, the C toolkit, or the ACE1000 Easy Configurator. In the case of... |
| CVE-2022-30276 | 2022-07-26 | The Motorola MOSCAD and ACE line of RTUs through 2022-05-02 omit an authentication requirement. They feature IP Gateway modules which allow for interfacing between Motorola Data Link Communication (MDLC) networks... |
| CVE-2022-36129 | 2022-07-26 | HashiCorp Vault Enterprise 1.7.0 through 1.9.7, 1.10.4, and 1.11.0 clusters using Integrated Storage expose an unauthenticated API endpoint that could be abused to override the voter status of a node... |
| CVE-2021-40180 | 2022-07-26 | In the WeChat application 8.0.10 for Android and iOS, a mini program can obtain sensitive information from a user's address book via wx.searchContacts. |
| CVE-2021-33057 | 2022-07-26 | The QQ application 8.7.1 for Android and iOS does not enforce the permission requirements (e.g., android.permission.ACCESS_FINE_LOCATION) for determining the device's physical location. An attacker can use qq.createMapContext to create a... |
| CVE-2022-34612 | 2022-07-27 | Rizin v0.4.0 and below was discovered to contain an integer overflow via the function get_long_object(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted binary. |
| CVE-2022-36946 | 2022-07-27 | nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte... |
| CVE-2022-34971 | 2022-07-27 | An arbitrary file upload vulnerability in the Advertising Management module of Feehi CMS v2.1.1 allows attackers to execute arbitrary code via a crafted PHP file. |
| CVE-2022-34611 | 2022-07-27 | A cross-site scripting (XSS) vulnerability in /index.php/?p=report of Online Fire Reporting System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the "Contac... |
| CVE-2022-34594 | 2022-07-27 | Advanced School Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component ip/school/moudel/update_subject.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via... |
| CVE-2022-36879 | 2022-07-27 | An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice. |
| CVE-2022-36880 | 2022-07-27 | The Read Mail module in Webmin 1.995 and Usermin through 1.850 allows XSS via a crafted HTML e-mail message. |
| CVE-2022-27610 | 2022-07-27 | Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25423 allows remote authenticated users to delete arbitrary files... |
| CVE-2022-2310 | 2022-07-27 | Skyhigh SWG Authentication bypass vulnerability |
| CVE-2022-2313 | 2022-07-27 | DLL high jacking in Trellix Agent |
| CVE-2022-34529 | 2022-07-27 | WASM3 v0.5.0 was discovered to contain a segmentation fault via the component Compile_Memory_CopyFill. |
| CVE-2022-34549 | 2022-07-27 | Sims v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /uploadServlet. This vulnerability allows attackers to escalate privileges and execute arbitrary commands via a crafted file. |
| CVE-2022-34550 | 2022-07-27 | Sims v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /addNotifyServlet. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload... |
| CVE-2022-34551 | 2022-07-27 | Sims v1.0 was discovered to allow path traversal when downloading attachments. |
| CVE-2022-23100 | 2022-07-27 | OX App Suite through 7.10.6 allows OS Command Injection via Documentconverter (e.g., through an email attachment). |
| CVE-2022-23099 | 2022-07-27 | OX App Suite through 7.10.6 allows XSS by forcing block-wise read. |
| CVE-2022-33970 | 2022-07-27 | WordPress Shortcode Addons plugin <= 3.1.2 - Authenticated WordPress Options Change vulnerability |
| CVE-2022-35291 | 2022-07-27 | Privilege escalation vulnerability in SAP SuccessFactors attachment API for Mobile Application(Android & iOS) |
| CVE-2022-23101 | 2022-07-27 | OX App Suite through 7.10.6 allows XSS via appHandler in a deep link in an e-mail message. |
| CVE-2022-24405 | 2022-07-27 | OX App Suite through 7.10.6 allows OS Command Injection via a serialized Java class to the Documentconverter API. |
| CVE-2022-24406 | 2022-07-27 | OX App Suite through 7.10.6 allows SSRF because multipart/form-data boundaries are predictable, and this can lead to injection into internal Documentconverter API calls. |
| CVE-2022-36881 | 2022-07-27 | Jenkins Git client Plugin 3.11.0 and earlier does not perform SSH host key verification when connecting to Git repositories via SSH, enabling man-in-the-middle attacks. |
| CVE-2022-36882 | 2022-07-27 | A cross-site request forgery (CSRF) vulnerability in Jenkins Git Plugin 4.11.3 and earlier allows attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause... |
| CVE-2022-36883 | 2022-07-27 | A missing permission check in Jenkins Git Plugin 4.11.3 and earlier allows unauthenticated attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them... |
| CVE-2022-36884 | 2022-07-27 | The webhook endpoint in Jenkins Git Plugin 4.11.3 and earlier provide unauthenticated attackers information about the existence of jobs configured to use an attacker-specified Git repository. |
| CVE-2022-36885 | 2022-07-27 | Jenkins GitHub Plugin 1.34.4 and earlier uses a non-constant time comparison function when checking whether the provided and computed webhook signatures are equal, allowing attackers to use statistical methods to... |
| CVE-2022-36886 | 2022-07-27 | A cross-site request forgery (CSRF) vulnerability in Jenkins External Monitor Job Type Plugin 191.v363d0d1efdf8 and earlier allows attackers to create runs of an external job. |
| CVE-2022-36887 | 2022-07-27 | A cross-site request forgery (CSRF) vulnerability in Jenkins Job Configuration History Plugin 1155.v28a_46a_cc06a_5 and earlier allows attackers to delete entries from job, agent, and system configuration history, or restore older... |
| CVE-2022-36888 | 2022-07-27 | A missing permission check in Jenkins HashiCorp Vault Plugin 354.vdb_858fd6b_f48 and earlier allows attackers with Overall/Read permission to obtain credentials stored in Vault with attacker-specified path and keys. |
| CVE-2022-36889 | 2022-07-27 | Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the application path of the applications when configuring a deployment, allowing attackers with Item/Configure permission to upload arbitrary files from... |
| CVE-2022-36890 | 2022-07-27 | Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the name of files in methods implementing form validation, allowing attackers with Item/Read permission to check for the existence of... |
| CVE-2022-36891 | 2022-07-27 | A missing permission check in Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier allows attackers with Item/Read permission but without Deploy Now/Deploy permission to read deployment logs. |
| CVE-2022-36892 | 2022-07-27 | Jenkins rhnpush-plugin Plugin 0.5.1 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to... |
| CVE-2022-36893 | 2022-07-27 | Jenkins rpmsign-plugin Plugin 0.5.0 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to... |
| CVE-2022-36894 | 2022-07-27 | An arbitrary file write vulnerability in Jenkins CLIF Performance Testing Plugin 64.vc0d66de1dfb_f and earlier allows attackers with Overall/Read permission to create or replace arbitrary files on the Jenkins controller file... |
| CVE-2022-36895 | 2022-07-27 | A missing permission check in Jenkins Compuware Topaz Utilities Plugin 1.0.8 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of... |
| CVE-2022-36896 | 2022-07-27 | A missing permission check in Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of... |
| CVE-2022-36897 | 2022-07-27 | A missing permission check in Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs... |
| CVE-2022-36898 | 2022-07-27 | A missing permission check in Jenkins Compuware ISPW Operations Plugin 1.0.8 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of... |
| CVE-2022-36899 | 2022-07-27 | Jenkins Compuware ISPW Operations Plugin 1.0.8 and earlier does not restrict execution of a controller/agent message to agents, allowing attackers able to control agent processes to retrieve Java system properties. |
| CVE-2022-36900 | 2022-07-27 | Jenkins Compuware zAdviser API Plugin 1.0.3 and earlier does not restrict execution of a controller/agent message to agents, allowing attackers able to control agent processes to retrieve Java system properties. |
| CVE-2022-36901 | 2022-07-27 | Jenkins HTTP Request Plugin 1.15 and earlier stores HTTP Request passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access... |
| CVE-2022-36902 | 2022-07-27 | Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier does not escape several fields of Moded Extended Choice parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers... |
| CVE-2022-36903 | 2022-07-27 | A missing permission check in Jenkins Repository Connector Plugin 2.2.0 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. |
| CVE-2022-36904 | 2022-07-27 | Jenkins Repository Connector Plugin 2.2.0 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of... |
| CVE-2022-36905 | 2022-07-27 | Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.2 and earlier does not perform URL validation for the Repository Base URL of List maven artifact versions parameters, resulting in... |
| CVE-2022-36906 | 2022-07-27 | A cross-site request forgery (CSRF) vulnerability in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password. |
| CVE-2022-36907 | 2022-07-27 | A missing permission check in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password. |
| CVE-2022-36908 | 2022-07-27 | A cross-site request forgery (CSRF) vulnerability in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers to check for the existence of an attacker-specified file path on the Jenkins controller... |
| CVE-2022-36909 | 2022-07-27 | A missing permission check in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins... |
| CVE-2022-36910 | 2022-07-27 | Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to reindex the database and to obtain information about... |
| CVE-2022-36911 | 2022-07-27 | A cross-site request forgery (CSRF) vulnerability in Jenkins Openstack Heat Plugin 1.5 and earlier allows attackers to connect to an attacker-specified URL. |
| CVE-2022-36912 | 2022-07-27 | A missing permission check in Jenkins Openstack Heat Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. |
| CVE-2022-36913 | 2022-07-27 | Jenkins Openstack Heat Plugin 1.5 and earlier does not perform permission checks in methods implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified... |
| CVE-2022-36914 | 2022-07-27 | Jenkins Files Found Trigger Plugin 1.5 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence... |
| CVE-2022-36915 | 2022-07-27 | Jenkins Android Signing Plugin 2.2.5 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or Item/Configure permission... |
| CVE-2022-36916 | 2022-07-27 | A cross-site request forgery (CSRF) vulnerability in Jenkins Google Cloud Backup Plugin 0.6 and earlier allows attackers to request a manual backup. |
| CVE-2022-36917 | 2022-07-27 | A missing permission check in Jenkins Google Cloud Backup Plugin 0.6 and earlier allows attackers with Overall/Read permission to request a manual backup. |
| CVE-2022-36918 | 2022-07-27 | Jenkins Buckminster Plugin 1.1.1 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an... |
| CVE-2022-36919 | 2022-07-27 | A missing permission check in Jenkins Coverity Plugin 1.11.4 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. |
| CVE-2022-36920 | 2022-07-27 | A cross-site request forgery (CSRF) vulnerability in Jenkins Coverity Plugin 1.11.4 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing... |
| CVE-2022-36921 | 2022-07-27 | A missing permission check in Jenkins Coverity Plugin 1.11.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method,... |
| CVE-2022-36922 | 2022-07-27 | Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not escape the search query parameter displayed on the 'search' result page, resulting in a reflected cross-site scripting (XSS) vulnerability. |
| CVE-2022-2549 | 2022-07-27 | NULL Pointer Dereference in gpac/gpac |
| CVE-2022-2550 | 2022-07-27 | OS Command Injection in hestiacp/hestiacp |
| CVE-2022-35669 | 2022-07-27 | Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2022-35672 | 2022-07-27 | Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| CVE-2022-33943 | 2022-07-27 | WordPress BxSlider WP plugin <= 2.0.0 - Authenticated Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-34120 | 2022-07-27 | Barangay Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the module editing function at /pages/activity/activity.php. |
| CVE-2022-34121 | 2022-07-27 | Cuppa CMS v1.0 was discovered to contain a local file inclusion (LFI) vulnerability via the component /templates/default/html/windows/right.php. |
| CVE-2022-35911 | 2022-07-27 | On Patlite NH-FB series devices through 1.46, remote attackers can cause a denial of service by omitting the query string. NOTE: the vendor's perspective is that "omitting the query string... |
| CVE-2020-6998 | 2022-07-27 | Rockwell Automation CompactLogix 5370 and ControlLogix 5570 Controllers Improper Input Validation |
| CVE-2021-42537 | 2022-07-27 | VISAM VBASE Editor Improper Restriction of XML |
| CVE-2021-38417 | 2022-07-27 | VISAM VBASE Editor Improper Access Control |
| CVE-2021-42535 | 2022-07-27 | VISAM VBASE Editor Cross Site Scripting |
| CVE-2021-38410 | 2022-07-27 | AVEVA PCS Portal Uncontrolled Search Path Element |
| CVE-2022-36956 | 2022-07-27 | In Veritas NetBackup, the NetBackup Client allows arbitrary command execution from any remote host that has access to a valid host-id NetBackup certificate/private key from the same domain. The affects... |
| CVE-2022-36955 | 2022-07-27 | In Veritas NetBackup, an attacker with unprivileged local access to a NetBackup Client may send specific commands to escalate their privileges. This affects 8.0 through 8.1.2, 8.2, 8.3 through 8.3.0.2,... |
| CVE-2022-36954 | 2022-07-27 | In Veritas NetBackup OpsCenter, under specific conditions, an authenticated remote attacker may be able to create or modify OpsCenter user accounts. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x... |
| CVE-2022-36953 | 2022-07-27 | In Veritas NetBackup OpsCenter, certain endpoints could allow an unauthenticated remote attacker to gain sensitive information. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10. |
| CVE-2022-36952 | 2022-07-27 | In Veritas NetBackup OpsCenter, a hard-coded credential exists that could be used to exploit the underlying VxSS subsystem. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and... |