CVE List - 2022 / July
Showing 1801 - 1900 of 1977 CVEs for July 2022 (Page 19 of 20)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-36951 | 2022-07-27 | In Veritas NetBackup OpsCenter, an unauthenticated remote attacker may compromise the host by exploiting an incorrectly patched vulnerability. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and... |
| CVE-2022-36950 | 2022-07-27 | In Veritas NetBackup OpsCenter, an unauthenticated remote attacker may be able to perform remote command execution through a Java classloader manipulation. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x... |
| CVE-2022-36949 | 2022-07-27 | In Veritas NetBackup OpsCenter, an attacker with local access to a NetBackup OpsCenter server could potentially escalate their privileges. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1,... |
| CVE-2022-36948 | 2022-07-27 | In Veritas NetBackup OpsCenter, a DOM XSS attack can occur. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10. |
| CVE-2022-1853 | 2022-07-27 | Use after free in Indexed DB in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. |
| CVE-2022-1854 | 2022-07-27 | Use after free in ANGLE in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2022-1855 | 2022-07-27 | Use after free in Messaging in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2022-1856 | 2022-07-27 | Use after free in User Education in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via... |
| CVE-2022-1857 | 2022-07-27 | Insufficient policy enforcement in File System API in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. |
| CVE-2022-1858 | 2022-07-27 | Out of bounds read in DevTools in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to perform an out of bounds memory read via specific user interaction. |
| CVE-2022-1859 | 2022-07-27 | Use after free in Performance Manager in Google Chrome prior to 102.0.5005.61 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap... |
| CVE-2022-1860 | 2022-07-27 | Use after free in UI Foundations in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote attacker who convinced a user to engage in specific user interaction to... |
| CVE-2022-1861 | 2022-07-27 | Use after free in Sharing in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote attacker who convinced a user to enage in specific user interactions to potentially... |
| CVE-2022-1862 | 2022-07-27 | Inappropriate implementation in Extensions in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass profile restrictions via a crafted HTML... |
| CVE-2022-1863 | 2022-07-27 | Use after free in Tab Groups in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via... |
| CVE-2022-1864 | 2022-07-27 | Use after free in WebApp Installs in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via... |
| CVE-2022-1865 | 2022-07-27 | Use after free in Bookmarks in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a... |
| CVE-2022-1866 | 2022-07-27 | Use after free in Tablet Mode in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote attacker who convinced a user to engage in specific user interactions to... |
| CVE-2022-1867 | 2022-07-27 | Insufficient validation of untrusted input in Data Transfer in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to bypass same origin policy via a crafted clipboard content. |
| CVE-2022-1868 | 2022-07-27 | Inappropriate implementation in Extensions API in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted... |
| CVE-2022-1869 | 2022-07-27 | Type Confusion in V8 in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2022-1870 | 2022-07-27 | Use after free in App Service in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via... |
| CVE-2022-1871 | 2022-07-27 | Insufficient policy enforcement in File System API in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass file system policy... |
| CVE-2022-1872 | 2022-07-27 | Insufficient policy enforcement in Extensions API in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass downloads policy via a... |
| CVE-2022-1873 | 2022-07-27 | Insufficient policy enforcement in COOP in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |
| CVE-2022-1874 | 2022-07-27 | Insufficient policy enforcement in Safe Browsing in Google Chrome on Mac prior to 102.0.5005.61 allowed a remote attacker to bypass downloads protection policy via a crafted HTML page. |
| CVE-2022-1875 | 2022-07-27 | Inappropriate implementation in PDF in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |
| CVE-2022-1876 | 2022-07-27 | Heap buffer overflow in DevTools in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a... |
| CVE-2021-46830 | 2022-07-27 | A path traversal vulnerability exists within GoAnywhere MFT before 6.8.3 that utilize self-registration for the GoAnywhere Web Client. This vulnerability could potentially allow an external user who self-registers with a... |
| CVE-2021-33371 | 2022-07-27 | A stored cross-site scripting (XSS) vulnerability in /nav_bar_action.php of Student Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Chat... |
| CVE-2022-34009 | 2022-07-27 | Fossil 2.18 on Windows allows attackers to cause a denial of service (daemon crash) via an XSS payload in a ticket. This occurs because the ticket data is stored in... |
| CVE-2022-34140 | 2022-07-27 | A stored cross-site scripting (XSS) vulnerability in /index.php?r=site%2Fsignup of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username field. |
| CVE-2022-1919 | 2022-07-28 | Use after free in Codecs in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2022-2477 | 2022-07-28 | Use after free in Guest View in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via... |
| CVE-2022-2478 | 2022-07-28 | Use after free in PDF in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2022-2479 | 2022-07-28 | Insufficient validation of untrusted input in File in Google Chrome on Android prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious app to obtain potentially... |
| CVE-2022-2480 | 2022-07-28 | Use after free in Service Worker API in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2022-2481 | 2022-07-28 | Use after free in Views in Google Chrome prior to 103.0.5060.134 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption... |
| CVE-2022-2553 | 2022-07-28 | The authfile directive in the booth config file is ignored, preventing use of authentication in communications from node to node. As a result, nodes that do not have the correct... |
| CVE-2022-29360 | 2022-07-28 | The Email Viewer in RainLoop through 1.6.0 allows XSS via a crafted email message. |
| CVE-2022-34568 | 2022-07-28 | SDL v1.2 was discovered to contain a use-after-free via the XFree function at /src/video/x11/SDL_x11yuv.c. |
| CVE-2022-2294 | 2022-07-28 | Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2022-2007 | 2022-07-28 | Use after free in WebGPU in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2022-2008 | 2022-07-28 | Double free in WebGL in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2022-2010 | 2022-07-28 | Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a... |
| CVE-2022-2011 | 2022-07-28 | Use after free in ANGLE in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2022-2156 | 2022-07-28 | Use after free in Core in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2022-2157 | 2022-07-28 | Use after free in Interest groups in Google Chrome prior to 103.0.5060.53 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted... |
| CVE-2022-2158 | 2022-07-28 | Type confusion in V8 in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2022-2160 | 2022-07-28 | Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 103.0.5060.53 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information... |
| CVE-2022-2161 | 2022-07-28 | Use after free in WebApp Provider in Google Chrome prior to 103.0.5060.53 allowed a remote attacker who convinced the user to engage in specific user interactions to potentially exploit heap... |
| CVE-2022-2162 | 2022-07-28 | Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 103.0.5060.53 allowed a remote attacker to bypass file system access via a crafted HTML page. |
| CVE-2022-2164 | 2022-07-28 | Inappropriate implementation in Extensions API in Google Chrome prior to 103.0.5060.53 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a... |
| CVE-2022-2165 | 2022-07-28 | Insufficient data validation in URL formatting in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. |
| CVE-2022-2415 | 2022-07-28 | Heap buffer overflow in WebGL in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2022-37000 | 2022-07-28 | An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). Under certain conditions, an attacker... |
| CVE-2022-36999 | 2022-07-28 | An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). Under certain conditions, an attacker... |
| CVE-2022-36998 | 2022-07-28 | An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access... |
| CVE-2022-36997 | 2022-07-28 | An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access... |
| CVE-2022-36996 | 2022-07-28 | An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with access to... |
| CVE-2022-36995 | 2022-07-28 | An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access... |
| CVE-2022-36994 | 2022-07-28 | An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access... |
| CVE-2022-36993 | 2022-07-28 | An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access... |
| CVE-2022-36992 | 2022-07-28 | An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access... |
| CVE-2022-36991 | 2022-07-28 | An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access... |
| CVE-2022-36990 | 2022-07-28 | An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access... |
| CVE-2022-36989 | 2022-07-28 | An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access... |
| CVE-2022-36988 | 2022-07-28 | An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access... |
| CVE-2022-36987 | 2022-07-28 | An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access... |
| CVE-2022-36986 | 2022-07-28 | An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with unauthenticated access... |
| CVE-2022-36985 | 2022-07-28 | An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with unprivileged local... |
| CVE-2022-36984 | 2022-07-28 | An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access... |
| CVE-2022-2163 | 2022-07-28 | Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap... |
| CVE-2022-2295 | 2022-07-28 | Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2022-2296 | 2022-07-28 | Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote attacker who convinced a user to engage in specific user interactions... |
| CVE-2022-27615 | 2022-07-28 | Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in cgi component in Synology DNS Server before 2.2.2-5027 allows remote authenticated users to delete arbitrary files via... |
| CVE-2022-31627 | 2022-07-28 | Heap buffer overflow in finfo_buffer |
| CVE-2022-22684 | 2022-07-28 | Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in task management component in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows remote authenticated users to... |
| CVE-2022-27613 | 2022-07-28 | Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in webapi component in Synology CardDAV Server before 6.0.10-0153 allows remote authenticated users to inject SQL commands... |
| CVE-2022-22685 | 2022-07-28 | Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology WebDAV Server before 2.4.0-0062 allows remote authenticated users to delete arbitrary files via... |
| CVE-2022-27614 | 2022-07-28 | Exposure of sensitive information to an unauthorized actor vulnerability in web server in Synology Media Server before 1.8.1-2876 allows remote attackers to obtain sensitive information via unspecified vectors. |
| CVE-2022-22683 | 2022-07-28 | Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology Media Server before 1.8.1-2876 allows remote attackers to execute arbitrary code via unspecified vectors. |
| CVE-2022-27612 | 2022-07-28 | Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology Audio Station before 6.5.4-3367 allows remote attackers to execute arbitrary commands via unspecified vectors. |
| CVE-2022-27611 | 2022-07-28 | Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Audio Station before 6.5.4-3367 allows remote authenticated users to delete arbitrary files via... |
| CVE-2022-36364 | 2022-07-28 | Apache Calcite Avatica JDBC driver `httpclient_impl` connection property can be used as an RCE vector |
| CVE-2022-37009 | 2022-07-28 | In JetBrains IntelliJ IDEA before 2022.2 local code execution via a Vagrant executable was possible |
| CVE-2022-37010 | 2022-07-28 | In JetBrains IntelliJ IDEA before 2022.2 email address validation in the "Git User Name Is Not Defined" dialog was missed |
| CVE-2022-27509 | 2022-07-28 | Unauthenticated redirection to a malicious website |
| CVE-2021-22642 | 2022-07-28 | Ovarro TBox Uncontrolled Resource Consumption |
| CVE-2021-22640 | 2022-07-28 | Ovarro TBox Insufficiently Protected Credentials |
| CVE-2021-22650 | 2022-07-28 | Ovarro TBox Relative Path Traversal |
| CVE-2021-22648 | 2022-07-28 | Ovarro TBox Incorrect Permission Assignment for Critical Resource |
| CVE-2021-22644 | 2022-07-28 | Ovarro TBox Use of Hard-coded Cryptographic Key |
| CVE-2021-22646 | 2022-07-28 | Ovarro TBox Code Injection |
| CVE-2022-1805 | 2022-07-28 | When connecting to Amazon Workspaces, the SHA256 presented by AWS connection provisioner is not fully verified by Zero Clients. The issue could be exploited by an adversary that places a... |
| CVE-2022-35882 | 2022-07-28 | WordPress GS Testimonial Slider plugin <= 1.9.5 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-1948 | 2022-07-28 | An issue has been discovered in GitLab affecting all versions starting from 15.0 before 15.0.1. Missing validation of input used in quick actions allowed an attacker to exploit XSS by... |
| CVE-2016-2138 | 2022-07-28 | In kippo-graph before version 1.5.1, there is a cross-site scripting vulnerability in xss_clean() in class/KippoInput.class.php. |
| CVE-2016-2139 | 2022-07-28 | In kippo-graph before version 1.5.1, there is a cross-site scripting vulnerability in $file_link in class/KippoInput.class.php. |
| CVE-2022-2564 | 2022-07-28 | Prototype Pollution in automattic/mongoose |