CVE List - 2022 / July
Showing 801 - 900 of 1977 CVEs for July 2022 (Page 9 of 20)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-32223 | 2022-07-14 | Node.js is vulnerable to Hijack Execution Flow: DLL Hijacking under certain conditions on Windows platforms.This vulnerability can be exploited if the victim has the following dependencies on a Windows machine:*... |
| CVE-2022-32225 | 2022-07-14 | A reflected DOM-Based XSS vulnerability has been discovered in the Help directory of Veeam Management Pack for Microsoft System Center 8.0. This vulnerability could be exploited by an attacker by... |
| CVE-2022-32210 | 2022-07-14 | `Undici.ProxyAgent` never verifies the remote server's certificate, and always exposes all request & response data to the proxy. This unexpectedly means that proxies can MitM all HTTPS traffic, and if... |
| CVE-2022-2393 | 2022-07-14 | A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker... |
| CVE-2022-1662 | 2022-07-14 | In convert2rhel, there's an ansible playbook named ansible/run-convert2rhel.yml which passes the Red Hat Subscription Manager user password via the CLI to convert2rhel. This could allow unauthorized local users to view... |
| CVE-2022-29593 | 2022-07-14 | relay_cgi.cgi on Dingtian DT-R002 2CH relay devices with firmware 3.1.276A allows an attacker to replay HTTP post requests without the need for authentication or a valid signed/authorized request. |
| CVE-2021-45492 | 2022-07-14 | In Sage 300 ERP (formerly accpac) through 6.8.x, the installer configures the C:\Sage\Sage300\Runtime directory to be the first entry in the system-wide PATH environment variable. However, this directory is writable... |
| CVE-2021-39015 | 2022-07-14 | IBM Engineering Lifecycle Optimization - Publishing 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering... |
| CVE-2021-39016 | 2022-07-14 | IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 does not sufficiently monitor or control transmitted network traffic volume, so that an actor can cause the software... |
| CVE-2021-39017 | 2022-07-14 | IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to upload arbitrary files, caused by improper access controls. IBM X-Force ID: 213725. |
| CVE-2021-39018 | 2022-07-14 | IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose sensitive information in a SQL error message that could aid in further attacks against the system.... |
| CVE-2021-39019 | 2022-07-14 | IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose highly sensitive information through an HTTP GET request to an authenticated user. IBM X-Force ID: 213728. |
| CVE-2021-39028 | 2022-07-14 | IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could... |
| CVE-2022-22473 | 2022-07-14 | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console data. This information could be... |
| CVE-2022-22477 | 2022-07-14 | IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality... |
| CVE-2022-35283 | 2022-07-14 | IBM Security Verify Information Queue 10.0.2 could allow an authenticated user to cause a denial of service with a specially crafted HTTP request. |
| CVE-2022-2401 | 2022-07-14 | Team members could access sensitive information of other users via an API call |
| CVE-2022-2406 | 2022-07-14 | Malicious imports can lead to Denial of Service |
| CVE-2022-2408 | 2022-07-14 | Guest accounts can list all public channels |
| CVE-2022-22450 | 2022-07-14 | IBM Security Verify Identity Manager 10.0 could allow a privileged user to upload a malicious file by bypassing extension security in an HTTP request. IBM X-Force ID: 224916. |
| CVE-2022-22452 | 2022-07-14 | IBM Security Verify Identity Manager 10.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 224918. |
| CVE-2022-22453 | 2022-07-14 | IBM Security Verify Identity Manager 10.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 224919. |
| CVE-2022-22460 | 2022-07-14 | IBM Security Verify Identity Manager 10.0 contains sensitive information in the source code repository that could be used in further attacks against the system. IBM X-Force ID: 225013. |
| CVE-2022-31142 | 2022-07-14 | Potential Timing Attack Vector in @fastify/bearer-auth |
| CVE-2022-32297 | 2022-07-14 | Piwigo v12.2.0 was discovered to contain SQL injection vulnerability via the Search function. |
| CVE-2022-32298 | 2022-07-14 | Toybox v0.8.7 was discovered to contain a NULL pointer dereference via the component httpd.c. This vulnerability can lead to a Denial of Service (DoS) via unspecified vectors. |
| CVE-2022-23825 | 2022-07-14 | Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure. |
| CVE-2021-26382 | 2022-07-14 | An attacker with root account privileges can load any legitimately signed firmware image into the Audio Co-Processor (ACP,) irrespective of the respective signing key being declared as usable for authenticating... |
| CVE-2021-26384 | 2022-07-14 | A malformed SMI (System Management Interface) command may allow an attacker to establish a corrupted SMI Trigger Info data structure, potentially leading to out-of-bounds memory reads and writes when triggering... |
| CVE-2022-31147 | 2022-07-14 | jquery-validation ReDoS in url2 due to incomplete fix of CVE-2021-43306 |
| CVE-2021-4135 | 2022-07-14 | A memory leak vulnerability was found in the Linux kernel's eBPF for the Simulated networking device driver in the way user uses BPF for the device such that function nsim_map_alloc_elem... |
| CVE-2022-32318 | 2022-07-14 | Fast Food Ordering System v1.0 was discovered to contain a persistent cross-site scripting (XSS) vulnerability via the component /ffos/classes/Master.php?f=save_category. |
| CVE-2022-31156 | 2022-07-14 | Gradle's dependency verification can ignore checksum verification when signature verification cannot be performed |
| CVE-2022-32323 | 2022-07-14 | AutoTrace v0.40.0 was discovered to contain a heap overflow via the ReadImage function at input-bmp.c:660. |
| CVE-2022-32389 | 2022-07-14 | Isode SWIFT v4.0.2 was discovered to contain hard-coded credentials in the Registry Editor. This allows attackers to access sensitive information such as user credentials and certificates. |
| CVE-2022-32406 | 2022-07-14 | GtkRadiant v1.6.6 was discovered to contain a buffer overflow via the component q3map2. This vulnerability can cause a Denial of Service (DoS) via a crafted MAP file. |
| CVE-2022-32409 | 2022-07-14 | A local file inclusion (LFI) vulnerability in the component codemirror.php of Portal do Software Publico Brasileiro i3geo v7.0.5 allows attackers to execute arbitrary PHP code via a crafted HTTP request. |
| CVE-2022-34092 | 2022-07-14 | Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability via svg2img.php. |
| CVE-2022-34093 | 2022-07-14 | Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability via access_token.php. |
| CVE-2022-34094 | 2022-07-14 | Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability via request_token.php. |
| CVE-2022-32415 | 2022-07-14 | Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/?p=products/view_product&id=. |
| CVE-2022-32416 | 2022-07-14 | Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/classes/Master.php?f=delete_product. |
| CVE-2022-32417 | 2022-07-14 | PbootCMS v3.1.2 was discovered to contain a remote code execution (RCE) vulnerability via the function parserIfLabel at function.php. |
| CVE-2022-32425 | 2022-07-14 | The login function of Mealie v1.0.0beta-2 allows attackers to enumerate existing usernames by timing the server's response time. |
| CVE-2022-35409 | 2022-07-15 | An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. In some configurations, an unauthenticated attacker can send an invalid ClientHello message to a DTLS server that... |
| CVE-2022-31161 | 2022-07-15 | Roxy-WI Vulnerable to Unauthenticated Remote Code Execution via ssl_cert Upload |
| CVE-2022-2418 | 2022-07-15 | URVE Web Manager img_upload.php unrestricted upload |
| CVE-2022-2419 | 2022-07-15 | URVE Web Manager upload.php unrestricted upload |
| CVE-2022-2420 | 2022-07-15 | URVE Web Manager uploader.php unrestricted upload |
| CVE-2022-1881 | 2022-07-15 | In affected versions of Octopus Server an Insecure Direct Object Reference vulnerability exists where it is possible for a user to download Project Exports from a Project they do not... |
| CVE-2022-29890 | 2022-07-15 | In affected versions of Octopus Server the help sidebar can be customized to include a Cross-Site Scripting payload in the support link. |
| CVE-2022-32119 | 2022-07-15 | Arox School ERP Pro v1.0 was discovered to contain multiple arbitrary file upload vulnerabilities via the Add Photo function at photogalleries.inc.php and the import staff excel function at 1finance_master.inc.php. |
| CVE-2022-32118 | 2022-07-15 | Arox School ERP Pro v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the dispatchcategory parameter in backoffice.inc.php. |
| CVE-2020-36553 | 2022-07-15 | Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Area(food_type) field to /dashboard/menu-list.php. |
| CVE-2020-36552 | 2022-07-15 | Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Made field to /dashboard/menu-list.php. |
| CVE-2020-36551 | 2022-07-15 | Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Item Name field to /dashboard/menu-list.php. |
| CVE-2020-36550 | 2022-07-15 | Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Table Name field to /dashboard/table-list.php. |
| CVE-2020-35261 | 2022-07-15 | Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Restaurant Name field to /dashboard/profile.php. |
| CVE-2022-34826 | 2022-07-15 | In Couchbase Server 7.1.x before 7.1.1, an encrypted Private Key passphrase may be leaked in the logs. |
| CVE-2021-36461 | 2022-07-15 | An Arbitrary File Upload vulnerability exists in Microweber 1.1.3 that allows attackers to getshell via the Settings Upload Picture section by uploading pictures with malicious code, user.ini. |
| CVE-2022-30242 | 2022-07-15 | Honeywell Alerton Ascent Control Module (ACM) through 2022-05-04 allows unauthenticated configuration changes from remote users. This enables configuration data to be stored on the controller and then implemented. A user... |
| CVE-2022-30243 | 2022-07-15 | Honeywell Alerton Visual Logic through 2022-05-04 allows unauthenticated programming writes from remote users. This enables code to be stored on the controller and then run without verification. A user with... |
| CVE-2022-30244 | 2022-07-15 | Honeywell Alerton Ascent Control Module (ACM) through 2022-05-04 allows unauthenticated programming writes from remote users. This enables code to be store on the controller and then run without verification. A... |
| CVE-2022-30245 | 2022-07-15 | Honeywell Alerton Compass Software 1.6.5 allows unauthenticated configuration changes from remote users. This enables configuration data to be stored on the controller and then implemented. A user with malicious intent... |
| CVE-2022-31097 | 2022-07-15 | Stored XSS in Grafana's Unified Alerting |
| CVE-2022-31107 | 2022-07-15 | Grafana account takeover via OAuth vulnerability |
| CVE-2020-35305 | 2022-07-15 | Cross site scripting (XSS) in gollum 5.0 to 5.1.2 via the filename parameter to the 'New Page' dialog. |
| CVE-2022-23141 | 2022-07-15 | ZXMP M721 has an information leak vulnerability. Since the serial port authentication on the ZBOOT interface is not effective although it is enabled, an attacker could use this vulnerability to... |
| CVE-2022-34216 | 2022-07-15 | Adobe Acrobat Reader DC PDF Parsing Use-After-Free Remote Code Execution Vulnerability |
| CVE-2022-34215 | 2022-07-15 | Adobe Acrobat Reader DC Annotation Polygon Out-Of-Bounds Read Remote Code Execution Vulnerability |
| CVE-2022-34221 | 2022-07-15 | Adobe Acrobat Reader Type Confusion vulnerability could lead to Arbitrary code execution |
| CVE-2022-34220 | 2022-07-15 | Acrobat Reader DC Font Parsing Use-After-Free Remote Code Execution Vulnerability |
| CVE-2022-34217 | 2022-07-15 | Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2022-34219 | 2022-07-15 | Adobe Acrobat Reader DC Font Parsing Use-After-Free Remote Code Execution Vulnerability |
| CVE-2022-34223 | 2022-07-15 | Adobe Acrobat Reader DC AcroForm currentValueIndices Use-After-Free Remote Code Execution Vulnerability |
| CVE-2022-34222 | 2022-07-15 | Adobe Acrobat Reader DC query Out-Of-Bounds Read Remote Code Execution Vulnerability |
| CVE-2022-34225 | 2022-07-15 | Adobe Acrobat Reader DC AcroForm exportValues Use-After-Free Remote Code Execution Vulnerability |
| CVE-2022-34226 | 2022-07-15 | Adobe Acrobat Reader DC PDF Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| CVE-2022-34229 | 2022-07-15 | Adobe Acrobat Reader DC AcroForm rect Use-After-Free Remote Code Execution Vulnerability |
| CVE-2022-34234 | 2022-07-15 | Adobe Acrobat Reader DC Doc printWithParams Use-After-Free Information Disclosure Vulnerability |
| CVE-2022-34232 | 2022-07-15 | Adobe Acrobat Reader DC Annotation print Use-After-Free Information Disclosure Vulnerability |
| CVE-2022-34230 | 2022-07-15 | Adobe Acrobat Reader Use After Free could lead to Arbitrary code execution |
| CVE-2022-34237 | 2022-07-15 | Adobe Acrobat Reader DC Font Parsing Use-After-Free Information Disclosure Vulnerability |
| CVE-2022-34236 | 2022-07-15 | Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2022-34233 | 2022-07-15 | Adobe Acrobat Reader DC Doc print Use-After-Free Information Disclosure Vulnerability |
| CVE-2022-34228 | 2022-07-15 | Adobe Acrobat Reader DC Font Parsing Uninitialized Variable Remote Code Execution Vulnerability |
| CVE-2022-34239 | 2022-07-15 | Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2022-34242 | 2022-07-15 | Adobe Character Animator SVG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| CVE-2022-34241 | 2022-07-15 | Adobe Character Animator SVG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2022-34244 | 2022-07-15 | Adobe Photoshop U3D File Parsing Access of Uninitialized Pointer Information Disclosure Vulnerability |
| CVE-2022-34243 | 2022-07-15 | Adobe Photoshop U3D File Parsing Use-After-Free Remote Code Execution Vulnerability |
| CVE-2022-23201 | 2022-07-15 | Adobe RoboHelp Reflected XSS could lead to Arbitrary code execution |
| CVE-2022-34248 | 2022-07-15 | Adobe InDesign Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2022-34246 | 2022-07-15 | Adobe InDesign Font Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2022-34245 | 2022-07-15 | Adobe InDesign Font Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2022-34247 | 2022-07-15 | Adobe InDesign Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2022-34250 | 2022-07-15 | Adobe InCopy Font Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2022-34249 | 2022-07-15 | Adobe InCopy Font Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2022-34252 | 2022-07-15 | Adobe InCopy Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2022-34251 | 2022-07-15 | Adobe InCopy Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |