CVE List - 2022 / July
Showing 101 - 200 of 1977 CVEs for July 2022 (Page 2 of 20)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-26051 | 2022-07-04 | Operation restriction bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Portal. |
| CVE-2022-26054 | 2022-07-04 | Operation restriction bypass vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Link. |
| CVE-2022-26368 | 2022-07-04 | Browse restriction bypass and operation restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter and/or obtain the data of Cabinet. |
| CVE-2022-27627 | 2022-07-04 | Cross-site scripting vulnerability in Organization's Information of Cybozu Garoon 4.10.2 to 5.5.1 allows a remote attacker to execute an arbitrary script on the logged-in user's web browser. |
| CVE-2022-27661 | 2022-07-04 | Operation restriction bypass vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Workflow. |
| CVE-2022-27803 | 2022-07-04 | Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Space. |
| CVE-2022-27807 | 2022-07-04 | Improper input validation vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to disable to add Categories. |
| CVE-2022-28692 | 2022-07-04 | Improper input validation vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Scheduler. |
| CVE-2022-28713 | 2022-07-04 | Improper authentication vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote attacker to obtain some data of Facility Information without logging in to the product. |
| CVE-2022-28718 | 2022-07-04 | Operation restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.5.1 allow a remote authenticated attacker to alter the data of Bulletin. |
| CVE-2022-29467 | 2022-07-04 | Address information disclosure vulnerability in Cybozu Garoon 4.2.0 to 5.5.1 allows a remote authenticated attacker to obtain some data of Address. |
| CVE-2022-29471 | 2022-07-04 | Browse restriction bypass vulnerability in Bulletin of Cybozu Garoon allows a remote authenticated attacker to obtain the data of Bulletin. |
| CVE-2022-29484 | 2022-07-04 | Operation restriction bypass vulnerability in Space of Cybozu Garoon 4.0.0 to 5.9.0 allows a remote authenticated attacker to delete the data of Space. |
| CVE-2022-29513 | 2022-07-04 | Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary script. |
| CVE-2022-29892 | 2022-07-04 | Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to repeatedly display errors in certain functions and cause a denial-of-service (DoS). |
| CVE-2022-2301 | 2022-07-04 | Buffer Over-read in hpjansson/chafa |
| CVE-2022-2300 | 2022-07-04 | Cross-site Scripting (XSS) - Stored in microweber/microweber |
| CVE-2021-25056 | 2022-07-04 | Ninja Forms < 3.6.10 - Admin+ Stored Cross-Site Scripting |
| CVE-2021-25066 | 2022-07-04 | Ninja Forms < 3.6.10 - Admin+ Stored Cross-Site Scripting via Import |
| CVE-2022-0250 | 2022-07-04 | Redirection for Contact Form 7 < 2.5.0 - Reflected Cross-Site Scripting |
| CVE-2022-1301 | 2022-07-04 | WP Contact Slider < 2.4.7 - Editor+ Stored Cross-Site Scripting |
| CVE-2022-1946 | 2022-07-04 | Gallery < 2.0.0 - Reflected Cross-Site Scripting |
| CVE-2022-1967 | 2022-07-04 | WP Championship < 9.3 - Multiple CSRF |
| CVE-2022-2268 | 2022-07-04 | WP All Import < 3.6.8 - Admin+ Arbitrary File Upload |
| CVE-2022-33171 | 2022-07-04 | The findOne function in TypeORM before 0.3.0 can either be supplied with a string or a FindOneOptions object. When input to the function is a user-controlled parsed JSON object, supplying... |
| CVE-2022-31599 | 2022-07-04 | NVIDIA DGX A100 contains a vulnerability in SBIOS in the Ofbd, where a local user with elevated privileges can cause access to an uninitialized pointer, which may lead to code... |
| CVE-2022-31600 | 2022-07-04 | NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmmCore, where a user with high privileges can chain another vulnerability to this vulnerability, causing an integer overflow, possibly leading... |
| CVE-2022-31601 | 2022-07-04 | NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmbiosPei, which may allow a highly privileged local attacker to cause an out-of-bounds write, which may lead to code execution,... |
| CVE-2022-31602 | 2022-07-04 | NVIDIA DGX A100 contains a vulnerability in SBIOS in the IpSecDxe, where a user with elevated privileges and a preconditioned heap can exploit an out-of-bounds write vulnerability, which may lead... |
| CVE-2022-31603 | 2022-07-04 | NVIDIA DGX A100 contains a vulnerability in SBIOS in the IpSecDxe, where a user with high privileges and preconditioned IpSecDxe global data can exploit improper validation of an array index... |
| CVE-2022-34829 | 2022-07-04 | Zoho ManageEngine ADSelfService Plus before 6203 allows a denial of service (application restart) via a crafted payload to the Mobile App Deployment API. |
| CVE-2022-34918 | 2022-07-04 | An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate... |
| CVE-2021-43116 | 2022-07-05 | An Access Control vulnerability exists in Nacos 2.0.3 in the access prompt page; enter username and password, click on login to capture packets and then change the returned package, which... |
| CVE-2022-31836 | 2022-07-05 | The leafInfo.match() function in Beego v2.0.3 and below uses path.join() to deal with wildcardvalues which can lead to cross directory risk. |
| CVE-2022-2304 | 2022-07-05 | Stack-based Buffer Overflow in vim/vim |
| CVE-2022-2306 | 2022-07-05 | Insufficient Session Expiration in heroiclabs/nakama |
| CVE-2022-2309 | 2022-07-05 | NULL Pointer Dereference in lxml/lxml |
| CVE-2022-2097 | 2022-07-05 | AES OCB fails to encrypt some bytes |
| CVE-2021-43702 | 2022-07-05 | ASUS RT-A88U 3.0.0.4.386_45898 is vulnerable to Cross Site Scripting (XSS). The ASUS router admin panel does not sanitize the WiFI logs correctly, if an attacker was able to change the... |
| CVE-2022-30289 | 2022-07-05 | A stored Cross-site Scripting (XSS) vulnerability was identified in the Data Import functionality of OpenCTI through 5.2.4. An attacker can abuse the vulnerability to upload a malicious file that will... |
| CVE-2022-30290 | 2022-07-05 | In OpenCTI through 5.2.4, a broken access control vulnerability has been identified in the profile endpoint. An attacker can abuse the identified vulnerability in order to arbitrarily change their registered... |
| CVE-2022-33744 | 2022-07-05 | Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree to keep track of the foreign mappings. Updating of... |
| CVE-2022-33743 | 2022-07-05 | network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data Path), a code label was moved in a way allowing for SKBs... |
| CVE-2022-26365 | 2022-07-05 | Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't... |
| CVE-2022-33740 | 2022-07-05 | Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't... |
| CVE-2022-33741 | 2022-07-05 | Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't... |
| CVE-2022-33742 | 2022-07-05 | Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't... |
| CVE-2022-34876 | 2022-07-05 | VICIDial 2.14b0.5 SVN 3550 was discovered to contain multiple SQL injection vulnerability at /vicidial/admin.php. |
| CVE-2022-34877 | 2022-07-05 | VICIDial 2.14b0.5 SVN 3550 was discovered to contains a SQL injection vulnerability at /vicidial/AST_agent_time_sheet.php. |
| CVE-2022-34878 | 2022-07-05 | VICIDial 2.14b0.5 SVN 3550 was discovered to contain a SQL injection vulnerability at /vicidial/user_stats.php. |
| CVE-2022-34879 | 2022-07-05 | VICIDial 2.14b0.5 SVN 3550 was discovered to contain multiple Cross Site Scripting (XSS) vulnerabilities at /vicidial/admin.php. |
| CVE-2022-31770 | 2022-07-05 | IBM App Connect Enterprise Certified Container 4.2 could allow a user from the administration console to cause a denial of service by creating a specially crafted request. IBM X-Force ID:... |
| CVE-2021-44915 | 2022-07-05 | Taocms 3.0.2 was discovered to contain a blind SQL injection vulnerability via the function Edit category. |
| CVE-2022-31014 | 2022-07-05 | SMTP Command Injection in iCalendar Attachments to emails via newlines in Nextcloud Server |
| CVE-2022-31117 | 2022-07-05 | Double free of buffer during string decoding in ujson |
| CVE-2022-33075 | 2022-07-05 | A stored cross-site scripting (XSS) vulnerability in the Add Classification function of Zoo Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via unspecified vectors. |
| CVE-2022-31116 | 2022-07-05 | Incorrect handling of invalid surrogate pair characters in ujson |
| CVE-2022-2321 | 2022-07-05 | Improper Restriction of Excessive Authentication Attempts in heroiclabs/nakama |
| CVE-2022-31856 | 2022-07-05 | Newsletter Module v3.x was discovered to contain a SQL injection vulnerability via the zemez_newsletter_email parameter at /index.php. |
| CVE-2022-32310 | 2022-07-05 | An access control issue in Ingredient Stock Management System v1.0 allows attackers to take over user accounts via a crafted POST request to /isms/classes/Users.php. |
| CVE-2022-32311 | 2022-07-05 | Ingredient Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /isms/admin/stocks/view_stock.php. |
| CVE-2022-34972 | 2022-07-05 | So Filter Shop v3.x was discovered to contain multiple blind SQL injection vulnerabilities via the att_value_id , manu_value_id , opt_value_id , and subcate_value_id parameters at /index.php?route=extension/module/so_filter_shop_by/filter_data. |
| CVE-2022-32413 | 2022-07-05 | An arbitrary file upload vulnerability in Dice v4.2.0 allows attackers to execute arbitrary code via a crafted file. |
| CVE-2022-2318 | 2022-07-06 | There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. |
| CVE-2022-33980 | 2022-07-06 | Apache Commons Configuration insecure interpolation defaults |
| CVE-2022-31125 | 2022-07-06 | Authentication Bypass in Roxy-wi |
| CVE-2022-31129 | 2022-07-06 | Inefficient Regular Expression Complexity in moment |
| CVE-2022-22681 | 2022-07-06 | Session fixation vulnerability in access control management in Synology Photo Station before 6.8.16-3506 allows remote attackers to bypass security constraint via unspecified vectors. |
| CVE-2021-45721 | 2022-07-06 | JFrog Artifactory prior to version 7.29.8 and 6.23.38 is vulnerable to Reflected Cross-Site Scripting (XSS) through one of the XHR parameters in Users REST API endpoint. This issue affects: JFrog... |
| CVE-2021-46687 | 2022-07-06 | JFrog Artifactory prior to version 7.31.10 and 6.23.38 is vulnerable to Sensitive Data Exposure through the Project Administrator REST API. This issue affects: JFrog JFrog Artifactory JFrog Artifactory versions before... |
| CVE-2022-32533 | 2022-07-06 | Apache Portals Jetspeed XSS, CSRF, SSRF, and XXE issues |
| CVE-2021-23163 | 2022-07-06 | JFrog Artifactory prior to version 7.33.6 and 6.23.38, is vulnerable to CSRF ( Cross-Site Request Forgery) for specific endpoints. This issue affects: JFrog JFrog Artifactory JFrog Artifactory versions before 7.33.6... |
| CVE-2022-35229 | 2022-07-06 | Reflected XSS in discovery page of Zabbix Frontend |
| CVE-2022-35230 | 2022-07-06 | Reflected XSS in graphs page of Zabbix Frontend |
| CVE-2022-32290 | 2022-07-06 | The client in Northern.tech Mender 3.2.0, 3.2.1, and 3.2.2 has Incorrect Access Control. It listens on a random, unprivileged TCP port and exposes an HTTP proxy to facilitate API calls... |
| CVE-2022-30591 | 2022-07-06 | quic-go through 0.27.0 allows remote attackers to cause a denial of service (CPU consumption) via a Slowloris variant in which incomplete QUIC or HTTP/3 requests are sent. This occurs because... |
| CVE-2022-32386 | 2022-07-06 | Tenda AC23 v16.03.07.44 was discovered to contain a buffer overflow via fromAdvSetMacMtuWan. |
| CVE-2022-32385 | 2022-07-06 | Tenda AC23 v16.03.07.44 is vulnerable to Stack Overflow that will allow for the execution of arbitrary code (remote). |
| CVE-2022-32383 | 2022-07-06 | Tenda AC23 v16.03.07.44 was discovered to contain a stack overflow via the AdvSetMacMtuWan function. |
| CVE-2021-31676 | 2022-07-06 | A reflected XSS was discovered in PESCMS-V2.3.3. When combined with CSRF in the same file, they can cause bigger destruction. |
| CVE-2021-31677 | 2022-07-06 | An issue was discovered in PESCMS-V2.3.3. There is a CSRF vulnerability that can modify admin and other members' passwords. |
| CVE-2021-31679 | 2022-07-06 | An issue was discovered in PESCMS-V2.3.3. There is a CSRF vulnerability that allows attackers to delete admin and other members' account numbers. |
| CVE-2021-31678 | 2022-07-06 | An issue was discovered in PESCMS-V2.3.3. There is a CSRF vulnerability that can delete import information about a user's company. |
| CVE-2022-28935 | 2022-07-06 | Totolink A830R V5.9c.4729_B20191112, Totolink A3100R V4.1.2cu.5050_B20200504, Totolink A950RG V4.1.2cu.5161_B20200903, Totolink A800R V4.1.2cu.5137_B20200730, Totolink A3000RU V5.9c.5185_B20201128, Totolink A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability. |
| CVE-2021-37839 | 2022-07-06 | Improper access to dataset metadata information |
| CVE-2022-24138 | 2022-07-06 | IOBit Advanced System Care (Asc.exe) 15 and Action Download Center both download components of IOBit suite into ProgramData folder, ProgramData folder has "rwx" permissions for unprivileged users. Low privilege users... |
| CVE-2022-24139 | 2022-07-06 | In IOBit Advanced System Care (AscService.exe) 15, an attacker with SEImpersonatePrivilege can create a named pipe with the same name as one of ASCService's named pipes. ASCService first tries to... |
| CVE-2022-24140 | 2022-07-06 | IOBit Advanced System Care 15, iTop Screen Recorder 2.1, iTop VPN 3.2, Driver Booster 9, and iTop Screenshot sends HTTP requests in their update procedure in order to download a... |
| CVE-2022-24141 | 2022-07-06 | The iTopVPNmini.exe component of iTop VPN 3.2 will try to connect to datastate_iTopVPN_Pipe_Server on a loop. An attacker that opened a named pipe with the same name can use it... |
| CVE-2022-20082 | 2022-07-06 | In GPU, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction... |
| CVE-2022-21763 | 2022-07-06 | In telecom service, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction... |
| CVE-2022-21764 | 2022-07-06 | In telecom service, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction... |
| CVE-2022-21744 | 2022-07-06 | In Modem 2G RR, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution when decoding GPRS Packet Neighbour... |
| CVE-2022-20083 | 2022-07-06 | In Modem 2G/3G CC, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution when decoding combined FACILITY with... |
| CVE-2022-21767 | 2022-07-06 | In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed.... |
| CVE-2022-21768 | 2022-07-06 | In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed.... |
| CVE-2022-21765 | 2022-07-06 | In CCCI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2022-21766 | 2022-07-06 | In CCCI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2022-21769 | 2022-07-06 | In CCCI, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction... |
| CVE-2022-21770 | 2022-07-06 | In sound driver, there is a possible information disclosure due to symlink following. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed... |