CVE List - 2022 / July
Showing 301 - 400 of 1977 CVEs for July 2022 (Page 4 of 20)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-32481 | 2022-07-07 | Dell PowerProtect Cyber Recovery, versions prior to 19.11, contain a privilege escalation vulnerability on virtual appliance deployments. A lower-privileged authenticated user can chain docker commands to escalate privileges to root... |
| CVE-2022-33936 | 2022-07-07 | Cloud Mobility for Dell EMC Storage, 1.3.0.XXX contains a RCE vulnerability. A non-privileged user could potentially exploit this vulnerability, leading to achieving a root shell. This is a critical issue;... |
| CVE-2022-32061 | 2022-07-07 | An arbitrary file upload vulnerability in the Select User function under the People Menu component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file. |
| CVE-2022-1245 | 2022-07-07 | A privilege escalation flaw was found in the token exchange feature of keycloak. Missing authorization allows a client application holding a valid access token to exchange tokens for any target... |
| CVE-2022-2343 | 2022-07-08 | Heap-based Buffer Overflow in vim/vim |
| CVE-2022-2344 | 2022-07-08 | Heap-based Buffer Overflow in vim/vim |
| CVE-2022-2345 | 2022-07-08 | Use After Free in vim/vim |
| CVE-2022-31137 | 2022-07-08 | Unauthenticated Remote Code Execution in Roxy-WI |
| CVE-2021-41037 | 2022-07-08 | In Eclipse p2, installable units are able to alter the Eclipse Platform installation and the local machine via touchpoints during installation. Those touchpoints can, for example, alter the command-line used... |
| CVE-2022-30852 | 2022-07-08 | Known v1.3.1 was discovered to contain an Insecure Direct Object Reference (IDOR). |
| CVE-2022-31290 | 2022-07-08 | A cross-site scripting (XSS) vulnerability in Known v1.2.2+2020061101 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Your Name text field. |
| CVE-2022-32115 | 2022-07-08 | An issue in the isSVG() function of Known v1.2.2+2020061101 allows attackers to execute arbitrary code via a crafted SVG file. |
| CVE-2022-33011 | 2022-07-08 | Known v1.3.1+2020120201 was discovered to allow attackers to perform an account takeover via a host header injection attack. |
| CVE-2022-28624 | 2022-07-08 | A potential security vulnerability has been identified in certain HPE FlexNetwork and FlexFabric switch products. The vulnerability could be remotely exploited to allow cross site scripting (XSS). HPE has made... |
| CVE-2022-28623 | 2022-07-08 | Security vulnerabilities in HPE IceWall SSO 10.0 certd could be exploited remotely to allow SQL injection or unauthorized data injection. HPE has provided the following updated modules to resolve these... |
| CVE-2022-35406 | 2022-07-08 | A URL disclosure issue was discovered in Burp Suite before 2022.6. If a user views a crafted response in the Repeater or Intruder, it may be incorrectly interpreted as a... |
| CVE-2022-34160 | 2022-07-08 | IBM CICS TX Standard and Advanced 11.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web... |
| CVE-2022-34166 | 2022-07-08 | IBM CICS TX Standard and Advanced 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality... |
| CVE-2022-34167 | 2022-07-08 | IBM CICS TX Standard and Advanced 11.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended... |
| CVE-2022-34306 | 2022-07-08 | IBM CICS TX Standard and Advanced 11.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct... |
| CVE-2022-35410 | 2022-07-08 | mat2 (aka metadata anonymisation toolkit) before 0.13.0 allows ../ directory traversal during the ZIP archive cleaning process. This primarily affects mat2 web instances, in which clients could obtain sensitive information... |
| CVE-2022-22370 | 2022-07-08 | IBM Security Verify Access 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the... |
| CVE-2022-22463 | 2022-07-08 | IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to... |
| CVE-2022-22464 | 2022-07-08 | IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 225081. |
| CVE-2022-22465 | 2022-07-08 | IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 could allow a local user to obtain elevated privileges due to improper access permissions. IBM X-Force ID: 225082. |
| CVE-2022-22476 | 2022-07-08 | IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.7 and Open Liberty are vulnerable to identity spoofing by an authenticated user using a specially crafted request. IBM X-Force ID: 225604. |
| CVE-2022-35411 | 2022-07-08 | rpc.py through 0.6.0 allows Remote Code Execution because an unpickle occurs when the "serializer: pickle" HTTP header is sent. In other words, although JSON (not Pickle) is the default data... |
| CVE-2022-34914 | 2022-07-08 | Webswing before 22.1.3 allows X-Forwarded-For header injection. The client IP address is associated with a variable in the configuration page. The {clientIp} variable can be used as an application startup... |
| CVE-2022-35412 | 2022-07-08 | Digital Guardian Agent 7.7.4.0042 allows an administrator (who ordinarily does not have a supported way to uninstall the product) to disable some of the agent functionality and then exfiltrate files... |
| CVE-2022-2353 | 2022-07-09 | Cross-Site Request Forgery (CSRF) in microweber/microweber |
| CVE-2022-27910 | 2022-07-10 | Extension - Joomlatools - DOCman - Reflected Cross-Site Scripting (XSS) in an image upload function |
| CVE-2022-2365 | 2022-07-10 | Cross-site Scripting (XSS) - Stored in zadam/trilium |
| CVE-2022-32294 | 2022-07-11 | Zimbra Collaboration Open Source 8.8.15 does not encrypt the initial-login randomly created password (from the "zmprove ca" command). It is visible in cleartext on port UDP 514 (aka the syslog... |
| CVE-2022-27168 | 2022-07-11 | Cross-site scripting vulnerability in LiteCart versions prior to 2.4.2 allows a remote attacker to inject an arbitrary script via unspecified vectors. |
| CVE-2022-29512 | 2022-07-11 | Exposure of sensitive information to an unauthorized actor issue in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to obtain the data without the viewing... |
| CVE-2022-30602 | 2022-07-11 | Operation restriction bypass in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to alter the file information and/or delete the files. |
| CVE-2022-30943 | 2022-07-11 | Browsing restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to obtain the data of Bulletin. |
| CVE-2022-31472 | 2022-07-11 | Browse restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to obtain the data of Cabinet. |
| CVE-2022-31501 | 2022-07-11 | The ChaoticOnyx/OnyxForum repository before 2022-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| CVE-2022-31502 | 2022-07-11 | The operatorequals/wormnest repository through 0.4.7 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| CVE-2022-31503 | 2022-07-11 | The orchest/orchest repository before 2022.05.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| CVE-2022-31504 | 2022-07-11 | The ChangeWeDer/BaiduWenkuSpider_flaskWeb repository before 2021-11-29 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| CVE-2022-31505 | 2022-07-11 | The cheo0/MercadoEnLineaBack repository through 2022-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| CVE-2022-31506 | 2022-07-11 | The cmusatyalab/opendiamond repository through 10.1.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| CVE-2022-31507 | 2022-07-11 | The ganga-devs/ganga repository before 8.5.10 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| CVE-2022-31508 | 2022-07-11 | The idayrus/evoting repository before 2022-05-08 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| CVE-2022-31509 | 2022-07-11 | The iedadata/usap-dc-website repository through 1.0.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| CVE-2022-31510 | 2022-07-11 | The sergeKashkin/Simple-RAT repository before 2022-05-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| CVE-2022-31511 | 2022-07-11 | The AFDudley/equanimity repository through 2014-04-23 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| CVE-2022-31512 | 2022-07-11 | The Atom02/flask-mvc repository through 2020-09-14 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| CVE-2022-31513 | 2022-07-11 | The BolunHan/Krypton repository through 2021-06-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| CVE-2022-31514 | 2022-07-11 | The Caoyongqi912/Fan_Platform repository through 2021-04-20 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| CVE-2022-31515 | 2022-07-11 | The Delor4/CarceresBE repository through 1.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| CVE-2022-31516 | 2022-07-11 | The Harveyzyh/Python repository through 2022-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| CVE-2022-31517 | 2022-07-11 | The HolgerGraef/MSM repository through 2021-04-20 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| CVE-2022-31518 | 2022-07-11 | The JustAnotherSoftwareDeveloper/Python-Recipe-Database repository through 2021-03-31 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| CVE-2022-31519 | 2022-07-11 | The Lukasavicus/WindMill repository through 1.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| CVE-2022-31520 | 2022-07-11 | The Luxas98/logstash-management-api repository through 2020-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| CVE-2022-31521 | 2022-07-11 | The Niyaz-Mohamed/mosaic repository through 1.0.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| CVE-2022-31522 | 2022-07-11 | The NotVinay/karaokey repository through 2019-12-11 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| CVE-2022-31523 | 2022-07-11 | The PaddlePaddle/Anakin repository through 0.1.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| CVE-2022-31524 | 2022-07-11 | The PureStorage-OpenConnect/swagger repository through 1.1.5 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| CVE-2022-31525 | 2022-07-11 | The SummaLabs/DLS repository through 0.1.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| CVE-2022-31526 | 2022-07-11 | The ThundeRatz/ThunderDocs repository through 2020-05-01 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| CVE-2022-31527 | 2022-07-11 | The Wildog/flask-file-server repository through 2020-02-20 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| CVE-2022-31528 | 2022-07-11 | The bonn-activity-maps/bam_annotation_tool repository through 2021-08-31 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| CVE-2022-31529 | 2022-07-11 | The cinemaproject/monorepo repository through 2021-03-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| CVE-2022-31530 | 2022-07-11 | The csm-aut/csm repository through 3.5 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| CVE-2022-31531 | 2022-07-11 | The dainst/cilantro repository through 0.0.4 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| CVE-2022-31532 | 2022-07-11 | The dankolbman/travel_blahg repository through 2016-01-16 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| CVE-2022-31533 | 2022-07-11 | The decentraminds/umbral repository through 2020-01-15 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| CVE-2022-31534 | 2022-07-11 | The echoleegroup/PythonWeb repository through 2018-10-31 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| CVE-2022-31535 | 2022-07-11 | The freefood89/Fishtank repository through 2015-06-24 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| CVE-2022-31536 | 2022-07-11 | The jaygarza1982/ytdl-sync repository through 2021-01-02 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| CVE-2022-31537 | 2022-07-11 | The jmcginty15/Solar-system-simulator repository through 2021-07-26 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| CVE-2022-31538 | 2022-07-11 | The joaopedro-fg/mp-m08-interface repository through 2020-12-10 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| CVE-2022-31539 | 2022-07-11 | The kotekan/kotekan repository through 2021.11 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| CVE-2022-31540 | 2022-07-11 | The kumardeepak/hin-eng-preprocessing repository through 2019-07-16 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| CVE-2022-31541 | 2022-07-11 | The lyubolp/Barry-Voice-Assistant repository through 2021-01-18 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| CVE-2022-31542 | 2022-07-11 | The mandoku/mdweb repository through 2015-05-07 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| CVE-2022-31543 | 2022-07-11 | The maxtortime/SetupBox repository through 1.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| CVE-2022-31544 | 2022-07-11 | The meerstein/rbtm repository through 1.5 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| CVE-2022-31545 | 2022-07-11 | The ml-inory/ModelConverter repository through 2021-04-26 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| CVE-2022-31546 | 2022-07-11 | The nlpweb/glance repository through 2014-06-27 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| CVE-2022-31547 | 2022-07-11 | The noamezekiel/sphere repository through 2020-05-31 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| CVE-2022-31548 | 2022-07-11 | The nrlakin/homepage repository through 2017-03-06 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| CVE-2022-31549 | 2022-07-11 | The olmax99/helm-flask-celery repository before 2022-05-25 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| CVE-2022-31550 | 2022-07-11 | The olmax99/pyathenastack repository through 2019-11-08 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| CVE-2022-31551 | 2022-07-11 | The pleomax00/flask-mongo-skel repository through 2012-11-01 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| CVE-2022-31552 | 2022-07-11 | The project-anuvaad/anuvaad-corpus repository through 2020-11-23 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| CVE-2022-31553 | 2022-07-11 | The rainsoupah/sleep-learner repository through 2021-02-21 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| CVE-2022-31554 | 2022-07-11 | The rohitnayak/movie-review-sentiment-analysis repository through 2017-05-07 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| CVE-2022-31555 | 2022-07-11 | The romain20100/nursequest repository through 2018-02-22 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| CVE-2022-31556 | 2022-07-11 | The rusyasoft/TrainEnergyServer repository through 2017-08-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| CVE-2022-31557 | 2022-07-11 | The seveas/golem repository through 2016-05-17 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| CVE-2022-31558 | 2022-07-11 | The tooxie/shiva-server repository through 0.10.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| CVE-2022-31559 | 2022-07-11 | The tsileo/flask-yeoman repository through 2013-09-13 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| CVE-2022-31560 | 2022-07-11 | The uncleYiba/photo_tag repository through 2020-08-31 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| CVE-2022-31561 | 2022-07-11 | The varijkapil13/Sphere_ImageBackend repository through 2019-10-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| CVE-2022-31562 | 2022-07-11 | The waveyan/internshipsystem repository through 2018-05-22 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |