CVE List - 2022 / July
Showing 401 - 500 of 1977 CVEs for July 2022 (Page 5 of 20)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-31563 | 2022-07-11 | The whmacmac/vprj repository through 2022-04-06 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| CVE-2022-31564 | 2022-07-11 | The woduq1414/munhak-moa repository before 2022-05-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| CVE-2022-31565 | 2022-07-11 | The yogson/syrabond repository through 2020-05-25 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| CVE-2022-31566 | 2022-07-11 | The DSAB-local/DSAB repository through 2019-02-18 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| CVE-2022-31567 | 2022-07-11 | The DSABenchmark/DSAB repository through 2.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| CVE-2022-31568 | 2022-07-11 | The Rexians/rex-web repository through 2022-06-05 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| CVE-2022-31570 | 2022-07-11 | The adriankoczuruek/ceneo-web-scrapper repository through 2021-03-15 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| CVE-2022-31571 | 2022-07-11 | The akashtalole/python-flask-restful-api repository through 2019-09-16 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| CVE-2022-31572 | 2022-07-11 | The ceee-vip/cockybook repository through 2015-04-16 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| CVE-2022-31573 | 2022-07-11 | The chainer/chainerrl-visualizer repository through 0.1.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| CVE-2022-31574 | 2022-07-11 | The deepaliupadhyay/RealEstate repository through 2018-11-30 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| CVE-2022-31575 | 2022-07-11 | The duducosmos/livro_python repository through 2018-06-06 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| CVE-2022-31576 | 2022-07-11 | The heidi-luong1109/shackerpanel repository through 2021-05-25 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| CVE-2022-31577 | 2022-07-11 | The longmaoteamtf/audio_aligner_app repository through 2020-01-10 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| CVE-2022-31578 | 2022-07-11 | The piaoyunsoft/bt_lnmp repository through 2019-10-10 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| CVE-2022-31579 | 2022-07-11 | The ralphjzhang/iasset repository through 2022-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| CVE-2022-31580 | 2022-07-11 | The sanojtharindu/caretakerr-api repository through 2021-05-17 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| CVE-2022-31581 | 2022-07-11 | The scorelab/OpenMF repository before 2022-05-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| CVE-2022-31582 | 2022-07-11 | The shaolo1/VideoServer repository through 2019-09-21 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| CVE-2022-31583 | 2022-07-11 | The sravaniboinepelli/AutomatedQuizEval repository through 2020-04-27 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| CVE-2022-31584 | 2022-07-11 | The stonethree/s3label repository through 2019-08-14 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| CVE-2022-31585 | 2022-07-11 | The umeshpatil-dev/Home__internet repository through 2020-08-28 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| CVE-2022-31586 | 2022-07-11 | The unizar-30226-2019-06/ChangePop-Back repository through 2019-06-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| CVE-2022-31587 | 2022-07-11 | The yuriyouzhou/KG-fashion-chatbot repository through 2018-05-22 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| CVE-2022-31588 | 2022-07-11 | The zippies/testplatform repository through 2016-07-19 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| CVE-2022-35414 | 2022-07-11 | softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translate_fail path, leading to an io_readx or io_writex crash. NOTE: a third party states that the Non-virtualization Use... |
| CVE-2022-35416 | 2022-07-11 | H3C SSL VPN through 2022-07-10 allows wnm/login/login.json svpnlang cookie XSS. |
| CVE-2022-2368 | 2022-07-11 | Authentication Bypass by Spoofing in microweber/microweber |
| CVE-2022-1794 | 2022-07-11 | Plaintext Storage of a password in CODESYS V3 OPC DA Server |
| CVE-2022-2302 | 2022-07-11 | LENZE: Missing password verification in authorisation procedure |
| CVE-2022-30791 | 2022-07-11 | CODESYS V3: CmpBlkDrvTcp allows unauthenticated attackers to block all its available TCP connections |
| CVE-2022-30792 | 2022-07-11 | CODESYS: CmpChannelServer, CmpChannelServerEmbedded allow unauthenticated attackers to block all their available communication channels |
| CVE-2021-41396 | 2022-07-11 | Live555 through 1.08 does not handle socket connections properly. A huge number of incoming socket connections in a short time invokes the error-handling module, in which a heap-based buffer overflow... |
| CVE-2022-33173 | 2022-07-11 | An algorithm-downgrade issue was discovered in Couchbase Server before 7.0.4. Analytics Remote Links may temporarily downgrade to non-TLS connection to determine the TLS port number, using SCRAM-SHA instead. |
| CVE-2022-33911 | 2022-07-11 | An issue was discovered in Couchbase Server 7.x before 7.0.4. Field names are not redacted in logged validation messages for Analytics Service. An Unauthorized Actor may be able to obtain... |
| CVE-2022-1057 | 2022-07-11 | Pricing Deals for WooCommerce <= 2.0.2.02 - Unauthenticated SQLi |
| CVE-2022-1220 | 2022-07-11 | FoxyShop < 4.8.2 - Reflected Cross-Site Scripting |
| CVE-2022-1474 | 2022-07-11 | WP Event Manager < 3.1.28 - Reflected Cross-Site Scripting |
| CVE-2022-1546 | 2022-07-11 | WooCommerce - Product Importer <= 1.5.2 - Reflected Cross-Site Scripting |
| CVE-2022-1576 | 2022-07-11 | WP Maintenance Mode & Coming Soon < 2.4.5 - Subscribed Users Deletion via CSRF |
| CVE-2022-1599 | 2022-07-11 | Admin Management Xtended < 2.4.5 - Post Visibility/Date/Comment Status Update via CSRF |
| CVE-2022-1626 | 2022-07-11 | Sharebar <= 1.4.1 - Arbitrary Settings Update to Stored XSS via CSRF |
| CVE-2022-1732 | 2022-07-11 | Rename wp-login.php <= 2.6.0 - Secret URL Update via CSRF |
| CVE-2022-1757 | 2022-07-11 | Pagebar < 2.70 - Arbitrary Settings Update via CSRF to Stored XSS |
| CVE-2022-1894 | 2022-07-11 | Popup Builder < 4.1.11 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-1910 | 2022-07-11 | Shortcodes and extra features for Phlox theme < 2.9.8 - Reflected Cross-Site-Scripting |
| CVE-2022-1937 | 2022-07-11 | Awin Data Feed < 1.8 - Reflected Cross-Site Scripting |
| CVE-2022-1938 | 2022-07-11 | Awin Data Feed < 1.8 - Unauthenticated Stored Cross-Site Scripting |
| CVE-2022-1951 | 2022-07-11 | Core Plugin for Kitestudio Themes < 2.3.1 - Reflected Cross-Site-Scripting |
| CVE-2022-1952 | 2022-07-11 | eaSYNC < 1.1.16 - Unauthenticated Arbitrary File Upload |
| CVE-2022-1956 | 2022-07-11 | Shortcut Macros <= 1.3 - Subscriber+ Arbitrary Settings Update |
| CVE-2022-1957 | 2022-07-11 | Comment License < 1.4.0 - Arbitrary Settings Update via CSRF |
| CVE-2022-2050 | 2022-07-11 | WP Paginate < 2.1.9 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-2089 | 2022-07-11 | Bold Page Builder < 4.3.3 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-2091 | 2022-07-11 | Cache Images < 3.2.1 - Image Upload / Import via CSRF |
| CVE-2022-2092 | 2022-07-11 | WooCommerce PDF Invoices & Packing Slips < 2.16.0 - Reflected Cross-Site Scripting |
| CVE-2022-2093 | 2022-07-11 | WP Duplicate Page < 1.3 - Admin+ Stored Cross Site Scripting |
| CVE-2022-2123 | 2022-07-11 | WP Opt-in <= 1.4.1 - Arbitrary Settings Update via CSRF |
| CVE-2022-30750 | 2022-07-11 | Improper access control vulnerability in updateLastConnectedClientInfo function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected. |
| CVE-2022-30751 | 2022-07-11 | Improper access control vulnerability in sendDHCPACKBroadcast function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected by using WIFI_AP_STA_DHCPACK_EVENT action. |
| CVE-2022-30752 | 2022-07-11 | Improper access control vulnerability in sendDHCPACKBroadcast function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected by using WIFI_AP_STA_STATE_CHANGED action. |
| CVE-2022-30753 | 2022-07-11 | Improper use of a unique device ID in unprotected SecSoterService prior to SMR Jul-2022 Release 1 allows local attackers to get the device ID without permission. |
| CVE-2022-30754 | 2022-07-11 | Implicit Intent hijacking vulnerability in AppLinker prior to SMR Jul-2022 Release 1 allow allows attackers to launch certain activities with privilege of AppLinker. |
| CVE-2022-30755 | 2022-07-11 | Improper authentication vulnerability in AppLock prior to SMR Jul-2022 Release 1 allows attacker to bypass password confirm activity by hijacking the implicit intent. |
| CVE-2022-30756 | 2022-07-11 | Implicit Intent hijacking vulnerability in Finder prior to SMR Jul-2022 Release 1 allow allows attackers to launch certain activities with privilege of Finder. |
| CVE-2022-30757 | 2022-07-11 | Improper authorization in isemtelephony prior to SMR Jul-2022 Release 1 allows attacker to obtain CID without ACCESS_FINE_LOCATION permission. |
| CVE-2022-30758 | 2022-07-11 | Implicit Intent hijacking vulnerability in Finder prior to SMR Jul-2022 Release 1 allow allows attackers to access some protected information with privilege of Finder. |
| CVE-2022-33685 | 2022-07-11 | Unprotected dynamic receiver in Wearable Manager Service prior to SMR Jul-2022 Release 1 allows attacker to launch arbitray activity and access senstive information. |
| CVE-2022-33686 | 2022-07-11 | Exposure of Sensitive Information in GsmAlarmManager prior to SMR Jul-2022 Release 1 allows local attacker to access iccid via log. |
| CVE-2022-33687 | 2022-07-11 | Exposure of Sensitive Information in telephony-common.jar prior to SMR Jul-2022 Release 1 allows local attackers to access IMSI via log. |
| CVE-2022-33688 | 2022-07-11 | Sensitive information exposure vulnerability in EventType in SecTelephonyProvider prior to SMR Jul-2022 Release 1 allows local attackers with log access permission to get IMSI through device log. |
| CVE-2022-33689 | 2022-07-11 | Improper access control vulnerability in TelephonyUI prior to SMR Jul-2022 Release 1 allows attackers to change preferred network type by unprotected binder call. |
| CVE-2022-33690 | 2022-07-11 | Improper input validation in Contacts Storage prior to SMR Jul-2022 Release 1 allows attacker to access arbitrary file. |
| CVE-2022-33691 | 2022-07-11 | A possible race condition vulnerability in score driver prior to SMR Jul-2022 Release 1 can allow local attackers to interleave malicious operations. |
| CVE-2022-33692 | 2022-07-11 | Exposure of Sensitive Information in Messaging application prior to SMR Jul-2022 Release 1 allows local attacker to access imsi and iccid via log. |
| CVE-2022-33693 | 2022-07-11 | Exposure of Sensitive Information in CID Manager prior to SMR Jul-2022 Release 1 allows local attacker to access iccid via log. |
| CVE-2022-33694 | 2022-07-11 | Exposure of Sensitive Information in CSC application prior to SMR Jul-2022 Release 1 allows local attacker to access wifi information via unprotected intent broadcasting. |
| CVE-2022-33695 | 2022-07-11 | Use of improper permission in InputManagerService prior to SMR Jul-2022 Release 1 allows unauthorized access to the service. |
| CVE-2022-33696 | 2022-07-11 | Exposure of Sensitive Information in Telephony service prior to SMR Jul-2022 Release 1 allows local attacker to access imsi and iccid via log. |
| CVE-2022-33697 | 2022-07-11 | Sensitive information exposure vulnerability in ImsServiceSwitchBase in ImsCore prior to SMR Jul-2022 Release 1 allows local attackers with log access permission to get IMSI through device log. |
| CVE-2022-33698 | 2022-07-11 | Exposure of Sensitive Information in Telecom application prior to SMR Jul-2022 Release 1 allows local attackers to access ICCID via log. |
| CVE-2022-33699 | 2022-07-11 | Exposure of Sensitive Information in getDsaSimImsi in TelephonyUI prior to SMR Jul-2022 Release 1 allows local attacker to access imsi via log. |
| CVE-2022-33700 | 2022-07-11 | Exposure of Sensitive Information in putDsaSimImsi in TelephonyUI prior to SMR Jul-2022 Release 1 allows local attacker to access imsi via log. |
| CVE-2022-33701 | 2022-07-11 | Improper access control vulnerability in KnoxCustomManagerService prior to SMR Jul-2022 Release 1 allows attacker to call PowerManaer.goToSleep method which is protected by system permission by sending braodcast intent. |
| CVE-2022-33702 | 2022-07-11 | Improper authorization vulnerability in Knoxguard prior to SMR Jul-2022 Release 1 allows local attacker to disable keyguard and bypass Knoxguard lock by factory reset. |
| CVE-2022-33703 | 2022-07-11 | Improper validation vulnerability in CACertificateInfo prior to SMR Jul-2022 Release 1 allows attackers to launch certain activities. |
| CVE-2022-33704 | 2022-07-11 | Improper validation vulnerability in ucmRetParcelable of KnoxSDK prior to SMR Jul-2022 Release 1 allows attackers to launch certain activities. |
| CVE-2022-33708 | 2022-07-11 | Improper input validation vulnerability in AppsPackageInstaller in Galaxy Store prior to version 4.5.41.8 allows local attackers to launch activities as Galaxy Store privilege. |
| CVE-2022-33709 | 2022-07-11 | Improper input validation vulnerability in ApexPackageInstaller in Galaxy Store prior to version 4.5.41.8 allows local attackers to launch activities as Galaxy Store privilege. |
| CVE-2022-33710 | 2022-07-11 | Improper input validation vulnerability in BillingPackageInsraller in Galaxy Store prior to version 4.5.41.8 allows local attackers to launch activities as Galaxy Store privilege. |
| CVE-2022-33712 | 2022-07-11 | Intent redirection vulnerability using implict intent in Camera prior to versions 12.0.01.64 ,12.0.3.23, 12.0.0.98, 12.0.6.11, 12.0.3.19 in Android S(12) allows attacker to get sensitive information. |
| CVE-2022-33711 | 2022-07-11 | Improper validation of integrity check vulnerability in Samsung USB Driver Windows Installer for Mobile Phones prior to version 1.7.56.0 allows local attackers to delete arbitrary directory using directory junction. |
| CVE-2022-33706 | 2022-07-11 | Improper access control vulnerability in Samsung Gallery prior to version 13.1.05.8 allows physical attackers to access the pictures using S Pen air gesture. |
| CVE-2022-33713 | 2022-07-11 | Implicit Intent hijacking vulnerability in Samsung Cloud prior to version 5.2.0 allows attacker to get sensitive information. |
| CVE-2022-33705 | 2022-07-11 | Information exposure in Calendar prior to version 12.3.05.10000 allows attacker to access calendar schedule without READ_CALENDAR permission. |
| CVE-2022-33707 | 2022-07-11 | Improper identifier creation logic in Find My Mobile prior to version 7.2.24.12 allows attacker to identify the device. |
| CVE-2021-46741 | 2022-07-11 | The basic framework and setting module have defects, which were introduced during the design. Successful exploitation of this vulnerability may affect system integrity. |
| CVE-2022-34735 | 2022-07-11 | The frame scheduling module has a null pointer dereference vulnerability. Successful exploitation of this vulnerability will affect the kernel availability. |
| CVE-2022-34736 | 2022-07-11 | The frame scheduling module has a null pointer dereference vulnerability. Successful exploitation of this vulnerability will affect the kernel availability. |
| CVE-2022-34743 | 2022-07-11 | The AT commands of the USB port have an out-of-bounds read vulnerability. Successful exploitation of this vulnerability may affect system availability. |