CVE List - 2022 / August
Showing 1 - 100 of 2306 CVEs for August 2022 (Page 1 of 24)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-31188 | 2022-08-01 | Server-Side Request Forgery Vulnerability in Computer Vision Annotation Tool (CVAT) |
| CVE-2022-35919 | 2022-08-01 | Authenticated requests for server update admin API allows path traversal in minio |
| CVE-2022-36799 | 2022-08-01 | This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been implemented. Affected versions of Atlassian Jira Server and... |
| CVE-2022-27255 | 2022-08-01 | In Realtek eCos RSDK 1.5.7p1 and MSDK 4.9.4p1, the SIP ALG function that rewrites SDP data has a stack-based buffer overflow. This allows an attacker to remotely execute code without... |
| CVE-2022-26308 | 2022-08-01 | Improper Access Control in Configuration (Credential store) |
| CVE-2022-26309 | 2022-08-01 | Cross-Site Request en Bulk operation (User operation) |
| CVE-2022-26310 | 2022-08-01 | Improper Authorization in User Management to Vertical Privilege Escalation |
| CVE-2022-0598 | 2022-08-01 | Login with phone number < 1.3.8 - Multiple Admin+ Stored XSS |
| CVE-2022-1324 | 2022-08-01 | Event Timeline <= 1.1.5 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-1561 | 2022-08-01 | Crafted backend URLs in Lura Project |
| CVE-2022-1585 | 2022-08-01 | Project Source Code Download <= 1.0.0 - Unauthenticated Backup Download |
| CVE-2022-1600 | 2022-08-01 | YOP Poll < 6.4.3 - IP Spoofing |
| CVE-2022-1906 | 2022-08-01 | Copyright Proof <= 4.16 - Reflected Cross-Site-Scripting |
| CVE-2022-1950 | 2022-08-01 | Youzify < 1.2.0 - Unauthenticated SQLi |
| CVE-2022-2170 | 2022-08-01 | Microsoft Advertising Universal Event Tracking < 1.0.4 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-2171 | 2022-08-01 | Progressive License <= 1.1.0 - CSRF to Stored XSS |
| CVE-2022-2181 | 2022-08-01 | Advanced WordPress Reset < 1.6 - Reflected Cross-Site Scripting |
| CVE-2022-2184 | 2022-08-01 | CAPTCHA 4WP < 7.1.0 - Local File Inclusion via CSRF |
| CVE-2022-2215 | 2022-08-01 | GiveWP < 2.21.3 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-2241 | 2022-08-01 | Featured Image from URL < 4.0.0 - Arbitrary Settings Update to Stored XSS via CSRF |
| CVE-2022-2245 | 2022-08-01 | Counter Box < 1.2.1 - Arbitrary Counter Activation/Deactivation via CSRF |
| CVE-2022-2260 | 2022-08-01 | GiveWP < 2.21.3 - DoS via CSRF |
| CVE-2022-2273 | 2022-08-01 | Simple Membership < 4.1.3 - Membership Privilege Escalation |
| CVE-2022-2278 | 2022-08-01 | Featured Image from URL < 4.0.1 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-2305 | 2022-08-01 | WordPress Popup <= 1.9.3.8 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-2317 | 2022-08-01 | Simple Membership < 4.1.3 - Unauthenticated Membership Privilege Escalation |
| CVE-2022-2325 | 2022-08-01 | Invitation Based Registrations <= 2.2.84 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-2328 | 2022-08-01 | Flexi Quote Rotator <= 0.9.4 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-2369 | 2022-08-01 | YaySMTP < 2.2.1 - Subscriber+ Logs Disclosure |
| CVE-2022-2370 | 2022-08-01 | YaySMTP < 2.2.1 - Subscriber+ SMTP Credentials Leak |
| CVE-2022-36343 | 2022-08-01 | WordPress Enable SVG, WebP & ICO Upload plugin <= 1.0.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-34154 | 2022-08-01 | WordPress Enable SVG, WebP & ICO Upload plugin <= 1.0.1 - Authenticated Arbitrary File Upload vulnerability |
| CVE-2022-26437 | 2022-08-01 | In httpclient, there is a possible out of bounds write due to uninitialized data. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction... |
| CVE-2022-21789 | 2022-08-01 | In audio ipi, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is... |
| CVE-2022-21790 | 2022-08-01 | In camera isp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User... |
| CVE-2022-21791 | 2022-08-01 | In camera isp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User... |
| CVE-2022-21792 | 2022-08-01 | In camera isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed.... |
| CVE-2022-26426 | 2022-08-01 | In camera isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed.... |
| CVE-2022-26427 | 2022-08-01 | In camera isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed.... |
| CVE-2022-26428 | 2022-08-01 | In video codec, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is... |
| CVE-2022-26429 | 2022-08-01 | In cta, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local escalation of privilege with... |
| CVE-2022-21788 | 2022-08-01 | In scp, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not... |
| CVE-2022-26430 | 2022-08-01 | In mailbox, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is... |
| CVE-2022-26431 | 2022-08-01 | In mailbox, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2022-26432 | 2022-08-01 | In mailbox, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2022-26433 | 2022-08-01 | In mailbox, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is... |
| CVE-2022-26434 | 2022-08-01 | In mailbox, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2022-26435 | 2022-08-01 | In mailbox, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is... |
| CVE-2022-26436 | 2022-08-01 | In emi mpu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User... |
| CVE-2022-26438 | 2022-08-01 | In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed.... |
| CVE-2022-26439 | 2022-08-01 | In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed.... |
| CVE-2022-26440 | 2022-08-01 | In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed.... |
| CVE-2022-26441 | 2022-08-01 | In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed.... |
| CVE-2022-26442 | 2022-08-01 | In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed.... |
| CVE-2022-26443 | 2022-08-01 | In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed.... |
| CVE-2022-26444 | 2022-08-01 | In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed.... |
| CVE-2022-26445 | 2022-08-01 | In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed.... |
| CVE-2022-2509 | 2022-08-01 | A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function. |
| CVE-2022-34567 | 2022-08-01 | An issue in \Roaming\Mango\Plugins of University of Texas Multi-image Analysis GUI (Mango) 4.1 allows attackers to escalate privileges via crafted plugins. |
| CVE-2022-36301 | 2022-08-01 | BF-OS version 3.x up to and including 3.83 do not enforce strong passwords which may allow a remote attacker to brute-force the device password. |
| CVE-2022-36302 | 2022-08-01 | File path manipulation vulnerability in BF-OS version 3.00 up to and including 3.83 allows an attacker to modify the file path to access different resources, which may contain sensitive information. |
| CVE-2022-2571 | 2022-08-01 | Heap-based Buffer Overflow in vim/vim |
| CVE-2022-2589 | 2022-08-01 | Cross-site Scripting (XSS) - Reflected in beancount/fava |
| CVE-2022-2580 | 2022-08-01 | Heap-based Buffer Overflow in vim/vim |
| CVE-2022-2581 | 2022-08-01 | Out-of-bounds Read in vim/vim |
| CVE-2022-2595 | 2022-08-01 | Improper Authorization in kromitgmbh/titra |
| CVE-2022-2596 | 2022-08-01 | Inefficient Regular Expression Complexity in node-fetch/node-fetch |
| CVE-2022-30698 | 2022-08-01 | Novel "ghost domain names" attack by introducing subdomain delegations |
| CVE-2022-30699 | 2022-08-01 | Novel "ghost domain names" attack by updating almost expired delegation information |
| CVE-2022-33955 | 2022-08-01 | IBM CICS TX 11.1 could allow allow an attacker with physical access to the system to execute code due using a back and refresh attack. IBM X-Force ID: 229312. |
| CVE-2022-34161 | 2022-08-01 | IBM CICS TX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM... |
| CVE-2022-34162 | 2022-08-01 | IBM CICS TX 11.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker... |
| CVE-2022-34163 | 2022-08-01 | IBM CICS TX 11.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against... |
| CVE-2022-34164 | 2022-08-01 | IBM CICS TX 11.1 could allow a local user to impersonate another legitimate user due to improper input validation. IBM X-Force ID: 229338. |
| CVE-2022-34307 | 2022-08-01 | IBM CICS TX 11.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link... |
| CVE-2022-31109 | 2022-08-01 | HTTP Host Header Attack Vulnerability in laminas-diactoros |
| CVE-2022-31128 | 2022-08-01 | Fine grained permissions are not checked in Tuleap |
| CVE-2022-31148 | 2022-08-01 | Persistent cross site scripting in customer module in Shopware |
| CVE-2022-31154 | 2022-08-01 | Indirect Object Access in Sourcegraph Code Monitoring |
| CVE-2022-31155 | 2022-08-01 | Unauthorized overwriting of saved searches in Sourcegraph |
| CVE-2022-31173 | 2022-08-01 | Juniper is vulnerable to @DOS GraphQL Nested Fragments overflow |
| CVE-2022-31177 | 2022-08-01 | Possible to infer sensitive information through query strings in Flask-AppBuilder |
| CVE-2022-31178 | 2022-08-01 | Improper Authorization in eLabFTW |
| CVE-2022-31180 | 2022-08-01 | Insufficient escaping of whitespace in shescape |
| CVE-2022-31179 | 2022-08-01 | Insufficient escaping of line feeds for CMD in shescape |
| CVE-2022-31321 | 2022-08-01 | The foldername parameter in Bolt 5.1.7 was discovered to have incorrect input validation, allowing attackers to perform directory enumeration or cause a Denial of Service (DoS) via a crafted input. |
| CVE-2022-34530 | 2022-08-01 | An issue in the login and reset password functionality of Backdrop CMS v1.22.0 allows attackers to enumerate usernames via password reset requests and distinct responses returned based on usernames. |
| CVE-2022-35118 | 2022-08-01 | PyroCMS v3.9 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities. |
| CVE-2022-31185 | 2022-08-01 | Email addresses are not hidden regardless of selected state in mprweb |
| CVE-2022-31186 | 2022-08-01 | Leakage of excessive information into log in next-auth |
| CVE-2022-31181 | 2022-08-01 | Remote code execution in prestashop |
| CVE-2022-31182 | 2022-08-01 | Cache poisoning via maliciously-formed request in Discourse |
| CVE-2022-31184 | 2022-08-01 | Email activation route can be abused by spammers in Discourse |
| CVE-2022-31183 | 2022-08-01 | mTLS client verification is skipped in fs2 on Node.js |
| CVE-2022-31190 | 2022-08-01 | Metadata of withdrawn Items is exposed to anonymous users in DSpace XMLUI |
| CVE-2022-31189 | 2022-08-01 | "Internal System Error" page in DSpace JSPUI prints exceptions and stack traces without sanitization |
| CVE-2022-31193 | 2022-08-01 | URL Redirection to Untrusted Site in Dspace JSPUI |
| CVE-2022-31194 | 2022-08-01 | Path traversal vulnerabilities in DSpace JSPUI submission upload |
| CVE-2022-31191 | 2022-08-01 | Cross Site Scripting possible in DSpace JSPUI spellcheck and autocomplete tools |
| CVE-2022-31192 | 2022-08-01 | Cross Site Scripting possible in DSpace JSPUI "Request a Copy" feature |