CVE List - 2022 / August
Showing 901 - 1000 of 2306 CVEs for August 2022 (Page 10 of 24)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-20308 | 2022-08-11 | In hostapd, there is a possible insecure configuration due to an insecure default value. This could lead to remote denial of service of the wifi hotspot with no additional execution... |
| CVE-2022-20309 | 2022-08-11 | In PackageInstaller, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure... |
| CVE-2022-20310 | 2022-08-11 | In Telecomm, there is a possible disclosure of registered self managed phone accounts due to a missing permission check. This could lead to local information disclosure with User execution privileges... |
| CVE-2022-20311 | 2022-08-11 | In Telecomm, there is a possible disclosure of registered self managed phone accounts due to a missing permission check. This could lead to local information disclosure with User execution privileges... |
| CVE-2022-20312 | 2022-08-11 | In WifiP2pManager, there is a possible toobtain WiFi P2P MAC address without user consent due to missing permission check. This could lead to local information disclosure without additional execution privileges... |
| CVE-2022-20313 | 2022-08-11 | In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2022-20314 | 2022-08-11 | In KeyChain, there is a possible spoof keychain chooser activity request due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2022-20315 | 2022-08-11 | In ActivityManager, there is a possible disclosure of installed packages due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User... |
| CVE-2022-20316 | 2022-08-11 | In ContentResolver, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure... |
| CVE-2022-20317 | 2022-08-11 | In SystemUI, there is a possible way to unexpectedly enable the external speaker due to a logic error in the code. This could lead to local information disclosure with no... |
| CVE-2022-20318 | 2022-08-11 | In PackageInstaller, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure... |
| CVE-2022-20319 | 2022-08-11 | In DreamServices, there is a possible way to launch arbitrary protected activities due to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed.... |
| CVE-2022-20320 | 2022-08-11 | In ActivityManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure... |
| CVE-2022-20321 | 2022-08-11 | In Settings, there is a possible way for an application without permissions to read content of WiFi QR codes due to a missing permission check. This could lead to local... |
| CVE-2022-20322 | 2022-08-11 | In PackageManager, there is a possible installed package disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction... |
| CVE-2022-20323 | 2022-08-11 | In PackageManager, there is a possible package installation disclosure due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is... |
| CVE-2022-20324 | 2022-08-11 | In Framework, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure... |
| CVE-2022-20325 | 2022-08-11 | In Media, there is a possible code execution due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction... |
| CVE-2022-20326 | 2022-08-11 | In Telephony, there is a possible disclosure of SIM identifiers due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction... |
| CVE-2022-20327 | 2022-08-11 | In Wi-Fi, there is a possible way to retrieve the WiFi SSID without location permissions due to a missing permission check. This could lead to local information disclosure with User... |
| CVE-2022-20328 | 2022-08-11 | In PackageManager, there is a possible way to determine whether an app is installed due to a missing permission check. This could lead to local information disclosure with no additional... |
| CVE-2022-20329 | 2022-08-11 | In Wifi, there is a possible way to enable Wifi without permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution... |
| CVE-2022-20330 | 2022-08-11 | In Bluetooth, there is a possible way to connect or disconnect bluetooth devices without user awareness due to a missing permission check. This could lead to local escalation of privilege... |
| CVE-2022-20331 | 2022-08-11 | In the Framework, there is a possible way to enable a work profile without user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with... |
| CVE-2022-20332 | 2022-08-11 | In PackageManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure... |
| CVE-2022-20333 | 2022-08-11 | In Bluetooth, there is a possible crash due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is... |
| CVE-2022-20334 | 2022-08-11 | In Bluetooth, there are possible process crashes due to dereferencing a null pointer. This could lead to remote denial of service with no additional execution privileges needed. User interaction is... |
| CVE-2022-20335 | 2022-08-11 | In Wifi Slice, there is a possible way to adjust Wi-Fi settings even when the permission has been disabled due to a missing permission check. This could lead to local... |
| CVE-2022-20336 | 2022-08-11 | In Settings, there is a possible installed application disclosure due to a missing permission check. This could lead to local information disclosure of applications allow-listed to use the network during... |
| CVE-2022-20339 | 2022-08-11 | In Android, there is a possible access of network neighbor table information due to an insecure SEpolicy configuration. This could lead to local information disclosure of network topography with no... |
| CVE-2022-20340 | 2022-08-11 | In SELinux policy, there is a possible way of inferring which websites are being opened in the browser due to a missing permission check. This could lead to local information... |
| CVE-2022-20341 | 2022-08-11 | In ConnectivityService, there is a possible bypass of network permissions due to a missing permission check. This could lead to local information disclosure of tethering interfaces with no additional execution... |
| CVE-2022-20342 | 2022-08-11 | In WiFi, there is a possible disclosure of WiFi password to the end user due to an insecure default value. This could lead to local information disclosure with no additional... |
| CVE-2022-20362 | 2022-08-11 | In Bluetooth, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution over Bluetooth with no additional execution privileges needed.... |
| CVE-2021-44720 | 2022-08-11 | In Ivanti Pulse Secure Pulse Connect Secure (PCS) before 9.1R12, the administrator password is stored in the HTML source code of the "Maintenance > Push Configuration > Targets > Target... |
| CVE-2022-35555 | 2022-08-11 | A command injection vulnerability exists in /goform/exeCommand in Tenda W6 V1.0.0.9(4122), which allows attackers to construct cmdinput parameters for arbitrary command execution. |
| CVE-2022-35557 | 2022-08-11 | A stack overflow vulnerability exists in /goform/wifiSSIDget in Tenda W6 V1.0.0.9(4122) version, which can be exploited by attackers to cause a denial of service (DoS) via the index parameter. |
| CVE-2022-35558 | 2022-08-11 | A stack overflow vulnerability exists in /goform/WifiMacFilterGet in Tenda W6 V1.0.0.9(4122) version, which can be exploited by attackers to cause a denial of service (DoS) via the index parameter. |
| CVE-2022-35559 | 2022-08-11 | A stack overflow vulnerability exists in /goform/setAutoPing in Tenda W6 V1.0.0.9(4122), which allows an attacker to construct ping1 parameters and ping2 parameters for a stack overflow attack. An attacker can... |
| CVE-2022-35560 | 2022-08-11 | A stack overflow vulnerability exists in /goform/wifiSSIDset in Tenda W6 V1.0.0.9(4122) version, which can be exploited by attackers to cause a denial of service (DoS) via the index parameter. |
| CVE-2022-35561 | 2022-08-11 | A stack overflow vulnerability exists in /goform/WifiMacFilterSet in Tenda W6 V1.0.0.9(4122) version, which can be exploited by attackers to cause a denial of service (DoS) via the index parameter. |
| CVE-2022-28626 | 2022-08-11 | A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. A highly privileged user could locally exploit this vulnerability to... |
| CVE-2022-28628 | 2022-08-11 | A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. An unprivileged user could locally exploit this vulnerability to execute... |
| CVE-2022-28627 | 2022-08-11 | A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. An unprivileged user could locally exploit this vulnerability to execute... |
| CVE-2022-28629 | 2022-08-11 | A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. A low privileged user could locally exploit this vulnerability to... |
| CVE-2022-28630 | 2022-08-11 | A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. An unprivileged user could locally exploit this vulnerability to execute... |
| CVE-2022-28631 | 2022-08-11 | A potential arbitrary code execution and a denial of service (DoS) vulnerability within an isolated process were discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71.... |
| CVE-2022-28632 | 2022-08-11 | A potential arbitrary code execution and a denial of service (DoS) vulnerability within an isolated process were discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71.... |
| CVE-2022-28636 | 2022-08-11 | A potential local arbitrary code execution and a local denial of service (DoS) vulnerability within an isolated process were discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior... |
| CVE-2022-28635 | 2022-08-11 | A potential local arbitrary code execution and a local denial of service (DoS) vulnerability within an isolated process were discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior... |
| CVE-2022-28633 | 2022-08-11 | A local disclosure of sensitive information and a local unauthorized data modification vulnerability were discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. An unprivileged user... |
| CVE-2022-28634 | 2022-08-11 | A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. A highly privileged user could locally exploit this vulnerability to... |
| CVE-2022-37041 | 2022-08-11 | An issue was discovered in ProxyServlet.java in the /proxy servlet in Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0. The value of the X-Forwarded-Host header overwrites the value of the Host... |
| CVE-2022-37042 | 2022-08-11 | Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. By bypassing authentication (i.e., not having an authtoken), an attacker... |
| CVE-2022-37043 | 2022-08-11 | An issue was discovered in the webmail component in Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0. When using preauth, CSRF tokens are not checked on some POST endpoints. Thus, when... |
| CVE-2022-37044 | 2022-08-11 | In Zimbra Collaboration Suite (ZCS) 8.8.15, the URL at /h/search?action accepts parameters called extra, title, and onload that are partially sanitised and lead to reflected XSS that allows executing arbitrary... |
| CVE-2022-38183 | 2022-08-12 | In Gitea before 1.16.9, it was possible for users to add existing issues to projects. Due to improper access controls, an attacker could assign any issue to any project in... |
| CVE-2022-2503 | 2022-08-12 | Linux Kernel LoadPin bypass via dm-verity table reload |
| CVE-2022-35949 | 2022-08-12 | `undici.request` vulnerable to SSRF using absolute URL on `pathname` |
| CVE-2022-2779 | 2022-08-12 | SourceCodester Gas Agency Management System oneWord.php unrestricted upload |
| CVE-2022-38179 | 2022-08-12 | JetBrains Ktor before 2.1.0 was vulnerable to the Reflect File Download attack |
| CVE-2022-38180 | 2022-08-12 | In JetBrains Ktor before 2.1.0 the wrong authentication provider could be selected in some cases |
| CVE-2022-2390 | 2022-08-12 | Mutable pending intent in Google Play services SDK |
| CVE-2022-37423 | 2022-08-12 | Neo4j APOC (Awesome Procedures on Cypher) before 4.3.0.7 and 4.x before 4.4.0.8 allows Directory Traversal to sibling directories via apoc.log.stream. |
| CVE-2022-35932 | 2022-08-12 | Missing rate limit when trying to join a password protected Nextcloud Talk conversation |
| CVE-2022-35590 | 2022-08-12 | A cross-site scripting (XSS) issue in the ForkCMS version 5.9.3 allows remote attackers to inject JavaScript via the "end_date" Parameter |
| CVE-2022-35589 | 2022-08-12 | A cross-site scripting (XSS) issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "publish_on_time" Parameter. |
| CVE-2022-35587 | 2022-08-12 | A cross-site scripting (XSS) issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "publish_on_date" Parameter |
| CVE-2022-35585 | 2022-08-12 | A stored cross-site scripting (XSS) issue in the ForkCMS version 5.9.3 allows remote attackers to inject JavaScript via the "start_date" Parameter |
| CVE-2021-42750 | 2022-08-12 | A cross-site scripting (XSS) vulnerability in Rule Engine in ThingsBoard 3.3.1 allows remote attackers (with administrative access) to inject arbitrary JavaScript within the title of a rule node. |
| CVE-2021-42751 | 2022-08-12 | A cross-site scripting (XSS) vulnerability in Rule Engine in ThingsBoard 3.3.1 allows remote attackers (with administrative access) to inject arbitrary JavaScript within the description of a rule node. |
| CVE-2022-35980 | 2022-08-12 | OpenSearch vulnerable to Improper Authorization of Index Containing Sensitive Information |
| CVE-2022-37397 | 2022-08-12 | The software is vulnerable when using LDAP-based authentication in YCQL with Microsoft’s Active Directory |
| CVE-2021-29118 | 2022-08-12 | Esri ArcReader PMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2021-29112 | 2022-08-12 | Esri ArcReader PMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2021-29117 | 2022-08-12 | arcreader use-after-free |
| CVE-2022-2797 | 2022-08-12 | SourceCodester Student Information System view_student.php sql injection |
| CVE-2022-2587 | 2022-08-12 | Out of bounds write in Chrome OS Audio Server in Google Chrome on Chrome OS prior to 102.0.5005.125 allowed a remote attacker to potentially exploit heap corruption via crafted audio... |
| CVE-2022-2603 | 2022-08-12 | Use after free in Omnibox in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2022-2604 | 2022-08-12 | Use after free in Safe Browsing in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2022-2605 | 2022-08-12 | Out of bounds read in Dawn in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2022-2606 | 2022-08-12 | Use after free in Managed devices API in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enable a specific Enterprise policy to potentially exploit... |
| CVE-2022-2607 | 2022-08-12 | Use after free in Tab Strip in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to... |
| CVE-2022-2608 | 2022-08-12 | Use after free in Overview Mode in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to... |
| CVE-2022-2609 | 2022-08-12 | Use after free in Nearby Share in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to... |
| CVE-2022-2610 | 2022-08-12 | Insufficient policy enforcement in Background Fetch in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |
| CVE-2022-2611 | 2022-08-12 | Inappropriate implementation in Fullscreen API in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML... |
| CVE-2022-2612 | 2022-08-12 | Side-channel information leakage in Keyboard input in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory... |
| CVE-2022-2613 | 2022-08-12 | Use after free in Input in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enage in specific user interactions to potentially... |
| CVE-2022-2614 | 2022-08-12 | Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2022-2615 | 2022-08-12 | Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |
| CVE-2022-2616 | 2022-08-12 | Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the Omnibox... |
| CVE-2022-2617 | 2022-08-12 | Use after free in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via... |
| CVE-2022-2618 | 2022-08-12 | Insufficient validation of untrusted input in Internals in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a malicious file . |
| CVE-2022-2619 | 2022-08-12 | Insufficient validation of untrusted input in Settings in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML... |
| CVE-2022-2620 | 2022-08-12 | Use after free in WebUI in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially... |
| CVE-2022-2621 | 2022-08-12 | Use after free in Extensions in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific... |
| CVE-2022-2622 | 2022-08-12 | Insufficient validation of untrusted input in Safe Browsing in Google Chrome on Windows prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a crafted file. |
| CVE-2022-2623 | 2022-08-12 | Use after free in Offline in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit... |
| CVE-2022-2624 | 2022-08-12 | Heap buffer overflow in PDF in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption... |