CVE List - 2022 / August
Showing 1401 - 1500 of 2306 CVEs for August 2022 (Page 15 of 24)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-30296 | 2022-08-18 | Insufficiently protected credentials in the Intel(R) Datacenter Group Event iOS application, all versions, may allow an unauthenticated user to potentially enable information disclosure via network access. |
| CVE-2022-29507 | 2022-08-18 | Insufficiently protected credentials in the Intel(R) Team Blue mobile application in all versions may allow an authenticated user to potentially enable information disclosure via local access. |
| CVE-2022-28858 | 2022-08-18 | Improper buffer restriction in the firmware for some Intel(R) NUC Laptop Kits before version BC0076 may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2022-33209 | 2022-08-18 | Improper input validation in the firmware for some Intel(R) NUC Laptop Kits before version BC0076 may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2022-27493 | 2022-08-18 | Improper initialization in the firmware for some Intel(R) NUC Laptop Kits before version BC0076 may allow a privileged user to potentially enable an escalation of privilege via local access. |
| CVE-2022-34488 | 2022-08-18 | Improper buffer restrictions in the firmware for some Intel(R) NUC Laptop Kits before version BC0076 may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2022-32579 | 2022-08-18 | Improper initialization in the firmware for some Intel(R) NUC Laptop Kits before version BC0076 may allow a privileged user to potentially enable escalation of privilege via physical access. |
| CVE-2022-34345 | 2022-08-18 | Improper input validation in the firmware for some Intel(R) NUC Laptop Kits before version BC0076 may allow a privileged user to potentially enable escalation of privilege via physical access. |
| CVE-2022-36947 | 2022-08-18 | Unsafe Parsing of a PNG tRNS chunk in FastStone Image Viewer through 7.5 results in a stack buffer overflow. |
| CVE-2022-35540 | 2022-08-18 | Hardcoded JWT Secret in AgileConfig <1.6.8 Server allows remote attackers to use the generated JWT token to gain administrator access. |
| CVE-2020-36599 | 2022-08-18 | lib/omniauth/failure_endpoint.rb in OmniAuth before 1.9.2 (and before 2.0) does not escape the message_key value. |
| CVE-2022-2889 | 2022-08-19 | Use After Free in vim/vim |
| CVE-2022-35167 | 2022-08-19 | Printix Cloud Print Management v1.3.1149.0 for Windows was discovered to contain insecure permissions. |
| CVE-2020-23466 | 2022-08-19 | Cross Site Scripting (XSS) vulnerability exists in the phpgurukul Online Marriage Registration System 1.0 allows attackers to run arbitrary code via the wzipcode field. |
| CVE-2022-1901 | 2022-08-19 | In affected versions of Octopus Deploy it is possible to unmask sensitive variables by using variable preview. |
| CVE-2022-2049 | 2022-08-19 | In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service via the package upload function. |
| CVE-2022-2074 | 2022-08-19 | In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service using the Variable Project Template. |
| CVE-2022-2075 | 2022-08-19 | In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service targeting the build information request validation. |
| CVE-2022-29805 | 2022-08-19 | A Java Deserialization vulnerability in the Fishbowl Server in Fishbowl Inventory before 2022.4.1 allows remote attackers to execute arbitrary code via a crafted XML payload. |
| CVE-2022-35910 | 2022-08-19 | In Jellyfin before 10.8, stored XSS allows theft of an admin access token. |
| CVE-2022-35909 | 2022-08-19 | In Jellyfin before 10.8, the /users endpoint has incorrect access control for admin functionality. |
| CVE-2022-2886 | 2022-08-19 | Laravel deserialization |
| CVE-2022-1021 | 2022-08-19 | Insecure Storage of Sensitive Information in chatwoot/chatwoot |
| CVE-2022-36220 | 2022-08-19 | Kiosk breakout (without quit password) in Safe Exam Browser (Windows) <3.4.0, which allows an attacker to achieve code execution via the browsers' print dialog. |
| CVE-2022-34615 | 2022-08-19 | Mealie 1.0.0beta3 employs weak password requirements which allows attackers to potentially gain unauthorized access to the application via brute-force attacks. |
| CVE-2022-34621 | 2022-08-19 | Mealie 1.0.0beta3 was discovered to contain an Insecure Direct Object Reference (IDOR) vulnerability which allows attackers to modify user passwords and other attributes via modification of the user_id parameter. |
| CVE-2022-34624 | 2022-08-19 | Mealie1.0.0beta3 does not terminate download tokens after a user logs out, allowing attackers to perform a man-in-the-middle attack via a crafted GET request. |
| CVE-2022-35201 | 2022-08-19 | Tenda-AC18 V15.03.05.05 was discovered to contain a remote command execution (RCE) vulnerability. |
| CVE-2022-36605 | 2022-08-19 | Yimioa v6.1 was discovered to contain a SQL injection vulnerability via the orderbyGET parameter. |
| CVE-2022-36606 | 2022-08-19 | Ywoa before v6.1 was discovered to contain a SQL injection vulnerability via /oa/setup/checkPool?database. |
| CVE-2022-36263 | 2022-08-19 | StreamLabs Desktop Application 1.9.0 is vulnerable to Incorrect Access Control via obs64.exe. An attacker can execute arbitrary code via a crafted .exe file. |
| CVE-2022-36224 | 2022-08-19 | XunRuiCMS V4.5.6 is vulnerable to Cross Site Request Forgery (CSRF). |
| CVE-2022-36225 | 2022-08-19 | EyouCMS V1.5.8-UTF8-SP1 is vulnerable to Cross Site Request Forgery (CSRF) via the background, column management function and add. |
| CVE-2022-37254 | 2022-08-19 | DolphinPHP 1.5.1 is vulnerable to Cross Site Scripting (XSS) via Background - > System - > system function - > configuration management. |
| CVE-2022-36577 | 2022-08-19 | An issue was discovered in jizhicms v2.3.1. There is a CSRF vulnerability that can add a admin. |
| CVE-2022-36578 | 2022-08-19 | jizhicms v2.3.1 has SQL injection in the background. |
| CVE-2022-36579 | 2022-08-19 | Wellcms 2.2.0 is vulnerable to Cross Site Request Forgery (CSRF). |
| CVE-2022-0542 | 2022-08-19 | Cross-site Scripting (XSS) - DOM in chatwoot/chatwoot |
| CVE-2022-22489 | 2022-08-19 | IBM MQ 8.0, (9.0, 9.1, 9.2 LTS), and (9.1 and 9.2 CD) are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could... |
| CVE-2022-23459 | 2022-08-19 | Double free or Use after Free in Value class of Jsonxx |
| CVE-2022-23460 | 2022-08-19 | Stack overflow in Jsonxx |
| CVE-2022-36008 | 2022-08-19 | Message length overflow in frontier |
| CVE-2022-36170 | 2022-08-19 | MapGIS 10.5 Pro IGServer has hardcoded credentials in the front-end and can lead to escalation of privileges and arbitrary file deletion. |
| CVE-2022-36009 | 2022-08-19 | Incorrect parsing of access level in gomatrixserverlib and dendrite |
| CVE-2022-36031 | 2022-08-19 | Unhandled exception on illegal filename_disk value |
| CVE-2022-37175 | 2022-08-19 | Tenda ac15 firmware V15.03.05.18 httpd server has stack buffer overflow in /goform/formWifiBasicSet. |
| CVE-2022-2788 | 2022-08-19 | Emerson Electric's Proficy Machine Edition Version 9.80 and prior is vulnerable to CWE-29 Path Traversal: '\..\Filename', also known as a ZipSlip attack, through an upload procedure which enables attackers to... |
| CVE-2022-36157 | 2022-08-19 | XXL-JOB all versions as of 11 July 2022 are vulnerable to Insecure Permissions resulting in the ability to execute admin function with low Privilege account. |
| CVE-2022-36171 | 2022-08-19 | MapGIS IGServer 10.5.6.11 is vulnerable to Arbitrary file deletion. |
| CVE-2022-36233 | 2022-08-19 | Tenda AC9 V15.03.2.13 is vulnerable to Buffer Overflow via httpd, form_fast_setting_wifi_set. httpd. |
| CVE-2022-2792 | 2022-08-19 | Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-284 Improper Access Control, and stores project data in a directory with improper access control lists. |
| CVE-2022-2790 | 2022-08-19 | Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-347 Improper Verification of Cryptographic Signature, and does not properly verify compiled logic (PDT files) and data blocks... |
| CVE-2022-2789 | 2022-08-19 | Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulnerable to CWE-345 Insufficient Verification of Data Authenticity, and can display logic that is different than the compiled logic. |
| CVE-2022-35554 | 2022-08-19 | Multiple reflected XSS vulnerabilities occur when handling error message of BPC SmartVista version 3.28.0 allowing an attacker to execute javascript code at client side. |
| CVE-2022-2793 | 2022-08-19 | Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-353 Missing Support for Integrity Check, and has no authentication or authorization of data packets after establishing a... |
| CVE-2020-27795 | 2022-08-19 | A segmentation fault was discovered in radare2 with adf command. In libr/core/cmd_anal.c, when command "adf" has no or wrong argument, anal_fcn_data (core, input + 1) --> RAnalFunction *fcn = r_anal_get_fcn_in... |
| CVE-2020-27793 | 2022-08-19 | An off-by-one overflow flaw was found in radare2 due to mismatched array length in core_java.c. This could allow an attacker to cause a crash, and perform a denail of service... |
| CVE-2020-27794 | 2022-08-19 | A double free issue was discovered in radare2 in cmd_info.c:cmd_info(). Successful exploitation could lead to modification of unexpected memory locations and potentially causing a crash. |
| CVE-2020-27792 | 2022-08-19 | Ghostscript: heap buffer over write vulnerability in ghostscript's lp8000_print_page() in gdevlp8k.c |
| CVE-2022-35692 | 2022-08-19 | Adobe Commerce Improper Access Control Security feature bypass |
| CVE-2022-36030 | 2022-08-19 | SQL Injection in Project-nexus |
| CVE-2022-2909 | 2022-08-20 | SourceCodester Simple and Nice Shopping Cart Script profile.php unrestricted upload |
| CVE-2022-38493 | 2022-08-20 | Rhonabwy 0.9.99 through 1.1.x before 1.1.7 doesn't check the RSA private key length before RSA-OAEP decryption. This allows attackers to cause a Denial of Service via a crafted JWE (JSON... |
| CVE-2022-2921 | 2022-08-21 | Exposure of Private Personal Information to an Unauthorized Actor in notrinos/notrinoserp |
| CVE-2022-30036 | 2022-08-21 | MA Lighting grandMA2 Light has a password of root for the root account. NOTE: The vendor's position is that the product was designed for isolated networks. Also, the successor product,... |
| CVE-2022-2885 | 2022-08-21 | Cross-site Scripting (XSS) - Stored in yetiforcecompany/yetiforcecrm |
| CVE-2022-34916 | 2022-08-21 | Improper Input Validation (JNDI Injection) in JMSMessageConsumer |
| CVE-2021-3481 | 2022-08-22 | A flaw was found in Qt. An out-of-bounds read vulnerability was found in QRadialFetchSimd in qt/qtbase/src/gui/painting/qdrawhelper_p.h in Qt/Qtbase. While rendering and displaying a crafted Scalable Vector Graphics (SVG) file this... |
| CVE-2021-3521 | 2022-08-22 | There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a "binding signature." RPM does not check the binding signature of subkeys prior... |
| CVE-2022-28598 | 2022-08-22 | Frappe ERPNext 12.29.0 is vulnerable to XSS where the software does not neutralize or incorrectly neutralize user-controllable input before it is placed in output that is used as a web... |
| CVE-2022-2873 | 2022-08-22 | An out-of-bounds memory access flaw was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way a user triggers the I2C_SMBUS_BLOCK_DATA (with the ioctl I2C_SMBUS) with... |
| CVE-2022-2923 | 2022-08-22 | NULL Pointer Dereference in vim/vim |
| CVE-2022-35583 | 2022-08-22 | wkhtmlTOpdf 0.12.6 is vulnerable to SSRF which allows an attacker to get initial access into the target's system by injecting iframe tag with initial asset IP address on it's source.... |
| CVE-2022-36198 | 2022-08-22 | Multiple SQL injections detected in Bus Pass Management System 1.0 via buspassms/admin/view-enquiry.php, buspassms/admin/pass-bwdates-reports-details.php, buspassms/admin/changeimage.php, buspassms/admin/search-pass.php, buspassms/admin/edit-category-detail.php, and buspassms/admin/edit-pass-detail.php |
| CVE-2022-36251 | 2022-08-22 | Clinic's Patient Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via patients.php. |
| CVE-2022-2841 | 2022-08-22 | CrowdStrike Falcon Uninstallation authorization |
| CVE-2022-2927 | 2022-08-22 | Weak Password Requirements in notrinos/notrinoserp |
| CVE-2022-2930 | 2022-08-22 | Unverified Password Change in octoprint/octoprint |
| CVE-2022-1340 | 2022-08-22 | Cross-site Scripting (XSS) - Stored in yetiforcecompany/yetiforcecrm |
| CVE-2022-2932 | 2022-08-22 | Cross-site Scripting (XSS) - Reflected in bustle/mobiledoc-kit |
| CVE-2022-2890 | 2022-08-22 | Cross-site Scripting (XSS) - Stored in yetiforcecompany/yetiforcecrm |
| CVE-2021-37289 | 2022-08-22 | Insecure Permissions in administration interface in Planex MZK-DP150N 1.42 and 1.43 allows attackers to execute system command as root via etc_ro/web/syscmd.asp. |
| CVE-2022-34771 | 2022-08-22 | Tabit - arbitrary SMS send on Tabits behalf |
| CVE-2022-34770 | 2022-08-22 | Tabit - sensitive information disclosure |
| CVE-2022-34773 | 2022-08-22 | Tabit - HTTP Method manipulation |
| CVE-2022-37134 | 2022-08-22 | D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Buffer Overflow via /goform/form2Wan.cgi. When wantype is 3, l2tp_usrname will be decrypted by base64, and the result will be stored in v94, which does... |
| CVE-2022-34774 | 2022-08-22 | Tabit - Arbitrary account modification |
| CVE-2022-34775 | 2022-08-22 | Tabit - Excessive data exposure |
| CVE-2022-34776 | 2022-08-22 | Tabit - giftcard stealth |
| CVE-2022-34772 | 2022-08-22 | Tabit - password enumeration |
| CVE-2020-27836 | 2022-08-22 | A flaw was found in cluster-ingress-operator. A change to how the router-default service allows only certain IP source ranges could allow an attacker to access resources that would otherwise be... |
| CVE-2021-3442 | 2022-08-22 | A flaw was found in the Red Hat OpenShift API Management product. User input is not validated allowing an authenticated user to inject scripts into some text boxes leading to... |
| CVE-2022-37133 | 2022-08-22 | D-link DIR-816 A2_v1.10CNB04.img reboots the router without authentication via /goform/doReboot. No authentication is required, and reboot is executed when the function returns at the end. |
| CVE-2021-36847 | 2022-08-22 | WordPress Webba Booking plugin <= 4.2.21 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability |
| CVE-2021-3513 | 2022-08-22 | A flaw was found in keycloak where a brute force attack is possible even when the permanent lockout feature is enabled. This is due to a wrong error message displayed... |
| CVE-2021-36852 | 2022-08-22 | WordPress WP Hotel Booking plugin <= 1.10.5 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2021-36857 | 2022-08-22 | WordPress Testimonial Builder plugin <= 1.6.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability |
| CVE-2021-3586 | 2022-08-22 | A flaw was found in servicemesh-operator. The NetworkPolicy resources installed for Maistra do not properly specify which ports may be accessed, allowing access to all ports on these resources from... |
| CVE-2022-35654 | 2022-08-22 | Pega Platform from 8.5.4 to 8.7.3 is affected by an XSS issue with an unauthenticated user and the redirect parameter. |
| CVE-2022-34347 | 2022-08-22 | WordPress Download Manager plugin <= 3.2.48 - Cross-Site Request Forgery (CSRF) vulnerability |