CVE List - 2022 / August
Showing 2001 - 2100 of 2306 CVEs for August 2022 (Page 21 of 24)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-3735 | 2022-08-26 | A deadlock issue was found in the AHCI controller device of QEMU. It occurs on a software reset (ahci_reset_port) while handling a host-to-device Register FIS (Frame Information Structure) packet from... |
| CVE-2021-3585 | 2022-08-26 | A flaw was found in openstack-tripleo-heat-templates. Plain passwords from RHSM exist in the logs during OSP13 deployment with subscription-manager. |
| CVE-2021-3632 | 2022-08-26 | A flaw was found in Keycloak. This vulnerability allows anyone to register a new security device or key when there is not a device already registered for any user by... |
| CVE-2021-3563 | 2022-08-26 | A flaw was found in openstack-keystone. Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The... |
| CVE-2021-3414 | 2022-08-26 | A flaw was found in satellite. When giving granular permission related to the organization, other permissions allowing a user to view and manage other organizations are also granted. The highest... |
| CVE-2021-4216 | 2022-08-26 | A Floating point exception (division-by-zero) flaw was found in Mupdf for zero width pages in muraster.c. It is fixed in Mupdf-1.20.0-rc1 upstream. |
| CVE-2022-25625 | 2022-08-26 | A malicious unauthorized PAM user can access the administration configuration data and change the values. |
| CVE-2022-31773 | 2022-08-26 | IBM DataPower Gateway V10CD, 10.0.1, and 2018.4.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the... |
| CVE-2022-35714 | 2022-08-26 | IBM Maximo Asset Management 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading... |
| CVE-2022-0084 | 2022-08-26 | A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to... |
| CVE-2022-0168 | 2022-08-26 | A denial of service (DOS) issue was found in the Linux kernel’s smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_user... |
| CVE-2022-0225 | 2022-08-26 | A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console,... |
| CVE-2022-0207 | 2022-08-26 | A race condition was found in vdsm. Functionality to obfuscate sensitive values in log files that may lead to values being stored in clear text. |
| CVE-2022-0217 | 2022-08-26 | It was discovered that an internal Prosody library to load XML based on libexpat does not properly restrict the XML features allowed in parsed XML data. Given suitable attacker input,... |
| CVE-2022-36522 | 2022-08-26 | Mikrotik RouterOs through stable v6.48.3 was discovered to contain an assertion failure in the component /advanced-tools/nova/bin/netwatch. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted... |
| CVE-2022-36529 | 2022-08-26 | Kensite CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities via the name and oldname parameters at /framework/mod/db/DBMapper.xml. |
| CVE-2022-2915 | 2022-08-26 | A Heap-based Buffer Overflow vulnerability in the SonicWall SMA100 appliance allows a remote authenticated attacker to cause Denial of Service (DoS) on the appliance or potentially lead to code execution.... |
| CVE-2022-36542 | 2022-08-26 | An access control issue in the component /ip/admin/ of Edoc-doctor-appointment-system v1.0.1 allows attackers to arbitrarily edit, read, and delete Administrator data. |
| CVE-2022-36543 | 2022-08-26 | Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/doctors.php. |
| CVE-2022-36544 | 2022-08-26 | Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/booking.php. |
| CVE-2022-36545 | 2022-08-26 | Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/settings.php. |
| CVE-2022-36546 | 2022-08-26 | Edoc-doctor-appointment-system v1.0.1 was discovered to contain a Cross-Site Request Forgery (CSRF) via /patient/settings.php. |
| CVE-2022-36547 | 2022-08-26 | Edoc-doctor-appointment-system v1.0.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability at /patient/index.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected... |
| CVE-2022-36548 | 2022-08-26 | Edoc-doctor-appointment-system v1.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability at /patient/settings.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected... |
| CVE-2022-38791 | 2022-08-27 | In MariaDB before 10.9.2, compress_write in extra/mariabackup/ds_compress.cc does not release data_mutex upon a stream write failure, which allows local users to trigger a deadlock. |
| CVE-2019-15167 | 2022-08-27 | The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print() for VRRP version 3, a different vulnerability than CVE-2018-14463. |
| CVE-2022-3012 | 2022-08-27 | oretnom23 Fast Food Ordering System index.php sql injection |
| CVE-2022-3013 | 2022-08-27 | SourceCodester Simple Task Managing System loginVaLidation.php sql injection |
| CVE-2022-3014 | 2022-08-27 | SourceCodester Simple Task Managing System cross site scripting |
| CVE-2022-3015 | 2022-08-27 | oretnom23 Fast Food Ordering System cross site scripting |
| CVE-2022-2787 | 2022-08-27 | stricter rules on chroot names |
| CVE-2022-38792 | 2022-08-27 | The exotel (aka exotel-py) package in PyPI as of 0.1.6 includes a code execution backdoor inserted by a third party. |
| CVE-2022-38794 | 2022-08-27 | Zaver through 2020-12-15 allows directory traversal via the GET /.. substring. |
| CVE-2022-3016 | 2022-08-28 | Use After Free in vim/vim |
| CVE-2022-3017 | 2022-08-28 | Cross-Site Request Forgery (CSRF) in froxlor/froxlor |
| CVE-2022-36755 | 2022-08-28 | D-Link DIR845L A1 contains a authentication vulnerability via an AUTHORIZED_GROUP=1 value, as demonstrated by a request for getcfg.php. |
| CVE-2022-36756 | 2022-08-28 | DIR845L A1 v1.00-v1.03 is vulnerable to command injection via /htdocs/upnpinc/gena.php. |
| CVE-2022-38557 | 2022-08-28 | D-Link DIR845L v1.00-v1.03 contains a Static Default Credential vulnerability in /etc/init0.d/S80telnetd.sh. |
| CVE-2022-38556 | 2022-08-28 | Trendnet TEW733GR v1.03B01 contains a Static Default Credential vulnerability in /etc/init0.d/S80telnetd.sh. |
| CVE-2022-37053 | 2022-08-28 | TRENDnet TEW733GR v1.03B01 is vulnerable to Command injection via /htdocs/upnpinc/gena.php. |
| CVE-2022-37057 | 2022-08-28 | D-Link Go-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 are vulnerable to Command Injection via cgibin, ssdpcgi_main. |
| CVE-2022-37056 | 2022-08-28 | D-Link GO-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 is vulnerable to Command Injection via /cgibin, hnap_main, |
| CVE-2022-37055 | 2022-08-28 | D-Link Go-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 are vulnerable to Buffer Overflow via cgibin, hnap_main, |
| CVE-2022-38555 | 2022-08-28 | Linksys E1200 v1.0.04 is vulnerable to Buffer Overflow via ej_get_web_page_name. |
| CVE-2022-38570 | 2022-08-28 | Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow in the function formDelPushedAd. This vulnerability allows attackers to cause a Denial of Service (DoS) via the adPushUID parameter. |
| CVE-2022-38571 | 2022-08-28 | Tenda M3 V1.0.0.12(4856) was discovered to contain a buffer overflow in the function formSetGuideListItem. |
| CVE-2022-38569 | 2022-08-28 | Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow in the function formDelAd. |
| CVE-2022-38568 | 2022-08-28 | Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formSetFixTools. This vulnerability allows attackers to cause a Denial of Service (DoS) via the hostname... |
| CVE-2022-38563 | 2022-08-28 | Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formSetFixTools. This vulnerability allows attackers to cause a Denial of Service (DoS) via the MACAddr... |
| CVE-2022-38567 | 2022-08-28 | Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow vulnerability in the function formSetAdConfigInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via the authIPs parameter. |
| CVE-2022-38566 | 2022-08-28 | Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formEmailTest. This vulnerability allows attackers to cause a Denial of Service (DoS) via the mailname... |
| CVE-2022-38565 | 2022-08-28 | Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formEmailTest. This vulnerability allows attackers to cause a Denial of Service (DoS) via the mailpwd... |
| CVE-2022-38564 | 2022-08-28 | Tenda M3 V1.0.0.12(4856) was discovered to contain a buffer overflow vulnerability in the function formSetPicListItem. This vulnerability allows attackers to cause a Denial of Service (DoS) via the adItemUID parameter. |
| CVE-2022-38562 | 2022-08-28 | Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formSetFixTools. This vulnerability allows attackers to cause a Denial of Service (DoS) via the lan... |
| CVE-2022-36704 | 2022-08-28 | Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the Id parameter at /librarian/studentdetails.php. |
| CVE-2022-36705 | 2022-08-28 | Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the Id parameter at /stocks/manage_waste.php. |
| CVE-2022-36706 | 2022-08-28 | Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the Id parameter at /stocks/manage_stockout.php. |
| CVE-2022-36708 | 2022-08-28 | Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the Id parameter at /student/bookdetails.php. |
| CVE-2022-36572 | 2022-08-28 | Sinsiu Sinsiu Enterprise Website System v1.1.1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /upload/admin.php?/deal/. |
| CVE-2022-36573 | 2022-08-28 | A cross-site scripting (XSS) vulnerability in Pagekit CMS v1.0.18 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Markdown text box under /blog/post/edit. |
| CVE-2022-36610 | 2022-08-28 | TOTOLINK A720R V4.1.5cu.532_B20210610 was discovered to contain a hardcoded password for root at /etc/shadow.sample. |
| CVE-2022-36611 | 2022-08-28 | TOTOLINK A800R V4.1.2cu.5137_B20200730 was discovered to contain a hardcoded password for root at /etc/shadow.sample. |
| CVE-2022-36612 | 2022-08-28 | TOTOLINK A950RG V4.1.2cu.5204_B20210112 was discovered to contain a hardcoded password for root at /etc/shadow.sample. |
| CVE-2022-36613 | 2022-08-28 | TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a hardcoded password for root at /etc/shadow.sample. |
| CVE-2022-36614 | 2022-08-28 | TOTOLINK A860R V4.1.2cu.5182_B20201027 was discovered to contain a hardcoded password for root at /etc/shadow.sample. |
| CVE-2022-36615 | 2022-08-28 | TOTOLINK A3000RU V4.1.2cu.5185_B20201128 was discovered to contain a hardcoded password for root at /etc/shadow.sample. |
| CVE-2022-36616 | 2022-08-28 | TOTOLINK A810R V4.1.2cu.5182_B20201026 and V5.9c.4050_B20190424 was discovered to contain a hardcoded password for root at /etc/shadow.sample. |
| CVE-2022-38510 | 2022-08-28 | Tenda_TX9pro V22.03.02.10 was discovered to contain a buffer overflow via the component httpd/SetNetControlList. |
| CVE-2022-38511 | 2022-08-28 | TOTOLINK A810R V5.9c.4050_B20190424 was discovered to contain a command injection vulnerability via the component downloadFile.cgi. |
| CVE-2022-0336 | 2022-08-29 | The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that SPNs do not alias with those already in the database. Some of... |
| CVE-2022-0358 | 2022-08-29 | A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the... |
| CVE-2022-1043 | 2022-08-29 | A flaw was found in the Linux kernel’s io_uring implementation. This flaw allows an attacker with a local account to corrupt system memory, crash the system or escalate privileges. |
| CVE-2022-1184 | 2022-08-29 | A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service. |
| CVE-2022-22897 | 2022-08-29 | A SQL injection vulnerability in the product_all_one_img and image_product parameters of the ApolloTheme AP PageBuilder component through 2.4.4 for PrestaShop allows unauthenticated attackers to exfiltrate database data. |
| CVE-2022-2953 | 2022-08-29 | LibTIFF 4.4.0 has an out-of-bounds read in extractImageSection in tools/tiffcrop.c:6905, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix... |
| CVE-2022-2961 | 2022-08-29 | A use-after-free flaw was found in the Linux kernel’s PLP Rose functionality in the way a user triggers a race condition by calling bind while simultaneously triggering the rose_bind() function.... |
| CVE-2022-34668 | 2022-08-29 | NVFLARE, versions prior to 2.1.4, contains a vulnerability that deserialization of Untrusted Data due to Pickle usage may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of... |
| CVE-2022-35014 | 2022-08-29 | Advancecomp v2.3 contains a segmentation fault. |
| CVE-2022-35015 | 2022-08-29 | Advancecomp v2.3 was discovered to contain a heap buffer overflow via le_uint32_read at /lib/endianrw.h. |
| CVE-2022-35016 | 2022-08-29 | Advancecomp v2.3 was discovered to contain a heap buffer overflow. |
| CVE-2022-35017 | 2022-08-29 | Advancecomp v2.3 was discovered to contain a heap buffer overflow. |
| CVE-2022-35018 | 2022-08-29 | Advancecomp v2.3 was discovered to contain a segmentation fault. |
| CVE-2022-35019 | 2022-08-29 | Advancecomp v2.3 was discovered to contain a segmentation fault. |
| CVE-2022-35020 | 2022-08-29 | Advancecomp v2.3 was discovered to contain a heap buffer overflow via the component __interceptor_memcpy at /sanitizer_common/sanitizer_common_interceptors.inc. |
| CVE-2022-37177 | 2022-08-29 | HireVue Hiring Platform V1.0 suffers from Use of a Broken or Risky Cryptographic Algorithm. NOTE: this is disputed by the vendor for multiple reasons, e.g., it is inconsistent with CVE... |
| CVE-2022-1199 | 2022-08-29 | A flaw was found in the Linux kernel. This flaw allows an attacker to crash the Linux kernel by simulating amateur radio from the user space, resulting in a null-ptr-deref... |
| CVE-2022-36033 | 2022-08-29 | jsoup may not sanitize Cross-Site Scripting (XSS) attempts if SafeList.preserveRelativeLinks is enabled |
| CVE-2022-25641 | 2022-08-29 | Foxit PDF Reader before 11.2.2 and PDF Editor before 11.2.2, and PhantomPDF before 10.1.8, mishandle cross-reference information during compressed-object parsing within signed documents. This leads to delivery of incorrect signature... |
| CVE-2021-41785 | 2022-08-29 | Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled. |
| CVE-2021-41784 | 2022-08-29 | Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled. |
| CVE-2021-41783 | 2022-08-29 | Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled. |
| CVE-2021-41782 | 2022-08-29 | Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled. |
| CVE-2021-41781 | 2022-08-29 | Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled. |
| CVE-2021-41780 | 2022-08-29 | Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled. |
| CVE-2021-40326 | 2022-08-29 | Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, mishandle hidden and incremental data in signed documents. An attacker can write to an arbitrary file,... |
| CVE-2022-21165 | 2022-08-29 | Arbitrary Command Injection |
| CVE-2022-25644 | 2022-08-29 | Arbitrary Code Execution |
| CVE-2022-25921 | 2022-08-29 | Arbitrary Code Execution |
| CVE-2022-3019 | 2022-08-29 | Improper Access Control in tooljet/tooljet |
| CVE-2022-32548 | 2022-08-29 | An issue was discovered on certain DrayTek Vigor routers before July 2022 such as the Vigor3910 before 4.3.1.1. /cgi-bin/wlogin.cgi has a buffer overflow via the username or password to the... |