CVE List - 2022 / August
Showing 301 - 400 of 2306 CVEs for August 2022 (Page 4 of 24)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-2499 | 2022-08-05 | An issue has been discovered in GitLab EE affecting all versions starting from 13.10 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1.... |
| CVE-2022-2512 | 2022-08-05 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.0 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1.... |
| CVE-2022-2539 | 2022-08-05 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.6 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1, allowed a project member... |
| CVE-2022-2417 | 2022-08-05 | Insufficient validation in GitLab CE/EE affecting all versions from 12.10 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 allows an authenticated and authorised user to import... |
| CVE-2022-2456 | 2022-08-05 | An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be... |
| CVE-2022-2498 | 2022-08-05 | An issue in pipeline subscriptions in GitLab EE affecting all versions from 12.8 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 triggered new pipelines with the... |
| CVE-2022-2307 | 2022-08-05 | A lack of cascading deletes in GitLab CE/EE affecting all versions starting from 13.0 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1... |
| CVE-2022-2326 | 2022-08-05 | An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be... |
| CVE-2022-2303 | 2022-08-05 | An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be... |
| CVE-2022-2534 | 2022-08-05 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 9.3 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1.... |
| CVE-2022-2501 | 2022-08-05 | An improper access control issue in GitLab EE affecting all versions from 12.0 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 allows an attacker to bypass... |
| CVE-2022-2500 | 2022-08-05 | A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1. A stored XSS flaw in job... |
| CVE-2022-2459 | 2022-08-05 | An issue has been discovered in GitLab EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be... |
| CVE-2022-2095 | 2022-08-05 | An improper access control check in GitLab CE/EE affecting all versions starting from 13.7 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1... |
| CVE-2022-36835 | 2022-08-05 | Implicit Intent hijacking vulnerability in Samsung Internet Browser prior to version 17.0.7.34 allows attackers to access arbitrary files. |
| CVE-2022-33723 | 2022-08-05 | A vulnerable code in onCreate of BluetoothScanDialog prior to SMR Aug-2022 Release 1, allows attackers to trick the user to select an unwanted bluetooth device via tapjacking/overlay attack. |
| CVE-2022-33727 | 2022-08-05 | A vulnerable code in onCreate of SecDevicePickerDialog prior to SMR Aug-2022 Release 1, allows attackers to trick the user to select an unwanted bluetooth device via tapjacking/overlay attack. |
| CVE-2022-33729 | 2022-08-05 | Improper restriction of broadcasting Intent in ConfirmConnectActivity of?NFC prior to SMR Aug-2022 Release 1 leaks MAC address of the connected Bluetooth device. |
| CVE-2022-33728 | 2022-08-05 | Exposure of sensitive information in Bluetooth prior to SMR Aug-2022 Release 1 allows local attackers to access connected BT macAddress via Settings.Gloabal. |
| CVE-2022-36831 | 2022-08-05 | Path traversal vulnerability in UriFileUtils of Samsung Notes prior to version 4.3.14.39 allows attacker to access some file as Samsung Notes permission. |
| CVE-2022-33716 | 2022-08-05 | An absence of variable initialization in ICCC TA prior to SMR Aug-2022 Release 1 allows local attacker to read uninitialized memory. |
| CVE-2022-33717 | 2022-08-05 | A missing input validation before memory read in SEM TA prior to SMR Aug-2022 Release 1 allows local attackers to read out of bound memory. |
| CVE-2022-33725 | 2022-08-05 | A vulnerability using PendingIntent in Knox VPN prior to SMR Aug-2022 Release 1 allows attackers to access content providers with system privilege. |
| CVE-2022-36838 | 2022-08-05 | Implicit Intent hijacking vulnerability in Galaxy Wearable prior to version 2.2.50 allows attacker to get sensitive information. |
| CVE-2022-36837 | 2022-08-05 | Intent redirection vulnerability using implicit intent in Samsung email prior to version 6.1.70.20 allows attacker to get sensitive information. |
| CVE-2022-33733 | 2022-08-05 | Sensitive information exposure in onCharacteristicRead in Charm by Samsung prior to version 1.2.3 allows attacker to get bluetooth connection information without permission. |
| CVE-2022-33734 | 2022-08-05 | Sensitive information exposure in onCharacteristicChanged in Charm by Samsung prior to version 1.2.3 allows attacker to get bluetooth connection information without permission. |
| CVE-2022-36829 | 2022-08-05 | PendingIntent hijacking vulnerability in releaseAlarm in Charm by Samsung prior to version 1.2.3 allows local attackers to access files without permission via implicit intent. |
| CVE-2022-36830 | 2022-08-05 | PendingIntent hijacking vulnerability in cancelAlarmManager in Charm by Samsung prior to version 1.2.3 allows local attackers to access files without permission via implicit intent. |
| CVE-2022-36836 | 2022-08-05 | Unprotected provider vulnerability in Charm by Samsung prior to version 1.2.3 allows attackers to read connection state without permission. |
| CVE-2022-33715 | 2022-08-05 | Improper access control and path traversal vulnerability in LauncherProvider prior to SMR Aug-2022 Release 1 allow local attacker to access files of One UI. |
| CVE-2022-33718 | 2022-08-05 | An improper access control vulnerability in Wi-Fi Service prior to SMR AUG-2022 Release 1 allows untrusted applications to manipulate the list of apps that can use mobile data. |
| CVE-2022-33714 | 2022-08-05 | Improper access control vulnerability in SemWifiApBroadcastReceiver prior to SMR Aug-2022 Release 1 allows attacker to reset a setting value related to mobile hotspot. |
| CVE-2022-36834 | 2022-08-05 | Exposure of Sensitive Information vulnerability in Game Launcher prior to version 6.0.07 allows local attacker to access app data with user interaction. |
| CVE-2022-36840 | 2022-08-05 | DLL hijacking vulnerability in Samsung Update Setup prior to version 2.2.9.50 allows attackers to execute arbitrary code. |
| CVE-2022-33731 | 2022-08-05 | Improper access control vulnerability in DesktopSystemUI prior to SMR Aug-2022 Release 1 allows attackers to enable and disable arbitrary components. |
| CVE-2022-36832 | 2022-08-05 | Improper access control vulnerability in WebApp in Cameralyzer prior to versions 3.2.22, 3.3.22, 3.4.22 and 3.5.51 allows attackers to access external storage as Cameralyzer privilege. |
| CVE-2022-33732 | 2022-08-05 | Improper access control vulnerability in Samsung Dex for PC prior to SMR Aug-2022 Release 1 allows local attackers to scan and connect to PC by unprotected binder call. |
| CVE-2022-33721 | 2022-08-05 | A vulnerability using PendingIntent in DeX for PC prior to SMR Aug-2022 Release 1 allows attackers to access files with system privilege. |
| CVE-2022-36839 | 2022-08-05 | SQL injection vulnerability via IAPService in Samsung Checkout prior to version 5.0.53.1 allows attackers to access IAP information. |
| CVE-2022-33722 | 2022-08-05 | Implicit Intent hijacking vulnerability in Smart View prior to SMR Aug-2022 Release 1 allows attacker to access connected device MAC address. |
| CVE-2022-33726 | 2022-08-05 | Unprotected dynamic receiver in Samsung Galaxy Friends prior to SMR Aug-2022 Release 1 allows attacker to launch activity. |
| CVE-2022-36833 | 2022-08-05 | Improper Privilege Management vulnerability in Game Optimizing Service prior to versions 3.3.04.0 in Android 10, and 3.5.04.8 in Android 11 and above allows local attacker to execute hidden function for... |
| CVE-2022-33724 | 2022-08-05 | Exposure of Sensitive Information in Samsung Dialer application?prior to SMR Aug-2022 Release 1 allows local attackers to access ICCID via log. |
| CVE-2022-33719 | 2022-08-05 | Improper input validation in baseband prior to SMR Aug-2022 Release 1 allows attackers to cause integer overflow to heap overflow. |
| CVE-2022-33730 | 2022-08-05 | Heap-based buffer overflow vulnerability in Samsung Dex for PC prior to SMR Aug-2022 Release 1 allows arbitrary code execution by physical attackers. |
| CVE-2022-33720 | 2022-08-05 | Improper authentication vulnerability in AppLock prior to SMR Aug-2022 Release 1 allows physical attacker to access Chrome locked by AppLock via new tap shortcut. |
| CVE-2020-1691 | 2022-08-05 | In Moodle 3.8, messages required extra sanitizing before updating the conversation overview, to prevent the risk of stored cross-site scripting. |
| CVE-2020-1754 | 2022-08-05 | In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, users viewing the grade history report without the 'access all groups' capability were not restricted to viewing grades of users within their... |
| CVE-2016-3098 | 2022-08-05 | Cross-site request forgery (CSRF) vulnerability in administrate 0.1.4 and earlier allows remote attackers to hijack the user's OAuth autorization code. |
| CVE-2022-22299 | 2022-08-05 | A format string vulnerability [CWE-134] in the command line interpreter of FortiADC version 6.0.0 through 6.0.4, FortiADC version 6.1.0 through 6.1.5, FortiADC version 6.2.0 through 6.2.1, FortiProxy version 1.0.0 through... |
| CVE-2022-2053 | 2022-08-05 | When a POST request comes through AJP and the request exceeds the max-post-size limit (maxEntitySize), Undertow's AjpServerRequestConduit implementation closes a connection without sending any response to the client/proxy. This behavior... |
| CVE-2021-27798 | 2022-08-05 | privileged directory transversal.in Brocade Fabric OS versions 7.4.1.x and 7.3.x |
| CVE-2022-34768 | 2022-08-05 | Synel - eHarmony Stored XSS |
| CVE-2022-34769 | 2022-08-05 | Michlol - rashim web interface Insecure direct object references (IDOR) |
| CVE-2022-1704 | 2022-08-05 | Inductive Automation Ignition |
| CVE-2021-46681 | 2022-08-05 | Vulnerability XSS in module mass operation name field |
| CVE-2021-46679 | 2022-08-05 | Vulnerability XSS in service elements |
| CVE-2021-46676 | 2022-08-05 | Vulnerability XSS in Transaction Map name field |
| CVE-2021-46677 | 2022-08-05 | Vulnerability XSS in Event filter name field |
| CVE-2021-46680 | 2022-08-05 | Vulnerability XSS in module form name field |
| CVE-2021-46678 | 2022-08-05 | Vulnerability XSS in service form name field |
| CVE-2022-37398 | 2022-08-05 | A stack-based buffer overflow vulnerability was found on ADM |
| CVE-2022-2668 | 2022-08-05 | An issue was discovered in Keycloak that allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled |
| CVE-2022-28880 | 2022-08-05 | Denial-of-Service (DoS) Vulnerability |
| CVE-2022-29071 | 2022-08-05 | This advisory documents an internally found vulnerability in the on premises deployment model of Arista CloudVision Portal (CVP) where under a certain set of conditions, user passwords can be leaked in the Audit and System logs. The impact of this vu ... |
| CVE-2021-28511 | 2022-08-05 | This advisory documents the impact of an internally found vulnerability in Arista EOS for security ACL bypass. The impact of this vulnerability is that the security ACL drop rule might be bypassed if a NAT ACL rule filter with permit action matches t ... |
| CVE-2022-27535 | 2022-08-05 | Kaspersky VPN Secure Connection for Windows version up to 21.5 was vulnerable to arbitrary file deletion via abuse of its 'Delete All Service Data And Reports' feature by the local... |
| CVE-2022-2675 | 2022-08-05 | Unitree Go 1 "Robot Dog" Unauthenticated Remote Power Down |
| CVE-2022-35162 | 2022-08-05 | Complete Online Job Search System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the CATEGORY parameter at /category/controller.php?action=edit. |
| CVE-2022-35163 | 2022-08-05 | Complete Online Job Search System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the U_NAME parameter at /category/controller.php?action=edit. |
| CVE-2022-2676 | 2022-08-05 | SourceCodester Electronic Medical Records System POST Request sql injection |
| CVE-2022-2677 | 2022-08-05 | SourceCodester Apartment Visitor Management System index.php sql injection |
| CVE-2022-2678 | 2022-08-05 | SourceCodester Alphaware Simple E-Commerce System Background Management Page admin_feature.php unrestricted upload |
| CVE-2022-2679 | 2022-08-05 | SourceCodester Interview Management System viewReport.php sql injection |
| CVE-2022-2680 | 2022-08-05 | SourceCodester Church Management System login.php sql injection |
| CVE-2022-2681 | 2022-08-05 | SourceCodester Online Student Admission System Student User Page edit-profile.php cross site scripting |
| CVE-2022-2682 | 2022-08-05 | SourceCodester Alphaware Simple E-Commerce System stockin.php cross site scripting |
| CVE-2022-2683 | 2022-08-05 | SourceCodester Simple Food Ordering System login.php cross site scripting |
| CVE-2022-2684 | 2022-08-05 | SourceCodester Apartment Visitor Management System manage-apartment.php cross site scripting |
| CVE-2022-2685 | 2022-08-05 | SourceCodester Interview Management System addQuestion.php cross site scripting |
| CVE-2022-31609 | 2022-08-05 | NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it allows the guest VM to allocate resources for which the guest is not authorized. This... |
| CVE-2022-31614 | 2022-08-05 | NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin) where it may double-free some resources. An attacker may exploit this vulnerability with other vulnerabilities to cause... |
| CVE-2022-37450 | 2022-08-05 | Go Ethereum (aka geth) through 1.10.21 allows attackers to increase rewards by mining blocks in certain situations, and using a manipulation of time-difference values to achieve replacement of main-chain blocks,... |
| CVE-2022-31618 | 2022-08-05 | NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can dereference a null pointer, which may lead to denial of service. |
| CVE-2022-21178 | 2022-08-05 | An os command injection vulnerability exists in the confsrv ucloud_add_new_node functionality of TCL LinkHub Mesh Wifi MS1G_00_01.00_14. A specially-crafted network packet can lead to arbitrary command execution. An attacker can... |
| CVE-2022-21201 | 2022-08-05 | A stack-based buffer overflow vulnerability exists in the confers ucloud_add_node_new functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to stack-based buffer overflow. An attacker can... |
| CVE-2022-22140 | 2022-08-05 | An os command injection vulnerability exists in the confsrv ucloud_add_node functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to arbitrary command execution. An attacker can... |
| CVE-2022-22144 | 2022-08-05 | A hard-coded password vulnerability exists in the libcommonprod.so prod_change_root_passwd functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. During system startup this functionality is always called, leading to a known root password.... |
| CVE-2022-23103 | 2022-08-05 | A stack-based buffer overflow vulnerability exists in the confsrv confctl_set_app_language functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to stack-based buffer overflow. An attacker can... |
| CVE-2022-23399 | 2022-08-05 | A stack-based buffer overflow vulnerability exists in the confsrv set_port_fwd_rule functionality of TCL LinkHub Mesh Wifi MS1G_00_01.00_14. A specially-crafted network packet can lead to stack-based buffer overflow. An attacker can... |
| CVE-2022-23918 | 2022-08-05 | A stack-based buffer overflow vulnerability exists in the confsrv set_mf_rule functionality of TCL LinkHub Mesh Wifi MS1G_00_01.00_14. A specially-crafted network packet can lead to stack-based buffer overflow. An attacker can... |
| CVE-2022-23919 | 2022-08-05 | A stack-based buffer overflow vulnerability exists in the confsrv set_mf_rule functionality of TCL LinkHub Mesh Wifi MS1G_00_01.00_14. A specially-crafted network packet can lead to stack-based buffer overflow. An attacker can... |
| CVE-2022-24005 | 2022-08-05 | A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a... |
| CVE-2022-24006 | 2022-08-05 | A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a... |
| CVE-2022-24007 | 2022-08-05 | A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a... |
| CVE-2022-24008 | 2022-08-05 | A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a... |
| CVE-2022-24009 | 2022-08-05 | A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a... |
| CVE-2022-24010 | 2022-08-05 | A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a... |
| CVE-2022-24011 | 2022-08-05 | A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a... |