CVE List - 2022 / August
Showing 601 - 700 of 2306 CVEs for August 2022 (Page 7 of 24)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-35779 | 2022-08-09 | Azure RTOS GUIX Studio Remote Code Execution Vulnerability |
| CVE-2022-35780 | 2022-08-09 | Azure Site Recovery Elevation of Privilege Vulnerability |
| CVE-2022-35781 | 2022-08-09 | Azure Site Recovery Elevation of Privilege Vulnerability |
| CVE-2022-35782 | 2022-08-09 | Azure Site Recovery Elevation of Privilege Vulnerability |
| CVE-2022-35783 | 2022-08-09 | Azure Site Recovery Elevation of Privilege Vulnerability |
| CVE-2022-35784 | 2022-08-09 | Azure Site Recovery Elevation of Privilege Vulnerability |
| CVE-2022-35785 | 2022-08-09 | Azure Site Recovery Elevation of Privilege Vulnerability |
| CVE-2022-35786 | 2022-08-09 | Azure Site Recovery Elevation of Privilege Vulnerability |
| CVE-2022-35787 | 2022-08-09 | Azure Site Recovery Elevation of Privilege Vulnerability |
| CVE-2022-35788 | 2022-08-09 | Azure Site Recovery Elevation of Privilege Vulnerability |
| CVE-2022-35789 | 2022-08-09 | Azure Site Recovery Elevation of Privilege Vulnerability |
| CVE-2022-35790 | 2022-08-09 | Azure Site Recovery Elevation of Privilege Vulnerability |
| CVE-2022-35791 | 2022-08-09 | Azure Site Recovery Elevation of Privilege Vulnerability |
| CVE-2022-35792 | 2022-08-09 | Storage Spaces Direct Elevation of Privilege Vulnerability |
| CVE-2022-35793 | 2022-08-09 | Windows Print Spooler Elevation of Privilege Vulnerability |
| CVE-2022-35794 | 2022-08-09 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability |
| CVE-2022-35795 | 2022-08-09 | Windows Error Reporting Service Elevation of Privilege Vulnerability |
| CVE-2022-35796 | 2022-08-09 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability |
| CVE-2022-35797 | 2022-08-09 | Windows Hello Security Feature Bypass Vulnerability |
| CVE-2022-35799 | 2022-08-09 | Azure Site Recovery Elevation of Privilege Vulnerability |
| CVE-2022-35800 | 2022-08-09 | Azure Site Recovery Elevation of Privilege Vulnerability |
| CVE-2022-35801 | 2022-08-09 | Azure Site Recovery Elevation of Privilege Vulnerability |
| CVE-2022-35802 | 2022-08-09 | Azure Site Recovery Elevation of Privilege Vulnerability |
| CVE-2022-35804 | 2022-08-09 | SMB Client and Server Remote Code Execution Vulnerability |
| CVE-2022-35806 | 2022-08-09 | Azure RTOS GUIX Studio Remote Code Execution Vulnerability |
| CVE-2022-35807 | 2022-08-09 | Azure Site Recovery Elevation of Privilege Vulnerability |
| CVE-2022-35808 | 2022-08-09 | Azure Site Recovery Elevation of Privilege Vulnerability |
| CVE-2022-35809 | 2022-08-09 | Azure Site Recovery Elevation of Privilege Vulnerability |
| CVE-2022-35810 | 2022-08-09 | Azure Site Recovery Elevation of Privilege Vulnerability |
| CVE-2022-35811 | 2022-08-09 | Azure Site Recovery Elevation of Privilege Vulnerability |
| CVE-2021-40034 | 2022-08-09 | The video framework has the memory overwriting vulnerability caused by addition overflow. Successful exploitation of this vulnerability may affect the availability. |
| CVE-2022-37007 | 2022-08-09 | The chinadrm module has an out-of-bounds read vulnerability. Successful exploitation of this vulnerability may affect the availability. |
| CVE-2022-35813 | 2022-08-09 | Azure Site Recovery Elevation of Privilege Vulnerability |
| CVE-2022-37001 | 2022-08-09 | The diag-router module has a vulnerability in intercepting excessive long and short instructions. Successful exploitation of this vulnerability will cause the diag-router module to crash. |
| CVE-2022-37008 | 2022-08-09 | The recovery module has a vulnerability of bypassing the verification of an update package before use. Successful exploitation of this vulnerability may affect system stability. |
| CVE-2022-35814 | 2022-08-09 | Azure Site Recovery Elevation of Privilege Vulnerability |
| CVE-2022-35815 | 2022-08-09 | Azure Site Recovery Elevation of Privilege Vulnerability |
| CVE-2022-37002 | 2022-08-09 | The SystemUI module has a privilege escalation vulnerability. Successful exploitation of this vulnerability can cause malicious applications to pop up windows or run in the background. |
| CVE-2022-37004 | 2022-08-09 | The Settings application has a vulnerability of bypassing the out-of-box experience (OOBE). Successful exploitation of this vulnerability may affect the availability. |
| CVE-2022-35816 | 2022-08-09 | Azure Site Recovery Elevation of Privilege Vulnerability |
| CVE-2022-37003 | 2022-08-09 | The AOD module has a vulnerability in permission assignment. Successful exploitation of this vulnerability may cause permission escalation and unauthorized access to files. |
| CVE-2022-37005 | 2022-08-09 | The Settings application has an argument injection vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. |
| CVE-2022-35817 | 2022-08-09 | Azure Site Recovery Elevation of Privilege Vulnerability |
| CVE-2021-40030 | 2022-08-09 | The My HUAWEI app has a defect in the design. Successful exploitation of this vulnerability may affect data confidentiality. |
| CVE-2022-35818 | 2022-08-09 | Azure Site Recovery Elevation of Privilege Vulnerability |
| CVE-2021-40040 | 2022-08-09 | Vulnerability of writing data to an arbitrary address in the HW_KEYMASTER module. Successful exploitation of this vulnerability may affect confidentiality. |
| CVE-2022-35819 | 2022-08-09 | Azure Site Recovery Elevation of Privilege Vulnerability |
| CVE-2022-35820 | 2022-08-09 | Windows Bluetooth Driver Elevation of Privilege Vulnerability |
| CVE-2022-37006 | 2022-08-09 | Permission control vulnerability in the network module. Successful exploitation of this vulnerability may affect service availability. |
| CVE-2022-35821 | 2022-08-09 | Azure Sphere Information Disclosure Vulnerability |
| CVE-2022-35824 | 2022-08-09 | Azure Site Recovery Remote Code Execution Vulnerability |
| CVE-2022-35825 | 2022-08-09 | Visual Studio Remote Code Execution Vulnerability |
| CVE-2022-35697 | 2022-08-09 | AEM File Upload Security Issue leading to RXSS |
| CVE-2022-35826 | 2022-08-09 | Visual Studio Remote Code Execution Vulnerability |
| CVE-2022-35290 | 2022-08-09 | Under certain conditions SAP Authenticator for Android allows an attacker to access information which would otherwise be restricted. |
| CVE-2022-35827 | 2022-08-09 | Visual Studio Remote Code Execution Vulnerability |
| CVE-2022-35293 | 2022-08-09 | Due to insecure session management, SAP Enable Now allows an unauthenticated attacker to gain access to user's account. On successful exploitation, an attacker can view or modify user data causing... |
| CVE-2022-32245 | 2022-08-09 | SAP BusinessObjects Business Intelligence Platform (Open Document) - versions 420, 430, allows an unauthenticated attacker to retrieve sensitive information plain text over the network. On successful exploitation, the attacker can... |
| CVE-2022-2458 | 2022-08-09 | XML external entity injection(XXE) is a vulnerability that allows an attacker to interfere with an application's processing of XML data. This attack occurs when XML input containing a reference to... |
| CVE-2022-29083 | 2022-08-09 | Prior Dell BIOS versions contain an Improper Authentication vulnerability. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability by bypassing drive security mechanisms in order... |
| CVE-2022-30632 | 2022-08-09 | Stack exhaustion on crafted paths in path/filepath |
| CVE-2022-2457 | 2022-08-09 | A flaw was found in Red Hat Process Automation Manager 7 where an attacker can benefit from a brute force attack against Administration Console as the application does not limit... |
| CVE-2022-30635 | 2022-08-09 | Stack exhaustion when decoding certain messages in encoding/gob |
| CVE-2022-30633 | 2022-08-09 | Stack exhaustion when unmarshaling certain documents in encoding/xml |
| CVE-2022-30631 | 2022-08-09 | Stack exhaustion when reading certain archives in compress/gzip |
| CVE-2022-1705 | 2022-08-09 | Improper sanitization of Transfer-Encoding headers in net/http |
| CVE-2022-30630 | 2022-08-09 | Stack exhaustion in Glob on certain paths in io/fs |
| CVE-2022-30629 | 2022-08-09 | Session tickets lack random ticket_age_add in crypto/tls |
| CVE-2022-32189 | 2022-08-09 | Panic when decoding Float and Rat types in math/big |
| CVE-2022-30580 | 2022-08-09 | Empty Cmd.Path can trigger unintended binary in os/exec on Windows |
| CVE-2022-2719 | 2022-08-09 | In ImageMagick, a crafted file could trigger an assertion failure when a call to WriteImages was made in MagickWand/operation.c, due to a NULL image list. This could potentially cause a... |
| CVE-2022-1962 | 2022-08-09 | Stack exhaustion due to deeply nested types in go/parser |
| CVE-2022-32148 | 2022-08-09 | Exposure of client IP addresses in net/http |
| CVE-2022-2634 | 2022-08-09 | Digi ConnectPort X2D |
| CVE-2022-23238 | 2022-08-09 | Linux deployments of StorageGRID (formerly StorageGRID Webscale) versions 11.6.0 through 11.6.0.2 deployed with a Linux kernel version less than 4.7.0 are susceptible to a vulnerability which could allow a remote... |
| CVE-2022-31672 | 2022-08-09 | VMware vRealize Operations contains a privilege escalation vulnerability. A malicious actor with administrative network access can escalate privileges to root. |
| CVE-2022-31675 | 2022-08-09 | VMware vRealize Operations contains an authentication bypass vulnerability. An unauthenticated malicious actor with network access may be able to create a user with administrative privileges. |
| CVE-2022-31674 | 2022-08-09 | VMware vRealize Operations contains an information disclosure vulnerability. A low-privileged malicious actor with network access can access log files that lead to information disclosure. |
| CVE-2022-31673 | 2022-08-09 | VMware vRealize Operations contains an information disclosure vulnerability. A low-privileged malicious actor with network access can create and leak hex dumps, leading to information disclosure. Successful exploitation can lead to... |
| CVE-2022-22983 | 2022-08-09 | VMware Workstation (16.x prior to 16.2.4) contains an unprotected storage of credentials vulnerability. A malicious actor with local user privileges to the victim machine may exploit this vulnerability leading to... |
| CVE-2021-46778 | 2022-08-09 | Execution unit scheduler contention may lead to a side channel vulnerability found on AMD CPU microarchitectures codenamed “Zen 1”, “Zen 2” and “Zen 3” that use simultaneous multithreading (SMT). By... |
| CVE-2021-39696 | 2022-08-09 | In Task.java, there is a possible escalation of privilege due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction... |
| CVE-2022-20239 | 2022-08-09 | remap_pfn_range' here may map out of size kernel memory (for example, may map the kernel area), and because the 'vma->vm_page_prot' can also be controlled by userspace, so userspace may map... |
| CVE-2022-20344 | 2022-08-09 | In stealReceiveChannel of EventThread.cpp, there is a possible way to interfere with process communication due to a race condition. This could lead to local escalation of privilege with no additional... |
| CVE-2022-20345 | 2022-08-09 | In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional... |
| CVE-2022-20346 | 2022-08-09 | In updateAudioTrackInfoFromESDS_MPEG4Audio of MPEG4Extractor.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges... |
| CVE-2022-20347 | 2022-08-09 | In onAttach of ConnectedDeviceDashboardFragment.java, there is a possible permission bypass due to a confused deputy. This could lead to remote escalation of privilege in Bluetooth settings with no additional execution... |
| CVE-2022-20348 | 2022-08-09 | In updateState of LocationServicesWifiScanningPreferenceController.java, there is a possible admin restriction bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges... |
| CVE-2022-20349 | 2022-08-09 | In WifiScanningPreferenceController and BluetoothScanningPreferenceController, there is a possible admin restriction bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges... |
| CVE-2022-20350 | 2022-08-09 | In onCreate of NotificationAccessConfirmationActivity.java, there is a possible way to trick the victim to grant notification access to the wrong app due to improper input validation. This could lead to... |
| CVE-2022-20352 | 2022-08-09 | In addProviderRequestListener of LocationManagerService.java, there is a possible way to learn which packages request location information due to a missing permission check. This could lead to local information disclosure with... |
| CVE-2022-20353 | 2022-08-09 | In onSaveRingtone of DefaultRingtonePreference.java, there is a possible inappropriate file read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User... |
| CVE-2022-20354 | 2022-08-09 | In onDefaultNetworkChanged of Vpn.java, there is a possible way to disable VPN due to a logic error in the code. This could lead to local escalation of privilege with no... |
| CVE-2022-20355 | 2022-08-09 | In get of PacProxyService.java, there is a possible system service crash due to improper input validation. This could lead to local denial of service with User execution privileges needed. User... |
| CVE-2022-20356 | 2022-08-09 | In shouldAllowFgsWhileInUsePermissionLocked of ActiveServices.java, there is a possible way to start foreground service from background due to improper input validation. This could lead to local escalation of privilege with no... |
| CVE-2022-20357 | 2022-08-09 | In writeToParcel of SurfaceControl.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is... |
| CVE-2022-20358 | 2022-08-09 | In startSync of AbstractThreadedSyncAdapter.java, there is a possible way to access protected content of content providers due to a missing permission check. This could lead to local information disclosure with... |
| CVE-2022-20360 | 2022-08-09 | In setChecked of SecureNfcPreferenceController.java, there is a missing permission check. This could lead to local escalation of privilege from the guest user with no additional execution privileges needed. User interaction... |
| CVE-2022-20361 | 2022-08-09 | In btif_dm_auth_cmpl_evt of btif_dm.cc, there is a possible vulnerability in Cross-Transport Key Derivation due to Weakness in Bluetooth Standard. This could lead to remote escalation of privilege with no additional... |
| CVE-2022-28129 | 2022-08-10 | Insufficient Validation of HTTP/1.x Headers |