CVE List - 2022 / August
Showing 1601 - 1700 of 2306 CVEs for August 2022 (Page 17 of 24)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-33916 | 2022-08-23 | OPC UA .NET Standard Reference Server 1.04.368 allows a remote attacker to cause the application to access sensitive information. |
| CVE-2021-42232 | 2022-08-23 | TP-Link Archer A7 Archer A7(US)_V5_210519 is affected by a command injection vulnerability in /usr/bin/tddp. The vulnerability is caused by the program taking part of the received data packet as part... |
| CVE-2019-25075 | 2022-08-23 | HTML injection combined with path traversal in the Email service in Gravitee API Management before 1.25.3 allows anonymous users to read arbitrary files via a /management/users/register request. |
| CVE-2022-34919 | 2022-08-23 | The file upload wizard in Zengenti Contensis Classic before 15.2.1.79 does not correctly check that a user has authenticated. By uploading a crafted aspx file, it is possible to execute... |
| CVE-2020-35992 | 2022-08-23 | Fiserv Prologue through 2020-12-16 does not properly protect the database password. If an attacker were to gain access to the configuration file (specifically, the LogPassword attribute within appconfig.ini), they would... |
| CVE-2022-35733 | 2022-08-23 | Missing authentication for critical function vulnerability in UNIMO Technology digital video recorders (UDR-JA1004/JA1008/JA1016 firmware versions v1.0.20.13 and earlier, and UDR-JA1016 firmware versions v2.0.20.13 and earlier) allows a remote unauthenticated attacker... |
| CVE-2022-2829 | 2022-08-23 | Cross-site Scripting (XSS) - Stored in yetiforcecompany/yetiforcecrm |
| CVE-2022-25302 | 2022-08-23 | Denial of Service (DoS) |
| CVE-2022-25304 | 2022-08-23 | Denial of Service (DoS) |
| CVE-2022-25231 | 2022-08-23 | Denial of Service (DoS) |
| CVE-2022-21208 | 2022-08-23 | Denial of Service (DoS) |
| CVE-2022-24298 | 2022-08-23 | Denial of Service (DoS) |
| CVE-2022-25761 | 2022-08-23 | Denial of Service (DoS) |
| CVE-2022-25888 | 2022-08-23 | Denial of Service (DoS) |
| CVE-2022-24381 | 2022-08-23 | Denial of Service (DoS) |
| CVE-2022-27637 | 2022-08-23 | Reflected cross-site scripting vulnerability in PukiWiki versions 1.5.1 to 1.5.3 allows a remote attacker to inject an arbitrary script via unspecified vectors. |
| CVE-2022-34486 | 2022-08-23 | Path traversal vulnerability in PukiWiki versions 1.4.5 to 1.5.3 allows a remote authenticated attacker with an administrative privilege to execute a malicious script via unspecified vectors. |
| CVE-2022-36350 | 2022-08-23 | Stored cross-site scripting vulnerability in PukiWiki versions 1.3.1 to 1.5.3 allows a remote attacker to inject an arbitrary script via unspecified vectors. |
| CVE-2022-2796 | 2022-08-23 | Cross-site Scripting (XSS) - Stored in pimcore/pimcore |
| CVE-2022-1989 | 2022-08-23 | CODESYS Visualization vulnerable to user enumeration |
| CVE-2022-2956 | 2022-08-23 | ConsoleTVs Noxen users.php cross site scripting |
| CVE-2021-42627 | 2022-08-23 | The WAN configuration page "wan.htm" on D-Link DIR-615 devices with firmware 20.06 can be accessed directly without authentication which can lead to disclose the information about WAN settings and also... |
| CVE-2022-35203 | 2022-08-23 | An access control issue in TrendNet TV-IP572PI v1.0 allows unauthenticated attackers to access sensitive system information. |
| CVE-2022-36261 | 2022-08-23 | An arbitrary file deletion vulnerability was discovered in taocms 3.0.2, that allows attacker to delete file in server when request url admin.php?action=file&ctrl=del&path=/../../../test.txt |
| CVE-2022-37199 | 2022-08-23 | JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system/user/list. |
| CVE-2022-37223 | 2022-08-23 | JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system/role/list. |
| CVE-2022-37113 | 2022-08-23 | Bluecms 1.6 has SQL injection in line 132 of admin/area.php |
| CVE-2022-37112 | 2022-08-23 | BlueCMS 1.6 has SQL injection in line 55 of admin/model.php |
| CVE-2022-37111 | 2022-08-23 | BlueCMS 1.6 has SQL injection in line 132 of admin/article.php |
| CVE-2022-2965 | 2022-08-23 | Improper Restriction of Rendered UI Layers or Frames in notrinos/notrinoserp |
| CVE-2022-34648 | 2022-08-23 | WordPress Uploading SVG, WEBP and ICO files plugin <= 1.0.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-29476 | 2022-08-23 | WordPress Notification Bar for WordPress plugin <= 1.1.8 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-35242 | 2022-08-23 | WordPress THE Leads Management System: 59sec LITE plugin <= 3.4.1 - Unauthenticated plugin settings change vulnerability |
| CVE-2022-34868 | 2022-08-23 | WordPress ЮKassa для WooCommerce plugin <= 2.3.0 - Authenticated Arbitrary Settings Update vulnerability |
| CVE-2022-33142 | 2022-08-23 | WordPress Better Messages plugin <= 1.9.10.57 - Denial Of Service (DoS) vulnerability |
| CVE-2022-34658 | 2022-08-23 | WordPress Download Manager plugin <= 3.2.48 - Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities |
| CVE-2022-36282 | 2022-08-23 | WordPress Search Exclude plugin <= 1.2.6 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-35235 | 2022-08-23 | WordPress WPide plugin <= 2.6 - Authenticated Arbitrary File Read vulnerability |
| CVE-2022-36288 | 2022-08-23 | WordPress Download Manager plugin <= 3.2.48 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities |
| CVE-2022-36341 | 2022-08-23 | WordPress AS – Create Pinterest Pinboard Pages plugin <= 1.0 - Authenticated plugin settings change leading to Stored Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-36394 | 2022-08-23 | WordPress Contest Gallery plugin <= 17.0.4 - Authenticated SQL Injection (SQLi) vulnerability |
| CVE-2022-36379 | 2022-08-23 | WordPress ЮKassa для WooCommerce plugin <= 2.3.0 - Cross-Site Request Forgery (CSRF) leading to plugin settings update |
| CVE-2022-35726 | 2022-08-23 | WordPress Video Gallery plugin <= 1.3.4.5 - Broken Authentication vulnerability |
| CVE-2022-36285 | 2022-08-23 | WordPress Uploading SVG, WEBP and ICO files plugin <= 1.0.1 - Authenticated Arbitrary File Upload vulnerability |
| CVE-2022-36292 | 2022-08-23 | WordPress Gallery PhotoBlocks plugin <= 1.2.6 - Cross-Site Request Forgery (CSRF) vulnerabilities |
| CVE-2022-36347 | 2022-08-23 | WordPress Alpine PhotoTile for Pinterest plugin <= 1.3.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-36405 | 2022-08-23 | WordPress amCharts: Charts and Maps plugin <= 1.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-36389 | 2022-08-23 | WordPress Better Messages plugin <= 1.9.9.148 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2021-3798 | 2022-08-23 | A flaw was found in openCryptoki. The openCryptoki Soft token does not check if an EC key is valid when an EC key is created via C_CreateObject, nor when C_DeriveKey... |
| CVE-2021-3670 | 2022-08-23 | MaxQueryDuration not honoured in Samba AD DC LDAP |
| CVE-2021-3690 | 2022-08-23 | A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of... |
| CVE-2021-3701 | 2022-08-23 | A flaw was found in ansible-runner where the default temporary files configuration in ansible-2.0.0 are written to world R/W locations. This flaw allows an attacker to pre-create the directory, resulting... |
| CVE-2021-3702 | 2022-08-23 | A race condition flaw was found in ansible-runner, where an attacker could watch for rapid creation and deletion of a temporary directory, substitute their directory at that name, and then... |
| CVE-2021-3714 | 2022-08-23 | A flaw was found in the Linux kernels memory deduplication mechanism. Previous work has shown that memory deduplication can be attacked via a local exploitation mechanism. The same technique can... |
| CVE-2021-3736 | 2022-08-23 | A flaw was found in the Linux kernel. A memory leak problem was found in mbochs_ioctl in samples/vfio-mdev/mbochs.c in Virtual Function I/O (VFIO) Mediated devices. This flaw could allow a... |
| CVE-2021-3763 | 2022-08-23 | A flaw was found in the Red Hat AMQ Broker management console in version 7.8 where an existing user is able to access some limited information even when the role... |
| CVE-2021-3764 | 2022-08-23 | A memory leak flaw was found in the Linux kernel's ccp_run_aes_gcm_cmd() function that allows an attacker to cause a denial of service. The vulnerability is similar to the older CVE-2019-18808.... |
| CVE-2021-3839 | 2022-08-23 | A flaw was found in the vhost library in DPDK. Function vhost_user_set_inflight_fd() does not validate `msg->payload.inflight.num_queues`, possibly causing out-of-bounds memory read/write. Any software using DPDK vhost library may crash as... |
| CVE-2021-3827 | 2022-08-23 | A flaw was found in keycloak, where the default ECP binding flow allows other authentication flows to be bypassed. By exploiting this behavior, an attacker can bypass the MFA authentication... |
| CVE-2020-35509 | 2022-08-23 | A flaw was found in keycloak affecting versions 11.0.3 and 12.0.0. An expired certificate would be accepted by the direct-grant authenticator because of missing time stamp validations. The highest threat... |
| CVE-2022-28882 | 2022-08-23 | Denial-of-Service (DoS) Vulnerability |
| CVE-2022-28883 | 2022-08-23 | Denial-of-Service (DoS) Vulnerability |
| CVE-2022-37428 | 2022-08-23 | PowerDNS Recursor up to and including 4.5.9, 4.6.2 and 4.7.1, when protobuf logging is enabled, has Improper Cleanup upon a Thrown Exception, leading to a denial of service (daemon crash)... |
| CVE-2022-38663 | 2022-08-23 | Jenkins Git Plugin 4.11.4 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log provided by the Git Username and Password (`gitUsernamePassword`) credentials binding. |
| CVE-2022-38664 | 2022-08-23 | Jenkins Job Configuration History Plugin 1165.v8cc9fd1f4597 and earlier does not escape the job name on the System Configuration History page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by... |
| CVE-2022-38665 | 2022-08-23 | Jenkins CollabNet Plugins Plugin 2.0.8 and earlier stores a RabbitMQ password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access... |
| CVE-2022-1513 | 2022-08-23 | A potential vulnerability was reported in Lenovo PCManager prior to version 5.0.10.4191 that may allow code execution when visiting a specially crafted website. |
| CVE-2022-35115 | 2022-08-23 | IceWarp WebClient DC2 - Update 2 Build 9 (13.0.2.9) was discovered to contain a SQL injection vulnerability via the search parameter at /webmail/server/webmail.php. |
| CVE-2022-38172 | 2022-08-23 | ServiceNow through San Diego Patch 3 allows XSS via the name field during creation of a new dashboard for the Performance Analytics dashboard. |
| CVE-2022-38463 | 2022-08-23 | ServiceNow through San Diego Patch 4b and Patch 6 allows reflected XSS in the logout functionality. |
| CVE-2021-3917 | 2022-08-23 | A flaw was found in the coreos-installer, where it writes the Ignition config to the target system with world-readable access permissions. This flaw allows a local attacker to have read... |
| CVE-2022-38132 | 2022-08-23 | Command injection vulnerability in Linksys MR8300 router while Registration to DDNS Service. By specifying username and password, an attacker connected to the router's web interface can execute arbitrary OS commands. |
| CVE-2021-3999 | 2022-08-24 | A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local... |
| CVE-2021-4028 | 2022-08-24 | A flaw in the Linux kernel's implementation of RDMA communications manager listener code allowed an attacker with local access to setup a socket to listen on a high port allowing... |
| CVE-2021-4037 | 2022-08-24 | A vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel that allows local users to create files for the XFS file-system with an unintended group ownership and... |
| CVE-2021-4204 | 2022-08-24 | An out-of-bounds (OOB) memory access flaw was found in the Linux kernel's eBPF due to an Improper Input Validation. This flaw allows a local attacker with a special privilege to... |
| CVE-2021-4214 | 2022-08-24 | A heap overflow flaw was found in libpngs' pngimage.c program. This flaw allows an attacker with local network access to pass a specially crafted PNG file to the pngimage utility,... |
| CVE-2022-27812 | 2022-08-24 | Flooding SNS firewall versions 3.7.0 to 3.7.29, 3.11.0 to 3.11.17, 4.2.0 to 4.2.10, and 4.3.0 to 4.3.6 with specific forged traffic, can lead to SNS DoS. |
| CVE-2022-2978 | 2022-08-24 | A flaw use after free in the Linux kernel NILFS file system was found in the way user triggers function security_inode_alloc to fail with following call to function nilfs_mdt_destroy. A... |
| CVE-2021-3998 | 2022-08-24 | A flaw was found in glibc. The realpath() function can mistakenly return an unexpected value, potentially leading to information leakage and disclosure of sensitive data. |
| CVE-2021-4189 | 2022-08-24 | A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from... |
| CVE-2022-32793 | 2022-08-24 | Multiple out-of-bounds write issues were addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.5, watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6. An app may... |
| CVE-2022-32893 | 2022-08-24 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1, Safari 15.6.1. Processing maliciously crafted web content... |
| CVE-2022-32894 | 2022-08-24 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1. An application may be able to execute... |
| CVE-2022-25903 | 2022-08-24 | Denial of Service (DoS) |
| CVE-2022-36945 | 2022-08-24 | The Remote Keyless Entry (RKE) receiving unit on certain Mazda vehicles through 2020 allows remote attackers to perform unlock operations and force a resynchronization after capturing three consecutive valid key-fob... |
| CVE-2022-24375 | 2022-08-24 | Denial of Service (DoS) |
| CVE-2022-37305 | 2022-08-24 | The Remote Keyless Entry (RKE) receiving unit on certain Honda vehicles through 2018 allows remote attackers to perform unlock operations and force a resynchronization after capturing five consecutive valid RKE... |
| CVE-2022-37418 | 2022-08-24 | The Remote Keyless Entry (RKE) receiving unit on certain Nissan, Kia, and Hyundai vehicles through 2017 allows remote attackers to perform unlock operations and force a resynchronization after capturing two... |
| CVE-2022-37333 | 2022-08-24 | SQL injection vulnerability in the Exment ((PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier) allows remote authenticated attackers... |
| CVE-2022-38078 | 2022-08-24 | Movable Type XMLRPC API provided by Six Apart Ltd. contains a command injection vulnerability. Sending a specially crafted message by POST method to Movable Type XMLRPC API may allow arbitrary... |
| CVE-2022-38080 | 2022-08-24 | Reflected cross-site scripting vulnerability in Exment ((PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier) allows a remote authenticated... |
| CVE-2022-38089 | 2022-08-24 | Stored cross-site scripting vulnerability in Exment ((PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier) allows a remote authenticated... |
| CVE-2022-33172 | 2022-08-24 | de.fac2 1.34 allows bypassing the User Presence protection mechanism when there is malware on the victim's PC. |
| CVE-2022-37153 | 2022-08-24 | An issue was discovered in Artica Proxy 4.30.000000. There is a XSS vulnerability via the password parameter in /fw.login.php. |
| CVE-2022-36633 | 2022-08-24 | Teleport 9.3.6 is vulnerable to Command injection leading to Remote Code Execution. An attacker can craft a malicious ssh agent installation link by URL encoding a bash escape with carriage... |
| CVE-2021-0698 | 2022-08-24 | In PVRSRVBridgeHeapCfgHeapDetails, there is a possible leak of kernel heap content due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction... |
| CVE-2021-0887 | 2022-08-24 | In PVRSRVBridgeHeapCfgHeapConfigName, there is a possible leak of kernel heap content due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction... |
| CVE-2021-0891 | 2022-08-24 | An unprivileged app can trigger PowerVR driver to return an uninitialized heap memory causing information disclosure.Product: AndroidVersions: Android SoCAndroid ID: A-236849490 |
| CVE-2021-0946 | 2022-08-24 | The method PVRSRVBridgePMRPDumpSymbolicAddr allocates puiMemspaceNameInt on the heap, fills the contents of the buffer via PMR_PDumpSymbolicAddr, and then copies the buffer to userspace. The method PMR_PDumpSymbolicAddr may fail, and if... |