CVE List - 2022 / August
Showing 1701 - 1800 of 2306 CVEs for August 2022 (Page 18 of 24)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-0947 | 2022-08-24 | The method PVRSRVBridgeTLDiscoverStreams allocates puiStreamsInt on the heap, fills the contents of the buffer via TLServerDiscoverStreamsKM, and then copies the buffer to userspace. The method TLServerDiscoverStreamsKM may fail for several... |
| CVE-2021-39815 | 2022-08-24 | The PowerVR GPU driver allows unprivileged apps to allocated pinned memory, unpin it (which makes it available to be freed), and continue using the page in GPU calls. No privileges... |
| CVE-2022-20122 | 2022-08-24 | The PowerVR GPU driver allows unprivileged apps to allocated pinned memory, unpin it (which makes it available to be freed), and continue using the page in GPU calls. No privileges... |
| CVE-2021-4178 | 2022-08-24 | A arbitrary code execution flaw was found in the Fabric 8 Kubernetes client affecting versions 5.0.0-beta-1 and above. Due to an improperly configured YAML parsing, this will allow a local... |
| CVE-2021-4209 | 2022-08-24 | A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial... |
| CVE-2021-4213 | 2022-08-24 | A flaw was found in JSS, where it did not properly free up all memory. Over time, the wasted memory builds up in the server memory, saturating the server’s RAM.... |
| CVE-2021-4218 | 2022-08-24 | A flaw was found in the Linux kernel’s implementation of reading the SVC RDMA counters. Reading the counter sysctl panics the system. This flaw allows a local attacker with local... |
| CVE-2021-4217 | 2022-08-24 | A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to... |
| CVE-2021-4122 | 2022-08-24 | It was found that a specially crafted LUKS header could trick cryptsetup into disabling encryption during the recovery of the device. An attacker with physical access to the medium, such... |
| CVE-2021-4125 | 2022-08-24 | It was found that the original fix for log4j CVE-2021-44228 and CVE-2021-45046 in the OpenShift metering hive containers was incomplete, as not all JndiLookup.class files were removed. This CVE only... |
| CVE-2021-4142 | 2022-08-24 | The Candlepin component of Red Hat Satellite was affected by an improper authentication flaw. Few factors could allow an attacker to use the SCA (simple content access) certificate for authentication... |
| CVE-2021-4155 | 2022-08-24 | A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this... |
| CVE-2021-4158 | 2022-08-24 | A NULL pointer dereference issue was found in the ACPI code of QEMU. A malicious, privileged user within the guest could use this flaw to crash the QEMU process on... |
| CVE-2021-4159 | 2022-08-24 | A vulnerability was found in the Linux kernel's EBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to... |
| CVE-2021-4041 | 2022-08-24 | A flaw was found in ansible-runner. An improper escaping of the shell command, while calling the ansible_runner.interface.run_command, can lead to parameters getting executed as host's shell command. A developer could... |
| CVE-2021-4040 | 2022-08-24 | A flaw was found in AMQ Broker. This issue can cause a partial interruption to the availability of AMQ Broker via an Out of memory (OOM) condition. This flaw allows... |
| CVE-2022-34837 | 2022-08-24 | ABB Ability TM Operations Data Management Zenon Zenon Log Server file access control |
| CVE-2022-34836 | 2022-08-24 | ABB Ability TM Operations Data Management Zenon Zenon Log Server file access control |
| CVE-2022-34838 | 2022-08-24 | ABB Ability TM Operations Data Management Zenon Zenon Log Server file access control |
| CVE-2022-2234 | 2022-08-24 | mySCADA myPRO Command Injection |
| CVE-2022-2569 | 2022-08-24 | ARC Informatique PcVue |
| CVE-2021-43309 | 2022-08-24 | ReDoS in uri-template-lite URI.expand function |
| CVE-2022-37181 | 2022-08-24 | 72crm 9.0 has an Arbitrary file upload vulnerability. |
| CVE-2022-37178 | 2022-08-24 | An issue was discovered in 72crm 9.0. There is a SQL Injection vulnerability in View the task calendar. |
| CVE-2018-14520 | 2022-08-24 | An issue was discovered in Kirby 2.5.12. The application allows malicious HTTP requests to be sent in order to trick a user into adding web pages. |
| CVE-2018-14519 | 2022-08-24 | An issue was discovered in Kirby 2.5.12. The delete page functionality suffers from a CSRF flaw. A remote attacker can craft a malicious CSRF page and force the user to... |
| CVE-2022-32810 | 2022-08-24 | The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.5, watchOS 8.7, iOS 15.6 and iPadOS 15.6. An app may be able to execute... |
| CVE-2022-32812 | 2022-08-24 | The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina. An app may be able to... |
| CVE-2022-32839 | 2022-08-24 | The issue was addressed with improved bounds checks. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina, iOS 15.6 and iPadOS 15.6, tvOS... |
| CVE-2022-32811 | 2022-08-24 | A memory corruption vulnerability was addressed with improved locking. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina. An app may be able... |
| CVE-2022-32834 | 2022-08-24 | An access issue was addressed with improvements to the sandbox. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina. An app may be... |
| CVE-2022-32837 | 2022-08-24 | This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.5, tvOS 15.6, iOS 15.6 and iPadOS 15.6. An app may be able to cause unexpected... |
| CVE-2022-32813 | 2022-08-24 | The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina, iOS 15.6 and iPadOS 15.6, tvOS... |
| CVE-2022-32840 | 2022-08-24 | This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.5, watchOS 8.7, iOS 15.6 and iPadOS 15.6. An app may be able to execute arbitrary... |
| CVE-2022-32838 | 2022-08-24 | A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina, iOS 15.6 and iPadOS 15.6.... |
| CVE-2022-32857 | 2022-08-24 | This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina, iOS... |
| CVE-2021-20224 | 2022-08-25 | An integer overflow issue was discovered in ImageMagick's ExportIndexQuantum() function in MagickCore/quantum-export.c. Function calls to GetPixelIndex() could result in values outside the range of representable for the 'unsigned char'. When... |
| CVE-2021-25642 | 2022-08-25 | Apache Hadoop YARN remote code execution in ZKConfigurationStore of capacity scheduler |
| CVE-2021-35937 | 2022-08-25 | A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially... |
| CVE-2021-35938 | 2022-08-25 | A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw... |
| CVE-2021-42521 | 2022-08-25 | There is a NULL pointer dereference vulnerability in VTK before 9.2.5, and it lies in IO/Infovis/vtkXMLTreeReader.cxx. The vendor didn't check the return value of libxml2 API 'xmlDocGetRootElement', and try to... |
| CVE-2022-0135 | 2022-08-25 | An out-of-bounds write issue was found in the VirGL virtual OpenGL renderer (virglrenderer). This flaw allows a malicious guest to create a specially crafted virgil resource and then issue a... |
| CVE-2022-2031 | 2022-08-25 | A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's... |
| CVE-2022-22728 | 2022-08-25 | libapreq2 multipart form parse memory corruption |
| CVE-2022-2959 | 2022-08-25 | A race condition was found in the Linux kernel's watch queue due to a missing lock in pipe_resize_ring(). The specific flaw exists within the handling of pipe buffers. The issue... |
| CVE-2022-2980 | 2022-08-25 | NULL Pointer Dereference in vim/vim |
| CVE-2022-2982 | 2022-08-25 | Use After Free in vim/vim |
| CVE-2022-32742 | 2022-08-25 | A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents... |
| CVE-2022-32744 | 2022-08-25 | A flaw was found in Samba. The KDC accepts kpasswd requests encrypted with any key known to it. By encrypting forged kpasswd requests with its own key, a user can... |
| CVE-2022-32745 | 2022-08-25 | A flaw was found in Samba. Samba AD users can cause the server to access uninitialized data with an LDAP add or modify the request, usually resulting in a segmentation... |
| CVE-2022-32746 | 2022-08-25 | A flaw was found in the Samba AD LDAP server. The AD DC database audit logging module can access LDAP message values freed by a preceding database module, resulting in... |
| CVE-2022-38533 | 2022-08-25 | In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error function bfd_getl32 when called from the strip_main function in strip-new via a crafted file. |
| CVE-2021-3979 | 2022-08-25 | A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to create... |
| CVE-2022-32427 | 2022-08-25 | PrinterLogic Windows Client through 25.0.0.676 allows attackers to execute directory traversal. Authenticated users with prior knowledge of the driver filename could exploit this to escalate privileges or distribute malicious content.... |
| CVE-2022-34960 | 2022-08-25 | The container package in MikroTik RouterOS 7.4beta4 allows an attacker to create mount points pointing to symbolic links, which resolve to locations on the host device. This allows the attacker... |
| CVE-2022-36804 | 2022-08-25 | Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10, from version 7.18.0 before version 7.21.4, from version 8.0.0 before... |
| CVE-2022-2957 | 2022-08-25 | SourceCodester Simple and Nice Shopping Cart Script profile.php sql injection |
| CVE-2022-36456 | 2022-08-25 | TOTOLink A720R V4.1.5cu.532_B20210610 was discovered to contain a command injection vulnerability via the username parameter in /cstecgi.cgi. |
| CVE-2022-36458 | 2022-08-25 | TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a command injection vulnerability via the command parameter in the function setTracerouteCfg. |
| CVE-2022-36459 | 2022-08-25 | TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a command injection vulnerability via the host_time parameter in the function NTPSyncWithHost. |
| CVE-2022-36460 | 2022-08-25 | TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a command injection vulnerability via the FileName parameter in the function UploadFirmwareFile. |
| CVE-2022-36461 | 2022-08-25 | TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a command injection vulnerability via the hostName parameter in the function setOpModeCfg. |
| CVE-2022-36462 | 2022-08-25 | TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a stack overflow via the lang parameter in the function setLanguageCfg. |
| CVE-2022-36463 | 2022-08-25 | TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a stack overflow via the command parameter in the function setTracerouteCfg. |
| CVE-2022-36464 | 2022-08-25 | TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a stack overflow via the sPort parameter in the function setIpPortFilterRules. |
| CVE-2022-36465 | 2022-08-25 | TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a stack overflow via the pppoeUser parameter. |
| CVE-2022-36466 | 2022-08-25 | TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a stack overflow via the ip parameter in the function setDiagnosisCfg. |
| CVE-2022-36467 | 2022-08-25 | H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow via the function EditMacList.d. |
| CVE-2022-36468 | 2022-08-25 | H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow via the function Asp_SetTimingtimeWifiAndLed. |
| CVE-2022-36469 | 2022-08-25 | H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow via the function SetAPWifiorLedInfoById. |
| CVE-2022-36471 | 2022-08-25 | H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow via the function SetMacAccessMode. |
| CVE-2022-36470 | 2022-08-25 | H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow via the function SetAP5GWifiById. |
| CVE-2022-36472 | 2022-08-25 | H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow via the function SetMobileAPInfoById. |
| CVE-2022-36473 | 2022-08-25 | H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow via the function Edit_BasicSSID_5G. |
| CVE-2022-36475 | 2022-08-25 | H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow via the function AddMacList. |
| CVE-2022-36474 | 2022-08-25 | H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow via the function WlanWpsSet. |
| CVE-2022-36477 | 2022-08-25 | H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow via the function AddWlanMacList. |
| CVE-2022-36478 | 2022-08-25 | H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow via the function Edit_BasicSSID. |
| CVE-2022-36479 | 2022-08-25 | TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the host_time parameter in the function NTPSyncWithHost. |
| CVE-2022-36480 | 2022-08-25 | TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a stack overflow via the command parameter in the function setTracerouteCfg. |
| CVE-2022-36481 | 2022-08-25 | TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the ip parameter in the function setDiagnosisCfg. |
| CVE-2022-36482 | 2022-08-25 | TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the lang parameter in the function setLanguageCfg. |
| CVE-2022-36483 | 2022-08-25 | TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a stack overflow via the pppoeUser parameter. |
| CVE-2022-36484 | 2022-08-25 | TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a stack overflow via the function setDiagnosisCfg. |
| CVE-2022-36485 | 2022-08-25 | TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the hostName parameter in the function setOpModeCfg. |
| CVE-2022-36486 | 2022-08-25 | TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the FileName parameter in the function UploadFirmwareFile. |
| CVE-2022-36487 | 2022-08-25 | TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the command parameter in the function setTracerouteCfg. |
| CVE-2022-36488 | 2022-08-25 | TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a stack overflow via the sPort parameter in the function setIpPortFilterRules. |
| CVE-2022-36489 | 2022-08-25 | H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function EnableIpv6. |
| CVE-2022-36494 | 2022-08-25 | H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function edditactionlist. |
| CVE-2022-36491 | 2022-08-25 | H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function UpdateIpv6Params. |
| CVE-2022-36493 | 2022-08-25 | H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function SetAPWifiorLedInfoById. |
| CVE-2022-36490 | 2022-08-25 | H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function EditMacList. |
| CVE-2022-36495 | 2022-08-25 | H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function addactionlist. |
| CVE-2022-36497 | 2022-08-25 | H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function Edit_BasicSSID_5G. |
| CVE-2022-36492 | 2022-08-25 | H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function AddMacList. |
| CVE-2022-36498 | 2022-08-25 | H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function Asp_SetTimingtimeWifiAndLed. |
| CVE-2022-36500 | 2022-08-25 | H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function EditWlanMacList. |
| CVE-2022-36501 | 2022-08-25 | H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function UpdateSnat. |
| CVE-2022-36496 | 2022-08-25 | H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function SetMobileAPInfoById. |