CVE List - 2022 / August
Showing 101 - 200 of 2306 CVEs for August 2022 (Page 2 of 24)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-31195 | 2022-08-01 | Path traversal vulnerability in Simple Archive Format package import in DSpace |
| CVE-2022-31198 | 2022-08-01 | GovernorVotesQuorumFraction updates to quorum may affect past defeated proposals in @openzeppelin/contracts |
| CVE-2022-35916 | 2022-08-01 | Cross chain utilities for Arbitrum L2 see EOA calls as cross chain calls |
| CVE-2022-35915 | 2022-08-01 | Unbounded gas consumption in @openzeppelin/contracts |
| CVE-2022-35917 | 2022-08-01 | Weakness in Transfer Validation Logic in @solana/pay |
| CVE-2022-35918 | 2022-08-01 | Streamlit directory traversal vulnerability |
| CVE-2022-35922 | 2022-08-01 | Memory allocation based on untrusted length in rust-websocket |
| CVE-2022-35920 | 2022-08-01 | Improper Limitation of a Pathname to a Restricted Directory in sanic |
| CVE-2022-35921 | 2022-08-01 | User preference to prevent private discussions not respected in fof/byobu |
| CVE-2022-37315 | 2022-08-01 | graphql-go (aka GraphQL for Go) through 0.8.0 has infinite recursion in the type definition parser. |
| CVE-2022-37035 | 2022-08-02 | An issue was discovered in bgpd in FRRouting (FRR) 8.3. In bgp_notify_send_with_data() and bgp_process_packet() in bgp_packet.c, there is a possible use-after-free due to a race condition. This could lead to... |
| CVE-2022-34945 | 2022-08-02 | Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the startDate parameter at getproductreport.php. |
| CVE-2022-34946 | 2022-08-02 | Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the startDate parameter at getexpproduct.php. |
| CVE-2022-34947 | 2022-08-02 | Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at editcategory.php. |
| CVE-2022-34948 | 2022-08-02 | Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at editbrand.php. |
| CVE-2022-34949 | 2022-08-02 | Pharmacy Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities via the email or password parameter at login.php. |
| CVE-2022-34950 | 2022-08-02 | Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at editproduct.php. |
| CVE-2022-34951 | 2022-08-02 | Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the startDate parameter at getsalereport.php. |
| CVE-2022-34952 | 2022-08-02 | Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at edituser.php. |
| CVE-2022-34954 | 2022-08-02 | Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at invoiceprint.php. |
| CVE-2022-34955 | 2022-08-02 | Pligg CMS v2.0.2 was discovered to contain a time-based SQL injection vulnerability via the page_size parameter at load_data_for_topusers.php. |
| CVE-2022-35422 | 2022-08-02 | Web Based Quiz System v1.0 was discovered to contain a SQL injection vulnerability via the qid parameter at update.php. |
| CVE-2022-34953 | 2022-08-02 | Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the startDate parameter at getOrderReport.php. |
| CVE-2022-34956 | 2022-08-02 | Pligg CMS v2.0.2 was discovered to contain a time-based SQL injection vulnerability via the page_size parameter at load_data_for_groups.php. |
| CVE-2022-35421 | 2022-08-02 | Online Tours And Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the pname parameter at /admin/operations/packages.php. |
| CVE-2022-35217 | 2022-08-02 | NHI card’s web service component - Stack-based Buffer Overflow-1 |
| CVE-2021-23385 | 2022-08-02 | Open Redirect |
| CVE-2020-28453 | 2022-08-02 | Command Injection |
| CVE-2020-28451 | 2022-08-02 | Command Injection |
| CVE-2020-28437 | 2022-08-02 | Command Injection |
| CVE-2020-28434 | 2022-08-02 | Command Injection |
| CVE-2020-7795 | 2022-08-02 | Command Injection |
| CVE-2020-28433 | 2022-08-02 | Command Injection |
| CVE-2020-28425 | 2022-08-02 | Command Injection |
| CVE-2020-28424 | 2022-08-02 | Command Injection |
| CVE-2020-28423 | 2022-08-02 | Command Injection |
| CVE-2022-25867 | 2022-08-02 | NULL Pointer Dereference |
| CVE-2022-29154 | 2022-08-02 | An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent... |
| CVE-2022-34618 | 2022-08-02 | A stored cross-site scripting (XSS) vulnerability in Mealie 1.0.0beta3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the recipe description text field. |
| CVE-2022-34613 | 2022-08-02 | Mealie 1.0.0beta3 contains an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted file. |
| CVE-2022-34625 | 2022-08-02 | Mealie1.0.0beta3 was discovered to contain a Server-Side Template Injection vulnerability, which allows attackers to execute arbitrary code via a crafted Jinja2 template. |
| CVE-2022-35218 | 2022-08-02 | NHI card’s web service component - Heap-based Buffer Overflow |
| CVE-2022-35219 | 2022-08-02 | NHI card’s web service component - Stack-based Buffer Overflow-2 |
| CVE-2022-35220 | 2022-08-02 | TEAMPLUS TECHNOLOGY INC. Teamplus Pro - Allocation of Resources Without Limits or Throttling-1 |
| CVE-2022-35221 | 2022-08-02 | TEAMPLUS TECHNOLOGY INC. Teamplus Pro - Allocation of Resources Without Limits or Throttling-2 |
| CVE-2022-35222 | 2022-08-02 | HiCOS Citizen verification component - Stack Buffer Overflow |
| CVE-2022-35223 | 2022-08-02 | EasyUse MailHunter Ultimate - Deserialization of Untrusted Data |
| CVE-2022-1293 | 2022-08-02 | XSS vulnerability in Citadel |
| CVE-2022-23733 | 2022-08-02 | Stored XSS vulnerability in GitHub Enterprise Server leading to injection of arbitrary attributes |
| CVE-2022-2631 | 2022-08-02 | Improper Access Control in tooljet/tooljet |
| CVE-2022-30571 | 2022-08-02 | TIBCO iWay Service Manager Reflected Cross Site Scripting (XSS) Vulnerability |
| CVE-2022-30572 | 2022-08-02 | TIBCO iWay Service Manager Directory Traversal Vulnerability |
| CVE-2022-35924 | 2022-08-02 | Verification requests (magic link) sent to unwanted emails |
| CVE-2022-34924 | 2022-08-02 | Lanling OA Landray Office Automation (OA) internal patch number #133383/#137780 contains an arbitrary file read vulnerability via the component /sys/ui/extend/varkind/custom.jsp. |
| CVE-2022-35923 | 2022-08-02 | Inefficient Regular Expression Complexity in v8n |
| CVE-2022-35925 | 2022-08-02 | Missing rate limit in Authentication in bookwyrm |
| CVE-2022-29808 | 2022-08-02 | In Quest KACE Systems Management Appliance (SMA) through 12.0, predictable token generation occurs when appliance linking is enabled. |
| CVE-2022-30285 | 2022-08-02 | In Quest KACE Systems Management Appliance (SMA) through 12.0, a hash collision is possible during authentication. This may allow authentication with invalid credentials. |
| CVE-2022-29807 | 2022-08-02 | A SQL injection vulnerability exists within Quest KACE Systems Management Appliance (SMA) through 12.0 that can allow for remote code execution via download_agent_installer.php. |
| CVE-2022-34619 | 2022-08-02 | A stored cross-site scripting (XSS) vulnerability in Mealie v0.5.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Shopping Lists item names text... |
| CVE-2022-36967 | 2022-08-02 | In Progress WS_FTP Server prior to version 8.7.3, multiple reflected cross-site scripting (XSS) vulnerabilities exist in the administrative web interface. It is possible for a remote attacker to inject arbitrary... |
| CVE-2022-36968 | 2022-08-02 | In Progress WS_FTP Server prior to version 8.7.3, forms within the administrative interface did not include a nonce to mitigate the risk of cross-site request forgery (CSRF) attacks. |
| CVE-2022-33917 | 2022-08-02 | An issue was discovered in the Arm Mali GPU Kernel Driver (Valhall r29p0 through r38p0). A non-privileged user can make improper GPU processing operations to gain access to already freed... |
| CVE-2022-32292 | 2022-08-03 | In ConnMan through 1.41, remote attackers able to send HTTP requests to the gweb component are able to exploit a heap-based buffer overflow in received_data to execute code. |
| CVE-2022-32293 | 2022-08-03 | In ConnMan through 1.41, a man-in-the-middle attack against a WISPR HTTP query could be used to trigger a use-after-free in WISPR handling, leading to crashes or code execution. |
| CVE-2022-35737 | 2022-08-03 | SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API. |
| CVE-2022-35866 | 2022-08-03 | This vulnerability allows remote attackers to bypass authentication on affected installations of Vinchin Backup and Recovery 6.5.0.17561. Authentication is not required to exploit this vulnerability. The specific flaw exists within... |
| CVE-2022-31197 | 2022-08-03 | SQL Injection in ResultSet.refreshRow() with malicious column names in pgjdbc |
| CVE-2022-36359 | 2022-08-03 | An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.0.7. An application is vulnerable to a reflected file download (RFD) attack that... |
| CVE-2022-36197 | 2022-08-03 | BigTree CMS 4.4.16 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted PDF file. |
| CVE-2022-34927 | 2022-08-03 | MilkyTracker v1.03.00 was discovered to contain a stack overflow via the component LoaderXM::load. This vulnerability is triggered when the program is supplied a crafted XM module file. |
| CVE-2022-34928 | 2022-08-03 | JFinal CMS v5.1.0 was discovered to contain a SQL injection vulnerability via /system/user. |
| CVE-2022-34937 | 2022-08-03 | Yuba u5cms v8.3.5 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component savepage.php. This vulnerability allows attackers to execute arbitrary code. |
| CVE-2022-34967 | 2022-08-03 | The assertion `stmt->Dbc->FirstStmt' failed in MonetDB Database Server v11.43.13. |
| CVE-2022-34969 | 2022-08-03 | PingCAP TiDB v6.1.0 was discovered to contain a NULL pointer dereference. |
| CVE-2022-34968 | 2022-08-03 | An issue in the fetch_step function in Percona Server for MySQL v8.0.28-19 allows attackers to cause a Denial of Service (DoS) via a SQL query. |
| CVE-2022-27616 | 2022-08-03 | Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 7.0.1-42218-3 allows remote authenticated users to execute... |
| CVE-2022-27617 | 2022-08-03 | Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Calendar before 2.3.4-0631 allows remote authenticated users to download arbitrary files via unspecified... |
| CVE-2022-27618 | 2022-08-03 | Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Storage Analyzer before 2.1.0-0390 allows remote authenticated users to delete arbitrary files via... |
| CVE-2022-36800 | 2022-08-03 | Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers without the "Browse Users" permission to view groups via an Information Disclosure vulnerability in the browsegroups.action... |
| CVE-2022-27619 | 2022-08-03 | Cleartext transmission of sensitive information vulnerability in authentication management in Synology Note Station Client before 2.2.2-609 allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors. |
| CVE-2022-27620 | 2022-08-03 | Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology SSO Server before 2.2.3-0331 allows remote authenticated users to read arbitrary files via... |
| CVE-2022-27621 | 2022-08-03 | Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology USB Copy before 2.2.0-1086 allows remote authenticated users to read or write arbitrary... |
| CVE-2022-37394 | 2022-08-03 | An issue was discovered in OpenStack Nova before 23.2.2, 24.x before 24.1.2, and 25.x before 25.0.2. By creating a neutron port with the direct vnic_type, creating an instance bound to... |
| CVE-2022-27484 | 2022-08-03 | A unverified password change in Fortinet FortiADC version 6.2.0 through 6.2.3, 6.1.x, 6.0.x, 5.x.x allows an authenticated attacker to bypass the Old Password check in the password change form via... |
| CVE-2022-23442 | 2022-08-03 | An improper access control vulnerability [CWE-284] in FortiOS versions 6.2.0 through 6.2.11, 6.4.0 through 6.4.8 and 7.0.0 through 7.0.5 may allow an authenticated attacker with a restricted user profile to... |
| CVE-2022-34974 | 2022-08-03 | D-Link DIR810LA1_FW102B22 was discovered to contain a command injection vulnerability via the Ping_addr function. |
| CVE-2022-35619 | 2022-08-03 | D-LINK DIR-818LW A1:DIR818L_FW105b01 was discovered to contain a remote code execution (RCE) vulnerability via the function ssdpcgi_main. |
| CVE-2022-35620 | 2022-08-03 | D-LINK DIR-818LW A1:DIR818L_FW105b01 was discovered to contain a remote code execution (RCE) vulnerability via the function binary.soapcgi_main. |
| CVE-2022-34973 | 2022-08-03 | D-Link DIR820LA1_FW106B02 was discovered to contain a buffer overflow via the nextPage parameter at ping.ccp. |
| CVE-2022-28668 | 2022-08-03 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro 11.9.2. User interaction is required to exploit this vulnerability in that the target... |
| CVE-2022-28684 | 2022-08-03 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of DevExpress. Authentication is required to exploit this vulnerability. The specific flaw exists within the SafeBinaryFormatter library. The... |
| CVE-2022-2272 | 2022-08-03 | This vulnerability allows remote attackers to bypass authentication on affected installations of Sante PACS Server 3.0.4. Authentication is not required to exploit this vulnerability. The specific flaw exists within the... |
| CVE-2022-34871 | 2022-08-03 | This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the configuration of poller resources.... |
| CVE-2022-34872 | 2022-08-03 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of Virtual... |
| CVE-2022-35864 | 2022-08-03 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of BMC Track-It! 20.21.02.109. Authentication is required to exploit this vulnerability. The specific flaw exists within the GetPopupSubQueryDetails... |
| CVE-2022-35865 | 2022-08-03 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of BMC Track-It! 20.21.2.109. Authentication is not required to exploit this vulnerability. The specific flaw exists within the... |
| CVE-2022-35867 | 2022-08-03 | This vulnerability allows local attackers to escalate privileges on affected installations of xhyve. An attacker must first obtain the ability to execute high-privileged code on the target guest system in... |
| CVE-2022-37396 | 2022-08-03 | In JetBrains Rider before 2022.2 Trust and Open Project dialog could be bypassed, leading to local code execution |
| CVE-2022-34992 | 2022-08-03 | Luadec v0.9.9 was discovered to contain a heap-buffer overflow via the function UnsetPending. |