CVE List - 2022 / August
Showing 2101 - 2200 of 2306 CVEs for August 2022 (Page 22 of 24)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-36194 | 2022-08-29 | Centreon 22.04.0 is vulnerable to Cross Site Scripting (XSS) from the function Pollers > Broker Configuration by adding a crafted payload into the name parameter. |
| CVE-2022-37059 | 2022-08-29 | Cross Site Scripting (XSS) in Admin Panel of Subrion CMS 4.2.1 allows attacker to inject arbitrary code via Login Field |
| CVE-2022-37680 | 2022-08-29 | An improper authentication for critical function issue in Hitachi Kokusai Electric Network products for monitoring system (Camera, Decoder and Encoder) and bellow allows attckers to remotely reboot the device via... |
| CVE-2022-37681 | 2022-08-29 | Hitachi Kokusai Electric Newtork products for monitoring system (Camera, Decoder and Encoder) and below allows attckers to perform a directory traversal via a crafted GET request to the endpoint /ptippage.cgi.... |
| CVE-2022-36686 | 2022-08-29 | Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /admin/?page=reports/stockin&month=. |
| CVE-2022-36687 | 2022-08-29 | Ingredients Stock Management System v1.0 was discovered to contain an arbitrary file deletion vulnerability via the component /classes/Master.php?f=delete_img. |
| CVE-2022-36688 | 2022-08-29 | Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /admin/?page=reports/stockout&month=. |
| CVE-2022-36689 | 2022-08-29 | Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /admin/?page=reports/waste&month=. |
| CVE-2022-36690 | 2022-08-29 | Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=user/manage_user&id=. |
| CVE-2022-31677 | 2022-08-29 | An Insufficient Session Expiration issue was discovered in the Pinniped Supervisor (before v0.19.0). A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially use their access token to... |
| CVE-2022-0934 | 2022-08-29 | A single-byte, non-arbitrary write/use-after-free flaw was found in dnsmasq. This flaw allows an attacker who sends a crafted packet processed by dnsmasq, potentially causing a denial of service. |
| CVE-2022-0284 | 2022-08-29 | A heap-based-buffer-over-read flaw was found in ImageMagick's GetPixelAlpha() function of 'pixel-accessor.h'. This vulnerability is triggered when an attacker passes a specially crafted Tagged Image File Format (TIFF) image to convert... |
| CVE-2022-0400 | 2022-08-29 | An out-of-bounds read vulnerability was discovered in linux kernel in the smc protocol stack, causing remote dos. |
| CVE-2022-0480 | 2022-08-29 | A flaw was found in the filelock_init in fs/locks.c function in the Linux kernel. This issue can lead to host memory exhaustion due to memcg not limiting the number of... |
| CVE-2022-0485 | 2022-08-29 | A flaw was found in the copying tool `nbdcopy` of libnbd. When performing multi-threaded copies using asynchronous nbd calls, nbdcopy was blindly treating the completion of an asynchronous command as... |
| CVE-2022-0496 | 2022-08-29 | A vulnerbiility was found in Openscad, where a DXF-format drawing with particular (not necessarily malformed!) properties may cause an out-of-bounds memory access when imported using import(). |
| CVE-2022-0497 | 2022-08-29 | A vulnerbiility was found in Openscad, where a .scad file with no trailing newline could cause an out-of-bounds read during parsing of annotations. |
| CVE-2022-0669 | 2022-08-29 | A flaw was found in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are... |
| CVE-2022-0718 | 2022-08-29 | A flaw was found in python-oslo-utils. Due to improper parsing, passwords with a double quote ( " ) in them cause incorrect masking in debug logs, causing any part of... |
| CVE-2022-0850 | 2022-08-29 | A vulnerability was found in linux kernel, where an information leak occurs via ext4_extent_header to userspace. |
| CVE-2022-0851 | 2022-08-29 | There is a flaw in convert2rhel. When the --activationkey option is used with convert2rhel, the activation key is subsequently passed to subscription-manager via the command line, which could allow unauthorized... |
| CVE-2022-0852 | 2022-08-29 | There is a flaw in convert2rhel. convert2rhel passes the Red Hat account password to subscription-manager via the command line, which could allow unauthorized users locally on the machine to view... |
| CVE-2022-0367 | 2022-08-29 | A heap-based buffer overflow flaw was found in libmodbus in function modbus_reply() in src/modbus.c. |
| CVE-2022-0812 | 2022-08-29 | An information leak flaw was found in NFS over RDMA in the net/sunrpc/xprtrdma/rpc_rdma.c in the Linux Kernel. This flaw allows an attacker with normal user privileges to leak kernel information. |
| CVE-2022-1016 | 2022-08-29 | A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a... |
| CVE-2022-1115 | 2022-08-29 | A heap-buffer-overflow flaw was found in ImageMagick’s PushShortPixel() function of quantum-private.h file. This vulnerability is triggered when an attacker passes a specially crafted TIFF image file to ImageMagick for conversion,... |
| CVE-2022-1117 | 2022-08-29 | A vulnerability was found in fapolicyd. The vulnerability occurs due to an assumption on how glibc names the runtime linker, a build time regular expression may not correctly detect the... |
| CVE-2022-1198 | 2022-08-29 | A use-after-free vulnerabilitity was discovered in drivers/net/hamradio/6pack.c of linux that allows an attacker to crash linux kernel by simulating ax25 device using 6pack driver from user space. |
| CVE-2022-1204 | 2022-08-29 | A use-after-free flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to... |
| CVE-2022-36200 | 2022-08-29 | In FiberHome VDSL2 Modem HG150-Ub_V3.0, Credentials of Admin are submitted in URL, which can be logged/sniffed. |
| CVE-2022-1123 | 2022-08-29 | Leaflet Maps Marker < 3.12.5 - Admin+ SQLi |
| CVE-2022-1663 | 2022-08-29 | Stop Spam Comments <= 0.2.1.2 - Access Token Bypass |
| CVE-2022-2034 | 2022-08-29 | Sensei LMS < 4.5.0 - Unauthenticated Private Messages Disclosure via Rest API |
| CVE-2022-2080 | 2022-08-29 | Sensei LMS < 4.5.2 - Arbitrary Private Message Sending via IDOR |
| CVE-2022-35962 | 2022-08-29 | Crafted link in Zulip message can cause disclosure of credentials |
| CVE-2022-27546 | 2022-08-29 | HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability |
| CVE-2022-27547 | 2022-08-29 | HCL iNotes is susceptible to a link to non-existent domain vulnerability. |
| CVE-2022-27558 | 2022-08-29 | HCL iNotes is susceptible to a Broken Password Strength Checks vulnerability. |
| CVE-2022-36034 | 2022-08-29 | Possible Regular Expression Denial of Service (ReDoS) used on uncontrolled data in nitrado.js |
| CVE-2022-2261 | 2022-08-29 | WPide < 3.0 - Admin+ Local File Inclusion |
| CVE-2022-2267 | 2022-08-29 | MailChimp for Woocommerce < 2.7.1 - Subscriber+ SSRF |
| CVE-2022-2373 | 2022-08-29 | Simply Schedule Appointments < 1.5.7.7 - Unauthenticated Email Address Disclosure |
| CVE-2022-2374 | 2022-08-29 | Simply Schedule Appointments < 1.5.7.7 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-2537 | 2022-08-29 | WooCommerce PDF Invoices & Packing Slips < 3.0.1 - Reflected Cross-Site Scripting |
| CVE-2022-2538 | 2022-08-29 | WP Hide & Security Enhancer < 1.8 - Reflected Cross-Site Scripting |
| CVE-2022-2556 | 2022-08-29 | MailChimp for Woocommerce < 2.7.2 - Admin+ SSRF |
| CVE-2022-2559 | 2022-08-29 | Fluent Support < 1.5.8 - Admin+ SQLi |
| CVE-2022-2599 | 2022-08-29 | Anti-Malware Security and Brute-Force Firewall < 4.21.83 - Reflected Cross-Site Scripting |
| CVE-2022-2638 | 2022-08-29 | Export All URLs < 4.4 - Admin+ Arbitrary System File Removal |
| CVE-2022-36036 | 2022-08-29 | Improper Control of Generation of Code ('Code Injection') in mdx-mermaid |
| CVE-2022-36037 | 2022-08-29 | Cross-site scripting (XSS) from dynamic options in the multiselect field in Kirby |
| CVE-2022-3035 | 2022-08-29 | Cross-site Scripting (XSS) - Stored in snipe/snipe-it |
| CVE-2022-32993 | 2022-08-29 | TOTOLINK A7000R V4.1cu.4134 was discovered to contain an access control issue via /cgi-bin/ExportSettings.sh. |
| CVE-2022-38772 | 2022-08-29 | Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 125658, 126003, 126105, and 126120 allow authenticated users to make database changes that lead to... |
| CVE-2022-21385 | 2022-08-29 | A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) |
| CVE-2020-26938 | 2022-08-29 | In oauth2-server (aka node-oauth2-server) through 3.1.1, the value of the redirect_uri parameter received during the authorization and token request is checked against an incorrect URI pattern ("[a-zA-Z][a-zA-Z0-9+.-]+:") before making a... |
| CVE-2021-38934 | 2022-08-29 | IBM Engineering Test Management 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended... |
| CVE-2022-38625 | 2022-08-29 | Patlite NH-FB v1.46 and below was discovered to contain insufficient firmware validation during the upgrade firmware file upload process. This vulnerability allows authenticated attackers to create and upload their own... |
| CVE-2022-36553 | 2022-08-29 | Hytec Inter HWL-2511-SS v1.05 and below was discovered to contain a command injection vulnerability via the component /www/cgi-bin/popen.cgi. |
| CVE-2022-36554 | 2022-08-29 | A command injection vulnerability in the CLI (Command Line Interface) implementation of Hytec Inter HWL-2511-SS v1.05 and below allows attackers to execute arbitrary commands with root privileges. |
| CVE-2022-36555 | 2022-08-29 | Hytec Inter HWL-2511-SS v1.05 and below implements a SHA512crypt hash for the root account which can be easily cracked via a brute-force attack. |
| CVE-2022-36556 | 2022-08-29 | Seiko SkyBridge MB-A100/A110 v4.2.0 and below was discovered to contain a command injection vulnerability via the ipAddress parameter at 07system08execute_ping_01. |
| CVE-2022-36557 | 2022-08-29 | Seiko SkyBridge MB-A100/A110 v4.2.0 and below was discovered to contain an arbitrary file upload vulnerability via the restore backup function. This vulnerability allows attackers to execute arbitrary code via a... |
| CVE-2022-36558 | 2022-08-29 | Seiko SkyBridge MB-A100/A110 v4.2.0 and below implements a hard-coded passcode for the root account. Attackers are able to access the passcord via the file /etc/ciel.cfg. |
| CVE-2022-36559 | 2022-08-29 | Seiko SkyBridge MB-A200 v01.00.04 and below was discovered to contain a command injection vulnerability via the Ping parameter at ping_exec.cgi. |
| CVE-2022-36560 | 2022-08-29 | Seiko SkyBridge MB-A200 v01.00.04 and below was discovered to contain multiple hard-coded passcodes for root. Attackers are able to access the passcodes at /etc/srapi/config/system.conf and /usr/sbin/ssol-sshd.sh. |
| CVE-2022-36709 | 2022-08-29 | Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /staff/edit_book_details.php. |
| CVE-2022-36711 | 2022-08-29 | Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /staff/bookdetails.php. |
| CVE-2022-36712 | 2022-08-29 | Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /staff/studentdetails.php. |
| CVE-2022-36713 | 2022-08-29 | Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the Section parameter at /librarian/lab.php. |
| CVE-2022-36714 | 2022-08-29 | Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the Section parameter at /staff/lab.php. |
| CVE-2021-46837 | 2022-08-30 | res_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before 16.8-cert7, allows an attacker to trigger a crash by sending an m=image... |
| CVE-2022-39028 | 2022-08-30 | telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and derivative works has a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8. In a typical installation, the telnetd... |
| CVE-2022-38784 | 2022-08-30 | Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a... |
| CVE-2022-24107 | 2022-08-30 | Xpdf prior to 4.04 lacked an integer overflow check in JPXStream.cc. |
| CVE-2022-24106 | 2022-08-30 | In Xpdf prior to 4.04, the DCT (JPEG) decoder was incorrectly allowing the 'interleaved' flag to be changed after the first scan of the image, leading to an unknown integer-related... |
| CVE-2022-25635 | 2022-08-30 | Realtek Linux/Android Bluetooth Mesh SDK - Buffer Overflow |
| CVE-2022-26527 | 2022-08-30 | Realtek Linux/Android Bluetooth Mesh SDK - Buffer Overflow |
| CVE-2022-26528 | 2022-08-30 | Realtek Linux/Android Bluetooth Mesh SDK - Buffer Overflow |
| CVE-2022-26529 | 2022-08-30 | Realtek Linux/Android Bluetooth Mesh SDK - Buffer Overflow |
| CVE-2022-38116 | 2022-08-30 | Le-yan Co., Ltd. Personnel and Salary Management System - Hard-coded password |
| CVE-2022-38118 | 2022-08-30 | HGiga OAKlouds - SQL Injection |
| CVE-2022-25887 | 2022-08-30 | Regular Expression Denial of Service (ReDoS) |
| CVE-2022-25857 | 2022-08-30 | Denial of Service (DoS) |
| CVE-2022-25646 | 2022-08-30 | Cross-site Scripting (XSS) |
| CVE-2022-2330 | 2022-08-30 | XXE vulnerability in DLP Endpoint for Windows |
| CVE-2022-37149 | 2022-08-30 | WAVLINK WL-WN575A3 RPT75A3.V4300.201217 was discovered to contain a command injection vulnerability when operating the file adm.cgi. This vulnerability allows attackers to execute arbitrary commands via the username parameter. |
| CVE-2022-36552 | 2022-08-30 | Tenda AC6(AC1200) v5.0 Firmware v02.03.01.114 and below contains an issue in the component /cgi-bin/DownloadFlash which allows attackers to steal all data such as source code and system files via a... |
| CVE-2022-37176 | 2022-08-30 | Tenda AC6(AC1200) v5.0 Firmware v02.03.01.114 and below contains a vulnerability which allows attackers to remove the Wi-Fi password and force the device into open security mode via a crafted packet... |
| CVE-2022-37237 | 2022-08-30 | An attacker can send malicious RTMP requests to make the ZLMediaKit server crash remotely. Affected version is below commit 7d8b212a3c3368bc2f6507cb74664fc419eb9327. |
| CVE-2021-29864 | 2022-08-30 | IBM Security Identity Manager 6.0 and 6.0.2 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted... |
| CVE-2022-36561 | 2022-08-30 | XPDF v4.0.4 was discovered to contain a segmentation violation via the component /xpdf/AcroForm.cc:538. |
| CVE-2022-36562 | 2022-08-30 | Incorrect access control in the install directory (C:\Ruby31-x64) of Rubyinstaller2 v3.1.2 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory. |
| CVE-2022-36563 | 2022-08-30 | Incorrect access control in the install directory (C:\RailsInstaller) of Rubyinstaller2 v3.1.2 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory. |
| CVE-2022-36564 | 2022-08-30 | Incorrect access control in the install directory (C:\Strawberry) of StrawberryPerl v5.32.1.1 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory. |
| CVE-2022-36565 | 2022-08-30 | Incorrect access control in the install directory (C:\Wamp64) of Wamp v3.2.6 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory. |
| CVE-2022-37172 | 2022-08-30 | Incorrect access control in the install directory (C:\msys64) of Msys2 v20220603 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory. |
| CVE-2022-37173 | 2022-08-30 | An issue in the installer of gvim 9.0.0000 allows authenticated attackers to execute arbitrary code via a binary hijacking attack on C:\Program.exe. |
| CVE-2022-31232 | 2022-08-30 | SmartFabric storage software version 1.0.0 contains a Command-Injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access and perform actions on the affected system. |
| CVE-2022-33935 | 2022-08-30 | Dell EMC Data Protection Advisor versions 19.6 and earlier, contains a Stored Cross Site Scripting, an attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or... |