CVE List - 2022 / August
Showing 2201 - 2300 of 2306 CVEs for August 2022 (Page 23 of 24)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-34368 | 2022-08-30 | Dell EMC NetWorker 19.2.1.x 19.3.x, 19.4.x, 19.5.x, 19.6.x and 19.7.0.0 contain an Improper Handling of Insufficient Permissions or Privileges vulnerability. Authenticated non admin user could exploit this vulnerability and gain... |
| CVE-2022-34374 | 2022-08-30 | Dell Container Storage Modules 1.2 contains an OS command injection in goiscsi and gobrick libraries. A remote authenticated malicious user with low privileges could exploit this vulnerability leading to to... |
| CVE-2022-34375 | 2022-08-30 | Dell Container Storage Modules 1.2 contains a path traversal vulnerability in goiscsi and gobrick libraries. A remote authenticated malicious user with low privileges could exploit this vulnerability leading to unintentional... |
| CVE-2022-3037 | 2022-08-30 | Use After Free in vim/vim |
| CVE-2022-36730 | 2022-08-30 | Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at /librarian/delete.php. |
| CVE-2022-36731 | 2022-08-30 | Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the RollNo parameter at /librarian/delstu.php. |
| CVE-2022-36732 | 2022-08-30 | Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /librarian/dele.php. |
| CVE-2022-36733 | 2022-08-30 | Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the M_Id parameter at /admin/del.php. |
| CVE-2022-36734 | 2022-08-30 | Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the RollNo parameter at /admin/delstu.php. |
| CVE-2022-36735 | 2022-08-30 | Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at /admin/delete.php. |
| CVE-2022-36657 | 2022-08-30 | Library Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /librarian/edit_book_details.php. |
| CVE-2022-27560 | 2022-08-30 | An insufficiently protected credential vulnerability affects HCL VersionVault Express |
| CVE-2022-27563 | 2022-08-30 | Overload/denial of service affects HCL VersionVault Express |
| CVE-2022-36745 | 2022-08-30 | LibreNMS v22.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component print-customoid.php. |
| CVE-2022-36746 | 2022-08-30 | LibreNMS v22.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component oxidized-cfg-check.inc.php. |
| CVE-2022-36747 | 2022-08-30 | Razor v0.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the function uploadchannel(). |
| CVE-2022-36748 | 2022-08-30 | PicUploader v2.6.3 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /master/index.php. |
| CVE-2022-36749 | 2022-08-30 | RPi-Jukebox-RFID v2.3.0 was discovered to contain a command injection vulnerability via the component /htdocs/utils/Files.php. This vulnerability is exploited via a crafted payload injected into the file name of an uploaded... |
| CVE-2022-1259 | 2022-08-31 | A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the server.... |
| CVE-2022-1319 | 2022-08-31 | A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss... |
| CVE-2022-1354 | 2022-08-31 | A heap buffer overflow flaw was found in Libtiffs' tiffinfo.c in TIFFReadRawDataStriped() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffinfo tool, triggering a... |
| CVE-2022-1355 | 2022-08-31 | A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffcp tool, triggering a... |
| CVE-2022-1552 | 2022-08-31 | A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX,... |
| CVE-2022-1976 | 2022-08-31 | A flaw was found in the Linux kernel’s implementation of IO-URING. This flaw allows an attacker with local executable permission to create a string of requests that can cause a... |
| CVE-2022-2153 | 2022-08-31 | A flaw was found in the Linux kernel’s KVM when attempting to set a SynIC IRQ. This issue makes it possible for a misbehaving VMM to write to SYNIC/STIMER MSRs,... |
| CVE-2022-2519 | 2022-08-31 | There is a double free or corruption in rotateImage() at tiffcrop.c:8839 found in libtiff 4.4.0rc1 |
| CVE-2022-2520 | 2022-08-31 | A flaw was found in libtiff 4.4.0rc1. There is a sysmalloc assertion fail in rotateImage() at tiffcrop.c:8621 that can cause program crash when reading a crafted input. |
| CVE-2022-2521 | 2022-08-31 | It was found in libtiff 4.4.0rc1 that there is an invalid pointer free operation in TIFFClose() at tif_close.c:131 called by tiffcrop.c:2522 that can cause a program crash and denial of... |
| CVE-2022-3028 | 2022-08-31 | A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker... |
| CVE-2022-36620 | 2022-08-31 | D-link DIR-816 A2_v1.10CNB04, DIR-878 DIR_878_FW1.30B08.img is vulnerable to Buffer Overflow via /goform/addRouting. |
| CVE-2022-37130 | 2022-08-31 | In D-Link DIR-816 A2_v1.10CNB04, DIR-878 DIR_878_FW1.30B08.img a command injection vulnerability occurs in /goform/Diagnosis, after the condition is met, setnum will be spliced into v10 by snprintf, and the system will... |
| CVE-2022-38152 | 2022-08-31 | An issue was discovered in wolfSSL before 5.5.0. When a TLS 1.3 client connects to a wolfSSL server and SSL_clear is called on its session, the server crashes with a... |
| CVE-2022-38153 | 2022-08-31 | An issue was discovered in wolfSSL before 5.5.0 (when --enable-session-ticket is used); however, only version 5.3.0 is exploitable. Man-in-the-middle attackers or a malicious server can crash TLS 1.2 clients during... |
| CVE-2022-39046 | 2022-08-31 | An issue was discovered in the GNU C Library (glibc) 2.36. When the syslog function is passed a crafted input string larger than 1024 bytes, it reads uninitialized memory from... |
| CVE-2022-39047 | 2022-08-31 | Freeciv before 2.6.7 and before 3.0.3 is prone to a buffer overflow vulnerability in the Modpack Installer utility's handling of the modpack URL. |
| CVE-2022-37021 | 2022-08-31 | Apache Geode deserialization of untrusted data flaw when using JMX over RMI on Java 8. |
| CVE-2022-37022 | 2022-08-31 | Apache Geode deserialization of untrusted data flaw when using JMX over RMI on Java 11 |
| CVE-2022-37023 | 2022-08-31 | Apache Geode deserialization of untrusted data flaw when using REST API on Java 8 or Java 11 |
| CVE-2022-27911 | 2022-08-31 | [20220801] - Core - Multiple Full Path Disclosures because of missing '_JEXEC or die check' |
| CVE-2022-36035 | 2022-08-31 | Flux CLI Workload Injection |
| CVE-2022-36045 | 2022-08-31 | Account takeover via cryptographically weak PRNG in NodeBB Forum |
| CVE-2022-30317 | 2022-08-31 | Honeywell Experion LX through 2022-05-06 has Missing Authentication for a Critical Function. According to FSCT-2022-0055, there is a Honeywell Experion LX Control Data Access (CDA) EpicMo protocol with unauthenticated functionality... |
| CVE-2022-2590 | 2022-08-31 | A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only shared memory mappings. This flaw allows an unprivileged, local... |
| CVE-2022-1888 | 2022-08-31 | Fuji Electric Alpha7 PC Loader Fuji Electric Alpha7 PC Loader |
| CVE-2022-1974 | 2022-08-31 | A use-after-free flaw was found in the Linux kernel's NFC core functionality due to a race condition between kobject creation and delete. This vulnerability allows a local attacker with CAP_NET_ADMIN... |
| CVE-2022-1975 | 2022-08-31 | There is a sleep-in-atomic bug in /net/nfc/netlink.c that allows an attacker to crash the Linux kernel by simulating a nfc device from user-space. |
| CVE-2022-2132 | 2022-08-31 | A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header... |
| CVE-2022-1205 | 2022-08-31 | A NULL pointer dereference flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local... |
| CVE-2022-1247 | 2022-08-31 | An issue found in linux-kernel that leads to a race condition in rose_connect(). The rose driver uses rose_neigh->use to represent how many objects are using the rose_neigh. When a user... |
| CVE-2022-1263 | 2022-08-31 | A NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled. This flaw allows an unprivileged local attacker on the host to issue... |
| CVE-2022-1325 | 2022-08-31 | A flaw was found in Clmg, where with the help of a maliciously crafted pandore or bmp file with modified dx and dy header field values it is possible to... |
| CVE-2022-1271 | 2022-08-31 | An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can... |
| CVE-2022-1508 | 2022-08-31 | An out-of-bounds read flaw was found in the Linux kernel’s io_uring module in the way a user triggers the io_read() function with some special parameters. This flaw allows a local... |
| CVE-2022-2466 | 2022-08-31 | It was found that Quarkus 2.10.x does not terminate HTTP requests header context which may lead to unpredictable behavior. |
| CVE-2022-2005 | 2022-08-31 | AutomationDirect C-more EA9 HMI Cleartext Transmission |
| CVE-2022-2006 | 2022-08-31 | AutomationDirect C-more EA9 HMI Uncontrolled Search Path Element |
| CVE-2022-1404 | 2022-08-31 | Delta Electronics CNCSoft Out-of-bounds Read |
| CVE-2022-1405 | 2022-08-31 | Delta Electronics CNCSoft Stack-based Buffer Overflow |
| CVE-2022-2758 | 2022-08-31 | Update |
| CVE-2020-35538 | 2022-08-31 | A crafted input file could cause a null pointer dereference in jcopy_sample_rows() when processed by libjpeg-turbo. |
| CVE-2022-2759 | 2022-08-31 | Delta Electronics Delta Robot Automation Studio (DRAS) versions prior to 1.13.20 are affected by improper restrictions where the software processes an XML document that can contain XML entities with URIs... |
| CVE-2022-30318 | 2022-08-31 | Honeywell ControlEdge through R151.1 uses Hard-coded Credentials. According to FSCT-2022-0056, there is a Honeywell ControlEdge hardcoded credentials issue. The affected components are characterized as: SSH. The potential impact is: Remote... |
| CVE-2022-37122 | 2022-08-31 | Carel pCOWeb HVAC BACnet Gateway 2.1.0, Firmware: A2.1.0 - B2.1.0, Application Software: 2.15.4A Software v16 13020200 suffers from an unauthenticated arbitrary file disclosure vulnerability. Input passed through the 'file' GET... |
| CVE-2022-26330 | 2022-08-31 | Potential vulnerability has been identified in Micro Focus ArcSight Logger. The vulnerability could be remotely exploited resulting in Information Disclosure. |
| CVE-2022-26331 | 2022-08-31 | Potential vulnerabilities have been identified in Micro Focus ArcSight Logger. The vulnerabilities could be remotely exploited resulting in Self Cross-Site Scripting (XSS). |
| CVE-2022-28625 | 2022-08-31 | A local disclosure of sensitive information vulnerability was discovered in HPE OneView version(s): Prior to 7.0 or 6.60.01. A low privileged user could locally exploit this vulnerability to disclose sensitive... |
| CVE-2022-2003 | 2022-08-31 | AutomationDirect DirectLOGIC with Serial Communication Cleartext Transmission |
| CVE-2022-2004 | 2022-08-31 | AutomationDirect DirectLOGIC with Ethernet Communication Uncontrolled Resource Consumption |
| CVE-2022-21941 | 2022-08-31 | iSTAR Ultra |
| CVE-2022-2485 | 2022-08-31 | AutomationDirect Stride Field I/O Cleartext Transmission of Sensitive Information |
| CVE-2022-2866 | 2022-08-31 | FATEK Automation FvDesigner Out-of-bounds Write |
| CVE-2022-2044 | 2022-08-31 | MOXA NPort 5110 Out-of-bounds Write |
| CVE-2022-2043 | 2022-08-31 | MOXA NPort 5110 Out-of-bounds Write |
| CVE-2022-37183 | 2022-08-31 | Piwigo 12.3.0 is vulnerable to Cross Site Scripting (XSS) via /search/1940/created-monthly-list. |
| CVE-2022-36566 | 2022-08-31 | Rengine v1.3.0 was discovered to contain a command injection vulnerability via the scan engine function. |
| CVE-2022-37184 | 2022-08-31 | The application manage_website.php on Garage Management System 1.0 is vulnerable to Shell File Upload. The already authenticated malicious user, can upload a dangerous RCE or LCE exploit file. |
| CVE-2022-38812 | 2022-08-31 | AeroCMS 0.1.1 is vulnerable to SQL Injection via the author parameter. |
| CVE-2022-37128 | 2022-08-31 | In D-Link DIR-816 A2_v1.10CNB04.img the network can be initialized without authentication via /goform/wizard_end. |
| CVE-2022-36046 | 2022-08-31 | Unexpected server crash in Next.js version 12.2.3 |
| CVE-2022-36568 | 2022-08-31 | Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the list parameter at /goform/setPptpUserList. |
| CVE-2022-36569 | 2022-08-31 | Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the deviceList parameter at /goform/setMacFilterCfg. |
| CVE-2022-36570 | 2022-08-31 | Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the time parameter at /goform/SetLEDCfg. |
| CVE-2022-36571 | 2022-08-31 | Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the mask parameter at /goform/WanParameterSetting. |
| CVE-2022-36048 | 2022-08-31 | IP address leak via image proxy bypass in Zulip Server |
| CVE-2022-1841 | 2022-08-31 | Out-of-bound write in tcp_flags |
| CVE-2022-36580 | 2022-08-31 | An arbitrary file upload vulnerability in the component /admin/products/controller.php?action=add of Online Ordering System v2.3.2 allows attackers to execute arbitrary code via a crafted PHP file. |
| CVE-2022-36581 | 2022-08-31 | Online Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via the user_email parameter at /admin/login.php. |
| CVE-2022-36582 | 2022-08-31 | An arbitrary file upload vulnerability in the component /php_action/createProduct.php of Garage Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. |
| CVE-2022-31233 | 2022-08-31 | Unisphere for PowerMax versions before 9.2.3.15 contain a privilege escalation vulnerability. An adjacent malicious user may potentially exploit this vulnerability to escalate their privileges and access functionalities they do not... |
| CVE-2022-34373 | 2022-08-31 | Dell Command | Integration Suite for System Center, versions prior to 6.2.0, contains arbitrary file write vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability in order to... |
| CVE-2022-34383 | 2022-08-31 | Dell Edge Gateway 5200 (EGW) versions before 1.03.10 contain an operating system command injection vulnerability. A local malicious user may potentially exploit this vulnerability by using an SMI to bypass... |
| CVE-2022-36203 | 2022-08-31 | Doctor's Appointment System 1.0 is vulnerable to Cross Site Scripting (XSS) via the admin panel. In addition, it leads to takeover the administrator account by stealing the cookie via XSS. |
| CVE-2022-36202 | 2022-08-31 | Doctor's Appointment System1.0 is vulnerable to Incorrect Access Control via edoc/patient/settings.php. The settings.php is affected by Broken Access Control (IDOR) via id= parameter. |
| CVE-2022-36201 | 2022-08-31 | Doctor’s Appointment System v1.0 is vulnerable to Blind SQLi via settings.php. |
| CVE-2022-2892 | 2022-08-31 | Measuresoft ScadaPro Server Out-of-bounds Write |
| CVE-2022-2895 | 2022-08-31 | Measuresoft ScadaPro Server Stack-based Buffer Overflow |
| CVE-2022-2897 | 2022-08-31 | Measuresoft ScadaPro Server and Client Link Following |
| CVE-2022-2894 | 2022-08-31 | Measuresoft ScadaPro Server Untrusted Pointer Dereference |
| CVE-2022-2896 | 2022-08-31 | Measuresoft ScadaPro Server Use After Free |
| CVE-2022-2898 | 2022-08-31 | Measuresoft ScadaPro Server and Client Link Following |