CVE List - 2022 / August
Showing 201 - 300 of 2306 CVEs for August 2022 (Page 3 of 24)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-31175 | 2022-08-03 | Cross-site scripting caused by the editor instance destroying process in ckeditor5 |
| CVE-2022-35928 | 2022-08-03 | AES Crypt for Linux Password Security Vulnerability |
| CVE-2022-27551 | 2022-08-03 | HCL Launch could allow an authenticated user to obtain sensitive information (CVE-2022-27551) |
| CVE-2022-35158 | 2022-08-03 | A vulnerability in the lua parser of TscanCode tsclua v2.15.01 allows attackers to cause a Denial of Service (DoS) via a crafted lua script. |
| CVE-2022-35161 | 2022-08-03 | GVRET Stable Release as of Aug 15, 2015 was discovered to contain a buffer overflow via the handleConfigCmd function at SerialConsole.cpp. |
| CVE-2022-35505 | 2022-08-03 | A segmentation fault in TripleCross v0.1.0 occurs when sending a control command from the client to the server. This occurs because there is no limit to the length of the... |
| CVE-2022-35506 | 2022-08-03 | TripleCross v0.1.0 was discovered to contain a stack overflow which occurs because there is no limit to the length of program parameters. |
| CVE-2022-27166 | 2022-08-04 | XSS vulnerability on XHRHtml2Markup.jsp in JSPWiki 2.11.2 |
| CVE-2022-28730 | 2022-08-04 | Apache JSPWiki Cross-site scripting vulnerability on AJAXPreview.jsp |
| CVE-2022-28731 | 2022-08-04 | Apache JSPWiki CSRF in UserPreferences.jsp |
| CVE-2022-28732 | 2022-08-04 | Apache JSPWiki Cross-site scripting vulnerability on WeblogPlugin |
| CVE-2022-34158 | 2022-08-04 | User Group Privilege Escalation |
| CVE-2022-2643 | 2022-08-04 | SourceCodester Online Admission System POST Parameter sql injection |
| CVE-2022-2644 | 2022-08-04 | SourceCodester Online Admission System GET Parameter sql injection |
| CVE-2022-2645 | 2022-08-04 | SourceCodester Garage Management System edituser.php cross site scripting |
| CVE-2022-2646 | 2022-08-04 | SourceCodester Online Admission System index.php cross site scripting |
| CVE-2022-2647 | 2022-08-04 | jeecg-boot unrestricted upload |
| CVE-2022-2648 | 2022-08-04 | SourceCodester Multi Language Hotel Management Software sql injection |
| CVE-2022-2651 | 2022-08-04 | Authentication Bypass by Primary Weakness in bookwyrm-social/bookwyrm |
| CVE-2022-32963 | 2022-08-04 | ITPison OMICARD EDM - Path Traversal-1 |
| CVE-2022-32964 | 2022-08-04 | ITPison OMICARD EDM - SQL Injection |
| CVE-2022-32965 | 2022-08-04 | ITPison OMICARD EDM - Use of Hard-coded Credentials |
| CVE-2022-35216 | 2022-08-04 | ITPison OMICARD EDM - Use of Hard-coded Credentials |
| CVE-2022-2653 | 2022-08-04 | Path Traversal in plankanban/planka |
| CVE-2022-2652 | 2022-08-04 | Use of Externally-Controlled Format String in umlaeute/v4l2loopback |
| CVE-2022-2656 | 2022-08-04 | SourceCodester Multi Language Hotel Management Software sql injection |
| CVE-2022-25168 | 2022-08-04 | Command injection in org.apache.hadoop.fs.FileUtil.unTarUsingTar |
| CVE-2022-31118 | 2022-08-04 | Missing brute force protection on cloud federation sharing in Nextcloud Server |
| CVE-2022-31120 | 2022-08-04 | Federated share accepting/declining is not logged in audit log in Nextcloud Server |
| CVE-2022-31132 | 2022-08-04 | Unauthenticated SSRF in 3rd party module "cerdic/csstidy" |
| CVE-2022-31119 | 2022-08-04 | Password disclosure in log file in Nextcloud Mail App |
| CVE-2022-30535 | 2022-08-04 | NGINX Ingress Controller vulnerability CVE-2022-30535 |
| CVE-2022-31473 | 2022-08-04 | BIG-IP APM Appliance mode vulnerability CVE-2022-31473 |
| CVE-2022-32455 | 2022-08-04 | TMM vulnerability CVE-2022-32455 |
| CVE-2022-33203 | 2022-08-04 | BIG-IP APM and F5 SSL Orchestrator vulnerability CVE-2022-33203 |
| CVE-2022-33947 | 2022-08-04 | BIG-IP DNS TMUI Vulnerability CVE-2022-33947 |
| CVE-2022-33962 | 2022-08-04 | BIG-IP iRule vulnerability CVE-2022-33962 |
| CVE-2022-33968 | 2022-08-04 | BIG-IP LTM and APM NTLM vulnerability CVE-2022-33968 |
| CVE-2022-34651 | 2022-08-04 | BIG-IP TLS 1.3 iRule vulnerability CVE-2022-34651 |
| CVE-2022-34655 | 2022-08-04 | TMM vulnerability CVE-2022-34655 |
| CVE-2022-34844 | 2022-08-04 | BIG-IP and BIG-IQ AWS vulnerability CVE-2022-34844 |
| CVE-2022-34851 | 2022-08-04 | BIG-IP and BIG-IQ iControl SOAP vulnerability CVE-2022-34851 |
| CVE-2022-34862 | 2022-08-04 | TMM vulnerability CVE-2022-34862 |
| CVE-2022-34865 | 2022-08-04 | Traffic intelligence feeds vulnerability CVE-2022-34865 |
| CVE-2022-35236 | 2022-08-04 | HTTP2 profile vulnerability CVE-2022-35236 |
| CVE-2022-35240 | 2022-08-04 | BIG-IP Message Routing MQTT vulnerability CVE-2022-35240 |
| CVE-2022-35241 | 2022-08-04 | NGINX Instance Manager vulnerability CVE-2022-35241 |
| CVE-2022-35243 | 2022-08-04 | Authenticated iControl REST in Appliance mode vulnerability CVE-2022-35243 |
| CVE-2022-35245 | 2022-08-04 | BIG-IP APM access policy vulnerability CVE-2022-35245 |
| CVE-2022-35272 | 2022-08-04 | BIG-IP HTTP MRF vulnerability CVE-2022-35272 |
| CVE-2022-35728 | 2022-08-04 | iControl REST vulnerability CVE-2022-35728 |
| CVE-2022-35735 | 2022-08-04 | BIG-IP monitor configuration vulnerability CVE-2022-35735 |
| CVE-2022-34970 | 2022-08-04 | Crow before 1.0+4 has a heap-based buffer overflow via the function qs_parse in query_string.h. On successful exploitation this vulnerability allows attackers to remotely execute arbitrary code in the context of... |
| CVE-2022-35929 | 2022-08-04 | False positive signature verification in cosign |
| CVE-2022-34993 | 2022-08-04 | Totolink A3600R_Firmware V4.1.2cu.5182_B20201102 contains a hard code password for root in /etc/shadow.sample. |
| CVE-2022-35144 | 2022-08-04 | Renato v0.17.0 was discovered to contain a cross-site scripting (XSS) vulnerability. |
| CVE-2022-35143 | 2022-08-04 | Renato v0.17.0 employs weak password complexity requirements, allowing attackers to crack user passwords via brute-force attacks. |
| CVE-2022-35142 | 2022-08-04 | An issue in Renato v0.17.0 allows attackers to cause a Denial of Service (DoS) via a crafted payload injected into the Search parameter. |
| CVE-2022-35858 | 2022-08-04 | The TEE_PopulateTransientObject and __utee_from_attr functions in Samsung mTower 0.3.0 allow a trusted application to trigger a memory overwrite, denial of service, and information disclosure by invoking the function TEE_PopulateTransientObject with... |
| CVE-2021-32771 | 2022-08-04 | Buffer overflow in contiki-ng |
| CVE-2022-35926 | 2022-08-04 | Out-of-bounds read in IPv6 neighbor solicitation in Contiki-NG |
| CVE-2022-35927 | 2022-08-04 | Unverified DIO prefix info lengths in RPL-Classic in Contiki-NG |
| CVE-2022-35930 | 2022-08-04 | Ability to bypass attestation verification in sigstore PolicyController |
| CVE-2022-31793 | 2022-08-04 | do_request in request.c in muhttpd before 1.1.7 allows remote attackers to read arbitrary files by constructing a URL with a single character before a desired path on the filesystem. This... |
| CVE-2022-37030 | 2022-08-04 | Weak permissions on the configuration file in the PAM module in Grommunio Gromox 0.5 through 1.x before 1.28 allow a local unprivileged user in the gromox group to have the... |
| CVE-2022-1012 | 2022-08-05 | A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an attacker to information... |
| CVE-2022-1158 | 2022-08-05 | A flaw was found in KVM. When updating a guest's page table entry, vm_pgoff was improperly used as the offset to get the page's pfn. As vaddr and vm_pgoff are... |
| CVE-2022-1973 | 2022-08-05 | A use-after-free flaw was found in the Linux kernel in log_replay in fs/ntfs3/fslog.c in the NTFS journal. This flaw allows a local attacker to crash the system and leads to... |
| CVE-2022-37434 | 2022-08-05 | zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected.... |
| CVE-2022-37415 | 2022-08-05 | The Uniwill SparkIO.sys driver 1.0 is vulnerable to a stack-based buffer overflow via IOCTL 0x40002008. |
| CVE-2022-37416 | 2022-08-05 | Ittiam libmpeg2 before 2022-07-27 uses memcpy with overlapping memory blocks in impeg2_mc_fullx_fully_8x8. |
| CVE-2022-21186 | 2022-08-05 | Arbitrary Command Injection |
| CVE-2022-37431 | 2022-08-05 | A Reflected Cross-site scripting (XSS) issue was discovered in dotCMS Core through 22.06. This occurs in the admin portal when the configuration has XSS_PROTECTION_ENABLED=false. NOTE: the vendor disputes this because... |
| CVE-2022-2626 | 2022-08-05 | Incorrect Privilege Assignment in hestiacp/hestiacp |
| CVE-2022-2636 | 2022-08-05 | Code Injection in hestiacp/hestiacp |
| CVE-2022-2664 | 2022-08-05 | Private Cloud Management Platform POST Request global_config_query improper authentication |
| CVE-2022-2665 | 2022-08-05 | SourceCodester Simple E-Learning System classroom.php sql injection |
| CVE-2022-2667 | 2022-08-05 | SourceCodester Loan Management System delete_lplan.php sql injection |
| CVE-2022-2671 | 2022-08-05 | SourceCodester Garage Management System removeUser.php sql injection |
| CVE-2022-2672 | 2022-08-05 | SourceCodester Garage Management System createUser.php sql injection |
| CVE-2022-2673 | 2022-08-05 | Rigatur Online Booking and Hotel Management System POST Request login.php sql injection |
| CVE-2022-2674 | 2022-08-05 | SourceCodester Best Fee Management System admin_class.php login sql injection |
| CVE-2022-35936 | 2022-08-05 | Ethermint DoS through Unintended Contract Selfdestruct |
| CVE-2022-31662 | 2022-08-05 | VMware Workspace ONE Access, Identity Manager, Connectors and vRealize Automation contain a path traversal vulnerability. A malicious actor with network access may be able to access arbitrary files. |
| CVE-2022-31660 | 2022-08-05 | VMware Workspace ONE Access, Identity Manager and vRealize Automation contains a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'. |
| CVE-2022-31665 | 2022-08-05 | VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution. |
| CVE-2022-31664 | 2022-08-05 | VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'. |
| CVE-2022-31663 | 2022-08-05 | VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a reflected cross-site scripting (XSS) vulnerability. Due to improper user input sanitization, a malicious actor with some user interaction may... |
| CVE-2022-31659 | 2022-08-05 | VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution. |
| CVE-2022-31661 | 2022-08-05 | VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two privilege escalation vulnerabilities. A malicious actor with local access can escalate privileges to 'root'. |
| CVE-2022-31658 | 2022-08-05 | VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution. |
| CVE-2022-31656 | 2022-08-05 | VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able... |
| CVE-2022-31657 | 2022-08-05 | VMware Workspace ONE Access and Identity Manager contain a URL injection vulnerability. A malicious actor with network access may be able to redirect an authenticated user to an arbitrary domain. |
| CVE-2022-25649 | 2022-08-05 | WordPress Affiliate For WooCommerce premium plugin <= 4.7.0 - Multiple Improper Access Control vulnerabilities |
| CVE-2022-36296 | 2022-08-05 | WordPress ActiveDEMAND plugin <= 0.2.27 - Broken Authentication vulnerability |
| CVE-2022-33201 | 2022-08-05 | WordPress MailerLite – Signup forms (official) plugin <= 1.5.7 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2021-36861 | 2022-08-05 | WordPress Rich Reviews by Starfish plugin <= 1.9.14 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-36284 | 2022-08-05 | WordPress Affiliate For WooCommerce premium plugin <= 4.7.0 - Authenticated IDOR vulnerability leading to PayPal email change |
| CVE-2022-2531 | 2022-08-05 | An issue has been discovered in GitLab EE affecting all versions starting from 12.5 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1.... |
| CVE-2022-2497 | 2022-08-05 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1.... |