CVE List - 2022 / September
Showing 901 - 1000 of 2148 CVEs for September 2022 (Page 10 of 22)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-3222 | 2022-09-15 | Uncontrolled Recursion in gpac/gpac |
| CVE-2022-38334 | 2022-09-15 | XPDF v4.04 and earlier was discovered to contain a stack overflow via the function Catalog::countPageTree() at Catalog.cc. |
| CVE-2022-38850 | 2022-09-15 | The MPlayer Project mencoder SVN-r38374-13.0.1 is vulnerable to Divide By Zero via the function config () of llibmpcodecs/vf_scale.c. |
| CVE-2022-38851 | 2022-09-15 | Certain The MPlayer Project products are vulnerable to Out-of-bounds Read via function read_meta_record() of mplayer/libmpdemux/asfheader.c. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1. |
| CVE-2022-38855 | 2022-09-15 | Certain The MPlayer Project products are vulnerable to Buffer Overflow via function gen_sh_video () of mplayer/libmpdemux/demux_mov.c. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1. |
| CVE-2022-38858 | 2022-09-15 | Certain The MPlayer Project products are vulnerable to Buffer Overflow via function mov_build_index() of libmpdemux/demux_mov.c. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1. |
| CVE-2022-38860 | 2022-09-15 | Certain The MPlayer Project products are vulnerable to Divide By Zero via function demux_open_avi() of libmpdemux/demux_avi.c which affects mencoder. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1. |
| CVE-2022-38861 | 2022-09-15 | The MPlayer Project mplayer SVN-r38374-13.0.1 is vulnerable to memory corruption via function free_mp_image() of libmpcodecs/mp_image.c. |
| CVE-2022-38863 | 2022-09-15 | Certain The MPlayer Project products are vulnerable to Buffer Overflow via function mp_getbits() of libmpdemux/mpeg_hdr.c which affects mencoder and mplayer. This affects mecoder SVN-r38374-13.0.1 and mplayer SVN-r38374-13.0.1. |
| CVE-2022-38864 | 2022-09-15 | Certain The MPlayer Project products are vulnerable to Buffer Overflow via the function mp_unescape03() of libmpdemux/mpeg_hdr.c. This affects mencoder SVN-r38374-13.0.1 and mplayer SVN-r38374-13.0.1. |
| CVE-2022-38865 | 2022-09-15 | Certain The MPlayer Project products are vulnerable to Divide By Zero via the function demux_avi_read_packet of libmpdemux/demux_avi.c. This affects mplyer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1. |
| CVE-2022-38866 | 2022-09-15 | Certain The MPlayer Project products are vulnerable to Buffer Overflow via read_avi_header() of libmpdemux/aviheader.c . This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1. |
| CVE-2022-39209 | 2022-09-15 | Uncontrolled Resource Consumption in cmark-gfm |
| CVE-2022-38323 | 2022-09-15 | Event Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /Royal_Event/update_image.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. |
| CVE-2022-38352 | 2022-09-15 | ThinkPHP v6.0.13 was discovered to contain a deserialization vulnerability via the component League\Flysystem\Cached\Storage\Psr6Cache. This vulnerability allows attackers to execute arbitrary code via a crafted payload. |
| CVE-2022-38594 | 2022-09-15 | Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edit_visitor.php. |
| CVE-2022-38595 | 2022-09-15 | Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edit_user.php. |
| CVE-2022-40737 | 2022-09-15 | An issue was discovered in Bento4 through 1.6.0-639. A buffer over-read exists in the function AP4_StdcFileByteStream::WritePartial located in System/StdC/Ap4StdCFileByteStream.cpp, called from AP4_ByteStream::Write and AP4_HdlrAtom::WriteFields. |
| CVE-2022-40736 | 2022-09-15 | An issue was discovered in Bento4 1.6.0-639. There ie excessive memory consumption in AP4_CttsAtom::Create in Core/Ap4CttsAtom.cpp. |
| CVE-2022-40738 | 2022-09-15 | An issue was discovered in Bento4 through 1.6.0-639. A NULL pointer dereference occurs in AP4_DescriptorListWriter::Action in Core/Ap4Descriptor.h, called from AP4_EsDescriptor::WriteFields and AP4_Expandable::Write. |
| CVE-2022-31735 | 2022-09-15 | OpenAM Consortium Edition version 14.0.0 provided by OpenAM Consortium contains an open redirect vulnerability (CWE-601). When accessing an affected server through some specially crafted URL, the user may be redirected... |
| CVE-2022-3221 | 2022-09-15 | Cross-Site Request Forgery (CSRF) in ikus060/rdiffweb |
| CVE-2022-3224 | 2022-09-15 | Misinterpretation of Input in ionicabizau/parse-url |
| CVE-2022-38789 | 2022-09-15 | An issue was discovered in Airties Smart Wi-Fi before 2020-08-04. It allows attackers to change the main/guest SSID and the PSK to arbitrary values, and map the LAN, because of... |
| CVE-2022-38788 | 2022-09-15 | An issue was discovered in Nokia FastMile 5G Receiver 5G14-B 1.2104.00.0281. Bluetooth on the Nokia ODU uses outdated pairing mechanisms, allowing an attacker to passively intercept a paring handshake and... |
| CVE-2022-37266 | 2022-09-15 | Prototype pollution vulnerability in function extend in babel.js in stealjs steal 2.2.4 via the key variable in babel.js. |
| CVE-2022-37257 | 2022-09-15 | Prototype pollution vulnerability in function convertLater in npm-convert.js in stealjs steal 2.2.4 via the requestedVersion variable in npm-convert.js. |
| CVE-2021-44076 | 2022-09-15 | An issue was discovered in CrushFTP 9. The creation of a new user through the /WebInterface/UserManager/ interface allows an attacker, with access to the administration panel, to perform Stored Cross-Site... |
| CVE-2022-2471 | 2022-09-15 | Stack-Based Buffer Overflow Vulnerability in the EZVIZ Motion Detection component |
| CVE-2022-2472 | 2022-09-15 | Improper Initialization vulnerability in local server authentication logic |
| CVE-2022-3211 | 2022-09-15 | Cross-site Scripting (XSS) - Stored in pimcore/pimcore |
| CVE-2022-40306 | 2022-09-15 | The login form /Login in ECi Printanista Hub (formerly FMAudit Printscout) before 5.5.2 (July 2023) performs expensive RSA key-generation operations, which allows attackers to cause a denial of service (DoS)... |
| CVE-2022-29649 | 2022-09-15 | Qsmart Next v4.1.2 was discovered to contain a cross-site scripting (XSS) vulnerability. |
| CVE-2022-37207 | 2022-09-15 | JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting... |
| CVE-2022-38862 | 2022-09-15 | Certain The MPlayer Project products are vulnerable to Buffer Overflow via function play() of libaf/af.c:639. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1. |
| CVE-2022-3001 | 2022-09-15 | Vulnerability in Milesight Video Management Systems (VMS) |
| CVE-2022-38856 | 2022-09-15 | Certain The MPlayer Project products are vulnerable to Buffer Overflow via function mov_build_index() of libmpdemux/demux_mov.c. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1. |
| CVE-2022-38853 | 2022-09-15 | Certain The MPlayer Project products are vulnerable to Buffer Overflow via function asf_init_audio_stream() of libmpdemux/asfheader.c. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1. |
| CVE-2022-37201 | 2022-09-15 | JFinal CMS 5.1.0 is vulnerable to SQL Injection. |
| CVE-2022-38600 | 2022-09-15 | Mplayer SVN-r38374-13.0.1 is vulnerable to Memory Leak via vf.c and vf_vo.c. |
| CVE-2022-40636 | 2022-09-15 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2022-40637 | 2022-09-15 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2022-40638 | 2022-09-15 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2022-40639 | 2022-09-15 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2022-40640 | 2022-09-15 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2022-40641 | 2022-09-15 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2022-40642 | 2022-09-15 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2022-40643 | 2022-09-15 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2022-40644 | 2022-09-15 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2022-40645 | 2022-09-15 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2022-40646 | 2022-09-15 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2022-40647 | 2022-09-15 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2022-40648 | 2022-09-15 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2022-40649 | 2022-09-15 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2022-40650 | 2022-09-15 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2022-40651 | 2022-09-15 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2022-40652 | 2022-09-15 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2022-40653 | 2022-09-15 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2022-40654 | 2022-09-15 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2022-40656 | 2022-09-15 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer 13.2.0.21165. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2022-40655 | 2022-09-15 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer 1.2100.1483.0. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2022-40657 | 2022-09-15 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer 1.2100.1483.0. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2022-40658 | 2022-09-15 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer 1.2100.1483.0. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2022-40659 | 2022-09-15 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer 1.2100.1483.0. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2022-40660 | 2022-09-15 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer 1.2100.1483.0. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2022-40661 | 2022-09-15 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer 1.2100.1483.0. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2022-40662 | 2022-09-15 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer 1.2100.1483.0. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2022-40663 | 2022-09-15 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer 1.2100.1483.0. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2022-38890 | 2022-09-15 | Nginx NJS v0.7.7 was discovered to contain a segmentation violation via njs_utf8_next at src/njs_utf8.h |
| CVE-2022-37262 | 2022-09-15 | A Regular Expression Denial of Service (ReDoS) flaw was found in stealjs steal 2.2.4 via the source and sourceWithComments variable in main.js. |
| CVE-2022-37264 | 2022-09-15 | Prototype pollution vulnerability in stealjs steal 2.2.4 via the optionName variable in main.js. |
| CVE-2022-1798 | 2022-09-15 | Path Traversal vulnerability in Kubevirt |
| CVE-2022-37861 | 2022-09-15 | There is a remote code execution (RCE) vulnerability in Tenhot TWS-100 V4.0-201809201424 router device. It is necessary to know that the device account password is allowed to escape the execution... |
| CVE-2022-38534 | 2022-09-15 | TOTOLINK-720R v4.1.5cu.374 was discovered to contain a remote code execution (RCE) vulnerability via the setdiagnosicfg function. |
| CVE-2022-38535 | 2022-09-15 | TOTOLINK-720R v4.1.5cu.374 was discovered to contain a remote code execution (RCE) vulnerability via the setTracerouteCfg function. |
| CVE-2022-37260 | 2022-09-15 | A Regular Expression Denial of Service (ReDoS) flaw was found in stealjs steal 2.2.4 via the input variable in main.js. |
| CVE-2022-38325 | 2022-09-15 | Tenda AC15 WiFi Router V15.03.05.19_multi and AC18 WiFi Router V15.03.05.19_multi were discovered to contain a buffer overflow via the filePath parameter at /goform/expandDlnaFile. |
| CVE-2022-38326 | 2022-09-15 | Tenda AC15 WiFi Router V15.03.05.19_multi and AC18 WiFi Router V15.03.05.19_multi were discovered to contain a buffer overflow via the page parameter at /goform/NatStaticSetting. |
| CVE-2022-38814 | 2022-09-15 | A stored cross-site scripting (XSS) vulnerability in the auth_settings component of FiberHome AN5506-02-B vRP2521 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the... |
| CVE-2022-29240 | 2022-09-15 | Uninitialized memory read in LZ4 decompression leads to authentication bypass in Scylla |
| CVE-2022-39215 | 2022-09-15 | The readDir Endpoint Scope can be Bypassed With Symbolic Links in Tauri |
| CVE-2022-39213 | 2022-09-15 | Out-of-bounds Read in go-cvss |
| CVE-2022-36075 | 2022-09-15 | File list exposure in Nextcloud Files Access Control |
| CVE-2022-27561 | 2022-09-15 | HCL Traveler is susceptible to a Reflected Cross-Site Scripting vulnerability in the web admin (LotusTraveler.nsf) |
| CVE-2022-36074 | 2022-09-15 | Authentication headers exposed on by Nextcloud Server |
| CVE-2021-40017 | 2022-09-16 | The HW_KEYMASTER module lacks the validity check of the key format. Successful exploitation of this vulnerability may result in out-of-bounds memory access. |
| CVE-2022-2863 | 2022-09-16 | WPvivid Backup < 0.9.76 - Admin+ Arbitrary File Read |
| CVE-2022-36534 | 2022-09-16 | Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x and below was discovered to contain multiple remote code execution (RCE) vulnerabilities via the Job_ExecuteBefore and Job_ExecuteAfter parameters... |
| CVE-2022-39002 | 2022-09-16 | Double free vulnerability in the storage module. Successful exploitation of this vulnerability will cause the memory to be freed twice. |
| CVE-2022-40149 | 2022-09-16 | Stack Buffer Overflow in Jettison |
| CVE-2022-40150 | 2022-09-16 | Stack Buffer Overflow in Jettison |
| CVE-2022-26959 | 2022-09-16 | There are two full (read/write) Blind/Time-based SQL injection vulnerabilities in the Northstar Club Management version 6.3 application. The vulnerabilities exist in the userName parameter of the processlogin.jsp page in the... |
| CVE-2022-34002 | 2022-09-16 | The ‘document’ parameter of PDS Vista 7’s /application/documents/display.aspx page is vulnerable to a Local File Inclusion vulnerability which allows an low-privileged authenticated attacker to leak the configuration files and source... |
| CVE-2022-35415 | 2022-09-16 | An improper input validation in NI System Configuration Manager before 22.5 may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2022-36532 | 2022-09-16 | Bolt CMS contains a vulnerability in version 5.1.12 and below that allows an authenticated user with the ROLE_EDITOR privileges to upload and rename a malicious file to achieve remote code... |
| CVE-2022-36533 | 2022-09-16 | Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x and below was discovered to contain a cross-site scripting (XSS) vulnerability. |
| CVE-2022-36536 | 2022-09-16 | An issue in the component post_applogin.php of Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x and below allows attackers to escalate privileges via creating crafted session... |
| CVE-2020-23550 | 2022-09-16 | IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e82. |
| CVE-2020-23551 | 2022-09-16 | IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e30. |
| CVE-2020-23552 | 2022-09-16 | IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e62. |