CVE List - 2022 / September
Showing 1001 - 1100 of 2148 CVEs for September 2022 (Page 11 of 22)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2020-23553 | 2022-09-16 | IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007d33. |
| CVE-2020-23554 | 2022-09-16 | IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e20. |
| CVE-2020-23555 | 2022-09-16 | IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e6e. |
| CVE-2020-23556 | 2022-09-16 | IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e28. |
| CVE-2020-23557 | 2022-09-16 | IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x000000000000755d. |
| CVE-2020-23558 | 2022-09-16 | IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x0000000000007f4b. |
| CVE-2020-23559 | 2022-09-16 | IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x0000000000007d7f. |
| CVE-2020-23560 | 2022-09-16 | IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x000000000001bcab. |
| CVE-2022-22066 | 2022-09-16 | Memory corruption occurs while processing command received from HLOS due to improper length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon... |
| CVE-2022-22074 | 2022-09-16 | Memory Corruption during wma file playback due to integer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon... |
| CVE-2022-22081 | 2022-09-16 | Memory corruption in audio module due to integer overflow in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Mobile, Snapdragon Wearables |
| CVE-2022-22089 | 2022-09-16 | Memory corruption in audio while playing record due to improper list handling in two threads in Snapdragon Connectivity, Snapdragon Mobile, Snapdragon Wearables |
| CVE-2022-22091 | 2022-09-16 | Improper authorization of a replayed LTE security mode command can lead to a denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon... |
| CVE-2022-22092 | 2022-09-16 | Memory corruption in kernel due to use after free issue in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile |
| CVE-2022-22093 | 2022-09-16 | Memory corruption or temporary denial of service due to improper handling of concurrent hypervisor operations to attach or detach IRQs from virtual interrupt sources in Snapdragon Compute, Snapdragon Connectivity, Snapdragon... |
| CVE-2022-22094 | 2022-09-16 | memory corruption in Kernel due to race condition while getting mapping reference in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile |
| CVE-2022-22095 | 2022-09-16 | Memory corruption in synx driver due to use-after-free condition in the synx driver due to accessing object handles without acquiring lock in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon... |
| CVE-2022-22105 | 2022-09-16 | Memory corruption in bluetooth due to integer overflow while processing HFP-UNIT profile in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Voice & Music |
| CVE-2022-25652 | 2022-09-16 | Cryptographic issues in BSP due to improper hash verification in Snapdragon Wired Infrastructure and Networking |
| CVE-2022-25653 | 2022-09-16 | Information disclosure in video due to buffer over-read while processing avi file in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables |
| CVE-2022-25654 | 2022-09-16 | Memory corruption in kernel due to improper input validation while processing ION commands in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables |
| CVE-2022-25656 | 2022-09-16 | Possible integer overflow and memory corruption due to improper validation of buffer size sent to write to console when computing the payload size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity,... |
| CVE-2022-25669 | 2022-09-16 | Denial of service in video due to buffer over read while parsing MP4 clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon... |
| CVE-2022-25670 | 2022-09-16 | Denial of service in WLAN HOST due to buffer over read while unpacking frames in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial... |
| CVE-2022-25686 | 2022-09-16 | Memory corruption in video module due to buffer overflow while processing WAV file in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables |
| CVE-2022-25688 | 2022-09-16 | Memory corruption in video due to buffer overflow while parsing ps video clips in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice... |
| CVE-2022-25690 | 2022-09-16 | Information disclosure in WLAN due to improper validation of array index while parsing crafted ANQP action frames in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer... |
| CVE-2022-25693 | 2022-09-16 | Memory corruption in graphics due to use-after-free while graphics profiling in Snapdragon Connectivity, Snapdragon Mobile |
| CVE-2022-25696 | 2022-09-16 | Memory corruption in display due to time-of-check time-of-use race condition during map or unmap in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables |
| CVE-2022-25706 | 2022-09-16 | Information disclosure in Bluetooth driver due to buffer over-read while reading l2cap length in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables |
| CVE-2022-25708 | 2022-09-16 | Memory corruption in WLAN due to buffer copy without checking size of input while parsing keys in Snapdragon Connectivity, Snapdragon Mobile |
| CVE-2022-1194 | 2022-09-16 | Mobile Events Manager < 1.4.8 - Admin+ CSV Injection |
| CVE-2022-2351 | 2022-09-16 | Post SMTP < 2.1.4 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-2575 | 2022-09-16 | WBW Currency Switcher for WooCommerce < 1.6.6 - Admin+ Stored XSS |
| CVE-2022-2635 | 2022-09-16 | Autoptimize < 3.1.1 - Admin+ Stored Cross Site Scripting |
| CVE-2022-2655 | 2022-09-16 | Classified Listing Pro < 2.0.20 - Reflected Cross-Site Scripting |
| CVE-2022-2654 | 2022-09-16 | Classima < 2.1.11 - Reflected Cross-Site Scripting |
| CVE-2022-2669 | 2022-09-16 | WP Taxonomy Import <= 1.0.4 - Reflected Cross-Site Scripting |
| CVE-2022-2737 | 2022-09-16 | WP STAGING < 2.9.18 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-2798 | 2022-09-16 | Affiliates Manager < 2.9.14 - Affiliate CSV Injection |
| CVE-2022-2799 | 2022-09-16 | Affiliates Manager < 2.9.14 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-2877 | 2022-09-16 | Titan Anti-spam & Security < 7.3.1 - Protection Bypass due to IP Spoofing |
| CVE-2022-2887 | 2022-09-16 | WP Server Health Stats < 1.7.0 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-2912 | 2022-09-16 | Craw Data <= 1.0.0 - Server Side Request Forgery |
| CVE-2022-2913 | 2022-09-16 | Login No Captcha reCAPTCHA < 1.7 - IP Check Bypass |
| CVE-2022-40151 | 2022-09-16 | Stack Buffer Overflow in xstream |
| CVE-2022-40152 | 2022-09-16 | Stack Buffer Overflow in Woodstox |
| CVE-2022-3223 | 2022-09-16 | Cross-site Scripting (XSS) - Stored in jgraph/drawio |
| CVE-2022-38846 | 2022-09-16 | EspoCRM version 7.1.8 is vulnerable to Missing Secure Flag allowing the browser to send plain text cookies over an insecure channel (HTTP). An attacker may capture the cookie from the... |
| CVE-2022-38845 | 2022-09-16 | Cross Site Scripting in Import feature in EspoCRM 7.1.8 allows remote users to run malicious JavaScript in victim s browser via sending crafted csv file containing malicious JavaScript to authenticated... |
| CVE-2022-38844 | 2022-09-16 | CSV Injection in Create Contacts in EspoCRM 7.1.8 allows remote authenticated users to run system commands via creating contacts with payloads capable of executing system commands. Admin user exporting contacts... |
| CVE-2022-38843 | 2022-09-16 | EspoCRM version 7.1.8 is vulnerable to Unrestricted File Upload allowing attackers to upload malicious file with any extension to the server. Attacker may execute these malicious files to run unintended... |
| CVE-2022-38808 | 2022-09-16 | ywoa v6.1 is vulnerable to SQL Injection via backend/oa/visual/exportExcel.do interface. |
| CVE-2022-3176 | 2022-09-16 | Use-after-free in io_uring in Linux Kernel |
| CVE-2022-38828 | 2022-09-16 | TOTOLINK T6 V4.1.5cu.709_B20210518 is vulnerable to command injection via cstecgi.cgi |
| CVE-2022-38827 | 2022-09-16 | TOTOLINK T6 V4.1.5cu.709_B20210518 is vulnerable to Buffer Overflow via cstecgi.cgi |
| CVE-2022-38826 | 2022-09-16 | In TOTOLINK T6 V4.1.5cu.709_B20210518, there is an execute arbitrary command in cstecgi.cgi. |
| CVE-2022-38823 | 2022-09-16 | In TOTOLINK T6 V4.1.5cu.709_B20210518, there is a hard coded password for root in /etc/shadow.sample. |
| CVE-2022-38831 | 2022-09-16 | Tenda RX9_Pro V22.03.02.10 is vulnerable to Buffer Overflow via httpd/SetNetControlList |
| CVE-2022-38830 | 2022-09-16 | Tenda RX9_Pro V22.03.02.10 is vulnerable to Buffer Overflow via httpd/setIPv6Status. |
| CVE-2022-38829 | 2022-09-16 | Tenda RX9_Pro V22.03.02.10 is vulnerable to Buffer Overflow via httpd/setMacFilterCfg. |
| CVE-2021-42949 | 2022-09-16 | The component controlla_login function in HotelDruid Hotel Management Software v3.0.3 generates a predictable session token, allowing attackers to bypass authentication via bruteforce attacks. |
| CVE-2022-38833 | 2022-09-16 | School Activity Updates with SMS Notification v1.0 is vulnerable to SQL Injection via /activity/admin/modules/modstudent/index.php?view=view&id=. |
| CVE-2022-38832 | 2022-09-16 | School Activity Updates with SMS Notification v1.0 is vulnerable to SQL Injection via /activity/admin/modules/department/index.php?view=edit&id=. |
| CVE-2022-37250 | 2022-09-16 | Craft CMS 4.2.0.1 suffers from Stored Cross Site Scripting (XSS) in /admin/myaccount. |
| CVE-2022-38878 | 2022-09-16 | School Activity Updates with SMS Notification v1.0 is vulnerable to SQL Injection via /activity/admin/modules/event/index.php?view=edit&id=. |
| CVE-2022-38877 | 2022-09-16 | Garage Management System v1.0 is vulnerable to Arbitrary code execution via ip/garage/php_action/editProductImage.php?id=1. |
| CVE-2022-37248 | 2022-09-16 | Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via src/helpers/Cp.php. |
| CVE-2021-42948 | 2022-09-16 | HotelDruid Hotel Management Software v3.0.3 and below was discovered to have exposed session tokens in multiple links via GET parameters, allowing attackers to access user session id's. |
| CVE-2022-40337 | 2022-09-16 | OASES (aka Open Aviation Strategic Engineering System) 8.8.0.2 allows attackers to execute arbitrary code via the Open Print Folder menu. |
| CVE-2022-35195 | 2022-09-16 | TestLink 1.9.20 Raijin was discovered to contain a broken access control vulnerability at /lib/attachments/attachmentdownload.php |
| CVE-2022-35193 | 2022-09-16 | TestLink v1.9.20 was discovered to contain a SQL injection vulnerability via /lib/execute/execNavigator.php. |
| CVE-2022-36402 | 2022-09-16 | There is an int overflow vulnerability in vmwgfx driver |
| CVE-2022-37775 | 2022-09-16 | Genesys PureConnect Interaction Web Tools Chat Service (up to at least 26- September- 2019) allows XSS within the Printable Chat History via the participant -> name JSON POST parameter. |
| CVE-2021-41731 | 2022-09-16 | Cross Site Scripting (XSS vulnerability exists in )Sourcecodester News247 News Magazine (CMS) PHP 5.6 or higher and MySQL 5.7 or higher via the blog category name field |
| CVE-2022-3225 | 2022-09-16 | Improper Control of Dynamically-Managed Code Resources in budibase/budibase |
| CVE-2021-42597 | 2022-09-16 | A Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Storage Unit Rental Management System PHP 8.0.10 , Apache 2.4.14, SURMS V 1.0 via the Add New Tenant List Rent List... |
| CVE-2022-38412 | 2022-09-16 | Adobe Animate SVG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| CVE-2022-38411 | 2022-09-16 | Adobe Animate SVG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2022-38409 | 2022-09-16 | Adobe Illustrator EPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2022-38408 | 2022-09-16 | Adobe Illustrator Improper Input Validation Arbitrary code execution |
| CVE-2022-38410 | 2022-09-16 | Adobe Illustrator EPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2022-38403 | 2022-09-16 | Adobe InCopy SVG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| CVE-2022-38402 | 2022-09-16 | Adobe InCopy SVG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| CVE-2022-38404 | 2022-09-16 | Adobe InCopy SVG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2022-38406 | 2022-09-16 | Adobe InCopy EPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2022-38405 | 2022-09-16 | Adobe InCopy SVG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2022-38407 | 2022-09-16 | Adobe InCopy EPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2022-38401 | 2022-09-16 | Adobe InCopy PCX File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2022-38430 | 2022-09-16 | Adobe Photoshop MP4 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| CVE-2022-38427 | 2022-09-16 | Adobe Photoshop U3D File Parsing Uninitialized Variable Remote Code Execution Vulnerability |
| CVE-2022-35713 | 2022-09-16 | Adobe Photoshop U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2022-38431 | 2022-09-16 | Adobe Photoshop SVG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| CVE-2022-38429 | 2022-09-16 | Adobe Photoshop SVG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| CVE-2022-38428 | 2022-09-16 | Adobe Photoshop DCM File Parsing Use-After-Free Information Disclosure Vulnerability |
| CVE-2022-38426 | 2022-09-16 | Adobe Photoshop U3D File Parsing Uninitialized Variable Remote Code Execution Vulnerability |
| CVE-2022-38433 | 2022-09-16 | Adobe Photoshop SVG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2022-38432 | 2022-09-16 | Adobe Photoshop SVG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2022-38434 | 2022-09-16 | Adobe Photoshop SVG File Parsing Use-After-Free Remote Code Execution Vulnerability |
| CVE-2022-28853 | 2022-09-16 | Adobe InDesign 2022 Out-of-Bound Write Arbitrary code execution |