CVE List - 2022 / September
Showing 1601 - 1700 of 2148 CVEs for September 2022 (Page 17 of 22)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-35030 | 2022-09-22 | OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x4fe954. |
| CVE-2022-35031 | 2022-09-22 | OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x703969. |
| CVE-2022-35032 | 2022-09-22 | OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x6b6a8f. |
| CVE-2022-35034 | 2022-09-22 | OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e7e3d. |
| CVE-2022-35035 | 2022-09-22 | OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b559f. |
| CVE-2022-35036 | 2022-09-22 | OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e1fc8. |
| CVE-2022-35037 | 2022-09-22 | OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6adb1e. |
| CVE-2022-35038 | 2022-09-22 | OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b064d. |
| CVE-2022-35039 | 2022-09-22 | OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e20a0. |
| CVE-2022-34026 | 2022-09-22 | ICEcoder v8.1 allows attackers to execute a directory traversal. |
| CVE-2022-35894 | 2022-09-22 | An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. The SMI handler for the FwBlockServiceSmm driver uses an untrusted pointer as the location to copy data to... |
| CVE-2022-3274 | 2022-09-22 | Cross-Site Request Forgery (CSRF) on user's settings in GitHub repository ikus060/rdiffweb prior to 2.4.6. in ikus060/rdiffweb |
| CVE-2022-37234 | 2022-09-22 | Netgear Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router R7000-V1.0.11.134_10.2.119 is vulnerable to Buffer Overflow via the wl binary in firmware. There is a stack overflow vulnerability caused by strncpy. |
| CVE-2021-27774 | 2022-09-22 | An injection vulnerability affects HCL Digital Experience |
| CVE-2022-31937 | 2022-09-22 | Netgear N300 wireless router wnr2000v4-V1.0.0.70 was discovered to contain a stack overflow via strcpy in uhttpd. |
| CVE-2022-40087 | 2022-09-22 | Simple College Website v1.0 was discovered to contain an arbitrary file write vulnerability via the function file_put_contents(). This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. |
| CVE-2022-40088 | 2022-09-22 | Simple College Website v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /college_website/index.php?page=. This vulnerability allows attackers to execute arbitrary web scripts or HTML via... |
| CVE-2022-40089 | 2022-09-22 | A remote file inclusion (RFI) vulnerability in Simple College Website v1.0 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is exploitable when the directive allow_url_include... |
| CVE-2022-36934 | 2022-09-22 | An integer overflow in WhatsApp could result in remote code execution in an established video call. |
| CVE-2022-23458 | 2022-09-22 | Toast UI Grid vulnerable to Cross-site scripting |
| CVE-2022-30426 | 2022-09-22 | There is a stack buffer overflow vulnerability, which could lead to arbitrary code execution in UEFI DXE driver on some Acer products. An attack could exploit this vulnerability to escalate... |
| CVE-2022-38573 | 2022-09-22 | 10-Strike Network Inventory Explorer v9.3 was discovered to contain a buffer overflow via the Add Computers function. |
| CVE-2022-40298 | 2022-09-22 | Crestron AirMedia for Windows before 5.5.1.84 has insecure inherited permissions, which leads to a privilege escalation vulnerability found in the AirMedia Windows Application, version 4.3.1.39. A low privileged user can... |
| CVE-2021-41803 | 2022-09-23 | HashiCorp Consul 1.8.1 up to 1.11.8, 1.12.4, and 1.13.1 do not properly validate the node or segment names prior to interpolation and usage in JWT claim assertions with the auto... |
| CVE-2022-3278 | 2022-09-23 | NULL Pointer Dereference in vim/vim |
| CVE-2022-32814 | 2022-09-23 | A type confusion issue was addressed with improved state handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may... |
| CVE-2022-32849 | 2022-09-23 | An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, tvOS 15.6, macOS Monterey 12.5,... |
| CVE-2022-35252 | 2022-09-23 | When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the... |
| CVE-2022-35951 | 2022-09-23 | Redis subject to Integer Overflow leading to Remote Code Execution via Heap Overflow |
| CVE-2022-36944 | 2022-09-23 | Scala 2.13.x before 2.13.9 has a Java deserialization chain in its JAR file. On its own, it cannot be exploited. There is only a risk in conjunction with Java object... |
| CVE-2022-40188 | 2022-09-23 | Knot Resolver before 5.5.3 allows remote attackers to cause a denial of service (CPU consumption) because of algorithmic complexity. During an attack, an authoritative server must return large NS sets... |
| CVE-2022-40716 | 2022-09-23 | HashiCorp Consul and Consul Enterprise up to 1.11.8, 1.12.4, and 1.13.1 do not check for multiple SAN URI values in a CSR on the internal RPC endpoint, enabling leverage of... |
| CVE-2022-41319 | 2022-09-23 | A Reflected Cross-Site Scripting (XSS) vulnerability affects the Veritas Desktop Laptop Option (DLO) application login page (aka the DLOServer/restore/login.jsp URI). This affects versions before 9.8 (e.g., 9.1 through 9.7). |
| CVE-2022-37235 | 2022-09-23 | Netgear Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router R7000-V1.0.11.134_10.2.119 is vulnerable to Buffer Overflow via the wl binary in firmware. There is a stack overflow vulnerability caused by strncat |
| CVE-2022-37232 | 2022-09-23 | Netgear N300 wireless router wnr2000v4-V1.0.0.70 is vulnerable to Buffer Overflow via uhttpd. There is a stack overflow vulnerability caused by strcpy. |
| CVE-2022-41320 | 2022-09-23 | Veritas System Recovery (VSR) versions 18 and 21 store a network destination password in the Windows registry during configuration of the backup configuration. This vulnerability could provide a Windows user... |
| CVE-2022-41322 | 2022-09-23 | In Kitty before 0.26.2, insufficient validation in the desktop notification escape sequence can lead to arbitrary code execution. The user must display attacker-controlled content in the terminal, then click on... |
| CVE-2020-36604 | 2022-09-23 | hoek before 8.5.1 and 9.x before 9.0.3 allows prototype poisoning in the clone function. |
| CVE-2022-39225 | 2022-09-23 | Parse Server subject to Incorrect Resource Transfer Between Spheres |
| CVE-2022-39227 | 2022-09-23 | Python-jwt subject to Authentication Bypass by Spoofing |
| CVE-2022-39230 | 2022-09-23 | Security issue in fhir-works-on-aws-authz-smart |
| CVE-2022-39231 | 2022-09-23 | Parse Server subject to Improper Authentication allowing Auth adapter app ID validation to be circumvented |
| CVE-2022-39239 | 2022-09-23 | nefly-ipx subject to Server-Side Request Forgery and Stored Cross-Site Scripting via Cache Poisoning and Improper Host Validation |
| CVE-2022-39238 | 2022-09-23 | Improper Authentication in Arvados when using PAM as identity provider |
| CVE-2022-26112 | 2022-09-23 | Pinot query endpoint and the realtime ingestion layer has a vulnerability in unprotected environments due to a groovy function support |
| CVE-2022-3269 | 2022-09-23 | Session Fixation in ikus060/rdiffweb |
| CVE-2022-24280 | 2022-09-23 | Apache Pulsar Proxy target broker address isn't validated |
| CVE-2022-33681 | 2022-09-23 | Improper Hostname Verification in Java Client and Proxy can expose authentication data via MITM |
| CVE-2022-33682 | 2022-09-23 | Disabled Hostname Verification makes Brokers, Proxies vulnerable to MITM attack |
| CVE-2022-33683 | 2022-09-23 | Disabled Certificate Validation makes Broker, Proxy Admin Clients vulnerable to MITM attack |
| CVE-2022-38936 | 2022-09-23 | An issue has been found in PBC through 2022-8-27. A SEGV issue detected in the function pbc_wmessage_integer in src/wmessage.c:137. |
| CVE-2022-40979 | 2022-09-23 | In JetBrains TeamCity before 2022.04.4 environmental variables of "password" type could be logged when using custom Perforce executable |
| CVE-2022-2785 | 2022-09-23 | Arbitrary Memory read in BPF Linux Kernel |
| CVE-2022-2566 | 2022-09-23 | Heap-memory write in FFMPEG |
| CVE-2022-2347 | 2022-09-23 | Unchecked Download size in Uboot |
| CVE-2022-3236 | 2022-09-23 | A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older. |
| CVE-2022-40869 | 2022-09-23 | Tenda AC15 and AC18 routers V15.03.05.19 contain stack overflow vulnerabilities in the function fromDhcpListClient with a combined parameter "list*" ("%s%d","list"). |
| CVE-2022-37330 | 2022-09-23 | WordPress WHA Crossword plugin <= 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-37338 | 2022-09-23 | WordPress Blossom Recipe Maker plugin <= 1.0.7 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities |
| CVE-2022-40865 | 2022-09-23 | Tenda AC15 and AC18 routers V15.03.05.19 contain heap overflow vulnerabilities in the function setSchedWifi with the request /goform/openSchedWifi/ |
| CVE-2022-35257 | 2022-09-23 | A local privilege escalation vulnerability in UI Desktop for Windows (Version 0.55.1.2 and earlier) allows a malicious actor with local access to a Windows device with UI Desktop to run... |
| CVE-2022-30121 | 2022-09-23 | The “LANDesk(R) Management Agent” service exposes a socket and once connected, it is possible to launch commands only for signed executables. This is a security bug that allows a limited... |
| CVE-2022-40864 | 2022-09-23 | Tenda AC15 and AC18 routers V15.03.05.19 contain stack overflow vulnerabilities in the function setSmartPowerManagement with the request /goform/PowerSaveSet |
| CVE-2022-37339 | 2022-09-23 | WordPress Meet My Team plugin <= 2.0.5 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-36798 | 2022-09-23 | WordPress Mega Addons For WPBakery Page Builder plugin <= 4.2.7 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-38095 | 2022-09-23 | WordPress Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.3 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-40862 | 2022-09-23 | Tenda AC15 and AC18 router V15.03.05.19 contains stack overflow vulnerability in the function fromNatStaticSetting with the request /goform/NatStaticSetting |
| CVE-2022-40091 | 2022-09-23 | Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /tour/admin/update_packages.php. |
| CVE-2022-40092 | 2022-09-23 | Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /tour/admin/update_payment.php. |
| CVE-2022-40093 | 2022-09-23 | Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /tour/admin/update_tax.php. |
| CVE-2022-40860 | 2022-09-23 | Tenda AC15 router V15.03.05.19 contains a stack overflow vulnerability in the function formSetQosBand->FUN_0007dd20 with request /goform/SetNetControlList |
| CVE-2022-40213 | 2022-09-23 | WordPress GS Testimonial Slider plugin <= 1.9.6 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities |
| CVE-2022-38703 | 2022-09-23 | WordPress Button Plugin MaxButtons plugin <= 9.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-2937 | 2022-09-23 | Image Hover Effects Ultimate <= 9.7.3 - Authenticated Stored Cross-Site Scripting via Title & Description |
| CVE-2022-3144 | 2022-09-23 | The Wordfence Security – Firewall & Malware Scan plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 7.6.0 via a setting on the options... |
| CVE-2022-40853 | 2022-09-23 | Tenda AC15 router V15.03.05.19 contains a stack overflow via the list parameter at /goform/fast_setting_wifi_set |
| CVE-2022-27492 | 2022-09-23 | An integer underflow in WhatsApp could have caused remote code execution when receiving a crafted video file. |
| CVE-2022-40851 | 2022-09-23 | Tenda AC15 V15.03.05.19 contained a stack overflow via the function fromAddressNat. |
| CVE-2022-23144 | 2022-09-23 | There is a broken access control vulnerability in ZTE ZXvSTB product. Due to improper permission control, attackers could use this vulnerability to delete the default application type, which affects normal... |
| CVE-2022-3257 | 2022-09-23 | Server-side Denial of Service while processing a specifically crafted GIF file |
| CVE-2022-40854 | 2022-09-23 | Tenda AC18 router contained a stack overflow vulnerability in /goform/fast_setting_wifi_set |
| CVE-2022-40671 | 2022-09-23 | WordPress Rate my Post – WP Rating System plugin <= 3.3.4 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-40310 | 2022-09-23 | WordPress Rate my Post – WP Rating System plugin <= 3.3.4 - Race Condition vulnerability |
| CVE-2022-36791 | 2022-09-23 | WordPress Torro Forms plugin <= 1.0.16 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-40868 | 2022-09-23 | Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in the function formDelDhcpRule with the request /goform/delDhcpRules/ |
| CVE-2022-37328 | 2022-09-23 | WordPress History Timeline plugin <= 1.0.5 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-40867 | 2022-09-23 | Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in the function formIPMacBindDel with the request /goform/delIpMacBind/ |
| CVE-2022-40866 | 2022-09-23 | Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in the function formSetDebugCfg with request /goform/setDebugCfg/ |
| CVE-2022-38460 | 2022-09-23 | WordPress NOTICE BOARD plugin <= 1.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-35238 | 2022-09-23 | WordPress Awesome Filterable Portfolio plugin <= 1.9.7 - Unauthenticated Plugin Settings Change vulnerability |
| CVE-2022-40855 | 2022-09-23 | Tenda W20E router V15.11.0.6 contains a stack overflow in the function formSetPortMapping with post request 'goform/setPortMapping/'. This vulnerability allows attackers to cause a Denial of Service (DoS) or Remote Code... |
| CVE-2022-40193 | 2022-09-23 | WordPress Awesome Filterable Portfolio plugin <= 1.9.7 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-36388 | 2022-09-23 | WordPress YDS Support Ticket System plugin <= 1.0 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-37342 | 2022-09-23 | WordPress Add Shortcodes Actions And Filters plugin <= 2.0.9 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-38085 | 2022-09-23 | WordPress Read more By Adam plugin <= 1.1.8 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-40195 | 2022-09-23 | WordPress PCA Predict plugin <= 1.0.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-40861 | 2022-09-23 | Tenda AC18 router V15.03.05.19 contains a stack overflow vulnerability in the formSetQosBand->FUN_0007db78 function with the request /goform/SetNetControlList/ |
| CVE-2022-40672 | 2022-09-23 | WordPress CPO Shortcodes plugin <= 1.5.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-38061 | 2022-09-23 | WordPress Export Post Info plugin <= 1.2.0 - Authenticated CSV Injection vulnerability |
| CVE-2021-45035 | 2022-09-23 | Velneo vClient Improper authentication |