CVE List - 2022 / September
Showing 1701 - 1800 of 2148 CVEs for September 2022 (Page 18 of 22)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-40194 | 2022-09-23 | WordPress Customer Reviews for WooCommerce plugin <= 5.3.5 - Sensitive Information Disclosure vulnerability |
| CVE-2022-2025 | 2022-09-23 | Grandstream GSD3710 Stack-based Buffer Overflow |
| CVE-2022-2070 | 2022-09-23 | Grandstream GSD3710 Stack-based Buffer Overflow |
| CVE-2022-38470 | 2022-09-23 | WordPress Customer Reviews for WooCommerce plugin <= 5.3.5 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-38134 | 2022-09-23 | WordPress Customer Reviews for WooCommerce plugin <= 5.3.5 - Authenticated Broken Access Control vulnerability |
| CVE-2022-36417 | 2022-09-23 | WordPress 3D Tag Cloud plugin <= 3.8 - Multiple Stored Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-40215 | 2022-09-23 | WordPress Tabs plugin <= 3.7.1 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities |
| CVE-2022-38742 | 2022-09-23 | Rockwell Automation ThinManager Software Vulnerable to Arbitrary Code Execution and Denial-Of-Service Attack |
| CVE-2021-3782 | 2022-09-23 | An internal reference count is held on the buffer pool, incremented every time a new buffer is created from the pool. The reference count is maintained as an int; on... |
| CVE-2022-2973 | 2022-09-23 | MZ Automation libIEC61850 NULL Pointer Dereference |
| CVE-2022-2971 | 2022-09-23 | MZ Automation libIEC61850 Access of Resource Using Incompatible Type ('Type Confusion') |
| CVE-2022-2972 | 2022-09-23 | MZ Automation libIEC61850 Stack-Based Buffer Overflow |
| CVE-2022-2970 | 2022-09-23 | MZ Automation libIEC61850 Stack-Based Buffer Overflow |
| CVE-2022-40628 | 2022-09-23 | Remote Code Execution Vulnerability in Tacitine Firewall |
| CVE-2022-35091 | 2022-09-23 | SWFTools commit 772e55a2 was discovered to contain a floating point exception (FPE) via DCTStream::readMCURow() at /xpdf/Stream.cc.ow() |
| CVE-2022-35092 | 2022-09-23 | SWFTools commit 772e55a2 was discovered to contain a segmentation violation via convert_gfxline at /gfxpoly/convert.c. |
| CVE-2022-35093 | 2022-09-23 | SWFTools commit 772e55a2 was discovered to contain a global buffer overflow via DCTStream::transformDataUnit at /xpdf/Stream.cc. |
| CVE-2022-35094 | 2022-09-23 | SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via DCTStream::readHuffSym(DCTHuffTable*) at /xpdf/Stream.cc. |
| CVE-2022-35095 | 2022-09-23 | SWFTools commit 772e55a2 was discovered to contain a segmentation violation via InfoOutputDev::type3D1 at /pdf/InfoOutputDev.cc. |
| CVE-2022-35096 | 2022-09-23 | SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via draw_stroke at /gfxpoly/stroke.c. |
| CVE-2022-35097 | 2022-09-23 | SWFTools commit 772e55a2 was discovered to contain a segmentation violation via FoFiTrueType::writeTTF at /xpdf/FoFiTrueType.cc. |
| CVE-2022-35098 | 2022-09-23 | SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via GfxICCBasedColorSpace::getDefaultColor(GfxColor*) at /xpdf/GfxState.cc. |
| CVE-2022-35099 | 2022-09-23 | SWFTools commit 772e55a2 was discovered to contain a stack overflow via ImageStream::getPixel(unsigned char*) at /xpdf/Stream.cc. |
| CVE-2022-36338 | 2022-09-23 | An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM callout vulnerability in the SMM driver FwBlockServiceSmm, creating SMM, leads to arbitrary code execution. An attacker... |
| CVE-2022-40358 | 2022-09-23 | An issue was discovered in AjaXplorer 4.2.3, allows attackers to cause cross site scripting vulnerabilities via a crafted svg file upload. |
| CVE-2022-40359 | 2022-09-23 | Cross site scripting (XSS) vulnerability in kfm through 1.4.7 via crafted GET request to /kfm/index.php. |
| CVE-2022-22423 | 2022-09-23 | IBM Common Cryptographic Architecture (CCA 5.x MTM for 4767 and CCA 7.x MTM for 4769) could allow a local user to cause a denial of service due to improper input... |
| CVE-2022-34348 | 2022-09-23 | IBM Sterling Partner Engagement Manager 6.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive... |
| CVE-2022-35721 | 2022-09-23 | IBM Jazz for Service Management 1.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality... |
| CVE-2022-40748 | 2022-09-23 | IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading... |
| CVE-2022-40629 | 2022-09-23 | Sensitive Information Disclosure Vulnerability in Tacitine Firewall |
| CVE-2022-35893 | 2022-09-23 | An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM memory corruption vulnerability in the FvbServicesRuntimeDxe driver allows an attacker to write fixed or predictable data... |
| CVE-2022-40630 | 2022-09-23 | Improper Session Management Vulnerability in Tacitine Firewall |
| CVE-2022-38438 | 2022-09-23 | AEM Reflected XSS Arbitrary code execution |
| CVE-2022-38439 | 2022-09-23 | AEM Reflected XSS Arbitrary code execution |
| CVE-2022-28886 | 2022-09-23 | Denial-of-Service (DoS) Vulnerability |
| CVE-2022-35248 | 2022-09-23 | A improper authentication vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 that allowed two factor authentication can be bypassed when telling the server to use CAS during login. |
| CVE-2022-35246 | 2022-09-23 | A NoSQL-Injection information disclosure vulnerability vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 in the getS3FileUrl Meteor server method that can disclose arbitrary file upload URLs to users that should... |
| CVE-2022-35249 | 2022-09-23 | A information disclosure vulnerability exists in Rocket.Chat <v5 where the getUserMentionsByChannel meteor server method discloses messages from private channels and direct messages regardless of the users access permission to the... |
| CVE-2022-35250 | 2022-09-23 | A privilege escalation vulnerability exists in Rocket.chat <v5 which made it possible to elevate privileges for any authenticated user to view Direct messages without appropriate permissions. |
| CVE-2022-35251 | 2022-09-23 | A cross-site scripting vulnerability exists in Rocket.chat <v5 due to style injection in the complete chat window, an adversary is able to manipulate not only the style of it, but... |
| CVE-2022-32218 | 2022-09-23 | An information disclosure vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 due to the actionLinkHandler method was found to allow Message ID Enumeration with Regex MongoDB queries. |
| CVE-2022-32226 | 2022-09-23 | An improper access control vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 due to input data in the getUsersOfRoom Meteor server method is not type validated, so that MongoDB query... |
| CVE-2022-32227 | 2022-09-23 | A cleartext transmission of sensitive information exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 relating to Oauth tokens by having the permission "view-full-other-user-info", this could cause an oauth token leak in... |
| CVE-2022-32228 | 2022-09-23 | An information disclosure vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 since the getReadReceipts Meteor server method does not properly filter user inputs that are passed to MongoDB queries, allowing... |
| CVE-2022-32229 | 2022-09-23 | A information disclosure vulnerability exists in Rockert.Chat <v5 due to /api/v1/chat.getThreadsList lack of sanitization of user inputs and can therefore leak private thread messages to unauthorized users via Mongo DB... |
| CVE-2022-35247 | 2022-09-23 | A information disclosure vulnerability exists in Rocket.chat <v5, <v4.8.2 and <v4.7.5 where the lack of ACL checks in the getRoomRoles Meteor method leak channel members with special roles to unauthorized... |
| CVE-2022-30124 | 2022-09-23 | An improper authentication vulnerability exists in Rocket.Chat Mobile App <4.14.1.22788 that allowed an attacker with physical access to a mobile device to bypass local authentication (PIN code). |
| CVE-2022-32211 | 2022-09-23 | A SQL injection vulnerability exists in Rocket.Chat <v3.18.6, <v4.4.4 and <v4.7.3 which can allow an attacker to retrieve a reset password token through or a 2fa secret. |
| CVE-2022-32217 | 2022-09-23 | A cleartext storage of sensitive information exists in Rocket.Chat <v4.6.4 due to Oauth token being leaked in plaintext in Rocket.chat logs. |
| CVE-2022-32219 | 2022-09-23 | An information disclosure vulnerability exists in Rocket.Chat <v4.7.5 which allowed the "users.list" REST endpoint gets a query parameter from JSON and runs Users.find(queryFromClientSide). This means virtually any authenticated user can... |
| CVE-2022-32220 | 2022-09-23 | An information disclosure vulnerability exists in Rocket.Chat <v5 due to the getUserMentionsByChannel meteor server method discloses messages from private channels and direct messages regardless of the users access permission to... |
| CVE-2022-3263 | 2022-09-23 | Measuresoft ScadaPro Server Improper Access Control |
| CVE-2022-36340 | 2022-09-23 | WordPress MailOptin plugin <= 1.2.49.0 - Unauthenticated Optin Campaign Cache Deletion vulnerability |
| CVE-2022-38704 | 2022-09-23 | WordPress SEO Redirection plugin <= 8.9 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-40132 | 2022-09-23 | WordPress Seriously Simple Podcasting plugin <= 2.16.0 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-38079 | 2022-09-23 | WordPress Backup Scheduler plugin <= 1.5.13 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-38454 | 2022-09-23 | WordPress Kraken.io Image Optimizer plugin <= 2.6.5 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-40100 | 2022-09-23 | Tenda i9 v1.0.0.8(3828) was discovered to contain a command injection vulnerability via the FormexeCommand function. |
| CVE-2022-40101 | 2022-09-23 | Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formWifiMacFilterSet function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string. |
| CVE-2022-40102 | 2022-09-23 | Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formwrlSSIDset function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string. |
| CVE-2022-40103 | 2022-09-23 | Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formSetAutoPing function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string. |
| CVE-2022-40104 | 2022-09-23 | Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formwrlSSIDget function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string. |
| CVE-2022-40105 | 2022-09-23 | Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formWifiMacFilterGet function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string. |
| CVE-2022-40106 | 2022-09-23 | Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the set_local_time function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string. |
| CVE-2022-40107 | 2022-09-23 | Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formexeCommand function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string. |
| CVE-2022-22610 | 2022-09-23 | A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing... |
| CVE-2022-22624 | 2022-09-23 | A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, iOS 15.4 and iPadOS 15.4, tvOS 15.4, Safari 15.4. Processing maliciously... |
| CVE-2022-22637 | 2022-09-23 | A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. A malicious... |
| CVE-2022-26707 | 2022-09-23 | An issue in the handling of environment variables was addressed with improved validation. This issue is fixed in macOS Monterey 12.4. A user may be able to view sensitive user... |
| CVE-2020-36521 | 2022-09-23 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in iCloud for Windows 11.4, iOS 14.0 and iPadOS 14.0, watchOS 7.0, tvOS 14.0, iCloud for Windows... |
| CVE-2022-22628 | 2022-09-23 | A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4.... |
| CVE-2022-26700 | 2022-09-23 | A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5. Processing... |
| CVE-2022-32781 | 2022-09-23 | This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5, Security Update 2022-005 Catalina, macOS Big Sur 11.6.8. An... |
| CVE-2022-32782 | 2022-09-23 | This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Monterey 12.4. An app with root privileges may be able to access private information. |
| CVE-2022-32785 | 2022-09-23 | A null pointer dereference was addressed with improved validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5.... |
| CVE-2022-32783 | 2022-09-23 | A logic issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4. An app may gain unauthorized access to Bluetooth. |
| CVE-2022-32852 | 2022-09-23 | An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.5. Processing a maliciously crafted AppleScript binary may result in unexpected termination or... |
| CVE-2022-32787 | 2022-09-23 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey... |
| CVE-2022-32790 | 2022-09-23 | This issue was addressed with improved checks. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, macOS Big Sur 11.6.6, Security Update... |
| CVE-2022-32786 | 2022-09-23 | An issue in the handling of environment variables was addressed with improved validation. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. An... |
| CVE-2022-32789 | 2022-09-23 | A logic issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.5. An app may be able to bypass Privacy preferences. |
| CVE-2022-32796 | 2022-09-23 | A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges. |
| CVE-2022-32792 | 2022-09-23 | An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing... |
| CVE-2022-32797 | 2022-09-23 | This issue was addressed with improved checks. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing a maliciously crafted AppleScript binary may... |
| CVE-2022-32798 | 2022-09-23 | An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.5. An app may be able to gain elevated privileges. |
| CVE-2022-32805 | 2022-09-23 | The issue was addressed with improved handling of caches. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. An app may be able... |
| CVE-2022-32853 | 2022-09-23 | An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing a maliciously crafted... |
| CVE-2022-32843 | 2022-09-23 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing a maliciously crafted... |
| CVE-2022-32847 | 2022-09-23 | This issue was addressed with improved checks. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update... |
| CVE-2022-32799 | 2022-09-23 | An out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-005 Catalina, macOS Monterey 12.5. A user in a privileged network position may... |
| CVE-2022-32800 | 2022-09-23 | This issue was addressed with improved checks. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. An app may be able to modify... |
| CVE-2022-32801 | 2022-09-23 | This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.5. An app may be able to gain root privileges. |
| CVE-2022-32807 | 2022-09-23 | This issue was addressed with improved file handling. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. An app may be able to... |
| CVE-2022-32815 | 2022-09-23 | The issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security... |
| CVE-2022-32816 | 2022-09-23 | The issue was addressed with improved UI handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. Visiting a website that frames... |
| CVE-2022-32817 | 2022-09-23 | An out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may... |
| CVE-2022-32818 | 2022-09-23 | The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.5. An app may be able to leak sensitive kernel state. |
| CVE-2022-32820 | 2022-09-23 | An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey... |
| CVE-2022-32819 | 2022-09-23 | A logic issue was addressed with improved state management. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5,... |