CVE List - 2022 / September
Showing 1801 - 1900 of 2148 CVEs for September 2022 (Page 19 of 22)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-32821 | 2022-09-23 | A memory corruption issue was addressed with improved validation. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be... |
| CVE-2022-32823 | 2022-09-23 | A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey... |
| CVE-2022-32826 | 2022-09-23 | An authorization issue was addressed with improved state management. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5,... |
| CVE-2022-32829 | 2022-09-23 | This issue was addressed with improved checks. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to execute arbitrary code with... |
| CVE-2022-32825 | 2022-09-23 | The issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5. An... |
| CVE-2022-32828 | 2022-09-23 | The issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, tvOS 15.6, macOS Monterey 12.5. An app may be able to disclose... |
| CVE-2022-32832 | 2022-09-23 | The issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security... |
| CVE-2022-32842 | 2022-09-23 | An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-005 Catalina, macOS Monterey 12.5. An app may be able to gain elevated... |
| CVE-2022-32845 | 2022-09-23 | This issue was addressed with improved checks. This issue is fixed in watchOS 8.7, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to break out... |
| CVE-2022-32848 | 2022-09-23 | A logic issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.8, macOS Monterey 12.5. An app may be able to capture a user’s screen. |
| CVE-2022-32831 | 2022-09-23 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing a maliciously crafted AppleScript... |
| CVE-2022-32841 | 2022-09-23 | The issue was addressed with improved memory handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. Processing a maliciously crafted image... |
| CVE-2022-32851 | 2022-09-23 | An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing a maliciously crafted... |
| CVE-2022-22629 | 2022-09-23 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iTunes 12.12.3 for Windows, iOS 15.4 and iPadOS... |
| CVE-2022-40113 | 2022-09-23 | Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/send_funds.php. |
| CVE-2022-40114 | 2022-09-23 | Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/edit_customer.php. |
| CVE-2022-40115 | 2022-09-23 | Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/delete_beneficiary.php. |
| CVE-2022-40116 | 2022-09-23 | Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the search parameter at /net-banking/beneficiary.php. |
| CVE-2022-40117 | 2022-09-23 | Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/delete_customer.php. |
| CVE-2022-40118 | 2022-09-23 | Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/send_funds_action.php. |
| CVE-2022-40119 | 2022-09-23 | Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the search_term parameter at /net-banking/transactions.php. |
| CVE-2022-40120 | 2022-09-23 | Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the search_term parameter at /net-banking/customer_transactions.php. |
| CVE-2022-40121 | 2022-09-23 | Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the search parameter at /net-banking/manage_customers.php. |
| CVE-2022-40122 | 2022-09-23 | Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/edit_customer_action.php. |
| CVE-2022-39242 | 2022-09-24 | Incorrect Calculation in Frontier leads to inflated Ethereum chain gas prices |
| CVE-2022-39240 | 2022-09-24 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in MyGraph |
| CVE-2022-36025 | 2022-09-24 | Incorrect Conversion between Numeric Types in Besu Ethereum Client |
| CVE-2022-23461 | 2022-09-24 | Cross-Site Scripting (XSS) in Jodit Editor |
| CVE-2022-23464 | 2022-09-24 | Potential Server Side Request Forgery (SSRF) in Nepxion Discovery |
| CVE-2022-23463 | 2022-09-24 | SpEL Injection in Nepxion Discovery |
| CVE-2022-41340 | 2022-09-24 | The secp256k1-js package before 1.1.0 for Node.js implements ECDSA without required r and s validation, leading to signature forgery. |
| CVE-2022-3296 | 2022-09-25 | Stack-based Buffer Overflow in vim/vim |
| CVE-2022-3297 | 2022-09-25 | Use After Free in vim/vim |
| CVE-2022-41343 | 2022-09-25 | registerFont in FontMetrics.php in Dompdf before 2.0.1 allows remote file inclusion because a URI validation failure does not halt font registration, as demonstrated by a @font-face rule. |
| CVE-2022-3201 | 2022-09-26 | Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to 105.0.5195.125 allowed an attacker who convinced a user to install a malicious extension to bypass... |
| CVE-2022-2852 | 2022-09-26 | Use after free in FedCM in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2022-2853 | 2022-09-26 | Heap buffer overflow in Downloads in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a... |
| CVE-2022-3024 | 2022-09-26 | Simple Bitcoin Faucets <= 1.7.0 - Unauthorised AJAX Call to Stored XSS |
| CVE-2022-3195 | 2022-09-26 | Out of bounds write in Storage in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium... |
| CVE-2022-3196 | 2022-09-26 | Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High) |
| CVE-2022-3197 | 2022-09-26 | Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High) |
| CVE-2022-3198 | 2022-09-26 | Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High) |
| CVE-2022-3199 | 2022-09-26 | Use after free in Frames in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2022-3200 | 2022-09-26 | Heap buffer overflow in Internals in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2022-41352 | 2022-09-26 | An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files through amavis via a cpio loophole (extraction to /opt/zimbra/jetty/webapps/zimbra/public) that can lead to... |
| CVE-2022-41347 | 2022-09-26 | An issue was discovered in Zimbra Collaboration (ZCS) 8.8.x and 9.x (e.g., 8.8.15). The Sudo configuration permits the zimbra user to execute the NGINX binary as root with arbitrary parameters.... |
| CVE-2022-21169 | 2022-09-26 | Prototype Pollution |
| CVE-2022-21797 | 2022-09-26 | Arbitrary Code Execution |
| CVE-2022-38553 | 2022-09-26 | Academy Learning Management System before v5.9.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Search parameter. |
| CVE-2022-36158 | 2022-09-26 | Contec FXA3200 version 1.13.00 and under suffers from Insecure Permissions in the Wireless LAN Manager interface which allows malicious actors to execute Linux commands with root privilege via a hidden... |
| CVE-2022-36159 | 2022-09-26 | Contec FXA3200 version 1.13 and under were discovered to contain a hard coded hash password for root stored in the component /etc/shadow. As the password strength is weak, it can... |
| CVE-2022-38970 | 2022-09-26 | ieGeek IG20 hipcam RealServer V1.0 is vulnerable to Incorrect Access Control. The algorithm used to generate device IDs (UIDs) for devices that utilize Shenzhen Yunni Technology iLnkP2P suffers from a... |
| CVE-2022-3301 | 2022-09-26 | Improper Cleanup on Thrown Exception in ikus060/rdiffweb |
| CVE-2022-40924 | 2022-09-26 | Zoo Management System v1.0 has an arbitrary file upload vulnerability in the picture upload point of the "save_animal" file of the "Animals" module in the background management system. |
| CVE-2022-40925 | 2022-09-26 | Zoo Management System v1.0 has an arbitrary file upload vulnerability in the picture upload point of the "save_event" file of the "Events" module in the background management system. |
| CVE-2022-40928 | 2022-09-26 | Online Leave Management System v1.0 is vulnerable to SQL Injection via /leave_system/classes/Master.php?f=delete_application. |
| CVE-2022-3295 | 2022-09-26 | Allocation of Resources Without Limits or Throttling in ikus060/rdiffweb |
| CVE-2022-40926 | 2022-09-26 | Online Leave Management System v1.0 is vulnerable to SQL Injection via /leave_system/classes/Master.php?f=delete_leave_type. |
| CVE-2022-40927 | 2022-09-26 | Online Leave Management System v1.0 is vulnerable to SQL Injection via /leave_system/classes/Master.php?f=delete_designation. |
| CVE-2021-24890 | 2022-09-26 | Scripts Organizer < 3.0 - Unauthenticated Arbitrary File Upload |
| CVE-2022-1613 | 2022-09-26 | Restricted Site Access < 7.3.2 - Access Bypass via IP Spoofing |
| CVE-2022-1755 | 2022-09-26 | SVG Support < 2.5 - Author+ Stored Cross-Site Scripting |
| CVE-2022-2352 | 2022-09-26 | Post SMTP < 2.1.7 - Admin+ Blind SSRF |
| CVE-2022-2404 | 2022-09-26 | WP Popup Builder < 1.2.9 - Reflected Cross-Site Scripting |
| CVE-2022-2405 | 2022-09-26 | WP Popup Builder < 1.3.0 - Subscriber+ Arbitrary Popup Deletion |
| CVE-2022-2903 | 2022-09-26 | NinjaForms < 3.6.13 - Admin+ PHP Objection Injection |
| CVE-2022-2926 | 2022-09-26 | Download Manager < 3.2.55 - Admin+ Arbitrary File/Folder Access via Path Traversal |
| CVE-2022-2987 | 2022-09-26 | Ldap WP Login / Active Directory Integration < 3.0.2 - Unauthenticated Settings Update to Auth Bypass |
| CVE-2022-3025 | 2022-09-26 | Bitcoin / Altcoin Faucet <= 1.6.0 - Settings Update to Stored XSS via CSRF |
| CVE-2022-3062 | 2022-09-26 | Simple File List < 4.4.12 - Reflected Cross-Site Scripting |
| CVE-2022-3069 | 2022-09-26 | Wordlift < 3.37.2 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-3070 | 2022-09-26 | Generate PDF using Contact Form 7 < 3.6 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-3074 | 2022-09-26 | Slider Hero < 8.4.4 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-3076 | 2022-09-26 | CM Download Manager < 2.8.6 - Admin+ Arbitrary File Upload |
| CVE-2022-3098 | 2022-09-26 | Login Block IPs <= 1.0.0 - Arbitrary Setting Update via CSRF |
| CVE-2022-3119 | 2022-09-26 | OAuth client Single Sign On for WordPress < 3.0.4 - Unauthenticated Settings Update to Authentication Bypass |
| CVE-2022-3135 | 2022-09-26 | SEO Smart Links <= 3.0.1 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-3299 | 2022-09-26 | Open5GS AMF client.c denial of service |
| CVE-2022-40402 | 2022-09-26 | Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the booking parameter at /admin/client_assign.php. |
| CVE-2022-40403 | 2022-09-26 | Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/feature_edit.php. |
| CVE-2022-40404 | 2022-09-26 | Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/select.php. |
| CVE-2022-40483 | 2022-09-26 | Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /wedding_details.php. |
| CVE-2022-40484 | 2022-09-26 | Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the booking parameter at /admin/client_edit.php. |
| CVE-2022-40485 | 2022-09-26 | Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /package_detail.php. |
| CVE-2022-39219 | 2022-09-26 | Bifrost users using basic authntication can bypass write permission limit |
| CVE-2021-41437 | 2022-09-26 | An HTTP response splitting attack in web application in ASUS RT-AX88U before v3.0.0.4.388.20558 allows an attacker to craft a specific URL that if an authenticated victim visits it, the URL... |
| CVE-2022-39243 | 2022-09-26 | NuProcess vulnerable to command-line injection through insertion of NUL character(s) |
| CVE-2022-3204 | 2022-09-26 | NRDelegation Attack |
| CVE-2022-39245 | 2022-09-26 | Mist vulnerable to user providing a Sudo binary for authentication checks |
| CVE-2022-3103 | 2022-09-26 | off-by-one in io_uring module. |
| CVE-2022-28721 | 2022-09-26 | Certain HP Print Products are potentially vulnerable to Remote Code Execution. |
| CVE-2022-28722 | 2022-09-26 | Certain HP Print Products are potentially vulnerable to Buffer Overflow. |
| CVE-2022-40785 | 2022-09-26 | Unsanitized input when setting a locale file leads to shell injection in mIPC camera firmware 5.3.1.2003161406. This allows an attacker to gain remote code execution on cameras running the firmware... |
| CVE-2022-40784 | 2022-09-26 | Unlimited strcpy on user input when setting a locale file leads to stack buffer overflow in mIPC camera firmware 5.3.1.2003161406. |
| CVE-2022-2854 | 2022-09-26 | Use after free in SwiftShader in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2022-2855 | 2022-09-26 | Use after free in ANGLE in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2022-2856 | 2022-09-26 | Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker to arbitrarily browse to a malicious website via a crafted HTML... |
| CVE-2022-2857 | 2022-09-26 | Use after free in Blink in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2022-2858 | 2022-09-26 | Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via specific UI interaction. |
| CVE-2022-2859 | 2022-09-26 | Use after free in Chrome OS Shell in Google Chrome prior to 104.0.5112.101 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit... |