CVE List - 2022 / September
Showing 101 - 200 of 2148 CVEs for September 2022 (Page 2 of 22)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-35132 | 2022-09-02 | Out of bound write in DSP service due to improper bound check for response buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon... |
| CVE-2021-35133 | 2022-09-02 | Use after free in the synx driver issue while performing other functions during multiple invocation of synx release calls in Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile |
| CVE-2021-35134 | 2022-09-02 | Due to insufficient validation of ELF headers, an Incorrect Calculation of Buffer Size can occur in Boot leading to memory corruption in Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile |
| CVE-2021-35135 | 2022-09-02 | A null pointer dereference may potentially occur during RSA key import in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music,... |
| CVE-2022-22059 | 2022-09-02 | Memory corruption due to out of bound read while parsing a video file in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile |
| CVE-2022-22061 | 2022-09-02 | Out of bounds writing is possible while verifying device IDs due to improper length check before copying the data in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile |
| CVE-2022-22062 | 2022-09-02 | An out-of-bounds read can occur while parsing a server certificate due to improper length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon... |
| CVE-2022-22067 | 2022-09-02 | Potential memory leak in modem during the processing of NSA RRC Reconfiguration with invalid Radio Bearer Config in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile |
| CVE-2022-22069 | 2022-09-02 | Devices with keyprotect off may store unencrypted keybox in RPMB and cause cryptographic issue in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables |
| CVE-2022-22070 | 2022-09-02 | Memory corruption in audio due to lack of check of invalid routing address into APR Routing table in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,... |
| CVE-2022-22080 | 2022-09-02 | Improper validation of backend id in PCM routing process can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon... |
| CVE-2022-22096 | 2022-09-02 | Memory corruption in Bluetooth HOST due to stack-based buffer overflow when when extracting data using command length parameter in Snapdragon Connectivity, Snapdragon Mobile |
| CVE-2022-22097 | 2022-09-02 | Memory corruption in graphic driver due to use after free while calling multiple threads application to driver. in Snapdragon Consumer IOT |
| CVE-2022-22098 | 2022-09-02 | Memory corruption in multimedia driver due to untrusted pointer dereference while reading data from socket in Snapdragon Auto |
| CVE-2022-22099 | 2022-09-02 | Memory corruption in multimedia due to improper validation of array index in Snapdragon Auto |
| CVE-2022-22100 | 2022-09-02 | Memory corruption in multimedia due to improper check on received export descriptors in Snapdragon Auto |
| CVE-2022-22101 | 2022-09-02 | Denial of service in multimedia due to uncontrolled resource consumption while parsing an incoming HAB message in Snapdragon Auto |
| CVE-2022-22102 | 2022-09-02 | Memory corruption in multimedia due to incorrect type conversion while adding data in Snapdragon Auto |
| CVE-2022-22104 | 2022-09-02 | Memory corruption in multimedia due to improper check on the messages received. in Snapdragon Auto |
| CVE-2022-22106 | 2022-09-02 | Memory corruption in multimedia due to improper length check while copying the data in Snapdragon Auto |
| CVE-2022-25657 | 2022-09-02 | Memory corruption due to buffer overflow occurs while processing invalid MKV clip which has invalid seek header in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon... |
| CVE-2022-25658 | 2022-09-02 | Memory corruption due to incorrect pointer arithmetic when attempting to change the endianness in video parser function in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,... |
| CVE-2022-25659 | 2022-09-02 | Memory corruption due to buffer overflow while parsing MKV clips with invalid bitmap size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon... |
| CVE-2022-25668 | 2022-09-02 | Memory corruption in video driver due to double free while parsing ASF clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice... |
| CVE-2022-25680 | 2022-09-02 | Memory corruption in multimedia due to buffer overflow while processing count variable from client in Snapdragon Auto |
| CVE-2022-36078 | 2022-09-02 | Slice Memory Allocation with Excessive Size Value in binary |
| CVE-2022-36076 | 2022-09-02 | Account takeover via SSO plugins in NodeBB |
| CVE-2022-36071 | 2022-09-02 | Recovery codes abuse in SFTPGo |
| CVE-2022-34369 | 2022-09-02 | Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3 , contain an insertion of sensitive information in log files vulnerability. A remote unprivileged attacker could... |
| CVE-2022-34371 | 2022-09-02 | Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.3, contain an unprotected transport of credentials vulnerability. A malicious unprivileged network attacker could potentially exploit this... |
| CVE-2022-34378 | 2022-09-02 | Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3, contain a relative path traversal vulnerability. A low privileged local attacker could potentially exploit this vulnerability,... |
| CVE-2022-34382 | 2022-09-02 | Dell Command Update, Dell Update and Alienware Update versions prior to 4.6.0 contains a Local Privilege Escalation Vulnerability in the custom catalog configuration. A local malicious user may potentially exploit... |
| CVE-2021-27693 | 2022-09-02 | Server-side Request Forgery (SSRF) vulnerability in PublicCMS before 4.0.202011.b via /publiccms/admin/ueditor when the action is catchimage. |
| CVE-2022-3065 | 2022-09-02 | Improper Access Control in jgraph/drawio |
| CVE-2022-35933 | 2022-09-02 | PrestaShop module Product Comments vulnerable to cross-site scripting (XSS) |
| CVE-2022-31196 | 2022-09-02 | Server-Side Request Forgery (SSRF) vulnerability in Databasir |
| CVE-2022-31152 | 2022-09-02 | Synapse vulnerable to denial of service (DoS) due to incorrect application of event authorization rules |
| CVE-2022-36638 | 2022-09-02 | An access control issue in the component print.php of Garage Management System v1.0 allows unauthenticated attackers to access data for all existing orders. |
| CVE-2022-36639 | 2022-09-02 | A stored cross-site scripting (XSS) vulnerability in /client.php of Garage Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name... |
| CVE-2022-36640 | 2022-09-02 | influxData influxDB before v1.8.10 contains no authentication mechanism or controls, allowing unauthenticated attackers to execute arbitrary commands. NOTE: the CVE ID assignment is disputed because the vendor's documentation states "If... |
| CVE-2022-36642 | 2022-09-02 | A local file disclosure vulnerability in /appConfig/userDB.json of Telos Alliance Omnia MPX Node through 1.0.0-1.4.9 allows attackers to access users credentials which makes him able to gain initial access to... |
| CVE-2022-36647 | 2022-09-02 | PKUVCL davs2 v1.6.205 was discovered to contain a global buffer overflow via the function parse_sequence_header() at source/common/header.cc:269. |
| CVE-2020-29260 | 2022-09-02 | libvncclient v0.9.13 was discovered to contain a memory leak via the function rfbClientCleanup(). |
| CVE-2022-36754 | 2022-09-02 | Expense Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /Home/debit_credit_p. |
| CVE-2022-3099 | 2022-09-03 | Use After Free in vim/vim |
| CVE-2022-39196 | 2022-09-04 | Blackboard Learn 1.10.1 allows remote authenticated users to read unintended files by entering student credentials and then directly visiting a certain webapps/bbcms/execute/ URL. Note: The vendor disputes this stating this... |
| CVE-2022-3118 | 2022-09-04 | Sourcecodehero ERP System Project processlogin.php sql injection |
| CVE-2022-30331 | 2022-09-05 | The User-Defined Functions (UDF) feature in TigerGraph 3.6.0 allows installation of a query (in the GSQL query language) without proper validation. Consequently, an attacker can execute arbitrary C++ code. NOTE:... |
| CVE-2022-31814 | 2022-09-05 | pfSense pfBlockerNG through 2.1.4_26 allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the HTTP Host header. NOTE: 3.x is unaffected. |
| CVE-2022-38749 | 2022-09-05 | DoS in SnakeYAML |
| CVE-2022-38750 | 2022-09-05 | DoS in SnakeYAML |
| CVE-2022-38752 | 2022-09-05 | DoS in SnakeYAML |
| CVE-2022-39842 | 2022-09-05 | An issue was discovered in the Linux kernel before 5.19. In pxa3xx_gcu_write in drivers/video/fbdev/pxa3xx-gcu.c, the count parameter has a type conflict of size_t versus int, causing an integer overflow and... |
| CVE-2022-38751 | 2022-09-05 | DoS in SnakeYAML |
| CVE-2022-39824 | 2022-09-05 | Server-side JavaScript injection in Appsmith through 1.7.14 allows remote attackers to execute arbitrary JavaScript code from the server via the currentItem property of the list widget, e.g., to perform DoS... |
| CVE-2022-39830 | 2022-09-05 | sign_pFwInfo in Samsung mTower through 0.3.0 has a missing check on the return value of EC_KEY_set_public_key_affine_coordinates, leading to a denial of service. |
| CVE-2022-39829 | 2022-09-05 | There is a NULL pointer dereference in aes256_encrypt in Samsung mTower through 0.3.0 due to a missing check on the return value of EVP_CIPHER_CTX_new. |
| CVE-2022-39828 | 2022-09-05 | sign_pFwInfo in Samsung mTower through 0.3.0 has a missing check on the return value of EC_KEY_set_private_key, leading to a denial of service. |
| CVE-2022-39832 | 2022-09-05 | An issue was discovered in PSPP 1.6.2. There is a heap-based buffer overflow at the function read_string in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash)... |
| CVE-2022-39831 | 2022-09-05 | An issue was discovered in PSPP 1.6.2. There is a heap-based buffer overflow at the function read_bytes_internal in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash)... |
| CVE-2022-39840 | 2022-09-05 | Cotonti Siena 0.9.20 allows admins to conduct stored XSS attacks via a direct message (DM). |
| CVE-2022-39839 | 2022-09-05 | Cotonti Siena 0.9.20 allows admins to conduct stored XSS attacks via a forum post. |
| CVE-2022-39843 | 2022-09-05 | 123elf Lotus 1-2-3 before 1.0.0rc3 for Linux, and Lotus 1-2-3 R3 for UNIX and other platforms through 9.8.2, allow attackers to execute arbitrary code via a crafted worksheet. This occurs... |
| CVE-2022-39049 | 2022-09-05 | Possible XSS in Admin Interface |
| CVE-2022-39050 | 2022-09-05 | Possible XSS stored in customer information |
| CVE-2022-39051 | 2022-09-05 | Perl Code execution in Template Toolkit |
| CVE-2022-3120 | 2022-09-05 | SourceCodester Clinics Patient Management System Login index.php sql injection |
| CVE-2022-3008 | 2022-09-05 | Command Injection on tinygltf |
| CVE-2022-38369 | 2022-09-05 | Login check vulnerability by session Id |
| CVE-2022-38370 | 2022-09-05 | No authorization of DatabaseConnectController in grafana-connector. |
| CVE-2022-3123 | 2022-09-05 | Cross-site Scripting (XSS) - Reflected in splitbrain/dokuwiki |
| CVE-2022-2830 | 2022-09-05 | Deserialization of Untrusted Data in GravityZone Console On-Premise (VA-10573) |
| CVE-2022-2083 | 2022-09-05 | Simple Single Sign On <= 4.1.0 - Authentication Bypass |
| CVE-2022-2271 | 2022-09-05 | WP Database Backup < 5.9 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-2376 | 2022-09-05 | Directorist < 7.3.1 - Unauthenticated Email Address Disclosure |
| CVE-2022-2543 | 2022-09-05 | Visual Portfolio < 2.18.0 - Unauthenticated CSS Injection |
| CVE-2022-2565 | 2022-09-05 | Best Payments Plugin for WP < 4.2.1 - Unauthenticated Stored Cross-Site Scripting |
| CVE-2022-2597 | 2022-09-05 | Visual Portfolio < 2.19.0 - Contributor+ CSS Injection |
| CVE-2022-2657 | 2022-09-05 | Multivendor Marketplace Solution for WooCommerce < 3.8.12 - Unauthorised AJAX Calls |
| CVE-2022-2775 | 2022-09-05 | Fast Flow < 1.2.13 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-3127 | 2022-09-05 | Cross-site Scripting (XSS) - Stored in jgraph/drawio |
| CVE-2022-3121 | 2022-09-05 | SourceCodester Online Employee Leave Management System addemployee.php cross-site request forgery |
| CVE-2022-3122 | 2022-09-05 | SourceCodester Clinics Patient Management System medicine_details.php sql injection |
| CVE-2022-39838 | 2022-09-05 | Systematic FIX Adapter (ALFAFX) 2.4.0.25 13/09/2017 allows remote file inclusion via a UNC share pathname, and also allows absolute path traversal to local pathnames. |
| CVE-2021-28398 | 2022-09-05 | A privileged attacker in GeoNetwork before 3.12.0 and 4.x before 4.0.4 can use the directory harvester before-script to execute arbitrary OS commands remotely on the hosting infrastructure. A User Administrator... |
| CVE-2022-38367 | 2022-09-05 | The Netic User Export add-on before 2.0.6 for Atlassian Jira does not perform authorization checks. This might allow an unauthenticated user to export all users from Jira by making an... |
| CVE-2022-32277 | 2022-09-06 | Squiz Matrix CMS 6.20 is vulnerable to an Insecure Direct Object Reference caused by failure to correctly validate authorization when submitting a request to change a user's contact details. NOTE:... |
| CVE-2022-38131 | 2022-09-06 | RStudio Connect prior to 2023.01.0 is affected by an Open Redirect issue. The vulnerability could allow an attacker to redirect users to malicious websites. |
| CVE-2022-38530 | 2022-09-06 | GPAC v2.1-DEV-rev232-gfcaa01ebb-master was discovered to contain a stack overflow when processing ISOM_IOD. |
| CVE-2022-3134 | 2022-09-06 | Use After Free in vim/vim |
| CVE-2022-36040 | 2022-09-06 | Rizin Out-of-bounds Write vulnerability in pyc/marshal.c |
| CVE-2022-36041 | 2022-09-06 | Rizin Out-of-bounds Write vulnerability in Mach-O binary plugin |
| CVE-2022-36042 | 2022-09-06 | Rizin Out-of-bounds Write vulnerability in dyld cache binary plugin |
| CVE-2022-36043 | 2022-09-06 | Rizin Double Free in bobj.c when using qnx binary plugin |
| CVE-2022-36044 | 2022-09-06 | Rizin Out-of-bounds Write vulnerability in Lua binary plugin |
| CVE-2022-36067 | 2022-09-06 | vm2 vulnerable to Sandbox Escape before v3.9.11 |
| CVE-2022-34747 | 2022-09-06 | A format string vulnerability in Zyxel NAS326 firmware versions prior to V5.21(AAZF.12)C0 could allow an attacker to achieve unauthorized remote code execution via a crafted UDP packet. |
| CVE-2022-34882 | 2022-09-06 | Information Exposure Vulnerability in RAID Manager Storage Replication Adapter |
| CVE-2022-34883 | 2022-09-06 | OS Command Injection Vulnerability in RAID Manager Storage Replication Adapter |
| CVE-2022-2901 | 2022-09-06 | Improper Authorization in chatwoot/chatwoot |