CVE List - 2022 / September
Showing 2001 - 2100 of 2148 CVEs for September 2022 (Page 21 of 22)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-30935 | 2022-09-28 | An authorization bypass in b2evolution allows remote, unauthenticated attackers to... |
| CVE-2022-3349 | 2022-09-28 | Sony PS4/PS5 exFAT UVFAT_readupcasetable heap-based overflow |
| CVE-2022-40486 | 2022-09-28 | TP Link Archer AX10 V1 Firmware Version 1.3.1 Build 20220401... |
| CVE-2022-40082 | 2022-09-28 | Hertz v0.3.0 ws discovered to contain a path traversal vulnerability... |
| CVE-2022-40083 | 2022-09-28 | Labstack Echo v4.8.0 was discovered to contain an open redirect... |
| CVE-2022-22522 | 2022-09-28 | Hard-coded credentials in Carlo Gavazzi UWP3.0 allows for authentication bypass and full control of the device |
| CVE-2022-22523 | 2022-09-28 | Carlo Gavazzi UWP 3.0 WebApp allows for authentication bypass |
| CVE-2022-22524 | 2022-09-28 | SQL-injection in Carlo Gavazzi UWP 3.0 allows for full database access |
| CVE-2022-22525 | 2022-09-28 | Command injection in restore function of Carlo Gavazzi UWP3.0 allows for command injection |
| CVE-2022-22526 | 2022-09-28 | Missing authentication for API in Carlo Gavazzi UWP 3.0 Car Park Server |
| CVE-2022-28811 | 2022-09-28 | Possible command injection in Car Park Server in Carlo Gavazzi UWP3.0 |
| CVE-2022-28812 | 2022-09-28 | Use of Hard-coded Credentials in UWP3.0 allows SuperUser authentication bypass in Car Park Server. |
| CVE-2022-28814 | 2022-09-28 | Path traversal in Carlo Gavazzi UWP 3.0 could lead to full device access |
| CVE-2022-28815 | 2022-09-28 | SQL-Injection in Carlo Gavazzi UWP 3.0 Sentilo Proxy |
| CVE-2022-28816 | 2022-09-28 | Reflected XSS in Carlo Gavazzi UWP 3.0 |
| CVE-2022-40912 | 2022-09-28 | ETAP Lighting International NV ETAP Safety Manager 1.0.0.32 is vulnerable... |
| CVE-2022-40942 | 2022-09-28 | Tenda TX3 US_TX3V1.0br_V16.03.13.11 is vulnerable to stack overflow via compare_parentcontrol_time. |
| CVE-2022-3354 | 2022-09-28 | Open5GS UDP Packet ogs-tlv-msg.c denial of service |
| CVE-2022-36448 | 2022-09-28 | An issue was discovered in Insyde InsydeH2O with kernel 5.0... |
| CVE-2022-22387 | 2022-09-28 | IBM Application Gateway is vulnerable to cross-site scripting. This vulnerability... |
| CVE-2022-35282 | 2022-09-28 | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is... |
| CVE-2022-35722 | 2022-09-28 | IBM Jazz for Service Management is vulnerable to stored cross-site... |
| CVE-2022-36771 | 2022-09-28 | IBM QRadar User Behavior Analytics could allow an authenticated user... |
| CVE-2022-38934 | 2022-09-28 | readelf in ToaruOS 2.0.1 has some arbitrary address read vulnerabilities... |
| CVE-2021-41434 | 2022-09-28 | A stored Cross-Site Scripting (XSS) vulnerability exists in version 1.0... |
| CVE-2022-3193 | 2022-09-28 | An HTML injection/reflected Cross-site scripting (XSS) vulnerability was found in... |
| CVE-2022-3287 | 2022-09-28 | When creating an OPERATOR user account on the BMC, the... |
| CVE-2022-36781 | 2022-09-28 | ConnectWise - ScreenConnect Session Code Bypass |
| CVE-2022-3215 | 2022-09-28 | NIOHTTP1 and projects using it for generating HTTP responses can... |
| CVE-2022-23716 | 2022-09-28 | A flaw was discovered in ECE before 3.1.1 that could... |
| CVE-2022-39246 | 2022-09-28 | matrix-android-sdk2 vulnerable to impersonation via forwarded Megolm sessions |
| CVE-2022-39248 | 2022-09-28 | matrix-android-sdk2 vulnerable to Olm/Megolm protocol confusion |
| CVE-2022-3292 | 2022-09-28 | Use of Cache Containing Sensitive Information in ikus060/rdiffweb |
| CVE-2022-29089 | 2022-09-28 | Dell Networking OS10, versions prior to October 2021 with Smart... |
| CVE-2022-34394 | 2022-09-28 | Dell OS10, version 10.5.3.4, contains an Improper Certificate Validation vulnerability... |
| CVE-2022-34424 | 2022-09-28 | Networking OS10, versions 10.5.1.x, 10.5.2.x, and 10.5.3.x contain a vulnerability... |
| CVE-2022-39255 | 2022-09-28 | Matrix iOS SDK vulnerable ton Olm/Megolm protocol confusion |
| CVE-2022-39257 | 2022-09-28 | Matrix iOS SDK vulnerable to impersonation via forwarded Megolm sessions |
| CVE-2022-39263 | 2022-09-28 | NextAuth.js Upstash Adapter missing token verification |
| CVE-2022-40707 | 2022-09-28 | An Out-of-bounds read vulnerability in Trend Micro Deep Security 20... |
| CVE-2022-40708 | 2022-09-28 | An Out-of-bounds read vulnerability in Trend Micro Deep Security 20... |
| CVE-2022-40709 | 2022-09-28 | An Out-of-bounds read vulnerability in Trend Micro Deep Security 20... |
| CVE-2022-40710 | 2022-09-28 | A link following vulnerability in Trend Micro Deep Security 20... |
| CVE-2022-31628 | 2022-09-28 | phar wrapper can occur dos when using quine gzip file |
| CVE-2022-31629 | 2022-09-28 | $_COOKIE names string replacement (. -> _): cookie integrity vulnerabilities |
| CVE-2022-3326 | 2022-09-28 | Weak Password Requirements in ikus060/rdiffweb |
| CVE-2022-3352 | 2022-09-29 | Use After Free in vim/vim |
| CVE-2022-39173 | 2022-09-29 | In wolfSSL before 5.5.1, malicious clients can cause a buffer... |
| CVE-2022-39250 | 2022-09-29 | Matrix JavaScript SDK vulnerable to key/device identifier confusion in SAS verification |
| CVE-2022-41828 | 2022-09-29 | In Amazon AWS Redshift JDBC Driver (aka amazon-redshift-jdbc-driver or redshift-jdbc42)... |
| CVE-2022-35888 | 2022-09-29 | Ampere Altra and Ampere Altra Max devices through 2022-07-15 allow... |
| CVE-2022-40048 | 2022-09-29 | Flatpress v1.2.1 was discovered to contain a remote code execution... |
| CVE-2020-11015 | 2022-09-29 | Device Authentication Vulnerability in thinx-device-api IoT Device Management Server |
| CVE-2019-5797 | 2022-09-29 | Double free in DOMStorage in Google Chrome prior to 73.0.3683.75... |
| CVE-2021-43361 | 2022-09-29 | MedData HBYS 1.0 Remote SQL Injection Vulnerability |
| CVE-2021-43362 | 2022-09-29 | MedData HBYS 1.0 Remote SQL Injection Vulnerability |
| CVE-2022-3355 | 2022-09-29 | Cross-site Scripting (XSS) - Stored in inventree/inventree |
| CVE-2022-40475 | 2022-09-29 | TOTOLINK A860R V4.1.2cu.5182_B20201027 was discovered to contain a command injection... |
| CVE-2022-40126 | 2022-09-29 | A misconfiguration in the Service Mode profile directory of Clash... |
| CVE-2022-40363 | 2022-09-29 | A buffer overflow in the component nfc_device_load_mifare_ul_data of Flipper Devices... |
| CVE-2022-40890 | 2022-09-29 | A vulnerability in /src/amf/amf-context.c in Open5GS 2.4.10 and earlier leads... |
| CVE-2022-40407 | 2022-09-29 | A zip slip vulnerability in the file upload function of... |
| CVE-2022-40408 | 2022-09-29 | FeehiCMS v2.1.1 was discovered to contain a cross-site scripting (XSS)... |
| CVE-2022-39252 | 2022-09-29 | When matrix-rust-sdk recieves forwarded room keys, the reciever doesn't check if it requested the key from the forwarder |
| CVE-2022-39254 | 2022-09-29 | When matrix-nio receives forwarded room keys, the receiver doesn't check if it requested the key from the forwarder |
| CVE-2022-38732 | 2022-09-29 | SnapCenter versions prior to 4.7 shipped without Content Security Policy... |
| CVE-2022-40931 | 2022-09-29 | dutchcoders Transfer.sh 1.4.0 is vulnerable to Cross Site Scripting (XSS). |
| CVE-2022-39168 | 2022-09-29 | IBM Robotic Process Automation Clients are vulnerable to proxy credentials... |
| CVE-2022-40887 | 2022-09-29 | SourceCodester Best Student Result Management System 1.0 is vulnerable to... |
| CVE-2022-40879 | 2022-09-29 | kkFileView v4.1.0 is vulnerable to Cross Site Scripting (XSS) via... |
| CVE-2022-29503 | 2022-09-29 | A memory corruption vulnerability exists in the libpthread linuxthreads functionality... |
| CVE-2022-39266 | 2022-09-29 | isolated-vm has vulnerable CachedDataOptions in API |
| CVE-2022-35137 | 2022-09-29 | DGIOT Lightweight industrial IoT v4.5.4 was discovered to contain multiple... |
| CVE-2022-33880 | 2022-09-29 | hms-staff.php in Projectworlds Hospital Management System Mini-Project through 2018-06-17 allows... |
| CVE-2022-40472 | 2022-09-29 | ZKTeco Xiamen Information Technology ZKBio Time 8.0.7 Build: 20220721.14829 was... |
| CVE-2022-36066 | 2022-09-29 | Discourse vulnerable to RCE via admins uploading maliciously zipped file |
| CVE-2022-36068 | 2022-09-29 | Discourse moderators can edit themes via the API |
| CVE-2022-39226 | 2022-09-29 | Discourse user profile location and website fields were not sufficiently length-limited |
| CVE-2022-39232 | 2022-09-29 | Discourse vulnerable to incomplete quote causing a topic to crash in the browser |
| CVE-2022-3364 | 2022-09-29 | No limit in length of "Fullname" parameter results in DOS attack /memory corruption in ikus060/rdiffweb prior to 2.5.0a3 in ikus060/rdiffweb |
| CVE-2022-41849 | 2022-09-30 | drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race... |
| CVE-2022-41850 | 2022-09-30 | roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has... |
| CVE-2022-2778 | 2022-09-30 | In affected versions of Octopus Deploy it is possible to... |
| CVE-2022-41844 | 2022-09-30 | An issue was discovered in Xpdf 4.04. There is a... |
| CVE-2022-41843 | 2022-09-30 | An issue was discovered in Xpdf 4.04. There is a... |
| CVE-2022-41842 | 2022-09-30 | An issue was discovered in Xpdf 4.04. There is a... |
| CVE-2022-41841 | 2022-09-30 | An issue was discovered in Bento4 through 1.6.0-639. A NULL... |
| CVE-2022-41847 | 2022-09-30 | An issue was discovered in Bento4 1.6.0-639. A memory leak... |
| CVE-2022-41846 | 2022-09-30 | An issue was discovered in Bento4 1.6.0-639. There ie excessive... |
| CVE-2022-41845 | 2022-09-30 | An issue was discovered in Bento4 1.6.0-639. There ie excessive... |
| CVE-2022-24373 | 2022-09-30 | Regular Expression Denial of Service (ReDoS) |
| CVE-2022-21222 | 2022-09-30 | Regular Expression Denial of Service (ReDoS) |
| CVE-2022-41848 | 2022-09-30 | drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race... |
| CVE-2022-2922 | 2022-09-30 | Relative Path Traversal in dnnsoftware/dnn.platform |
| CVE-2022-2529 | 2022-09-30 | Multiple DoS Attack Vectors in sflow packet handling |
| CVE-2022-3371 | 2022-09-30 | No limit in length of "Token name" parameter results in DOS attack /memory corruption in ikus060/rdiffweb prior to 2.5.0a3 in ikus060/rdiffweb |
| CVE-2022-37461 | 2022-09-30 | Multiple cross-site scripting (XSS) vulnerabilities in Canon Medical Vitrea View... |
| CVE-2022-41437 | 2022-09-30 | Billing System Project v1.0 was discovered to contain a remote... |
| CVE-2022-41439 | 2022-09-30 | Billing System Project v1.0 was discovered to contain a SQL... |
| CVE-2022-41440 | 2022-09-30 | Billing System Project v1.0 was discovered to contain a SQL... |