CVE List - 2022 / September
Showing 201 - 300 of 2148 CVEs for September 2022 (Page 3 of 22)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-2714 | 2022-09-06 | Improper Handling of Length Parameter Inconsistency in francoisjacquet/rosariosis |
| CVE-2022-27491 | 2022-09-06 | A improper verification of source of a communication channel in Fortinet FortiOS with IPS engine version 7.201 through 7.214, 7.001 through 7.113, 6.001 through 6.121, 5.001 through 5.258 and before... |
| CVE-2022-29058 | 2022-09-06 | An improper neutralization of special elements [CWE-89] used in an OS command vulnerability [CWE-78] in the command line interpreter of FortiAP 6.0.0 through 6.4.7, 7.0.0 through 7.0.3, 7.2.0, FortiAP-S 6.0.0... |
| CVE-2022-29053 | 2022-09-06 | A missing cryptographic steps vulnerability [CWE-325] in the functions that encrypt the keytab files in FortiOS version 7.2.0, 7.0.0 through 7.0.5 and below 7.0.0 may allow an attacker in possession... |
| CVE-2022-29062 | 2022-09-06 | Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet FortiSOAR before 7.2.1 allows an authenticated attacker to write to the underlying filesystem with nginx permissions via crafted HTTP requests. |
| CVE-2022-30298 | 2022-09-06 | An improper privilege management vulnerability [CWE-269] in Fortinet FortiSOAR before 7.2.1 allows a GUI user who has already found a way to modify system files (via another, unrelated and hypothetical... |
| CVE-2022-26114 | 2022-09-06 | An improper neutralization of input during web page generation vulnerability [CWE-79] in the Webmail of FortiMail before 7.2.0 may allow an unauthenticated attacker to trigger a cross-site scripting (XSS) attack... |
| CVE-2021-43076 | 2022-09-06 | An improper privilege management vulnerability [CWE-269] in FortiADC versions 6.2.1 and below, 6.1.5 and below, 6.0.4 and below, 5.4.5 and below and 5.3.7 and below may allow a remote authenticated... |
| CVE-2021-43080 | 2022-09-06 | An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiOS version 7.2.0, version 6.4.0 through 6.4.9, version 7.0.0 through 7.0.5 may allow an authenticated attacker to perform... |
| CVE-2022-35847 | 2022-09-06 | An improper neutralization of special elements used in a template engine vulnerability [CWE-1336] in FortiSOAR management interface 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.4 may allow a remote and authenticated... |
| CVE-2022-31020 | 2022-09-06 | Remote code execution in Indy's NODE_UPGRADE transaction |
| CVE-2022-37843 | 2022-09-06 | In TOTOLINK A860R V4.1.2cu.5182_B20201027 in cstecgi.cgi, the acquired parameters are directly put into the system for execution without filtering, resulting in a command injection vulnerability. |
| CVE-2022-37839 | 2022-09-06 | TOTOLINK A860R V4.1.2cu.5182_B20201027 is vulnerable to Buffer Overflow via Cstecgi.cgi. |
| CVE-2022-37841 | 2022-09-06 | In TOTOLINK A860R V4.1.2cu.5182_B20201027 there is a hard coded password for root in /etc/shadow.sample. |
| CVE-2022-37840 | 2022-09-06 | In TOTOLINK A860R V4.1.2cu.5182_B20201027, the main function in downloadfile.cgi has a buffer overflow vulnerability. |
| CVE-2022-37842 | 2022-09-06 | In TOTOLINK A860R V4.1.2cu.5182_B20201027, the parameters in infostat.cgi are not filtered, causing a buffer overflow vulnerability. |
| CVE-2022-40109 | 2022-09-06 | TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 is vulnerable to Insecure Permissions via binary /bin/boa. |
| CVE-2022-36584 | 2022-09-06 | In Tenda G3 US_G3V3.0br_V15.11.0.6(7663)_EN_TDE, the getsinglepppuser function has a buffer overflow caused by sscanf. |
| CVE-2022-40110 | 2022-09-06 | TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 is vulnerable to Buffer Overflow via /bin/boa. |
| CVE-2022-40111 | 2022-09-06 | In TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 in the shadow.sample file, root is hardcoded in the firmware. |
| CVE-2022-40112 | 2022-09-06 | TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 is vulnerable Buffer Overflow via the hostname parameter in binary /bin/boa. |
| CVE-2021-43565 | 2022-09-06 | The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server. |
| CVE-2022-1697 | 2022-09-06 | Okta Active Directory Agent versions 3.8.0 through 3.11.0 installed the Okta AD Agent Update Service using an unquoted path. Note: To remediate this vulnerability, you must uninstall Okta Active Directory... |
| CVE-2022-2735 | 2022-09-06 | A vulnerability was found in the PCS project. This issue occurs due to incorrect permissions on a Unix socket used for internal communication between PCS daemons. A privilege escalation could... |
| CVE-2022-28885 | 2022-09-06 | Denial-of-Service (DoS) Vulnerability |
| CVE-2022-2402 | 2022-09-06 | Stack Overflow in ESET Endpoint Encryption and ESET Full Disk Encryption for Windows |
| CVE-2021-36829 | 2022-09-06 | WordPress Launcher: Coming Soon & Maintenance Mode plugin <= 1.0.11 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-34867 | 2022-09-06 | WordPress WP Libre Form 2 plugin <= 2.0.8 - Unauthenticated Sensitive Information Disclosure vulnerability |
| CVE-2022-23451 | 2022-09-06 | An authorization flaw was found in openstack-barbican. The default policy rules for the secret metadata API allowed any authenticated user to add, modify, or delete metadata from any secret regardless... |
| CVE-2022-23678 | 2022-09-06 | A vulnerability in the Aruba Virtual Intranet Access (VIA) client for Microsoft Windows operating system client communications that could allow for an attacker in a privileged network position to intercept... |
| CVE-2022-23679 | 2022-09-06 | AOS-CX lacks Anti-CSRF protections in place for state-changing operations. This can potentially be exploited by an attacker to execute commands in the context of another user in ArubaOS-CX Switches version(s):... |
| CVE-2022-25308 | 2022-09-06 | A stack-based buffer overflow flaw was found in the Fribidi package. This flaw allows an attacker to pass a specially crafted file to the Fribidi application, which leads to a... |
| CVE-2022-25309 | 2022-09-06 | A heap-based buffer overflow flaw was found in the Fribidi package and affects the fribidi_cap_rtl_to_unicode() function of the fribidi-char-sets-cap-rtl.c file. This flaw allows an attacker to pass a specially crafted... |
| CVE-2022-25310 | 2022-09-06 | A segmentation fault (SEGV) flaw was found in the Fribidi package and affects the fribidi_remove_bidi_marks() function of the lib/fribidi.c file. This flaw allows an attacker to pass a specially crafted... |
| CVE-2022-23680 | 2022-09-06 | AOS-CX lacks Anti-CSRF protections in place for state-changing operations. This can potentially be exploited by an attacker to execute commands in the context of another user in ArubaOS-CX Switches version(s):... |
| CVE-2022-23681 | 2022-09-06 | Multiple vulnerabilities exist in the AOS-CX command line interface that could lead to authenticated command injection. A successful exploit could allow an attacker to execute arbitrary commands as root on... |
| CVE-2022-23682 | 2022-09-06 | Multiple vulnerabilities exist in the AOS-CX command line interface that could lead to authenticated command injection. A successful exploit could allow an attacker to execute arbitrary commands as root on... |
| CVE-2022-23683 | 2022-09-06 | Authenticated command injection vulnerabilities exist in the AOS-CX Network Analytics Engine via NAE scripts. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged... |
| CVE-2022-23684 | 2022-09-06 | A vulnerability in the web-based management interface of AOS-CX could allow a remote authenticated user with read-only privileges to escalate their permissions to those of an administrative user. Successful exploitation... |
| CVE-2022-23686 | 2022-09-06 | Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Successful exploitation of these vulnerabilities may allow an attacker to impact the availability of the... |
| CVE-2022-23687 | 2022-09-06 | Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Successful exploitation of these vulnerabilities may allow an attacker to impact the availability of the... |
| CVE-2022-33177 | 2022-09-06 | WordPress Booking Calendar plugin <= 9.2.1 - Cross-Site Request Forgery (CSRF) vulnerabiulity |
| CVE-2022-36425 | 2022-09-06 | WordPress Beaver Builder plugin <= 2.5.4.3 - Broken Access Control vulnerability |
| CVE-2022-34656 | 2022-09-06 | WordPress Poll, Survey, Questionnaire and Voting system plugin <= 1.7.4 - Authenticated Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-23688 | 2022-09-06 | Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Successful exploitation of these vulnerabilities may allow an attacker to impact the availability of the... |
| CVE-2022-23690 | 2022-09-06 | A vulnerability in the web-based management interface of AOS-CX could allow a remote unauthenticated attacker to fingerprint the exact version AOS-CX running on the switch. This allows an attacker to... |
| CVE-2022-23691 | 2022-09-06 | A vulnerability exists in certain AOS-CX switch models which could allow an attacker with access to the recovery console to bypass normal authentication. A successful exploit allows an attacker to... |
| CVE-2022-1628 | 2022-09-06 | Simple SEO <= 1.7.91 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2022-2233 | 2022-09-06 | The Banner Cycler plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.4. This is due to missing nonce protection on the pabc_admin_slides_postback() function... |
| CVE-2022-23689 | 2022-09-06 | Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Successful exploitation of these vulnerabilities may allow an attacker to impact the availability of the... |
| CVE-2022-2429 | 2022-09-06 | Ultimate SMS Notifications for WooCommerce <= 1.4.1 - CSV Injection |
| CVE-2022-2430 | 2022-09-06 | Visual Composer Website Builder <= 45.0 - Authenticated Stored Cross-Site Scripting via 'Text Block' |
| CVE-2022-2431 | 2022-09-06 | Download Manager <= 3.2.50 - Authenticated (Contributor+) Arbitrary File Deletion |
| CVE-2022-2432 | 2022-09-06 | Ecwid Ecommerce Shopping Cart <= 6.10.23 - Cross-Site Request Forgery to Settings/Options Update |
| CVE-2022-2433 | 2022-09-06 | WordPress Infinite Scroll – Ajax Load More <= 5.5.3 - Cross-Site Request Forgery to PHAR Deserialization |
| CVE-2022-2442 | 2022-09-06 | The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to deserialization of untrusted input via the 'path' parameter in versions up to, and including 0.9.74. This makes it... |
| CVE-2022-2462 | 2022-09-06 | The Transposh WordPress Translation plugin for WordPress is vulnerable to sensitive information disclosure to unauthenticated users in versions up to, and including, 1.0.8.1. This is due to insufficient permissions checking... |
| CVE-2022-2434 | 2022-09-06 | The String Locator plugin for WordPress is vulnerable to deserialization of untrusted input via the 'string-locator-path' parameter in versions up to, and including 2.5.0. This makes it possible for unauthenticated... |
| CVE-2022-2436 | 2022-09-06 | The Download Manager plugin for WordPress is vulnerable to deserialization of untrusted input via the 'file[package_dir]' parameter in versions up to, and including 3.2.49. This makes it possible for authenticated... |
| CVE-2022-2438 | 2022-09-06 | The Broken Link Checker plugin for WordPress is vulnerable to deserialization of untrusted input via the '$log_file' value in versions up to, and including 1.11.16. This makes it possible for... |
| CVE-2022-2461 | 2022-09-06 | The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.8.1. This is due to insufficient permissions checking... |
| CVE-2022-2473 | 2022-09-06 | The WP-UserOnline plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘templates[browsingpage][text]' parameter in versions up to, and including, 2.87.6 due to insufficient input sanitization and output escaping.... |
| CVE-2022-2515 | 2022-09-06 | The Simple Banner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `pro_version_activation_code` parameter in versions up to, and including, 2.11.0 due to insufficient input sanitization and output... |
| CVE-2022-2516 | 2022-09-06 | Visual Composer Website Builder <= 45.0 - Authenticated Stored Cross-Site Scripting via 'Title' |
| CVE-2022-2517 | 2022-09-06 | Beaver Builder – WordPress Page Builder <= 2.5.5.2 - Authenticated Stored Cross-Site Scripting via Caption - On Hover |
| CVE-2022-2518 | 2022-09-06 | The Stockists Manager for Woocommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.2.1. This is due to missing nonce validation on the... |
| CVE-2022-2540 | 2022-09-06 | The Link Optimizer Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery to Cross-Site Scripting in versions up to, and including 1.4.5. This is due to missing nonce validation... |
| CVE-2022-2633 | 2022-09-06 | The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file downloads and blind server-side request forgery via the 'dl' parameter found in the ~/public/video.php file in versions up... |
| CVE-2022-2717 | 2022-09-06 | The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter on the joomsport-events-form page in versions... |
| CVE-2022-2541 | 2022-09-06 | The uContext for Amazon plugin for WordPress is vulnerable to Cross-Site Request Forgery to Cross-Site Scripting in versions up to, and including 3.9.1. This is due to missing nonce validation... |
| CVE-2022-2542 | 2022-09-06 | The uContext for Clickbank plugin for WordPress is vulnerable to Cross-Site Request Forgery to Cross-Site Scripting in versions up to, and including 3.9.1. This is due to missing nonce validation... |
| CVE-2022-2695 | 2022-09-06 | Beaver Builder – WordPress Page Builder <= 2.5.5.2 - Authenticated Stored Cross-Site Scripting via 'caption' |
| CVE-2022-2718 | 2022-09-06 | The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter on the joomsport-page-extrafields page in versions... |
| CVE-2022-2716 | 2022-09-06 | Beaver Builder – WordPress Page Builder <= 2.5.5.2 - Authenticated Stored Cross-Site Scripting via Text Editor |
| CVE-2022-2934 | 2022-09-06 | Beaver Builder – WordPress Page Builder <= 2.5.5.2 - Authenticated Stored Cross-Site Scripting via Image URL |
| CVE-2022-2936 | 2022-09-06 | Image Hover Effects Ultimate <= 9.7.3 - Authenticated Stored Cross-Site Scripting via Video Link |
| CVE-2022-2941 | 2022-09-06 | The WP-UserOnline plugin for WordPress has multiple Stored Cross-Site Scripting vulnerabilities in versions up to, and including 2.88.0. This is due to the fact that all fields in the "Naming... |
| CVE-2022-2945 | 2022-09-06 | The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 5.5.3 via the 'type' parameter found in the... |
| CVE-2022-2935 | 2022-09-06 | Image Hover Effects Ultimate <= 9.7.3 - Authenticated Stored Cross-Site Scripting via Media URL |
| CVE-2022-2939 | 2022-09-06 | WP Cerber Security <= 9.0 - User Enumeration Bypass |
| CVE-2022-3026 | 2022-09-06 | The WP Users Exporter plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.4.2 via the 'Export Users' functionality. This makes it possible for authenticated... |
| CVE-2022-2943 | 2022-09-06 | The WordPress Infinite Scroll – Ajax Load More plugin for Wordpress is vulnerable to arbitrary file reading in versions up to, and including, 5.5.3 due to insufficient file path validation... |
| CVE-2022-26447 | 2022-09-06 | In BT firmware, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed.... |
| CVE-2022-26448 | 2022-09-06 | In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2022-26449 | 2022-09-06 | In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2022-26450 | 2022-09-06 | In apusys, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is... |
| CVE-2022-28884 | 2022-09-06 | Denial-of-Service (DoS) Vulnerability |
| CVE-2022-26451 | 2022-09-06 | In ged, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not... |
| CVE-2022-26453 | 2022-09-06 | In teei, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is... |
| CVE-2022-26454 | 2022-09-06 | In teei, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not... |
| CVE-2022-26455 | 2022-09-06 | In gz, there is a possible memory corruption due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not... |
| CVE-2022-26456 | 2022-09-06 | In vow, there is a possible information disclosure due to a symbolic link following. This could lead to local information disclosure with System execution privileges needed. User interaction is not... |
| CVE-2022-26457 | 2022-09-06 | In vow, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2022-26458 | 2022-09-06 | In vow, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2022-26459 | 2022-09-06 | In vow, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is... |
| CVE-2022-26460 | 2022-09-06 | In vow, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2022-26461 | 2022-09-06 | In vow, there is a possible undefined behavior due to an API misuse. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not... |
| CVE-2022-26462 | 2022-09-06 | In vow, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction... |
| CVE-2022-26463 | 2022-09-06 | In vow, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction... |
| CVE-2022-26464 | 2022-09-06 | In vow, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |