CVE List - 2022 / September
Showing 301 - 400 of 2148 CVEs for September 2022 (Page 4 of 22)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-26465 | 2022-09-06 | In audio ipi, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed.... |
| CVE-2022-26466 | 2022-09-06 | In audio ipi, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2022-26467 | 2022-09-06 | In rpmb, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2022-26468 | 2022-09-06 | In preloader (usb), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an attacker who has... |
| CVE-2022-26469 | 2022-09-06 | In MtkEmail, there is a possible escalation of privilege due to fragment injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is... |
| CVE-2022-26470 | 2022-09-06 | In aie, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2022-27664 | 2022-09-06 | In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by... |
| CVE-2022-32264 | 2022-09-06 | sys/netinet/tcp_timer.h in FreeBSD before 7.0 contains a denial-of-service (DoS) vulnerability due to improper handling of TSopt on TCP connections. NOTE: This vulnerability only affects products that are no longer supported... |
| CVE-2022-31860 | 2022-09-06 | An issue was discovered in OpenRemote through 1.0.4 allows attackers to execute arbitrary code via a crafted Groovy rule. |
| CVE-2022-31790 | 2022-09-06 | WatchGuard Firebox and XTM appliances allow an unauthenticated remote attacker to retrieve sensitive authentication server settings by sending a malicious request to exposed authentication endpoints. This is fixed in Fireware... |
| CVE-2022-36670 | 2022-09-06 | PCProtect Endpoint prior to v5.17.470 for Microsoft Windows lacks tamper protection, allowing authenticated attackers with Administrator privileges to modify processes within the application and escalate privileges to SYSTEM via a... |
| CVE-2022-37771 | 2022-09-06 | IObit Malware Fighter v9.2 for Microsoft Windows lacks tamper protection, allowing authenticated attackers with Administrator privileges to modify processes within the application and escalate privileges to SYSTEM via a crafted... |
| CVE-2020-21516 | 2022-09-06 | There is an arbitrary file upload vulnerability in FeehiCMS 2.0.8 at the head image upload, that allows attackers to execute relevant PHP code. |
| CVE-2022-35931 | 2022-09-06 | Nextcloud Password Policy's generated passwords are not fully validated by HIBPValidator |
| CVE-2022-31789 | 2022-09-06 | An integer overflow in WatchGuard Firebox and XTM appliances allows an unauthenticated remote attacker to trigger a buffer overflow and potentially execute arbitrary code by sending a malicious request to... |
| CVE-2022-36032 | 2022-09-06 | ReactPHP's HTTP server parses encoded cookie names so malicious `__Host-` and `__Secure-` cookies can be sent |
| CVE-2022-31792 | 2022-09-06 | A stored cross-site scripting (XSS) vulnerability exists in the management web interface of WatchGuard Firebox and XTM appliances. A remote attacker can potentially execute arbitrary JavaScript code in the management... |
| CVE-2022-31791 | 2022-09-06 | WatchGuard Firebox and XTM appliances allow a local attacker (that has already obtained shell access) to elevate their privileges and execute code with root permissions. This is fixed in Fireware... |
| CVE-2022-36038 | 2022-09-06 | CircuitVerse potential RCE vulnerability via Oj.load |
| CVE-2022-36039 | 2022-09-06 | Out-of-bounds write when parsing DEX files in Rizin |
| CVE-2022-37185 | 2022-09-06 | SQL injection vulnerability exists in the school information query interface (repschoolproj.php) of the EMS 6.2 system of the Office of the Thai Basic Education Commission, which can lead to data... |
| CVE-2022-36057 | 2022-09-06 | Discourse-Chat Cross-Site Scripting issue for channel names and descriptions |
| CVE-2022-37253 | 2022-09-06 | Persistent cross-site scripting (XSS) in Crime Reporting System 1.0 allows a remote attacker to introduce arbitary Javascript via manipulation of an unsanitized POST parameter |
| CVE-2022-36058 | 2022-09-06 | elrond-go MultiESDTNFTTransfer call on a SC address with missing function name |
| CVE-2022-26858 | 2022-09-06 | Dell BIOS versions contain an Improper Authentication vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability by sending malicious input to an SMI in order to bypass security... |
| CVE-2022-26859 | 2022-09-06 | Dell BIOS contains a race condition vulnerability. A local attacker could exploit this vulnerability by sending malicious input via SMI in order to bypass security checks during SMM. |
| CVE-2022-26860 | 2022-09-06 | Dell BIOS versions contain a stack-based buffer overflow vulnerability. A local attacker could exploit this vulnerability by sending malicious input via SMI to bypass security checks resulting in arbitrary code... |
| CVE-2022-26861 | 2022-09-06 | Dell BIOS versions contain an Insecure Automated Optimization vulnerability. A local authenticated malicious user could exploit this vulnerability by sending malicious input via SMI to obtain arbitrary code execution during... |
| CVE-2022-38176 | 2022-09-06 | An issue was discovered in YSoft SAFEQ 6 before 6.0.72. Incorrect privileges were configured as part of the installer package for the Client V3 services, allowing for local user privilege... |
| CVE-2022-36061 | 2022-09-06 | Elrond go can execute on same context checks in VM |
| CVE-2022-36663 | 2022-09-06 | Gluu Oxauth before v4.4.1 allows attackers to execute blind SSRF (Server-Side Request Forgery) attacks via a crafted request_uri parameter. |
| CVE-2022-36072 | 2022-09-06 | SilverwareGames.io used == for hashing instead of === |
| CVE-2022-36064 | 2022-09-06 | Shescape Inefficient Regular Expression Complexity vulnerability |
| CVE-2022-35913 | 2022-09-06 | Samourai Wallet Stonewallx2 0.99.98e allows a denial of service via a P2P coinjoin. The attacker and victim must follow each other's paynym. Then, the victim must try to collaborate with... |
| CVE-2022-36065 | 2022-09-06 | GrowthBook account creation and file upload vulnerability in self-hosted configurations |
| CVE-2022-38528 | 2022-09-06 | Open Asset Import Library (assimp) commit 3c253ca was discovered to contain a segmentation violation via the component Assimp::XFileImporter::CreateMeshes. |
| CVE-2022-38529 | 2022-09-06 | tinyexr commit 0647fb3 was discovered to contain a heap-buffer overflow via the component rleUncompress. |
| CVE-2022-1368 | 2022-09-06 | Cognex 3D-A1000 Dimensioning System Missing Authentication for Critical Function |
| CVE-2022-1522 | 2022-09-06 | Cognex 3D-A1000 Dimensioning System Improper Output Neutralization for Logs |
| CVE-2022-1525 | 2022-09-06 | Cognex 3D-A1000 Dimensioning System Client-Side Enforcement of Server-Side Security |
| CVE-2022-36387 | 2022-09-06 | WordPress About Me plugin <= 1.0.12 - Broken Access Control vulnerability |
| CVE-2022-37344 | 2022-09-06 | WordPress Accommodation System plugin <= 1.0.1 - Missing Access Control vulnerability |
| CVE-2022-36427 | 2022-09-06 | WordPress About Rentals plugin <= 1.5 - Missing Access Control vulnerability |
| CVE-2022-40023 | 2022-09-07 | Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. This also affects babelplugin and linguaplugin. |
| CVE-2021-36782 | 2022-09-07 | Rancher: Plaintext storage and exposure of credentials in Rancher API and cluster.management.cattle.io object |
| CVE-2021-36783 | 2022-09-07 | Rancher: Failure to properly sanitize credentials in cluster template answers |
| CVE-2022-31247 | 2022-09-07 | Rancher: Downstream cluster privilege escalation through cluster and project role template binding (CRTB/PRTB) |
| CVE-2022-21950 | 2022-09-07 | canna: unsafe handling of /tmp/.iroha_unix directory |
| CVE-2022-31251 | 2022-09-07 | slurm: %post for slurm-testsuite operates as root in user owned directory |
| CVE-2022-37189 | 2022-09-07 | DDMAL MEI2Volpiano 0.8.2 is vulnerable to XML External Entity (XXE), leading to a Denial of Service. This occurs due to the usage of the unsafe 'xml.etree' library to parse untrusted... |
| CVE-2022-37108 | 2022-09-07 | An injection vulnerability in the syslog-ng configuration wizard in Securonix Snypr 6.4 allows an application user with the "Manage Ingesters" permission to execute arbitrary code on remote ingesters by appending... |
| CVE-2022-36271 | 2022-09-07 | Outbyte PC Repair Installation File 1.7.112.7856 is vulnerable to Dll Hijacking. iertutil.dll is missing so an attacker can use a malicious dll with same name and can get admin privileges. |
| CVE-2022-31149 | 2022-09-07 | ActivityWatch vulnerable to DNS rebinding attack |
| CVE-2022-35513 | 2022-09-07 | The Blink1Control2 application <= 2.2.7 uses weak password encryption and an insecure method of storage. |
| CVE-2022-31167 | 2022-09-07 | XWiki Platform Security Parent POM vulnerable to overwriting of security rules of a page with a final page having the same reference |
| CVE-2022-31166 | 2022-09-07 | XWiki.WebHome vulnerable to Improper Privilege Management in XWiki resolving groups |
| CVE-2022-3152 | 2022-09-07 | Unverified Password Change in phpfusion/phpfusion |
| CVE-2022-37730 | 2022-09-07 | In ftcms 2.1, there is a Cross Site Request Forgery (CSRF) vulnerability in the PHP page, which causes the attacker to forge a link to trick him to click on... |
| CVE-2022-37731 | 2022-09-07 | ftcms 2.1 poster.PHP has a XSS vulnerability. The attacker inserts malicious JavaScript code into the web page, causing the user / administrator to trigger malicious code when accessing. |
| CVE-2022-36539 | 2022-09-07 | WeDayCare B.V Ouderapp before v1.1.22 allows attackers to alter the ID value within intercepted calls to gain access to data of other parents and children. |
| CVE-2022-37780 | 2022-09-07 | Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers V3.0.1.17 were discovered to contain a remote command execution (RCE) vulnerability via the pingAddr parameter of the tracert function. |
| CVE-2022-36659 | 2022-09-07 | xhyve commit dfbe09b was discovered to contain a NULL pointer dereference via the component vi_pci_write(). This vulnerability allows attackers to cause a Denial of Service via unspecified vectors. |
| CVE-2022-36660 | 2022-09-07 | xhyve commit dfbe09b was discovered to contain a stack buffer overflow via the component pci_vtrnd_notify(). |
| CVE-2022-36661 | 2022-09-07 | xhyve commit dfbe09b was discovered to contain a NULL pointer dereference via the component vi_pci_read(). This vulnerability allows attackers to cause a Denial of Service via unspecified vectors. |
| CVE-2022-36587 | 2022-09-07 | In Tenda G3 US_G3V3.0br_V15.11.0.6(7663)_EN_TDE, there is a buffer overflow vulnerability caused by sprintf in function in the httpd binary. |
| CVE-2022-31414 | 2022-09-07 | D-Link DIR-1960 firmware DIR-1960_A1_1.11 was discovered to contain a buffer overflow via srtcat in prog.cgi. This vulnerability allowed attackers to cause a Denial of Service (DoS) via a crafted HTTP... |
| CVE-2022-30312 | 2022-09-07 | The Trend Controls IC protocol through 2022-05-06 allows Cleartext Transmission of Sensitive Information. According to FSCT-2022-0050, there is a Trend Controls Inter-Controller (IC) protocol cleartext transmission of credentials issue. The... |
| CVE-2022-1807 | 2022-09-07 | Multiple SQLi vulnerabilities in Webadmin allow for privilege escalation from admin to super-admin in Sophos Firewall older than version 18.5 MR4 and version 19.0 MR1. |
| CVE-2022-30078 | 2022-09-07 | NETGEAR R6200_V2 firmware versions through R6200v2-V1.0.3.12_10.1.11 and R6300_V2 firmware versions through R6300v2-V1.0.4.52_10.0.93 allow remote authenticated attackers to execute arbitrary command via shell metacharacters in the ipv6_fix.cgi ipv6_wan_ipaddr, ipv6_lan_ipaddr, ipv6_wan_length, or... |
| CVE-2022-36070 | 2022-09-07 | Poetry's Untrusted Search Path can lead to Local Code Execution on Windows |
| CVE-2022-36069 | 2022-09-07 | Poetry Argument Injection vulnerability can lead to local Code Execution |
| CVE-2022-38314 | 2022-09-07 | Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to contain a stack overflow via the urls parameter at /goform/saveParentControlInfo. |
| CVE-2022-38309 | 2022-09-07 | Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to contain a stack overflow via the list parameter at /goform/SetVirtualServerCfg. |
| CVE-2022-38310 | 2022-09-07 | Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to contain a stack overflow via the list parameter at /goform/SetStaticRouteCfg. |
| CVE-2022-38311 | 2022-09-07 | Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to contain a stack overflow via the time parameter at /goform/PowerSaveSet. |
| CVE-2022-38312 | 2022-09-07 | Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to contain a stack overflow via the list parameter at /goform/SetIpMacBind. |
| CVE-2022-38313 | 2022-09-07 | Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to contain a stack overflow via the time parameter at /goform/saveParentControlInfo. |
| CVE-2022-36073 | 2022-09-07 | RubyGems allows creation of users with arbitrary unverified emails |
| CVE-2022-3129 | 2022-09-07 | codeprojects Online Driving School registration.php unrestricted upload |
| CVE-2022-3130 | 2022-09-07 | codeprojects Online Driving School login.php sql injection |
| CVE-2022-36049 | 2022-09-07 | Flux2 Helm Controller denial of service |
| CVE-2022-36079 | 2022-09-07 | Parse Server vulnerable to brute force guessing of user sensitive data via search patterns |
| CVE-2022-36081 | 2022-09-07 | Wikmd vulnerable to Local File Enumeration when accessing /list |
| CVE-2022-36080 | 2022-09-07 | Wikmd Cross-site Scripting vulnerability |
| CVE-2022-38254 | 2022-09-07 | Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5. |
| CVE-2022-38251 | 2022-09-07 | Nagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS) vulnerability via the System Performance Settings page under the Admin panel. |
| CVE-2022-38249 | 2022-09-07 | Nagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS) vulnerability via the MTR component in version 1.0.4. |
| CVE-2022-38250 | 2022-09-07 | Nagios XI v5.8.6 was discovered to contain a SQL injection vulnerability via the mib_name parameter at the Manage MIBs page. |
| CVE-2022-38248 | 2022-09-07 | Nagios XI before v5.8.7 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at auditlog.php. |
| CVE-2022-38247 | 2022-09-07 | Nagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS) vulnerability via the System Settings page under the Admin panel. |
| CVE-2020-19914 | 2022-09-07 | Cross Site Scripting (XSS) in xiunobbs 4.0.4 allows remote attackers to execute arbitrary web script or HTML via the attachment upload function. |
| CVE-2022-36082 | 2022-09-07 | mangadex-downloader vulnerable to unauthorized file reading |
| CVE-2022-36083 | 2022-09-07 | JOSE vulnerable to resource exhaustion via specifically crafted JWE |
| CVE-2022-36086 | 2022-09-07 | linked_list_allocator vulnerable to out-of-bound writes on `Heap` initialization and `Heap::extend` |
| CVE-2022-36088 | 2022-09-07 | GoCD Windows installations outside default location inadequately restrict installation file permissions |
| CVE-2022-36585 | 2022-09-07 | In Tenda G3 US_G3V3.0br_V15.11.0.6(7663)_EN_TDE, in httpd binary, the addDhcpRule function has a buffer overflow caused by sscanf. |
| CVE-2022-36089 | 2022-09-07 | VelaUX APIServer vulnerable to Authentication Bypass by Capture-replay |
| CVE-2022-37778 | 2022-09-07 | Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers V3.0.1.17 were discovered to contain a remote command execution (RCE) vulnerability via the current_time parameter of the time function. |
| CVE-2022-37777 | 2022-09-07 | Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers 3.0.1.17 and earlier were discovered to contain a remote command execution (RCE) vulnerability via the trHops parameter of the tracert... |
| CVE-2022-38531 | 2022-09-07 | FPT G-97RG6M R4.2.98.035 and G-97RG3 R4.2.43.078 are vulnerable to Remote Command Execution in the ping function. |