CVE List - 2022 / September
Showing 501 - 600 of 2148 CVEs for September 2022 (Page 6 of 22)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-38068 | 2022-09-09 | WordPress Export Post Info plugin <= 1.1.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-38070 | 2022-09-09 | WordPress Pop-up plugin <= 1.1.5 - Privilege Escalation vulnerability |
| CVE-2022-35725 | 2022-09-09 | WordPress wp-forecast plugin <= 7.5 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-36422 | 2022-09-09 | WP-PostRatings plugin <= 1.89 - Rating increase/decrease via race condition |
| CVE-2022-36376 | 2022-09-09 | WordPress Rank Math SEO plugin <= 1.0.95 - Server-Side Request Forgery (SSRF) vulnerability |
| CVE-2022-36356 | 2022-09-09 | WordPress Culture Object plugin <= 4.0.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-40191 | 2022-09-09 | WordPress Contact Form By Mega Forms plugin <= 1.2.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-38144 | 2022-09-09 | WordPress wpForo Forum plugin <= 2.0.5 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-38093 | 2022-09-09 | WordPress All in One SEO plugin <= 4.2.3.1 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities |
| CVE-2022-38058 | 2022-09-09 | WordPress WP Shamsi plugin <= 4.1.1 - Authenticated Plugin Setting change vulnerability |
| CVE-2022-3077 | 2022-09-09 | A buffer overflow vulnerability was found in the Linux kernel... |
| CVE-2022-37405 | 2022-09-09 | WordPress Better Font Awesome plugin <= 2.0.1 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-37403 | 2022-09-09 | WordPress Add User Role plugin <= 0.0.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-37404 | 2022-09-09 | WordPress add2fav plugin <= 1.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-36793 | 2022-09-09 | WordPress WP Shop plugin <= 3.9.6 - Unauthenticated Plugin Settings Change & Data Deletion vulnerabilities |
| CVE-2022-37412 | 2022-09-09 | WordPress Better Delete Revision plugin <= 1.6.1 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-38067 | 2022-09-09 | WordPress Event Calendar – Calendar plugin <= 1.4.6 - Unauthenticated Event Deletion vulnerability |
| CVE-2022-35277 | 2022-09-09 | WordPress GetResponse plugin <= 5.5.20 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-37411 | 2022-09-09 | WordPress Captcha Code plugin <= 2.7 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-35275 | 2022-09-09 | WordPress Advanced Order Export For WooCommerce plugin <= 3.3.1 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-36423 | 2022-09-09 | Incorrect configuration of the cJSON library lead a Stack overflow vulnerability during recursive parsing. LAN attackers can lead a DoS attack to all network devices. |
| CVE-2022-38064 | 2022-09-09 | windowmanager in window subsystem has a permission bypass vulnerability. Local attackers can bypass permission control and get sensitive information. |
| CVE-2022-38700 | 2022-09-09 | multimedia subsystem has a permission bypass vulnerability. LAN attackers can bypass permission control and get control of camera service. |
| CVE-2022-38081 | 2022-09-09 | Tokensync in security subsystem has a permission bypass vulnerability. LAN attackers can bypass the distributed permission control.To take advantage of this weakness, attackers need another vulnerability to obtain system. |
| CVE-2022-36877 | 2022-09-09 | Exposure of Sensitive Information in FaqSymptomCardViewModel in Samsung Members prior... |
| CVE-2022-36878 | 2022-09-09 | Exposure of Sensitive Information in Find My Mobile prior to... |
| CVE-2022-39844 | 2022-09-09 | Improper validation of integrity check vulnerability in Smart Switch PC... |
| CVE-2022-39845 | 2022-09-09 | Improper validation of integrity check vulnerability in Samsung Kies prior... |
| CVE-2022-39846 | 2022-09-09 | DLL hijacking vulnerability in Smart Switch PC prior to version... |
| CVE-2022-38701 | 2022-09-09 | IPC in communication subsystem has a heap overflow vulnerability. Local attackers can trigger a heap overflow and get network sensitive information. |
| CVE-2022-36841 | 2022-09-09 | A heap-based overflow vulnerability in PrepareRecogLibrary_Part function in libSDKRecognitionText.spensdk.samsung.so library... |
| CVE-2022-36845 | 2022-09-09 | A heap-based overflow vulnerability in MHW_RECOG_LIB_INFO function in libSDKRecognitionText.spensdk.samsung.so library... |
| CVE-2022-36847 | 2022-09-09 | Use after free vulnerability in mtp_send_signal function of MTP driver... |
| CVE-2022-36849 | 2022-09-09 | Use after free vulnerability in sdp_mm_set_process_sensitive function of sdpmm driver... |
| CVE-2022-36859 | 2022-09-09 | Improper input validation vulnerability in SmartTagPlugin prior to version 1.2.21-6... |
| CVE-2022-36876 | 2022-09-09 | Improper authorization in UPI payment in Samsung Pass prior to... |
| CVE-2022-36842 | 2022-09-09 | A heap-based overflow vulnerability in prepareRecogLibrary function in libSDKRecognitionText.spensdk.samsung.so library... |
| CVE-2022-36843 | 2022-09-09 | A heap-based overflow vulnerability in MHW_RECOG_LIB_INFO function in libSDKRecognitionText.spensdk.samsung.so library... |
| CVE-2022-36844 | 2022-09-09 | A heap-based overflow vulnerability in HWR::EngJudgeModel::Construct() in libSDKRecognitionText.spensdk.samsung.so library prior... |
| CVE-2022-36846 | 2022-09-09 | A heap-based overflow vulnerability in ConstructDictionary function in libSDKRecognitionText.spensdk.samsung.so library... |
| CVE-2022-36860 | 2022-09-09 | A heap-based overflow vulnerability in LoadEnvironment function in libSDKRecognitionText.spensdk.samsung.so library... |
| CVE-2022-36862 | 2022-09-09 | A heap-based overflow vulnerability in HWR::EngineCJK::Impl::Construct() in libSDKRecognitionText.spensdk.samsung.so library prior... |
| CVE-2022-36863 | 2022-09-09 | A heap-based overflow vulnerability in GetCorrectDbLanguageTypeEsPKc function in libSDKRecognitionText.spensdk.samsung.so library... |
| CVE-2022-36854 | 2022-09-09 | Out of bound read in libapexjni.media.samsung.so prior to SMR Sep-2022... |
| CVE-2022-36858 | 2022-09-09 | A heap-based overflow vulnerability in GetCorrectDbLanguageTypeEsPKc() function in libSDKRecognitionText.spensdk.samsung.so library... |
| CVE-2022-36874 | 2022-09-09 | Improper Handling of Insufficient Permissions or Privileges vulnerability in Waterplugin... |
| CVE-2022-36875 | 2022-09-09 | Improper restriction of broadcasting Intent in SaWebViewRelayActivity of?Waterplugin prior to... |
| CVE-2022-36870 | 2022-09-09 | Pending Intent hijacking vulnerability in MTransferNotificationManager in Samsung Pay prior... |
| CVE-2022-36871 | 2022-09-09 | Pending Intent hijacking vulnerability in NotiCenterUtils in Samsung Pay prior... |
| CVE-2022-36873 | 2022-09-09 | Improper restriction of broadcasting Intent in GalaxyStoreBridgePageLinker of?Waterplugin prior to... |
| CVE-2022-36848 | 2022-09-09 | Improper Authorization vulnerability in setDualDARPolicyCmd prior to SMR Sep-2022 Release... |
| CVE-2022-36872 | 2022-09-09 | Pending Intent hijacking vulnerability in SpayNotification in Samsung Pay prior... |
| CVE-2022-36852 | 2022-09-09 | Improper Authorization vulnerability in Video Editor prior to SMR Sep-2022... |
| CVE-2022-36853 | 2022-09-09 | Intent redirection in Photo Editor prior to SMR Sep-2022 Release... |
| CVE-2022-36856 | 2022-09-09 | Improper access control vulnerability in Telecom application prior to SMR... |
| CVE-2022-36861 | 2022-09-09 | Custom permission misuse vulnerability in SystemUI prior to SMR Sep-2022... |
| CVE-2022-36850 | 2022-09-09 | Path traversal vulnerability in CallBGProvider prior to SMR Sep-2022 Release... |
| CVE-2022-36857 | 2022-09-09 | Improper Authorization vulnerability in Photo Editor prior to SMR Sep-2022... |
| CVE-2022-36865 | 2022-09-09 | Improper access control in Group Sharing prior to versions 13.0.6.15... |
| CVE-2022-36866 | 2022-09-09 | Improper access control vulnerability in Broadcaster in Group Sharing prior... |
| CVE-2022-36867 | 2022-09-09 | Improper access control vulnerability in Editor Lite prior to version... |
| CVE-2022-36851 | 2022-09-09 | Improper access control vulnerability in Samsung pass prior to version... |
| CVE-2022-36855 | 2022-09-09 | A use after free vulnerability in iva_ctl driver prior to... |
| CVE-2022-36864 | 2022-09-09 | Improper access control and intent redirection in Samsung Email prior... |
| CVE-2022-36869 | 2022-09-09 | Improper access control vulnerability in ContactsDumpActivity of?Contacts Provider prior to... |
| CVE-2022-26394 | 2022-09-09 | Unauthenticated network reconfiguration via TCP/UDP |
| CVE-2022-26392 | 2022-09-09 | Format String vulnerability |
| CVE-2022-26390 | 2022-09-09 | Unencrypted internal storage of security credentials |
| CVE-2022-26393 | 2022-09-09 | Format String vulnerability |
| CVE-2022-37407 | 2022-09-09 | WordPress Gallery PhotoBlocks plugin <= 1.2.6 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities |
| CVE-2022-37335 | 2022-09-09 | WordPress Word Search Puzzles game plugin <= 2.0.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-36617 | 2022-09-09 | Arq Backup 7.19.5.0 and below stores backup encryption passwords using... |
| CVE-2022-38613 | 2022-09-09 | A Path Traversal vulnerability in SmartVista Cardgen v3.28.0 allows authenticated... |
| CVE-2022-28741 | 2022-09-09 | aEnrich a+HRD 5.x Learning Management Key Performance Indicator System has... |
| CVE-2022-28742 | 2022-09-09 | aEnrich eHRD Learning Management Key Performance Indicator System 5+ has... |
| CVE-2022-28740 | 2022-09-09 | aEnrich eHRD Learning Management Key Performance Indicator System 5+ exposes... |
| CVE-2022-34165 | 2022-09-09 | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and... |
| CVE-2022-38615 | 2022-09-09 | SmartVista SVFE2 v2.2.22 was discovered to contain multiple SQL injection... |
| CVE-2022-38614 | 2022-09-09 | An issue in the IGB Files and OutfileService features of... |
| CVE-2022-39809 | 2022-09-09 | An issue was discovered in WSO2 Enterprise Integrator 6.4.0. A... |
| CVE-2022-39810 | 2022-09-09 | An issue was discovered in WSO2 Enterprise Integrator 6.4.0. A... |
| CVE-2022-40317 | 2022-09-09 | OpenKM 6.3.11 allows stored XSS related to the javascript: substring... |
| CVE-2022-36109 | 2022-09-09 | Moby vulnerability relating to supplementary group permissions |
| CVE-2022-3133 | 2022-09-09 | OS Command Injection in jgraph/drawio |
| CVE-2021-40647 | 2022-09-09 | In man2html 1.6g, a specific string being read in from... |
| CVE-2021-40648 | 2022-09-09 | In man2html 1.6g, a filename can be created to overwrite... |
| CVE-2021-44835 | 2022-09-09 | An issue was discovered in Active Intelligent Visualization 5. The... |
| CVE-2022-38639 | 2022-09-09 | A cross-site scripting (XSS) vulnerability in Markdown-Nice v1.8.22 allows attackers... |
| CVE-2022-31006 | 2022-09-09 | Hyperledger Indy DOS vulnerability |
| CVE-2022-36110 | 2022-09-09 | Netmaker vulnerable to Insufficient Granularity of Access Control |
| CVE-2022-38638 | 2022-09-09 | Casdoor v1.97.3 was discovered to contain an arbitrary file write... |
| CVE-2022-40320 | 2022-09-09 | cfg_tilde_expand in confuse.c in libConfuse 3.3 has a heap-based buffer... |
| CVE-2021-37819 | 2022-09-09 | PDF Labs pdftk-java v3.2.3 was discovered to contain an infinite... |
| CVE-2022-39135 | 2022-09-11 | Apache Calcite: potential XEE attacks |
| CVE-2022-26049 | 2022-09-11 | Arbitrary File Write via Archive Extraction (Zip Slip) |
| CVE-2022-25295 | 2022-09-11 | Open Redirect |
| CVE-2022-40322 | 2022-09-11 | SysAid Help Desk before 22.1.65 allows XSS, aka FR# 66542... |
| CVE-2022-40323 | 2022-09-11 | SysAid Help Desk before 22.1.65 allows XSS in the Password... |
| CVE-2022-40324 | 2022-09-11 | SysAid Help Desk before 22.1.65 allows XSS via the Linked... |
| CVE-2022-40325 | 2022-09-11 | SysAid Help Desk before 22.1.65 allows XSS via the Asset... |