CVE List - 2022 / September
Showing 601 - 700 of 2148 CVEs for September 2022 (Page 7 of 22)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-37796 | 2022-09-11 | In Simple Online Book Store System 1.0 in /admin_book.php the Title, Author, and Description parameters are vulnerable to Cross Site Scripting(XSS). |
| CVE-2022-37767 | 2022-09-12 | Pebble Templates 3.1.5 allows attackers to bypass a protection mechanism and implement arbitrary code execution with springbok. NOTE: the vendor disputes this because input to the Pebble templating engine is... |
| CVE-2022-37797 | 2022-09-12 | In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is received. It leads to null pointer dereference which crashes the server.... |
| CVE-2022-38972 | 2022-09-12 | Cross-site scripting vulnerability in Movable Type plugin A-Form versions prior to 4.1.1 (for Movable Type 7 Series) and versions prior to 3.9.1 (for Movable Type 6 Series) allows a remote... |
| CVE-2022-36254 | 2022-09-12 | Multiple persistent cross-site scripting (XSS) vulnerabilities in index.php in tramyardg Hotel Management System 1.0 allow remote attackers to inject arbitrary web script or HTML via multiple parameters such as "fullname". |
| CVE-2022-36255 | 2022-09-12 | A SQL injection vulnerability in SupplierDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "searchTxt". |
| CVE-2022-36256 | 2022-09-12 | A SQL injection vulnerability in Stocks.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "productcode". |
| CVE-2022-36257 | 2022-09-12 | A SQL injection vulnerability in UserDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "users", "pass", etc. |
| CVE-2022-36258 | 2022-09-12 | A SQL injection vulnerability in CustomerDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "searchTxt". |
| CVE-2022-36259 | 2022-09-12 | A SQL injection vulnerability in ConnectionFactory.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "username", "password", etc. |
| CVE-2022-34108 | 2022-09-12 | An issue in the Feature Navigator of Micro-Star International MSI Feature Nagivator v1.0.1808.0901 allows attackers to cause a Denial of Service (DoS) via a crafted image or video file. |
| CVE-2022-34109 | 2022-09-12 | An issue in Micro-Star International MSI Feature Navigator v1.0.1808.0901 allows attackers to write arbitrary files to the directory \PromoPhoto\, regardless of file type or size. |
| CVE-2022-34110 | 2022-09-12 | An issue in Micro-Star International MSI Feature Navigator v1.0.1808.0901 allows attackers to download arbitrary files regardless of file type or size. |
| CVE-2022-37835 | 2022-09-12 | Torguard VPN 4.8, has a vulnerability that allows an attacker to dump sensitive information, such as credentials and information about the server, without admin privileges. |
| CVE-2022-37734 | 2022-09-12 | graphql-java before19.0 is vulnerable to Denial of Service. An attacker can send a malicious GraphQL query that consumes CPU resources. The fixed versions are 19.0 and later, 18.3, and 17.4,... |
| CVE-2022-3178 | 2022-09-12 | Buffer Over-read in gpac/gpac |
| CVE-2022-37860 | 2022-09-12 | The web configuration interface of the TP-Link M7350 V3 with firmware version 190531 is affected by a pre-authentication command injection vulnerability. |
| CVE-2022-37300 | 2022-09-12 | A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the controller when communicating over Modbus. Affected Products:... |
| CVE-2022-1700 | 2022-09-12 | Improper Restriction of XML External Entity Reference ('XXE') vulnerability in the Policy Engine of Forcepoint Data Loss Prevention (DLP), which is also leveraged by Forcepoint One Endpoint (F1E), Web Security... |
| CVE-2022-31220 | 2022-09-12 | Dell BIOS versions contain an Unchecked Return Value vulnerability. A local authenticated administrator user could potentially exploit this vulnerability in order to change the state of the system or cause... |
| CVE-2022-31221 | 2022-09-12 | Dell BIOS versions contain an Information Exposure vulnerability. A local authenticated administrator user could potentially exploit this vulnerability in order access sensitive state information on the system. |
| CVE-2022-31222 | 2022-09-12 | Dell BIOS versions contain a Missing Release of Resource after Effective Lifetime vulnerability. A local authenticated administrator user could potentially exploit this vulnerability by consuming excess memory in order to... |
| CVE-2022-31223 | 2022-09-12 | Dell BIOS versions contain an Improper Neutralization of Null Byte vulnerability. A local authenticated administrator user could potentially exploit this vulnerability by sending unexpected null bytes in order to read... |
| CVE-2022-31224 | 2022-09-12 | Dell BIOS versions contain an Improper Protection Against Voltage and Clock Glitches vulnerability. An attacker with physical access to the system could potentially exploit this vulnerability by triggering a fault... |
| CVE-2022-31225 | 2022-09-12 | Dell BIOS versions contain an Unchecked Return Value vulnerability. A local authenticated administrator user could potentially exploit this vulnerability in order to change the state of the system or cause... |
| CVE-2022-31226 | 2022-09-12 | Dell BIOS versions contain a Stack-based Buffer Overflow vulnerability. A local authenticated malicious user could potentially exploit this vulnerability by sending excess data to a function in order to gain... |
| CVE-2022-38135 | 2022-09-12 | WordPress Photospace Gallery plugin <= 2.3.5 - Broken Access Control vulnerability |
| CVE-2022-2979 | 2022-09-12 | Omron CX-Programmer |
| CVE-2022-29490 | 2022-09-12 | A vulnerability exists in the Workplace X WebUI in which an authenticated user is able to execute any MicroSCADA internal scripts irrespective of the authenticated user's role. |
| CVE-2022-36101 | 2022-09-12 | Sensitive data in backend customer module |
| CVE-2022-36102 | 2022-09-12 | Acess control list bypassed via crafted specific URLs |
| CVE-2022-38605 | 2022-09-12 | Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edit_event.php. |
| CVE-2022-38606 | 2022-09-12 | Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /garage/editcategory.php. |
| CVE-2022-38610 | 2022-09-12 | Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /garage/editclient.php. |
| CVE-2022-39200 | 2022-09-12 | Signature checks not applied to some retrieved missing events |
| CVE-2022-38291 | 2022-09-12 | SLiMS Senayan Library Management System v9.4.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Search function. This vulnerability allows attackers to execute arbitrary web scripts or HTML... |
| CVE-2022-38292 | 2022-09-12 | SLiMS Senayan Library Management System v9.4.2 was discovered to contain multiple Server-Side Request Forgeries via the components /bibliography/marcsru.php and /bibliography/z3950sru.php. |
| CVE-2022-38295 | 2022-09-12 | Cuppa CMS v1.0 was discovered to contain a cross-site scripting vulnerability at /table_manager/view/cu_user_groups. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into... |
| CVE-2022-38296 | 2022-09-12 | Cuppa CMS v1.0 was discovered to contain an arbitrary file upload vulnerability via the File Manager. |
| CVE-2021-44426 | 2022-09-12 | An issue was discovered in AnyDesk before 6.2.6 and 6.3.x before 6.3.5. An upload of an arbitrary file to a victim's local ~/Downloads/ directory is possible if the victim is... |
| CVE-2021-44425 | 2022-09-12 | An issue was discovered in AnyDesk before 6.2.6 and 6.3.x before 6.3.3. An unnecessarily open listening port on a machine in the LAN of an attacker, opened by the Anydesk... |
| CVE-2022-36174 | 2022-09-12 | FreshService Windows Agent < 2.11.0 and FreshService macOS Agent < 4.2.0 and FreshService Linux Agent < 3.3.0. are vulnerable to Broken integrity checking via the FreshAgent client and scheduled update... |
| CVE-2022-36173 | 2022-09-12 | FreshService macOS Agent < 4.4.0 and FreshServce Linux Agent < 3.4.0 are vulnerable to TLS Man-in-The-Middle via the FreshAgent client and scheduled update service. |
| CVE-2022-35572 | 2022-09-12 | On Linksys E5350 WiFi Router with firmware version 1.0.00.037 and lower, (and potentially other vendors/devices due to code reuse), the /SysInfo.htm URI does not require a session ID. This web... |
| CVE-2022-38298 | 2022-09-12 | Appsmith v1.7.11 was discovered to allow attackers to execute an authenticated Server-Side Request Forgery (SSRF) via redirecting incoming requests to the AWS internal metadata endpoint. |
| CVE-2022-38299 | 2022-09-12 | An issue in the Elasticsearch plugin of Appsmith v1.7.11 allows attackers to connect disallowed hosts to the AWS/GCP internal metadata endpoint. |
| CVE-2022-38297 | 2022-09-12 | UCMS v1.6.0 contains an authentication bypass vulnerability which is exploited via cookie poisoning. |
| CVE-2022-38302 | 2022-09-12 | Online Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /maintenance/manage_department.php. |
| CVE-2022-38303 | 2022-09-12 | Online Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /employees/manage_leave_type.php. |
| CVE-2022-38304 | 2022-09-12 | Online Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /maintenance/manage_leave_type.php. |
| CVE-2022-35295 | 2022-09-13 | In SAP Host Agent (SAPOSCOL) - version 7.22, an attacker may use files created by saposcol to escalate privileges for themselves. |
| CVE-2022-35823 | 2022-09-13 | Microsoft SharePoint Remote Code Execution Vulnerability |
| CVE-2022-35837 | 2022-09-13 | Windows Graphics Component Information Disclosure Vulnerability |
| CVE-2022-37011 | 2022-09-13 | A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions < V1.17.0), Mendix SAML (Mendix 8 compatible) (All versions < V2.3.0), Mendix SAML (Mendix 9 compatible, New... |
| CVE-2022-37956 | 2022-09-13 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2022-38013 | 2022-09-13 | .NET Core and Visual Studio Denial of Service Vulnerability |
| CVE-2022-38342 | 2022-09-13 | Safe Software FME Server v2021.2.5, v2022.0.0.2 and below was discovered to contain a XML External Entity (XXE) vulnerability which allows authenticated attackers to perform data exfiltration or Server-Side Request Forgery... |
| CVE-2022-38537 | 2022-09-13 | Archery v1.4.5 to v1.8.5 was discovered to contain multiple SQL injection vulnerabilities via the start_file, end_file, start_time, and stop_time parameters in the binlog2sql interface. |
| CVE-2022-38538 | 2022-09-13 | Archery v1.7.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the checksum parameter in the report module. |
| CVE-2022-38540 | 2022-09-13 | Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the ThreadIDs parameter in the create_kill_session interface. |
| CVE-2022-38541 | 2022-09-13 | Archery v1.8.3 to v1.8.5 was discovered to contain multiple SQL injection vulnerabilities via the start_time and stop_time parameters in the my2sql interface. |
| CVE-2022-3190 | 2022-09-13 | Infinite loop in the F5 Ethernet Trailer protocol dissector in Wireshark 3.6.0 to 3.6.7 and 3.4.0 to 3.4.15 allows denial of service via packet injection or crafted capture file |
| CVE-2022-37703 | 2022-09-13 | In Amanda 3.5.1, an information leak vulnerability was found in the calcsize SUID binary. An attacker can abuse this vulnerability to know if a directory exists or not anywhere in... |
| CVE-2022-38329 | 2022-09-13 | A CSRF vulnerability in Shopxian CMS 3.0.0 could allow an unauthenticated, remote attacker to craft a malicious link, potentially causing the administrator to perform unintended actions on an affected system.... |
| CVE-2022-39158 | 2022-09-13 | A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2100NC, RUGGEDCOM M2200,... |
| CVE-2022-3175 | 2022-09-13 | Missing Custom Error Page in ikus060/rdiffweb |
| CVE-2022-3174 | 2022-09-13 | Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in ikus060/rdiffweb |
| CVE-2022-37302 | 2022-09-13 | A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a crash of the Control Expert software when an incorrect project file... |
| CVE-2022-38466 | 2022-09-13 | A vulnerability has been identified in CoreShield One-Way Gateway (OWG) Software (All versions < V2.2). The default installation sets insecure file permissions that could allow a local attacker to escalate... |
| CVE-2022-39137 | 2022-09-13 | A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161),... |
| CVE-2022-39138 | 2022-09-13 | A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161),... |
| CVE-2022-39139 | 2022-09-13 | A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161),... |
| CVE-2022-39140 | 2022-09-13 | A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161),... |
| CVE-2022-39141 | 2022-09-13 | A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161),... |
| CVE-2022-39142 | 2022-09-13 | A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions... |
| CVE-2022-39143 | 2022-09-13 | A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions... |
| CVE-2022-39144 | 2022-09-13 | A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions... |
| CVE-2022-39145 | 2022-09-13 | A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions... |
| CVE-2022-39146 | 2022-09-13 | A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions... |
| CVE-2022-39147 | 2022-09-13 | A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions... |
| CVE-2022-39148 | 2022-09-13 | A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions... |
| CVE-2022-39149 | 2022-09-13 | A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions... |
| CVE-2022-39150 | 2022-09-13 | A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions... |
| CVE-2022-39151 | 2022-09-13 | A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions... |
| CVE-2022-39152 | 2022-09-13 | A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions... |
| CVE-2022-39153 | 2022-09-13 | A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions... |
| CVE-2022-39154 | 2022-09-13 | A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions... |
| CVE-2022-39155 | 2022-09-13 | A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions... |
| CVE-2022-39156 | 2022-09-13 | A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions... |
| CVE-2022-38616 | 2022-09-13 | SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the UserForm:j_id90 parameter at /feegroups/tgrt_group.jsf. |
| CVE-2022-1278 | 2022-09-13 | A flaw was found in WildFly, where an attacker can see deployment names, endpoints, and any other data the trace payload may contain. |
| CVE-2022-2989 | 2022-09-13 | An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to... |
| CVE-2022-2990 | 2022-09-13 | An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to... |
| CVE-2022-38139 | 2022-09-13 | WordPress RD Station plugin <= 5.2.0 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities |
| CVE-2022-38539 | 2022-09-13 | Archery v1.7.5 to v1.8.5 was discovered to contain a SQL injection vulnerability via the where parameter at /archive/apply. |
| CVE-2022-38542 | 2022-09-13 | Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the ThreadIDs parameter in the kill_session interface. The project has released an update, please upgrade to v1.9.0... |
| CVE-2022-1602 | 2022-09-13 | A potential security vulnerability has been identified in HP ThinPro 7.2 Service Pack 8 (SP8). The security vulnerability in SP8 is not remedied after upgrading from SP8 to Service Pack... |
| CVE-2022-36385 | 2022-09-13 | Contec Health CMS8000 |
| CVE-2022-38100 | 2022-09-13 | Contec Health CMS8000 |
| CVE-2022-38069 | 2022-09-13 | Contec Health CMS8000 |