CVE List - 2022 / September
Showing 401 - 500 of 2148 CVEs for September 2022 (Page 5 of 22)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-37779 | 2022-09-07 | Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers V3.0.1.17 were discovered to contain a remote command execution (RCE) vulnerability via the sendnum parameter of the ping function. |
| CVE-2022-36588 | 2022-09-07 | In D-Link DAP1650 v1.04 firmware, the fileaccess.cgi program in the firmware has a buffer overflow vulnerability caused by strncpy. |
| CVE-2022-36586 | 2022-09-07 | In Tenda G3 US_G3V3.0br_V15.11.0.6(7663)_EN_TDE, there is a buffer overflow vulnerability caused by strcpy in function 0x869f4 in the httpd binary. |
| CVE-2021-34236 | 2022-09-07 | Buffer Overflow in Netgear R8000 Router with firmware v1.0.4.56 allows remote attackers to execute arbitrary code or cause a denial-of-service by sending a crafted POST to '/bd_genie_create_account.cgi' with a sufficiently... |
| CVE-2022-3153 | 2022-09-08 | NULL Pointer Dereference in vim/vim |
| CVE-2022-37144 | 2022-09-08 | The PlexTrac platform prior to API version 1.17.0 does not restrict excessive MFA TOTP submission attempts. An unauthenticated remote attacker in possession of a valid username and password can bruteforce... |
| CVE-2022-37145 | 2022-09-08 | The PlexTrac platform prior to version 1.17.0 does not restrict excessive authentication attempts for accounts configured to use the PlexTrac authentication provider. An unauthenticated remote attacker could perform a bruteforce... |
| CVE-2022-37146 | 2022-09-08 | The PlexTrac platform prior to version 1.28.0 allows for username enumeration via HTTP response times on invalid login attempts for users configured to use the PlexTrac authentication provider. Login attempts... |
| CVE-2022-25897 | 2022-09-08 | Denial of Service (DoS) |
| CVE-2022-25914 | 2022-09-08 | Remote Code Execution (RCE) |
| CVE-2022-33941 | 2022-09-08 | PowerCMS XMLRPC API provided by Alfasado Inc. contains a command injection vulnerability. Sending a specially crafted message by POST method to PowerCMS XMLRPC API may allow arbitrary Perl script execution,... |
| CVE-2022-34869 | 2022-09-08 | Undocumented hidden command that can be executed from the telnet function of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote authenticated attacker to execute an arbitrary OS... |
| CVE-2022-35273 | 2022-09-08 | OS command injection vulnerability in GUI setting page of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote authenticated attacker to execute an arbitrary OS command. |
| CVE-2022-36403 | 2022-09-08 | Untrusted search path vulnerability in the installer of Device Software Manager prior to Ver.2.20.3.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. |
| CVE-2022-38094 | 2022-09-08 | OS command injection vulnerability in the telnet function of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote authenticated attacker to execute an arbitrary OS command. |
| CVE-2022-38394 | 2022-09-08 | Use of hard-coded credentials for the telnet server of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote unauthenticated attacker to execute an arbitrary OS command. |
| CVE-2022-38399 | 2022-09-08 | Missing protection mechanism for alternate hardware interface in SmaCam CS-QR10 all versions and SmaCam Night Vision CS-QR20 all versions allows an attacker to execute an arbitrary OS command by having... |
| CVE-2022-38400 | 2022-09-08 | Mailform Pro CGI 4.3.1 and earlier allow a remote unauthenticated attacker to obtain the user input data by having a use of the product to access a specially crafted URL. |
| CVE-2022-28220 | 2022-09-08 | STARTTLS command injection in Apache JAMES |
| CVE-2022-3148 | 2022-09-08 | Cross-site Scripting (XSS) - Generic in jgraph/drawio |
| CVE-2022-3138 | 2022-09-08 | Cross-site Scripting (XSS) - Generic in jgraph/drawio |
| CVE-2022-27593 | 2022-09-08 | DeadBolt Ransomware |
| CVE-2022-30079 | 2022-09-08 | Command injection vulnerability was discovered in Netgear R6200 v2 firmware through R6200v2-V1.0.3.12 via binary /sbin/acos_service that could allow remote authenticated attackers the ability to modify values in the vulnerable parameter. |
| CVE-2022-20923 | 2022-09-08 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers IPSec VPN Server Authentication Bypass Vulnerability |
| CVE-2022-20863 | 2022-09-08 | Cisco Webex Meetings App Character Interface Manipulation Vulnerability |
| CVE-2022-20696 | 2022-09-08 | Cisco SD-WAN vManage Software Unauthenticated Access to Messaging Services Vulnerability |
| CVE-2022-36736 | 2022-09-08 | Jitsi-2.10.5550 was discovered to contain a vulnerability in its web UI which allows attackers to perform a clickjacking attack via a crafted HTTP request. NOTE: this is disputed by the... |
| CVE-2022-36085 | 2022-09-08 | OPA Compiler: Bypass of WithUnsafeBuiltins using `with` keyword to mock functions |
| CVE-2022-36090 | 2022-09-08 | org.xwiki.platform:xwiki-platform-oldcore Improper Authorization check for inactive users |
| CVE-2022-37163 | 2022-09-08 | Bminusl IHateToBudget v1.5.7 employs a weak password policy which allows attackers to potentially gain unauthorized access to the application via brute-force attacks. Additionally, user passwords are hashed without a salt... |
| CVE-2022-37164 | 2022-09-08 | Inoda OnTrack v3.4 employs a weak password policy which allows attackers to potentially gain unauthorized access to the application via brute-force attacks. Additionally, user passwords are hashed without a salt... |
| CVE-2022-37857 | 2022-09-08 | bilde2910 Hauk v1.6.1 requires a hardcoded password which by default is blank. This hardcoded password is hashed but stored within the config.php file server-side as well as in clear-text on... |
| CVE-2022-27967 | 2022-09-08 | Cynet 360 Web Portal before v4.5 was discovered to allow attackers to access a list of excluded files and profiles via a crafted GET request sent to /WebApp/SettingsExclusion/GetExclusionsProfiles. |
| CVE-2022-27968 | 2022-09-08 | Cynet 360 Web Portal before v4.5 was discovered to allow attackers to access a list of monitored files and profiles via a crafted GET request sent to /WebApp/SettingsFileMonitor/GetFileMonitorProfiles. |
| CVE-2022-27969 | 2022-09-08 | Cynet 360 Web Portal before v4.5 was discovered to allow attackers to access a list of decoy users via a crafted GET request sent to /WebApp/DeceptionUser/GetAllDeceptionUsers. |
| CVE-2022-38255 | 2022-09-08 | Interview Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /interview/editQuestion.php. |
| CVE-2022-22314 | 2022-09-08 | IBM Planning Analytics Local 2.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 217371. |
| CVE-2022-36091 | 2022-09-08 | XWiki Platform Web Templates vulnerable to Missing Authorization and Exposure of Private Personal Information to an Unauthorized Actor |
| CVE-2022-38260 | 2022-09-08 | Interview Management System v1.0 was discovered to contain a SQL injection vulnerability via the component /interview/delete.php?action=questiondelete&id=. |
| CVE-2022-36092 | 2022-09-08 | XWiki Platform Old Core vulnerable to Authentication Bypass Using the Login Action |
| CVE-2022-36093 | 2022-09-08 | XWiki Platform Web Templates vulnerable to Unauthorized User Registration Through the Distribution Wizard |
| CVE-2022-38256 | 2022-09-08 | TastyIgniter v3.5.0 was discovered to contain a cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload. |
| CVE-2022-38258 | 2022-09-08 | A local file inclusion (LFI) vulnerability in D-Link DIR 819 v1.06 allows attackers to cause a Denial of Service (DoS) or access sensitive server information via manipulation of the getpage... |
| CVE-2022-3167 | 2022-09-08 | Improper Restriction of Rendered UI Layers or Frames in ikus060/rdiffweb |
| CVE-2022-36094 | 2022-09-08 | XWiki Platform Web Parent POM vulnerable to XSS in the attachment history |
| CVE-2022-38265 | 2022-09-08 | Apartment Visitor Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter at /avms/edit-apartment.php. |
| CVE-2022-36095 | 2022-09-08 | XWiki Cross-Site Request Forgery (CSRF) for actions on tags |
| CVE-2022-36096 | 2022-09-08 | XWiki Platform vulnerable to Cross-site Scripting in the deleted attachments list |
| CVE-2022-36097 | 2022-09-08 | XWiki Platform Attachment UI vulnerable to cross-site scripting in the move attachment form |
| CVE-2022-36099 | 2022-09-08 | XWiki Platform Wiki UI Main Wiki Eval Injection vulnerability |
| CVE-2022-36098 | 2022-09-08 | XWiki Platform Mentions UI vulnerable to Cross-site Scripting |
| CVE-2022-38267 | 2022-09-08 | School Activity Updates with SMS Notification v1.0 was discovered to contain a SQL injection vulnerability via the component /modules/user/index.php?view=edit&id=. |
| CVE-2022-38268 | 2022-09-08 | School Activity Updates with SMS Notification v1.0 was discovered to contain a SQL injection vulnerability via the component /modules/autonumber/index.php?view=edit&id=. |
| CVE-2022-38269 | 2022-09-08 | School Activity Updates with SMS Notification v1.0 was discovered to contain a SQL injection vulnerability via the component /modules/modstudent/index.php?view=edit&id=. |
| CVE-2022-40281 | 2022-09-08 | An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). cyassl_connect_step2 in curl/vtls/cyassl.c has a missing X509_free after SSL_get_peer_certificate, leading to information disclosure. |
| CVE-2022-40279 | 2022-09-08 | An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). l2_packet_receive_timeout in wpa_supplicant/src/l2_packet/l2_packet_pcap.c has a missing check on the return value of pcap_dispatch, leading to a denial of service... |
| CVE-2022-40278 | 2022-09-08 | An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). createDB in security/provisioning/src/provisioningdatabasemanager.c has a missing sqlite3_free after sqlite3_exec, leading to a denial of service. |
| CVE-2022-40280 | 2022-09-08 | An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). createDB in security/provisioning/src/provisioningdatabasemanager.c has a missing sqlite3_close after sqlite3_open_v2, leading to a denial of service. |
| CVE-2022-36100 | 2022-09-08 | XWiki Platform Applications Tag and XWiki Platform Tag UI vulnerable to Eval Injection |
| CVE-2022-36084 | 2022-09-08 | cruddl vulnerable to AQL injection through flexSearch |
| CVE-2019-25076 | 2022-09-08 | The TSS (Tuple Space Search) algorithm in Open vSwitch 2.x through 2.17.2 and 3.0.0 allows remote attackers to cause a denial of service (delays of legitimate traffic) via crafted packet... |
| CVE-2022-40297 | 2022-09-08 | UBports Ubuntu Touch 16.04 allows the screen-unlock passcode to be used for a privileged shell via Sudo. This passcode is only four digits, far below typical length/complexity for a user... |
| CVE-2022-2526 | 2022-09-09 | A use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() function and dns_stream_complete() function in 'resolved-dns-stream.c' not incrementing the reference counting for the DnsStream object. Therefore,... |
| CVE-2022-2905 | 2022-09-09 | An out-of-bounds memory read flaw was found in the Linux kernel's BPF subsystem in how a user calls the bpf_tail_call function with a key larger than the max_entries of the... |
| CVE-2022-2964 | 2022-09-09 | A flaw was found in the Linux kernel’s driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes. |
| CVE-2022-3169 | 2022-09-09 | A flaw was found in the Linux kernel. A denial of service flaw may occur if there is a consecutive request of the NVME_IOCTL_RESET and the NVME_IOCTL_SUBSYS_RESET through the device... |
| CVE-2022-38266 | 2022-09-09 | An issue in the Leptonica linked library (v1.79.0) allows attackers to cause an arithmetic exception leading to a Denial of Service (DoS) via a crafted JPEG file. |
| CVE-2022-40307 | 2022-09-09 | An issue was discovered in the Linux kernel through 5.19.8. drivers/firmware/efi/capsule-loader.c has a race condition with a resultant use-after-free. |
| CVE-2020-10735 | 2022-09-09 | A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000... |
| CVE-2022-36087 | 2022-09-09 | OAuthLib vulnerable DoS when attacker provides malicious IPV6 URI |
| CVE-2022-40299 | 2022-09-09 | In Singular before 4.3.1, a predictable /tmp pathname is used (e.g., by sdb.cc), which allows local users to gain the privileges of other users via a procedure in a file... |
| CVE-2022-40305 | 2022-09-09 | A Server-Side Request Forgery issue in Canto Cumulus through 11.1.3 allows attackers to enumerate the internal network, overload network resources, and possibly have unspecified other impact via the server parameter... |
| CVE-2022-25765 | 2022-09-09 | Command Injection |
| CVE-2022-2925 | 2022-09-09 | Cross-site Scripting (XSS) - Stored in appwrite/appwrite |
| CVE-2022-29061 | 2022-09-09 | An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSOAR before 7.2.1 allows an authenticated attacker to execute unauthorized code or... |
| CVE-2022-2528 | 2022-09-09 | In affected versions of Octopus Deploy it is possible to upload a package to built-in feed with insufficient permissions after re-indexing packages. |
| CVE-2022-38286 | 2022-09-09 | JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/role/list. |
| CVE-2022-38285 | 2022-09-09 | JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/menu/list. |
| CVE-2022-38283 | 2022-09-09 | JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/video/list. |
| CVE-2022-38284 | 2022-09-09 | JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/department/list. |
| CVE-2022-38282 | 2022-09-09 | JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/videoalbum/list. |
| CVE-2022-38280 | 2022-09-09 | JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/image/list. |
| CVE-2022-38281 | 2022-09-09 | JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/site/list. |
| CVE-2022-38279 | 2022-09-09 | JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/imagealbum/list. |
| CVE-2022-38278 | 2022-09-09 | JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/friendlylink/list. |
| CVE-2022-38276 | 2022-09-09 | JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/foldernotice/list. |
| CVE-2022-38277 | 2022-09-09 | JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/folderrollpicture/list. |
| CVE-2022-38275 | 2022-09-09 | JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/contact/list. |
| CVE-2022-38272 | 2022-09-09 | JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/article/list. |
| CVE-2022-38273 | 2022-09-09 | JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/article/list_approve. |
| CVE-2022-38274 | 2022-09-09 | JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/comment/list. |
| CVE-2022-37299 | 2022-09-09 | An issue was discovered in Shirne CMS 1.2.0. There is a Path Traversal vulnerability which could cause arbitrary file read via /static/ueditor/php/controller.php |
| CVE-2022-39119 | 2022-09-09 | In network service, there is a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed |
| CVE-2022-38059 | 2022-09-09 | WordPress Access Code Feeder plugin <= 1.0.3 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-36280 | 2022-09-09 | There is an out-of-bounds write vulnerability in vmwgfx driver |
| CVE-2022-3147 | 2022-09-09 | Server-side Denial of Service while processing a specifically crafted JPEG file |
| CVE-2022-38096 | 2022-09-09 | There is a NULL pointer vulnerability in vmwgfx driver |
| CVE-2022-38457 | 2022-09-09 | There is an UAF vulnerability in vmwgfx driver |
| CVE-2022-40133 | 2022-09-09 | There is an UAF vulnerability in vmwgfx driver |
| CVE-2022-38068 | 2022-09-09 | WordPress Export Post Info plugin <= 1.1.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability |