Lista CVE - 2022 / Ottobre
Visualizzazione 1101 - 1200 di 1849 CVE per Ottobre 2022 (Pagina 12 di 19)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2022-3583 | 2022-10-18 | SourceCodester Canteen Management System login.php sql injection |
| CVE-2022-3584 | 2022-10-18 | SourceCodester Canteen Management System edituser.php sql injection |
| CVE-2022-3594 | 2022-10-18 | Linux Kernel BPF r8152.c intr_callback logging of excessive data |
| CVE-2022-3595 | 2022-10-18 | Linux Kernel CIFS sess.c sess_free_buffer double free |
| CVE-2022-36438 | 2022-10-18 | AsusSwitch.exe on ASUS personal computers (running Windows) sets weak file permissions, leading to local privilege escalation (this also can be used to delete files within the system arbitrarily). This affects... |
| CVE-2022-36439 | 2022-10-18 | AsusSoftwareManager.exe in ASUS System Control Interface on ASUS personal computers (running Windows) allows a local user to write into the Temp directory and delete another more privileged file via SYSTEM... |
| CVE-2022-39198 | 2022-10-18 | Apache Dubbo Hession Deserialization Vulnerability Gadgets Bypass |
| CVE-2022-39399 | 2022-10-18 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.16.1, 17.0.4.1, 19; Oracle... |
| CVE-2022-40684 | 2022-10-18 | An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and... |
| CVE-2022-40889 | 2022-10-18 | Phpok 6.1 has a deserialization vulnerability via framework/phpok_call.php. |
| CVE-2022-41479 | 2022-10-18 | The DevExpress Resource Handler (ASPxHttpHandlerModule) in DevExpress ASP.NET Web Forms Build v19.2.3 does not verify the referenced objects in the /DXR.axd?r= HTTP GET parameter. This leads to an Insecure Direct... |
| CVE-2022-41500 | 2022-10-18 | EyouCMS V1.5.9 was discovered to contain multiple Cross-Site Request Forgery (CSRF) vulnerabilities via the Members Center, Editorial Membership, and Points Recharge components. |
| CVE-2022-41504 | 2022-10-18 | An arbitrary file upload vulnerability in the component /php_action/editProductImage.php of Billing System Project v1.0 allows attackers to execute arbitrary code via a crafted PHP file. |
| CVE-2022-41537 | 2022-10-18 | Online Tours & Travels Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /user_operations/profile.php. This vulnerability allows attackers to execute arbitrary code via a... |
| CVE-2022-41540 | 2022-10-18 | The web app client of TP-Link AX10v1 V1_211117 uses hard-coded cryptographic keys when communicating with the router. Attackers who are able to intercept the communications between the web client and... |
| CVE-2022-41541 | 2022-10-18 | TP-Link AX10v1 V1_211117 allows attackers to execute a replay attack by using a previously transmitted encrypted authentication message and valid authentication token. Attackers are able to login to the web... |
| CVE-2022-41544 | 2022-10-18 | GetSimple CMS v3.3.16 was discovered to contain a remote code execution (RCE) vulnerability via the edited_file parameter in admin/theme-edit.php. |
| CVE-2022-41547 | 2022-10-18 | Mobile Security Framework (MobSF) v0.9.2 and below was discovered to contain a local file inclusion (LFI) vulnerability in the StaticAnalyzer/views.py script. This vulnerability allows attackers to read arbitrary files via... |
| CVE-2022-42112 | 2022-10-18 | A Cross-site scripting (XSS) vulnerability in the Portal Search module's Sort widget in Liferay Portal 7.2.0 through 7.4.3.24, and Liferay DXP 7.2 before fix pack 19, 7.3 before update 5,... |
| CVE-2022-42113 | 2022-10-18 | A Cross-site scripting (XSS) vulnerability in Document Library module in Liferay Portal 7.4.3.30 through 7.4.3.36, and Liferay DXP 7.4 update 30 through update 36 allows remote attackers to inject arbitrary... |
| CVE-2022-42114 | 2022-10-18 | A Cross-site scripting (XSS) vulnerability in the Role module's edit role assignees page in Liferay Portal 7.4.0 through 7.4.3.36, and Liferay DXP 7.4 before update 37 allows remote attackers to... |
| CVE-2022-42115 | 2022-10-18 | Cross-site scripting (XSS) vulnerability in the Object module's edit object details page in Liferay Portal 7.4.3.4 through 7.4.3.36 allows remote attackers to inject arbitrary web script or HTML via a... |
| CVE-2022-42116 | 2022-10-18 | A Cross-site scripting (XSS) vulnerability in the Frontend Editor module's integration with CKEditor in Liferay Portal 7.3.2 through 7.4.3.14, and Liferay DXP 7.3 before update 6, and 7.4 before update... |
| CVE-2022-42117 | 2022-10-18 | A Cross-site scripting (XSS) vulnerability in the Frontend Taglib module in Liferay Portal 7.3.2 through 7.4.3.16, and Liferay DXP 7.3 before update 6, and 7.4 before update 17 allows remote... |
| CVE-2022-42188 | 2022-10-18 | In Lavalite 9.0.0, the XSRF-TOKEN cookie is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server. |
| CVE-2022-42202 | 2022-10-18 | TP-Link TL-WR841N 8.0 4.17.16 Build 120201 Rel.54750n is vulnerable to Cross Site Scripting (XSS). |
| CVE-2022-42218 | 2022-10-18 | Open Source SACCO Management System v1.0 vulnerable to SQL Injection via /sacco_shield/manage_loan.php. |
| CVE-2022-43259 | 2022-10-18 | Tenda AC15 V15.03.05.18 was discovered to contain a stack overflow via the timeZone parameter in the form_fast_setting_wifi_set function. |
| CVE-2022-43260 | 2022-10-18 | Tenda AC18 V15.03.05.19(6318) was discovered to contain a stack overflow via the time parameter in the fromSetSysTime function. |
| CVE-2022-22192 | 2022-10-18 | Junos OS Evolved: PTX Series: An attacker can cause a kernel panic by sending a malformed TCP packet to the device |
| CVE-2022-22201 | 2022-10-18 | SRX5000 Series with SPC3, SRX4000 Series, and vSRX: When PowerMode IPsec is configured, the PFE will crash upon receipt of a malformed ESP packet |
| CVE-2022-22208 | 2022-10-18 | Junos OS and Junos OS Evolved: An rpd crash can occur due to memory corruption caused by flapping BGP sessions |
| CVE-2022-22211 | 2022-10-18 | Junos OS Evolved: PTX Series: Multiple FPCs become unreachable due to continuous polling of specific SNMP OID |
| CVE-2022-22218 | 2022-10-18 | Junos OS: SRX Series: Upon processing of a genuine packet the pkid process will crash during CMPv2 auto-re-enrollment |
| CVE-2022-22219 | 2022-10-18 | Junos OS and Junos OS Evolved: RPD core upon receipt of a specific EVPN route by a BGP route reflector in an EVPN environment |
| CVE-2022-22220 | 2022-10-18 | Junos OS and Junos OS Evolved: Due to a race condition the rpd process can crash upon receipt of a BGP update message containing flow spec route |
| CVE-2022-22223 | 2022-10-18 | Junos OS: QFX10000 Series: In IP/MPLS PHP node scenarios upon receipt of certain crafted packets multiple interfaces in LAG configurations may detach. |
| CVE-2022-22224 | 2022-10-18 | Junos OS and Junos OS Evolved: PPMD goes into infinite loop upon receipt of malformed OSPF TLV |
| CVE-2022-22225 | 2022-10-18 | Junos OS and Junos OS Evolved: In a BGP multipath scenario, when one of the contributing routes is flapping often and rapidly, rpd may crash |
| CVE-2022-22226 | 2022-10-18 | Junos OS: EX4300-MP, EX4600, QFX5000 Series: In VxLAN scenarios specific packets processed cause a memory leak leading to a PFE crash |
| CVE-2022-22227 | 2022-10-18 | Junos OS Evolved: ACX7000 Series: Specific IPv6 transit traffic gets exceptioned to the routing-engine which causes increased CPU utilization |
| CVE-2022-22228 | 2022-10-18 | Junos OS: IPv6 OAM SRv6 network-enabled devices are vulnerable to Denial of Service (DoS) due to RPD memory leak upon receipt of specific a IPv6 packet |
| CVE-2022-22229 | 2022-10-18 | Paragon Active Assurance (Formerly Netrounds): Stored Cross-site Scripting (XSS) vulnerability in web administration |
| CVE-2022-22230 | 2022-10-18 | Junos OS and Junos OS Evolved: RPD crash upon receipt of specific OSPFv3 LSAs |
| CVE-2022-22231 | 2022-10-18 | SRX Series: If UTM Enhanced Content Filtering and AntiVirus are enabled, and specific traffic is processed the PFE will crash |
| CVE-2022-22232 | 2022-10-18 | SRX Series: If Unified Threat Management (UTM) Enhanced Content Filtering (CF) is enabled and specific traffic is processed the PFE will crash |
| CVE-2022-22233 | 2022-10-18 | Junos OS and Junos OS Evolved: In an SR to LDP interworking scenario, with SRMS, when a specific low privileged command is issued on an ABR rpd will crash |
| CVE-2022-22234 | 2022-10-18 | Junos OS: EX2300 and EX3400 Series: One of more SFPs might become unavailable when the system is very busy |
| CVE-2022-22235 | 2022-10-18 | Junos OS: SRX Series: A flowd core will be observed when malformed GPRS traffic is processed |
| CVE-2022-22236 | 2022-10-18 | Junos OS: SRX Series and MX Series: When specific valid SIP packets are received the PFE will crash |
| CVE-2022-22237 | 2022-10-18 | Junos OS: Peers not configured for TCP-AO can establish a BGP or LDP session even if authentication is configured locally |
| CVE-2022-22238 | 2022-10-18 | Junos OS and Junos OS Evolved: The rpd process will crash when a malformed incoming RESV message is processed |
| CVE-2022-22239 | 2022-10-18 | Junos OS Evolved: The ssh CLI command always runs as root which can lead to privilege escalation |
| CVE-2022-22240 | 2022-10-18 | Junos OS and Junos OS Evolved: An rpd memory leak might be observed while running a specific cli command in a RIB sharding scenario |
| CVE-2022-22241 | 2022-10-18 | Junos OS: Vulnerability in J-Web may allow deserialization without authentication |
| CVE-2022-22242 | 2022-10-18 | Junos OS: Cross-site Scripting (XSS) vulnerability in J-Web |
| CVE-2022-22243 | 2022-10-18 | Junos OS: XPath Injection vulnerability in J-Web |
| CVE-2022-22244 | 2022-10-18 | Junos OS: Unauthenticated XPath Injection vulnerability in J-Web |
| CVE-2022-22245 | 2022-10-18 | Junos OS: Path traversal vulnerability in J-Web |
| CVE-2022-22246 | 2022-10-18 | Junos OS: PHP file inclusion vulnerability in J-Web |
| CVE-2022-22247 | 2022-10-18 | Junos OS Evolved: Kernel processing of unvalidated TCP segments could lead to a Denial of Service (DoS) |
| CVE-2022-22248 | 2022-10-18 | Junos OS Evolved: Incorrect file permissions can allow low-privileged user to cause another user to execute arbitrary commands |
| CVE-2022-22249 | 2022-10-18 | Junos OS: MX Series: An FPC crash might be seen due to mac-moves within the same bridge domain |
| CVE-2022-22250 | 2022-10-18 | Junos OS and Junos OS Evolved: An FPC crash might be seen due to an EVPN MAC entry moving from local to remote |
| CVE-2022-22251 | 2022-10-18 | cSRX Series: Storing Passwords in a Recoverable Format and software permissions issues allows a local attacker to elevate privileges |
| CVE-2022-39055 | 2022-10-18 | Changing Information Technology Inc. RAVA certificate validation system - Server-Side Request Forgery (SSRF) |
| CVE-2022-39056 | 2022-10-18 | Changing Information Technology Inc. RAVA certificate validation system - SQL Injection |
| CVE-2022-39057 | 2022-10-18 | Changing Information Technology Inc. RAVA certificate validation system - Command Injection |
| CVE-2022-39058 | 2022-10-18 | Changing Information Technology Inc. RAVA certificate validation system - Path Traversal |
| CVE-2022-39253 | 2022-10-19 | Git subject to exposure of sensitive information via local clone of symbolic links |
| CVE-2022-39260 | 2022-10-19 | Git vulnerable to Remote Code Execution via Heap overflow in `git shell` |
| CVE-2022-42467 | 2022-10-19 | h2 webconsole (available only in prototype mode) should nevertheless be disabled by default. |
| CVE-2022-43401 | 2022-10-19 | A sandbox bypass vulnerability involving various casts performed implicitly by the Groovy language runtime in Jenkins Script Security Plugin 1183.v774b_0b_0a_a_451 and earlier allows attackers with permission to define and run... |
| CVE-2022-43402 | 2022-10-19 | A sandbox bypass vulnerability involving various casts performed implicitly by the Groovy language runtime in Jenkins Pipeline: Groovy Plugin 2802.v5ea_628154b_c2 and earlier allows attackers with permission to define and run... |
| CVE-2022-43403 | 2022-10-19 | A sandbox bypass vulnerability involving casting an array-like value to an array type in Jenkins Script Security Plugin 1183.v774b_0b_0a_a_451 and earlier allows attackers with permission to define and run sandboxed... |
| CVE-2022-43404 | 2022-10-19 | A sandbox bypass vulnerability involving crafted constructor bodies and calls to sandbox-generated synthetic constructors in Jenkins Script Security Plugin 1183.v774b_0b_0a_a_451 and earlier allows attackers with permission to define and run... |
| CVE-2022-43405 | 2022-10-19 | A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Libraries Plugin 612.v84da_9c54906d and earlier allows attackers with permission to define untrusted Pipeline libraries and to define and run sandboxed scripts, including... |
| CVE-2022-43406 | 2022-10-19 | A sandbox bypass vulnerability in Jenkins Pipeline: Deprecated Groovy Libraries Plugin 583.vf3b_454e43966 and earlier allows attackers with permission to define untrusted Pipeline libraries and to define and run sandboxed scripts,... |
| CVE-2013-4253 | 2022-10-19 | The deployment script in the unsupported "OpenShift Extras" set of add-on scripts, in Red Hat Openshift 1, installs a default public key in the root user's authorized_keys file. |
| CVE-2013-4281 | 2022-10-19 | In Red Hat Openshift 1, weak default permissions are applied to the /etc/openshift/server_priv.pem file on the broker server, which could allow users with local access to the broker to read... |
| CVE-2016-20016 | 2022-10-19 | MVPower CCTV DVR models, including TV-7104HE 1.8.4 115215B9 and TV7108HE, contain a web shell that is accessible via a /shell URI. A remote unauthenticated attacker can execute arbitrary operating system... |
| CVE-2016-20017 | 2022-10-19 | D-Link DSL-2750B devices before 1.05 allow remote unauthenticated command injection via the login.cgi cli parameter, as exploited in the wild in 2016 through 2022. |
| CVE-2020-23648 | 2022-10-19 | Asus RT-N12E 2.0.0.39 is affected by an incorrect access control vulnerability. Through system.asp / start_apply.htm, an attacker can change the administrator password without any authentication. |
| CVE-2022-1414 | 2022-10-19 | 3scale API Management 2 does not perform adequate sanitation for user input in multiple fields. An authenticated user could use this flaw to inject scripts and possibly gain access to... |
| CVE-2022-23241 | 2022-10-19 | Clustered Data ONTAP versions 9.11.1 through 9.11.1P2 with SnapLock configured FlexGroups are susceptible to a vulnerability which could allow an authenticated remote attacker to arbitrarily modify or delete WORM data... |
| CVE-2022-23734 | 2022-10-19 | Deserialization of Untrusted Data vulnerability in GitHub Enterprise Server leading to Remote Code Execution |
| CVE-2022-25666 | 2022-10-19 | Memory corruption due to use after free in service while trying to access maps by different threads in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile,... |
| CVE-2022-25687 | 2022-10-19 | memory corruption in video due to buffer overflow while parsing asf clips in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice &... |
| CVE-2022-25718 | 2022-10-19 | Cryptographic issue in WLAN due to improper check on return value while authentication handshake in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon... |
| CVE-2022-25719 | 2022-10-19 | Information disclosure in WLAN due to improper length check while processing authentication handshake in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT,... |
| CVE-2022-25720 | 2022-10-19 | Memory corruption in WLAN due to out of bound array access during connect/roaming in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,... |
| CVE-2022-25736 | 2022-10-19 | Denial of service in WLAN due to out-of-bound read happens while processing VHT action frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon... |
| CVE-2022-25748 | 2022-10-19 | Memory corruption in WLAN due to integer overflow to buffer overflow while parsing GTK frames. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon... |
| CVE-2022-25749 | 2022-10-19 | Transient Denial-of-Service in WLAN due to buffer over-read while parsing MDNS frames. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon... |
| CVE-2022-2805 | 2022-10-19 | A flaw was found in ovirt-engine, which leads to the logging of plaintext passwords in the log file when using otapi-style. This flaw allows an attacker with sufficient privileges to... |
| CVE-2022-31684 | 2022-10-19 | Reactor Netty HTTP Server, in versions 1.0.11 - 1.0.23, may log request headers in some cases of invalid HTTP requests. The logged headers may reveal valid access tokens to those... |
| CVE-2022-33077 | 2022-10-19 | An access control issue in nopcommerce v4.50.2 allows attackers to arbitrarily modify any customer's address via the addressedit endpoint. |
| CVE-2022-3327 | 2022-10-19 | Missing Authentication for Critical Function in ikus060/rdiffweb |
| CVE-2022-3586 | 2022-10-19 | A flaw was found in the Linux kernel’s networking code. A use-after-free was found in the way the sch_sfb enqueue function used the socket buffer (SKB) cb field after the... |
| CVE-2022-35860 | 2022-10-19 | Missing AES encryption in Corsair K63 Wireless 3.1.3 allows physically proximate attackers to inject and sniff keystrokes via 2.4 GHz radio transmissions. |