Lista CVE - 2022 / Ottobre
Visualizzazione 1301 - 1400 di 1849 CVE per Ottobre 2022 (Pagina 14 di 19)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2022-2069 | 2022-10-20 | Datalogics APDFL library Heap-based Buffer Overflow |
| CVE-2022-26954 | 2022-10-20 | Multiple open redirect vulnerabilities in NopCommerce 4.10 through 4.50.1 allow remote attackers to conduct phishing attacks by redirecting users to attacker-controlled web sites via the returnUrl parameter, processed by the... |
| CVE-2022-31366 | 2022-10-20 | An arbitrary file upload vulnerability in the apiImportLabs function in api_labs.php of EVE-NG 2.0.3-112 Community allows attackers to execute arbitrary code via a crafted UNL file. |
| CVE-2022-3577 | 2022-10-20 | An out-of-bounds memory write flaw was found in the Linux kernel’s Kid-friendly Wired Controller driver. This flaw allows a local user to crash or potentially escalate their privileges on the... |
| CVE-2022-3619 | 2022-10-20 | Linux Kernel Bluetooth l2cap_core.c l2cap_recv_acldata memory leak |
| CVE-2022-3620 | 2022-10-20 | Exim DMARC dmarc.c dmarc_dns_lookup use after free |
| CVE-2022-3621 | 2022-10-20 | Linux Kernel nilfs2 inode.c nilfs_bmap_lookup_at_level null pointer dereference |
| CVE-2022-3623 | 2022-10-20 | Linux Kernel BPF gup.c follow_page_pte race condition |
| CVE-2022-37298 | 2022-10-20 | Shinken Solutions Shinken Monitoring Version 2.4.3 affected is vulnerable to Incorrect Access Control. The SafeUnpickler class found in shinken/safepickle.py implements a weak authentication scheme when unserializing objects passed from monitoring... |
| CVE-2022-37453 | 2022-10-20 | An issue was discovered in Softing OPC UA C++ SDK before 6.10. A buffer overflow or an excess allocation happens due to unchecked array and matrix bounds in structure data... |
| CVE-2022-39823 | 2022-10-20 | An issue was discovered in Softing OPC UA C++ SDK 5.66 through 6.x before 6.10. An OPC/UA browse request exceeding the server limit on continuation points may cause a use-after-free... |
| CVE-2022-40084 | 2022-10-20 | OpenCRX before v5.2.2 was discovered to be vulnerable to password enumeration due to the difference in error messages received during a password reset which could enable an attacker to determine... |
| CVE-2022-41358 | 2022-10-20 | A stored cross-site scripting (XSS) vulnerability in Garage Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the categoriesName parameter in... |
| CVE-2022-42021 | 2022-10-20 | Best Student Result Management System v1.0 is vulnerable to SQL Injection via /upresult/upresult/notice-details.php?nid=. |
| CVE-2022-42176 | 2022-10-20 | In PCTechSoft PCSecure V5.0.8.xw, use of Hard-coded Credentials in configuration files leads to admin panel access. |
| CVE-2022-42197 | 2022-10-20 | In Simple Exam Reviewer Management System v1.0 the User List function has improper access control that allows low privileged users to modify user permissions to higher privileges. |
| CVE-2022-42198 | 2022-10-20 | In Simple Exam Reviewer Management System v1.0 the User List function suffers from insecure file upload. |
| CVE-2022-42199 | 2022-10-20 | Simple Exam Reviewer Management System v1.0 is vulnerable to Cross Site Request Forgery (CSRF) via the Exam List. |
| CVE-2022-42200 | 2022-10-20 | Simple Exam Reviewer Management System v1.0 is vulnerable to Stored Cross Site Scripting (XSS) via the Exam List. |
| CVE-2022-42201 | 2022-10-20 | Simple Exam Reviewer Management System v1.0 is vulnerable to Insecure file upload. |
| CVE-2022-42233 | 2022-10-20 | Tenda 11N with firmware version V5.07.33_cn suffers from an Authentication Bypass vulnerability. |
| CVE-2022-27626 | 2022-10-20 | A vulnerability regarding concurrent execution using shared resource with improper synchronization ('Race Condition') is found in the session processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute... |
| CVE-2022-27625 | 2022-10-20 | A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the message processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to... |
| CVE-2022-27624 | 2022-10-20 | A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the packet decryption functionality of Out-of-Band (OOB) Management. This allows remote attackers to... |
| CVE-2022-3576 | 2022-10-20 | A vulnerability regarding out-of-bounds read is found in the session processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to obtain sensitive information via unspecified vectors. The following models... |
| CVE-2022-42344 | 2022-10-20 | [CVE-2021-36032] Magento IDOR Leads to Account Takeover |
| CVE-2022-36966 | 2022-10-20 | Insecure Direct Object Reference Vulnerability: Orion Platform 2020.2.6 |
| CVE-2022-36957 | 2022-10-20 | SolarWinds Platform Deserialization of Untrusted Data |
| CVE-2022-36958 | 2022-10-20 | SolarWinds Platform Deserialization of Untrusted Data |
| CVE-2022-38108 | 2022-10-20 | SolarWinds Platform Deserialization of Untrusted Data |
| CVE-2022-3625 | 2022-10-21 | Linux Kernel IPsec devlink.c devlink_param_get use after free |
| CVE-2022-3640 | 2022-10-21 | Linux Kernel Bluetooth l2cap_core.c l2cap_conn_del use after free |
| CVE-2022-3649 | 2022-10-21 | Linux Kernel BPF inode.c nilfs_new_inode use after free |
| CVE-2021-42553 | 2022-10-21 | STM32 USB Host Library Buffer Overflow |
| CVE-2022-23462 | 2022-10-21 | Stack Buffer Overflow in iowow |
| CVE-2022-3570 | 2022-10-21 | Multiple heap buffer overflows in tiffcrop.c utility in libtiff library Version 4.4.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could... |
| CVE-2022-3597 | 2022-10-21 | LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6826, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile... |
| CVE-2022-3598 | 2022-10-21 | LibTIFF 4.4.0 has an out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c:3604, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix... |
| CVE-2022-3599 | 2022-10-21 | LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection in tools/tiffcrop.c:7345, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix... |
| CVE-2022-36122 | 2022-10-21 | The Automox Agent before 40 on Windows incorrectly sets permissions on key files. |
| CVE-2022-3624 | 2022-10-21 | Linux Kernel IPsec bond_alb.c rlb_arp_xmit memory leak |
| CVE-2022-3626 | 2022-10-21 | LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c:340 when called from processCropSelections, tools/tiffcrop.c:7619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile... |
| CVE-2022-3627 | 2022-10-21 | LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6860, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile... |
| CVE-2022-3629 | 2022-10-21 | Linux Kernel af_vsock.c vsock_connect memory leak |
| CVE-2022-3630 | 2022-10-21 | Linux Kernel IPsec cookie.c memory leak |
| CVE-2022-3633 | 2022-10-21 | Linux Kernel transport.c j1939_session_destroy memory leak |
| CVE-2022-3635 | 2022-10-21 | Linux Kernel IPsec idt77252.c tst_timer use after free |
| CVE-2022-3636 | 2022-10-21 | Linux Kernel Ethernet mtk_ppe.c __mtk_ppe_check_skb use after free |
| CVE-2022-3637 | 2022-10-21 | Linux Kernel BlueZ jlink.c jlink_init denial of service |
| CVE-2022-3639 | 2022-10-21 | A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions from 10.8 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2.... |
| CVE-2022-3646 | 2022-10-21 | Linux Kernel BPF segment.c nilfs_attach_log_writer memory leak |
| CVE-2022-3647 | 2022-10-21 | Redis Crash Report debug.c sigsegvHandler denial of service |
| CVE-2022-37454 | 2022-10-21 | The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs... |
| CVE-2022-39259 | 2022-10-21 | Jadx-gui subject to Denial of Service via Swing HTML rendering |
| CVE-2022-39272 | 2022-10-21 | Flux2 vulnerable to Denial of Service due to Improper use of metav1.Duration |
| CVE-2022-41309 | 2022-10-21 | A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could... |
| CVE-2022-41310 | 2022-10-21 | A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could... |
| CVE-2022-41575 | 2022-10-21 | A credential-exposure vulnerability in the support-bundle mechanism in Gradle Enterprise 2022.3 through 2022.3.3 allows remote attackers to access a subset of application data (e.g., cleartext credentials). This is fixed in... |
| CVE-2022-42189 | 2022-10-21 | Emlog Pro 1.6.0 plugins upload suffers from a remote code execution (RCE) vulnerability. |
| CVE-2022-42205 | 2022-10-21 | PHPGurukul Hospital Management System In PHP V 4.0 is vulnerable to Cross Site Scripting (XSS) via add-patient.php. |
| CVE-2022-42206 | 2022-10-21 | PHPGurukul Hospital Management System In PHP V 4.0 is vulnerable to Cross Site Scripting (XSS) via doctor/view-patient.php, admin/view-patient.php, and view-medhistory.php. |
| CVE-2022-42933 | 2022-10-21 | A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could... |
| CVE-2022-42934 | 2022-10-21 | A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could... |
| CVE-2022-42935 | 2022-10-21 | A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could... |
| CVE-2022-42936 | 2022-10-21 | A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could... |
| CVE-2022-42937 | 2022-10-21 | A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could... |
| CVE-2022-42938 | 2022-10-21 | A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the... |
| CVE-2022-42939 | 2022-10-21 | A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the... |
| CVE-2022-42940 | 2022-10-21 | A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the... |
| CVE-2022-42941 | 2022-10-21 | A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could... |
| CVE-2022-42942 | 2022-10-21 | A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could... |
| CVE-2022-42943 | 2022-10-21 | A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could... |
| CVE-2022-42944 | 2022-10-21 | A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could... |
| CVE-2022-43400 | 2022-10-21 | A vulnerability has been identified in Siveillance Video Mobile Server V2022 R2 (All versions < V22.2a (80)). The mobile server component of affected applications improperly handles the log in for... |
| CVE-2022-3203 | 2022-10-21 | ORing net IAP-420(+) Hidden Functionality |
| CVE-2022-41638 | 2022-10-21 | WordPress Pop-Up Chop Chop plugin <= 2.1.7 - Auth. Stored Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-40311 | 2022-10-21 | WordPress Analytics Cat plugin <= 1.0.9 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-38104 | 2022-10-21 | WordPress Accordions plugin <= 2.0.3 - Auth. WordPress Options Change vulnerability |
| CVE-2022-1066 | 2022-10-21 | MISSING AUTHORIZATION CWE-862 |
| CVE-2022-26423 | 2022-10-21 | MISSING AUTHORIZATION CWE-862 |
| CVE-2022-1059 | 2022-10-21 | CROSS-SITE SCRIPTING CWE-79 |
| CVE-2022-1070 | 2022-10-21 | CHANNEL ACCESSIBLE BY NON-ENDPOINT CWE-300 |
| CVE-2022-27494 | 2022-10-21 | CROSS-SITE SCRIPTING CWE-79 |
| CVE-2020-5355 | 2022-10-21 | The Dell Isilon OneFS versions 8.2.2 and earlier SSHD process improperly allows Transmission Control Protocol (TCP) and stream forwarding. This provides the remotesupport user and users with restricted shells more... |
| CVE-2022-26870 | 2022-10-21 | Dell PowerStore versions 2.1.0.x contain an Authentication bypass vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability under specific configuration. An attacker would gain unauthorized access upon successful exploit. |
| CVE-2022-31239 | 2022-10-21 | Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, and 9.3.0.6, contain sensitive data in log files vulnerability. A privileged local user may potentially exploit this vulnerability, leading... |
| CVE-2022-34437 | 2022-10-21 | Dell PowerScale OneFS, versions 8.2.2-9.3.0, contain an OS command injection vulnerability. A privileged local malicious user could potentially exploit this vulnerability, leading to a full system compromise. This impacts compliance... |
| CVE-2022-34438 | 2022-10-21 | Dell PowerScale OneFS, versions 8.2.x-9.4.0.x, contain a privilege context switching error. A local authenticated malicious user with high privileges could potentially exploit this vulnerability, leading to full system compromise. This... |
| CVE-2022-34439 | 2022-10-21 | Dell PowerScale OneFS, versions 8.2.0.x-9.4.0.x contain allocation of Resources Without Limits or Throttling vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service and performance... |
| CVE-2021-26728 | 2022-10-24 | spx_restservice KillDupUsr_func Command Injection and Stack-Based Buffer Overflow |
| CVE-2022-43677 | 2022-10-24 | In free5GC 3.2.1, a malformed NGAP message can crash the AMF and NGAP decoders via an index-out-of-range panic in aper.GetBitString. |
| CVE-2021-26727 | 2022-10-24 | spx_restservice SubNet_handler_func Multiple Command Injections and Stack-Based Buffer Overflows |
| CVE-2021-26729 | 2022-10-24 | spx_restservice Login_handler_func Command Injection and Multiple Stack-Based Buffer Overflows |
| CVE-2021-26730 | 2022-10-24 | spx_restservice Login_handler_func Subfunction Stack-Based Buffer Overflow |
| CVE-2021-26731 | 2022-10-24 | spx_restservice modifyUserb_func Command Injection and Multiple Stack-Based Buffer Overflows |
| CVE-2021-26732 | 2022-10-24 | spx_restservice First_network_func Broken Access Control |
| CVE-2021-26733 | 2022-10-24 | spx_restservice FirstReset_handler_func Broken Access Control |
| CVE-2021-42010 | 2022-10-24 | CRLF log injection |
| CVE-2021-4228 | 2022-10-24 | Hard-coded TLS Certificate |
| CVE-2021-44467 | 2022-10-24 | spx_restservice KillDupUsr_func Broken Access Control |