Lista CVE - 2022 / Ottobre
Visualizzazione 501 - 600 di 1849 CVE per Ottobre 2022 (Pagina 6 di 19)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2022-41202 | 2022-10-11 | Due to lack of proper memory management, when a victim opens a manipulated Visual Design Stream (.vds, vds.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer -... |
| CVE-2022-41204 | 2022-10-11 | An attacker can change the content of an SAP Commerce - versions 1905, 2005, 2105, 2011, 2205, login page through a manipulated URL. They can inject code that allows them... |
| CVE-2022-41206 | 2022-10-11 | SAP BusinessObjects Business Intelligence platform (Analysis for OLAP) - versions 420, 430, allows an authenticated attacker to send user-controlled inputs when OLAP connections are created and edited in the Central... |
| CVE-2022-41209 | 2022-10-11 | SAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, uses encryption method which lacks proper diffusion and does not hide the patterns well. This can lead to... |
| CVE-2022-41210 | 2022-10-11 | SAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, uses insecure random number generator program which makes it easy for the attacker to predict future random numbers.... |
| CVE-2022-41376 | 2022-10-11 | Metro UI v4.4.0 to v4.5.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Javascript function. |
| CVE-2022-41380 | 2022-10-11 | The d8s-yaml package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0. |
| CVE-2022-41381 | 2022-10-11 | The d8s-utility package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0. |
| CVE-2022-41382 | 2022-10-11 | The d8s-json package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0. |
| CVE-2022-41383 | 2022-10-11 | The d8s-archives package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0. |
| CVE-2022-41384 | 2022-10-11 | The d8s-domains package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0. |
| CVE-2022-41385 | 2022-10-11 | The d8s-html package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0. |
| CVE-2022-41386 | 2022-10-11 | The d8s-utility package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0. |
| CVE-2022-41387 | 2022-10-11 | The d8s-pdfs package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0. |
| CVE-2022-41404 | 2022-10-11 | An issue in the fetch() method in the BasicProfile class of org.ini4j through version v0.5.4 allows attackers to cause a Denial of Service (DoS) via unspecified vectors. |
| CVE-2022-41406 | 2022-10-11 | An arbitrary file upload vulnerability in the /admin/admin_pic.php component of Church Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. |
| CVE-2022-41407 | 2022-10-11 | Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=orders/view_order. |
| CVE-2022-41408 | 2022-10-11 | Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=orders/view_order. |
| CVE-2022-41530 | 2022-10-11 | Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/ajax.php?action=delete_borrower. |
| CVE-2022-41532 | 2022-10-11 | Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/ajax.php?action=delete_plan. |
| CVE-2022-41550 | 2022-10-11 | GNU oSIP v5.3.0 was discovered to contain an integer overflow via the component osip_body_parse_header. |
| CVE-2022-41606 | 2022-10-11 | HashiCorp Nomad and Nomad Enterprise 1.0.2 up to 1.2.12, and 1.3.5 jobs submitted with an artifact stanza using invalid S3 or GCS URLs can be used to crash client agents.... |
| CVE-2022-41665 | 2022-10-11 | A vulnerability has been identified in SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10),... |
| CVE-2022-41851 | 2022-10-11 | A vulnerability has been identified in JTTK (All versions < V11.1.1.0), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The JTTK library is vulnerable... |
| CVE-2022-42034 | 2022-10-11 | Wedding Planner v1.0 is vulnerable to arbitrary code execution via users_profile.php. |
| CVE-2022-42037 | 2022-10-11 | The d8s-asns package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0. |
| CVE-2022-42038 | 2022-10-11 | The d8s-ip-addresses package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0. |
| CVE-2022-42039 | 2022-10-11 | The d8s-lists package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-dicts package. The affected version is 0.1.0. |
| CVE-2022-42040 | 2022-10-11 | The d8s-algorithms package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-dicts package. The affected version is 0.1.0. |
| CVE-2022-42041 | 2022-10-11 | The d8s-file-system package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hashes package. The affected version is 0.1.0. |
| CVE-2022-42042 | 2022-10-11 | The d8s-networking package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hashes package. The affected version is 0.1.0. |
| CVE-2022-42043 | 2022-10-11 | The d8s-xml package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-html package. The affected version is 0.1.0. |
| CVE-2022-42044 | 2022-10-11 | The d8s-asns package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-html package. The affected version is 0.1.0. |
| CVE-2022-42229 | 2022-10-11 | Wedding Planner v1.0 is vulnerable to Arbitrary code execution via package_edit.php. |
| CVE-2022-42230 | 2022-10-11 | Simple Cold Storage Management System v1.0 is vulnerable to SQL Injection via /csms/admin/?page=user/manage_user&id=. |
| CVE-2022-42235 | 2022-10-11 | A Stored XSS issue in Student Clearance System v.1.0 allows the injection of arbitrary JavaScript in the Student registration form. |
| CVE-2022-42236 | 2022-10-11 | A Stored XSS issue in Merchandise Online Store v.1.0 allows to injection of Arbitrary JavaScript in edit account form. |
| CVE-2022-42238 | 2022-10-11 | A Vertical Privilege Escalation issue in Merchandise Online Store v.1.0 allows an attacker to get access to the admin dashboard. |
| CVE-2022-42717 | 2022-10-11 | An issue was discovered in Hashicorp Packer before 2.3.1. The recommended sudoers configuration for Vagrant on Linux is insecure. If the host has been configured according to this documentation, non-privileged... |
| CVE-2022-42731 | 2022-10-11 | mfa/FIDO2.py in django-mfa2 before 2.5.1 and 2.6.x before 2.6.1 allows a replay attack that could be used to register another device for a user. The device registration challenge is not... |
| CVE-2022-32175 | 2022-10-11 | AdGuardHome - CSRF |
| CVE-2022-32174 | 2022-10-11 | Gogs - XSS |
| CVE-2022-3358 | 2022-10-11 | Using a Custom Cipher with NID_undef may lead to NULL encryption |
| CVE-2022-38388 | 2022-10-11 | IBM Navigator Mobile Android 3.4.1.1 and 3.4.1.2 app could allow a local user to obtain sensitive information due to improper access control. IBM X-Force ID: 233968. |
| CVE-2022-32486 | 2022-10-11 | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. |
| CVE-2022-32492 | 2022-10-11 | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. |
| CVE-2022-34426 | 2022-10-11 | Dell Container Storage Modules 1.2 contains an Improper Limitation of a Pathname to a Restricted Directory in goiscsi and gobrick libraries which could lead to OS command injection. A remote... |
| CVE-2022-34427 | 2022-10-11 | Dell Container Storage Modules 1.2 contains an OS Command Injection in goiscsi and gobrick libraries. A remote unauthenticated attacker could exploit this vulnerability leading to modification of intended OS command... |
| CVE-2022-34430 | 2022-10-11 | Dell Hybrid Client below 1.8 version contains a Zip Bomb Vulnerability in UI. A guest privilege attacker could potentially exploit this vulnerability, leading to system files modification. |
| CVE-2022-34431 | 2022-10-11 | Dell Hybrid Client below 1.8 version contains a guest user profile corruption vulnerability. A WMS privilege attacker could potentially exploit this vulnerability, leading to DHC system not being accessible. |
| CVE-2022-34432 | 2022-10-11 | Dell Hybrid Client below 1.8 version contains a gedit vulnerability. A guest attacker could potentially exploit this vulnerability, allowing deletion of user and some system files and folders. |
| CVE-2022-34434 | 2022-10-11 | Cloud Mobility for Dell Storage versions 1.3.0 and earlier contains an Improper Access Control vulnerability within the Postgres database. A threat actor with root level access to either the vApp... |
| CVE-2022-33978 | 2022-10-11 | WordPress FontMeister plugin <= 1.08 - Reflected Cross-Site Scripting (XSS) vulnerability |
| CVE-2021-36899 | 2022-10-11 | WordPress Asset CleanUp: Page Speed Booster plugin <= 1.3.8.4 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability |
| CVE-2021-36913 | 2022-10-11 | Redirection for Contact Form 7 <= 2.4.0 - Unauthenticated Options Change and Content Injection vulnerability |
| CVE-2021-36915 | 2022-10-11 | WordPress Profile Builder plugin <= 3.6.0 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-38086 | 2022-10-11 | WordPress Shortcodes Ultimate plugin <= 5.12.0 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2021-36201 | 2022-10-11 | CCURE Observable Response Discrepancy |
| CVE-2022-3458 | 2022-10-12 | SourceCodester Human Resource Management System Image File employeeview.php unrestricted upload |
| CVE-2022-3470 | 2022-10-12 | SourceCodester Human Resource Management System getstatecity.php sql injection |
| CVE-2022-3471 | 2022-10-12 | SourceCodester Human Resource Management System city.php sql injection |
| CVE-2022-3473 | 2022-10-12 | SourceCodester Human Resource Management System getstatecity.php sql injection |
| CVE-2022-37601 | 2022-10-12 | Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils via the name variable in parseQuery.js. This affects all versions prior to 1.4.1 and 2.0.3. |
| CVE-2018-18446 | 2022-10-12 | dotPDN Paint.NET before 4.1.2 allows Deserialization of Untrusted Data (issue 1 of 2). |
| CVE-2018-18447 | 2022-10-12 | dotPDN Paint.NET before 4.1.2 allows Deserialization of Untrusted Data (issue 2 of 2). |
| CVE-2021-36369 | 2022-10-12 | An issue was discovered in Dropbear through 2020.81. Due to a non-RFC-compliant check of the available authentication methods in the client-side SSH code, it is possible for an SSH server... |
| CVE-2022-22077 | 2022-10-12 | Memory corruption in graphics due to use-after-free in graphics dispatcher logic in Snapdragon Mobile |
| CVE-2022-22078 | 2022-10-12 | Denial of service in BOOT when partition size for a particular partition is requested due to integer overflow when blocks are calculated in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon... |
| CVE-2022-2249 | 2022-10-12 | Avaya Aura Communication Manager Privilege Escalation Vulnerabilities |
| CVE-2022-25660 | 2022-10-12 | Memory corruption due to double free issue in kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile |
| CVE-2022-25661 | 2022-10-12 | Memory corruption due to untrusted pointer dereference in kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile |
| CVE-2022-25662 | 2022-10-12 | Information disclosure due to untrusted pointer dereference in kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables |
| CVE-2022-25663 | 2022-10-12 | Possible buffer overflow due to lack of buffer length check during management frame Rx handling lead to denial of service in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity |
| CVE-2022-25664 | 2022-10-12 | Information disclosure due to exposure of information while GPU reads the data in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables |
| CVE-2022-25665 | 2022-10-12 | Information disclosure due to buffer over read in kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Mobile |
| CVE-2022-2720 | 2022-10-12 | In affected versions of Octopus Server it was identified that when a sensitive value is a substring of another value, sensitive value masking will only partially work. |
| CVE-2022-28887 | 2022-10-12 | Multiple Denial of Service Vulnerability |
| CVE-2022-3171 | 2022-10-12 | Memory handling vulnerability in ProtocolBuffers Java core and lite |
| CVE-2022-33106 | 2022-10-12 | WiJungle NGFW Version U250 was discovered to be vulnerable to No Rate Limit attack, allowing the attacker to brute force the admin password leading to Account Take Over. |
| CVE-2022-3464 | 2022-10-12 | puppyCMS settings.php cross site scripting |
| CVE-2022-3465 | 2022-10-12 | Mediabridge Medialink index.asp improper authentication |
| CVE-2022-3467 | 2022-10-12 | Jiusi OA hntdCustomDesktopActionContent sql injection |
| CVE-2022-3472 | 2022-10-12 | SourceCodester Human Resource Management System city.php sql injection |
| CVE-2022-37611 | 2022-10-12 | Prototype pollution vulnerability in tschaub gh-pages 3.1.0 via the partial variable in util.js. |
| CVE-2022-37614 | 2022-10-12 | Prototype pollution vulnerability in function enable in mockery.js in mfncooper mockery commit 822f0566fd6d72af8c943ae5ca2aa92e516aa2cf via the key variable in mockery.js. |
| CVE-2022-39282 | 2022-10-12 | RDP client: Read of uninitialized memory with parallel port redirection |
| CVE-2022-39283 | 2022-10-12 | FreeRDP may read and display out of bounds data |
| CVE-2022-39297 | 2022-10-12 | Deserialization of untrusted data in MelisCms |
| CVE-2022-39298 | 2022-10-12 | Deserialization of untrusted data in MelisFront |
| CVE-2022-39299 | 2022-10-12 | Signature bypass via multiple root elements in Passport-SAML |
| CVE-2022-40469 | 2022-10-12 | iKuai OS v3.6.7 was discovered to contain an authenticated remote code execution (RCE) vulnerability. |
| CVE-2022-40664 | 2022-10-12 | Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher |
| CVE-2022-40871 | 2022-10-12 | Dolibarr ERP & CRM <=15.0.3 is vulnerable to Eval injection. By default, any administrator can be added to the installation page of dolibarr, and if successfully added, malicious code can... |
| CVE-2022-41316 | 2022-10-12 | HashiCorp Vault and Vault Enterprise’s TLS certificate auth method did not initially load the optionally configured CRL issued by the role's CA into memory on startup, resulting in the revocation... |
| CVE-2022-41348 | 2022-10-12 | An issue was discovered in Zimbra Collaboration (ZCS) 9.0. XSS can occur via the onerror attribute of an IMG element, leading to information disclosure. |
| CVE-2022-41349 | 2022-10-12 | In Zimbra Collaboration Suite (ZCS) 8.8.15, the URL at /h/compose accepts an attachUrl parameter that is vulnerable to Reflected XSS. This allows executing arbitrary JavaScript on the victim's machine. |
| CVE-2022-41350 | 2022-10-12 | In Zimbra Collaboration Suite (ZCS) 8.8.15, /h/search?action=voicemail&action=listen accepts a phone parameter that is vulnerable to Reflected XSS. This allows executing arbitrary JavaScript on the victim's machine. |
| CVE-2022-41351 | 2022-10-12 | In Zimbra Collaboration Suite (ZCS) 8.8.15, at the URL /h/calendar, one can trigger XSS by adding JavaScript code to the view parameter and changing the value of the uncheck parameter... |
| CVE-2022-41403 | 2022-10-12 | OpenCart 3.x Newsletter Custom Popup was discovered to contain a SQL injection vulnerability via the email parameter at index.php?route=extension/module/so_newletter_custom_popup/newsletter. |
| CVE-2022-42077 | 2022-10-12 | Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot. |