Lista CVE - 2022 / Ottobre
Visualizzazione 1801 - 1849 di 1849 CVE per Ottobre 2022 (Pagina 19 di 19)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2022-43752 | 2022-10-31 | Oracle Solaris version 10 1/13, when using the Common Desktop Environment (CDE), is vulnerable to a privilege escalation vulnerability. A low privileged user can escalate to root by crafting a... |
| CVE-2022-44079 | 2022-10-31 | pycdc commit 44a730f3a889503014fec94ae6e62d8401cb75e5 was discovered to contain a stack overflow via the component __sanitizer::StackDepotBase<__sanitizer::StackDepotNode. |
| CVE-2022-44081 | 2022-10-31 | Lodepng v20220717 was discovered to contain a segmentation fault via the function pngdetail. |
| CVE-2022-39021 | 2022-10-31 | e-Excellence Inc. U-Office Force - Open Redirect |
| CVE-2022-39022 | 2022-10-31 | e-Excellence Inc. U-Office Force - Path Traversal |
| CVE-2022-39023 | 2022-10-31 | e-Excellence Inc. U-Office Force - Path Traversal |
| CVE-2022-39024 | 2022-10-31 | e-Excellence Inc. U-Office Force - Reflected XSS |
| CVE-2022-39025 | 2022-10-31 | e-Excellence Inc. U-Office Force - Reflected XSS |
| CVE-2022-39026 | 2022-10-31 | e-Excellence Inc. U-Office Force - Stored XSS |
| CVE-2022-39027 | 2022-10-31 | e-Excellence Inc. U-Office Force - Stored XSS |
| CVE-2022-40739 | 2022-10-31 | Ragic, Inc. Ragic - Reflected XSS |
| CVE-2022-40741 | 2022-10-31 | SOFTNEXT TECHNOLOGIES CORP. Mail SQR Expert - Command Injection |
| CVE-2022-40742 | 2022-10-31 | SOFTNEXT TECHNOLOGIES CORP. Mail SQR Expert - Local File Inclusion |
| CVE-2022-2741 | 2022-10-31 | can: denial-of-service can be triggered by a crafted CAN frame |
| CVE-2022-38142 | 2022-10-31 | Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize user-supplied data provided through the Device-Gateway service port without proper verification. An attacker could provide malicious serialized objects to execute... |
| CVE-2022-41779 | 2022-10-31 | Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize network packets without proper verification. If the device connects to an attacker-controlled server, the attacker could send maliciously crafted packets... |
| CVE-2022-41657 | 2022-10-31 | Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior allow attacker provided data already serialized into memory to be used in file operation application programmable interfaces (APIs). This could create... |
| CVE-2022-41772 | 2022-10-31 | Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior mishandle .ZIP archives containing characters used in path traversal. This path traversal could result in remote code execution. |
| CVE-2022-40202 | 2022-10-31 | The database backup function in Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior lacks proper authentication. An attacker could provide malicious serialized objects which, when deserialized, could activate an... |
| CVE-2022-41688 | 2022-10-31 | Delta Electronics InfraSuite Device Master versions 00.00.01a and prior lack proper authentication for functions that create and modify user groups. An attacker could provide malicious serialized objects that could run... |
| CVE-2022-41644 | 2022-10-31 | Delta Electronics InfraSuite Device Master versions 00.00.01a and prior lacks authentication for a function that changes group privileges. An attacker could use this to create a denial-of-service state or escalate... |
| CVE-2022-41776 | 2022-10-31 | Delta Electronics InfraSuite Device Master versions 00.00.01a and prior allow unauthenticated users to trigger the WriteConfiguration method, which could allow an attacker to provide new values for user configuration files... |
| CVE-2022-28763 | 2022-10-31 | Improper URL parsing in Zoom Clients |
| CVE-2022-41629 | 2022-10-31 | Delta Electronics InfraSuite Device Master versions 00.00.01a and prior allow unauthenticated users to access the aprunning endpoint, which could allow an attacker to retrieve any file from the “RunningConfigs” directory.... |
| CVE-2022-42923 | 2022-10-31 | SQL injection in Forma LMS |
| CVE-2022-42925 | 2022-10-31 | Unrestricted Upload of File with Dangerous Type in Forma LMS |
| CVE-2022-41680 | 2022-10-31 | SQL Injection in Forma LMS |
| CVE-2022-41681 | 2022-10-31 | File Upload vulnerability in Forma LMS |
| CVE-2022-42924 | 2022-10-31 | SQL injection in Forma LMS |
| CVE-2022-41679 | 2022-10-31 | Cross-site scripting in Forma LMS version |
| CVE-2022-40288 | 2022-10-31 | Stored cross-site scripting in PHP Point of Sale version 19.0, by PHP Point of Sale, LLC via messaging functionality |
| CVE-2022-40293 | 2022-10-31 | Session fixation in PHP Point of Sale version 19.0, by PHP Point of Sale, LLC. |
| CVE-2022-39020 | 2022-10-31 | Cross-site scripting in Schoolbox version 21.0.2, by Schoolbox Pty Ltd |
| CVE-2022-39016 | 2022-10-31 | Javascript injection in PDFtron in M-Files Hubshare |
| CVE-2022-40291 | 2022-10-31 | Cross-site request forgery (CSRF) in PHP Point of Sale version 19.0, by PHP Point of Sale, LLC |
| CVE-2022-3059 | 2022-10-31 | SQL injection in Schoolbox version 21.0.2, by Schoolbox Pty Ltd |
| CVE-2022-40292 | 2022-10-31 | Unauthenticated username enumeration in PHP Point of Sale version 19.0, by PHP Point of Sale, LLC. |
| CVE-2022-39017 | 2022-10-31 | XSS in all comments fields in M-Files Hubshare |
| CVE-2022-40289 | 2022-10-31 | Stored cross-site scripting in PHP Point of Sale version 19.0, by PHP Point of Sale, LLC via file upload and download functionality. |
| CVE-2022-40296 | 2022-10-31 | Server-side request forgery (SSRF) in PHP Point of Sale version 19.0, by PHP Point of Sale, LLC. |
| CVE-2022-40287 | 2022-10-31 | Stored cross-site scripting in PHP Point of Sale version 19.0, by PHP Point of Sale, LLC via user profile data fields. |
| CVE-2022-40295 | 2022-10-31 | Authenticated sensitive information disclosure in PHP Point of Sale version 19.0, by PHP Point of Sale, LLC. |
| CVE-2022-40290 | 2022-10-31 | Reflected cross-site scripting in PHP Point of Sale version 19.0, by PHP Point of Sale, LLC. |
| CVE-2022-40294 | 2022-10-31 | CSV Injection in PHP Point of Sale version 19.0, by PHP Point of Sale, LLC |
| CVE-2022-39019 | 2022-10-31 | Broken access controls on PDFtron WebviewerUI in M-Files Hubshare |
| CVE-2022-39018 | 2022-10-31 | Broken access controls on PDFtron data in M-Files Hubshare |
| CVE-2022-40190 | 2022-10-31 | SAUTER Controls moduWeb firmware version 2.7.1 is vulnerable to reflective cross-site scripting (XSS). The web application does not adequately sanitize request strings of malicious JavaScript. An attacker utilizing XSS could... |
| CVE-2021-27784 | 2022-10-31 | HCL Launch container images may contain non-unique https certificates and database encryption key |
| CVE-2022-3311 | 2022-11-01 | Use after free in import in Google Chrome prior to 106.0.5249.62 allowed a remote attacker who had compromised a WebUI process to potentially perform a sandbox escape via a crafted... |
| CVE-2022-3315 | 2022-11-01 | Type confusion in Blink in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low) |
| CVE-2022-3316 | 2022-11-01 | Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass security feature via a crafted HTML page. (Chromium security severity:... |
| CVE-2022-3317 | 2022-11-01 | Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 106.0.5249.62 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security... |
| CVE-2022-3318 | 2022-11-01 | Use after free in ChromeOS Notifications in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a remote attacker who convinced a user to reboot Chrome OS to potentially exploit heap... |
| CVE-2022-3370 | 2022-11-01 | Use after free in Custom Elements in Google Chrome prior to 106.0.5249.91 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2022-3443 | 2022-11-01 | Insufficient data validation in File System API in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass File System restrictions via a crafted HTML page. (Chromium security severity:... |
| CVE-2022-3444 | 2022-11-01 | Insufficient data validation in File System API in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass File System restrictions via a crafted HTML page and malicious file.... |
| CVE-2022-3652 | 2022-11-01 | Type confusion in V8 in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2022-3653 | 2022-11-01 | Heap buffer overflow in Vulkan in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2022-3654 | 2022-11-01 | Use after free in Layout in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2022-3655 | 2022-11-01 | Heap buffer overflow in Media Galleries in Google Chrome prior to 107.0.5304.62 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via... |
| CVE-2022-3656 | 2022-11-01 | Insufficient data validation in File System in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Medium) |
| CVE-2022-3657 | 2022-11-01 | Use after free in Extensions in Google Chrome prior to 107.0.5304.62 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a... |
| CVE-2022-3658 | 2022-11-01 | Use after free in Feedback service on Chrome OS in Google Chrome on Chrome OS prior to 107.0.5304.62 allowed an attacker who convinced a user to install a malicious extension... |
| CVE-2022-3659 | 2022-11-01 | Use after free in Accessibility in Google Chrome on Chrome OS prior to 107.0.5304.62 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially... |
| CVE-2022-3660 | 2022-11-01 | Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 107.0.5304.62 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted... |
| CVE-2022-3661 | 2022-11-01 | Insufficient data validation in Extensions in Google Chrome prior to 107.0.5304.62 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted Chrome extension.... |
| CVE-2022-3801 | 2022-11-01 | IBAX go-ibax rowsInfo sql injection |
| CVE-2022-3812 | 2022-11-01 | Axiomatic Bento4 mp4encrypt AP4_ContainerAtom memory leak |
| CVE-2022-42309 | 2022-11-01 | Xenstore: Guests can crash xenstored Due to a bug in the fix of XSA-115 a malicious guest can cause xenstored to use a wrong pointer during node creation in an... |
| CVE-2022-42310 | 2022-11-01 | Xenstore: Guests can create orphaned Xenstore nodes By creating multiple nodes inside a transaction resulting in an error, a malicious guest can create orphaned nodes in the Xenstore data base,... |
| CVE-2022-42319 | 2022-11-01 | Xenstore: Guests can cause Xenstore to not free temporary memory When working on a request of a guest, xenstored might need to allocate quite large amounts of memory temporarily. This... |
| CVE-2022-42320 | 2022-11-01 | Xenstore: Guests can get access to Xenstore nodes of deleted domains Access rights of Xenstore nodes are per domid. When a domain is gone, there might be Xenstore nodes left... |
| CVE-2022-42321 | 2022-11-01 | Xenstore: Guests can crash xenstored via exhausting the stack Xenstored is using recursion for some Xenstore operations (e.g. for deleting a sub-tree of Xenstore nodes). With sufficiently deep nesting levels... |
| CVE-2022-42322 | 2022-11-01 | Xenstore: Cooperating guests can create arbitrary numbers of nodes T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Since the fix of... |
| CVE-2022-42323 | 2022-11-01 | Xenstore: Cooperating guests can create arbitrary numbers of nodes T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Since the fix of... |
| CVE-2022-42324 | 2022-11-01 | Oxenstored 32->31 bit integer truncation issues Integers in Ocaml are 63 or 31 bits of signed precision. The Ocaml Xenbus library takes a C uint32_t out of the ring and... |
| CVE-2022-42325 | 2022-11-01 | Xenstore: Guests can create arbitrary number of nodes via transactions T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] In case a... |
| CVE-2022-42789 | 2022-11-01 | An issue in code signature validation was addressed with improved checks. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, macOS Monterey 12.6. An app may be... |
| CVE-2022-42790 | 2022-11-01 | A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, iOS 15.7 and iPadOS 15.7, macOS Monterey... |
| CVE-2022-22658 | 2022-11-01 | An input validation issue was addressed with improved input validation. This issue is fixed in iOS 16.0.3. Processing a maliciously crafted email message may lead to a denial-of-service. |
| CVE-2022-22677 | 2022-11-01 | A logic issue in the handling of concurrent media was addressed with improved state handling. This issue is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. Video self-preview... |
| CVE-2022-23738 | 2022-11-01 | Incomplete cache verification issue in GitHub Enterprise Server leading to exposure of private repo files |
| CVE-2022-2572 | 2022-11-01 | In affected versions of Octopus Server where access is managed by an external authentication provider, it was possible that the API key/keys of a disabled/deleted user were still valid after... |
| CVE-2022-25892 | 2022-11-01 | Denial of Service (DoS) |
| CVE-2022-26709 | 2022-11-01 | A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5.... |
| CVE-2022-26710 | 2022-11-01 | A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, tvOS 15.5, watchOS 8.6. Processing maliciously... |
| CVE-2022-26716 | 2022-11-01 | A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing... |
| CVE-2022-26717 | 2022-11-01 | A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5,... |
| CVE-2022-26719 | 2022-11-01 | A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing... |
| CVE-2022-26730 | 2022-11-01 | A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13. Processing a maliciously... |
| CVE-2022-26762 | 2022-11-01 | A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. A malicious application may be able to... |
| CVE-2022-27582 | 2022-11-01 | Password recovery vulnerability in SICK SIM4000 (PPC) Partnumber 1078787 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method.... |
| CVE-2022-27584 | 2022-11-01 | Password recovery vulnerability in SICK SIM2000ST Partnumber 1080579 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This... |
| CVE-2022-27585 | 2022-11-01 | Password recovery vulnerability in SICK SIM1000 FX Partnumber 1097816 and 1097817 with firmware version <1.6.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by... |
| CVE-2022-27586 | 2022-11-01 | Password recovery vulnerability in SICK SIM1004 Partnumber 1098148 with firmware version <2.0.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password... |
| CVE-2022-31777 | 2022-11-01 | Apache Spark XSS vulnerability in log viewer UI Javascript |
| CVE-2022-32794 | 2022-11-01 | A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. An app may be able... |
| CVE-2022-32827 | 2022-11-01 | A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 16, macOS Ventura 13. An app may be able to cause a denial-of-service. |
| CVE-2022-32835 | 2022-11-01 | This issue was addressed with improved entitlements. This issue is fixed in iOS 16, watchOS 9. An app may be able to read a persistent device identifier. |
| CVE-2022-32858 | 2022-11-01 | The issue was addressed with improved memory handling. This issue is fixed in iOS 16, macOS Ventura 13, watchOS 9. An app may be able to leak sensitive kernel state. |