Lista CVE - 2022 / Novembre
Visualizzazione 901 - 1000 di 2020 CVE per Novembre 2022 (Pagina 10 di 21)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2022-3959 | 2022-11-11 | drogon Session Hash small space of random values |
| CVE-2022-41873 | 2022-11-11 | Out-of-bounds read and write in BLE L2CAP module |
| CVE-2022-41882 | 2022-11-11 | Nextcloud Desktop vulnerable to code injection via malicious link |
| CVE-2022-41892 | 2022-11-11 | Arches vulnerable to SQL Injection |
| CVE-2022-41904 | 2022-11-11 | Element iOS is vulnerable due to missing decoration for events decrypted with untrusted Megolm sessions |
| CVE-2022-41905 | 2022-11-11 | wsgidav is vulnerable to Cross-Site Scripting (XSS) when directory browsing is enabled |
| CVE-2022-41906 | 2022-11-11 | OpenSearch Notifications is vulnerable to Server-Side Request Forgery (SSRF) |
| CVE-2022-45182 | 2022-11-11 | Pi-Star_DV_Dash (for Pi-Star DV) before 5aa194d mishandles the module parameter. |
| CVE-2022-45193 | 2022-11-11 | CBRN-Analysis before 22 has weak file permissions under Public Profile, leading to disclosure of file contents or privilege escalation. |
| CVE-2022-45194 | 2022-11-11 | CBRN-Analysis before 22 allows XXE attacks via am mws XML document, leading to NTLMv2-SSP hash disclosure. |
| CVE-2022-41854 | 2022-11-11 | Stack Overflow in Snakeyaml |
| CVE-2022-26341 | 2022-11-11 | Insufficiently protected credentials in software in Intel(R) AMT SDK before version 16.0.4.1, Intel(R) EMA before version 1.7.1 and Intel(R) MC before version 2.3.2 may allow an authenticated user to potentially... |
| CVE-2022-26845 | 2022-11-11 | Improper authentication in firmware for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an unauthenticated user to potentially enable escalation of privilege via network access. |
| CVE-2022-27497 | 2022-11-11 | Null pointer dereference in firmware for Intel(R) AMT before version 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an unauthenticated user to potentially enable denial of service via network... |
| CVE-2022-29893 | 2022-11-11 | Improper authentication in firmware for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an authenticated user to potentially enable escalation of privilege via network access. |
| CVE-2021-33159 | 2022-11-11 | Improper authentication in subsystem for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2022-29466 | 2022-11-11 | Improper input validation in firmware for Intel(R) SPS before version SPS_E3_04.01.04.700.0 may allow an authenticated user to potentially enable denial of service via local access. |
| CVE-2022-29515 | 2022-11-11 | Missing release of memory after effective lifetime in firmware for Intel(R) SPS before versions SPS_E3_06.00.03.035.0 may allow a privileged user to potentially enable denial of service via local access. |
| CVE-2022-30691 | 2022-11-11 | Uncontrolled resource consumption in the Intel(R) Support Android application before version 22.02.28 may allow an authenticated user to potentially enable denial of service via local access. |
| CVE-2022-36367 | 2022-11-11 | Incorrect default permissions in the Intel(R) Support Android application before version v22.02.28 may allow a privileged user to potentially enable information disclosure via local access. |
| CVE-2022-30297 | 2022-11-11 | Cross-site scripting in the Intel(R) EMA software before version 1.8.0 may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2022-27638 | 2022-11-11 | Uncontrolled search path element in the Intel(R) Advanced Link Analyzer Pro before version 22.2 and Standard edition software before version 22.1.1 STD may allow an authenticated user to potentially enable... |
| CVE-2022-26086 | 2022-11-11 | Uncontrolled search path element in the PresentMon software maintained by Intel(R) before version 1.7.1 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2022-26508 | 2022-11-11 | Improper authentication in the Intel(R) SDP Tool before version 3.0.0 may allow an unauthenticated user to potentially enable information disclosure via network access. |
| CVE-2022-27499 | 2022-11-11 | Premature release of resource during expected lifetime in the Intel(R) SGX SDK software may allow a privileged user to potentially enable information disclosure via local access. |
| CVE-2022-30548 | 2022-11-11 | Uncontrolled search path element in the Intel(R) Glorp software may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2022-27187 | 2022-11-11 | Uncontrolled search path element in the Intel(R) Quartus Prime Standard edition software before version 21.1 Patch 0.02std may allow an authenticated user to potentially enable escalation of privilege via local... |
| CVE-2022-27233 | 2022-11-11 | XML injection in the Quartus(R) Prime Programmer included in the Intel(R) Quartus Prime Pro and Standard edition software may allow an unauthenticated user to potentially enable information disclosure via network... |
| CVE-2021-26251 | 2022-11-11 | Improper input validation in the Intel(R) Distribution of OpenVINO(TM) Toolkit may allow an authenticated user to potentially enable denial of service via network access. |
| CVE-2022-33942 | 2022-11-11 | Protection mechanism failure in the Intel(R) DCM software before version 5.0 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. |
| CVE-2022-29486 | 2022-11-11 | Improper buffer restrictions in the Hyperscan library maintained by Intel(R) all versions downloaded before 04/29/2022 may allow an unauthenticated user to potentially enable escalation of privilege via network access. |
| CVE-2022-26513 | 2022-11-11 | Out-of-bounds write in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. |
| CVE-2022-27874 | 2022-11-11 | Improper authentication in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via physical access. |
| CVE-2022-28611 | 2022-11-11 | Improper input validation in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via physical access. |
| CVE-2022-26369 | 2022-11-11 | Out-of-bounds read in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via adjacent access. |
| CVE-2022-28126 | 2022-11-11 | Improper input validation in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2022-26367 | 2022-11-11 | Improper buffer restrictions in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2022-26079 | 2022-11-11 | Improper conditions check in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2022-27639 | 2022-11-11 | Incomplete cleanup in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via adjacent access. |
| CVE-2022-26045 | 2022-11-11 | Improper buffer restrictions in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via physical access. |
| CVE-2021-33164 | 2022-11-11 | Improper access control in BIOS firmware for some Intel(R) NUCs before version INWHL357.0046 may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2022-33176 | 2022-11-11 | Improper input validation in BIOS firmware for some Intel(R) NUC 11 Performance kits and Intel(R) NUC 11 Performance Mini PCs before version PATGL357.0042 may allow a privileged user to potentially... |
| CVE-2022-37345 | 2022-11-11 | Improper authentication in BIOS firmware[A1] for some Intel(R) NUC Kits before version RY0386 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2022-21794 | 2022-11-11 | Improper authentication in BIOS firmware for some Intel(R) NUC Boards, Intel(R) NUC Business, Intel(R) NUC Enthusiast, Intel(R) NUC Kits before version HN0067 may allow a privileged user to potentially enable... |
| CVE-2022-34152 | 2022-11-11 | Improper input validation in BIOS firmware for some Intel(R) NUC Boards, Intel(R) NUC Kits before version TY0070 may allow a privileged user to potentially enable escalation of privilege via local... |
| CVE-2022-32569 | 2022-11-11 | Improper buffer restrictions in BIOS firmware for some Intel(R) NUC M15 Laptop Kits before version BCTGL357.0074 may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2022-36789 | 2022-11-11 | Improper access control in BIOS firmware for some Intel(R) NUC 10 Performance Kits and Intel(R) NUC 10 Performance Mini PCs before version FNCML357.0053 may allow a privileged user to potentially... |
| CVE-2022-35276 | 2022-11-11 | Improper access control in BIOS firmware for some Intel(R) NUC 8 Compute Elements before version CBWHL357.0096 may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2022-38099 | 2022-11-11 | Improper input validation in BIOS firmware for some Intel(R) NUC 11 Compute Elements before version EBTGL357.0065 may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2022-26124 | 2022-11-11 | Improper buffer restrictions in BIOS firmware for some Intel(R) NUC Boards, Intel(R) NUC 8 Boards, Intel(R) NUC 8 Rugged Boards and Intel(R) NUC 8 Rugged Kits before version CHAPLCEL.0059 may... |
| CVE-2022-36370 | 2022-11-11 | Improper authentication in BIOS firmware for some Intel(R) NUC Boards and Intel(R) NUC Kits before version MYi30060 may allow a privileged user to potentially enable escalation of privilege via local... |
| CVE-2022-37334 | 2022-11-11 | Improper initialization in BIOS firmware for some Intel(R) NUC 11 Pro Kits and Intel(R) NUC 11 Pro Boards before version TNTGL357.0064 may allow an authenticated user to potentially enable escalation... |
| CVE-2022-36349 | 2022-11-11 | Insecure default variable initialization in BIOS firmware for some Intel(R) NUC Boards and Intel(R) NUC Kits before version MYi30060 may allow an authenticated user to potentially enable denial of service... |
| CVE-2022-30542 | 2022-11-11 | Improper input validation in the firmware for some Intel(R) Server Board S2600WF, Intel(R) Server System R1000WF and Intel(R) Server System R2000WF families before version R02.01.0014 may allow a privileged user... |
| CVE-2022-25917 | 2022-11-11 | Uncaught exception in the firmware for some Intel(R) Server Board M50CYP Family before version R01.01.0005 may allow a privileged user to potentially enable a denial of service via local access. |
| CVE-2022-26006 | 2022-11-11 | Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2022-21198 | 2022-11-11 | Time-of-check time-of-use race condition in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2022-36400 | 2022-11-11 | Path traversal in the installer software for some Intel(r) NUC Kit Wireless Adapter drivers for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of... |
| CVE-2022-36384 | 2022-11-11 | Unquoted search path in the installer software for some Intel(r) NUC Kit Wireless Adapter drivers for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation... |
| CVE-2022-36380 | 2022-11-11 | Uncontrolled search path in the installer software for some Intel(r) NUC Kit Wireless Adapter drivers for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation... |
| CVE-2022-36377 | 2022-11-11 | Insecure inherited permissions in some Intel(R) Wireless Adapter Driver installation software for Intel(R) NUC Kits & Mini PCs before version 22.190.0.3 for Windows may allow an authenticated user to potentially... |
| CVE-2022-33973 | 2022-11-11 | Improper access control in the Intel(R) WAPI Security software for Windows 10/11 before version 22.2150.0.1 may allow an authenticated user to potentially enable information disclosure via local access. |
| CVE-2022-26047 | 2022-11-11 | Improper input validation for some Intel(R) PROSet/Wireless WiFi, Intel vPro(R) CSME WiFi and Killer(TM) WiFi products may allow unauthenticated user to potentially enable denial of service via local access. |
| CVE-2022-26024 | 2022-11-11 | Improper access control in the Intel(R) NUC HDMI Firmware Update Tool for NUC7i3DN, NUC7i5DN and NUC7i7DN before version 1.78.2.0.7 may allow an authenticated user to potentially enable escalation of privilege... |
| CVE-2022-28667 | 2022-11-11 | Out-of-bounds write for some Intel(R) PROSet/Wireless WiFi software before version 22.140 may allow an unauthenticated user to potentially enable denial of service via adjacent access. |
| CVE-2021-33064 | 2022-11-11 | Uncontrolled search path in the software installer for Intel(R) System Studio for all versions, may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2022-26028 | 2022-11-11 | Uncontrolled search path in the Intel(R) VTune(TM) Profiler software before version 2022.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2022-3510 | 2022-11-11 | Parsing issue in protobuf message-type extension |
| CVE-2022-34331 | 2022-11-11 | IBM Power FW security bypass |
| CVE-2022-38387 | 2022-11-11 | IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.2.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force... |
| CVE-2022-38385 | 2022-11-11 | IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.2.0 could allow an authenticated user to obtain highly sensitive information or perform unauthorized actions due to improper input validation. IBM X-Force... |
| CVE-2022-40750 | 2022-11-11 | IBM WebSphere Application Server cross-site scripting |
| CVE-2022-36776 | 2022-11-11 | IBM Cloud Pak for Security (CP4S) 1.10.0.0 79and 1.10.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the... |
| CVE-2022-40753 | 2022-11-11 | IBM InfoSphere Information Server cross-site scripting |
| CVE-2022-31772 | 2022-11-11 | IBM MQ denial of service |
| CVE-2022-38650 | 2022-11-12 | A remote unauthenticated insecure deserialization vulnerability exists in VMware Hyperic Server 5.8.6. Exploitation of this vulnerability enables a malicious party to run arbitrary code or malware within Hyperic Server and... |
| CVE-2022-38652 | 2022-11-12 | A remote insecure deserialization vulnerability exixsts in VMWare Hyperic Agent 5.8.6. Exploitation of this vulnerability enables a malicious authenticated user to run arbitrary code or malware within a Hyperic Agent... |
| CVE-2022-45188 | 2022-11-12 | Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl file. This provides remote root access on some platforms such as FreeBSD (used... |
| CVE-2022-38651 | 2022-11-12 | A security filter misconfiguration exists in VMware Hyperic Server 5.8.6. Exploitation of this vulnerability enables a malicious party to bypass some authentication requirements when issuing requests to Hyperic Server. NOTE:... |
| CVE-2022-3963 | 2022-11-12 | gnuboard5 FAQ Key ID faq.php cross site scripting |
| CVE-2022-40773 | 2022-11-12 | Zoho ManageEngine ServiceDesk Plus MSP before 10609 and SupportCenter Plus before 11025 are vulnerable to privilege escalation. This allows users to obtain sensitive data during an exportMickeyList export of requests... |
| CVE-2022-41339 | 2022-11-12 | In Zoho ManageEngine Mobile Device Manager Plus before 10.1.2207.5, the User Administration module allows privilege escalation. |
| CVE-2022-43671 | 2022-11-12 | Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection. |
| CVE-2022-43672 | 2022-11-12 | Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection (in a different software component relative to CVE-2022-43671. |
| CVE-2022-45195 | 2022-11-12 | SimpleXMQ before 3.4.0, as used in SimpleX Chat before 4.2, does not apply a key derivation function to intended data, which can interfere with forward secrecy and can have other... |
| CVE-2022-45196 | 2022-11-12 | Hyperledger Fabric 2.3 allows attackers to cause a denial of service (orderer crash) by repeatedly sending a crafted channel tx with the same Channel name. NOTE: the official Fabric with... |
| CVE-2022-3964 | 2022-11-13 | ffmpeg QuickTime RPZA Video Encoder rpzaenc.c out-of-bounds |
| CVE-2022-3965 | 2022-11-13 | ffmpeg QuickTime Graphics Video Encoder smcenc.c smc_encode_stream out-of-bounds |
| CVE-2022-3968 | 2022-11-13 | emlog article_save.php cross site scripting |
| CVE-2022-3966 | 2022-11-13 | Ultimate Member Plugin Template class-shortcodes.php load_template pathname traversal |
| CVE-2022-3967 | 2022-11-13 | Vesta Control Panel sed main.sh argument injection |
| CVE-2022-3969 | 2022-11-13 | OpenKM FileUtils.java getFileExtension temp file |
| CVE-2022-3970 | 2022-11-13 | LibTIFF tif_getimage.c TIFFReadRGBATileExt integer overflow |
| CVE-2022-3971 | 2022-11-13 | matrix-appservice-irc PgDataStore.ts sql injection |
| CVE-2022-3972 | 2022-11-13 | Pingkon HMS-PHP adminlogin.php sql injection |
| CVE-2022-3973 | 2022-11-13 | Pingkon HMS-PHP Data Pump Metadata admin.php sql injection |
| CVE-2022-3974 | 2022-11-13 | Axiomatic Bento4 mp4info Ap4StdCFileByteStream.cpp ReadPartial heap-based overflow |
| CVE-2022-3975 | 2022-11-13 | NukeViet CMS Data URL Request.php filterAttr cross site scripting |
| CVE-2022-3976 | 2022-11-13 | MZ Automation libiec61850 MMS File Services mms_client_files.c path traversal |
| CVE-2022-3978 | 2022-11-13 | NodeBB abort cross-site request forgery |