Lista CVE - 2022 / Novembre
Visualizzazione 1001 - 1100 di 2020 CVE per Novembre 2022 (Pagina 11 di 21)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2022-3979 | 2022-11-13 | NagVis CoreLogonMultisite.php checkAuthCookie type conversion |
| CVE-2022-40735 | 2022-11-14 | The Diffie-Hellman Key Agreement Protocol allows use of long exponents that arguably make certain calculations unnecessarily expensive, because the 1996 van Oorschot and Wiener paper found that "(appropriately) short exponents"... |
| CVE-2022-43688 | 2022-11-14 | Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Stored Cross-Site Scripting (XSS) in icons since the Microsoft application tile color is not sanitized. Remediate... |
| CVE-2022-44390 | 2022-11-14 | A cross-site scripting (XSS) vulnerability in EyouCMS V1.5.9-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Public Security Record Number text field. |
| CVE-2022-45136 | 2022-11-14 | Apache Jena SDB allows arbitrary deserialisation via JDBC |
| CVE-2022-45183 | 2022-11-14 | Escalation of privileges in the Web Server in Ironman Software PowerShell Universal 2.x and 3.x allows an attacker with a valid app token to retrieve other app tokens by ID... |
| CVE-2022-45184 | 2022-11-14 | The Web Server in Ironman Software PowerShell Universal v3.x and v2.x allows for directory traversal outside of the configuration directory, which allows a remote attacker with administrator privilege to create,... |
| CVE-2022-45198 | 2022-11-14 | Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data (Data Amplification). |
| CVE-2022-45199 | 2022-11-14 | Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL. |
| CVE-2022-45378 | 2022-11-14 | Apache SOAP allows unauthenticated users to potentially invoke arbitrary code |
| CVE-2021-38827 | 2022-11-14 | Xiongmai Camera XM-JPR2-LX V4.02.R12.A6420987.10002.147502.00000 is vulnerable to account takeover. |
| CVE-2021-38828 | 2022-11-14 | Xiongmai Camera XM-JPR2-LX V4.02.R12.A6420987.10002.147502.00000 is vulnerable to plain-text traffic sniffing. |
| CVE-2021-40272 | 2022-11-14 | OP5 Monitor 8.3.1, 8.3.2, and OP5 8.3.3 are vulnerable to Cross Site Scripting (XSS). |
| CVE-2022-2449 | 2022-11-14 | reSmush.it Image Optimizer < 0.4.7 - Multiple CSRF |
| CVE-2022-2450 | 2022-11-14 | reSmush.it Image Optimizer < 0.4.4 - Subscriber+ AJAX Calls |
| CVE-2022-27949 | 2022-11-14 | Apache Airflow prior to 2.3.1 may include sensitive values in rendered template |
| CVE-2022-30773 | 2022-11-14 | DMA attacks on the parameter buffer used by the IhisiSmm driver could change the contents after parameter values have been checked but before they are used (a TOCTOU attack). DMA... |
| CVE-2022-30774 | 2022-11-14 | DMA attacks on the parameter buffer used by the PnpSmm driver could change the contents after parameter values have been checked but before they are used (a TOCTOU attack) DMA... |
| CVE-2022-31243 | 2022-11-14 | Update description and links DMA transactions which are targeted at input buffers used for the software SMI handler used by the FvbServicesRuntimeDxe driver could cause SMRAM corruption through a TOCTOU... |
| CVE-2022-32266 | 2022-11-14 | DMA attacks on the parameter buffer used by a software SMI handler used by the driver PcdSmmDxe could lead to a TOCTOU attack on the SMI handler and lead to... |
| CVE-2022-32267 | 2022-11-14 | DMA transactions which are targeted at input buffers used for the SmmResourceCheckDxe software SMI handler cause SMRAM corruption (a TOCTOU attack) DMA transactions which are targeted at input buffers used... |
| CVE-2022-3238 | 2022-11-14 | A double-free flaw was found in the Linux kernel’s NTFS3 subsystem in how a user triggers remount and umount simultaneously. This flaw allows a local user to crash or potentially... |
| CVE-2022-3362 | 2022-11-14 | Insufficient Session Expiration in ikus060/rdiffweb |
| CVE-2022-33905 | 2022-11-14 | DMA transactions which are targeted at input buffers used for the AhciBusDxe software SMI handler could cause SMRAM corruption (a TOCTOU attack). DMA transactions which are targeted at input buffers... |
| CVE-2022-33906 | 2022-11-14 | DMA transactions which are targeted at input buffers used for the FwBlockServiceSmm software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input... |
| CVE-2022-33907 | 2022-11-14 | DMA transactions which are targeted at input buffers used for the software SMI handler used by the IdeBusDxe driver could cause SMRAM corruption through a TOCTOU attack... DMA transactions which... |
| CVE-2022-33908 | 2022-11-14 | DMA transactions which are targeted at input buffers used for the SdHostDriver software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input... |
| CVE-2022-33909 | 2022-11-14 | DMA transactions which are targeted at input buffers used for the HddPassword software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input... |
| CVE-2022-33982 | 2022-11-14 | DMA attacks on the parameter buffer used by the Int15ServiceSmm software SMI handler could lead to a TOCTOU attack on the SMI handler and lead to corruption of SMRAM. DMA... |
| CVE-2022-33983 | 2022-11-14 | DMA transactions which are targeted at input buffers used for the NvmExpressLegacy software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input... |
| CVE-2022-33984 | 2022-11-14 | DMA transactions which are targeted at input buffers used for the SdMmcDevice software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input... |
| CVE-2022-33985 | 2022-11-14 | DMA transactions which are targeted at input buffers used for the NvmExpressDxe software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input... |
| CVE-2022-33986 | 2022-11-14 | DMA attacks on the parameter buffer used by the VariableRuntimeDxe software SMI handler could lead to a TOCTOU attack. DMA attacks on the parameter buffer used by the software SMI... |
| CVE-2022-3415 | 2022-11-14 | Chat Bubble < 2.3 - Unauthenticated Stored Cross-Site Scripting |
| CVE-2022-34325 | 2022-11-14 | DMA transactions which are targeted at input buffers used for the StorageSecurityCommandDxe software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input... |
| CVE-2022-3469 | 2022-11-14 | WP Attachments < 5.0.5 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-3477 | 2022-11-14 | tagDiv Composer < 3.5 - Unauthenticated Account Takeover |
| CVE-2022-3484 | 2022-11-14 | WPB Show Core - Reflected Cross-Site Scripting |
| CVE-2022-3538 | 2022-11-14 | Webmaster Tools Verification <= 1.2 - Unauthenticated Arbitrary Plugin Deactivation |
| CVE-2022-3539 | 2022-11-14 | Testimonials (Free < 2.7, Pro < 1.0.8) - Admin+ Stored Cross-Site Scripting |
| CVE-2022-35613 | 2022-11-14 | Konker v2.3.9 was to discovered to contain a Cross-Site Request Forgery (CSRF). |
| CVE-2022-3574 | 2022-11-14 | WPForms Pro < 1.7.7 - CSV Injection |
| CVE-2022-3578 | 2022-11-14 | ProfileGrid < 5.1.1 - Reflected Cross-Site Scripting |
| CVE-2022-3631 | 2022-11-14 | OAuth Client by DigitialPixies <= 1.1.0 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-3632 | 2022-11-14 | OAuth Client by DigitialPixies <= 1.1.0 - CSRF |
| CVE-2022-37109 | 2022-11-14 | patrickfuller camp up to and including commit bbd53a256ed70e79bd8758080936afbf6d738767 is vulnerable to Incorrect Access Control. Access to the password.txt file is not properly restricted as it is in the root directory... |
| CVE-2022-37290 | 2022-11-14 | GNOME Nautilus 42.2 allows a NULL pointer dereference and get_basename application crash via a pasted ZIP archive. |
| CVE-2022-38167 | 2022-11-14 | The Nintex Workflow plugin 5.2.2.30 for SharePoint allows XSS. |
| CVE-2022-3903 | 2022-11-14 | An incorrect read request flaw was found in the Infrared Transceiver USB driver in the Linux kernel. This issue occurs when a user attaches a malicious USB device. A local... |
| CVE-2022-39385 | 2022-11-14 | Users erroneously and transparently added to private messages in Discourse |
| CVE-2022-3988 | 2022-11-14 | Frappe Search navbar_search.html cross site scripting |
| CVE-2022-3992 | 2022-11-14 | SourceCodester Sanitization Management System Banner Image cross site scripting |
| CVE-2022-3993 | 2022-11-14 | Improper Restriction of Excessive Authentication Attempts in kareadita/kavita |
| CVE-2022-40127 | 2022-11-14 | Apache Airflow <2.4.0 has an RCE in a bash example |
| CVE-2022-40405 | 2022-11-14 | WoWonder Social Network Platform v4.1.2 was discovered to contain a SQL injection vulnerability via the offset parameter at requests.php?f=load-my-blogs. |
| CVE-2022-40903 | 2022-11-14 | Aiphone GT-DMB-N 3-in-1 Video Entrance Station with NFC Reader 1.0.3 does not mitigate against repeated failed access attempts, which allows an attacker to gain administrative privileges. |
| CVE-2022-41913 | 2022-11-14 | Discourse-calendar exposes members of hidden groups |
| CVE-2022-42110 | 2022-11-14 | A Cross-site scripting (XSS) vulnerability in the Announcements module in Liferay Portal 7.1.0 through 7.4.2, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3... |
| CVE-2022-42984 | 2022-11-14 | WoWonder Social Network Platform 4.1.4 was discovered to contain a SQL injection vulnerability via the offset parameter at requests.php?f=search&s=recipients. |
| CVE-2022-43030 | 2022-11-14 | Siyucms v6.1.7 was discovered to contain a remote code execution (RCE) vulnerability in the background. SIYUCMS is a content management system based on ThinkPaP5 AdminLTE. SIYUCMS has a background command... |
| CVE-2022-43146 | 2022-11-14 | An arbitrary file upload vulnerability in the image upload function of Canteen Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. |
| CVE-2022-43288 | 2022-11-14 | Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the order_by parameter at /rukovoditel/index.php?module=logs/view&type=php. |
| CVE-2022-43294 | 2022-11-14 | Tasmota before commit 066878da4d4762a9b6cb169fdf353e804d735cfd was discovered to contain a stack overflow via the ClientPortPtr parameter at lib/libesp32/rtsp/CRtspSession.cpp. |
| CVE-2022-43295 | 2022-11-14 | XPDF v4.04 was discovered to contain a stack overflow via the function FileStream::copy() at xpdf/Stream.cc:795. |
| CVE-2022-43323 | 2022-11-14 | EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Top Up Balance component under the Edit Member module. |
| CVE-2022-43342 | 2022-11-14 | A stored cross-site scripting (XSS) vulnerability in the Add function of Eramba GRC Software c2.8.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into... |
| CVE-2022-43686 | 2022-11-14 | In Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2, the authTypeConcreteCookieMap table can be filled up causing a denial of service (high load). |
| CVE-2022-43687 | 2022-11-14 | Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 does not issue a new session ID upon successful OAuth authentication. Remediate by updating to Concrete CMS 9.1.3+ or... |
| CVE-2022-43689 | 2022-11-14 | Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to XXE based DNS requests leading to IP disclosure. |
| CVE-2022-43690 | 2022-11-14 | Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 did not use strict comparison for the legacy_salt so that limited authentication bypass could occur if using this functionality.... |
| CVE-2022-43691 | 2022-11-14 | Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 inadvertently disclose server-side sensitive information (secrets in environment variables and server information) when Debug Mode is left on in... |
| CVE-2022-43692 | 2022-11-14 | Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS - user can cause an administrator to trigger reflected XSS with a url if... |
| CVE-2022-43693 | 2022-11-14 | Concrete CMS is vulnerable to CSRF due to the lack of "State" parameter for external Concrete authentication service for users of Concrete who use the "out of the box" core... |
| CVE-2022-43694 | 2022-11-14 | Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS in the image manipulation library due to un-sanitized output. |
| CVE-2022-43695 | 2022-11-14 | Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Stored Cross-Site Scripting (XSS) in dashboard/system/express/entities/associations because Concrete CMS allows association with an entity name that... |
| CVE-2022-43967 | 2022-11-14 | Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS in the multilingual report due to un-sanitized output. Remediate by updating to Concrete CMS... |
| CVE-2022-43968 | 2022-11-14 | Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS in the dashboard icons due to un-sanitized output. Remediate by updating to Concrete CMS... |
| CVE-2022-44387 | 2022-11-14 | EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Basic Information component under the Edit Member module. |
| CVE-2022-44389 | 2022-11-14 | EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Edit Admin Profile module. This vulnerability allows attackers to arbitrarily change Administrator account information. |
| CVE-2022-31630 | 2022-11-14 | OOB read due to insufficient input validation in imageloadfont() |
| CVE-2022-0324 | 2022-11-14 | Buffer Overflow in Dhcp6relay in Software for Open Networking in the Cloud (SONiC) |
| CVE-2022-35719 | 2022-11-14 | IBM MQ Internet Pass-Thru 2.1, 9.2 LTS and 9.2 CD stores potentially sensitive information in trace files that could be read by a local user. |
| CVE-2022-0137 | 2022-11-14 | A heap buffer overflow in image_set_mask function of HTMLDOC before 1.9.15 allows an attacker to write outside the buffer boundaries. |
| CVE-2022-34313 | 2022-11-14 | IBM CICS TX Standard is vulnerable to allowing attackers access to an application via insecure session cookies |
| CVE-2022-24937 | 2022-11-14 | Malformed Zigbee packet causes Assert in EmberZNet 7.0.0 or earlier |
| CVE-2022-34319 | 2022-11-14 | IBM CICS TX information disclosure |
| CVE-2022-34329 | 2022-11-14 | IBM CICS TX information disclosure |
| CVE-2022-24938 | 2022-11-14 | Malformed Zigbee packet causes Assert in EmberZNet 7.0.1 or earlier |
| CVE-2022-34312 | 2022-11-14 | IBM CICS TX information disclosure |
| CVE-2022-38705 | 2022-11-14 | IBM CICS TX phishing |
| CVE-2022-34315 | 2022-11-14 | IBM CICS TX cross-site scripting |
| CVE-2022-34314 | 2022-11-14 | IBM CICS TX 11.1 could disclose sensitive information to a local user due to insecure permission settings. IBM X-Force ID: 229450. |
| CVE-2022-34316 | 2022-11-14 | IBM CICS TX information disclosure |
| CVE-2022-34318 | 2022-11-14 | IBM CICS TX clickjacking |
| CVE-2022-34317 | 2022-11-14 | IBM CICS TX cross-site scripting |
| CVE-2022-34320 | 2022-11-14 | IBM CICS TX information disclosure |
| CVE-2022-28764 | 2022-11-14 | Local information exposure in Zoom Clients |
| CVE-2022-27896 | 2022-11-14 | The Foundry Code-Workbooks service was found to contain an issue leading to information disclosure. |
| CVE-2022-40843 | 2022-11-15 | The Tenda AC1200 V-W15Ev2 V15.11.0.10(1576) router is vulnerable to improper authorization / improper session management that allows the router login page to be bypassed. This leads to authenticated attackers having... |
| CVE-2022-42111 | 2022-11-15 | A Cross-site scripting (XSS) vulnerability in the Sharing module's user notification in Liferay Portal 7.2.1 through 7.4.2, and Liferay DXP 7.2 before fix pack 19, and 7.3 before update 4... |