Lista CVE - 2022 / Novembre
Visualizzazione 1501 - 1600 di 2020 CVE per Novembre 2022 (Pagina 16 di 21)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2022-44171 | 2022-11-21 | Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function form_fast_setting_wifi_set. |
| CVE-2022-44172 | 2022-11-21 | Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function R7WebsSecurityHandler. |
| CVE-2022-44174 | 2022-11-21 | Tenda AC18 V15.03.05.05 is vulnerable to Buffer Overflow via function formSetDeviceName. |
| CVE-2022-44175 | 2022-11-21 | Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function formSetMacFilterCfg. |
| CVE-2022-44176 | 2022-11-21 | Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function fromSetRouteStatic. |
| CVE-2022-44177 | 2022-11-21 | Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function formWifiWpsStart. |
| CVE-2022-44178 | 2022-11-21 | Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow. via function formWifiWpsOOB. |
| CVE-2022-44180 | 2022-11-21 | Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function addWifiMacFilter. |
| CVE-2022-44183 | 2022-11-21 | Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function formSetWifiGuestBasic. |
| CVE-2022-44784 | 2022-11-21 | An issue was discovered in Appalti & Contratti 9.12.2. The target web applications LFS and DL229 expose a set of services provided by the Axis 1.4 instance, embedded directly into... |
| CVE-2022-44785 | 2022-11-21 | An issue was discovered in Appalti & Contratti 9.12.2. The target web applications are subject to multiple SQL Injection vulnerabilities, some of which executable even by unauthenticated users, as demonstrated... |
| CVE-2022-44786 | 2022-11-21 | An issue was discovered in Appalti & Contratti 9.12.2. The target web applications allow Local File Inclusion in any page relying on the href parameter to specify the JSP page... |
| CVE-2022-44787 | 2022-11-21 | An issue was discovered in Appalti & Contratti 9.12.2. The web applications are vulnerable to a Reflected Cross-Site Scripting issue. The idPagina parameter is reflected inside the server response without... |
| CVE-2022-44788 | 2022-11-21 | An issue was discovered in Appalti & Contratti 9.12.2. It allows Session Fixation. When a user logs in providing a JSESSIONID cookie that is issued by the server at the... |
| CVE-2022-44830 | 2022-11-21 | Sourcecodester Event Registration App v1.0 was discovered to contain multiple CSV injection vulnerabilities via the First Name, Contact and Remarks fields. These vulnerabilities allow attackers to execute arbitrary code via... |
| CVE-2022-45012 | 2022-11-21 | A cross-site scripting (XSS) vulnerability in the Modify Page module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the... |
| CVE-2022-45013 | 2022-11-21 | A cross-site scripting (XSS) vulnerability in the Show Advanced Option module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into... |
| CVE-2022-45014 | 2022-11-21 | A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the... |
| CVE-2022-45015 | 2022-11-21 | A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the... |
| CVE-2022-45016 | 2022-11-21 | A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the... |
| CVE-2022-45017 | 2022-11-21 | A cross-site scripting (XSS) vulnerability in the Overview Page settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into... |
| CVE-2022-45422 | 2022-11-21 | When LG SmartShare is installed, local privilege escalation is possible through DLL Hijacking attack. The LG ID is LVE-HOT-220005. |
| CVE-2022-45470 | 2022-11-21 | Apache Hama allows XSS and information disclosure |
| CVE-2022-3589 | 2022-11-21 | Miele: Vulnerability in cloud service used by appWash |
| CVE-2022-3861 | 2022-11-21 | The Betheme theme for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 26.5.1.4 via deserialization of untrusted input supplied via the import, mfn-items-import-page, and mfn-items-import... |
| CVE-2022-32774 | 2022-11-21 | A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.0.1.12430. By prematurely deleting objects associated with pages, a specially-crafted PDF document can trigger the reuse... |
| CVE-2022-37332 | 2022-11-21 | A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.0.1.12430. A specially-crafted PDF document can trigger the reuse of previously freed memory via misusing media... |
| CVE-2022-38097 | 2022-11-21 | A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.0.1.12430. By prematurely destroying annotation objects, a specially-crafted PDF document can trigger the reuse of previously... |
| CVE-2022-40129 | 2022-11-21 | A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.0.1.12430. A specially-crafted PDF document can trigger the reuse of previously freed memory via misusing Optional... |
| CVE-2022-40746 | 2022-11-21 | IBM i Access Family 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking... |
| CVE-2022-44647 | 2022-11-21 | An Out-of-bounds read vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information on affected installations. Please note: an... |
| CVE-2022-44648 | 2022-11-21 | An Out-of-bounds read vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information on affected installations. Please note: an... |
| CVE-2022-44649 | 2022-11-21 | An out-of-bounds access vulnerability in the Unauthorized Change Prevention service of Trend Micro Apex One and Apex One as a Service could allow a local attacker to elevate privileges on... |
| CVE-2022-44650 | 2022-11-21 | A memory corruption vulnerability in the Unauthorized Change Prevention service of Trend Micro Apex One and Apex One as a Service could allow a local attacker to elevate privileges on... |
| CVE-2022-44651 | 2022-11-21 | A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Please note:... |
| CVE-2022-44652 | 2022-11-21 | An improper handling of exceptional conditions vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to escalate privileges on affected installations. Please... |
| CVE-2022-44653 | 2022-11-21 | A security agent directory traversal vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to escalate privileges on affected installations. Please note:... |
| CVE-2022-44654 | 2022-11-21 | Affected builds of Trend Micro Apex One and Apex One as a Service contain a monitor engine component that is complied without the /SAFESEH memory protection mechanism which helps to... |
| CVE-2022-1038 | 2022-11-21 | A potential security vulnerability has been identified in the HP Jumpstart software, which might allow escalation of privilege. HP is recommending that customers uninstall HP Jumpstart and use myHP software. |
| CVE-2022-37018 | 2022-11-21 | A potential vulnerability has been identified in the system BIOS for certain HP PC products which may allow escalation of privileges and code execution. HP is releasing firmware updates to... |
| CVE-2021-3437 | 2022-11-21 | Potential security vulnerabilities have been identified in an OMEN Gaming Hub SDK package which may allow escalation of privilege and/or denial of service. HP is releasing software updates to mitigate... |
| CVE-2021-3661 | 2022-11-21 | A potential security vulnerability has been identified in certain HP Workstation BIOS (UEFI firmware) which may allow arbitrary code execution. HP is releasing firmware mitigations for the potential vulnerability. |
| CVE-2021-3821 | 2022-11-21 | A potential security vulnerability has been identified for certain HP multifunction printers (MFPs). The vulnerability may lead to Denial of Service when running HP Workpath solutions on potentially affected products. |
| CVE-2021-3919 | 2022-11-21 | A potential security vulnerability has been identified in OMEN Gaming Hub and in HP Command Center which may allow escalation of privilege and/or denial of service. HP has released software... |
| CVE-2022-0222 | 2022-11-22 | A CWE-269: Improper Privilege Management vulnerability exists that could cause a denial of service of the Ethernet communication of the controller when sending a specific request over SNMP. Affected products:... |
| CVE-2022-30529 | 2022-11-22 | File upload vulnerability in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to upload arbitrary files via /system/application/libs/js/tinymce/plugins/filemanager/dialog.php and /system/application/libs/js/tinymce/plugins/filemanager/upload.php. |
| CVE-2022-3088 | 2022-11-22 | UC-8100A-ME-T System Image: Versions v1.0 to v1.6, UC-2100 System Image: Versions v1.0 to v1.12, UC-2100-W System Image: Versions v1.0 to v 1.12, UC-3100 System Image: Versions v1.0 to v1.6, UC-5100 System Image:... |
| CVE-2022-33012 | 2022-11-22 | Microweber v1.2.15 was discovered to allow attackers to perform an account takeover via a host header injection attack. |
| CVE-2022-3500 | 2022-11-22 | A vulnerability was found in keylime. This security issue happens in some circumstances, due to some improperly handled exceptions, there exists the possibility that a rogue agent could create errors... |
| CVE-2022-35407 | 2022-11-22 | An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. A stack buffer overflow leads to arbitrary code execution in the SetupUtility driver on Intel platforms. An attacker... |
| CVE-2022-36179 | 2022-11-22 | Fusiondirectory 1.3 suffers from Improper Session Handling. |
| CVE-2022-36180 | 2022-11-22 | Fusiondirectory 1.3 is vulnerable to Cross Site Scripting (XSS) via /fusiondirectory/index.php?message=[injection], /fusiondirectory/index.php?message=invalidparameter&plug={Injection], /fusiondirectory/index.php?signout=1&message=[injection]&plug=106. |
| CVE-2022-36227 | 2022-11-22 | In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to... |
| CVE-2022-37301 | 2022-11-22 | A CWE-191: Integer Underflow (Wrap or Wraparound) vulnerability exists that could cause a denial of service of the controller due to memory access violations when using the Modbus TCP protocol.... |
| CVE-2022-37773 | 2022-11-22 | An authenticated SQL Injection vulnerability in the statistics page (/statistics/retrieve) of Maarch RM 2.8, via the filter parameter, allows the complete disclosure of all databases. |
| CVE-2022-37774 | 2022-11-22 | There is a broken access control vulnerability in the Maarch RM 2.8.3 solution. When accessing some specific document (pdf, email) from an archive, a preview is proposed by the application.... |
| CVE-2022-38462 | 2022-11-22 | Silverstripe silverstripe/framework through 4.11 is vulnerable to XSS by carefully crafting a return URL on a /dev/build or /Security/login request. |
| CVE-2022-38649 | 2022-11-22 | Apache Airflow Pinot provider allowed Command Injection |
| CVE-2022-38724 | 2022-11-22 | Silverstripe silverstripe/framework through 4.11.0, silverstripe/assets through 1.11.0, and silverstripe/asset-admin through 1.11.0 allow XSS. |
| CVE-2022-39066 | 2022-11-22 | There is a SQL injection vulnerability in ZTE MF286R. Due to insufficient validation of the input parameters of the phonebook interface, an authenticated attacker could use the vulnerability to execute... |
| CVE-2022-39067 | 2022-11-22 | There is a buffer overflow vulnerability in ZTE MF286R. Due to lack of input validation on parameters of the wifi interface, an authenticated attacker could use the vulnerability to perform... |
| CVE-2022-39070 | 2022-11-22 | There is an access control vulnerability in some ZTE PON OLT products. Due to improper access control settings, remote attackers could use the vulnerability to log in to the device... |
| CVE-2022-39199 | 2022-11-22 | Lack of proper validation in immudb |
| CVE-2022-39397 | 2022-11-22 | Exposure of sensitive information in aliyun-oss-client |
| CVE-2022-40189 | 2022-11-22 | Apache Airlfow Pig Provider RCE |
| CVE-2022-40303 | 2022-11-22 | An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt... |
| CVE-2022-40602 | 2022-11-22 | A flaw in the Zyxel LTE3301-M209 firmware verisons prior to V1.00(ABLG.6)C0 could allow a remote attacker to access the device using an improper pre-configured password if the remote administration feature... |
| CVE-2022-40765 | 2022-11-22 | A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker with internal network access to conduct a command-injection attack, due to... |
| CVE-2022-40842 | 2022-11-22 | ndk design NdkAdvancedCustomizationFields 3.5.0 is vulnerable to Server-side request forgery (SSRF) via rotateimg.php. |
| CVE-2022-40870 | 2022-11-22 | The Web Client of Parallels Remote Application Server v18.0 is vulnerable to Host Header Injection attacks. This vulnerability allows attackers to execute arbitrary commands via a crafted payload injected into... |
| CVE-2022-40954 | 2022-11-22 | Apache Airflow Spark Provider RCE that bypass restrictions to read arbitrary files |
| CVE-2022-4111 | 2022-11-22 | Improper Validation of Specified Quantity in Input in tooljet/tooljet |
| CVE-2022-41131 | 2022-11-22 | Apache Airflow Hive Provider vulnerability (command injection via hive_cli connection) |
| CVE-2022-4116 | 2022-11-22 | A vulnerability was found in quarkus. This security flaw happens in Dev UI Config Editor which is vulnerable to drive-by localhost attacks leading to remote code execution. |
| CVE-2022-41223 | 2022-11-22 | The Director database component of MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker to conduct a code-injection attack via crafted data due to insufficient restrictions on the database... |
| CVE-2022-41326 | 2022-11-22 | The web conferencing component of Mitel MiCollab through 9.6.0.13 could allow an unauthenticated attacker to upload arbitrary scripts due to improper authorization controls. A successful exploit could allow remote code... |
| CVE-2022-41445 | 2022-11-22 | A cross-site scripting (XSS) vulnerability in Record Management System using CodeIgniter 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Add Subject... |
| CVE-2022-41919 | 2022-11-22 | Fastify vulnerable to Cross-Site Request Forgery (CSRF) attack via incorrect content type |
| CVE-2022-41936 | 2022-11-22 | Exposure of Private Personal Information to an Unauthorized Actor in xwiki-platform-rest-server |
| CVE-2022-41937 | 2022-11-22 | Missing Authorization in XWiki Platform |
| CVE-2022-41940 | 2022-11-22 | Uncaught exception in engine.io |
| CVE-2022-41942 | 2022-11-22 | Sourcegraph vulnerable to Comand Injection via gitserver |
| CVE-2022-41943 | 2022-11-22 | Incorrect default permissions found in Sourcegraph |
| CVE-2022-41950 | 2022-11-22 | Privilege Escalation Vulnerability by wrong chmod param |
| CVE-2022-41952 | 2022-11-22 | Uncontrolled Resource Consumption in Matrix Synapse |
| CVE-2022-42094 | 2022-11-22 | Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the 'Card' content. |
| CVE-2022-42097 | 2022-11-22 | Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via 'Comment.' . |
| CVE-2022-42098 | 2022-11-22 | KLiK SocialMediaWebsite version v1.0.1 is vulnerable to SQL Injection via the profile.php. |
| CVE-2022-42989 | 2022-11-22 | ERP Sankhya before v4.11b81 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Caixa de Entrada. |
| CVE-2022-43212 | 2022-11-22 | Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the orderId parameter at fetchOrderData.php. |
| CVE-2022-43214 | 2022-11-22 | Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the orderId parameter at printOrder.php. |
| CVE-2022-43215 | 2022-11-22 | Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the endDate parameter at getOrderReport.php. |
| CVE-2022-43685 | 2022-11-22 | CKAN through 2.9.6 account takeovers by unauthenticated users when an existing user id is sent via an HTTP POST request. This allows a user to take over an existing account... |
| CVE-2022-43751 | 2022-11-22 | McAfee Total Protection prior to version 16.0.49 contains an uncontrolled search path element vulnerability due to the use of a variable pointing to a subdirectory that may be controllable by... |
| CVE-2022-44184 | 2022-11-22 | Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow in /usr/sbin/httpd via parameter wan_dns1_sec. |
| CVE-2022-44186 | 2022-11-22 | Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow in /usr/sbin/httpd via parameter wan_dns1_pri. |
| CVE-2022-44187 | 2022-11-22 | Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via wan_dns1_pri. |
| CVE-2022-44188 | 2022-11-22 | Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow in /usr/sbin/httpd via parameter enable_band_steering. |
| CVE-2022-44190 | 2022-11-22 | Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameter enable_band_steering. |
| CVE-2022-44191 | 2022-11-22 | Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameters KEY1 and KEY2. |