Lista CVE - 2022 / Novembre
Visualizzazione 101 - 200 di 2020 CVE per Novembre 2022 (Pagina 2 di 21)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2022-3306 | 2022-11-01 | Use after free in survey in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:... |
| CVE-2022-3307 | 2022-11-01 | Use after free in media in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2022-3308 | 2022-11-01 | Insufficient policy enforcement in developer tools in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity:... |
| CVE-2022-3309 | 2022-11-01 | Use after free in assistant in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform... |
| CVE-2022-3310 | 2022-11-01 | Insufficient policy enforcement in custom tabs in Google Chrome on Android prior to 106.0.5249.62 allowed an attacker who convinced the user to install an application to bypass same origin policy... |
| CVE-2022-3312 | 2022-11-01 | Insufficient validation of untrusted input in VPN in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a local attacker to bypass managed device restrictions via physical access to the device.... |
| CVE-2022-3313 | 2022-11-01 | Incorrect security UI in full screen in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium) |
| CVE-2022-3314 | 2022-11-01 | Use after free in logging in Google Chrome prior to 106.0.5249.62 allowed a remote attacker who had compromised a WebUI process to potentially perform a sandbox escape via a crafted... |
| CVE-2022-3373 | 2022-11-01 | Out of bounds write in V8 in Google Chrome prior to 106.0.5249.91 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium... |
| CVE-2022-34662 | 2022-11-01 | Apache DolphinScheduler prior to 3.0.0 allows path traversal |
| CVE-2022-3602 | 2022-11-01 | X.509 Email Address 4-byte Buffer Overflow |
| CVE-2022-3723 | 2022-11-01 | Type confusion in V8 in Google Chrome prior to 107.0.5304.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2022-3786 | 2022-11-01 | X.509 Email Address Variable Length Buffer Overflow |
| CVE-2022-3789 | 2022-11-01 | Tim Campus Confession Wall share.php sql injection |
| CVE-2022-3797 | 2022-11-01 | eolinker apinto-dashboard login redirect |
| CVE-2022-3798 | 2022-11-01 | IBAX go-ibax tablesInfo sql injection |
| CVE-2022-3799 | 2022-11-01 | IBAX go-ibax tablesInfo sql injection |
| CVE-2022-3800 | 2022-11-01 | IBAX go-ibax rowsInfo sql injection |
| CVE-2022-3802 | 2022-11-01 | IBAX go-ibax rowsInfo sql injection |
| CVE-2022-3803 | 2022-11-01 | eolinker apinto-dashboard cross site scripting |
| CVE-2022-3804 | 2022-11-01 | eolinker apinto-dashboard login cross site scripting |
| CVE-2022-3807 | 2022-11-01 | Axiomatic Bento4 Incomplete Fix CVE-2019-13238 resource consumption |
| CVE-2022-3809 | 2022-11-01 | Axiomatic Bento4 mp4tag Mp4Tag.cpp ParseCommandLine denial of service |
| CVE-2022-3810 | 2022-11-01 | Axiomatic Bento4 mp42hevc Mp42Hevc.cpp AP4_File denial of service |
| CVE-2022-3813 | 2022-11-01 | Axiomatic Bento4 mp4edit memory leak |
| CVE-2022-3814 | 2022-11-01 | Axiomatic Bento4 mp4decrypt memory leak |
| CVE-2022-3815 | 2022-11-01 | Axiomatic Bento4 mp4decrypt memory leak |
| CVE-2022-3816 | 2022-11-01 | Axiomatic Bento4 mp4decrypt memory leak |
| CVE-2022-3817 | 2022-11-01 | Axiomatic Bento4 mp4mux memory leak |
| CVE-2022-39369 | 2022-11-01 | Service Hostname Discovery Exploitation in phpCAS |
| CVE-2022-40839 | 2022-11-01 | A SQL injection vulnerability in the height and width parameter in NdkAdvancedCustomizationFields v3.5.0 allows unauthenticated attackers to exfiltrate database data. |
| CVE-2022-42252 | 2022-11-01 | Apache Tomcat request smuggling via malformed content-length |
| CVE-2022-42311 | 2022-11-01 | Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause... |
| CVE-2022-42312 | 2022-11-01 | Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause... |
| CVE-2022-42313 | 2022-11-01 | Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause... |
| CVE-2022-42314 | 2022-11-01 | Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause... |
| CVE-2022-42315 | 2022-11-01 | Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause... |
| CVE-2022-42316 | 2022-11-01 | Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause... |
| CVE-2022-42317 | 2022-11-01 | Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause... |
| CVE-2022-42318 | 2022-11-01 | Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause... |
| CVE-2022-42326 | 2022-11-01 | Xenstore: Guests can create arbitrary number of nodes via transactions T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] In case a... |
| CVE-2022-42327 | 2022-11-01 | x86: unintended memory sharing between guests On Intel systems that support the "virtualize APIC accesses" feature, a guest can read and write the global shared xAPIC page by moving the... |
| CVE-2022-42788 | 2022-11-01 | A permissions issue existed. This issue was addressed with improved permission validation. This issue is fixed in macOS Ventura 13. A malicious application may be able to read sensitive location... |
| CVE-2022-42791 | 2022-11-01 | A race condition was addressed with improved state handling. This issue is fixed in macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges. |
| CVE-2022-42793 | 2022-11-01 | An issue in code signature validation was addressed with improved checks. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, iOS 15.7 and iPadOS 15.7,... |
| CVE-2022-42795 | 2022-11-01 | A memory consumption issue was addressed with improved memory handling. This issue is fixed in tvOS 16, iOS 16, macOS Ventura 13, watchOS 9. Processing a maliciously crafted image may... |
| CVE-2022-42796 | 2022-11-01 | This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 15.7 and iPadOS 15.7, macOS Ventura 13. An app may be able to gain elevated... |
| CVE-2022-42798 | 2022-11-01 | The issue was addressed with improved memory handling. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16,... |
| CVE-2022-42799 | 2022-11-01 | The issue was addressed with improved UI handling. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Visiting a malicious... |
| CVE-2022-42800 | 2022-11-01 | This issue was addressed with improved checks. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1,... |
| CVE-2022-42801 | 2022-11-01 | A logic issue was addressed with improved checks. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16,... |
| CVE-2022-42803 | 2022-11-01 | A race condition was addressed with improved locking. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16,... |
| CVE-2022-42806 | 2022-11-01 | A race condition was addressed with improved locking. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app may be able to execute arbitrary code... |
| CVE-2022-42808 | 2022-11-01 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13, watchOS 9.1. A remote user... |
| CVE-2022-42809 | 2022-11-01 | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13. Processing a maliciously crafted gcx file may lead to unexpected app termination or arbitrary... |
| CVE-2022-42810 | 2022-11-01 | The issue was addressed with improved memory handling. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, tvOS 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13. Processing a... |
| CVE-2022-42811 | 2022-11-01 | An access issue was addressed with additional sandbox restrictions. This issue is fixed in tvOS 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13, watchOS 9.1. An app may be... |
| CVE-2022-42813 | 2022-11-01 | A certificate validation issue existed in the handling of WKWebView. This issue was addressed with improved validation. This issue is fixed in tvOS 16.1, iOS 16.1 and iPadOS 16, macOS... |
| CVE-2022-42814 | 2022-11-01 | A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13. An app may be able to access user-sensitive data. |
| CVE-2022-42815 | 2022-11-01 | This issue was addressed with improved data protection. This issue is fixed in macOS Ventura 13. An app may be able to access user-sensitive data. |
| CVE-2022-42817 | 2022-11-01 | A logic issue was addressed with improved state management. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16, watchOS 9.1. Visiting a maliciously crafted... |
| CVE-2022-42818 | 2022-11-01 | This issue was addressed with improved data protection. This issue is fixed in macOS Ventura 13. A user in a privileged network position may be able to track user activity. |
| CVE-2022-42819 | 2022-11-01 | An access issue was addressed with improved access restrictions. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, macOS Monterey 12.6. An app may be able to... |
| CVE-2022-42820 | 2022-11-01 | A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app may cause unexpected app termination... |
| CVE-2022-42823 | 2022-11-01 | A type confusion issue was addressed with improved memory handling. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing... |
| CVE-2022-42824 | 2022-11-01 | A logic issue was addressed with improved state management. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing maliciously... |
| CVE-2022-42825 | 2022-11-01 | This issue was addressed by removing additional entitlements. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big... |
| CVE-2022-42827 | 2022-11-01 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16. An application may be able... |
| CVE-2022-42829 | 2022-11-01 | A use after free issue was addressed with improved memory management. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app with root privileges may... |
| CVE-2022-42830 | 2022-11-01 | The issue was addressed with improved memory handling. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app with root privileges may be able to... |
| CVE-2022-42831 | 2022-11-01 | A race condition was addressed with improved locking. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app with root privileges may be able to... |
| CVE-2022-42832 | 2022-11-01 | A race condition was addressed with improved locking. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app with root privileges may be able to... |
| CVE-2022-43076 | 2022-11-01 | A cross-site scripting (XSS) vulnerability in /admin/edit-admin.php of Web-Based Student Clearance System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtemail... |
| CVE-2022-43078 | 2022-11-01 | A cross-site scripting (XSS) vulnerability in /admin/add-fee.php of Web-Based Student Clearance System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cmddept... |
| CVE-2022-43079 | 2022-11-01 | A cross-site scripting (XSS) vulnerability in /admin/add-fee.php of Train Scheduler App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cmddept parameter. |
| CVE-2022-43081 | 2022-11-01 | Fast Food Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the component /fastfood/purchase.php. |
| CVE-2022-43082 | 2022-11-01 | A cross-site scripting (XSS) vulnerability in /fastfood/purchase.php of Fast Food Ordering System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the customer... |
| CVE-2022-43083 | 2022-11-01 | An arbitrary file upload vulnerability in admin-add-vehicle.php of Vehicle Booking System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. |
| CVE-2022-43084 | 2022-11-01 | A cross-site scripting (XSS) vulnerability in admin-add-vehicle.php of Vehicle Booking System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the v_name parameter. |
| CVE-2022-43085 | 2022-11-01 | An arbitrary file upload vulnerability in add_product.php of Restaurant POS System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. |
| CVE-2022-43086 | 2022-11-01 | Restaurant POS System v1.0 was discovered to contain a SQL injection vulnerability via update_customer.php. |
| CVE-2022-43124 | 2022-11-01 | Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=user/manage_user. |
| CVE-2022-43125 | 2022-11-01 | Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /appointments/manage_appointment.php. |
| CVE-2022-43126 | 2022-11-01 | Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/tests/manage_test.php. |
| CVE-2022-43127 | 2022-11-01 | Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /appointments/update_status.php. |
| CVE-2022-43221 | 2022-11-01 | open5gs v2.4.11 was discovered to contain a memory leak in the component src/upf/pfcp-path.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PFCP packet. |
| CVE-2022-43222 | 2022-11-01 | open5gs v2.4.11 was discovered to contain a memory leak in the component src/smf/pfcp-path.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PFCP packet. |
| CVE-2022-43223 | 2022-11-01 | open5gs v2.4.11 was discovered to contain a memory leak in the component ngap-handler.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted UE attachment. |
| CVE-2022-43328 | 2022-11-01 | Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /editorder.php. |
| CVE-2022-43329 | 2022-11-01 | Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /print.php. |
| CVE-2022-43330 | 2022-11-01 | Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /editorder.php. |
| CVE-2022-43331 | 2022-11-01 | Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php_action/printOrder.php. |
| CVE-2022-43353 | 2022-11-01 | Sanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=orders/view_order. |
| CVE-2022-43354 | 2022-11-01 | Sanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=orders/manage_request. |
| CVE-2022-43355 | 2022-11-01 | Sanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php-sms/classes/Master.php?f=delete_service. |
| CVE-2022-43361 | 2022-11-01 | Senayan Library Management System v9.4.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the component pop_chart.php. |
| CVE-2022-43362 | 2022-11-01 | Senayan Library Management System v9.4.2 was discovered to contain a SQL injection vulnerability via the collType parameter at loan_by_class.php. |
| CVE-2022-43989 | 2022-11-01 | Password recovery vulnerability in SICK SIM2x00 (ARM) Partnumber 1092673 and 1081902 with firmware version < 1.2.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel... |
| CVE-2022-43990 | 2022-11-01 | Password recovery vulnerability in SICK SIM1012 Partnumber 1098146 with firmware version <2.2.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password... |
| CVE-2022-44542 | 2022-11-01 | lesspipe before 2.06 allows attackers to execute code via Perl Storable (pst) files, because of deserialized object destructor execution via a key/value pair in a hash. |