Lista CVE - 2022 / Novembre
Visualizzazione 2001 - 2020 di 2020 CVE per Novembre 2022 (Pagina 21 di 21)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2022-1606 | 2022-11-30 | Incorrect privilege assignment in M-Files Server |
| CVE-2022-1911 | 2022-11-30 | Information disclosure in M-Files Server |
| CVE-2022-37932 | 2022-11-30 | A potential security vulnerability has been identified in Hewlett Packard Enterprise OfficeConnect 1820, 1850, and 1920S Network switches. The vulnerability could be remotely exploited to allow authentication bypass. HPE has... |
| CVE-2022-37919 | 2022-11-30 | A vulnerability exists in the API of Aruba EdgeConnect Enterprise. An unauthenticated attacker can exploit this condition via the web-based management interface to create a denial-of-service condition which prevents the... |
| CVE-2022-37920 | 2022-11-30 | Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute... |
| CVE-2022-37921 | 2022-11-30 | Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute... |
| CVE-2022-37922 | 2022-11-30 | Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute... |
| CVE-2022-37923 | 2022-11-30 | Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute... |
| CVE-2022-37924 | 2022-11-30 | Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute... |
| CVE-2022-37925 | 2022-11-30 | A vulnerability within the web-based management interface of Aruba EdgeConnect Enterprise could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface.... |
| CVE-2022-37926 | 2022-11-30 | A vulnerability within the web-based management interface of EdgeConnect Enterprise could allow a remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface by... |
| CVE-2022-43518 | 2022-11-30 | An authenticated path traversal vulnerability exists in the Aruba EdgeConnect Enterprise web interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files on the underlying operating... |
| CVE-2022-43541 | 2022-11-30 | Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute... |
| CVE-2022-43542 | 2022-11-30 | Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute... |
| CVE-2022-44532 | 2022-11-30 | An authenticated path traversal vulnerability exists in the Aruba EdgeConnect Enterprise command line interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files on the underlying... |
| CVE-2022-44533 | 2022-11-30 | A vulnerability in the Aruba EdgeConnect Enterprise web management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to... |
| CVE-2022-42446 | 2022-11-30 | HCL Sametime 12.0 and 12.0FP1 anonymous users have directory lookup access |
| CVE-2019-18265 | 2022-11-30 | Digital Alert Systems’ DASDEC software prior to version 4.1 contains a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web script or HTML via the SSH username,... |
| CVE-2022-40204 | 2022-11-30 | A cross-site scripting (XSS) vulnerability exists in all current versions of Digital Alert Systems DASDEC software via the Host Header in undisclosed pages after login. |
| CVE-2022-23737 | 2022-12-01 | Improper Privilege Management in GitHub Enterprise Server leading to page creation and deletion |
| CVE-2022-28607 | 2022-12-01 | An issue was discovered in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to gain sensitive information via the action parameter to /system/user/modules/mod_users/controller.php. |
| CVE-2022-29837 | 2022-12-01 | Path traversal Vulnerability in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi Devices |
| CVE-2022-30528 | 2022-12-01 | SQL Injection vulnerability in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to execute arbitrary commands via the username parameter to /system/user/modules/mod_users/controller.php. |
| CVE-2022-3226 | 2022-12-01 | An OS command injection vulnerability allows admins to execute code via SSL VPN configuration uploads in Sophos Firewall releases older than version 19.5 GA. |
| CVE-2022-35120 | 2022-12-01 | IXPdata EasyInstall 6.6.14725 contains an access control issue. |
| CVE-2022-36431 | 2022-12-01 | An arbitrary file upload vulnerability in Rocket TRUfusion Enterprise before 7.9.6.1 allows unauthenticated attackers to execute arbitrary code via a crafted JSP file. Issue fixed in version 7.9.6.1. |
| CVE-2022-3696 | 2022-12-01 | A post-auth code injection vulnerability allows admins to execute code in Webadmin of Sophos Firewall releases older than version 19.5 GA. |
| CVE-2022-37016 | 2022-12-01 | Symantec Endpoint Protection (Windows) agent may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to... |
| CVE-2022-37017 | 2022-12-01 | Symantec Endpoint Protection (Windows) agent, prior to 14.3 RU6/14.3 RU5 Patch 1, may be susceptible to a Security Control Bypass vulnerability, which is a type of issue that can potentially... |
| CVE-2022-3709 | 2022-12-01 | A stored XSS vulnerability allows admin to super-admin privilege escalation in the Webadmin import group wizard of Sophos Firewall releases older than version 19.5 GA. |
| CVE-2022-3710 | 2022-12-01 | A post-auth read-only SQL injection vulnerability allows API clients to read non-sensitive configuration database contents in the API controller of Sophos Firewall releases older than version 19.5 GA. |
| CVE-2022-3711 | 2022-12-01 | A post-auth read-only SQL injection vulnerability allows users to read non-sensitive configuration database contents in the User Portal of Sophos Firewall releases older than version 19.5 GA. |
| CVE-2022-3713 | 2022-12-01 | A code injection vulnerability allows adjacent attackers to execute code in the Wifi controller of Sophos Firewall releases older than version 19.5 GA. |
| CVE-2022-40489 | 2022-12-01 | ThinkCMF version 6.0.7 is affected by a Cross Site Request Forgery (CSRF) vulnerability that allows a Super Administrator user to be injected into administrative users. |
| CVE-2022-40849 | 2022-12-01 | ThinkCMF version 6.0.7 is affected by Stored Cross-Site Scripting (XSS). An attacker who successfully exploited this vulnerability could inject a Persistent XSS payload in the Slideshow Management section that execute... |
| CVE-2022-4246 | 2022-12-01 | Kakao PotPlayer MID File denial of service |
| CVE-2022-4247 | 2022-12-01 | Movie Ticket Booking System booking.php sql injection |
| CVE-2022-4248 | 2022-12-01 | Movie Ticket Booking System editBooking.php sql injection |
| CVE-2022-4249 | 2022-12-01 | Movie Ticket Booking System POST Request cross site scripting |
| CVE-2022-4250 | 2022-12-01 | Movie Ticket Booking System booking.php cross site scripting |
| CVE-2022-4251 | 2022-12-01 | Movie Ticket Booking System editBooking.php cross site scripting |
| CVE-2022-4252 | 2022-12-01 | SourceCodester Canteen Management System categories.php builtin_echo cross site scripting |
| CVE-2022-4253 | 2022-12-01 | SourceCodester Canteen Management System customer.php builtin_echo cross site scripting |
| CVE-2022-4257 | 2022-12-01 | C-DATA Web Management System GET Parameter jumpto.php argument injection |
| CVE-2022-42718 | 2022-12-01 | Incorrect default permissions in the installation folder for NI LabVIEW Command Line Interface (CLI) may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2022-43333 | 2022-12-01 | Telenia Software s.r.l TVox before v22.0.17 was discovered to contain a remote code execution (RCE) vulnerability in the component action_export_control.php. |
| CVE-2022-44211 | 2022-12-01 | In GL.iNet Goodcloud 1.1 Incorrect access control allows a remote attacker to access/change devices' settings. |
| CVE-2022-44212 | 2022-12-01 | In GL.iNet Goodcloud 1.0, insecure design allows remote attacker to access devices' admin panel. |
| CVE-2022-44262 | 2022-12-01 | ff4j 1.8.1 is vulnerable to Remote Code Execution (RCE). |
| CVE-2022-45045 | 2022-12-01 | Multiple Xiongmai NVR devices, including MBD6304T V4.02.R11.00000117.10001.131900.00000 and NBD6808T-PL V4.02.R11.C7431119.12001.130000.00000, allow authenticated users to execute arbitrary commands as root, as exploited in the wild starting in approximately 2019. A remote... |
| CVE-2022-45640 | 2022-12-01 | Tenda Tenda AC6V1.0 V15.03.05.19 is affected by buffer overflow. Causes a denial of service (local). |
| CVE-2022-45050 | 2022-12-01 | Reflected XSS in Axiell Iguana CMS |
| CVE-2022-4221 | 2022-12-01 | OS command injection in ASUS M25 NAS |
| CVE-2022-3270 | 2022-12-01 | Incomplete Documentation of remote functions in FESTO products. |
| CVE-2022-1471 | 2022-12-01 | Remote Code execution in SnakeYAML |
| CVE-2022-45797 | 2022-12-01 | An arbitrary file deletion vulnerability in the Damage Cleanup Engine component of Trend Micro Apex One and Trend Micro Apex One as a Service could allow a local attacker to... |
| CVE-2021-38997 | 2022-12-01 | IBM API Connect HOST header injection |
| CVE-2022-2969 | 2022-12-01 | ICSA-22-307-03 Delta Industrial Automation DIALink Path traversal |
| CVE-2022-41296 | 2022-12-01 | IBM Db2U cross-site respect forgery |
| CVE-2022-41297 | 2022-12-01 | IBM Db2U cross-site request forgery |
| CVE-2022-43900 | 2022-12-01 | IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps security bypass |
| CVE-2022-43901 | 2022-12-01 | IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps information disclosure |
| CVE-2022-41968 | 2022-12-01 | Nextcloud Server's calendar name length not validated before writing to database |
| CVE-2022-41969 | 2022-12-01 | Nextcloud Server has no password length limit when creating a user as an administrator |
| CVE-2022-41970 | 2022-12-01 | Nextcloud Server's disabled download shares still allow download through preview images |
| CVE-2022-41971 | 2022-12-01 | Nextcloud Talk guests can continue to receive video streams from call after being removed from a conversation |
| CVE-2022-46366 | 2022-12-02 | Apache Tapestry prior to version 4 (EOL) allows RCE though deserialization of untrusted input |
| CVE-2022-3520 | 2022-12-02 | Heap-based Buffer Overflow in vim/vim |
| CVE-2022-3591 | 2022-12-02 | Use After Free in vim/vim |
| CVE-2022-4262 | 2022-12-02 | Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2022-4271 | 2022-12-02 | Cross-site Scripting (XSS) - Reflected in osticket/osticket |
| CVE-2022-43272 | 2022-12-02 | DCMTK v3.6.7 was discovered to contain a memory leak via the T_ASC_Association object. |
| CVE-2022-43325 | 2022-12-02 | An unauthenticated command injection vulnerability in the product license validation function of Telos Alliance Omnia MPX Node 1.3.* - 1.4.* allows attackers to execute arbitrary commands via a crafted payload... |
| CVE-2022-44277 | 2022-12-02 | Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/classes/Master.php?f=delete_product. |
| CVE-2022-44290 | 2022-12-02 | webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in deleteapprovalstages.php. |
| CVE-2022-44291 | 2022-12-02 | webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in phasesets.php. |
| CVE-2022-44345 | 2022-12-02 | Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=quotes/view_quote&id=. |
| CVE-2022-44347 | 2022-12-02 | Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=inquiries/view_inquiry&id=. |
| CVE-2022-44348 | 2022-12-02 | Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/orders/update_status.php?id=. |
| CVE-2022-44362 | 2022-12-02 | Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/AddSysLogRule. |
| CVE-2022-44363 | 2022-12-02 | Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/setSnmpInfo. |
| CVE-2022-44365 | 2022-12-02 | Tenda i21 V1.0.0.14(4656) has a stack overflow vulnerability via /goform/setSysPwd. |
| CVE-2022-44366 | 2022-12-02 | Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/setDiagnoseInfo. |
| CVE-2022-44367 | 2022-12-02 | Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/setUplinkInfo. |
| CVE-2022-44928 | 2022-12-02 | D-Link DVG-G5402SP GE_1.03 was discovered to contain a command injection vulnerability via the Maintenance function. |
| CVE-2022-44929 | 2022-12-02 | An access control issue in D-Link DVG-G5402SP GE_1.03 allows unauthenticated attackers to escalate privileges via arbitrarily editing VoIP SIB profiles. |
| CVE-2022-44930 | 2022-12-02 | D-Link DHP-W310AV 3.10EU was discovered to contain a command injection vulnerability via the System Checks function. |
| CVE-2022-44944 | 2022-12-02 | Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Announcement function at /index.php?module=help_pages/pages&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML... |
| CVE-2022-44945 | 2022-12-02 | Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the heading_field_id parameter. |
| CVE-2022-44946 | 2022-12-02 | Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Page function at /index.php?module=help_pages/pages&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML... |
| CVE-2022-44947 | 2022-12-02 | Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Highlight Row feature at /index.php?module=entities/listing_types&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML... |
| CVE-2022-44948 | 2022-12-02 | Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Entities Group feature at/index.php?module=entities/entities_groups. This vulnerability allows attackers to execute arbitrary web scripts or HTML via... |
| CVE-2022-44949 | 2022-12-02 | Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Field function at /index.php?module=entities/fields&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or... |
| CVE-2022-44950 | 2022-12-02 | Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Field function at /index.php?module=entities/fields&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or... |
| CVE-2022-44951 | 2022-12-02 | Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Form tab function at /index.php?module=entities/forms&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts... |
| CVE-2022-44952 | 2022-12-02 | Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in /index.php?module=configuration/application. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected... |
| CVE-2022-44953 | 2022-12-02 | webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /linkedcontent/listfiles.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload... |
| CVE-2022-44954 | 2022-12-02 | webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /contacts/listcontacts.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload... |
| CVE-2022-44955 | 2022-12-02 | webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the Chat function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload... |
| CVE-2022-44956 | 2022-12-02 | webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /projects/listprojects.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload... |