Lista CVE - 2022 / Novembre
Visualizzazione 201 - 300 di 2020 CVE per Novembre 2022 (Pagina 3 di 21)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2020-36605 | 2022-11-01 | File Permissions Vulnerability in Hitachi Infrastructure Analytics Advisor, Hitachi Ops Center Analyzer, Hitachi Ops Center Viewpoint |
| CVE-2022-3191 | 2022-11-01 | Information Exposure Vulnerability in Hitachi Ops Center Analyzer |
| CVE-2022-41552 | 2022-11-01 | Server-Side Request Forgery Vulnerability in Hitachi Infrastructure Analytics Advisor, Hitachi Ops Center Analyzer |
| CVE-2022-41553 | 2022-11-01 | Information Exposure Vulnerability in Hitachi Infrastructure Analytics Advisor, Hitachi Ops Center Analyzer |
| CVE-2022-25885 | 2022-11-01 | Denial of Service (DoS) |
| CVE-2022-3369 | 2022-11-01 | Improper handling of registry symbolic links in Bitdefender Engines |
| CVE-2020-4099 | 2022-11-01 | HCL Verse for Android is susceptible to an APK signing key check vulnerability |
| CVE-2022-3509 | 2022-11-01 | Parsing issue in protobuf textformat |
| CVE-2022-3780 | 2022-11-01 | Database connections on deleted users could stay active on MySQL data sources in Remote Desktop Manager 2022.3.7 and below which allow deleted users to access unauthorized data. This issue affects... |
| CVE-2022-3781 | 2022-11-01 | Dashlane password and Keepass Server password in My Account Settings are not encrypted in the database in Devolutions Remote Desktop Manager 2022.2.26 and prior versions and Devolutions Server 2022.3.1 and... |
| CVE-2022-26119 | 2022-11-02 | A improper authentication vulnerability in Fortinet FortiSIEM before 6.5.0 allows a local attacker with CLI access to perform operations on the Glassfish server directly via a hardcoded password. |
| CVE-2022-26122 | 2022-11-02 | An insufficient verification of data authenticity vulnerability [CWE-345] in FortiClient, FortiMail and FortiOS AV engines version 6.2.168 and below and version 6.4.274 and below may allow an attacker to bypass... |
| CVE-2022-30307 | 2022-11-02 | A key management error vulnerability [CWE-320] affecting the RSA SSH host key in FortiOS 7.2.0 and below, 7.0.6 and below, 6.4.9 and below may allow an unauthenticated attacker to perform... |
| CVE-2022-33870 | 2022-11-02 | An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the command line interpreter of FortiTester 3.0.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may... |
| CVE-2022-33878 | 2022-11-02 | An exposure of sensitive information to an unauthorized actor vulnerabiltiy [CWE-200] in FortiClient for Mac versions 7.0.0 through 7.0.5 may allow a local authenticated attacker to obtain the SSL-VPN password... |
| CVE-2022-35842 | 2022-11-02 | An exposure of sensitive information to an unauthorized actor vulnerabiltiy [CWE-200] in FortiOS SSL-VPN versions 7.2.0, versions 7.0.0 through 7.0.6 and versions 6.4.0 through 6.4.9 may allow a remote unauthenticated... |
| CVE-2022-35851 | 2022-11-02 | An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiADC management interface 7.1.0 may allow a remote and authenticated attacker to trigger a stored cross site scripting... |
| CVE-2022-38372 | 2022-11-02 | A hidden functionality vulnerability [CWE-1242] in FortiTester CLI 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow a local, privileged user to obtain a root shell on the... |
| CVE-2022-38373 | 2022-11-02 | An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiDeceptor management interface 4.2.0, 4.1.0 through 4.1.1, 4.0.2 may allow an authenticated user to perform a cross site... |
| CVE-2022-38374 | 2022-11-02 | A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiADC 7.0.0 - 7.0.2 and 6.2.0 - 6.2.4 allows an attacker to execute unauthorized code or commands... |
| CVE-2022-38380 | 2022-11-02 | An improper access control [CWE-284] vulnerability in FortiOS version 7.2.0 and versions 7.0.0 through 7.0.7 may allow a remote authenticated read-only user to modify the interface settings via the API. |
| CVE-2022-38381 | 2022-11-02 | An improper handling of malformed request vulnerability [CWE-228] exists in FortiADC 5.0 all versions, 6.0.0 all versions, 6.1.0 all versions, 6.2.0 through 6.2.3, and 7.0.0 through 7.0.2. This may allow... |
| CVE-2022-3844 | 2022-11-02 | Webmin index.cgi cross site scripting |
| CVE-2022-39945 | 2022-11-02 | An improper access control vulnerability [CWE-284] in FortiMail 7.2.0, 7.0.0 through 7.0.3, 6.4 all versions, 6.2 all versions, 6.0 all versions may allow an authenticated admin user assigned to a... |
| CVE-2022-39949 | 2022-11-02 | An improper control of a resource through its lifetime vulnerability [CWE-664] in FortiEDR CollectorWindows 4.0.0 through 4.1, 5.0.0 through 5.0.3.751, 5.1.0 may allow a privileged user to terminate the FortiEDR... |
| CVE-2022-39950 | 2022-11-02 | An improper neutralization of input during web page generation vulnerability [CWE-79] exists in FortiManager and FortiAnalyzer 6.0.0 all versions, 6.2.0 all versions, 6.4.0 through 6.4.8, and 7.0.0 through 7.0.4. Report... |
| CVE-2022-42473 | 2022-11-02 | A missing authentication for a critical function vulnerability in Fortinet FortiSOAR 6.4.0 - 6.4.4 and 7.0.0 - 7.0.3 and 7.2.0 allows an attacker to disclose information via logging into the... |
| CVE-2020-36608 | 2022-11-02 | Tribal Systems Zenario CMS Error Log Module admin_organizer.js cross site scripting |
| CVE-2021-37789 | 2022-11-02 | stb_image.h 2.27 has a heap-based buffer over in stbi__jpeg_load, leading to Information Disclosure or Denial of Service. |
| CVE-2022-2904 | 2022-11-02 | A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions starting from 15.2 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4... |
| CVE-2022-3825 | 2022-11-02 | Huaxia ERP User Management sql injection |
| CVE-2022-3826 | 2022-11-02 | Huaxia ERP Retail Management list information disclosure |
| CVE-2022-3827 | 2022-11-02 | centreon Contact Groups Form formContactGroup.php sql injection |
| CVE-2022-3845 | 2022-11-02 | phpipam Import Preview import-load-data.php cross site scripting |
| CVE-2022-39241 | 2022-11-02 | Possible Server-Side Request Forgery (SSRF) in webhooks |
| CVE-2022-39353 | 2022-11-02 | xmldom allows multiple root nodes in a DOM |
| CVE-2022-39356 | 2022-11-02 | Discourse user account takeover via email and invite link |
| CVE-2022-39378 | 2022-11-02 | Displaying user badges can leak topic titles to users that have no access to the topic |
| CVE-2022-39379 | 2022-11-02 | Fluentd vulnerable to remote code execution due to insecure deserialization (in non-default configuration) |
| CVE-2022-39381 | 2022-11-02 | Unchecked Return Value to NULL Pointer Dereference in PDFDocumentHandler.cpp |
| CVE-2022-40840 | 2022-11-02 | ndk design NdkAdvancedCustomizationFields 3.5.0 is vulnerable to Cross Site Scripting (XSS) via createPdf.php. |
| CVE-2022-41551 | 2022-11-02 | Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /garage/editorder.php. |
| CVE-2022-43066 | 2022-11-02 | Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms/classes/Master.php?f=delete_message. |
| CVE-2022-43068 | 2022-11-02 | Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_reservation. |
| CVE-2022-43226 | 2022-11-02 | Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms/?page=appointments/view_appointment. |
| CVE-2022-43227 | 2022-11-02 | Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms/admin/?page=appointments/view_appointment. |
| CVE-2022-43235 | 2022-11-02 | Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_hevc_epel_pixels_8_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. |
| CVE-2022-43236 | 2022-11-02 | Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vulnerability via put_qpel_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. |
| CVE-2022-43237 | 2022-11-02 | Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vulnerability via void put_epel_hv_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video... |
| CVE-2022-43238 | 2022-11-02 | Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_qpel_h_3_v_3_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. |
| CVE-2022-43239 | 2022-11-02 | Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via mc_chroma<unsigned short> in motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. |
| CVE-2022-43240 | 2022-11-02 | Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_hevc_qpel_h_2_v_1_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. |
| CVE-2022-43241 | 2022-11-02 | Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_qpel_v_3_8_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. |
| CVE-2022-43242 | 2022-11-02 | Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via mc_luma<unsigned char> in motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. |
| CVE-2022-43243 | 2022-11-02 | Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_weighted_pred_avg_8_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. |
| CVE-2022-43244 | 2022-11-02 | Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_qpel_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. |
| CVE-2022-43245 | 2022-11-02 | Libde265 v1.0.8 was discovered to contain a segmentation violation via apply_sao_internal<unsigned short> in sao.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. |
| CVE-2022-43248 | 2022-11-02 | Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_weighted_pred_avg_16_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. |
| CVE-2022-43249 | 2022-11-02 | Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_epel_hv_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. |
| CVE-2022-43250 | 2022-11-02 | Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_qpel_0_0_fallback_16 in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. |
| CVE-2022-43252 | 2022-11-02 | Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_epel_16_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. |
| CVE-2022-43253 | 2022-11-02 | Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_unweighted_pred_16_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. |
| CVE-2022-43254 | 2022-11-02 | GPAC v2.1-DEV-rev368-gfd054169b-master was discovered to contain a memory leak via the component gf_list_new at utils/list.c. |
| CVE-2022-43255 | 2022-11-02 | GPAC v2.1-DEV-rev368-gfd054169b-master was discovered to contain a memory leak via the component gf_odf_new_iod at odf/odf_code.c. |
| CVE-2022-43670 | 2022-11-02 | XSS in Sling CMS Reference App Taxonomy Path |
| CVE-2022-43982 | 2022-11-02 | Apache Airflow prior to 2.4.2 allows reflected XSS via Origin Query Argument in URL |
| CVE-2022-43985 | 2022-11-02 | Apache Airflow prior to 2.4.2 has an open redirect |
| CVE-2022-43995 | 2022-11-02 | Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users... |
| CVE-2021-45446 | 2022-11-02 | Pentaho Business Analytics Server - Exposure of Information Through Directory Listing |
| CVE-2021-45447 | 2022-11-02 | Pentaho Business Analytics Server - With the Data Lineage feature enabled, the system transmits database passwords in clear text |
| CVE-2021-45448 | 2022-11-02 | Pentaho Business Analytics Server - Pentaho Analyzer plugin exposes a service endpoint for templates which allows a user supplied path to access resources that are out of bounds. |
| CVE-2022-41716 | 2022-11-02 | Unsanitized NUL in environment variables on Windows in syscall and os/exec |
| CVE-2022-3575 | 2022-11-02 | Frauscher Sensortechnik Diagnostic System FDS102 for FAdC R2 and FAdCi R2 configuration upload vulnerability |
| CVE-2022-24936 | 2022-11-02 | Gecko Standalone Bootloader vulnerability may allow bypassing application secure boot in some Series 2 devices |
| CVE-2022-3181 | 2022-11-02 | An Improper Input Validation vulnerability exists in Trihedral VTScada version 12.0.38 and prior. A specifically malformed HTTP request could cause the affected VTScada to crash. Both local area network (LAN)-only... |
| CVE-2022-24942 | 2022-11-02 | Heap-based buffer overflow in MicriumOS HTTP Server allows potential remote code execution |
| CVE-2022-44576 | 2022-11-02 | WordPress AgentEasy Properties plugin <= 1.0.4 - Auth. Stored Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-44586 | 2022-11-02 | WordPress AM-HiLi plugin <= 1.0 - Auth. Stored Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-38710 | 2022-11-03 | IBM Robotic Process Automation information disclosure |
| CVE-2022-42745 | 2022-11-03 | CandidATS version 3.0.0 allows an external attacker to read arbitrary files from the server. This is possible because the application is vulnerable to XXE. |
| CVE-2020-22818 | 2022-11-03 | MKCMS V6.2 has SQL injection via /ucenter/reg.php name parameter. |
| CVE-2020-22819 | 2022-11-03 | MKCMS V6.2 has SQL injection via the /ucenter/active.php verify parameter. |
| CVE-2020-22820 | 2022-11-03 | MKCMS V6.2 has SQL injection via the /ucenter/repass.php name parameter. |
| CVE-2021-37823 | 2022-11-03 | OpenCart 3.0.3.7 allows users to obtain database information or read server files through SQL injection in the background. |
| CVE-2021-39077 | 2022-11-03 | IBM Security Guardium information disclosure |
| CVE-2021-46853 | 2022-11-03 | Alpine before 2.25 allows remote attackers to cause a denial of service (application crash) when LIST or LSUB is sent before STARTTLS. |
| CVE-2022-22425 | 2022-11-03 | "IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM... |
| CVE-2022-22442 | 2022-11-03 | "IBM InfoSphere Information Server 11.7 could allow an authenticated user to access information restricted to users with elevated privileges due to improper access controls. IBM X-Force ID: 224427." |
| CVE-2022-30608 | 2022-11-03 | "IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a "user that the website trusts.... |
| CVE-2022-30615 | 2022-11-03 | "IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading... |
| CVE-2022-32287 | 2022-11-03 | Apache UIMA prior to 3.3.1 has a path traversal vulnerability when extracting (PEAR) archives |
| CVE-2022-34339 | 2022-11-03 | "IBM Cognos Analytics 11.2.1, 11.2.0, 11.1.7 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 229963." |
| CVE-2022-35279 | 2022-11-03 | "IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3, and 22.0.1 could disclose sensitive version information to authenticated users which could be used in further... |
| CVE-2022-35642 | 2022-11-03 | "IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading... |
| CVE-2022-35717 | 2022-11-03 | "IBM InfoSphere Information Server 11.7 could allow a locally authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-"Force ID: 231361. |
| CVE-2022-38168 | 2022-11-03 | Broken Access Control in User Authentication in Avaya Scopia Pathfinder 10 and 20 PTS version 8.3.7.0.4 allows remote unauthenticated attackers to bypass the login page, access sensitive information, and reset... |
| CVE-2022-38712 | 2022-11-03 | "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Web services could allow a man-in-the-middle attacker to conduct SOAPAction spoofing to execute unwanted or unauthorized operations. IBM X-Force ID: 234762." |
| CVE-2022-39234 | 2022-11-03 | user session persists even after permanently deleting account in GLPI |
| CVE-2022-39262 | 2022-11-03 | Stored Cross-Site Scripting (XSS) on login page in GLPI |
| CVE-2022-39276 | 2022-11-03 | Blind Server-Side Request Forgery (SSRF) in RSS feeds and planning |