Lista CVE - 2022 / Novembre
Visualizzazione 301 - 400 di 2020 CVE per Novembre 2022 (Pagina 4 di 21)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2022-39277 | 2022-11-03 | Cross-Site Scripting (XSS) in external links in GLPI |
| CVE-2022-39323 | 2022-11-03 | SQL Injection on REST API in GLPI |
| CVE-2022-39370 | 2022-11-03 | Improper access to debug panel in GLPI |
| CVE-2022-39371 | 2022-11-03 | Stored Cross-Site Scripting (XSS) through asset inventory in GLPI |
| CVE-2022-39372 | 2022-11-03 | Stored Cross-Site Scripting (XSS) in user information in GLPI |
| CVE-2022-39373 | 2022-11-03 | Stored Cross-Site Scripting (XSS) in entity name in GLPI |
| CVE-2022-39375 | 2022-11-03 | Cross-Site Scripting (XSS) through public RSS feed in GLPI |
| CVE-2022-39376 | 2022-11-03 | Improper input validation on emails links in GLPI |
| CVE-2022-39382 | 2022-11-03 | NODE_ENV in Keystone defaults to development with esbuild |
| CVE-2022-40230 | 2022-11-03 | "IBM MQ Appliance 9.2 CD, 9.2 LTS, 9.3 CD, and LTS 9.3 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the... |
| CVE-2022-40235 | 2022-11-03 | "IBM InfoSphere Information Server 11.7 could allow a user to cause a denial of service by removing the ability to run jobs due to improper input validation. IBM X-Force ID:... |
| CVE-2022-40276 | 2022-11-03 | Zettlr version 2.3.0 allows an external attacker to remotely obtain arbitrary local files on any client that attempts to view a malicious markdown file through Zettlr. This is possible because... |
| CVE-2022-40747 | 2022-11-03 | "IBM InfoSphere Information Server 11.7 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information... |
| CVE-2022-41435 | 2022-11-03 | OpenWRT LuCI version git-22.140.66206-02913be was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /system/sshkeys.js. This vulnerability allows attackers to execute arbitrary web scripts or HTML via... |
| CVE-2022-41710 | 2022-11-03 | Markdownify version 1.4.1 allows an external attacker to remotely obtain arbitrary local files on any client that attempts to view a malicious markdown file through Markdownify. This is possible because... |
| CVE-2022-41713 | 2022-11-03 | deep-object-diff version 1.1.0 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus... |
| CVE-2022-41714 | 2022-11-03 | fastest-json-copy version 1.0.1 allows an external attacker to edit or add new properties to an object. This is possible because the application does not correctly validate the incoming JSON keys,... |
| CVE-2022-42442 | 2022-11-03 | IBM Robotic Process Automation for Cloud Pak information disclosure |
| CVE-2022-42743 | 2022-11-03 | deep-parse-json version 1.0.2 allows an external attacker to edit or add new properties to an object. This is possible because the application does not correctly validate the incoming JSON keys,... |
| CVE-2022-42744 | 2022-11-03 | CandidATS version 3.0.0 allows an external attacker to perform CRUD operations on the application databases. This is possible because the application does not correctly validate the entriesPerPage parameter against SQLi... |
| CVE-2022-42746 | 2022-11-03 | CandidATS version 3.0.0 on 'indexFile' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly... |
| CVE-2022-42747 | 2022-11-03 | CandidATS version 3.0.0 on 'sortBy' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly... |
| CVE-2022-42748 | 2022-11-03 | CandidATS version 3.0.0 on 'sortDirection' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly... |
| CVE-2022-42749 | 2022-11-03 | CandidATS version 3.0.0 on 'page' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly... |
| CVE-2022-42750 | 2022-11-03 | CandidATS version 3.0.0 allows an external attacker to steal the cookie of arbitrary users. This is possible because the application does not correctly validate the files uploaded by the user. |
| CVE-2022-42751 | 2022-11-03 | CandidATS version 3.0.0 allows an external attacker to elevate privileges in the application. This is possible because the application suffers from CSRF. This allows to persuade an administrator to create... |
| CVE-2022-42753 | 2022-11-03 | SalonERP version 3.0.2 allows an external attacker to steal the cookie of arbitrary users. This is possible because the application does not correctly validate the page parameter against XSS attacks. |
| CVE-2022-43061 | 2022-11-03 | Online Tours & Travels Management System v1.0 was discovered to contain an arbitrary file upload vulnerability in the component /operations/travellers.php. This vulnerability allows attackers to execute arbitrary code via a... |
| CVE-2022-43062 | 2022-11-03 | Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_appointment. |
| CVE-2022-43063 | 2022-11-03 | Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Users.php?f=delete_client. |
| CVE-2022-43101 | 2022-11-03 | Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the devName parameter in the formSetDeviceName function. |
| CVE-2022-43102 | 2022-11-03 | Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the timeZone parameter in the fromSetSysTime function. |
| CVE-2022-43103 | 2022-11-03 | Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the list parameter in the formSetQosBand function. |
| CVE-2022-43104 | 2022-11-03 | Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the wpapsk_crypto parameter in the fromSetWirelessRepeat function. |
| CVE-2022-43105 | 2022-11-03 | Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the shareSpeed parameter in the fromSetWifiGusetBasic function. |
| CVE-2022-43106 | 2022-11-03 | Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the schedStartTime parameter in the setSchedWifi function. |
| CVE-2022-43107 | 2022-11-03 | Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the time parameter in the setSmartPowerManagement function. |
| CVE-2022-43108 | 2022-11-03 | Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the firewallEn parameter in the formSetFirewallCfg function. |
| CVE-2022-43109 | 2022-11-03 | D-Link DIR-823G v1.0.2 was found to contain a command injection vulnerability in the function SetNetworkTomographySettings. This vulnerability allows attackers to execute arbitrary commands via a crafted packet. |
| CVE-2022-43372 | 2022-11-03 | Emlog Pro v1.7.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability at /admin/store.php. |
| CVE-2022-43574 | 2022-11-03 | "IBM Robotic Process Automation 21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5 is vulnerable to incorrect permission assignment which could allow access to application configurations. IBM X-Force ID: 238679." |
| CVE-2022-44622 | 2022-11-03 | In JetBrains TeamCity version between 2021.2 and 2022.10 access permissions for secure token health items were excessive |
| CVE-2022-44623 | 2022-11-03 | In JetBrains TeamCity version before 2022.10, Project Viewer could see scrambled secure values in the MetaRunner settings |
| CVE-2022-44624 | 2022-11-03 | In JetBrains TeamCity version before 2022.10, Password parameters could be exposed in the build log if they contained special characters |
| CVE-2022-44638 | 2022-11-03 | In libpixman in Pixman before 0.42.2, there is an out-of-bounds write (aka heap-based buffer overflow) in rasterize_edges_8 due to an integer overflow in pixman_sample_floor_y. |
| CVE-2022-44646 | 2022-11-03 | In JetBrains TeamCity version before 2022.10, no audit items were added upon editing a user's settings |
| CVE-2022-37927 | 2022-11-03 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Hewlett Packard Enterprise HPE OneView Global Dashboard (OVGD). |
| CVE-2022-37929 | 2022-11-03 | Improper Privilege Management vulnerability in Hewlett Packard Enterprise Nimble Storage Hybrid Flash Arrays and Nimble Storage Secondary Flash Arrays. |
| CVE-2022-37930 | 2022-11-03 | A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays and HPE Nimble Storage Secondary Flash Arrays which could potentially allow local disclosure of sensitive information. |
| CVE-2022-37928 | 2022-11-03 | Insufficient Verification of Data Authenticity vulnerability in Hewlett Packard Enterprise HPE Nimble Storage Hybrid Flash Arrays and Nimble Storage Secondary Flash Arrays. |
| CVE-2021-46846 | 2022-11-03 | Cross Site Scripting vulnerability in Hewlett Packard Enterprise Integrated Lights-Out 5. |
| CVE-2022-2696 | 2022-11-03 | The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to authorization bypass via several AJAX actions in versions up to, and including 2.3.0 due... |
| CVE-2022-3776 | 2022-11-03 | The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.1. This is due to... |
| CVE-2022-3852 | 2022-11-03 | The VR Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.3. This is due to missing or incorrect nonce validation on several... |
| CVE-2022-3675 | 2022-11-03 | Fedora CoreOS supports setting a GRUB bootloader password using a Butane config. When this feature is enabled, GRUB requires a password to access the GRUB command-line, modify kernel command-line arguments,... |
| CVE-2022-3258 | 2022-11-03 | Incorrect Permission Assignment for Critical Resource vulnerability in HYPR Workforce Access on Windows allows Authentication Abuse. |
| CVE-2022-37897 | 2022-11-03 | There is a command injection vulnerability that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port... |
| CVE-2022-37898 | 2022-11-03 | Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the... |
| CVE-2022-37899 | 2022-11-03 | Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the... |
| CVE-2022-20961 | 2022-11-03 | A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary... |
| CVE-2022-37900 | 2022-11-03 | Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the... |
| CVE-2022-37901 | 2022-11-03 | Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the... |
| CVE-2022-37902 | 2022-11-03 | Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the... |
| CVE-2022-37912 | 2022-11-03 | Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the... |
| CVE-2022-37903 | 2022-11-03 | A vulnerability exists that allows an authenticated attacker to overwrite an arbitrary file with attacker-controlled content via the web interface. Successful exploitation of this vulnerability could lead to full compromise... |
| CVE-2022-37904 | 2022-11-03 | Vulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to execute arbitrary code during the boot sequence. Successful exploitation could allow an attacker to achieve permanent... |
| CVE-2022-43451 | 2022-11-03 | Multiple path traversal in appspawn and nwebspawn services. |
| CVE-2022-43449 | 2022-11-03 | Arbitrary file read via download_server. |
| CVE-2022-43495 | 2022-11-03 | An abnormal packet recieved when distributedhardware_device_manager joining a network could cause a device reboot. |
| CVE-2022-37905 | 2022-11-03 | Vulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to execute arbitrary code during the boot sequence. Successful exploitation could allow an attacker to achieve permanent... |
| CVE-2022-37906 | 2022-11-03 | An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of the vulnerability results in the ability to delete arbitrary files on the underlying operating system. |
| CVE-2021-44862 | 2022-11-03 | Sensitive Information store in NSClient logs |
| CVE-2022-36428 | 2022-11-03 | WordPress Rock Convert plugin <= 2.11.0 - Auth. Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-37907 | 2022-11-03 | A vulnerability exists in the ArubaOS bootloader on 7xxx series controllers which can result in a denial of service (DoS) condition on an impacted system. A successful attacker can cause... |
| CVE-2022-40131 | 2022-11-03 | WordPress Page View Count plugin <= 2.5.5 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-20951 | 2022-11-03 | A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot application could allow an authenticated, remote attacker to perform a server-side request forgery (SSRF) attack on an affected device.... |
| CVE-2022-20958 | 2022-11-03 | A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot application could allow an unauthenticated, remote attacker to perform a server-side request forgery (SSRF) attack on an affected device.... |
| CVE-2022-36404 | 2022-11-03 | WordPress Simple SEO plugin <= 1.8.12 - Broken Access Control vulnerability |
| CVE-2022-20956 | 2022-11-03 | A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to bypass authorization and access system files. This vulnerability is due... |
| CVE-2022-20867 | 2022-11-03 | A vulnerability in web-based management interface of the of Cisco Email Security Appliance and Cisco Secure Email and Web Manager could allow an authenticated, remote attacker to conduct SQL injection... |
| CVE-2022-20868 | 2022-11-03 | A vulnerability in the web-based management interface of Cisco Email Security Appliance, Cisco Secure Email and Web Manager and Cisco Secure Web Appliance could allow an authenticated, remote attacker to... |
| CVE-2022-37908 | 2022-11-03 | An authenticated attacker can impact the integrity of the ArubaOS bootloader on 7xxx series controllers. Successful exploitation can compromise the hardware chain of trust on the impacted controller. |
| CVE-2022-20960 | 2022-11-03 | A vulnerability in Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated remote attacker to cause a denial of service (DoS) condition on an affected device.... |
| CVE-2022-20942 | 2022-11-03 | A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA), Cisco Secure Email and Web Manager, and Cisco Secure Web Appliance, formerly known as Cisco Web Security... |
| CVE-2022-44627 | 2022-11-03 | WordPress Simple SEO plugin <= 1.8.12 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-20969 | 2022-11-03 | A vulnerability in multiple management dashboard pages of Cisco Umbrella could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the Cisco Umbrella... |
| CVE-2022-20937 | 2022-11-03 | A vulnerability in a feature that monitors RADIUS requests on Cisco Identity Services Engine (ISE) Software could allow an unauthenticated, remote attacker to negatively affect the performance of an affected... |
| CVE-2022-37909 | 2022-11-03 | Aruba has identified certain configurations of ArubaOS that can lead to sensitive information disclosure from the configured ESSIDs. The scenarios in which disclosure of potentially sensitive information can occur are... |
| CVE-2022-20963 | 2022-11-03 | A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of... |
| CVE-2022-20772 | 2022-11-03 | A vulnerability in Cisco Email Security Appliance (ESA) and Cisco Secure Email and Web Manager could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack. This vulnerability... |
| CVE-2022-44628 | 2022-11-03 | WordPress 4ECPS Web Forms plugin <= 0.2.17 - Auth. Stored Cross-Site Scripting (XSS) vulnerability |
| CVE-2021-36906 | 2022-11-03 | WordPress Quiz And Survey Master plugin <= 7.3.6 - Multiple Insecure direct object references (IDOR) vulnerabilities |
| CVE-2022-37910 | 2022-11-03 | A buffer overflow vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability results in a denial of service on the affected system. |
| CVE-2022-25952 | 2022-11-03 | WordPress Content Egg plugin <= 5.4.0 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-37911 | 2022-11-03 | Due to improper restrictions on XML entities multiple vulnerabilities exist in the command line interface of ArubaOS. A successful exploit could allow an authenticated attacker to retrieve files from the... |
| CVE-2022-20962 | 2022-11-03 | A vulnerability in the Localdisk Management feature of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to make unauthorized changes to the file system of an affected... |
| CVE-2022-43561 | 2022-11-03 | Persistent Cross-Site Scripting in “Save Table” Dialog in Splunk Enterprise |
| CVE-2022-43571 | 2022-11-03 | Remote Code Execution through dashboard PDF generation component in Splunk Enterprise |
| CVE-2021-34055 | 2022-11-04 | jhead 3.06 is vulnerable to Buffer Overflow via exif.c in function Put16u. |
| CVE-2021-39432 | 2022-11-04 | diplib v3.0.0 is vulnerable to Double Free. |