Lista CVE - 2022 / Novembre
Visualizzazione 401 - 500 di 2020 CVE per Novembre 2022 (Pagina 5 di 21)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2021-39473 | 2022-11-04 | Saibamen HotelManager v1.2 is vulnerable to Cross Site Scripting (XSS) due to improper sanitization of comment and contact fields. |
| CVE-2022-3023 | 2022-11-04 | Use of Externally-Controlled Format String in pingcap/tidb |
| CVE-2022-31691 | 2022-11-04 | Spring Tools 4 for Eclipse version 4.16.0 and below as well as VSCode extensions such as Spring Boot Tools, Concourse CI Pipeline Editor, Bosh Editor and Cloudfoundry Manifest YML Support... |
| CVE-2022-3340 | 2022-11-04 | Trellix IPS Manager vulnerable to XXE |
| CVE-2022-33684 | 2022-11-04 | Apache Pulsar C++/Python OAuth Clients prior to 3.0.0 were vulnerable to an MITM attack due to Disabled Certificate Validation |
| CVE-2022-3721 | 2022-11-04 | Code Injection in froxlor/froxlor |
| CVE-2022-38582 | 2022-11-04 | Incorrect access control in the anti-virus driver wsdkd.sys of Watchdog Antivirus v1.4.158 allows attackers to write arbitrary files. |
| CVE-2022-39344 | 2022-11-04 | Azure RTOS USBX vulnerable to buffer overflow |
| CVE-2022-39384 | 2022-11-04 | OpenZeppelin Contracts initializer reentrancy may lead to double initialization |
| CVE-2022-39387 | 2022-11-04 | XWiki OIDC Authenticator vulnerable to OpenID login bypass due to improper authentication |
| CVE-2022-41666 | 2022-11-04 | A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that allows adversaries with local user privileges to load a malicious DLL which could lead to execution of malicious code. Affected... |
| CVE-2022-41667 | 2022-11-04 | A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that allows adversaries with local user privileges to load a malicious DLL which could lead... |
| CVE-2022-41668 | 2022-11-04 | A CWE-704: Incorrect Project Conversion vulnerability exists that allows adversaries with local user privileges to load a project file from an adversary-controlled network share which could result in execution of... |
| CVE-2022-41669 | 2022-11-04 | A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load a malicious DLL which could result in execution... |
| CVE-2022-41670 | 2022-11-04 | A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load malicious DLL... |
| CVE-2022-41671 | 2022-11-04 | A CWE-89: Improper Neutralization of Special Elements used in SQL Command (‘SQL Injection’) vulnerability exists that allows adversaries with local user privileges to craft a malicious SQL query and execute... |
| CVE-2022-43945 | 2022-11-04 | The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the... |
| CVE-2022-44724 | 2022-11-04 | The Handy Tip macro in Stiltsoft Handy Macros for Confluence Server/Data Center 3.x before 3.5.5 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability. |
| CVE-2022-27893 | 2022-11-04 | The Foundry Magritte plugin osisoft-pi-web-connector was found to be logging in a manner that captured authentication requests. |
| CVE-2022-27894 | 2022-11-04 | The Foundry Blobster service was found to have a cross-site scripting (XSS) vulnerability. |
| CVE-2022-40263 | 2022-11-04 | BD Totalys MultiProcessor - Hardcoded Credentials |
| CVE-2022-38660 | 2022-11-04 | HCL XPages applications are susceptible to Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2022-38654 | 2022-11-04 | HCL Domino is susceptible to an information disclosure vulnerability |
| CVE-2022-38661 | 2022-11-04 | HCL Workload Automation is affected by a vulnerability in Jlog component of the Master Domain Manager |
| CVE-2022-38656 | 2022-11-04 | HCL Commerce, when using Elasticsearch, could be affected by a denial of service vulnerability |
| CVE-2022-43562 | 2022-11-04 | Host Header Injection in Splunk Enterprise |
| CVE-2022-43563 | 2022-11-04 | Risky command safeguards bypass via rex search command field names in Splunk Enterprise |
| CVE-2022-43564 | 2022-11-04 | Denial of Service in Splunk Enterprise through search macros |
| CVE-2022-43565 | 2022-11-04 | Risky command safeguards bypass via ‘tstats command JSON in Splunk Enterprise |
| CVE-2022-43566 | 2022-11-04 | Risky command safeguards bypass via Search ID query in Analytics Workspace in Splunk Enterprise |
| CVE-2022-43567 | 2022-11-04 | Remote Code Execution via the Splunk Secure Gateway application Mobile Alerts feature |
| CVE-2022-43568 | 2022-11-04 | Reflected Cross-Site Scripting via the radio template in Splunk Enterprise |
| CVE-2022-43569 | 2022-11-04 | Persistent Cross-Site Scripting via a Data Model object name in Splunk Enterprise |
| CVE-2022-43570 | 2022-11-04 | XML External Entity Injection through a custom View in Splunk Enterprise |
| CVE-2022-43572 | 2022-11-04 | Indexing blockage via malformed data sent through S2S or HEC protocols in Splunk Enterprise |
| CVE-2022-3868 | 2022-11-05 | SourceCodester Sanitization Management System sql injection |
| CVE-2022-3869 | 2022-11-05 | Code Injection in froxlor/froxlor |
| CVE-2022-37710 | 2022-11-06 | Patterson Dental Eaglesoft 21 has AES-256 encryption but there are two ways to obtain a keyfile: (1) keybackup.data > License > Encryption Key or (2) Eaglesoft.Server.Configuration.data > DbEncryptKeyPrimary > Encryption... |
| CVE-2022-40284 | 2022-11-06 | A buffer overflow was discovered in NTFS-3G before 2022.10.3. Crafted metadata in an NTFS image can cause code execution. A local attacker can exploit this if the ntfs-3g binary is... |
| CVE-2022-42707 | 2022-11-06 | In Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04.3, and 22.10 before 22.10.0, embedded images are accessible without a sufficient permission check under certain conditions. |
| CVE-2022-42905 | 2022-11-06 | In wolfSSL before 5.5.2, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS 1.3 client or network attacker can trigger a buffer over-read on the heap... |
| CVE-2022-42919 | 2022-11-06 | Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non-default configuration. The Python multiprocessing library, when used with the forkserver start method on... |
| CVE-2022-44544 | 2022-11-06 | Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04.3, and 22.10 before 22.10.0 potentially allow a PDF export to trigger a remote shell if the site is running on... |
| CVE-2022-38164 | 2022-11-07 | A vulnerability affecting F-Secure SAFE browser for Android and iOS was discovered. A maliciously crafted website could make a phishing attack with URL spoofing as the browser only display certain... |
| CVE-2022-42920 | 2022-11-07 | Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing |
| CVE-2022-43317 | 2022-11-07 | A cross-site scripting (XSS) vulnerability in /hrm/index.php?msg of Human Resource Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. |
| CVE-2022-43318 | 2022-11-07 | Human Resource Management System v1.0 was discovered to contain a SQL injection vulnerability via the stateedit parameter at /hrm/state.php. |
| CVE-2021-42205 | 2022-11-07 | ELAN Miniport touchpad Windows driver before 24.21.51.2, as used in PC hardware from multiple manufacturers, allows local users to cause a system crash by sending a certain IOCTL request, because... |
| CVE-2022-2387 | 2022-11-07 | Easy Digital Downloads < 3.0 - Arbitrary Post Deletion via CSRF |
| CVE-2022-2711 | 2022-11-07 | WP All Import < 3.6.9 - Admin+ Directory traversal via file upload |
| CVE-2022-3418 | 2022-11-07 | WP All Import < 3.6.9 - Admin+ Arbitrary File Upload to RCE |
| CVE-2022-3451 | 2022-11-07 | Product Stock Manager < 1.0.5 - Subscriber+ Unauthorised AJAX Calls |
| CVE-2022-3462 | 2022-11-07 | Highlight Focus <= 1.1 - Admin+ Stored Cross Site Scripting |
| CVE-2022-3463 | 2022-11-07 | FluentForm < 4.3.13 - CSV Injection |
| CVE-2022-3481 | 2022-11-07 | WooCommerce Dropshipping < 4.4 - Unauthenticated SQLi |
| CVE-2022-3489 | 2022-11-07 | WP Hide <= 0.0.2 - Unauthenticated Settings Update |
| CVE-2022-3494 | 2022-11-07 | Complianz (Free < 6.3.4, Premium < 6.3.6) - Translator SQLi |
| CVE-2022-3536 | 2022-11-07 | Role Based Pricing for WooCommerce < 1.6.3 - Subscriber+ PHAR Deserialization |
| CVE-2022-3537 | 2022-11-07 | Role Based Pricing for WooCommerce < 1.6.2 - Subscriber+ Arbitrary File Upload |
| CVE-2022-3558 | 2022-11-07 | Import and export users and customers < 1.20.5 - Subscriber+ CSV Injection |
| CVE-2022-37865 | 2022-11-07 | Apache Ivy allows creating/overwriting any file on the system |
| CVE-2022-37866 | 2022-11-07 | Apache Ivy allows path traversal in the presence of a malicious repository |
| CVE-2022-38163 | 2022-11-07 | A Drag and Drop spoof vulnerability was discovered in F-Secure SAFE Browser for Android and iOS version 19.0 and below. Drag and drop operation by user on address bar could... |
| CVE-2022-3872 | 2022-11-07 | An off-by-one read/write issue was found in the SDHCI device of QEMU. It occurs when reading/writing the Buffer Data Port Register in sdhci_read_dataport and sdhci_write_dataport, respectively, if data_count == block_size.... |
| CVE-2022-3873 | 2022-11-07 | Cross-site Scripting (XSS) - DOM in jgraph/drawio |
| CVE-2022-3878 | 2022-11-07 | Maxon ERP browse_data sql injection |
| CVE-2022-42955 | 2022-11-07 | The PassWork extension 5.0.9 for Chrome and other browsers allows an attacker to obtain cleartext cached credentials. |
| CVE-2022-42956 | 2022-11-07 | The PassWork extension 5.0.9 for Chrome and other browsers allows an attacker to obtain the cleartext master password. |
| CVE-2022-42990 | 2022-11-07 | Food Ordering Management System v1.0 was discovered to contain a SQL injection vulnerability via the component /foms/all-orders.php?status=Cancelled%20by%20Customer. |
| CVE-2022-43046 | 2022-11-07 | Food Ordering Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /foms/place-order.php. |
| CVE-2022-43049 | 2022-11-07 | Canteen Management System Project v1.0 was discovered to contain a SQL injection vulnerability via the component /youthappam/add-food.php. |
| CVE-2022-43050 | 2022-11-07 | Online Tours & Travels Management System v1.0 was discovered to contain an arbitrary file upload vulnerability in the component update_profile.php. This vulnerability allows attackers to execute arbitrary code via a... |
| CVE-2022-43051 | 2022-11-07 | Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms/classes/Users.php?f=delete_test. |
| CVE-2022-43052 | 2022-11-07 | Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms/classes/Users.php?f=delete. |
| CVE-2022-43303 | 2022-11-07 | The d8s-strings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-uuids... |
| CVE-2022-43304 | 2022-11-07 | The d8s-timer for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-uuids... |
| CVE-2022-43305 | 2022-11-07 | The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-algorithms... |
| CVE-2022-43306 | 2022-11-07 | The d8s-timer for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-dates... |
| CVE-2022-43319 | 2022-11-07 | An information disclosure vulnerability in the component vcs/downloadFiles.php?download=./search.php of Simple E-Learning System v1.0 allows attackers to read arbitrary files. |
| CVE-2022-43350 | 2022-11-07 | Sanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php-sms/classes/Master.php?f=delete_inquiry. |
| CVE-2022-43351 | 2022-11-07 | Sanitization Management System v1.0 was discovered to contain an arbitrary file deletion vulnerability via the component /classes/Master.php?f=delete_img. |
| CVE-2022-43352 | 2022-11-07 | Sanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php-sms/classes/Master.php?f=delete_quote. |
| CVE-2022-43359 | 2022-11-07 | Gifdec commit 1dcbae19363597314f6623010cc80abad4e47f7c was discovered to contain an out-of-bounds read in the function read_image_data. This vulnerability is triggered when parsing a crafted Gif file. |
| CVE-2022-44048 | 2022-11-07 | The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-domains... |
| CVE-2022-44049 | 2022-11-07 | The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-grammars... |
| CVE-2022-44050 | 2022-11-07 | The d8s-networking for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-json... |
| CVE-2022-44051 | 2022-11-07 | The d8s-stats for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-math... |
| CVE-2022-44052 | 2022-11-07 | The d8s-dates for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-timezones... |
| CVE-2022-44053 | 2022-11-07 | The d8s-networking for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-user-agents... |
| CVE-2022-44054 | 2022-11-07 | The d8s-xml for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-utility... |
| CVE-2022-44792 | 2022-11-07 | handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker (who has write access) to cause the instance... |
| CVE-2022-44793 | 2022-11-07 | handle_ipv6IpForwarding in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.4.3 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker to cause the instance to crash via a... |
| CVE-2022-44794 | 2022-11-07 | An issue was discovered in Object First Ootbi BETA build 1.0.7.712. Management protocol has a flow which allows a remote attacker to execute arbitrary Bash code with root privileges. The... |
| CVE-2022-44795 | 2022-11-07 | An issue was discovered in Object First Ootbi BETA build 1.0.7.712. A flaw was found in the Web Service, which could lead to local information disclosure. The command that creates... |
| CVE-2022-44796 | 2022-11-07 | An issue was discovered in Object First Ootbi BETA build 1.0.7.712. The authorization service has a flow that allows getting access to the Web UI without knowing credentials. For signing,... |
| CVE-2022-44797 | 2022-11-07 | btcd before 0.23.2, as used in Lightning Labs lnd before 0.15.2-beta and other Bitcoin-related products, mishandles witness size checking. |
| CVE-2020-12507 | 2022-11-07 | s::can moni::tools autheticated SQL injection |
| CVE-2020-12508 | 2022-11-07 | s::can moni::tools prone to path traversal in image-relocator module |
| CVE-2020-12509 | 2022-11-07 | s::can moni::tools prone to path traversal in camera-file module |
| CVE-2022-2188 | 2022-11-07 | DXL Broker privilege escalation vulnerability |