Lista CVE - 2022 / Dicembre
Visualizzazione 1301 - 1400 di 2356 CVE per Dicembre 2022 (Pagina 14 di 24)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2022-44750 | 2022-12-17 | HCL Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. |
| CVE-2022-44752 | 2022-12-17 | HCL Domino is susceptible to a stack based buffer overflow vulnerability in wp6sr.dll in Micro Focus KeyView |
| CVE-2022-44754 | 2022-12-17 | HCL Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. |
| CVE-2022-38659 | 2022-12-17 | HCL BigFix Platform is affected by insecure credential storage |
| CVE-2022-42453 | 2022-12-17 | HCL BigFix Platform is affected by insufficient warnings |
| CVE-2021-4250 | 2022-12-18 | cgriego active_attr Regex boolean_typecaster.rb call denial of service |
| CVE-2021-4257 | 2022-12-18 | ctrlo lenio Task task.tt cross site scripting |
| CVE-2022-4597 | 2022-12-18 | Shoplazza LifeStyle Create Product v2_products cross site scripting |
| CVE-2022-4603 | 2022-12-18 | ppp pppdump pppdump.c dumpppp array index |
| CVE-2022-4604 | 2022-12-18 | wp-english-wp-admin Plugin english-wp-admin.php register_endpoints cross-site request forgery |
| CVE-2022-4607 | 2022-12-18 | 3D City Database OGC Web Feature Service xml external entity reference |
| CVE-2020-36617 | 2022-12-18 | ewxrjk sftpserver parse.c sftp_parse_path uninitialized pointer |
| CVE-2021-4247 | 2022-12-18 | OWASP NodeGoat Query Parameter research.js denial of service |
| CVE-2021-4248 | 2022-12-18 | kapetan dns Request.cs entropy |
| CVE-2021-4249 | 2022-12-18 | xml-conduit DOCTYPE Entity Expansion Parse.hs infinite loop |
| CVE-2021-4251 | 2022-12-18 | as include.cdn.php getFullURL cross site scripting |
| CVE-2021-4252 | 2022-12-18 | WP-Ban ban-options.php toggle_checkbox cross site scripting |
| CVE-2021-4253 | 2022-12-18 | ctrlo lenio Ticket Lenio.pm cross site scripting |
| CVE-2021-4254 | 2022-12-18 | ctrlo lenio Notice main.tt cross site scripting |
| CVE-2021-4255 | 2022-12-18 | ctrlo lenio contractor.tt cross site scripting |
| CVE-2021-4256 | 2022-12-18 | ctrlo lenio index.tt cross site scripting |
| CVE-2022-4592 | 2022-12-18 | luckyshot CRMx index.php commentdelete sql injection |
| CVE-2022-4593 | 2022-12-18 | retra-system cross site scripting |
| CVE-2022-4594 | 2022-12-18 | drogatkin TJWS2 WarRoller.java deployWar path traversal |
| CVE-2022-4595 | 2022-12-18 | django-openipam exposed_hosts.html cross site scripting |
| CVE-2022-4596 | 2022-12-18 | Shoplazza Add Blog Post cross site scripting |
| CVE-2022-4598 | 2022-12-18 | Shoplazza LifeStyle Announcement cross site scripting |
| CVE-2022-4599 | 2022-12-18 | Shoplazza LifeStyle Product cross site scripting |
| CVE-2022-4600 | 2022-12-18 | Shoplazza LifeStyle Product Carousel cross site scripting |
| CVE-2022-4601 | 2022-12-18 | Shoplazza LifeStyle Shipping/Member Discount/Icon cross site scripting |
| CVE-2022-4602 | 2022-12-18 | Shoplazza LifeStyle Review Flow cross site scripting |
| CVE-2022-4605 | 2022-12-18 | Cross-site Scripting (XSS) - Stored in flatpressblog/flatpress |
| CVE-2022-4606 | 2022-12-18 | PHP Remote File Inclusion in flatpressblog/flatpress |
| CVE-2022-47514 | 2022-12-18 | An XML external entity (XXE) injection vulnerability in XML-RPC.NET before 2.5.0 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, as demonstrated by a pingback.aspx POST request. |
| CVE-2022-47515 | 2022-12-18 | An issue was discovered in drachtio-server before 0.8.20. It allows remote attackers to cause a denial of service (daemon crash) via a long message in a TCP request that leads... |
| CVE-2022-47516 | 2022-12-18 | An issue was discovered in the libsofia-sip fork in drachtio-server before 0.8.20. It allows remote attackers to cause a denial of service (daemon crash) via a crafted UDP message that... |
| CVE-2022-47517 | 2022-12-18 | An issue was discovered in the libsofia-sip fork in drachtio-server before 0.8.19. It allows remote attackers to cause a denial of service (daemon crash) via a crafted UDP message that... |
| CVE-2022-47518 | 2022-12-18 | An issue was discovered in the Linux kernel before 6.0.11. Missing validation of the number of channels in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger a heap-based buffer overflow... |
| CVE-2022-47519 | 2022-12-18 | An issue was discovered in the Linux kernel before 6.0.11. Missing validation of IEEE80211_P2P_ATTR_OPER_CHANNEL in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger an out-of-bounds write when parsing the channel... |
| CVE-2022-47520 | 2022-12-18 | An issue was discovered in the Linux kernel before 6.0.11. Missing offset validation in drivers/net/wireless/microchip/wilc1000/hif.c in the WILC1000 wireless driver can trigger an out-of-bounds read when parsing a Robust Security... |
| CVE-2022-47521 | 2022-12-18 | An issue was discovered in the Linux kernel before 6.0.11. Missing validation of IEEE80211_P2P_ATTR_CHANNEL_LIST in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger a heap-based buffer overflow when parsing the... |
| CVE-2016-20018 | 2022-12-19 | Knex Knex.js through 2.3.0 has a limited SQL injection vulnerability that can be exploited to ignore the WHERE clause of a SQL query. |
| CVE-2021-4259 | 2022-12-19 | phpRedisAdmin login.inc.php authHttpDigest wrong operator in string comparison |
| CVE-2022-3775 | 2022-12-19 | When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an... |
| CVE-2022-4611 | 2022-12-19 | Click Studios Passwordstate hard-coded credentials |
| CVE-2020-36618 | 2022-12-19 | Furqan node-whois index.coffee prototype pollution |
| CVE-2020-36619 | 2022-12-19 | multimon-ng demod_flex.c add_ch format string |
| CVE-2021-33640 | 2022-12-19 | After tar_close(), libtar.c releases the memory pointed to by pointer t. After tar_close() is called in the list() function, it continues to use pointer t: free_longlink_longname(t->th_buf) . As a result,... |
| CVE-2021-4258 | 2022-12-19 | whohas Package Information cleartext transmission |
| CVE-2021-4260 | 2022-12-19 | oils-js Web.js redirect |
| CVE-2021-4261 | 2022-12-19 | pacman-canvas db-handler.php addHighscore sql injection |
| CVE-2021-4262 | 2022-12-19 | laravel-jqgrid EloquentRepositoryAbstract.php getRows sql injection |
| CVE-2022-31683 | 2022-12-19 | Concourse (7.x.y prior to 7.8.3 and 6.x.y prior to 6.7.9) contains an authorization bypass issue. A Concourse user can send a request with body including :team_name=team2 to bypass team scope... |
| CVE-2022-3875 | 2022-12-19 | Click Studios Passwordstate API authentication bypass by assumed-immutable data |
| CVE-2022-3876 | 2022-12-19 | Click Studios Passwordstate API authorization |
| CVE-2022-3877 | 2022-12-19 | Click Studios Passwordstate URL Field cross site scripting |
| CVE-2022-40434 | 2022-12-19 | Softr v2.0 was discovered to be vulnerable to HTML injection via the Name field of the Account page. |
| CVE-2022-40435 | 2022-12-19 | Employee Performance Evaluation System v1.0 was discovered to contain a persistent cross-site scripting (XSS) vulnerability via adding new entries under the Departments and Designations module. |
| CVE-2022-41418 | 2022-12-19 | An issue in the component BlogEngine/BlogEngine.NET/AppCode/Api/UploadController.cs of BlogEngine.NET v3.3.8.0 allows attackers to execute arbitrary code via uploading a crafted PNG file. |
| CVE-2022-41993 | 2022-12-19 | Cross-site scripting vulnerability in DENSHI NYUSATSU CORE SYSTEM v6 R4 and earlier allows a remote unauthenticated attacker to inject an arbitrary script. |
| CVE-2022-42945 | 2022-12-19 | DWG TrueViewTM 2023 version has a DLL Search Order Hijacking vulnerability. Successful exploitation by a malicious attacker could result in remote code execution on the target system. |
| CVE-2022-42946 | 2022-12-19 | Parsing a maliciously crafted X_B and PRT file can force Autodesk Maya 2023 and 2022 to read beyond allocated buffer. This vulnerability in conjunction with other vulnerabilities could lead to... |
| CVE-2022-42947 | 2022-12-19 | A maliciously crafted X_B file when parsed through Autodesk Maya 2023 and 2022 can be used to write beyond the allocated buffer. This vulnerability can lead to arbitrary code execution. |
| CVE-2022-43289 | 2022-12-19 | Deark v.1.6.2 was discovered to contain a stack overflow via the do_prism_read_palette() function at /modules/atari-img.c. |
| CVE-2022-43443 | 2022-12-19 | OS command injection vulnerability in Buffalo network devices allows an network-adjacent attacker to execute an arbitrary OS command if a specially crafted request is sent to the management page. |
| CVE-2022-43466 | 2022-12-19 | OS command injection vulnerability in Buffalo network devices allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command if a specially crafted request is sent to... |
| CVE-2022-43486 | 2022-12-19 | Hidden functionality vulnerability in Buffalo network devices allows a network-adjacent attacker with an administrative privilege to enable the debug functionalities and execute an arbitrary command on the affected devices. |
| CVE-2022-44108 | 2022-12-19 | pdftojson commit 94204bb was discovered to contain a stack overflow via the component Object::copy(Object*):Object.cc. |
| CVE-2022-44109 | 2022-12-19 | pdftojson commit 94204bb was discovered to contain a stack overflow via the component Stream::makeFilter(char*, Stream*, Object*, int). |
| CVE-2022-44456 | 2022-12-19 | CONPROSYS HMI System (CHS) Ver.3.4.4?and earlier allows a remote unauthenticated attacker to execute an arbitrary OS command on the server where the product is running by sending a specially crafted... |
| CVE-2022-44940 | 2022-12-19 | Patchelf v0.9 was discovered to contain an out-of-bounds read via the function modifyRPath at src/patchelf.cc. |
| CVE-2022-45041 | 2022-12-19 | SQL Injection exits in xinhu < 2.5.0 |
| CVE-2022-4609 | 2022-12-19 | Cross-site Scripting (XSS) - Stored in usememos/memos |
| CVE-2022-4610 | 2022-12-19 | Click Studios Passwordstate risky encryption |
| CVE-2022-4612 | 2022-12-19 | Click Studios Passwordstate insufficiently protected credentials |
| CVE-2022-4613 | 2022-12-19 | Click Studios Passwordstate Browser Extension Provisioning improper authorization |
| CVE-2022-4614 | 2022-12-19 | Cross-site Scripting (XSS) - Stored in alagrede/znote-app |
| CVE-2022-4615 | 2022-12-19 | Cross-site Scripting (XSS) - Reflected in openemr/openemr |
| CVE-2022-46287 | 2022-12-19 | Cross-site scripting vulnerability in DENSHI NYUSATSU CORE SYSTEM v6 R4 and earlier allows a remote unauthenticated attacker to inject an arbitrary script. |
| CVE-2022-46288 | 2022-12-19 | Open redirect vulnerability in DENSHI NYUSATSU CORE SYSTEM v6 R4 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing... |
| CVE-2022-46399 | 2022-12-19 | The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) is unresponsive with ConReqTimeoutZero. |
| CVE-2022-46400 | 2022-12-19 | The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) allows attackers to bypass passkey entry in legacy pairing. |
| CVE-2022-46401 | 2022-12-19 | The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) accepts PauseEncReqPlainText before pairing is complete. |
| CVE-2022-46402 | 2022-12-19 | The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) accepts PairCon_rmSend with incorrect values. |
| CVE-2022-46403 | 2022-12-19 | The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) mishandles reject messages. |
| CVE-2022-47547 | 2022-12-19 | GossipSub 1.1, as used for Ethereum 2.0, allows a peer to maintain a positive score (and thus not be pruned from the network) even though it continuously misbehaves by never... |
| CVE-2022-47549 | 2022-12-19 | An unprotected memory-access operation in optee_os in TrustedFirmware Open Portable Trusted Execution Environment (OP-TEE) before 3.20 allows a physically proximate adversary to bypass signature verification and install malicious trusted applications... |
| CVE-2022-47551 | 2022-12-19 | Apiman 1.5.7 through 2.2.3.Final has insufficient checks for read permissions within the Apiman Manager REST API. The root cause of the issue is the Apiman project's accidental acceptance of a... |
| CVE-2022-4427 | 2022-12-19 | SQL Injection via OTRS Search API |
| CVE-2022-27498 | 2022-12-19 | A directory traversal vulnerability exists in the TicketTemplateActions.aspx GetTemplateAttachment functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP... |
| CVE-2022-28703 | 2022-12-19 | A stored cross-site scripting vulnerability exists in the HdConfigActions.aspx altertextlanguages functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send... |
| CVE-2022-29511 | 2022-12-19 | A directory traversal vulnerability exists in the KnowledgebasePageActions.aspx ImportArticles functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP... |
| CVE-2022-29517 | 2022-12-19 | A directory traversal vulnerability exists in the HelpdeskActions.aspx edittemplate functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary file upload. An attacker can send an HTTP... |
| CVE-2022-32573 | 2022-12-19 | A directory traversal vulnerability exists in the AssetActions.aspx addDoc functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary file upload. An attacker can send an HTTP... |
| CVE-2022-32763 | 2022-12-19 | A cross-site scripting (xss) sanitization vulnerability bypass exists in the SanitizeHtml functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can... |
| CVE-2022-35694 | 2022-12-19 | AEM Reflected XSS Arbitrary code execution |
| CVE-2022-35696 | 2022-12-19 | AEM Reflected XSS Arbitrary code execution |
| CVE-2022-42343 | 2022-12-19 | Adobe Campaign Classic Server-Side Request Forgery Arbitrary file system read |
| CVE-2022-42351 | 2022-12-19 | AEM Incorrect Authorization Security feature bypass |
| CVE-2022-42360 | 2022-12-19 | AEM Reflected XSS Arbitrary code execution |