Lista CVE - 2022 / Dicembre
Visualizzazione 1401 - 1500 di 2356 CVE per Dicembre 2022 (Pagina 15 di 24)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2022-44462 | 2022-12-19 | AEM Reflected XSS Arbitrary code execution |
| CVE-2022-44498 | 2022-12-19 | Adobe Illustrator Out-of-Bound Read Memory leak |
| CVE-2022-44499 | 2022-12-19 | Adobe Illustrator Out-of-Bound Read Memory leak |
| CVE-2022-44500 | 2022-12-19 | Adobe Illustrator Out-of-Bound Read Memory leak |
| CVE-2022-44502 | 2022-12-19 | Adobe Illustrator Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2022-46768 | 2022-12-19 | File name information disclosure vulnerability in Zabbix Web Service Report Generation |
| CVE-2022-41992 | 2022-12-19 | A memory corruption vulnerability exists in the VHD File Format parsing CXSPARSE record functionality of PowerISO PowerISO 8.3. A specially-crafted file can lead to an out-of-bounds write. A victim needs... |
| CVE-2022-42366 | 2022-12-19 | AEM Reflected XSS Arbitrary code execution |
| CVE-2022-42367 | 2022-12-19 | AEM Reflected XSS Arbitrary code execution |
| CVE-2022-44468 | 2022-12-19 | AEM Reflected XSS Arbitrary code execution |
| CVE-2022-44469 | 2022-12-19 | AEM Reflected XSS Arbitrary code execution |
| CVE-2022-44473 | 2022-12-19 | AEM Reflected XSS Arbitrary code execution |
| CVE-2022-47500 | 2022-12-19 | Apache Helix: Open redirect |
| CVE-2022-32749 | 2022-12-19 | Apache Traffic Server: Improperly handled requests can cause crashes in specific plugins |
| CVE-2022-37392 | 2022-12-19 | Apache Traffic Server: Improperly reading the client requests |
| CVE-2022-40743 | 2022-12-19 | Apache Traffic Server: Security issues with the xdebug plugin |
| CVE-2022-4063 | 2022-12-19 | InPost Gallery < 2.1.4.1 - Unauthenticated LFI to RCE |
| CVE-2022-3986 | 2022-12-19 | WP Stripe Checkout < 1.2.2.21 - Contributor+ Stored XSS |
| CVE-2022-3832 | 2022-12-19 | External Media < 1.0.36 - Admin+ Stored XSS |
| CVE-2022-4024 | 2022-12-19 | Pie Register < 3.8.1.3 - Unauthenticated Arbitrary User Deletion |
| CVE-2022-3985 | 2022-12-19 | Videojs HTML5 Player < 1.1.9 - Contributor+ Stored XSS |
| CVE-2022-3937 | 2022-12-19 | Easy Video Player < 1.2.2.3 - Contributor+ Stored XSS |
| CVE-2022-4061 | 2022-12-19 | JobBoardWP < 1.2.2 - Unauthenticated Arbitrary File Upload |
| CVE-2022-3983 | 2022-12-19 | Checkout for PayPal < 1.0.14 - Contributor+ Stored XSS |
| CVE-2022-4058 | 2022-12-19 | Photo Gallery < 1.8.3 - Stored XSS via CSRF |
| CVE-2022-4108 | 2022-12-19 | Wholesale Market for WooCommerce < 1.0.8 - Admin+ Arbitrary File Download |
| CVE-2022-3961 | 2022-12-19 | Directorist < 7.4.4 - Subscriber+ Sensitive Information Disclosure |
| CVE-2022-4112 | 2022-12-19 | Quizlord <= 2.0 - Admin+ Stored XSS |
| CVE-2022-3984 | 2022-12-19 | Flowplayer Video Player < 1.0.5 - Contributor+ Stored XSS |
| CVE-2022-3987 | 2022-12-19 | Responsive Lightbox2 < 1.0.4 - Contributor+ Stored XSS |
| CVE-2022-4124 | 2022-12-19 | Popup Manager <= 1.6.6 - Unauthenticated Arbitrary Popup Deletion |
| CVE-2022-4107 | 2022-12-19 | SMSA Shipping for WooCommerce < 1.0.5 - Subscriber+ Arbitrary File Download |
| CVE-2022-4125 | 2022-12-19 | Popup Manager <= 1.6.6 - Unauthenticated Stored XSS |
| CVE-2022-4106 | 2022-12-19 | Wholesale Market for WooCommerce < 1.0.7 - Unauthenticated Arbitrary File Download |
| CVE-2022-4050 | 2022-12-19 | JoomSport < 5.2.8 - Unauthenticated SQLi |
| CVE-2022-40607 | 2022-12-19 | IBM Spectrum Scale directory traversal |
| CVE-2022-38708 | 2022-12-19 | IBM Cognos Analytics server-side request forgery |
| CVE-2022-43887 | 2022-12-19 | IBM Cognos Analytics information disclosure |
| CVE-2022-43883 | 2022-12-19 | IBM Cognos Analytics data manipulation |
| CVE-2022-39160 | 2022-12-19 | IBM Cognos Analytics cross-site scripting |
| CVE-2022-42454 | 2022-12-19 | HCL BigFix Insights for Vulnerability Remediation (IVR) is vulnerable to improper certificate validation |
| CVE-2022-23536 | 2022-12-19 | Alertmanager can expose local files content via specially crafted config |
| CVE-2022-44756 | 2022-12-19 | HCL BigFix Insights for Vulnerability Remediation (IVR) is vulnerable to improper input validation |
| CVE-2022-23543 | 2022-12-19 | HTML attributes when attaching a YouTube link to the post |
| CVE-2022-3752 | 2022-12-19 | Rockwell Automation GuardLogix and ControlLogix controllers Vulnerable to Denial-Of-Service Attack |
| CVE-2022-47577 | 2022-12-20 | An issue was discovered in the endpoint protection agent in Zoho ManageEngine Device Control Plus 10.1.2228.15. Despite configuring complete restrictions on USB pendrives, USB HDD devices, memory cards, USB connections... |
| CVE-2022-47578 | 2022-12-20 | An issue was discovered in the endpoint protection agent in Zoho ManageEngine Device Control Plus 10.1.2228.15. Despite configuring complete restrictions on USB pendrives, USB HDD devices, memory cards, USB connections... |
| CVE-2021-46856 | 2022-12-20 | The multi-screen collaboration module has a path traversal vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. |
| CVE-2022-38733 | 2022-12-20 | OnCommand Insight versions 7.3.1 through 7.3.14 are susceptible to an authentication bypass vulnerability in the Data Warehouse component. |
| CVE-2022-38873 | 2022-12-20 | D-Link devices DAP-2310 v2.10rc036 and earlier, DAP-2330 v1.06rc020 and earlier, DAP-2360 v2.10rc050 and earlier, DAP-2553 v3.10rc031 and earlier, DAP-2660 v1.15rc093 and earlier, DAP-2690 v3.20rc106 and earlier, DAP-2695 v1.20rc119_beta31 and earlier,... |
| CVE-2022-40624 | 2022-12-20 | pfSense pfBlockerNG through 2.1.4_27 allows remote attackers to execute arbitrary OS commands as root via the HTTP Host header, a different vulnerability than CVE-2022-31814. |
| CVE-2022-41590 | 2022-12-20 | Some smartphones have authentication-related (including session management) vulnerabilities as the setup wizard is bypassed. Successful exploitation of this vulnerability affects the smartphone availability. |
| CVE-2022-41591 | 2022-12-20 | The backup module has a path traversal vulnerability. Successful exploitation of this vulnerability causes unauthorized access to other system files. |
| CVE-2022-41596 | 2022-12-20 | The system tool has inconsistent serialization and deserialization. Successful exploitation of this vulnerability will cause unauthorized startup of components. |
| CVE-2022-41599 | 2022-12-20 | The system service has a vulnerability that causes incorrect return values. Successful exploitation of this vulnerability may affect data confidentiality. |
| CVE-2022-42046 | 2022-12-20 | wfshbr64.sys and wfshbr32.sys specially crafted IOCTL allows arbitrary user to perform local privilege escalation |
| CVE-2022-42949 | 2022-12-20 | Silverstripe silverstripe/subsites through 2.6.0 has Insecure Permissions. |
| CVE-2022-4515 | 2022-12-20 | A flaw was found in Exuberant Ctags in the way it handles the "-o" option. This option specifies the tag filename. A crafted tag filename specified in the command line... |
| CVE-2022-45665 | 2022-12-20 | Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the funcpara1 parameter in the formSetCfm function. |
| CVE-2022-45666 | 2022-12-20 | Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the list parameter in the formwrlSSIDset function. |
| CVE-2022-45942 | 2022-12-20 | A Remote Code Execution (RCE) vulnerability was found in includes/baijiacms/common.inc.php in baijiacms v4. |
| CVE-2022-46020 | 2022-12-20 | WBCE CMS v1.5.4 can implement getshell by modifying the upload file type. |
| CVE-2022-46076 | 2022-12-20 | D-Link DIR-869 DIR869Ax_FW102B15 is vulnerable to Authentication Bypass via phpcgi. |
| CVE-2022-46139 | 2022-12-20 | TP-Link TL-WR940N V4 3.16.9 and earlier allows authenticated attackers to cause a Denial of Service (DoS) via uploading a crafted firmware image during the firmware update process. |
| CVE-2022-46310 | 2022-12-20 | The TelephonyProvider module has a vulnerability in obtaining values.Successful exploitation of this vulnerability may affect data confidentiality. |
| CVE-2022-46311 | 2022-12-20 | The contacts component has a free (undefined) provider vulnerability. Successful exploitation of this vulnerability may affect data integrity. |
| CVE-2022-46312 | 2022-12-20 | The application management module has a vulnerability in permission verification. Successful exploitation of this vulnerability causes unexpected clear of device applications. |
| CVE-2022-46313 | 2022-12-20 | The sensor privacy module has an authentication vulnerability. Successful exploitation of this vulnerability may cause unavailability of the smartphone's camera and microphone. |
| CVE-2022-46314 | 2022-12-20 | The IPC module has defects introduced in the design process. Successful exploitation of this vulnerability may affect system availability. |
| CVE-2022-46315 | 2022-12-20 | The ProfileSDK has defects introduced in the design process. Successful exploitation of this vulnerability may affect system availability. |
| CVE-2022-46316 | 2022-12-20 | A thread security vulnerability exists in the authentication process. Successful exploitation of this vulnerability may affect data integrity, confidentiality, and availability. |
| CVE-2022-46317 | 2022-12-20 | The power consumption module has an out-of-bounds read vulnerability. Successful exploitation of this vulnerability may affect system availability. |
| CVE-2022-46318 | 2022-12-20 | The HAware module has a function logic error. Successful exploitation of this vulnerability will affect the account removal function in Settings. |
| CVE-2022-46319 | 2022-12-20 | Fingerprint calibration has a vulnerability of lacking boundary judgment. Successful exploitation of this vulnerability may cause out-of-bounds write. |
| CVE-2022-46320 | 2022-12-20 | The kernel module has an out-of-bounds read vulnerability. Successful exploitation of this vulnerability may cause memory overwriting. |
| CVE-2022-46321 | 2022-12-20 | The Wi-Fi module has a vulnerability in permission verification. Successful exploitation of this vulnerability may affect data confidentiality. |
| CVE-2022-46322 | 2022-12-20 | Some smartphones have the out-of-bounds write vulnerability. Successful exploitation of this vulnerability may cause system service exceptions. |
| CVE-2022-46323 | 2022-12-20 | Some smartphones have the out-of-bounds write vulnerability.Successful exploitation of this vulnerability may cause system service exceptions. |
| CVE-2022-46324 | 2022-12-20 | Some smartphones have the out-of-bounds write vulnerability. Successful exploitation of this vulnerability may cause system service exceptions. |
| CVE-2022-46325 | 2022-12-20 | Some smartphones have the out-of-bounds write vulnerability.Successful exploitation of this vulnerability may cause system service exceptions. |
| CVE-2022-46326 | 2022-12-20 | Some smartphones have the out-of-bounds write vulnerability. Successful exploitation of this vulnerability may cause system service exceptions. |
| CVE-2022-46327 | 2022-12-20 | Some smartphones have configuration issues. Successful exploitation of this vulnerability may cause privilege escalation, which results in system service exceptions. |
| CVE-2022-46328 | 2022-12-20 | Some smartphones have the input validation vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. |
| CVE-2022-46422 | 2022-12-20 | An issue in Netgear WNR2000 v1 1.2.3.7 and earlier allows authenticated attackers to cause a Denial of Service (DoS) via uploading a crafted firmware image during the firmware update process. |
| CVE-2022-46423 | 2022-12-20 | An exploitable firmware modification vulnerability was discovered on the Netgear WNR2000v1 router. An attacker can conduct a MITM (Man-in-the-Middle) attack to modify the user-uploaded firmware image and bypass the CRC... |
| CVE-2022-46424 | 2022-12-20 | An exploitable firmware modification vulnerability was discovered on the Netgear XWN5001 Powerline 500 WiFi Access Point. An attacker can conduct a MITM (Man-in-the-Middle) attack to modify the user-uploaded firmware image... |
| CVE-2022-46428 | 2022-12-20 | TP-Link TL-WR1043ND V1 3.13.15 and earlier allows authenticated attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware image during the firmware update... |
| CVE-2022-46430 | 2022-12-20 | TP-Link TL-WR740N V1 and V2 v3.12.4 and earlier allows authenticated attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware image during the... |
| CVE-2022-46432 | 2022-12-20 | An exploitable firmware modification vulnerability was discovered on TP-Link TL-WR743ND V1. An attacker can conduct a MITM (Man-in-the-Middle) attack to modify the user-uploaded firmware image and bypass the CRC check,... |
| CVE-2022-46434 | 2022-12-20 | An issue in the firmware update process of TP-Link TL-WA7510N v1 v3.12.6 and earlier allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a... |
| CVE-2022-46435 | 2022-12-20 | An issue in the firmware update process of TP-Link TL-WR941ND V2/V3 up to 3.13.9 and TL-WR941ND V4 up to 3.12.8 allows attackers to execute arbitrary code or cause a Denial... |
| CVE-2022-46530 | 2022-12-20 | Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the mac parameter at /goform/GetParentControlInfo. |
| CVE-2022-46531 | 2022-12-20 | Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the deviceId parameter at /goform/addWifiMacFilter. |
| CVE-2022-46532 | 2022-12-20 | Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the deviceMac parameter at /goform/addWifiMacFilter. |
| CVE-2022-46533 | 2022-12-20 | Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the limitSpeed parameter at /goform/SetClientState. |
| CVE-2022-46534 | 2022-12-20 | Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the speed_dir parameter at /goform/SetSpeedWan. |
| CVE-2022-46535 | 2022-12-20 | Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the deviceId parameter at /goform/SetClientState. |
| CVE-2022-46536 | 2022-12-20 | Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the limitSpeedUp parameter at /goform/SetClientState. |
| CVE-2022-46537 | 2022-12-20 | Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the security parameter at /goform/WifiBasicSet. |
| CVE-2022-46538 | 2022-12-20 | Tenda F1203 V2.0.1.6 was discovered to contain a command injection vulnerability via the mac parameter at /goform/WriteFacMac. |