Lista CVE - 2022 / Dicembre
Visualizzazione 1501 - 1600 di 2356 CVE per Dicembre 2022 (Pagina 16 di 24)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2022-46539 | 2022-12-20 | Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the security_5g parameter at /goform/WifiBasicSet. |
| CVE-2022-46540 | 2022-12-20 | Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the entrys parameter at /goform/addressNat. |
| CVE-2022-46541 | 2022-12-20 | Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the ssid parameter at /goform/fast_setting_wifi_set. |
| CVE-2022-46542 | 2022-12-20 | Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the page parameter at /goform/addressNat. |
| CVE-2022-46543 | 2022-12-20 | Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the mitInterface parameter at /goform/addressNat. |
| CVE-2022-46544 | 2022-12-20 | Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the cmdinput parameter at /goform/exeCommand. |
| CVE-2022-46545 | 2022-12-20 | Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the page parameter at /goform/NatStaticSetting. |
| CVE-2022-46546 | 2022-12-20 | Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the entrys parameter at /goform/RouteStatic. |
| CVE-2022-46547 | 2022-12-20 | Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the page parameter at /goform/VirtualSer. |
| CVE-2022-46548 | 2022-12-20 | Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the page parameter at /goform/DhcpListClient. |
| CVE-2022-46549 | 2022-12-20 | Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the deviceId parameter at /goform/saveParentControlInfo. |
| CVE-2022-46550 | 2022-12-20 | Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the urls parameter at /goform/saveParentControlInfo. |
| CVE-2022-46551 | 2022-12-20 | Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the time parameter at /goform/saveParentControlInfo. |
| CVE-2022-46910 | 2022-12-20 | An issue in the firmware update process of TP-Link TL-WA901ND V1 up to v3.11.2 and TL-WA901N V2 up to v3.12.16 allows attackers to execute arbitrary code or cause a Denial... |
| CVE-2022-46912 | 2022-12-20 | An issue in the firmware update process of TP-Link TL-WR841N / TL-WA841ND V7 3.13.9 and earlier allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via... |
| CVE-2022-46914 | 2022-12-20 | An issue in the firmware update process of TP-LINK TL-WA801N / TL-WA801ND V1 v3.12.16 and earlier allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via... |
| CVE-2022-47629 | 2022-12-20 | Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser. |
| CVE-2022-38655 | 2022-12-20 | HCL BigFix WebUI is affected by a missing-permission-check vulnerability |
| CVE-2022-46421 | 2022-12-20 | Apache Airflow Hive Provider: Hive Provider RCE vulnerability with hive_cli_params |
| CVE-2022-4287 | 2022-12-20 | Authentication bypass in local application lock feature in Devolutions Remote Desktop Manager 2022.3.26 and earlier on Windows allows malicious user to access the application. |
| CVE-2022-4619 | 2022-12-20 | The Sidebar Widgets by CodeLights plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Extra CSS class’ parameter in versions up to, and including, 1.4 due to insufficient... |
| CVE-2022-43872 | 2022-12-20 | IBM Financial Transaction Manager information disclosure |
| CVE-2022-43875 | 2022-12-20 | IBM Financial Transaction Manager for SWIFT Services for Multiplatforms denial of service |
| CVE-2022-23537 | 2022-12-20 | PJSIP vulnerable to heap buffer overflow when decoding STUN message |
| CVE-2022-46771 | 2022-12-20 | IBM UrbanCode Deploy (UCD) cross-site scripting |
| CVE-2022-39304 | 2022-12-20 | ghinstallation returns app JWT in error responses |
| CVE-2022-43382 | 2022-12-20 | IBM AIX denial of service |
| CVE-2022-23542 | 2022-12-20 | OpenFGA Authorization Bypass |
| CVE-2022-39166 | 2022-12-20 | IBM Security Guardium information disclosure |
| CVE-2022-38391 | 2022-12-20 | IBM Spectrum Control information disclosure |
| CVE-2021-4264 | 2022-12-21 | LinkedIn dustjs prototype pollution |
| CVE-2021-4265 | 2022-12-21 | siwapp-ror cross site scripting |
| CVE-2022-4632 | 2022-12-21 | Auto Upload Images cross site scripting |
| CVE-2022-4633 | 2022-12-21 | Auto Upload Images Settings setting-page.php cross-site request forgery |
| CVE-2022-4643 | 2022-12-21 | docconv pdf_ocr.go ConvertPDFImages os command injection |
| CVE-2020-36620 | 2022-12-21 | Brondahl EnumStringValues EnumExtensions.cs GetStringValuesWithPreferences_Uncache resource consumption |
| CVE-2020-36621 | 2022-12-21 | chedabob whatismyudid mobileconfig.js exports.enrollment cross site scripting |
| CVE-2020-36622 | 2022-12-21 | sah-comp bienlein cross-site request forgery |
| CVE-2020-36623 | 2022-12-21 | Pengu index.js runApp cross-site request forgery |
| CVE-2021-4263 | 2022-12-21 | leanote history.js define cross site scripting |
| CVE-2021-4266 | 2022-12-21 | Webdetails cpf DependenciesPackage.java cross site scripting |
| CVE-2021-4267 | 2022-12-21 | tad_discuss cross site scripting |
| CVE-2021-4268 | 2022-12-21 | phpRedisAdmin cross-site request forgery |
| CVE-2021-4269 | 2022-12-21 | SimpleRisk common.js checkAndSetValidation cross site scripting |
| CVE-2021-4270 | 2022-12-21 | Imprint CMS ViewHelpers.cs SearchForm cross site scripting |
| CVE-2021-4271 | 2022-12-21 | panicsteve w2wiki Markdown index.php toHTML cross site scripting |
| CVE-2021-4272 | 2022-12-21 | studygolang topics.js cross site scripting |
| CVE-2021-4273 | 2022-12-21 | studygolang search.go Search cross site scripting |
| CVE-2021-4274 | 2022-12-21 | sileht bird-lg layout.html cross site scripting |
| CVE-2021-4275 | 2022-12-21 | katlings pyambic-pentameter cross-site request forgery |
| CVE-2022-36221 | 2022-12-21 | Nokia Fastmile 3tg00118abad52 is affected by an authenticated path traversal vulnerability which allows attackers to read any named pipe file on the system. |
| CVE-2022-36222 | 2022-12-21 | Nokia Fastmile 3tg00118abad52 devices shipped by Optus are shipped with a default hardcoded admin account of admin:Nq+L5st7o This account can be used locally to access the web admin interface. |
| CVE-2022-38546 | 2022-12-21 | A DNS misconfiguration was found in Zyxel NBG7510 firmware versions prior to V1.00(ABZY.3)C0, which could allow an unauthenticated attacker to access the DNS server when the device is switched to... |
| CVE-2022-40841 | 2022-12-21 | A cross-site scripting (XSS) vulnerability in NdkAdvancedCustomizationFields v3.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payloads injected into the "htmlNodes" parameter. |
| CVE-2022-43543 | 2022-12-21 | KDDI +Message App, NTT DOCOMO +Message App, and SoftBank +Message App contain a vulnerability caused by improper handling of Unicode control characters. +Message App displays text unprocessed, even when control... |
| CVE-2022-44449 | 2022-12-21 | Stored cross-site scripting vulnerability in Zenphoto versions prior to 1.6 allows remote a remote authenticated attacker with an administrative privilege to inject an arbitrary script. |
| CVE-2022-46095 | 2022-12-21 | Sourcecodester Covid-19 Directory on Vaccination System 1.0 was discovered to contain a Cross-Site Scripting (XSS) vulnerability via verification.php because the program does not verify the txtvaccinationID parameter. |
| CVE-2022-46096 | 2022-12-21 | A Cross site scripting (XSS) vulnerability in Sourcecodester Online Covid-19 Directory on Vaccination System v1.0 allows attackers to execute arbitrary code via the txtfullname parameter or txtphone parameter to register.php... |
| CVE-2022-4617 | 2022-12-21 | Cross-site Scripting (XSS) - Reflected in microweber/microweber |
| CVE-2022-46282 | 2022-12-21 | Use after free vulnerability in CX-Drive V3.00 and earlier allows a local attacker to execute arbitrary code by having a user to open a specially crafted file, |
| CVE-2022-4630 | 2022-12-21 | Sensitive Cookie Without 'HttpOnly' Flag in lirantal/daloradius |
| CVE-2022-4631 | 2022-12-21 | WP-Ban ban-options.php cross site scripting |
| CVE-2022-46330 | 2022-12-21 | Squirrel.Windows is both a toolset and a library that provides installation and update functionality for Windows desktop applications. Installers generated by Squirrel.Windows 2.0.1 and earlier contain an issue with the... |
| CVE-2022-4637 | 2022-12-21 | ep3-bs cross site scripting |
| CVE-2022-4638 | 2022-12-21 | collective.contact.widget widgets.py title cross site scripting |
| CVE-2022-4639 | 2022-12-21 | sslh Packet Dumping probe.c hexdump format string |
| CVE-2022-4640 | 2022-12-21 | Mingsoft MCMS Article save cross site scripting |
| CVE-2022-4641 | 2022-12-21 | pig-vector LogisticRegression.java LogisticRegression temp file |
| CVE-2022-4642 | 2022-12-21 | tatoeba2 Profile Name cross site scripting |
| CVE-2022-46662 | 2022-12-21 | Roxio Creator LJB starts another program with an unquoted file path. Since a registered Windows service path contains spaces and are unquoted, if a malicious executable is placed on a... |
| CVE-2022-47581 | 2022-12-21 | Isode M-Vault 16.0v0 through 17.x before 17.0v24 can crash upon an LDAP v1 bind request. |
| CVE-2022-47635 | 2022-12-21 | Wildix WMS 6 before 6.02.20221216, WMS 5 before 5.04.20221214, and WMS4 before 4.04.45396.23 allows Server-side request forgery (SSRF) via ZohoClient.php. |
| CVE-2022-25171 | 2022-12-21 | Command Injection |
| CVE-2022-25904 | 2022-12-21 | Prototype Pollution |
| CVE-2022-25931 | 2022-12-21 | Directory Traversal |
| CVE-2022-25940 | 2022-12-21 | Denial of Service (DoS) |
| CVE-2022-28173 | 2022-12-21 | The web server of some Hikvision wireless bridge products have an access control vulnerability which can be used to obtain the admin permission. The attacker can exploit the vulnerability by... |
| CVE-2022-30679 | 2022-12-21 | AEM Reflected XSS Arbitrary code execution |
| CVE-2022-35693 | 2022-12-21 | AEM Reflected XSS Arbitrary code execution |
| CVE-2022-35695 | 2022-12-21 | AEM Reflected XSS Arbitrary code execution |
| CVE-2022-42345 | 2022-12-21 | AEM Reflected XSS Arbitrary code execution |
| CVE-2022-42346 | 2022-12-21 | AEM Reflected XSS Arbitrary code execution |
| CVE-2022-42348 | 2022-12-21 | AEM Reflected XSS Arbitrary code execution |
| CVE-2022-42349 | 2022-12-21 | AEM Reflected XSS Arbitrary code execution |
| CVE-2022-42350 | 2022-12-21 | AEM Reflected XSS Arbitrary code execution |
| CVE-2022-42352 | 2022-12-21 | AEM Reflected XSS Arbitrary code execution |
| CVE-2022-42354 | 2022-12-21 | AEM Reflected XSS Arbitrary code execution |
| CVE-2022-42356 | 2022-12-21 | AEM Reflected XSS Arbitrary code execution |
| CVE-2022-42357 | 2022-12-21 | AEM Reflected XSS Arbitrary code execution |
| CVE-2022-42362 | 2022-12-21 | AEM Reflected XSS Arbitrary code execution |
| CVE-2022-42364 | 2022-12-21 | AEM Reflected XSS Arbitrary code execution |
| CVE-2022-42365 | 2022-12-21 | AEM Reflected XSS Arbitrary code execution |
| CVE-2022-44463 | 2022-12-21 | AEM Reflected XSS Arbitrary code execution |
| CVE-2022-44465 | 2022-12-21 | AEM Reflected XSS Arbitrary code execution |
| CVE-2022-44466 | 2022-12-21 | AEM Reflected XSS Arbitrary code execution |
| CVE-2022-44467 | 2022-12-21 | AEM Reflected XSS Arbitrary code execution |
| CVE-2022-44470 | 2022-12-21 | AEM Reflected XSS Arbitrary code execution |
| CVE-2022-44471 | 2022-12-21 | AEM Reflected XSS Arbitrary code execution |
| CVE-2022-44474 | 2022-12-21 | AEM Reflected XSS Arbitrary code execution |
| CVE-2022-44488 | 2022-12-21 | AEM URL Redirection to Untrusted Site Security feature bypass |