Lista CVE - 2022 / Dicembre
Visualizzazione 1601 - 1700 di 2356 CVE per Dicembre 2022 (Pagina 17 di 24)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2022-44643 | 2022-12-21 | Access policy with access to all tenants and using label selectors has more access |
| CVE-2022-47512 | 2022-12-21 | Sensitive Data Disclosure Vulnerability |
| CVE-2022-40145 | 2022-12-21 | Apache Karaf: JDBC JAAS LDAP injection |
| CVE-2022-23551 | 2022-12-21 | AAD Pod Identity obtaining token with backslash |
| CVE-2022-46334 | 2022-12-21 | Proofpoint Enterprise Protection Local Privilege Escalation |
| CVE-2022-3183 | 2022-12-21 | Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where a specific function does not sanitize the input provided by the user, which may expose the affected to an... |
| CVE-2022-3184 | 2022-12-21 | Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where the device’s existing firmware allows unauthenticated users to access an old PHP page vulnerable to directory traversal, which may... |
| CVE-2022-3185 | 2022-12-21 | Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where the affected product exposes sensitive data concerning the device. |
| CVE-2022-3186 | 2022-12-21 | Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where the affected product allows an attacker to access the device’s main management page from the cloud. This feature enables... |
| CVE-2022-3187 | 2022-12-21 | Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where certain PHP pages only validate when a valid connection is established with the database. However, these PHP pages do... |
| CVE-2022-3188 | 2022-12-21 | Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where unauthenticated users could open PHP index pages without authentication and download the history file from the device; the history... |
| CVE-2022-3189 | 2022-12-21 | Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where a specially crafted PHP script could use parameters from a HTTP request to create a URL capable of changing... |
| CVE-2022-24431 | 2022-12-21 | Command Injection |
| CVE-2022-25893 | 2022-12-21 | Arbitrary Code Execution |
| CVE-2022-25895 | 2022-12-21 | Directory Traversal |
| CVE-2022-25929 | 2022-12-21 | Cross-site Scripting (XSS) |
| CVE-2022-38060 | 2022-12-21 | A privilege escalation vulnerability exists in the sudo functionality of OpenStack Kolla git master 05194e7618. A misconfiguration in /etc/sudoers within a container can lead to increased privileges. |
| CVE-2022-38065 | 2022-12-21 | A privilege escalation vulnerability exists in the oslo.privsep functionality of OpenStack git master 05194e7618 and prior. Overly permissive functionality within tools leveraging this library within a container can lead increased... |
| CVE-2020-36624 | 2022-12-22 | ahorner text-helpers translation.rb reverse tabnabbing |
| CVE-2020-36625 | 2022-12-22 | destiny.gg chat main.go websocket.Upgrader cross-site request forgery |
| CVE-2022-3032 | 2022-12-22 | When receiving an HTML email that contained an <code>iframe</code> element, which used a <code>srcdoc</code> attribute to define the inner HTML document, remote objects specified in the nested document, for example... |
| CVE-2022-47928 | 2022-12-22 | In MISP before 2.4.167, there is XSS in the template file uploads in app/View/Templates/upload_file.ctp. |
| CVE-2020-15679 | 2022-12-22 | An OAuth session fixation vulnerability existed in the VPN login flow, where an attacker could craft a custom login URL, convince a VPN user to login via that URL, and... |
| CVE-2020-15685 | 2022-12-22 | During the plaintext phase of the STARTTLS connection setup, protocol commands could have been injected and evaluated within the encrypted session. This vulnerability affects Thunderbird < 78.7. |
| CVE-2021-36631 | 2022-12-22 | Untrusted search path vulnerability in Baidunetdisk Version 7.4.3 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. |
| CVE-2021-4126 | 2022-12-22 | When receiving an OpenPGP/MIME signed email message that contains an additional outer MIME message layer, for example a message footer added by a mailing list gateway, Thunderbird only considered the... |
| CVE-2021-4127 | 2022-12-22 | An out of date graphics library (Angle) likely contained vulnerabilities that could potentially be exploited. This vulnerability affects Thunderbird < 78.9 and Firefox ESR < 78.9. |
| CVE-2021-4128 | 2022-12-22 | When transitioning in and out of fullscreen mode, a graphics object was not correctly protected; resulting in memory corruption and a potentially exploitable crash.<br>*This bug only affects Firefox on MacOS.... |
| CVE-2021-4129 | 2022-12-22 | Mozilla developers and community members Julian Hector, Randell Jesup, Gabriele Svelto, Tyson Smith, Christian Holler, and Masayuki Nakano reported memory safety bugs present in Firefox 94. Some of these bugs... |
| CVE-2021-4140 | 2022-12-22 | It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird <... |
| CVE-2021-4221 | 2022-12-22 | If a domain name contained a RTL character, it would cause the domain to be rendered to the right of the path. This could lead to user confusion and spoofing... |
| CVE-2021-43657 | 2022-12-22 | A Stored Cross-site scripting (XSS) vulnerability via MAster.php in Sourcecodetester Simple Client Management System (SCMS) 1.0 allows remote attackers to inject arbitrary web script or HTML via the vulnerable input... |
| CVE-2022-0511 | 2022-12-22 | Mozilla developers and community members Gabriele Svelto, Sebastian Hengst, Randell Jesup, Luan Herrera, Lars T Hansen, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 96. Some... |
| CVE-2022-0517 | 2022-12-22 | Mozilla VPN can load an OpenSSL configuration file from an unsecured directory. A user or attacker with limited privileges could leverage this to launch arbitrary code with SYSTEM privilege. This... |
| CVE-2022-0566 | 2022-12-22 | It may be possible for an attacker to craft an email message that causes Thunderbird to perform an out-of-bounds write of one byte when processing the message. This vulnerability affects... |
| CVE-2022-0843 | 2022-12-22 | Mozilla developers Kershaw Chang, Ryan VanderMeulen, and Randell Jesup reported memory safety bugs present in Firefox 97. Some of these bugs showed evidence of memory corruption and we presume that... |
| CVE-2022-1097 | 2022-12-22 | <code>NSSToken</code> objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use-after-free and potentially exploitable crash. This vulnerability affects... |
| CVE-2022-1196 | 2022-12-22 | After a VR Process is destroyed, a reference to it may have been retained and used, leading to a use-after-free and potentially exploitable crash. This vulnerability affects Thunderbird < 91.8... |
| CVE-2022-1197 | 2022-12-22 | When importing a revoked key that specified key compromise as the revocation reason, Thunderbird did not update the existing copy of the key that was not yet revoked, and the... |
| CVE-2022-1520 | 2022-12-22 | When viewing an email message A, which contains an attached message B, where B is encrypted or digitally signed or both, Thunderbird may show an incorrect encryption or signature status.... |
| CVE-2022-1529 | 2022-12-22 | An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript... |
| CVE-2022-1802 | 2022-12-22 | If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged... |
| CVE-2022-1834 | 2022-12-22 | When displaying the sender of an email, and the sender name contained the Braille Pattern Blank space character multiple times, Thunderbird would have displayed all the spaces. This could have... |
| CVE-2022-1887 | 2022-12-22 | The search term could have been specified externally to trigger SQL injection. This vulnerability affects Firefox for iOS < 101. |
| CVE-2022-2200 | 2022-12-22 | If an object prototype was corrupted by an attacker, they would have been able to set undesired attributes on a JavaScript object, leading to privileged code execution. This vulnerability affects... |
| CVE-2022-2226 | 2022-12-22 | An OpenPGP digital signature includes information about the date when the signature was created. When displaying an email that contains a digital signature, the email's date will be shown. If... |
| CVE-2022-22736 | 2022-12-22 | If Firefox was installed to a world-writable directory, a local privilege escalation could occur when Firefox searched the current directory for system libraries. However the install directory is not world-writable... |
| CVE-2022-22737 | 2022-12-22 | Constructing audio sinks could have lead to a race condition when playing audio files and closing windows. This could have lead to a use-after-free causing a potentially exploitable crash. This... |
| CVE-2022-22738 | 2022-12-22 | Applying a CSS filter effect could have accessed out of bounds memory. This could have lead to a heap-buffer-overflow causing a potentially exploitable crash. This vulnerability affects Firefox ESR <... |
| CVE-2022-22739 | 2022-12-22 | Malicious websites could have tricked users into accepting launching a program to handle an external URL protocol. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird <... |
| CVE-2022-22740 | 2022-12-22 | Certain network request objects were freed too early when releasing a network request handle. This could have lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox... |
| CVE-2022-22741 | 2022-12-22 | When resizing a popup while requesting fullscreen access, the popup would have become unable to leave fullscreen mode. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird... |
| CVE-2022-22742 | 2022-12-22 | When inserting text while in edit mode, some characters might have lead to out-of-bounds memory access causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox <... |
| CVE-2022-22743 | 2022-12-22 | When navigating from inside an iframe while requesting fullscreen access, an attacker-controlled tab could have made the browser unable to leave fullscreen mode. This vulnerability affects Firefox ESR < 91.5,... |
| CVE-2022-22744 | 2022-12-22 | The constructed curl command from the "Copy as curl" feature in DevTools was not properly escaped for PowerShell. This could have lead to command injection if pasted into a Powershell... |
| CVE-2022-22745 | 2022-12-22 | Securitypolicyviolation events could have leaked cross-origin information for frame-ancestors violations. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. |
| CVE-2022-22746 | 2022-12-22 | A race condition could have allowed bypassing the fullscreen notification which could have lead to a fullscreen window spoof being unnoticed.<br>*This bug only affects Firefox for Windows. Other operating systems... |
| CVE-2022-22747 | 2022-12-22 | After accepting an untrusted certificate, handling an empty pkcs7 sequence as part of the certificate data could have lead to a crash. This crash is believed to be unexploitable. This... |
| CVE-2022-22748 | 2022-12-22 | Malicious websites could have confused Firefox into showing the wrong origin when asking to launch a program and handling an external URL protocol. This vulnerability affects Firefox ESR < 91.5,... |
| CVE-2022-22749 | 2022-12-22 | When scanning QR codes, Firefox for Android would have allowed navigation to some URLs that do not point to web content.<br>*This bug only affects Firefox for Android. Other operating systems... |
| CVE-2022-22750 | 2022-12-22 | By generally accepting and passing resource handles across processes, a compromised content process might have confused higher privileged processes to interact with handles that the unprivileged process should not have... |
| CVE-2022-22751 | 2022-12-22 | Mozilla developers Calixte Denizet, Kershaw Chang, Christian Holler, Jason Kratzer, Gabriele Svelto, Tyson Smith, Simon Giesecke, and Steve Fink reported memory safety bugs present in Firefox 95 and Firefox ESR... |
| CVE-2022-22752 | 2022-12-22 | Mozilla developers Christian Holler and Jason Kratzer reported memory safety bugs present in Firefox 95. Some of these bugs showed evidence of memory corruption and we presume that with enough... |
| CVE-2022-22753 | 2022-12-22 | A Time-of-Check Time-of-Use bug existed in the Maintenance (Updater) Service that could be abused to grant Users write access to an arbitrary directory. This could have been used to escalate... |
| CVE-2022-22754 | 2022-12-22 | If a user installed an extension of a particular type, the extension could have auto-updated itself and while doing so, bypass the prompt which grants the new version the new... |
| CVE-2022-22755 | 2022-12-22 | By using XSL Transforms, a malicious webserver could have served a user an XSL document that would continue to execute JavaScript (within the bounds of the same-origin policy) even after... |
| CVE-2022-22756 | 2022-12-22 | If a user was convinced to drag and drop an image to their desktop or other folder, the resulting object could have been changed into an executable script which would... |
| CVE-2022-22757 | 2022-12-22 | Remote Agent, used in WebDriver, did not validate the Host or Origin headers. This could have allowed websites to connect back locally to the user's browser to control it. <br>*This... |
| CVE-2022-22758 | 2022-12-22 | When clicking on a tel: link, USSD codes, specified after a <code>\*</code> character, would be included in the phone number. On certain phones, or on certain carriers, if the number... |
| CVE-2022-22759 | 2022-12-22 | If a document created a sandboxed iframe without <code>allow-scripts</code>, and subsequently appended an element to the iframe's document that e.g. had a JavaScript event handler - the event handler would... |
| CVE-2022-22760 | 2022-12-22 | When importing resources using Web Workers, error messages would distinguish the difference between <code>application/javascript</code> responses and non-script responses. This could have been abused to learn information cross-origin. This vulnerability affects... |
| CVE-2022-22761 | 2022-12-22 | Web-accessible extension pages (pages with a moz-extension:// scheme) were not correctly enforcing the frame-ancestors directive when it was used in the Web Extension's Content Security Policy. This vulnerability affects Firefox... |
| CVE-2022-22762 | 2022-12-22 | Under certain circumstances, a JavaScript alert (or prompt) could have been shown while another website was displayed underneath it. This could have been abused to trick the user. <br>*This bug... |
| CVE-2022-22763 | 2022-12-22 | When a worker is shutdown, it was possible to cause script to run late in the lifecycle, at a point after where it should not be possible. This vulnerability affects... |
| CVE-2022-22764 | 2022-12-22 | Mozilla developers Paul Adenot and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 96 and Firefox ESR 91.5. Some of these bugs showed evidence of memory corruption... |
| CVE-2022-2505 | 2022-12-22 | Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102. Some of these bugs showed evidence of memory corruption and we presume that with enough... |
| CVE-2022-26381 | 2022-12-22 | An attacker could have caused a use-after-free by forcing a text reflow in an SVG object leading to a potentially exploitable crash. This vulnerability affects Firefox < 98, Firefox ESR... |
| CVE-2022-26382 | 2022-12-22 | While the text displayed in Autofill tooltips cannot be directly read by JavaScript, the text was rendered using page fonts. Side-channel attacks on the text by using specially crafted fonts... |
| CVE-2022-26383 | 2022-12-22 | When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7. |
| CVE-2022-26384 | 2022-12-22 | If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript... |
| CVE-2022-26385 | 2022-12-22 | In unusual circumstances, an individual thread may outlive the thread's manager during shutdown. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox <... |
| CVE-2022-26386 | 2022-12-22 | Previously Firefox for macOS and Linux would download temporary files to a user-specific directory in <code>/tmp</code>, but this behavior was changed to download them to <code>/tmp</code> where they could be... |
| CVE-2022-26387 | 2022-12-22 | When installing an add-on, Firefox verified the signature before prompting the user; but while the user was confirming the prompt, the underlying add-on file could have been modified and Firefox... |
| CVE-2022-26485 | 2022-12-22 | Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox <... |
| CVE-2022-26486 | 2022-12-22 | An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the wild abusing this flaw. This... |
| CVE-2022-28281 | 2022-12-22 | If a compromised content process sent an unexpected number of WebAuthN Extensions in a Register command to the parent process, an out of bounds write would have occurred leading to... |
| CVE-2022-28282 | 2022-12-22 | By using a link with <code>rel="localization"</code> a use-after-free could have been triggered by destroying an object during JavaScript execution and then referencing the object through a freed pointer, leading to... |
| CVE-2022-28283 | 2022-12-22 | The sourceMapURL feature in devtools was missing security checks that would have allowed a webpage to attempt to include local files or other files that should have been inaccessible. This... |
| CVE-2022-28284 | 2022-12-22 | SVG's <code><use></code> element could have been used to load unexpected content that could have executed script in certain circumstances. While the specification seems to allow this, other browsers do not,... |
| CVE-2022-28285 | 2022-12-22 | When generating the assembly code for <code>MLoadTypedArrayElementHole</code>, an incorrect AliasSet was used. In conjunction with another vulnerability this could have been used for an out of bounds memory read. This... |
| CVE-2022-28286 | 2022-12-22 | Due to a layout change, iframe contents could have been rendered outside of its border. This could have led to user confusion or spoofing attacks. This vulnerability affects Thunderbird <... |
| CVE-2022-28287 | 2022-12-22 | In unusual circumstances, selecting text could cause text selection caching to behave incorrectly, leading to a crash. This vulnerability affects Firefox < 99. |
| CVE-2022-28288 | 2022-12-22 | Mozilla developers and community members Randell Jesup, Sebastian Hengst, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 98. Some of these bugs showed evidence of memory... |
| CVE-2022-28289 | 2022-12-22 | Mozilla developers and community members Nika Layzell, Andrew McCreight, Gabriele Svelto, and the Mozilla Fuzzing Team reported memory safety bugs present in Thunderbird 91.7. Some of these bugs showed evidence... |
| CVE-2022-29909 | 2022-12-22 | Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existing prompt and wrongfully inheriting the top-level permissions. This vulnerability affects Thunderbird <... |
| CVE-2022-29910 | 2022-12-22 | When closed or sent to the background, Firefox for Android would not properly record and persist HSTS settings.<br>*Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*.... |
| CVE-2022-29911 | 2022-12-22 | An improper implementation of the new iframe sandbox keyword <code>allow-top-navigation-by-user-activation</code> could lead to script execution without <code>allow-scripts</code> being present. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and... |
| CVE-2022-29912 | 2022-12-22 | Requests initiated through reader mode did not properly omit cookies with a SameSite attribute. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100. |
| CVE-2022-29913 | 2022-12-22 | The parent process would not properly check whether the Speech Synthesis feature is enabled, when receiving instructions from a child process. This vulnerability affects Thunderbird < 91.9. |
| CVE-2022-29914 | 2022-12-22 | When reusing existing popups Firefox would have allowed them to cover the fullscreen notification UI, which could have enabled browser spoofing attacks. This vulnerability affects Thunderbird < 91.9, Firefox ESR... |