Lista CVE - 2022 / Dicembre
Visualizzazione 1901 - 2000 di 2356 CVE per Dicembre 2022 (Pagina 20 di 24)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2022-23547 | 2022-12-23 | Heap buffer overflow in pjproject when decoding STUN message |
| CVE-2022-4698 | 2022-12-23 | The ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several form fields in versions up to, and including, 4.5.0 due to insufficient input sanitization and output escaping.... |
| CVE-2022-4697 | 2022-12-23 | The ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wp_user_cover_default_image_url’ parameter in versions up to, and including, 4.5.0 due to insufficient input sanitization and output escaping.... |
| CVE-2022-43381 | 2022-12-23 | IBM AIX denial of service |
| CVE-2022-43380 | 2022-12-23 | IBM AIX denial of service |
| CVE-2022-40233 | 2022-12-23 | IBM AIX denial of service |
| CVE-2022-39165 | 2022-12-23 | IBM AIX denial of service |
| CVE-2022-43848 | 2022-12-23 | IBM AIX denial of service |
| CVE-2022-43849 | 2022-12-23 | IBM AIX denial of service |
| CVE-2022-39164 | 2022-12-23 | IBM AIX denial of service |
| CVE-2022-41290 | 2022-12-23 | IBM AIX privilege escalation |
| CVE-2022-23854 | 2022-12-23 | AVEVA InTouch Access Anywhere versions 2020 R2 and older are vulnerable to a path traversal exploit that could allow an unauthenticated user with network access to read files on the... |
| CVE-2020-26302 | 2022-12-23 | is.js is a general-purpose check library. Versions 0.9.0 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). is.js uses a regex... |
| CVE-2022-22184 | 2022-12-23 | Junos OS and Junos OS Evolved: A BGP session will flap upon receipt of a specific, optional transitive attribute in version 22.3R1 |
| CVE-2022-25948 | 2022-12-23 | Information Exposure |
| CVE-2022-36354 | 2022-12-23 | A heap out-of-bounds read vulnerability exists in the RLA format parser of OpenImageIO master-branch-9aeece7a and v2.3.19.0. More specifically, in the way run-length encoded byte spans are handled. A malformed RLA... |
| CVE-2022-38143 | 2022-12-23 | A heap out-of-bounds write vulnerability exists in the way OpenImageIO v2.3.19.0 processes RLE encoded BMP images. A specially-crafted bmp file can write to arbitrary out of bounds memory, which can... |
| CVE-2022-41639 | 2022-12-23 | A heap based buffer overflow vulnerability exists in tile decoding code of TIFF image parser in OpenImageIO master-branch-9aeece7a and v2.3.19.0. A specially-crafted TIFF file can lead to an out of... |
| CVE-2022-41649 | 2022-12-23 | A heap out of bounds read vulnerability exists in the handling of IPTC data while parsing TIFF images in OpenImageIO v2.3.19.0. A specially-crafted TIFF file can cause a read of... |
| CVE-2022-41654 | 2022-12-23 | An authentication bypass vulnerability exists in the newsletter subscription functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted HTTP request can lead to increased privileges. An attacker can send an HTTP... |
| CVE-2022-41684 | 2022-12-23 | A heap out of bounds read vulnerability exists in the OpenImageIO master-branch-9aeece7a when parsing the image file directory part of a PSD image file. A specially-crafted .psd file can cause... |
| CVE-2022-41697 | 2022-12-23 | A user enumeration vulnerability exists in the login functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send... |
| CVE-2022-41794 | 2022-12-23 | A heap based buffer overflow vulnerability exists in the PSD thumbnail resource parsing code of OpenImageIO 2.3.19.0. A specially-crafted PSD file can lead to arbitrary code execution. An attacker can... |
| CVE-2022-41837 | 2022-12-23 | An out-of-bounds write vulnerability exists in the OpenImageIO::add_exif_item_to_spec functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Specially-crafted exif metadata can lead to stack-based memory corruption. An attacker can provide a malicious file... |
| CVE-2022-41838 | 2022-12-23 | A code execution vulnerability exists in the DDS scanline parsing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially-crafted .dds can lead to a heap buffer overflow. An attacker can provide... |
| CVE-2022-41977 | 2022-12-23 | An out of bounds read vulnerability exists in the way OpenImageIO version v2.3.19.0 processes string fields in TIFF image files. A specially-crafted TIFF file can lead to information disclosure. An... |
| CVE-2022-41981 | 2022-12-23 | A stack-based buffer overflow vulnerability exists in the TGA file format parser of OpenImageIO v2.3.19.0. A specially-crafted targa file can lead to out of bounds read and write on the... |
| CVE-2022-41988 | 2022-12-23 | An information disclosure vulnerability exists in the OpenImageIO::decode_iptc_iim() functionality of OpenImageIO Project OpenImageIO v2.3.19.0. A specially-crafted TIFF file can lead to a disclosure of sensitive information. An attacker can provide... |
| CVE-2022-41999 | 2022-12-23 | A denial of service vulnerability exists in the DDS native tile reading functionality of OpenImageIO Project OpenImageIO v2.3.19.0 and v2.4.4.2. A specially-crafted .dds can lead to denial of service. An... |
| CVE-2022-43592 | 2022-12-23 | An information disclosure vulnerability exists in the DPXOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to leaked heap data. An attacker can provide malicious... |
| CVE-2022-43593 | 2022-12-23 | A denial of service vulnerability exists in the DPXOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to null pointer dereference. An attacker can provide... |
| CVE-2022-43594 | 2022-12-23 | Multiple denial of service vulnerabilities exist in the image output closing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Specially crafted ImageOutput Objects can lead to multiple null pointer dereferences. An attacker... |
| CVE-2022-43595 | 2022-12-23 | Multiple denial of service vulnerabilities exist in the image output closing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Specially crafted ImageOutput Objects can lead to multiple null pointer dereferences. An attacker... |
| CVE-2022-43596 | 2022-12-23 | An information disclosure vulnerability exists in the IFFOutput channel interleaving functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to leaked heap data. An attacker can... |
| CVE-2022-43597 | 2022-12-23 | Multiple memory corruption vulnerabilities exist in the IFFOutput alignment padding functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to arbitrary code execution. An attacker can... |
| CVE-2022-43598 | 2022-12-23 | Multiple memory corruption vulnerabilities exist in the IFFOutput alignment padding functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to arbitrary code execution. An attacker can... |
| CVE-2022-43599 | 2022-12-23 | Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap buffer overflow. An attacker can provide... |
| CVE-2022-43600 | 2022-12-23 | Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap buffer overflow. An attacker can provide... |
| CVE-2022-43601 | 2022-12-23 | Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap buffer overflow. An attacker can provide... |
| CVE-2022-43602 | 2022-12-23 | Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap buffer overflow. An attacker can provide... |
| CVE-2022-43603 | 2022-12-23 | A denial of service vulnerability exists in the ZfileOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to denial of service. An attacker can provide... |
| CVE-2022-44510 | 2022-12-23 | AEM Reflected XSS Arbitrary code execution |
| CVE-2022-46175 | 2022-12-24 | JSON5 is an extension to the popular JSON file format that aims to be easier to write and maintain by hand (e.g. for config files). The `parse` method of the... |
| CVE-2022-4725 | 2022-12-24 | AWS SDK XML Parser XpathUtils.java XpathUtils server-side request forgery |
| CVE-2020-36626 | 2022-12-24 | Modern Tribe Panel Builder Plugin SearchFilter.php add_post_content_filtered_to_search_sql sql injection |
| CVE-2022-4726 | 2022-12-24 | SourceCodester Sanitization Management System Admin Login sql injection |
| CVE-2022-4727 | 2022-12-24 | OpenMRS Appointment Scheduling Module Notes AppointmentRequest.java getNotes cross site scripting |
| CVE-2022-4728 | 2022-12-24 | Graphite Web Cookie cross site scripting |
| CVE-2022-4729 | 2022-12-24 | Graphite Web Template Name cross site scripting |
| CVE-2022-4730 | 2022-12-24 | Graphite Web Absolute Time Range cross site scripting |
| CVE-2022-4732 | 2022-12-24 | Unrestricted Upload of File with Dangerous Type in microweber/microweber |
| CVE-2022-4733 | 2022-12-24 | Cross-site Scripting (XSS) - Stored in openemr/openemr |
| CVE-2022-47932 | 2022-12-24 | Brave Browser before 1.43.34 allowed a remote attacker to cause a denial of service via a crafted HTML file that mentions an ipfs:// or ipns:// URL. This vulnerability is caused... |
| CVE-2022-47933 | 2022-12-24 | Brave Browser before 1.42.51 allowed a remote attacker to cause a denial of service via a crafted HTML file that references the IPFS scheme. This vulnerability is caused by an... |
| CVE-2022-47934 | 2022-12-24 | Brave Browser before 1.43.88 allowed a remote attacker to cause a denial of service in private and guest windows via a crafted HTML file that mentions an ipfs:// or ipns://... |
| CVE-2022-47949 | 2022-12-24 | The Nintendo NetworkBuffer class, as used in Animal Crossing: New Horizons before 2.0.6 and other products, allows remote attackers to execute arbitrary code via a large UDP packet that causes... |
| CVE-2021-4276 | 2022-12-25 | ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in dns-stats hedgehog. It has been rated as problematic. Affected by this issue is the function DSCIOManager::dsc_import_input_from_source of the file src/DSCIOManager.cpp.... |
| CVE-2022-37706 | 2022-12-25 | enlightenment_sys in Enlightenment before 0.25.4 allows local users to gain privileges because it is setuid root, and the system library function mishandles pathnames that begin with a /dev/.. substring. |
| CVE-2022-40005 | 2022-12-25 | Intelbras WiFiber 120AC inMesh before 1-1-220826 allows command injection by authenticated users, as demonstrated by the /boaform/formPing6 and /boaform/formTracert URIs for ping and traceroute. |
| CVE-2022-41317 | 2022-12-25 | An issue was discovered in Squid 4.9 through 4.17 and 5.0.6 through 5.6. Due to inconsistent handling of internal URIs, there can be Exposure of Sensitive Information about clients using... |
| CVE-2022-41318 | 2022-12-25 | A buffer over-read was discovered in libntlmauth in Squid 2.5 through 5.6. Due to incorrect integer-overflow protection, the SSPI and SMB authentication helpers are vulnerable to reading unintended memory locations.... |
| CVE-2022-42898 | 2022-12-25 | PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS... |
| CVE-2022-42953 | 2022-12-25 | Certain ZKTeco products (ZEM500-510-560-760, ZEM600-800, ZEM720, ZMM) allow access to sensitive information via direct requests for the form/DataApp?style=1 and form/DataApp?style=0 URLs. The affected versions may be before 8.88 (ZEM500-510-560-760, ZEM600-800,... |
| CVE-2022-44012 | 2022-12-25 | An issue was discovered in /DS/LM_API/api/SelectionService/InsertQueryWithActiveRelationsReturnId in Simmeth Lieferantenmanager before 5.6. An attacker can execute JavaScript code in the browser of the victim if a site is loaded. The victim's... |
| CVE-2022-44013 | 2022-12-25 | An issue was discovered in Simmeth Lieferantenmanager before 5.6. An attacker can make various API calls without authentication because the password in a Credential Object is not checked. |
| CVE-2022-44014 | 2022-12-25 | An issue was discovered in Simmeth Lieferantenmanager before 5.6. In the design of the API, a user is inherently able to fetch arbitrary SQL tables. This leaks all user passwords... |
| CVE-2022-44015 | 2022-12-25 | An issue was discovered in Simmeth Lieferantenmanager before 5.6. An attacker can inject raw SQL queries. By activating MSSQL features, the attacker is able to execute arbitrary commands on the... |
| CVE-2022-44016 | 2022-12-25 | An issue was discovered in Simmeth Lieferantenmanager before 5.6. An attacker can download arbitrary files from the web server by abusing an API call: /DS/LM_API/api/ConfigurationService/GetImages with an '"ImagesPath":"C:\\"' value. |
| CVE-2022-44017 | 2022-12-25 | An issue was discovered in Simmeth Lieferantenmanager before 5.6. Due to errors in session management, an attacker can log back into a victim's account after the victim logged out -... |
| CVE-2022-44380 | 2022-12-25 | Snipe-IT before 6.0.14 is vulnerable to Cross Site Scripting (XSS) for View Assigned Assets. |
| CVE-2022-44381 | 2022-12-25 | Snipe-IT through 6.0.14 allows attackers to check whether a user account exists because of response variations in a /password/reset request. |
| CVE-2022-44640 | 2022-12-25 | Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Center (KDC). |
| CVE-2022-45197 | 2022-12-25 | Slixmpp before 1.8.3 lacks SSL Certificate hostname validation in XMLStream, allowing an attacker to pose as any server in the eyes of Slixmpp. |
| CVE-2022-45889 | 2022-12-25 | Planet eStream before 6.72.10.07 allows a remote attacker (who is a publisher or admin) to obtain access to all records stored in the database, and achieve the ability to execute... |
| CVE-2022-45890 | 2022-12-25 | In Planet eStream before 6.72.10.07, a Reflected Cross-Site Scripting (XSS) vulnerability exists via any metadata filter field (e.g., search within Default.aspx with the r or fo parameter). |
| CVE-2022-45891 | 2022-12-25 | Planet eStream before 6.72.10.07 allows attackers to call restricted functions, and perform unauthenticated uploads (Upload2.ashx) or access content uploaded by other users (View.aspx after Ajax.asmx/SaveGrantAccessList). |
| CVE-2022-45892 | 2022-12-25 | In Planet eStream before 6.72.10.07, multiple Stored Cross-Site Scripting (XSS) vulnerabilities exist: Disclaimer, Search Function, Comments, Batch editing tool, Content Creation, Related Media, Create new user, and Change Username. |
| CVE-2022-45893 | 2022-12-25 | Planet eStream before 6.72.10.07 allows a low-privileged user to gain access to administrative and high-privileged user accounts by changing the value of the ON cookie. A brute-force attack can calculate... |
| CVE-2022-45894 | 2022-12-25 | GetFile.aspx in Planet eStream before 6.72.10.07 allows ..\ directory traversal to read arbitrary local files. |
| CVE-2022-45895 | 2022-12-25 | Planet eStream before 6.72.10.07 discloses sensitive information, related to the ON cookie (findable in HTML source code for Default.aspx in some situations) and the WhoAmI endpoint (e.g., path disclosure). |
| CVE-2022-45896 | 2022-12-25 | Planet eStream before 6.72.10.07 allows unauthenticated upload of arbitrary files: Choose a Video / Related Media or Upload Document. Upload2.ashx can be used, or Ajax.asmx/ProcessUpload2. This leads to remote code... |
| CVE-2022-4734 | 2022-12-25 | Improper Removal of Sensitive Information Before Storage or Transfer in usememos/memos |
| CVE-2020-36627 | 2022-12-25 | Macaron i18n i18n.go redirect |
| CVE-2020-36628 | 2022-12-25 | Calsign APDE ZIP File CopyBuildTask.java handleExtract path traversal |
| CVE-2020-36629 | 2022-12-25 | SimbCo httpster server.coffee fs.realpathSync path traversal |
| CVE-2021-4277 | 2022-12-25 | fredsmith utils Filename screenshot_sync predictable state |
| CVE-2022-4731 | 2022-12-25 | myapnea Title cross site scripting |
| CVE-2021-4278 | 2022-12-25 | cronvel tree-kit prototype pollution |
| CVE-2022-4735 | 2022-12-25 | asrashley dash-live DOM Node media.js ready cross site scripting |
| CVE-2019-25084 | 2022-12-25 | Hide Files on GitHub options.js addEventListener cross site scripting |
| CVE-2022-4736 | 2022-12-25 | Venganzas del Pasado cross site scripting |
| CVE-2020-36630 | 2022-12-25 | FreePBX cdr Cdr.class.php ajaxHandler sql injection |
| CVE-2020-36631 | 2022-12-25 | barronwaffles dwc_network_server_emulator gs_database.py update_profile sql injection |
| CVE-2022-4737 | 2022-12-25 | SourceCodester Blood Bank Management System login.php sql injection |
| CVE-2022-4738 | 2022-12-25 | SourceCodester Blood Bank Management System User Registration cross site scripting |
| CVE-2022-4739 | 2022-12-25 | SourceCodester School Dormitory Management System Admin Login sql injection |
| CVE-2022-4740 | 2022-12-25 | kkFileView picturesPreview setWatermarkAttribute cross site scripting |
| CVE-2020-36632 | 2022-12-25 | hughsk flat index.js unflatten prototype pollution |
| CVE-2021-4279 | 2022-12-25 | Starcounter-Jack JSON-Patch prototype pollution |
| CVE-2022-4741 | 2022-12-25 | docconv XMLToText memory allocation |