Lista CVE - 2022 / Dicembre
Visualizzazione 201 - 300 di 2356 CVE per Dicembre 2022 (Pagina 3 di 24)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2022-41807 | 2022-12-05 | Missing authorization vulnerability exists in Kyocera Document Solutions MFPs and printers, which may allow a network-adjacent attacker to alter the product settings without authentication by sending a specially crafted request.... |
| CVE-2022-41830 | 2022-12-05 | Stored cross-site scripting vulnerability in Kyocera Document Solutions MFPs and printers allows a remote authenticated attacker with an administrative privilege to inject arbitrary script. Affected products/versions are as follows: TASKalfa... |
| CVE-2022-42496 | 2022-12-05 | OS command injection vulnerability in Nako3edit, editor component of nadesiko3 (PC Version) v3.3.74 and earlier allows a remote attacker to obtain appkey of the product and execute an arbitrary OS... |
| CVE-2022-4269 | 2022-12-05 | A flaw was found in the Linux kernel Traffic Control (TC) subsystem. Using a specific networking configuration (redirecting egress packets to ingress using TC action "mirred") a local unprivileged user... |
| CVE-2022-42705 | 2022-12-05 | A use-after-free in res_pjsip_pubsub.c in Sangoma Asterisk 16.28, 18.14, 19.6, and certified/18.9-cert2 may allow a remote authenticated attacker to crash Asterisk (denial of service) by performing activity on a subscription... |
| CVE-2022-42706 | 2022-12-05 | An issue was discovered in Sangoma Asterisk through 16.28, 17 and 18 through 18.14, 19 through 19.6, and certified through 18.9-cert1. GetConfig, via Asterisk Manager Interface, allows a connected application... |
| CVE-2022-4281 | 2022-12-05 | Facepay camera.php authorization |
| CVE-2022-4282 | 2022-12-05 | SpringBootCMS Template Management injection |
| CVE-2022-4292 | 2022-12-05 | Use After Free in vim/vim |
| CVE-2022-4293 | 2022-12-05 | Floating Point Comparison with Incorrect Operator in vim/vim |
| CVE-2022-43097 | 2022-12-05 | Phpgurukul User Registration & User Management System v3.0 was discovered to contain multiple stored cross-site scripting (XSS) vulnerabilities via the firstname and lastname parameters of the registration form & login... |
| CVE-2022-43442 | 2022-12-05 | Plaintext storage of a password vulnerability exists in +F FS040U software versions v2.3.4 and earlier, which may allow an attacker to obtain the login password of +F FS040U and log... |
| CVE-2022-43470 | 2022-12-05 | Cross-site request forgery (CSRF) vulnerability in +F FS040U software versions v2.3.4 and earlier, +F FS020W software versions v4.0.0 and earlier, +F FS030W software versions v3.3.5 and earlier, and +F FS040W... |
| CVE-2022-43479 | 2022-12-05 | Open redirect vulnerability in SHIRASAGI v1.14.4 to v1.15.0 allows a remote unauthenticated attacker to redirect users to an arbitrary web site and conduct a phishing attack. |
| CVE-2022-43484 | 2022-12-05 | TERASOLUNA Global Framework 1.0.0 (Public review version) and TERASOLUNA Server Framework for Java (Rich) 2.0.0.2 to 2.0.5.1 are vulnerable to a ClassLoader manipulation vulnerability due to using the old version... |
| CVE-2022-43487 | 2022-12-05 | Cross-site scripting vulnerability in Salon booking system versions prior to 7.9 allows a remote unauthenticated attacker to inject an arbitrary script. |
| CVE-2022-43497 | 2022-12-05 | Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to inject an arbitrary script. The developer also provides new patched releases for all versions since... |
| CVE-2022-43499 | 2022-12-05 | Stored cross-site scripting vulnerability in SHIRASAGI versions prior to v1.16.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script. |
| CVE-2022-43500 | 2022-12-05 | Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to inject an arbitrary script. The developer also provides new patched releases for all versions since... |
| CVE-2022-43504 | 2022-12-05 | Improper authentication vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to obtain the email address of the user who posted a blog using the WordPress Post... |
| CVE-2022-43548 | 2022-12-05 | A OS Command Injection vulnerability exists in Node.js versions <14.21.1, <16.18.1, <18.12.1, <19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check... |
| CVE-2022-43549 | 2022-12-05 | Improper authentication in Veeam Backup for Google Cloud v1.0 and v3.0 allows attackers to bypass authentication mechanisms. |
| CVE-2022-43553 | 2022-12-05 | A remote code execution vulnerability in EdgeRouters (Version 2.0.9-hotfix.4 and earlier) allows a malicious actor with an operator account to run arbitrary administrator commands.This vulnerability is fixed in Version 2.0.9-hotfix.5... |
| CVE-2022-43556 | 2022-12-05 | Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to XSS in the text input field since the result dashboard page output is not sanitized. The... |
| CVE-2022-43557 | 2022-12-05 | BD BodyGuard™ Pumps – RS-232 Interface Vulnerability |
| CVE-2022-43706 | 2022-12-05 | Cross-site scripting (XSS) vulnerability in the Web UI of StackStorm versions prior to 3.8.0 allowed logged in users with write access to pack rules to inject arbitrary script or HTML... |
| CVE-2022-44009 | 2022-12-05 | Improper access control in Key-Value RBAC in StackStorm version 3.7.0 didn't check the permissions in Jinja filters, allowing attackers to access K/V pairs of other users, potentially leading to the... |
| CVE-2022-44039 | 2022-12-05 | Franklin Fueling System FFS Colibri 1.9.22.8925 is affected by: File system overwrite. The impact is: File system rewrite (remote). ¶¶ An attacker can overwrite system files like [system.conf] and [passwd],... |
| CVE-2022-45019 | 2022-12-05 | SLiMS 9 Bulian v9.5.0 was discovered to contain a SQL injection vulnerability via the keywords parameter. |
| CVE-2022-45020 | 2022-12-05 | Rukovoditel v3.2.1 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability in the component /rukovoditel/index.php?module=users/login. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted... |
| CVE-2022-45283 | 2022-12-05 | GPAC MP4box v2.0.0 was discovered to contain a stack overflow in the smil_parse_time_list parameter at /scenegraph/svg_attributes.c. |
| CVE-2022-45313 | 2022-12-05 | Mikrotik RouterOs before stable v7.5 was discovered to contain an out-of-bounds read in the hotspot process. This vulnerability allows attackers to execute arbitrary code via a crafted nova message. |
| CVE-2022-45315 | 2022-12-05 | Mikrotik RouterOs before stable v7.6 was discovered to contain an out-of-bounds read in the snmp process. This vulnerability allows attackers to execute arbitrary code via a crafted packet. |
| CVE-2022-45477 | 2022-12-05 | Telepad allows remote unauthenticated users to send instructions to the server to execute arbitrary code without any previous authorization or authentication. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| CVE-2022-45478 | 2022-12-05 | Telepad allows an attacker (in a man-in-the-middle position between the server and a connected device) to see all data (including keypresses) in cleartext. CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
| CVE-2022-45479 | 2022-12-05 | PC Keyboard allows remote unauthenticated users to send instructions to the server to execute arbitrary code without any previous authorization or authentication. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| CVE-2022-45481 | 2022-12-05 | The default configuration of Lazy Mouse does not require a password, allowing remote unauthenticated users to execute arbitrary code with no prior authorization or authentication. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| CVE-2022-45769 | 2022-12-05 | A cross-site scripting (XSS) vulnerability in ClicShopping_V3 v3.402 allows attackers to execute arbitrary web scripts or HTML via a crafted URL parameter. |
| CVE-2022-45771 | 2022-12-05 | An issue in the /api/audits component of Pwndoc v0.5.3 allows attackers to escalate privileges and execute arbitrary code via uploading a crafted audit file. |
| CVE-2022-45912 | 2022-12-05 | An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. Remote code execution can occur through ClientUploader by an authenticated admin user. An authenticated admin user can upload files... |
| CVE-2022-45990 | 2022-12-05 | A cross-site scripting (XSS) vulnerability in the component /signup_script.php of Ecommerce-Website v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the eMail parameter. |
| CVE-2022-45822 | 2022-12-05 | WordPress Advanced Booking Calendar Plugin <= 1.7.1 is vulnerable to SQL Injection |
| CVE-2022-45824 | 2022-12-05 | WordPress Advanced Booking Calendar Plugin <= 1.7.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-3856 | 2022-12-05 | Comic Book Management System < 2.2.0 - Admin+ SQLi |
| CVE-2022-3694 | 2022-12-05 | Syncee - Global Dropshipping < 1.0.10 - Authentication Token Disclosure |
| CVE-2022-3909 | 2022-12-05 | Add Comments <= 1.0.1 - Admin+ Stored XSS |
| CVE-2022-3677 | 2022-12-05 | Advanced Import < 1.3.8 - Arbitrary Plugin Installation & Activation via CSRF |
| CVE-2022-3837 | 2022-12-05 | Uji Countdown < 2.3.1 - Admin+ Stored XSS |
| CVE-2022-3892 | 2022-12-05 | WP OAuth Server < 4.2.2 - Admin+ Stored XSS |
| CVE-2022-3830 | 2022-12-05 | WP Page Builder <= 1.2.8 - Admin+ Stored Cross-Site |
| CVE-2022-3426 | 2022-12-05 | Advanced WP Columns <= 2.0.6 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-3926 | 2022-12-05 | WP OAuth Server < 3.4.2 - Client Secret Regeneration via CSRF |
| CVE-2022-3249 | 2022-12-05 | WP CSV Exporter < 1.3.7 - Admin+ SQLi |
| CVE-2022-1540 | 2022-12-05 | PostmagThemes Demo <= 1.0.7 - Admin+ Arbitrary File Upload |
| CVE-2022-3838 | 2022-12-05 | WPUpper Share Buttons <= 3.42 - Admin+ Stored XSS |
| CVE-2022-3907 | 2022-12-05 | Clerk < 4.0.0 - Authentication Bypass and API Keys Disclosure |
| CVE-2022-3858 | 2022-12-05 | Chaty < 3.0.3 - Admin+ SQLi |
| CVE-2022-3846 | 2022-12-05 | Workreap - Freelance Marketplace and Directory < 2.6.3 - Subscriber+ Private Message Disclosure via IDOR |
| CVE-2022-23467 | 2022-12-05 | Out of Bounds Read in OpenRazer Driver |
| CVE-2022-46169 | 2022-12-05 | Unauthenticated Command Injection |
| CVE-2022-46164 | 2022-12-05 | Account takeover via prototype vulnerability |
| CVE-2022-40242 | 2022-12-05 | MegaRAC Default Credentials Vulnerability |
| CVE-2022-40259 | 2022-12-05 | MegaRAC Default Credentials Vulnerability |
| CVE-2022-2827 | 2022-12-05 | AMI MegaRAC User Enumeration Vulnerability |
| CVE-2022-4173 | 2022-12-05 | Avast and AVG Antivirus for Windows vulnerable to Privilege Escalation |
| CVE-2022-43363 | 2022-12-06 | Telegram Web 15.3.1 allows XSS via a certain payload derived from a Target Corporation website. NOTE: some third parties have been unable to discern any relationship between the Pastebin information... |
| CVE-2020-6627 | 2022-12-06 | The web-management application on Seagate Central NAS STCG2000300, STCG3000300, and STCG4000300 devices allows OS command injection via mv_backend_launch in cirrus/application/helpers/mv_backend_helper.php by leveraging the "start" state and sending a check_device_name request. |
| CVE-2022-39090 | 2022-12-06 | In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. |
| CVE-2022-39091 | 2022-12-06 | In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. |
| CVE-2022-39092 | 2022-12-06 | In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. |
| CVE-2022-39093 | 2022-12-06 | In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. |
| CVE-2022-39094 | 2022-12-06 | In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. |
| CVE-2022-39095 | 2022-12-06 | In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. |
| CVE-2022-39096 | 2022-12-06 | In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. |
| CVE-2022-39097 | 2022-12-06 | In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. |
| CVE-2022-39098 | 2022-12-06 | In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. |
| CVE-2022-39099 | 2022-12-06 | In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. |
| CVE-2022-39100 | 2022-12-06 | In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. |
| CVE-2022-39101 | 2022-12-06 | In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. |
| CVE-2022-39102 | 2022-12-06 | In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. |
| CVE-2022-39106 | 2022-12-06 | In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel. |
| CVE-2022-39129 | 2022-12-06 | In face detect driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel. |
| CVE-2022-39130 | 2022-12-06 | In face detect driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel. |
| CVE-2022-39131 | 2022-12-06 | In camera driver, there is a possible memory corruption due to improper locking. This could lead to local denial of service in kernel. |
| CVE-2022-39132 | 2022-12-06 | In camera driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel. |
| CVE-2022-39133 | 2022-12-06 | In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. |
| CVE-2022-39134 | 2022-12-06 | In audio driver, there is a use after free due to a race condition. This could lead to local denial of service in kernel. |
| CVE-2022-40603 | 2022-12-06 | A cross-site scripting (XSS) vulnerability in the CGI program of Zyxel ZyWALL/USG series firmware versions 4.30 through 4.72, VPN series firmware versions 4.30 through 5.31, USG FLEX series firmware versions... |
| CVE-2022-41325 | 2022-12-06 | An integer overflow in the VNC module in VideoLAN VLC Media Player through 3.0.17.4 allows attackers, by tricking a user into opening a crafted playlist or connecting to a rogue... |
| CVE-2022-4147 | 2022-12-06 | Quarkus CORS filter allows simple GET and POST requests with invalid Origin to proceed. Simple GET or POST requests made with XMLHttpRequest are the ones which have no event listeners... |
| CVE-2022-41902 | 2022-12-06 | Out of bounds write in grappler in Tensorflow |
| CVE-2022-41910 | 2022-12-06 | Heap out of bounds read in `QuantizeAndDequantizeV2` in Tensorflow |
| CVE-2022-42754 | 2022-12-06 | In npu driver, there is a memory corruption due to a use after free. This could lead to local denial of service in kernel. |
| CVE-2022-42755 | 2022-12-06 | In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. |
| CVE-2022-42756 | 2022-12-06 | In sensor driver, there is a possible buffer overflow due to a missing bounds check. This could lead to local denial of service in kernel. |
| CVE-2022-42757 | 2022-12-06 | In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. |
| CVE-2022-42758 | 2022-12-06 | In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. |
| CVE-2022-42759 | 2022-12-06 | In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. |
| CVE-2022-42760 | 2022-12-06 | In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. |
| CVE-2022-42761 | 2022-12-06 | In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. |