Lista CVE - 2022 / Dicembre
Visualizzazione 801 - 900 di 2356 CVE per Dicembre 2022 (Pagina 9 di 24)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2022-41285 | 2022-12-13 | A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions... |
| CVE-2022-41286 | 2022-12-13 | A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions... |
| CVE-2022-41288 | 2022-12-13 | A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions... |
| CVE-2022-41915 | 2022-12-13 | Netty project is an event-driven asynchronous network application framework. Starting in version 4.1.83.Final and prior to 4.1.86.Final, when calling `DefaultHttpHeadesr.set` with an _iterator_ of values, header value validation was not... |
| CVE-2022-42139 | 2022-12-13 | Delta Electronics DVW-W02W2-E2 1.5.0.10 is vulnerable to Command Injection via Crafted URL. |
| CVE-2022-42140 | 2022-12-13 | Delta Electronics DX-2100-L1-CN 2.42 is vulnerable to Command Injection via lform/net_diagnose. |
| CVE-2022-42141 | 2022-12-13 | Delta Electronics DX-2100-L1-CN 2.42 is vulnerable to Cross Site Scripting (XSS) via lform/urlfilter. |
| CVE-2022-4223 | 2022-12-13 | The pgAdmin server includes an HTTP API that is intended to be used to validate the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. The... |
| CVE-2022-43517 | 2022-12-13 | A vulnerability has been identified in Simcenter STAR-CCM+ (All versions < V2306). The affected application improperly assigns file permissions to installation folders. This could allow a local attacker with an... |
| CVE-2022-43722 | 2022-12-13 | A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0). Affected software does not properly secure a folder containing library files. This could allow an attacker to place... |
| CVE-2022-43723 | 2022-12-13 | A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0), SICAM PAS/PQS (All versions >= 7.0 < V8.06). Affected software does not properly validate the input for a... |
| CVE-2022-43724 | 2022-12-13 | A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0). Affected software transmits the database credentials for the inbuilt SQL server in cleartext. In combination with the by... |
| CVE-2022-43996 | 2022-12-13 | The csaf_provider package before 0.8.2 allows XSS via a crafted CSAF document uploaded as text/html. The endpoint upload allows valid CSAF advisories (JSON format) to be uploaded with Content-Type text/html... |
| CVE-2022-44303 | 2022-12-13 | Resque Scheduler version 1.27.4 is vulnerable to Cross-site scripting (XSS). A remote attacker could inject javascript code to the "{schedule_job}" or "args" parameter in /resque/delayed/jobs/{schedule_job}?args={args_id} to execute javascript at client... |
| CVE-2022-4444 | 2022-12-13 | ipti br.tag cross site scripting |
| CVE-2022-4446 | 2022-12-13 | PHP Remote File Inclusion in tsolucio/corebos |
| CVE-2022-4454 | 2022-12-13 | m0ver bible-online Search search.java query sql injection |
| CVE-2022-4455 | 2022-12-13 | sproctor php-calendar index.php cross site scripting |
| CVE-2022-4456 | 2022-12-13 | falling-fruit cross site scripting |
| CVE-2022-44575 | 2022-12-13 | A vulnerability has been identified in PLM Help Server V4.2 (All versions). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow... |
| CVE-2022-44636 | 2022-12-13 | The Samsung TV (2021 and 2022 model) smart remote control allows attackers to enable microphone access via Bluetooth spoofing when a user is activating remote control by pressing a button.... |
| CVE-2022-44666 | 2022-12-13 | Windows Contacts Remote Code Execution Vulnerability |
| CVE-2022-44689 | 2022-12-13 | Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability |
| CVE-2022-44691 | 2022-12-13 | Microsoft Office OneNote Remote Code Execution Vulnerability |
| CVE-2022-44696 | 2022-12-13 | Microsoft Office Visio Remote Code Execution Vulnerability |
| CVE-2022-44698 | 2022-12-13 | Windows SmartScreen Security Feature Bypass Vulnerability |
| CVE-2022-44704 | 2022-12-13 | Microsoft Windows System Monitor (Sysmon) Elevation of Privilege Vulnerability |
| CVE-2022-44731 | 2022-12-13 | A vulnerability has been identified in SIMATIC WinCC OA V3.15 (All versions < V3.15 P038), SIMATIC WinCC OA V3.16 (All versions < V3.16 P035), SIMATIC WinCC OA V3.17 (All versions... |
| CVE-2022-44874 | 2022-12-13 | wasm3 commit 7890a2097569fde845881e0b352d813573e371f9 was discovered to contain a segmentation fault via the component op_CallIndirect at /m3_exec.h. |
| CVE-2022-45005 | 2022-12-13 | IP-COM EW9 V15.11.0.14(9732) was discovered to contain a command injection vulnerability in the cmd_get_ping_output function. |
| CVE-2022-45028 | 2022-12-13 | A cross-site scripting (XSS) vulnerability in Arris NVG443B 9.3.0h3d36 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request sent to /cgi-bin/logs.ha. |
| CVE-2022-45484 | 2022-12-13 | A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.9), Teamcenter Visualization V13.3 (All versions... |
| CVE-2022-45685 | 2022-12-13 | A stack overflow in Jettison before v1.5.2 allows attackers to cause a Denial of Service (DoS) via crafted JSON data. |
| CVE-2022-45688 | 2022-12-13 | A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data. |
| CVE-2022-45689 | 2022-12-13 | hutool-json v5.8.10 was discovered to contain an out of memory error. |
| CVE-2022-45690 | 2022-12-13 | A stack overflow in the org.json.JSONTokener.nextValue::JSONTokener.java component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data. |
| CVE-2022-45693 | 2022-12-13 | Jettison before v1.5.2 was discovered to contain a stack overflow via the map parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string. |
| CVE-2022-45871 | 2022-12-13 | Denial-of-Service (DoS) Vulnerability |
| CVE-2022-45936 | 2022-12-13 | A vulnerability has been identified in Mendix Email Connector (All versions < V2.0.0). Affected versions of the module improperly handle access control for some module entities. This could allow authenticated... |
| CVE-2022-45937 | 2022-12-13 | A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions <... |
| CVE-2022-46047 | 2022-12-13 | AeroCMS v0.0.1 is vulnerable to SQL Injection via the delete parameter. |
| CVE-2022-46051 | 2022-12-13 | The approve parameter from the AeroCMS-v0.0.1 CMS system is vulnerable to SQL injection attacks. |
| CVE-2022-46058 | 2022-12-13 | AeroCMS v0.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability via add_post.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into... |
| CVE-2022-46059 | 2022-12-13 | AeroCMS v0.0.1 is vulnerable to Cross Site Request Forgery (CSRF). |
| CVE-2022-46061 | 2022-12-13 | AeroCMS v0.0.1 is vulnerable to ClickJacking. |
| CVE-2022-46062 | 2022-12-13 | Gym Management System v0.0.1 is vulnerable to Cross Site Request Forgery (CSRF). |
| CVE-2022-46140 | 2022-12-13 | Affected devices use a weak encryption scheme to encrypt the debug zip file. This could allow an authenticated attacker to decrypt the contents of the file and retrieve debug information... |
| CVE-2022-46142 | 2022-12-13 | Affected devices store the CLI user passwords encrypted in flash memory. Attackers with physical access to the device could retrieve the file and decrypt the CLI user passwords. |
| CVE-2022-46144 | 2022-12-13 | A vulnerability has been identified in SCALANCE SC622-2C (6GK5622-2GS00-2AC2) (All versions < V2.3), SCALANCE SC622-2C (6GK5622-2GS00-2AC2) (All versions >= V2.3 < V3.0), SCALANCE SC626-2C (6GK5626-2GS00-2AC2) (All versions < V2.3), SCALANCE... |
| CVE-2022-46265 | 2022-12-13 | A vulnerability has been identified in Polarion ALM (All versions < V2304.0). The affected application contains a Host header injection vulnerability that could allow an attacker to spoof a Host... |
| CVE-2022-46347 | 2022-12-13 | A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.264), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.170),... |
| CVE-2022-46348 | 2022-12-13 | A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.264), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.170),... |
| CVE-2022-46349 | 2022-12-13 | A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.264), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.170),... |
| CVE-2022-46350 | 2022-12-13 | A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA... |
| CVE-2022-46351 | 2022-12-13 | A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA... |
| CVE-2022-46352 | 2022-12-13 | A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA... |
| CVE-2022-46353 | 2022-12-13 | A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA... |
| CVE-2022-46354 | 2022-12-13 | A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA... |
| CVE-2022-46355 | 2022-12-13 | A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA... |
| CVE-2022-46381 | 2022-12-13 | Certain Linear eMerge E3-Series devices are vulnerable to XSS via the type parameter (e.g., to the badging/badge_template_v0.php component). This affects 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e. |
| CVE-2022-46404 | 2022-12-13 | A command injection vulnerability has been identified in Atos Unify OpenScape 4000 Assistant and Unify OpenScape 4000 Manager (8 before R2.22.18, 10 before 0.28.13, and 10 R1 before R1.34.4) that... |
| CVE-2022-46664 | 2022-12-13 | A vulnerability has been identified in Mendix Workflow Commons (All versions < V2.4.0), Mendix Workflow Commons V2.1 (All versions < V2.1.4), Mendix Workflow Commons V2.3 (All versions < V2.3.2). Affected... |
| CVE-2022-46832 | 2022-12-13 | Use of a Broken or Risky Cryptographic Algorithm in SICK RFU62x firmware version < 2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak... |
| CVE-2022-46833 | 2022-12-13 | Use of a Broken or Risky Cryptographic Algorithm in SICK RFU63x firmware version < v2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak... |
| CVE-2022-46834 | 2022-12-13 | Use of a Broken or Risky Cryptographic Algorithm in SICK RFU65x firmware version < v2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak... |
| CVE-2022-41264 | 2022-12-13 | Due to the unrestricted scope of the RFC function module, SAP BASIS - versions 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, 791, allows an authenticated... |
| CVE-2022-41266 | 2022-12-13 | Due to a lack of proper input validation, SAP Commerce Webservices 2.0 (Swagger UI) - versions 1905, 2005, 2105, 2011, 2205, allows malicious inputs from untrusted sources, which can be... |
| CVE-2022-41267 | 2022-12-13 | SAP Business Objects Platform - versions 420, and 430, allows an attacker with normal BI user privileges to upload/replace any file on Business Objects server at the operating system level,... |
| CVE-2022-41268 | 2022-12-13 | In some SAP standard roles in SAP Business Planning and Consolidation - versions - SAP_BW 750, 751, 752, 753, 754, 755, 756, 757, DWCORE 200, 300, CPMBPC 810, a transaction... |
| CVE-2022-41271 | 2022-12-13 | An unauthenticated user can attach to an open interface exposed through JNDI by the Messaging System of SAP NetWeaver Process Integration (PI) - version 7.50. This user can make use... |
| CVE-2022-41272 | 2022-12-13 | An unauthenticated attacker over the network can attach to an open interface exposed through JNDI by the User Defined Search (UDS) of SAP NetWeaver Process Integration (PI) - version 7.50... |
| CVE-2022-41273 | 2022-12-13 | Due to improper input sanitization in SAP Sourcing and SAP Contract Lifecycle Management - version 1100, an attacker can redirect a user to a malicious website. In order to perform... |
| CVE-2022-41274 | 2022-12-13 | SAP Disclosure Management - version 10.1, allows an authenticated attacker to exploit certain misconfigured application endpoints to read sensitive data. These endpoints are normally exposed over the network and successful... |
| CVE-2022-41275 | 2022-12-13 | In SAP Solution Manager (Enterprise Search) - versions 740, and 750, an unauthenticated attacker can generate a link that, if clicked by a logged-in user, can be redirected to a... |
| CVE-2022-46160 | 2022-12-13 | Tuleap dashboards vulnerable to Incorrect Authorization |
| CVE-2022-23473 | 2022-12-13 | Tuleap MediaWiki standalone "readers" can also edit pages |
| CVE-2022-23505 | 2022-12-13 | Passport-wsfed-saml2 vulnerable to Authentication Bypass for WSFed authentication |
| CVE-2022-4098 | 2022-12-13 | Wiesemann & Theis: Multiple products prone to missing authentication through spoofing |
| CVE-2022-23523 | 2022-12-13 | rust-vmm linux-loader vulnerable to Out-of-bounds Read |
| CVE-2022-38124 | 2022-12-13 | Unwanted debug tool |
| CVE-2022-29580 | 2022-12-13 | Path Traversal in Android Google Search App |
| CVE-2022-46363 | 2022-12-13 | Apache CXF directory listing / code exfiltration |
| CVE-2022-3996 | 2022-12-13 | X.509 Policy Constraints Double Locking |
| CVE-2022-46364 | 2022-12-13 | Apache CXF SSRF Vulnerability |
| CVE-2022-4171 | 2022-12-13 | The demon image annotation plugin for WordPress is vulnerable to improper input validation in versions up to, and including 5.0. This is due to the plugin improperly validating the number... |
| CVE-2022-4207 | 2022-12-13 | The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several values that can be added to an Image Hover in versions 9.8.1 to 9.8.4... |
| CVE-2022-2951 | 2022-12-13 | Altair HyperView Player versions 2021.1.0.27 and prior are vulnerable to improper validation of array index vulnerability during processing of H3D files. A DWORD value from a PoC file is extracted... |
| CVE-2022-2950 | 2022-12-13 | Altair HyperView Player versions 2021.1.0.27 and prior are vulnerable to the use of uninitialized memory vulnerability during parsing of H3D files. A DWORD is extracted from an uninitialized buffer and,... |
| CVE-2022-23499 | 2022-12-13 | Cross-Site Scripting Protection bypass in HTML Sanitizer |
| CVE-2022-2949 | 2022-12-13 | Altair HyperView Player versions 2021.1.0.27 and prior are vulnerable to the use of uninitialized memory vulnerability during parsing of H3D files. A DWORD is extracted from an uninitialized buffer and,... |
| CVE-2022-2947 | 2022-12-13 | Altair HyperView Player versions 2021.1.0.27 and prior perform operations on a memory buffer but can read from or write to a memory location outside of the intended boundary of the... |
| CVE-2022-41653 | 2022-12-13 | Daikin SVMPC1 version 2.1.22 and prior and SVMPC2 version 1.2.3 and prior are vulnerable to an attacker obtaining user login credentials and control the system. |
| CVE-2022-38355 | 2022-12-13 | Daikin SVMPC1 version 2.1.22 and prior and SVMPC2 version 1.2.3 and prior are vulnerable to attackers with access to the local area network (LAN) to disclose sensitive information stored by... |
| CVE-2022-2757 | 2022-12-13 | Due to the lack of adequately implemented access-control rules, all versions Kingspan TMS300 CS are vulnerable to an attacker viewing and modifying the application settings without authenticating by accessing a... |
| CVE-2022-2660 | 2022-12-13 | Delta Industrial Automation DIALink versions 1.4.0.0 and prior are vulnerable to the use of a hard-coded cryptographic key which could allow an attacker to decrypt sensitive data and compromise the... |
| CVE-2022-40264 | 2022-12-13 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ICONICS/Mitsubishi Electric GENESIS64 versions 10.96 to 10.97.2 allows an unauthenticated attacker to create, tamper with or destroy... |
| CVE-2022-2601 | 2022-12-14 | A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the... |
| CVE-2022-4436 | 2022-12-14 | Use after free in Blink Media in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2022-4437 | 2022-12-14 | Use after free in Mojo IPC in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2022-4438 | 2022-12-14 | Use after free in Blink Frames in Google Chrome prior to 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap... |