Lista CVE - 2022 / Dicembre
Visualizzazione 901 - 1000 di 2356 CVE per Dicembre 2022 (Pagina 10 di 24)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2022-4439 | 2022-12-14 | Use after free in Aura in Google Chrome on Windows prior to 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit... |
| CVE-2022-4440 | 2022-12-14 | Use after free in Profiles in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) |
| CVE-2022-4495 | 2022-12-14 | collective.dms.basecontent column.py renderCell cross site scripting |
| CVE-2020-9419 | 2022-12-14 | Multiple stored cross-site scripting (XSS) vulnerabilities in Arcadyan Wifi routers VRV9506JAC23 allow remote attackers to inject arbitrary web script or HTML via the hostName and domain_name parameters present in the... |
| CVE-2020-9420 | 2022-12-14 | The login password of the web administrative dashboard in Arcadyan Wifi routers VRV9506JAC23 is sent in cleartext, allowing an attacker to sniff and intercept traffic to learn the administrative credentials... |
| CVE-2022-23741 | 2022-12-14 | Incorrect authorization in GitHub Enterprise Server token generation leading to full admin access |
| CVE-2022-3104 | 2022-12-14 | An issue was discovered in the Linux kernel through 5.16-rc6. lkdtm_ARRAY_BOUNDS in drivers/misc/lkdtm/bugs.c lacks check of the return value of kmalloc() and will cause the null pointer dereference. |
| CVE-2022-3105 | 2022-12-14 | An issue was discovered in the Linux kernel through 5.16-rc6. uapi_finalize in drivers/infiniband/core/uverbs_uapi.c lacks check of kmalloc_array(). |
| CVE-2022-3106 | 2022-12-14 | An issue was discovered in the Linux kernel through 5.16-rc6. ef100_update_stats in drivers/net/ethernet/sfc/ef100_nic.c lacks check of the return value of kmalloc(). |
| CVE-2022-3107 | 2022-12-14 | An issue was discovered in the Linux kernel through 5.16-rc6. netvsc_get_ethtool_stats in drivers/net/hyperv/netvsc_drv.c lacks check of the return value of kvmalloc_array() and will cause the null pointer dereference. |
| CVE-2022-3108 | 2022-12-14 | An issue was discovered in the Linux kernel through 5.16-rc6. kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c lacks check of the return value of kmemdup(). |
| CVE-2022-3110 | 2022-12-14 | An issue was discovered in the Linux kernel through 5.16-rc6. _rtw_init_xmit_priv in drivers/staging/r8188eu/core/rtw_xmit.c lacks check of the return value of rtw_alloc_hwxmits() and will cause the null pointer dereference. |
| CVE-2022-3111 | 2022-12-14 | An issue was discovered in the Linux kernel through 5.16-rc6. free_charger_irq() in drivers/power/supply/wm8350_power.c lacks free of WM8350_IRQ_CHG_FAST_RDY, which is registered in wm8350_init_charger(). |
| CVE-2022-3112 | 2022-12-14 | An issue was discovered in the Linux kernel through 5.16-rc6. amvdec_set_canvases in drivers/staging/media/meson/vdec/vdec_helpers.c lacks check of the return value of kzalloc() and will cause the null pointer dereference. |
| CVE-2022-3113 | 2022-12-14 | An issue was discovered in the Linux kernel through 5.16-rc6. mtk_vcodec_fw_vpu_init in drivers/media/platform/mtk-vcodec/mtk_vcodec_fw_vpu.c lacks check of the return value of devm_kzalloc() and will cause the null pointer dereference. |
| CVE-2022-3114 | 2022-12-14 | An issue was discovered in the Linux kernel through 5.16-rc6. imx_register_uart_clocks in drivers/clk/imx/clk.c lacks check of the return value of kcalloc() and will cause the null pointer dereference. |
| CVE-2022-3115 | 2022-12-14 | An issue was discovered in the Linux kernel through 5.16-rc6. malidp_crtc_reset in drivers/gpu/drm/arm/malidp_crtc.c lacks check of the return value of kzalloc() and will cause the null pointer dereference. |
| CVE-2022-31358 | 2022-12-14 | A reflected cross-site scripting (XSS) vulnerability in Proxmox Virtual Environment prior to v7.2-3 allows remote attackers to execute arbitrary web scripts or HTML via non-existent endpoints under path /api2/html/. |
| CVE-2022-31700 | 2022-12-14 | VMware Workspace ONE Access and Identity Manager contain an authenticated remote code execution vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with... |
| CVE-2022-31701 | 2022-12-14 | VMware Workspace ONE Access and Identity Manager contain a broken authentication vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum... |
| CVE-2022-31702 | 2022-12-14 | vRealize Network Insight (vRNI) contains a command injection vulnerability present in the vRNI REST API. A malicious actor with network access to the vRNI REST API can execute commands without... |
| CVE-2022-31703 | 2022-12-14 | The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code... |
| CVE-2022-31705 | 2022-12-14 | VMware ESXi, Workstation, and Fusion contain a heap out-of-bounds write vulnerability in the USB 2.0 controller (EHCI). A malicious actor with local administrative privileges on a virtual machine may exploit... |
| CVE-2022-38488 | 2022-12-14 | logrocket-oauth2-example through 2020-05-27 allows SQL injection via the /auth/register username parameter. |
| CVE-2022-4283 | 2022-12-14 | A vulnerability was found in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests..... |
| CVE-2022-44832 | 2022-12-14 | D-Link DIR-3040 device with firmware 120B03 was discovered to contain a command injection vulnerability via the SetTriggerLEDBlink function. |
| CVE-2022-44898 | 2022-12-14 | The MsIo64.sys component in Asus Aura Sync through v1.07.79 does not properly validate input to IOCTL 0x80102040, 0x80102044, 0x80102050, and 0x80102054, allowing attackers to trigger a memory corruption and cause... |
| CVE-2022-44910 | 2022-12-14 | Binbloom 2.0 was discovered to contain a heap buffer overflow via the read_pointer function at /binbloom-master/src/helpers.c. |
| CVE-2022-4493 | 2022-12-14 | scifio ZIP File DefaultSampleFilesService.java downloadAndUnpackResource path traversal |
| CVE-2022-4494 | 2022-12-14 | bspkrs MCPMappingViewer ZIP File RemoteZipHandler.java extractZip path traversal |
| CVE-2022-46071 | 2022-12-14 | There is SQL Injection vulnerability at Helmet Store Showroom v1.0 Login Page. This vulnerability can be exploited to bypass admin access. |
| CVE-2022-46072 | 2022-12-14 | Helmet Store Showroom v1.0 vulnerable to unauthenticated SQL Injection. |
| CVE-2022-46073 | 2022-12-14 | Helmet Store Showroom 1.0 is vulnerable to Cross Site Scripting (XSS). |
| CVE-2022-46074 | 2022-12-14 | Helmet Store Showroom 1.0 is vulnerable to Cross Site Request Forgery (CSRF). An unauthenticated user can add an admin account due to missing CSRF protection. |
| CVE-2022-46117 | 2022-12-14 | Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/?page=view_product&id=. |
| CVE-2022-46118 | 2022-12-14 | Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/?page=product_per_brand&bid=. |
| CVE-2022-46119 | 2022-12-14 | Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/?page=categories&c=. |
| CVE-2022-46120 | 2022-12-14 | Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/?page=products/view_product&id=. |
| CVE-2022-46121 | 2022-12-14 | Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/?page=products/manage_product&id=. |
| CVE-2022-46122 | 2022-12-14 | Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/categories/view_category.php?id=. |
| CVE-2022-46123 | 2022-12-14 | Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/categories/manage_category.php?id=. |
| CVE-2022-46124 | 2022-12-14 | Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/?page=user/manage_user&id=. |
| CVE-2022-46125 | 2022-12-14 | Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/?page=client/manage_client&id=. |
| CVE-2022-46126 | 2022-12-14 | Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/brands/manage_brand.php?id=. |
| CVE-2022-46127 | 2022-12-14 | Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/classes/Master.php?f=delete_product. |
| CVE-2022-46255 | 2022-12-14 | Improper Limitation of a Pathname to a Restricted Directory in GitHub Enterprise Server leading to RCE |
| CVE-2022-46256 | 2022-12-14 | Path traversal in GitHub Enterprise Server leading to remote code execution in GitHub Pages |
| CVE-2022-46340 | 2022-12-14 | A vulnerability was found in X.Org. This security flaw occurs becuase the swap handler for the XTestFakeInput request of the XTest extension may corrupt the stack if GenericEvents with lengths... |
| CVE-2022-46341 | 2022-12-14 | A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIPassiveUngrab request accesses out-of-bounds memory when invoked with a high keycode or button code. This... |
| CVE-2022-46342 | 2022-12-14 | A vulnerability was found in X.Org. This security flaw occurs because the handler for the XvdiSelectVideoNotify request may write to memory after it has been freed. This issue can lead... |
| CVE-2022-46343 | 2022-12-14 | A vulnerability was found in X.Org. This security flaw occurs because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This issue can lead... |
| CVE-2022-46344 | 2022-12-14 | A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential information disclosure.... |
| CVE-2022-46443 | 2022-12-14 | mesinkasir Bangresto 1.0 is vulnberable to SQL Injection via the itemqty%5B%5D parameter. |
| CVE-2022-46609 | 2022-12-14 | Python3-RESTfulAPI commit d9907f14e9e25dcdb54f5b22252b0e9452e3970e and e772e0beee284c50946e94c54a1d43071ca78b74 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys,... |
| CVE-2022-46996 | 2022-12-14 | vSphere_selfuse commit 2a9fe074a64f6a0dd8ac02f21e2f10d66cac5749 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well... |
| CVE-2022-46997 | 2022-12-14 | Passhunt commit 54eb987d30ead2b8ebbf1f0b880aa14249323867 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well... |
| CVE-2022-47406 | 2022-12-14 | An issue was discovered in the fe_change_pwd (aka Change password for frontend users) extension before 2.0.5, and 3.x before 3.0.3, for TYPO3. The extension fails to revoke existing sessions for... |
| CVE-2022-47407 | 2022-12-14 | An issue was discovered in the fp_masterquiz (aka Master-Quiz) extension before 2.2.1, and 3.x before 3.5.1, for TYPO3. An attacker can continue the quiz of a different user. In doing... |
| CVE-2022-47408 | 2022-12-14 | An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. There is a... |
| CVE-2022-47409 | 2022-12-14 | An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Attackers can unsubscribe... |
| CVE-2022-47410 | 2022-12-14 | An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Data about subscribers... |
| CVE-2022-47411 | 2022-12-14 | An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Data about subscribers... |
| CVE-2022-22063 | 2022-12-14 | Memory corruption in Core |
| CVE-2022-23500 | 2022-12-14 | TYPO3 subject to Uncontrolled Recursion resulting in Denial of Service |
| CVE-2022-23501 | 2022-12-14 | TYPO3 vulnerable to Improper Authentication in Frontend Login |
| CVE-2022-23502 | 2022-12-14 | TYPO3 contains Insufficient Session Expiration after Password Reset |
| CVE-2022-23503 | 2022-12-14 | TYPO3 vulnerable to Arbitrary Code Execution via Form Framework |
| CVE-2022-23504 | 2022-12-14 | TYPO3 contains Sensitive Information Disclosure via YAML Placeholder Expressions in Site Configuration |
| CVE-2022-3073 | 2022-12-14 | Quaonos Schema ST4 example templates prone to XSS |
| CVE-2022-3590 | 2022-12-14 | WP <= 6.1.1 - Unauthenticated Blind SSRF via DNS Rebinding |
| CVE-2022-34271 | 2022-12-14 | Apache Atlas: zip path traversal in import functionality |
| CVE-2022-23512 | 2022-12-14 | Metersphere is vulnerable to Path Injection. |
| CVE-2022-23514 | 2022-12-14 | Inefficient Regular Expression Complexity in Loofah |
| CVE-2022-23515 | 2022-12-14 | Improper neutralization of data URIs may allow XSS in Loofah |
| CVE-2022-23516 | 2022-12-14 | Uncontrolled Recursion in Loofah |
| CVE-2022-23517 | 2022-12-14 | Inefficient Regular Expression Complexity in rails-html-sanitizer |
| CVE-2022-23518 | 2022-12-14 | Improper neutralization of data URIs allows XSS in rails-html-sanitizer |
| CVE-2022-23519 | 2022-12-14 | Possible XSS vulnerability with certain configurations of rails-html-sanitizer |
| CVE-2022-23520 | 2022-12-14 | rails-html-sanitizer contains an incomplete fix for an XSS vulnerability |
| CVE-2022-23527 | 2022-12-14 | Open Redirect in oidc_validate_redirect_url() |
| CVE-2022-4501 | 2022-12-14 | The Mega Addons plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the vc_saving_data function in versions up to, and including, 4.2.7. This makes... |
| CVE-2022-3917 | 2022-12-14 | Improper access control of bootloader function was discovered in Motorola Mobility Motorola e20 prior to version RONS31.267-38-8 allows attacker with local access to read partition or RAM data. |
| CVE-2022-4410 | 2022-12-14 | The Permalink Manager Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including 2.2.20.3 due to improper output escaping on post/page/media titles. This makes... |
| CVE-2020-4497 | 2022-12-14 | IBM Spectrum Protect Plus information disclosure |
| CVE-2021-4245 | 2022-12-15 | chbrown rfc6902 pointer.ts prototype pollution |
| CVE-2022-4521 | 2022-12-15 | WSO2 carbon-registry Request Parameter cross site scripting |
| CVE-2022-4523 | 2022-12-15 | vexim2 cross site scripting |
| CVE-2022-4524 | 2022-12-15 | Roots soil Plugin CleanUpModule.php language_attributes cross site scripting |
| CVE-2022-4525 | 2022-12-15 | National Sleep Research Resource sleepdata.org cross site scripting |
| CVE-2022-4527 | 2022-12-15 | collective.task table.py AssignedGroupColumn cross site scripting |
| CVE-2020-20588 | 2022-12-15 | File upload vulnerability in function upload in action/Core.class.php in zhimengzhe iBarn 1.5 allows remote attackers to run arbitrary code via avatar upload to index.php. |
| CVE-2020-20589 | 2022-12-15 | Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.0.8 allows remote attackers to run arbitrary code via tha lang attribute of an html tag. |
| CVE-2020-21219 | 2022-12-15 | Cross Site Scripting (XSS) vulnerability in Netgate pf Sense 2.4.4-Release-p3 and Netgate ACME package 0.6.3 allows remote attackers to to run arbitrary code via the RootFolder field to acme_certificate_edit.php page... |
| CVE-2020-24855 | 2022-12-15 | Directory Traversal vulnerability in easywebpack-cli before 4.5.2 allows attackers to obtain sensitive information via crafted GET request. |
| CVE-2020-36607 | 2022-12-15 | Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.0.8 allows remote attackers to run arbitrary code via tha lang attribute of an html tag. |
| CVE-2021-33420 | 2022-12-15 | A deserialization issue discovered in inikulin replicator before 1.0.4 allows remote attackers to run arbitrary code via the fromSerializable function in TypedArray object. |
| CVE-2021-36572 | 2022-12-15 | Cross Site Scripting (XSS) vulnerability in Feehi CMS thru 2.1.1 allows attackers to run arbitrary code via the user name field of the login page. |
| CVE-2021-36573 | 2022-12-15 | File Upload vulnerability in Feehi CMS thru 2.1.1 allows attackers to run arbitrary code via crafted image upload. |
| CVE-2021-39426 | 2022-12-15 | An issue was discovered in /Upload/admin/admin_notify.php in Seacms 11.4 allows attackers to execute arbitrary php code via the notify1 parameter when the action parameter equals set. |
| CVE-2021-39427 | 2022-12-15 | Cross site scripting vulnerability in 188Jianzhan 2.10 allows attackers to execute arbitrary code via the username parameter to /admin/reg.php. |