Lista CVE - 2022 / Dicembre
Visualizzazione 2301 - 2356 di 2356 CVE per Dicembre 2022 (Pagina 24 di 24)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2022-47119 | 2022-12-30 | Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the ssid parameter at /goform/WifiBasicSet. |
| CVE-2022-47120 | 2022-12-30 | Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the security_5g parameter at /goform/WifiBasicSet. |
| CVE-2022-47121 | 2022-12-30 | Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the wepkey parameter at /goform/WifiBasicSet. |
| CVE-2022-47122 | 2022-12-30 | Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the wrlPwd_5g parameter at /goform/WifiBasicSet. |
| CVE-2022-47123 | 2022-12-30 | Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the wepkey3 parameter at /goform/WifiBasicSet. |
| CVE-2022-47124 | 2022-12-30 | Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the wepkey4 parameter at /goform/WifiBasicSet. |
| CVE-2022-47125 | 2022-12-30 | Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the wrlEn_5g parameter at /goform/WifiBasicSet. |
| CVE-2022-47126 | 2022-12-30 | Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the wrlEn parameter at /goform/WifiBasicSet. |
| CVE-2022-47127 | 2022-12-30 | Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the wrlPwd parameter at /goform/WifiBasicSet. |
| CVE-2022-47128 | 2022-12-30 | Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the wepkey2 parameter at /goform/WifiBasicSet. |
| CVE-2022-48194 | 2022-12-30 | TP-Link TL-WR902AC devices through V3 0.9.1 allow remote authenticated attackers to execute arbitrary code or cause a Denial of Service (DoS) by uploading a crafted firmware update because the signature... |
| CVE-2022-48196 | 2022-12-30 | Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects RAX40 before 1.0.2.60, RAX35 before 1.0.2.60, R6400v2 before 1.0.4.122, R6700v3 before 1.0.4.122, R6900P before 1.3.3.152,... |
| CVE-2022-4863 | 2022-12-30 | Improper Handling of Insufficient Permissions or Privileges in usememos/memos |
| CVE-2022-4864 | 2022-12-30 | Argument Injection in froxlor/froxlor |
| CVE-2022-38203 | 2022-12-30 | The allowedProxyHosts property is not fully honored in ArcGIS Enterprise (10.8.1 and 10.7.1 only) |
| CVE-2022-38204 | 2022-12-30 | Reflected XSS vulnerability in Portal for ArcGIS (10.8.1 and 10.7.1 only) |
| CVE-2022-38205 | 2022-12-30 | Portal for ArcGIS has a directory traversal vulnerability (10.9.1, 10.8.1 and 10.7.1 only) |
| CVE-2022-38206 | 2022-12-30 | Reflected XSS vulnerability in Portal for ArcGIS (10.9.1, 10.8.1 and 10.7.1 only) |
| CVE-2022-38207 | 2022-12-30 | Reflected XSS vulnerability in Portal for ArcGIS (10.8.1 and 10.7.1 only) |
| CVE-2022-38208 | 2022-12-30 | Unvalidated redirect in Portal for ArcGIS |
| CVE-2022-38209 | 2022-12-30 | Reflected XSS vulnerability in Portal for ArcGIS |
| CVE-2022-38210 | 2022-12-30 | HTML injection in accountswitcher-callback.html (10.9.1, 10.8.1 and 10.7.1 only) |
| CVE-2022-38211 | 2022-12-30 | Server Side Request Forgery (SSRF) vulnerability in Portal for ArcGIS (10.9.1, 10.8.1 and 10.7.1 only) |
| CVE-2022-38212 | 2022-12-30 | Server Side Request Forgery (SSRF) vulnerability in Portal for ArcGIS (10.8.1 and 10.7.1 only) |
| CVE-2022-4855 | 2022-12-30 | SourceCodester Lead Management System login.php sql injection |
| CVE-2022-4856 | 2022-12-30 | Modbus Tools Modbus Slave mbs File mbslave.exe buffer overflow |
| CVE-2022-4857 | 2022-12-30 | Modbus Tools Modbus Poll mbp File mbpoll.exe buffer overflow |
| CVE-2022-43396 | 2022-12-30 | Apache Kylin: Command injection by Useless configuration |
| CVE-2022-44621 | 2022-12-30 | Apache Kylin: Command injection by Diagnosis Controller |
| CVE-2018-25059 | 2022-12-30 | pastebinit server.go pasteHandler path traversal |
| CVE-2020-36637 | 2022-12-30 | Chris92de AdminServ adminserv.php cross site scripting |
| CVE-2020-36638 | 2022-12-30 | Chris92de AdminServ adminserv.php cross site scripting |
| CVE-2022-4858 | 2022-12-30 | Insertion of Sensitive Information into Log File |
| CVE-2017-20151 | 2022-12-30 | iText RUPS XfaFile.java xml external entity reference |
| CVE-2022-4859 | 2022-12-30 | Joget User Profile Menu UserProfileMenu.java submitForm cross site scripting |
| CVE-2017-20152 | 2022-12-30 | aerouk imageserve File viewer.php path traversal |
| CVE-2017-20153 | 2022-12-30 | aerouk imageserve cross site scripting |
| CVE-2018-25060 | 2022-12-30 | Macaron csrf csrf.go missing secure attribute |
| CVE-2022-4860 | 2022-12-30 | KBase Metrics methods_upload_user_stats.py upload_user_data sql injection |
| CVE-2022-4861 | 2022-12-30 | Incorrect Implementation of Authentication Algorithm |
| CVE-2017-20154 | 2022-12-30 | ghostlander Phoenixcoin main.cpp accept denial of service |
| CVE-2017-20155 | 2022-12-30 | Sterc Google Analytics Dashboard for MODX Internal Search widget.analytics.tpl cross site scripting |
| CVE-2022-48195 | 2022-12-31 | An issue was discovered in Mellium mellium.im/sasl before 0.3.1. When performing SCRAM-based SASL authentication, if the remote end advertises support for channel binding, no random nonce is generated (instead, the... |
| CVE-2022-4865 | 2022-12-31 | Cross-site Scripting (XSS) - Stored in usememos/memos |
| CVE-2022-4866 | 2022-12-31 | Cross-site Scripting (XSS) - Stored in usememos/memos |
| CVE-2022-4867 | 2022-12-31 | Cross-Site Request Forgery (CSRF) in froxlor/froxlor |
| CVE-2022-4868 | 2022-12-31 | Improper Authorization in froxlor/froxlor |
| CVE-2017-20156 | 2022-12-31 | Exciting Printer Argument prepare_page.rb command injection |
| CVE-2017-20157 | 2022-12-31 | Ariadne Component Library Url.php server-side request forgery |
| CVE-2017-20158 | 2022-12-31 | vova07 Yii2 FileAPI Widget UploadAction.php run cross site scripting |
| CVE-2017-20159 | 2022-12-31 | rf Keynote rumble.rb cross site scripting |
| CVE-2014-125027 | 2022-12-31 | Yuna Scatari TBDev usersearch.php get_user_icons cross site scripting |
| CVE-2014-125028 | 2022-12-31 | valtech IDP Test Client main.py cross-site request forgery |
| CVE-2017-20160 | 2022-12-31 | flitto express-param fetchParams.js parameter pollution |
| CVE-2018-25061 | 2022-12-31 | rgb2hex redos |
| CVE-2021-41823 | 2023-01-01 | The Web Application Firewall (WAF) in Kemp LoadMaster 7.2.54.1 allows certain uses of onmouseover to bypass an XSS protection mechanism. |
| CVE-2022-34322 | 2023-01-01 | Multiple XSS issues were discovered in Sage Enterprise Intelligence 2021 R1.1 that allow an attacker to execute JavaScript code in the context of users' browsers. The attacker needs to be... |
| CVE-2022-34323 | 2023-01-01 | Multiple XSS issues were discovered in Sage XRT Business Exchange 12.4.302 that allow an attacker to execute JavaScript code in the context of other users' browsers. The attacker needs to... |
| CVE-2022-34324 | 2023-01-01 | Multiple SQL injections in Sage XRT Business Exchange 12.4.302 allow an authenticated attacker to inject malicious data in SQL queries: Add Currencies, Payment Order, and Transfer History. |
| CVE-2022-37785 | 2023-01-01 | An issue was discovered in WeCube Platform 3.2.2. Cleartext passwords are displayed in the configuration for terminal plugins. |
| CVE-2022-37786 | 2023-01-01 | An issue was discovered in WeCube Platform 3.2.2. There are multiple CSV injection issues: the [Home / Admin / Resources] page, the [Home / Admin / System Params] page, and... |
| CVE-2022-37787 | 2023-01-01 | An issue was discovered in WeCube platform 3.2.2. A DOM XSS vulnerability has been found on the plugin database execution page. |
| CVE-2022-40711 | 2023-01-01 | PrimeKey EJBCA 7.9.0.2 Community allows stored XSS in the End Entity section. A user with the RA Administrator role can inject an XSS payload to target higher-privilege users. |
| CVE-2022-45027 | 2023-01-01 | perfSONAR before 4.4.6, when performing participant discovery, incorrectly uses an HTTP request header value to determine a local address. |
| CVE-2022-45213 | 2023-01-01 | perfSONAR before 4.4.6 inadvertently supports the parse option for a file:// URL. |
| CVE-2022-47634 | 2023-01-01 | M-Link Archive Server in Isode M-Link R16.2v1 through R17.0 before R17.0v24 allows non-administrative users to access and manipulate archive data via certain HTTP endpoints, aka LINK-2867. |
| CVE-2022-47952 | 2023-01-01 | lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may allow local users to infer whether any file exists, even within a protected directory tree, because "Failed to open"... |
| CVE-2022-48198 | 2023-01-01 | The ntpd_driver component before 1.3.0 and 2.x before 2.2.0 for Robot Operating System (ROS) allows attackers, who control the source code of a different node in the same ROS application,... |
| CVE-2023-0028 | 2023-01-01 | Cross-site Scripting (XSS) - Stored in linagora/twake |
| CVE-2023-22551 | 2023-01-01 | The FTP (aka "Implementation of a simple FTP client and server") project through 96c1a35 allows remote attackers to cause a denial of service (memory consumption) by engaging in client activity,... |
| CVE-2018-25062 | 2023-01-01 | flar2 ElementalX ipsec xfrm_user.c xfrm_dump_policy_done denial of service |
| CVE-2018-25063 | 2023-01-01 | Zenoss Dashboard defaultportlets.js cross site scripting |
| CVE-2014-125030 | 2023-01-01 | taoeffect Empress hard-coded password |
| CVE-2023-0029 | 2023-01-01 | Multilaser RE708 Telnet Service denial of service |
| CVE-2010-10002 | 2023-01-01 | SimpleSAMLphp simplesamlphp-module-openid OpenID consumer.php cross site scripting |
| CVE-2013-10006 | 2023-01-01 | Ziftr primecoin bitcoinrpc.cpp HTTPAuthorized timing discrepancy |
| CVE-2015-10006 | 2023-01-01 | admont28 Ingnovarq insertarSliderAjax.php cross site scripting |
| CVE-2021-4297 | 2023-01-01 | trampgeek jobe Restapi.php runs_post Privilege Escalation |
| CVE-2019-13768 | 2023-01-02 | Use after free in FileAPI in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chrome security severity: High) |
| CVE-2021-21200 | 2023-01-02 | Out of bounds read in WebUI Settings in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.... |
| CVE-2021-30558 | 2023-01-02 | Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chrome security severity:... |
| CVE-2022-0337 | 2023-01-02 | Inappropriate implementation in File System API in Google Chrome on Windows prior to 97.0.4692.71 allowed a remote attacker to obtain potentially sensitive information via a crafted HTML page. (Chrome security... |
| CVE-2022-0801 | 2023-01-02 | Inappropriate implementation in HTML parser in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to bypass XSS preventions via a crafted HTML page. (Chrome security severity: Medium) |
| CVE-2022-2742 | 2023-01-02 | Use after free in Exosphere in Google Chrome on Chrome OS and Lacros prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific UI interactions... |
| CVE-2022-2743 | 2023-01-02 | Integer overflow in Window Manager in Google Chrome on Chrome OS and Lacros prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific UI interactions... |
| CVE-2022-3842 | 2023-01-02 | Use after free in Passwords in Google Chrome prior to 105.0.5195.125 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML... |
| CVE-2022-3863 | 2023-01-02 | Use after free in Browser History in Google Chrome prior to 100.0.4896.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High) |
| CVE-2022-4025 | 2023-01-02 | Inappropriate implementation in Paint in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to leak cross-origin data outside an iframe via a crafted HTML page. (Chrome security severity: Low) |
| CVE-2022-48197 | 2023-01-02 | Reflected cross-site scripting (XSS) exists in Sandbox examples in the YUI2 repository. The download distributions, TreeView component and the YUI Javascript library overall are not affected. NOTE: This vulnerability only... |
| CVE-2022-3460 | 2023-01-02 | In affected versions of Octopus Deploy it is possible for certain types of sensitive variables to inadvertently become unmasked when viewed in variable preview. |
| CVE-2014-125031 | 2023-01-02 | kirill2485 TekNet loggedin.php cross site scripting |
| CVE-2014-125032 | 2023-01-02 | porpeeranut go-with-me add.php sql injection |
| CVE-2014-125033 | 2023-01-02 | rails-cv-app uploaded_files_controller.rb path traversal |
| CVE-2021-4298 | 2023-01-02 | Hesburgh Libraries of Notre Dame Sipity search_criteria_for_works_parameter.rb SearchCriteriaForWorksParameter sql injection |
| CVE-2021-4299 | 2023-01-02 | cronvel string-kit naturalSort.js naturalSort redos |
| CVE-2016-15006 | 2023-01-02 | enigmaX Scrambling Table main.c getSeed prng seed |
| CVE-2022-42475 | 2023-01-02 | A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1,... |
| CVE-2019-25093 | 2023-01-02 | dragonexpert Recent Threads on Index Setting hooks.php recentthread_list_threads cross site scripting |
| CVE-2014-125034 | 2023-01-02 | stiiv contact_app View.php render cross site scripting |
| CVE-2015-10007 | 2023-01-02 | 82Flex WEIPDCRM cross site scripting |