Lista CVE - 2022 / Settembre
Visualizzazione 1501 - 1600 di 2148 CVE per Settembre 2022 (Pagina 16 di 22)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2022-41229 | 2022-09-21 | Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.134 and earlier does not escape configuration options of the Execute NetStorm/NetCloud Test build step, resulting in a stored cross-site scripting (XSS) vulnerability exploitable... |
| CVE-2022-41230 | 2022-09-21 | Jenkins Build-Publisher Plugin 1.22 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to obtain names and URLs of Jenkins servers that... |
| CVE-2022-41231 | 2022-09-21 | Jenkins Build-Publisher Plugin 1.22 and earlier allows attackers with Item/Configure permission to create or replace any config.xml file on the Jenkins controller file system by providing a crafted file name... |
| CVE-2022-41232 | 2022-09-21 | A cross-site request forgery (CSRF) vulnerability in Jenkins Build-Publisher Plugin 1.22 and earlier allows attackers to replace any config.xml file on the Jenkins controller file system with an empty file... |
| CVE-2022-41233 | 2022-09-21 | Jenkins Rundeck Plugin 3.6.11 and earlier does not perform Run/Artifacts permission checks in multiple HTTP endpoints, allowing attackers with Item/Read permission to obtain information about build artifacts of a given... |
| CVE-2022-41234 | 2022-09-21 | Jenkins Rundeck Plugin 3.6.11 and earlier does not protect access to the /plugin/rundeck/webhook/ endpoint, allowing users with Overall/Read permission to trigger jobs that are configured to be triggerable via Rundeck. |
| CVE-2022-41235 | 2022-09-21 | Jenkins WildFly Deployer Plugin 1.0.2 and earlier implements functionality that allows agent processes to read arbitrary files on the Jenkins controller file system. |
| CVE-2022-41236 | 2022-09-21 | A cross-site request forgery (CSRF) vulnerability in Jenkins Security Inspector Plugin 117.v6eecc36919c2 and earlier allows attackers to replace the generated report stored in a per-session cache and displayed to authorized... |
| CVE-2022-41237 | 2022-09-21 | Jenkins DotCi Plugin 2.40.00 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. |
| CVE-2022-41238 | 2022-09-21 | A missing permission check in Jenkins DotCi Plugin 2.40.00 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository for attacker-specified commits. |
| CVE-2022-41239 | 2022-09-21 | Jenkins DotCi Plugin 2.40.00 and earlier does not escape the GitHub user name parameter provided to commit notifications when displaying them in a build cause, resulting in a stored cross-site... |
| CVE-2022-41240 | 2022-09-21 | Jenkins Walti Plugin 1.0.1 and earlier does not escape the information provided by the Walti API, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide... |
| CVE-2022-41241 | 2022-09-21 | Jenkins RQM Plugin 2.8 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. |
| CVE-2022-41242 | 2022-09-21 | A missing permission check in Jenkins extreme-feedback Plugin 1.7 and earlier allows attackers with Overall/Read permission to discover information about job names attached to lamps, discover MAC and IP addresses... |
| CVE-2022-41243 | 2022-09-21 | Jenkins SmallTest Plugin 1.0.4 and earlier does not perform hostname validation when connecting to the configured View26 server that could be abused using a man-in-the-middle attack to intercept these connections. |
| CVE-2022-41244 | 2022-09-21 | Jenkins View26 Test-Reporting Plugin 1.0.7 and earlier does not perform hostname validation when connecting to the configured View26 server that could be abused using a man-in-the-middle attack to intercept these... |
| CVE-2022-41245 | 2022-09-21 | A cross-site request forgery (CSRF) vulnerability in Jenkins Worksoft Execution Manager Plugin 10.0.3.503 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another... |
| CVE-2022-41246 | 2022-09-21 | A missing permission check in Jenkins Worksoft Execution Manager Plugin 10.0.3.503 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through... |
| CVE-2022-41247 | 2022-09-21 | Jenkins BigPanda Notifier Plugin 1.4.0 and earlier stores the BigPanda API key unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with... |
| CVE-2022-41248 | 2022-09-21 | Jenkins BigPanda Notifier Plugin 1.4.0 and earlier does not mask the BigPanda API key on the global configuration form, increasing the potential for attackers to observe and capture it. |
| CVE-2022-41249 | 2022-09-21 | A cross-site request forgery (CSRF) vulnerability in Jenkins SCM HttpClient Plugin 1.5 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another... |
| CVE-2022-41250 | 2022-09-21 | A missing permission check in Jenkins SCM HttpClient Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through... |
| CVE-2022-41251 | 2022-09-21 | A missing permission check in Jenkins Apprenda Plugin 2.2.0 and earlier allows users with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. |
| CVE-2022-41252 | 2022-09-21 | Missing permission checks in Jenkins CONS3RT Plugin 1.0.0 and earlier allows users with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins. |
| CVE-2022-41253 | 2022-09-21 | A cross-site request forgery (CSRF) vulnerability in Jenkins CONS3RT Plugin 1.0.0 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method,... |
| CVE-2022-41254 | 2022-09-21 | Missing permission checks in Jenkins CONS3RT Plugin 1.0.0 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method,... |
| CVE-2022-41255 | 2022-09-21 | Jenkins CONS3RT Plugin 1.0.0 and earlier stores Cons3rt API token unencrypted in job config.xml files on the Jenkins controller where it can be viewed by users with access to the... |
| CVE-2022-40616 | 2022-09-21 | IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, and 7.6.1.3 could allow a user to bypass authentication and obtain sensitive information or perform tasks they should not have access to. IBM X-Force... |
| CVE-2022-37027 | 2022-09-21 | Ahsay AhsayCBS 9.1.4.0 allows an authenticated system user to inject arbitrary Java JVM options. Administrators that can modify the Runtime Options in the web interface can inject Java Runtime Options.... |
| CVE-2022-3251 | 2022-09-21 | Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in ikus060/minarca |
| CVE-2022-3250 | 2022-09-21 | Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in ikus060/rdiffweb |
| CVE-2022-40026 | 2022-09-21 | SourceCodester Simple Task Managing System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at board.php. |
| CVE-2022-40027 | 2022-09-21 | SourceCodester Simple Task Managing System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component newTask.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML... |
| CVE-2022-40028 | 2022-09-21 | SourceCodester Simple Task Managing System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component newProjectValidation.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML... |
| CVE-2022-40029 | 2022-09-21 | SourceCodester Simple Task Managing System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component newProjectValidation.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML... |
| CVE-2022-40030 | 2022-09-21 | SourceCodester Simple Task Managing System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at changeStatus.php. |
| CVE-2022-31679 | 2022-09-21 | Applications that allow HTTP PATCH access to resources exposed by Spring Data REST in versions 3.6.0 - 3.5.5, 3.7.0 - 3.7.2, and older unsupported versions, if an attacker knows about... |
| CVE-2022-30577 | 2022-09-21 | TIBCO EBX Stored XSS vulnerability |
| CVE-2022-30578 | 2022-09-21 | TIBCO EBX Add-ons Stored XSS vulnerability |
| CVE-2022-35621 | 2022-09-21 | Access control vulnerability in Evoh NFT EvohClaimable contract with sha256 hash code fa2084d5abca91a62ed1d2f1cad3ec318e6a9a2d7f1510a00d898737b05f48ae allows remote attackers to execute fraudulent NFT transfers. |
| CVE-2022-29799 | 2022-09-21 | A vulnerability was found in networkd-dispatcher. This flaw exists because no functions are sanitized by the OperationalState or the AdministrativeState of networkd-dispatcher. This attack leads to a directory traversal to... |
| CVE-2022-29800 | 2022-09-21 | A time-of-check-time-of-use (TOCTOU) race condition vulnerability was found in networkd-dispatcher. This flaw exists because there is a certain time between the scripts being discovered and them being run. An attacker... |
| CVE-2022-23948 | 2022-09-21 | A flaw was found in Keylime before 6.3.0. The logic in the Keylime agent for checking for a secure mount can be fooled by previously created unprivileged mounts allowing secrets... |
| CVE-2021-43310 | 2022-09-21 | A vulnerability in Keylime before 6.3.0 allows an attacker to craft a request to the agent that resets the U and V keys as if the agent were being re-added... |
| CVE-2022-23949 | 2022-09-21 | In Keylime before 6.3.0, unsanitized UUIDs can be passed by a rogue agent and can lead to log spoofing on the verifier and registrar. |
| CVE-2022-23950 | 2022-09-21 | In Keylime before 6.3.0, Revocation Notifier uses a fixed /tmp path for UNIX domain socket which can allow unprivileged users a method to prohibit keylime operations. |
| CVE-2022-23951 | 2022-09-21 | In Keylime before 6.3.0, quote responses from the agent can contain possibly untrusted ZIP data which can lead to zip bombs. |
| CVE-2022-23952 | 2022-09-21 | In Keylime before 6.3.0, current keylime installer installs the keylime.conf file, which can contain sensitive data, as world-readable. |
| CVE-2022-3252 | 2022-09-21 | Improper detection of complete HTTP body decompression SwiftNIO Extras provides a pair of helpers for transparently decompressing received HTTP request or response bodies. These two objects (HTTPRequestDecompressor and HTTPResponseDecompressor) both... |
| CVE-2022-40219 | 2022-09-21 | WordPress FavIcon Switcher plugin <= 1.2.11 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-36386 | 2022-09-21 | WordPress Import any XML or CSV File to WordPress plugin <= 3.6.7 - Authenticated Arbitrary Code Execution vulnerability |
| CVE-2022-36390 | 2022-09-21 | WordPress Event Calendar – Calendar plugin <= 1.4.6 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-36383 | 2022-09-21 | WordPress Word Search Puzzles game plugin <= 2.0.1 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities |
| CVE-2022-36365 | 2022-09-21 | WordPress WHA Crossword plugin <= 1.1.10 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities |
| CVE-2022-38073 | 2022-09-21 | WordPress Awesome Support plugin <= 6.0.7 - Multiple Authenticated Persistent XSS (Additional Interested Parties) |
| CVE-2022-40217 | 2022-09-21 | WordPress WPide plugin <= 2.6 - Authenticated Arbitrary File Edit/Upload vulnerability |
| CVE-2022-3233 | 2022-09-21 | Cross-Site Request Forgery (CSRF) in ikus060/rdiffweb |
| CVE-2022-28802 | 2022-09-21 | Code by Zapier before 2022-08-17 allowed intra-account privilege escalation that included execution of Python or JavaScript code. In other words, Code by Zapier was providing a customer-controlled general-purpose virtual machine... |
| CVE-2022-35895 | 2022-09-21 | An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. The FwBlockSericceSmm driver does not properly validate input parameters for a software SMI routine, leading to memory corruption... |
| CVE-2022-39224 | 2022-09-21 | Arbitrary shell execution when extracting or listing files contained in a malicious rpm. |
| CVE-2022-28979 | 2022-09-21 | Liferay Portal v7.1.0 through v7.4.2 and Liferay DXP 7.1 before fix pack 26, 7.2 before fix pack 15, and 7.3 before service pack 3 was discovered to contain a cross-site... |
| CVE-2022-35896 | 2022-09-21 | An issue SMM memory leak vulnerability in SMM driver (SMRAM was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An attacker can dump SMRAM contents via the software SMI... |
| CVE-2022-39975 | 2022-09-21 | The Layout module in Liferay Portal v7.3.3 through v7.4.3.34, and Liferay DXP 7.3 before update 10, and 7.4 before update 35 does not check user permission before showing the preview... |
| CVE-2022-28978 | 2022-09-21 | Stored cross-site scripting (XSS) vulnerability in the Site module's user membership administration page in Liferay Portal 7.0.1 through 7.4.1, and Liferay DXP 7.0 before fix pack 102, 7.1 before fix... |
| CVE-2022-28982 | 2022-09-21 | A cross-site scripting (XSS) vulnerability in Liferay Portal v7.3.3 through v7.4.2 and Liferay DXP v7.3 before service pack 3 allows attackers to execute arbitrary web scripts or HTML via a... |
| CVE-2022-1941 | 2022-09-22 | Out of Memory issue in ProtocolBuffers for cpp and python |
| CVE-2022-3256 | 2022-09-22 | Use After Free in vim/vim |
| CVE-2022-36062 | 2022-09-22 | Grafana folders admin only permission privilege escalation |
| CVE-2022-38398 | 2022-09-22 | Server-Side Request Forgery Information Disclosure Vulnerability |
| CVE-2022-38648 | 2022-09-22 | PDFTranscoder does not block external resources |
| CVE-2022-40146 | 2022-09-22 | Jar url should be blocked by DefaultScriptSecurity |
| CVE-2022-40186 | 2022-09-22 | An issue was discovered in HashiCorp Vault and Vault Enterprise before 1.11.3. A vulnerability in the Identity Engine was found where, in a deployment where an entity has multiple mount... |
| CVE-2022-28977 | 2022-09-22 | HtmlUtil.escapeRedirect in Liferay Portal 7.3.1 through 7.4.2, and Liferay DXP 7.0 fix pack 91 through 101, 7.1 fix pack 17 through 25, 7.2 fix pack 5 through 14, and 7.3... |
| CVE-2022-28981 | 2022-09-22 | Path traversal vulnerability in the Hypermedia REST APIs module in Liferay Portal 7.4.0 through 7.4.2 allows remote attackers to access files outside of com.liferay.headless.discovery.web/META-INF/resources via the `parameter` parameter. |
| CVE-2022-28980 | 2022-09-22 | Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal v7.4.3.4 and Liferay DXP v7.4 GA allows attackers to execute arbitrary web scripts or HTML via parameters with the filter_ prefix. |
| CVE-2022-38512 | 2022-09-22 | The Translation module in Liferay Portal v7.4.3.12 through v7.4.3.36, and Liferay DXP 7.4 update 8 through 36 does not check permissions before allowing a user to export a web content... |
| CVE-2022-39197 | 2022-09-22 | An XSS (Cross Site Scripting) vulnerability was found in HelpSystems Cobalt Strike through 4.7 that allowed a remote attacker to execute HTML on the Cobalt Strike teamserver. To exploit the... |
| CVE-2022-40705 | 2022-09-22 | Apache SOAP: XML External Entity Injection (XXE) allows unauthenticated users to read arbitrary files via HTTP |
| CVE-2022-2266 | 2022-09-22 | Reflected XSS University Library Automation System |
| CVE-2022-3268 | 2022-09-22 | Weak Password Requirements in ikus060/minarca |
| CVE-2022-3267 | 2022-09-22 | Cross-Site Request Forgery (CSRF) in ikus060/rdiffweb |
| CVE-2022-40443 | 2022-09-22 | An absolute path traversal vulnerability in ZZCMS 2022 allows attackers to obtain sensitive information via a crafted GET request sent to /one/siteinfo.php. |
| CVE-2022-40444 | 2022-09-22 | ZZCMS 2022 was discovered to contain a full path disclosure vulnerability via the page /admin/index.PHP? _server. |
| CVE-2022-40446 | 2022-09-22 | ZZCMS 2022 was discovered to contain a SQL injection vulnerability via the component /admin/sendmailto.php?tomail=&groupid=. |
| CVE-2022-40447 | 2022-09-22 | ZZCMS 2022 was discovered to contain a SQL injection vulnerability via the keyword parameter at /admin/baojia_list.php. |
| CVE-2022-35408 | 2022-09-22 | An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM callout vulnerability in the SMM driver in UsbLegacyControlSmm leads to possible arbitrary code execution in SMM... |
| CVE-2022-40932 | 2022-09-22 | In Zoo Management System v1.0, there is an arbitrary file upload vulnerability in the picture upload point of the "gallery" file of the "Gallery" module in the background management system. |
| CVE-2022-40933 | 2022-09-22 | Online Pet Shop We App v1.0 by oretnom23 is vulnerable to SQL injection via /pet_shop/classes/Master.php?f=delete_order,id. |
| CVE-2022-40934 | 2022-09-22 | Online Pet Shop We App v1.0 is vulnerable to SQL injection via /pet_shop/classes/Master.php?f=delete_sub_category,id |
| CVE-2022-40935 | 2022-09-22 | Online Pet Shop We App v1.0 is vulnerable to SQL Injection via /pet_shop/classes/Master.php?f=delete_category,id. |
| CVE-2021-39190 | 2022-09-22 | SCCM plugin for GLPI vulnerable to Exposure of Sensitive Information to an Unauthorized Actor |
| CVE-2022-35021 | 2022-09-22 | OTFCC commit 617837b was discovered to contain a global buffer overflow via /release-x64/otfccdump+0x718693. |
| CVE-2022-35022 | 2022-09-22 | OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x6badae. |
| CVE-2022-35023 | 2022-09-22 | OTFCC commit 617837b was discovered to contain a segmentation violation via /lib/x86_64-linux-gnu/libc.so.6+0xbb384. |
| CVE-2022-35024 | 2022-09-22 | OTFCC commit 617837b was discovered to contain a segmentation violation via /multiarch/memmove-vec-unaligned-erms.S. |
| CVE-2022-35025 | 2022-09-22 | OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x5266a8. |
| CVE-2022-35026 | 2022-09-22 | OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x4fbc0b. |
| CVE-2022-35027 | 2022-09-22 | OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x4fe9a7. |
| CVE-2022-35028 | 2022-09-22 | OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x4fbbb6. |
| CVE-2022-35029 | 2022-09-22 | OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x6babea. |