Lista CVE - 2022 / Settembre
Visualizzazione 1901 - 2000 di 2148 CVE per Settembre 2022 (Pagina 20 di 22)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2022-2860 | 2022-09-26 | Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to bypass cookie prefix restrictions via a crafted HTML page. |
| CVE-2022-2861 | 2022-09-26 | Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.101 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts into WebUI via... |
| CVE-2022-2998 | 2022-09-26 | Use after free in Browser Creation in Google Chrome prior to 104.0.5112.101 allowed a remote attacker who had convinced a user to engage in a specific UI interaction to potentially... |
| CVE-2022-3038 | 2022-09-26 | Use after free in Network Service in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2022-3039 | 2022-09-26 | Use after free in WebSQL in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2022-3040 | 2022-09-26 | Use after free in Layout in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2022-3041 | 2022-09-26 | Use after free in WebSQL in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2022-3042 | 2022-09-26 | Use after free in PhoneHub in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2022-3043 | 2022-09-26 | Heap buffer overflow in Screen Capture in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to... |
| CVE-2022-3044 | 2022-09-26 | Inappropriate implementation in Site Isolation in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. |
| CVE-2022-3045 | 2022-09-26 | Insufficient validation of untrusted input in V8 in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2022-3046 | 2022-09-26 | Use after free in Browser Tag in Google Chrome prior to 105.0.5195.52 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via... |
| CVE-2022-3047 | 2022-09-26 | Insufficient policy enforcement in Extensions API in Google Chrome prior to 105.0.5195.52 allowed an attacker who convinced a user to install a malicious extension to bypass downloads policy via a... |
| CVE-2022-3048 | 2022-09-26 | Inappropriate implementation in Chrome OS lockscreen in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a local attacker to bypass lockscreen navigation restrictions via physical access to the device. |
| CVE-2022-3049 | 2022-09-26 | Use after free in SplitScreen in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to... |
| CVE-2022-3050 | 2022-09-26 | Heap buffer overflow in WebUI in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially... |
| CVE-2022-3051 | 2022-09-26 | Heap buffer overflow in Exosphere in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to... |
| CVE-2022-3052 | 2022-09-26 | Heap buffer overflow in Window Manager in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions... |
| CVE-2022-3053 | 2022-09-26 | Inappropriate implementation in Pointer Lock in Google Chrome on Mac prior to 105.0.5195.52 allowed a remote attacker to restrict user navigation via a crafted HTML page. |
| CVE-2022-3054 | 2022-09-26 | Insufficient policy enforcement in DevTools in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2022-3055 | 2022-09-26 | Use after free in Passwords in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption... |
| CVE-2022-3056 | 2022-09-26 | Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to bypass content security policy via a crafted HTML page. |
| CVE-2022-3057 | 2022-09-26 | Inappropriate implementation in iframe Sandbox in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |
| CVE-2022-3058 | 2022-09-26 | Use after free in Sign-In Flow in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap... |
| CVE-2022-3071 | 2022-09-26 | Use after free in Tab Strip in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions... |
| CVE-2022-3075 | 2022-09-26 | Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted... |
| CVE-2021-28052 | 2022-09-26 | Hitachi Content Platform Information Disclosure Vulnerability |
| CVE-2022-40043 | 2022-09-26 | Centreon v20.10.18 was discovered to contain a SQL injection vulnerability via the esc_name (Escalation Name) parameter at Configuration/Notifications/Escalations. |
| CVE-2022-40044 | 2022-09-26 | Centreon v20.10.18 was discovered to contain a cross-site scripting (XSS) vulnerability via the esc_name (Escalation Name) parameter at Configuration/Notifications/Escalations. This vulnerability allows attackers to execute arbitrary web scripts or HTML... |
| CVE-2022-22058 | 2022-09-26 | Memory corruption due to use after free issue in kernel while processing ION handles in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial... |
| CVE-2022-3272 | 2022-09-26 | Improper Handling of Length Parameter Inconsistency in ikus060/rdiffweb |
| CVE-2022-30003 | 2022-09-26 | Sourcecodester Online Market Place Site 1.0 is vulnerable to Cross Site Scripting (XSS), allowing attackers to register as a Seller then create new products containing XSS payloads in the 'Product... |
| CVE-2022-3290 | 2022-09-26 | Improper Handling of Length Parameter Inconsistency in ikus060/rdiffweb |
| CVE-2022-40050 | 2022-09-26 | ZFile v4.1.1 was discovered to contain an arbitrary file upload vulnerability via the component /file/upload/1. |
| CVE-2022-30004 | 2022-09-26 | Sourcecodester Online Market Place Site v1.0 suffers from an unauthenticated blind SQL Injection Vulnerability allowing remote attackers to dump the SQL database via time-based SQL injection.. |
| CVE-2022-40097 | 2022-09-26 | Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/update_currency.php. |
| CVE-2022-40098 | 2022-09-26 | Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/update_expense.php. |
| CVE-2022-40099 | 2022-09-26 | Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/update_expense_category.php. |
| CVE-2022-3298 | 2022-09-26 | Allocation of Resources Without Limits or Throttling in ikus060/rdiffweb |
| CVE-2022-3303 | 2022-09-27 | A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A... |
| CVE-2022-3324 | 2022-09-27 | Stack-based Buffer Overflow in vim/vim |
| CVE-2022-34326 | 2022-09-27 | In ambiot amb1_sdk (aka SDK for Ameba1) before 2022-06-20 on Realtek RTL8195AM devices before 284241d70308ff2519e40afd7b284ba892c730a3, the timer task and RX task would be locked when there are frequent and continuous... |
| CVE-2022-41570 | 2022-09-27 | An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Unauthenticated SQL injection can occur. |
| CVE-2022-41571 | 2022-09-27 | An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Local file inclusion can occur. |
| CVE-2022-37346 | 2022-09-27 | EC-CUBE plugin 'Product Image Bulk Upload Plugin' 1.0.0 and 4.1.0 contains an insufficient verification vulnerability when uploading files. Exploiting this vulnerability allows a remote unauthenticated attacker to upload arbitrary files... |
| CVE-2022-38975 | 2022-09-27 | DOM-based cross-site scripting vulnerability in EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.1.2) allows a remote attacker to inject an arbitrary script by having an administrative user of the product to... |
| CVE-2022-40199 | 2022-09-27 | Directory traversal vulnerability in EC-CUBE 3 series (EC-CUBE 3.0.0 to 3.0.18-p4 ) and EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.1.2) allows a remote authenticated attacker with an administrative privilege to... |
| CVE-2022-41604 | 2022-09-27 | Check Point ZoneAlarm Extreme Security before 15.8.211.19229 allows local users to escalate privileges. This occurs because of weak permissions for the %PROGRAMDATA%\CheckPoint\ZoneAlarm\Data\Updates directory, and a self-protection driver bypass that allows... |
| CVE-2022-37193 | 2022-09-27 | Chipolo ONE Bluetooth tracker (2020) Chipolo iOS app version 4.13.0 is vulnerable to Incorrect Access Control. Chipolo devices suffer from access revocation evasion attacks once the malicious sharee obtains the... |
| CVE-2022-31367 | 2022-09-27 | Strapi before 3.6.10 and 4.x before 4.1.10 mishandles hidden attributes within admin API responses. |
| CVE-2022-37209 | 2022-09-27 | JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting... |
| CVE-2022-40352 | 2022-09-27 | Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/update_traveller.php. |
| CVE-2022-40353 | 2022-09-27 | Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/up_booking.php. |
| CVE-2022-40354 | 2022-09-27 | Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/update_booking.php. |
| CVE-2022-3323 | 2022-09-27 | An SQL injection vulnerability in Advantech iView 5.7.04.6469. The specific flaw exists within the ConfigurationServlet endpoint, which listens on TCP port 8080 by default. An unauthenticated remote attacker can craft... |
| CVE-2022-23006 | 2022-09-27 | Buffer Overflow Vulnerability in Western Digital My Cloud Home Products and SanDisk ibi |
| CVE-2022-39256 | 2022-09-27 | Orckestra C1 CMS's deserialization of untrusted data allows for arbitrary code execution. |
| CVE-2022-39258 | 2022-09-27 | mailcow-dockerized critical information misrepresentation can lead to phishing attacks through Swagger UI |
| CVE-2022-40817 | 2022-09-27 | Zammad 5.2.1 has a fine-grained permission model that allows to configure read-only access to tickets. However, agents were still wrongly able to perform some operations on such tickets, like adding... |
| CVE-2022-40816 | 2022-09-27 | Zammad 5.2.1 is vulnerable to Incorrect Access Control. Zammad's asset handling mechanism has logic to ensure that customer users are not able to see personal information of other users. This... |
| CVE-2022-40878 | 2022-09-27 | In Exam Reviewer Management System 1.0, an authenticated attacker can upload a web-shell php file in profile page to achieve Remote Code Execution (RCE). |
| CVE-2022-40877 | 2022-09-27 | Exam Reviewer Management System 1.0 is vulnerable to SQL Injection via the ‘id’ parameter. |
| CVE-2022-38335 | 2022-09-27 | Vtiger CRM v7.4.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the e-mail template modules. |
| CVE-2022-37028 | 2022-09-27 | ISAMS 22.2.3.2 is prone to stored Cross-site Scripting (XSS) attack on the title field for groups, allowing an attacker to store a JavaScript payload that will be executed when another... |
| CVE-2022-38932 | 2022-09-27 | readelf in ToaruOS 2.0.1 has a global overflow allowing RCE when parsing a crafted ELF file. |
| CVE-2021-27853 | 2022-09-27 | L2 network filtering can be bypassed using stacked VLAN0 and LLC/SNAP headers |
| CVE-2022-39835 | 2022-09-27 | An issue was discovered in Gajim through 1.4.7. The vulnerability allows attackers, via crafted XML stanzas, to correct messages that were not sent by them. The attacker needs to be... |
| CVE-2021-27854 | 2022-09-27 | L2 network filtering bypass using stacked VLAN0, LLC/SNAP headers, and Ethernet to Wifi frame translation |
| CVE-2021-27861 | 2022-09-27 | L2 network filtering bypass using stacked VLAN0 and LLC/SNAP headers with invalid lengths |
| CVE-2021-27862 | 2022-09-27 | L2 network filtering bypass using stacked VLAN0 and LLC/SNAP headers with an invalid length during Ethernet to Wifi frame translation |
| CVE-2021-41433 | 2022-09-27 | SQL Injection vulnerability exists in version 1.0 of the Resumes Management and Job Application Website application login form by EGavilan Media that allows authentication bypass through login.php. |
| CVE-2022-40497 | 2022-09-27 | Wazuh v3.6.1 - v3.13.5, v4.0.0 - v4.2.7, and v4.3.0 - v4.3.7 were discovered to contain an authenticated remote code execution (RCE) vulnerability via the Active Response endpoint. |
| CVE-2021-43980 | 2022-09-28 | Apache Tomcat: Information disclosure |
| CVE-2022-1270 | 2022-09-28 | In GraphicsMagick, a heap buffer overflow was found when parsing MIFF. |
| CVE-2022-2760 | 2022-09-28 | In affected versions of Octopus Deploy it is possible to reveal the Space ID of spaces that the user does not have access to view in an error message when... |
| CVE-2022-28813 | 2022-09-28 | SQL-injection in Car Park Server 3.0 allows for full database access. |
| CVE-2022-39236 | 2022-09-28 | Matrix Javascript SDK improper beacon events can cause availability issues |
| CVE-2022-39249 | 2022-09-28 | Matrix Javascript SDK vulnerable to impersonation via forwarded Megolm sessions |
| CVE-2022-39251 | 2022-09-28 | Matrix Javascript SDK vulnerable to Olm/Megolm protocol confusion |
| CVE-2022-39261 | 2022-09-28 | Twig may load a template outside a configured directory when using the filesystem loader |
| CVE-2022-39264 | 2022-09-28 | nheko vulnerable to secret poisoning using MITM on secret requests by the homeserver |
| CVE-2022-40929 | 2022-09-28 | XXL-JOB 2.2.0 has a Command execution vulnerability in background tasks. NOTE: this is disputed because the issues/4929 report is about an intended and supported use case (running arbitrary Bash scripts... |
| CVE-2022-38699 | 2022-09-28 | ASUS Armoury Crate Service - Arbitrary File Creation via Elevation of Privilege Flaw |
| CVE-2022-39029 | 2022-09-28 | Smart eVision - Exposure of Sensitive Information to an Unauthorized Actor -1 |
| CVE-2022-39030 | 2022-09-28 | Smart eVision - Exposure of Sensitive Information to an Unauthorized Actor -2 |
| CVE-2022-39031 | 2022-09-28 | Smart eVision - Exposure of Sensitive Information to an Unauthorized Actor -3 |
| CVE-2022-39032 | 2022-09-28 | Smart eVision - Improper Privilege Management |
| CVE-2022-39033 | 2022-09-28 | Smart eVision - Path Traversal -1 |
| CVE-2022-39034 | 2022-09-28 | Smart eVision - Path Traversal -2 |
| CVE-2022-39035 | 2022-09-28 | Smart eVision - Stored XSS |
| CVE-2022-39053 | 2022-09-28 | HEIMAVISTA INC. Rpage - Reflected XSS |
| CVE-2022-39054 | 2022-09-28 | COWELL INFORMATION SYSTEM CO., LTD. enterprise travel management system - Reflected XSS |
| CVE-2022-3332 | 2022-09-28 | SourceCodester Food Ordering Management System POST Parameter router.php sql injection |
| CVE-2022-3333 | 2022-09-28 | Zephyr Project Manager REST Call cross site scripting |
| CVE-2022-3348 | 2022-09-28 | Exposure of Sensitive Information to an Unauthorized Actor in tooljet/tooljet |
| CVE-2022-32168 | 2022-09-28 | notepad-plus-plus - DLL Hijacking |
| CVE-2022-32166 | 2022-09-28 | ovs - buffer over-read |
| CVE-2022-32170 | 2022-09-28 | bytebase - Improper Authorization |
| CVE-2022-32169 | 2022-09-28 | bytebase - Improper Authorization |
| CVE-2022-30935 | 2022-09-28 | An authorization bypass in b2evolution allows remote, unauthenticated attackers to predict password reset tokens for any user through the use of a bad randomness function. This allows the attacker to... |