Lista CVE - 2022 / Settembre
Visualizzazione 1301 - 1400 di 2148 CVE per Settembre 2022 (Pagina 14 di 22)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2022-40431 | 2022-09-19 | The d8s-pdfs for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0. |
| CVE-2022-40812 | 2022-09-19 | The d8s-pdfs for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0. |
| CVE-2022-40425 | 2022-09-19 | The d8s-html for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0. |
| CVE-2022-29908 | 2022-09-19 | The folioupdate service in Fabasoft Cloud Enterprise Client 22.4.0043 allows Local Privilege Escalation. |
| CVE-2022-40426 | 2022-09-19 | The d8s-asns for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0. |
| CVE-2022-40428 | 2022-09-19 | The d8s-mpeg for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0. |
| CVE-2022-40430 | 2022-09-19 | The d8s-utility for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0. |
| CVE-2022-38618 | 2022-09-19 | SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the UserForm:j_id88, UserForm:j_id90, and UserForm:j_id92 parameters at /SVFE2/pages/feegroups/country_group.jsf. |
| CVE-2022-40432 | 2022-09-19 | The d8s-strings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0. |
| CVE-2022-37203 | 2022-09-19 | JFinal CMS 5.1.0 is vulnerable to SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting... |
| CVE-2022-38881 | 2022-09-19 | The d8s-archives for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0. |
| CVE-2022-38882 | 2022-09-19 | The d8s-json for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0. |
| CVE-2022-38883 | 2022-09-19 | The d8s-math for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0. |
| CVE-2022-38884 | 2022-09-19 | The d8s-grammars for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0. |
| CVE-2022-38885 | 2022-09-19 | The d8s-netstrings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0. |
| CVE-2022-38886 | 2022-09-19 | The d8s-xml for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0. |
| CVE-2022-38887 | 2022-09-19 | The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The democritus-strings package. The affected version is 0.1.0. |
| CVE-2022-38577 | 2022-09-19 | ProcessMaker before v3.5.4 was discovered to contain insecure permissions in the user profile page. This vulnerability allows attackers to escalate normal users to Administrators. |
| CVE-2022-35701 | 2022-09-19 | Adobe Bridge SVG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2022-35699 | 2022-09-19 | Adobe Bridge Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2022-35705 | 2022-09-19 | Adobe Bridge MP4 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| CVE-2022-35703 | 2022-09-19 | Adobe Bridge SVG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| CVE-2022-35707 | 2022-09-19 | Adobe Bridge SGI File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| CVE-2022-35702 | 2022-09-19 | Adobe Bridge SVG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| CVE-2022-35700 | 2022-09-19 | Adobe Bridge SVG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2022-35704 | 2022-09-19 | Adobe Bridge SVG File Parsing Use-After-Free Remote Code Execution Vulnerability |
| CVE-2022-35709 | 2022-09-19 | Adobe Bridge DCM File Parsing Use-After-Free Information Disclosure Vulnerability |
| CVE-2022-35706 | 2022-09-19 | Adobe Bridge SVG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2022-35708 | 2022-09-19 | Adobe Bridge SGI File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2022-38425 | 2022-09-19 | Adobe Bridge DCM File Parsing Use-After-Free Information Disclosure Vulnerability |
| CVE-2022-40712 | 2022-09-19 | An issue was discovered in NOKIA 1350OMS R14.2. Reflected XSS exists under different /cgi-bin/R14.2* endpoints. |
| CVE-2022-40713 | 2022-09-19 | An issue was discovered in NOKIA 1350OMS R14.2. Multiple Relative Path Traversal issues exist in different specific endpoints via the file parameter, allowing a remote authenticated attacker to read files... |
| CVE-2022-40714 | 2022-09-19 | An issue was discovered in NOKIA 1350OMS R14.2. Reflected XSS exists under different /oms1350/* endpoints. |
| CVE-2022-40715 | 2022-09-19 | An issue was discovered in NOKIA 1350OMS R14.2. An Absolute Path Traversal vulnerability exists for a specific endpoint via the logfile parameter, allowing a remote authenticated attacker to read files... |
| CVE-2022-37700 | 2022-09-19 | Zentao Demo15 is vulnerable to Directory Traversal. The impact is: obtain sensitive information (remote). The component is: URL : view-source:https://demo15.zentao.pm/user-login.html/zentao/index.php?mode=getconfig. |
| CVE-2022-40978 | 2022-09-19 | The installer of JetBrains IntelliJ IDEA before 2022.2.2 was vulnerable to EXE search order hijacking |
| CVE-2022-38333 | 2022-09-19 | Openwrt before v21.02.3 and Openwrt v22.03.0-rc6 were discovered to contain two skip loops in the function header_value(). This vulnerability allows attackers to access sensitive information via a crafted HTTP request. |
| CVE-2022-3218 | 2022-09-19 | Necta WiFi Mouse (Mouse Server) client-side authentication bypass |
| CVE-2022-40234 | 2022-09-19 | Versions of IBM Spectrum Protect Plus prior to 10.1.12 (excluding 10.1.12) include the private key information for a certificate inside the generated .crt file when uploading a TLS certificate to... |
| CVE-2022-40608 | 2022-09-19 | IBM Spectrum Protect Plus 10.1.6 through 10.1.11 Microsoft File Systems restore operation can download any file on the target machine by manipulating the URL with a directory traversal attack. This... |
| CVE-2022-3213 | 2022-09-19 | A heap buffer overflow issue was found in ImageMagick. When an application processes a malformed TIFF file, it could lead to undefined behavior or a crash causing a denial of... |
| CVE-2022-34893 | 2022-09-19 | Trend Micro Security 2022 (consumer) has a link following vulnerability where an attacker with lower privileges could manipulate a mountpoint which could lead to escalation of privilege on an affected... |
| CVE-2022-37347 | 2022-09-19 | Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure Vulnerability that could allow an attacker to read sensitive information from other memory locations and... |
| CVE-2022-37348 | 2022-09-19 | Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure Vulnerability that could allow an attacker to read sensitive information from other memory locations and... |
| CVE-2022-38764 | 2022-09-19 | A vulnerability on Trend Micro HouseCall version 1.62.1.1133 and below could allow a local attacker to escalate privlieges due to an overly permissive folder om the product installer. |
| CVE-2022-40139 | 2022-09-19 | Improper validation of some components used by the rollback mechanism in Trend Micro Apex One and Trend Micro Apex One as a Service clients could allow a Apex One server... |
| CVE-2022-40140 | 2022-09-19 | An origin validation error vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to cause a denial-of-service on affected installations. Please note:... |
| CVE-2022-40141 | 2022-09-19 | A vulnerability in Trend Micro Apex One and Apex One as a Service could allow an attacker to intercept and decode certain communication strings that may contain some identification attributes... |
| CVE-2022-40142 | 2022-09-19 | A security link following local privilege escalation vulnerability in Trend Micro Apex One and Trend Micro Apex One as a Service agents could allow a local attacker to create a... |
| CVE-2022-40143 | 2022-09-19 | A link following local privilege escalation vulnerability in Trend Micro Apex One and Trend Micro Apex One as a Service servers could allow a local attacker to abuse an insecure... |
| CVE-2022-40980 | 2022-09-19 | A potential unathenticated file deletion vulnerabilty on Trend Micro Mobile Security for Enterprise 9.8 SP5 could allow an attacker with access to the Management Server to delete files. This issue... |
| CVE-2022-38576 | 2022-09-19 | Interview Management System v1.0 was discovered to contain a SQL injection vulnerability via the component /interview/delete.php?action=deletecand&id=. |
| CVE-2022-29835 | 2022-09-19 | WD Discovery's Use of Weak Hashing Algorithm for Code Signing |
| CVE-2022-23768 | 2022-09-19 | Neo Information Sys. NIS-HAP11AC remote access and manipulation vulnerability |
| CVE-2022-23767 | 2022-09-19 | SecureGate authentication bypass vulnerability |
| CVE-2022-23766 | 2022-09-19 | BigFileAgent arbitrary file execution vulnerability |
| CVE-2022-2995 | 2022-09-19 | Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affected... |
| CVE-2022-38351 | 2022-09-19 | A vulnerability in Suprema BioStar (aka Bio Star) 2 v2.8.16 allows attackers to escalate privileges to System Administrator via a crafted PUT request to the update profile page. |
| CVE-2022-28204 | 2022-09-19 | A denial-of-service issue was discovered in MediaWiki 1.37.x before 1.37.2. Rendering of w/index.php?title=Special%3AWhatLinksHere&target=Property%3AP31&namespace=1&invert=1 can take more than thirty seconds. There is a DDoS risk. |
| CVE-2022-38509 | 2022-09-19 | Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the booking_id parameter at /admin/budget.php. |
| CVE-2022-28321 | 2022-09-19 | The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for SSH logins. The pam_access.so module doesn't correctly restrict login if a user tries to connect from an IP... |
| CVE-2022-0143 | 2022-09-19 | LDAP Connector: When startTLS is used then LDAP connector ignores the wrong password |
| CVE-2022-38527 | 2022-09-19 | UCMS v1.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Import function under the Site Management page. |
| CVE-2022-35060 | 2022-09-19 | OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6c0a32. |
| CVE-2022-35061 | 2022-09-19 | OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e412a. |
| CVE-2022-35062 | 2022-09-19 | OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6c0bc3. |
| CVE-2022-35063 | 2022-09-19 | OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e41a8. |
| CVE-2022-35064 | 2022-09-19 | OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x4adcdb in __asan_memset. |
| CVE-2022-35065 | 2022-09-19 | OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x65f724. |
| CVE-2022-35066 | 2022-09-19 | OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e41b8. |
| CVE-2022-35067 | 2022-09-19 | OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e41b0. |
| CVE-2022-35068 | 2022-09-19 | OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e420d. |
| CVE-2022-35069 | 2022-09-19 | OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b544e. |
| CVE-2022-35070 | 2022-09-19 | OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x65fc97. |
| CVE-2022-38532 | 2022-09-19 | Micro-Star International Co., Ltd MSI Center 1.0.50.0 was discovered to contain a vulnerability in the component C_Features of MSI.CentralServer.exe. This vulnerability allows attackers to escalate privileges via running a crafted... |
| CVE-2022-38545 | 2022-09-19 | Valine v1.4.18 was discovered to contain a remote code execution (RCE) vulnerability which allows attackers to execute arbitrary code via a crafted POST request. |
| CVE-2022-38550 | 2022-09-19 | A stored cross-site scripting (XSS) vulnerability in the /weibo/list component of Jeesns v2.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. |
| CVE-2022-32795 | 2022-09-20 | This issue was addressed with improved checks. This issue is fixed in iOS 16, iOS 15.7 and iPadOS 15.7. Visiting a malicious website may lead to address bar spoofing. |
| CVE-2022-32854 | 2022-09-20 | This issue was addressed with improved checks. This issue is fixed in iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An app may be able to bypass... |
| CVE-2022-32863 | 2022-09-20 | A memory corruption issue was addressed with improved state management. This issue is fixed in Safari 15.6, macOS Monterey 12.5. Processing maliciously crafted web content may lead to arbitrary code... |
| CVE-2022-32864 | 2022-09-20 | The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An app may... |
| CVE-2022-32868 | 2022-09-20 | A logic issue was addressed with improved state management. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. A website may be able to track... |
| CVE-2022-32872 | 2022-09-20 | A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16, iOS 15.7 and iPadOS 15.7. A person with physical access to an iOS device may... |
| CVE-2022-32912 | 2022-09-20 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. Processing maliciously crafted web content may lead... |
| CVE-2022-37972 | 2022-09-20 | Microsoft Endpoint Configuration Manager Spoofing Vulnerability |
| CVE-2022-32883 | 2022-09-20 | A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An app may... |
| CVE-2022-32886 | 2022-09-20 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. Processing maliciously crafted web content may... |
| CVE-2022-32908 | 2022-09-20 | A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. A... |
| CVE-2022-32911 | 2022-09-20 | The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An app may... |
| CVE-2022-32917 | 2022-09-20 | The issue was addressed with improved bounds checks. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An application may... |
| CVE-2022-35957 | 2022-09-20 | Authentication Bypass in Grafana via auth proxy allowing escalation from admin to server admin |
| CVE-2022-38340 | 2022-09-20 | Safe Software FME Server v2021.2.5, v2022.0.0.2 and below was discovered to contain a Path Traversal vulnerability via the component fmedataupload. |
| CVE-2022-39955 | 2022-09-20 | Partial rule set bypass in OWASP ModSecurity Core Rule Set by submitting a specially crafted HTTP Content-Type header |
| CVE-2022-39956 | 2022-09-20 | Partial rule set bypass in OWASP ModSecurity Core Rule Set for HTTP multipart requests using character encoding in the Content-Type or Content-Transfer-Encoding header |
| CVE-2022-39957 | 2022-09-20 | Response body bypass in OWASP ModSecurity Core Rule Set via a specialy crafted charset in the HTTP Accept header |
| CVE-2022-39958 | 2022-09-20 | Response body bypass in OWASP ModSecurity Core Rule Set via repeated HTTP Range header submission with a small byte range |
| CVE-2022-34746 | 2022-09-20 | An insufficient entropy vulnerability caused by the improper use of randomness sources with low entropy for RSA key pair generation was found in Zyxel GS1900 series firmware versions prior to... |
| CVE-2022-2924 | 2022-09-20 | Cross-site Scripting (XSS) - Stored in yetiforcecompany/yetiforcecrm |
| CVE-2022-3000 | 2022-09-20 | Cross-site Scripting (XSS) - Stored in yetiforcecompany/yetiforcecrm |
| CVE-2022-34917 | 2022-09-20 | Unauthenticated clients may cause OutOfMemoryError on Apache Kafka Brokers |