Lista CVE - 2022 / Settembre
Visualizzazione 1401 - 1500 di 2148 CVE per Settembre 2022 (Pagina 15 di 22)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2022-3004 | 2022-09-20 | Cross-site Scripting (XSS) - Stored in yetiforcecompany/yetiforcecrm |
| CVE-2022-3079 | 2022-09-20 | Festo: CPX-CEC-C1 and CMXX, Missing Authentication for Critical Webpage Function |
| CVE-2022-3242 | 2022-09-20 | HTML code Injection in template search keyword in microweber/microweber |
| CVE-2022-3005 | 2022-09-20 | Cross-site Scripting (XSS) - Stored in yetiforcecompany/yetiforcecrm |
| CVE-2022-2177 | 2022-09-20 | SQL Injection in Kayrasoft |
| CVE-2022-3245 | 2022-09-20 | Code Injection in display of tag title on saving tags in microweber/microweber |
| CVE-2022-40955 | 2022-09-20 | Deserialization attack in Apache InLong prior to version 1.3.0 allows RCE via JDBC |
| CVE-2021-33079 | 2022-09-20 | Protection mechanism failure in firmware for some Intel(R) SSD DC Products may allow a privileged user to potentially enable information disclosure via local access. |
| CVE-2021-33076 | 2022-09-20 | Improper authentication in firmware for some Intel(R) SSD DC Products may allow an unauthenticated user to potentially enable escalation of privilege via physical access. |
| CVE-2021-33081 | 2022-09-20 | Protection mechanism failure in firmware for some Intel(R) SSD DC Products may allow a privileged user to potentially enable information disclosure via local access. |
| CVE-2022-32167 | 2022-09-20 | Cloudreve - Stored XSS |
| CVE-2022-35196 | 2022-09-20 | TestLink v1.9.20 was discovered to contain a Cross-Site Request Forgery (CSRF) via /lib/plan/planView.php. |
| CVE-2022-38916 | 2022-09-20 | A file upload vulnerability exists in the storage feature of pagekit 1.0.18, which allows an attacker to upload malicious files |
| CVE-2022-37204 | 2022-09-20 | Final CMS 5.1.0 is vulnerable to SQL Injection. |
| CVE-2017-20147 | 2022-09-20 | In the ebuild package through smokeping-2.7.3-r1 for SmokePing on Gentoo, the initscript uses a PID file that is writable by the smokeping user. By writing arbitrary PIDs to that file,... |
| CVE-2022-41138 | 2022-09-20 | In Zutty before 0.13, DECRQSS in text written to the terminal can achieve arbitrary code execution. |
| CVE-2017-20148 | 2022-09-20 | In the ebuild package through logcheck-1.3.23.ebuild for Logcheck on Gentoo, it is possible to achieve root privilege escalation from the logcheck user because of insecure recursive chown calls. |
| CVE-2016-20015 | 2022-09-20 | In the ebuild package through smokeping-2.7.3-r1 for SmokePing on Gentoo, the initscript allows the smokeping user to gain ownership of any file, allowing for the smokeping user to gain root... |
| CVE-2022-39974 | 2022-09-20 | WASM3 v0.5.0 was discovered to contain a segmentation fault via the component op_Select_i32_srs in wasm3/source/m3_exec.h. |
| CVE-2022-37259 | 2022-09-20 | A Regular Expression Denial of Service (ReDoS) flaw was found in stealjs steal 2.2.4 via the string variable in babel.js. |
| CVE-2022-26873 | 2022-09-20 | The stack buffer overflow vulnerability in PlatformInitAdvancedPreMem leads to arbitrary code execution during PEI phase. |
| CVE-2022-40246 | 2022-09-20 | Arbitrary write vulnerability in SbPei module leads to arbitrary code execution during PEI phase. |
| CVE-2022-40250 | 2022-09-20 | Stack overflow vulnerability in SMI handler on SmmSmbiosElog. |
| CVE-2022-40261 | 2022-09-20 | SMM memory corruption vulnerability in OverClockSmiHandler SMM driver |
| CVE-2022-40262 | 2022-09-20 | The arbitrary write vulnerability in S3Resume2Pei leads to arbitrary code execution during PEI phase. |
| CVE-2022-37265 | 2022-09-20 | Prototype pollution vulnerability in stealjs steal 2.2.4 via the alias variable in babel.js. |
| CVE-2022-37205 | 2022-09-20 | JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting... |
| CVE-2022-38956 | 2022-09-20 | An exploitable firmware downgrade vulnerability was discovered on the Netgear WPN824EXT WiFi Range Extender. An attacker can conduct a MITM attack to replace the user-uploaded firmware image with an original... |
| CVE-2022-38955 | 2022-09-20 | An exploitable firmware modification vulnerability was discovered on the Netgear WPN824EXT WiFi Range Extender. An attacker can conduct a MITM attack to modify the user-uploaded firmware image and bypass the... |
| CVE-2022-30579 | 2022-09-20 | TIBCO Spotfire Server Blind SSRF vulnerability |
| CVE-2022-40008 | 2022-09-20 | SWFTools commit 772e55a was discovered to contain a heap-buffer overflow via the function readU8 at /lib/ttf.c. |
| CVE-2022-40009 | 2022-09-20 | SWFTools commit 772e55a was discovered to contain a heap-use-after-free via the function grow_unicode at /lib/ttf.c. |
| CVE-2020-36602 | 2022-09-20 | There is an out-of-bounds read and write vulnerability in some headset products. An unauthenticated attacker gets the device physically and crafts malformed message with specific parameter and sends the message... |
| CVE-2022-33735 | 2022-09-20 | There is a password verification vulnerability in WS7200-10 11.0.2.13. Attackers on the LAN may use brute force cracking to obtain passwords, which may cause sensitive system information to be disclosed. |
| CVE-2021-46834 | 2022-09-20 | A permission bypass vulnerability in Huawei cross device task management could allow an attacker to access certain resource in the attacked devices. Affected product versions include:JAD-AL50 versions 102.0.0.225(C00E220R3P4). |
| CVE-2022-37395 | 2022-09-20 | A Huawei device has an input verification vulnerability. Successful exploitation of this vulnerability may lead to DoS attacks.Affected product versions include:CV81-WDM FW versions 01.70.49.29.46. |
| CVE-2021-46835 | 2022-09-20 | There is a traffic hijacking vulnerability in WS7200-10 11.0.2.13. Successful exploitation of this vulnerability can cause packets to be hijacked by attackers. |
| CVE-2022-39218 | 2022-09-20 | Random number seed fixed during compilation |
| CVE-2022-37883 | 2022-09-20 | Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute... |
| CVE-2022-37882 | 2022-09-20 | Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute... |
| CVE-2022-37881 | 2022-09-20 | Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute... |
| CVE-2022-37884 | 2022-09-20 | A vulnerability exists in the ClearPass Policy Manager Guest User Interface that can allow an unauthenticated attacker to send specific operations which result in a Denial-of-Service condition. A successful exploitation... |
| CVE-2022-37879 | 2022-09-20 | Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute... |
| CVE-2022-37878 | 2022-09-20 | Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute... |
| CVE-2022-38931 | 2022-09-20 | A Server-Side Request Forgery (SSRF) in fetch_net_file_upload function of baijiacmsV4 v4.1.4 allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the url... |
| CVE-2022-37880 | 2022-09-20 | Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute... |
| CVE-2022-37877 | 2022-09-20 | A vulnerability in the ClearPass OnGuard macOS agent could allow malicious users on a macOS instance to elevate their user privileges. A successful exploit could allow these users to execute... |
| CVE-2022-40357 | 2022-09-20 | A security issue was discovered in Z-BlogPHP <= 1.7.2. A Server-Side Request Forgery (SSRF) vulnerability in the zb_users/plugin/UEditor/php/action_crawler.php file allows remote attackers to force the application to make arbitrary requests... |
| CVE-2022-28640 | 2022-09-20 | A potential local adjacent arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability was discovered in HPE Integrated Lights-Out 5 (iLO 5) in... |
| CVE-2022-23696 | 2022-09-20 | Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could... |
| CVE-2022-28638 | 2022-09-20 | An isolated local disclosure of information and potential isolated local arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability were discovered in HPE... |
| CVE-2022-28639 | 2022-09-20 | A remote potential adjacent denial of service (DoS) and potential adjacent arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability were discovered in... |
| CVE-2022-28637 | 2022-09-20 | A local Denial of Service (DoS) and local arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability were discovered in HPE Integrated Lights-Out... |
| CVE-2022-23694 | 2022-09-20 | Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could... |
| CVE-2022-23695 | 2022-09-20 | Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could... |
| CVE-2022-23693 | 2022-09-20 | Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could... |
| CVE-2022-23692 | 2022-09-20 | Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could... |
| CVE-2022-23685 | 2022-09-20 | A vulnerability in the ClearPass Policy Manager web-based management interface exists which exposes some endpoints to a lack of Cross-Site Request Forgery (CSRF) protection. This could allow a remote unauthenticated... |
| CVE-2022-32788 | 2022-09-20 | A buffer overflow was addressed with improved bounds checking. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. A remote user may... |
| CVE-2022-26696 | 2022-09-20 | This issue was addressed with improved environment sanitization. This issue is fixed in macOS Monterey 12.4. A sandboxed process may be able to circumvent sandbox restrictions. |
| CVE-2022-32861 | 2022-09-20 | A logic issue was addressed with improved state management. This issue is fixed in Safari 15.6, macOS Monterey 12.5. A user may be tracked through their IP address. |
| CVE-2022-32802 | 2022-09-20 | A logic issue was addressed with improved checks. This issue is fixed in iOS 15.6 and iPadOS 15.6, tvOS 15.6, macOS Monterey 12.5. Processing a maliciously crafted file may lead... |
| CVE-2022-32880 | 2022-09-20 | This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Monterey 12.5. An app may be able to access user-sensitive data. |
| CVE-2022-32882 | 2022-09-20 | This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. An app may be able to bypass Privacy preferences. |
| CVE-2022-39220 | 2022-09-20 | XSS Vulnerabilities in WebClient |
| CVE-2022-39221 | 2022-09-20 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') McWebserver Minecraft Mod |
| CVE-2022-35090 | 2022-09-20 | SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via __asan_memcpy at /asan/asan_interceptors_memintrinsics.cpp:. |
| CVE-2022-35089 | 2022-09-20 | SWFTools commit 772e55a2 was discovered to contain a heap-buffer-overflow via getTransparentColor at /home/bupt/Desktop/swftools/src/gif2swf. |
| CVE-2022-35088 | 2022-09-20 | SWFTools commit 772e55a2 was discovered to contain a heap buffer-overflow via getGifDelayTime at /home/bupt/Desktop/swftools/src/src/gif2swf.c. |
| CVE-2022-35087 | 2022-09-20 | SWFTools commit 772e55a2 was discovered to contain a segmentation violation via MovieAddFrame at /src/gif2swf.c. |
| CVE-2022-35086 | 2022-09-20 | SWFTools commit 772e55a2 was discovered to contain a segmentation violation via /multiarch/memmove-vec-unaligned-erms.S. |
| CVE-2022-35085 | 2022-09-20 | SWFTools commit 772e55a2 was discovered to contain a memory leak via /lib/mem.c. |
| CVE-2022-38619 | 2022-09-20 | SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the UserForm:j_id90 parameter at /SVFE2/pages/feegroups/mcc_group.jsf. |
| CVE-2022-37026 | 2022-09-21 | In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before 25.0.2, there is a Client Authentication Bypass in certain client-certification situations for SSL, TLS, and DTLS. |
| CVE-2022-41218 | 2022-09-21 | In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release. |
| CVE-2022-41222 | 2022-09-21 | mm/mremap.c in the Linux kernel before 5.13.3 has a use-after-free via a stale TLB because an rmap lock is not held during a PUD move. |
| CVE-2022-41220 | 2022-09-21 | md2roff 1.9 has a stack-based buffer overflow via a Markdown file, a different vulnerability than CVE-2022-34913. NOTE: the vendor's position is that the product is not intended for untrusted input |
| CVE-2022-40604 | 2022-09-21 | Format String Vulnerability |
| CVE-2022-40754 | 2022-09-21 | Open Redirect |
| CVE-2022-2315 | 2022-09-21 | SQL Injection in Database Accreditation System |
| CVE-2022-0495 | 2022-09-21 | SQL Injection in KOHA |
| CVE-2022-2872 | 2022-09-21 | Unrestricted Upload of File with Dangerous Type in octoprint/octoprint |
| CVE-2022-2795 | 2022-09-21 | Processing large delegations may severely degrade resolver performance |
| CVE-2022-2881 | 2022-09-21 | Buffer overread in statistics channel code |
| CVE-2022-2906 | 2022-09-21 | Memory leaks in code handling Diffie-Hellman key exchange via TKEY RRs (OpenSSL 3.0.0+ only) |
| CVE-2022-38177 | 2022-09-21 | Memory leak in ECDSA DNSSEC verification code |
| CVE-2022-38178 | 2022-09-21 | Memory leaks in EdDSA DNSSEC verification code |
| CVE-2022-3080 | 2022-09-21 | BIND 9 resolvers configured to answer from stale cache with zero stale-answer-client-timeout may terminate unexpectedly |
| CVE-2022-2888 | 2022-09-21 | Insufficient Session Expiration in octoprint/octoprint |
| CVE-2022-3068 | 2022-09-21 | Improper Privilege Management in octoprint/octoprint |
| CVE-2022-3255 | 2022-09-21 | Cross-site Scripting (XSS) - Reflected in pimcore/pimcore |
| CVE-2022-38928 | 2022-09-21 | XPDF 4.04 is vulnerable to Null Pointer Dereference in FoFiType1C.cc:2393. |
| CVE-2022-2265 | 2022-09-21 | Path traversal in Identity and Directory Management System |
| CVE-2022-37246 | 2022-09-21 | Craft CMS 4.2.0.1 is affected by Cross Site Scripting (XSS) in the file src/web/assets/cp/src/js/BaseElementSelectInput.js and in specific on the line label: elementInfo.label. |
| CVE-2019-5641 | 2022-09-21 | Rapid7 InsightVM Information Disclosure after Logout |
| CVE-2022-41224 | 2022-09-21 | Jenkins 2.367 through 2.369 (both inclusive) does not escape tooltips of the l:helpIcon UI component used for some help icons on the Jenkins web UI, resulting in a stored cross-site... |
| CVE-2022-41225 | 2022-09-21 | Jenkins Anchore Container Image Scanner Plugin 1.0.24 and earlier does not escape content provided by the Anchore engine API, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers... |
| CVE-2022-41226 | 2022-09-21 | Jenkins Compuware Common Configuration Plugin 1.0.14 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. |
| CVE-2022-41227 | 2022-09-21 | A cross-site request forgery (CSRF) vulnerability in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials. |
| CVE-2022-41228 | 2022-09-21 | A missing permission check in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers with Overall/Read permissions to connect to an attacker-specified webserver using attacker-specified credentials. |