Lista CVE - 2022 / Settembre
Visualizzazione 2101 - 2148 di 2148 CVE per Settembre 2022 (Pagina 22 di 22)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2022-36961 | 2022-09-30 | Orion Platform SQL Injection Privilege Escalation Vulnerability |
| CVE-2021-36839 | 2022-09-30 | WordPress Social Media Follow Buttons Bar plugin <= 4.73 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability |
| CVE-2021-36830 | 2022-09-30 | WordPress Comment Guestbook plugin <= 0.8.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-40274 | 2022-09-30 | Gridea version 0.9.3 allows an external attacker to execute arbitrary code remotely on any client attempting to view a malicious markdown file through Gridea. This is possible because the application... |
| CVE-2022-40277 | 2022-09-30 | Joplin version 2.8.8 allows an external attacker to execute arbitrary commands remotely on any client that opens a link in a malicious markdown file, via Joplin. This is possible because... |
| CVE-2022-1959 | 2022-09-30 | AppLock version 7.9.29 allows an attacker with physical access to the device to bypass biometric authentication. This is possible because the application did not correctly implement fingerprint validations. |
| CVE-2022-41870 | 2022-09-30 | AP Manager in Innovaphone before 13r2 Service Release 17 allows command injection via a modified service ID during app upload. |
| CVE-2022-21826 | 2022-09-30 | Pulse Secure version 9.115 and below may be susceptible to client-side http request smuggling, When the application receives a POST request, it ignores the request's Content-Length header and leaves the... |
| CVE-2022-40314 | 2022-09-30 | A remote code execution risk when restoring backup files originating from Moodle 1.9 was identified. |
| CVE-2022-40313 | 2022-09-30 | Recursive rendering of Mustache template helpers containing user input could, in some cases, result in an XSS risk or a page failing to load. |
| CVE-2022-40315 | 2022-09-30 | A limited SQL injection risk was identified in the "browse list of users" site administration page. |
| CVE-2022-40316 | 2022-09-30 | The H5P activity attempts report did not filter by groups, which in separate groups mode could reveal information to non-editing teachers about attempts/users in groups they should not have access... |
| CVE-2022-32540 | 2022-09-30 | Information Disclosure in Operator Client application in BVMS 10.1.1, 11.0 and 11.1.0 and VIDEOJET Decoder VJD-7513 versions 10.23 and 10.30 allows man-in-the-middle attacker to compromise confidential video stream. This is... |
| CVE-2022-36965 | 2022-09-30 | Stored and DOM XSS in QoE Applications: Orion Platform |
| CVE-2021-36854 | 2022-09-30 | WordPress Booking Ultra Pro plugin <= 1.1.4 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities |
| CVE-2021-36855 | 2022-09-30 | WordPress Booking Ultra Pro plugin <= 1.1.4 - Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-28851 | 2022-09-30 | AEM Reflected XSS Arbitrary code execution |
| CVE-2021-33354 | 2022-09-30 | Directory Traversal vulnerability in htmly before 2.8.1 allows remote attackers to perform arbitrary file deletions via modified file parameter. |
| CVE-2022-40944 | 2022-09-30 | Dairy Farm Shop Management System 1.0 is vulnerable to SQL Injection via sales-report-ds.php file. |
| CVE-2022-41975 | 2022-09-30 | RealVNC VNC Server before 6.11.0 and VNC Viewer before 6.22.826 on Windows allow local privilege escalation via MSI installer Repair mode. |
| CVE-2022-35156 | 2022-09-30 | Bus Pass Management System 1.0 was discovered to contain a SQL Injection vulnerability via the searchdata parameter at /buspassms/download-pass.php.. |
| CVE-2022-35155 | 2022-09-30 | Bus Pass Management System v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the searchdata parameter. |
| CVE-2022-40756 | 2022-09-30 | If folder security is misconfigured for Actian Zen PSQL BEFORE Patch Update 1 for Zen 15 SP1 (v15.11.005), Patch Update 4 for Zen 15 (v15.01.017), or Patch Update 5 for... |
| CVE-2022-40943 | 2022-09-30 | Dairy Farm Shop Management System 1.0 is vulnerable to SQL Injection via bwdate-report-ds.php file. |
| CVE-2022-40923 | 2022-09-30 | A vulnerability in the LIEF::MachO::SegmentCommand::virtual_address function of LIEF v0.12.1 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted MachO file. |
| CVE-2022-20662 | 2022-09-30 | Cisco Duo for macOS Authentication Bypass Vulnerability |
| CVE-2022-20728 | 2022-09-30 | Cisco Access Points VLAN Bypass from Native VLAN Vulnerability |
| CVE-2022-20769 | 2022-09-30 | Cisco Wireless LAN Controller AireOS Software FIPS Mode Denial of Service Vulnerability |
| CVE-2022-20775 | 2022-09-30 | Cisco SD-WAN Software Privilege Escalation Vulnerabilities |
| CVE-2022-20810 | 2022-09-30 | Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family SNMP Information Disclosure Vulnerability |
| CVE-2022-20818 | 2022-09-30 | Cisco SD-WAN Software Privilege Escalation Vulnerabilities |
| CVE-2022-20844 | 2022-09-30 | Cisco Software-Defined Application Visibility and Control on Cisco vManage Static Username and Password Vulnerability |
| CVE-2022-20847 | 2022-09-30 | Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family DHCP Processing Denial of Service Vulnerability |
| CVE-2022-20848 | 2022-09-30 | Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst 9100 Series Access Points UDP Processing Denial of Service Vulnerability |
| CVE-2022-20850 | 2022-09-30 | Cisco SD-WAN Arbitrary File Deletion Vulnerability |
| CVE-2022-20851 | 2022-09-30 | Cisco IOS XE Software Web UI Command Injection Vulnerability |
| CVE-2022-20855 | 2022-09-30 | Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst Access Points Privilege Escalation Vulnerability |
| CVE-2022-20856 | 2022-09-30 | Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family CAPWAP Mobility Denial of Service Vulnerability |
| CVE-2022-40341 | 2022-09-30 | mojoPortal v2.7 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted PNG file. |
| CVE-2022-20919 | 2022-09-30 | Cisco IOS and IOS XE Software Common Industrial Protocol Request Denial of Service Vulnerability |
| CVE-2022-20930 | 2022-09-30 | Cisco SD-WAN Software Arbitrary File Corruption Vulnerability |
| CVE-2022-20945 | 2022-09-30 | Cisco Catalyst 9100 Series Access Points Association Request Denial of Service Vulnerability |
| CVE-2021-36865 | 2022-09-30 | WordPress Quiz And Survey Master plugin <= 7.3.4 - Insecure direct object references (IDOR) vulnerability |
| CVE-2022-34428 | 2022-09-30 | Dell Hybrid Client prior to version 1.8 contains a Regular Expression Denial of Service Vulnerability in the UI. An adversary with WMS group admin access could potentially exploit this vulnerability,... |
| CVE-2022-34429 | 2022-09-30 | Dell Hybrid Client below 1.8 version contains a Zip Slip Vulnerability in UI. A guest privilege attacker could potentially exploit this vulnerability, leading to system files modification. |
| CVE-2022-39268 | 2022-09-30 | orchest vulnerable to cross-site request forgery that allows control of a user instance |
| CVE-2022-42002 | 2022-09-30 | SonicJS through 0.6.0 allows file overwrite. It has the following mutations that are used for updating files: fileCreate and fileUpdate. Both of these mutations can be called without any authentication... |
| CVE-2022-42003 | 2022-10-02 | In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when... |
| CVE-2022-42004 | 2022-10-02 | In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only... |
| CVE-2022-33886 | 2022-10-03 | A maliciously crafted MODEL and SLDPRT file can be used to write beyond the allocated buffer while parsing through Autodesk AutoCAD 2023, 2022, 2021, 2020, and Maya 2023 and 2022.... |
| CVE-2022-33890 | 2022-10-03 | A maliciously crafted PCT or DWF file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could... |
| CVE-2022-36551 | 2022-10-03 | A Server Side Request Forgery (SSRF) in the Data Import module in Heartex - Label Studio Community Edition versions 1.5.0 and earlier allows an authenticated user to access arbitrary files... |
| CVE-2022-41301 | 2022-10-03 | A maliciously crafted PKT file when consumed through SubassemblyComposer.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to... |
| CVE-2022-41040 | 2022-10-03 | Microsoft Exchange Server Elevation of Privilege Vulnerability |
| CVE-2022-41082 | 2022-10-03 | Microsoft Exchange Server Remote Code Execution Vulnerability |
| CVE-2022-40886 | 2022-10-03 | DedeCMS 5.7.98 has a file upload vulnerability in the background. |
| CVE-2022-32173 | 2022-10-03 | OrchardCore - HTML Injection |
| CVE-2022-38817 | 2022-10-03 | Dapr Dashboard v0.1.0 through v0.10.0 is vulnerable to Incorrect Access Control that allows attackers to obtain sensitive data. |
| CVE-2022-40922 | 2022-10-03 | A vulnerability in the LIEF::MachO::BinaryParser::init_and_parse function of LIEF v0.12.1 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted MachO file. |
| CVE-2022-40123 | 2022-10-03 | mojoPortal v2.7 was discovered to contain a path traversal vulnerability via the "f" parameter at /DesignTools/CssEditor.aspx. This vulnerability allows authenticated attackers to read arbitrary files in the system. |
| CVE-2022-2628 | 2022-10-03 | DSGVO All in one for WP < 4.2 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-2763 | 2022-10-03 | WP Socializer < 7.3 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-2839 | 2022-10-03 | Zephyr Project Manager < 3.2.55 - Unauthorised AJAX Calls To Stored XSS |
| CVE-2022-3124 | 2022-10-03 | Frontend File Manager < 21.3 - Unauthenticated File Renaming |
| CVE-2022-3125 | 2022-10-03 | Frontend File Manager < 21.3 - Subscriber+ Arbitrary File Upload |
| CVE-2022-3128 | 2022-10-03 | Donation Thermometer < 2.1.3 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-3132 | 2022-10-03 | Goolytics - Simple Google Analytics < 1.1.2 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-41419 | 2022-10-03 | Bento4 v1.6.0-639 was discovered to contain a memory leak via the AP4_Processor::Process function in the mp4encrypt binary. |
| CVE-2022-41420 | 2022-10-03 | nasm v2.16 was discovered to contain a stack overflow in the Ndisasm component |
| CVE-2022-41423 | 2022-10-03 | Bento4 v1.6.0-639 was discovered to contain a segmentation violation in the mp4fragment component. |
| CVE-2022-41424 | 2022-10-03 | Bento4 v1.6.0-639 was discovered to contain a memory leak via the AP4_SttsAtom::Create function in mp42hls. |
| CVE-2022-41425 | 2022-10-03 | Bento4 v1.6.0-639 was discovered to contain a segmentation violation via the AP4_Processor::ProcessFragments function in mp4decrypt. |
| CVE-2022-41426 | 2022-10-03 | Bento4 v1.6.0-639 was discovered to contain a memory leak via the AP4_AtomFactory::CreateAtomFromStream function in mp4split. |
| CVE-2022-41427 | 2022-10-03 | Bento4 v1.6.0-639 was discovered to contain a memory leak in the AP4_AvcFrameParser::Feed function in mp4mux. |
| CVE-2022-41428 | 2022-10-03 | Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP4_BitReader::ReadBits function in mp4mux. |
| CVE-2022-41429 | 2022-10-03 | Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP4_Atom::TypeFromString function in mp4tag. |
| CVE-2022-41430 | 2022-10-03 | Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP4_BitReader::ReadBit function in mp4mux. |
| CVE-2022-40764 | 2022-10-03 | Snyk CLI before 1.996.0 allows arbitrary command execution, affecting Snyk IDE plugins and the snyk npm package. Exploitation could follow from the common practice of viewing untrusted files in the... |
| CVE-2022-33889 | 2022-10-03 | A maliciously crafted GIF or JPEG files when parsed through Autodesk Design Review 2018, and AutoCAD 2023 and 2022 could be used to write beyond the allocated heap buffer. This... |
| CVE-2022-33884 | 2022-10-03 | Parsing a maliciously crafted X_B file can force Autodesk AutoCAD 2023 and 2022 to read beyond allocated boundaries. This vulnerability in conjunction with other vulnerabilities could lead to code execution... |
| CVE-2022-33885 | 2022-10-03 | A maliciously crafted X_B, CATIA, and PDF file when parsed through Autodesk AutoCAD 2023 and 2022 can be used to write beyond the allocated buffer. This vulnerability can lead to... |
| CVE-2022-33887 | 2022-10-03 | A maliciously crafted PDF file when parsed through Autodesk AutoCAD 2023 causes an unhandled exception. An attacker can leverage this vulnerability to cause a crash or read sensitive data or... |
| CVE-2022-33888 | 2022-10-03 | A malicious crafted Dwg2Spd file when processed through Autodesk DWG application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead... |
| CVE-2022-33883 | 2022-10-03 | A malicious crafted file consumed through Moldflow Synergy, Moldflow Adviser, Moldflow Communicator, and Advanced Material Exchange applications could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities... |
| CVE-2022-42308 | 2022-10-03 | An issue was discovered in Veritas NetBackup through 8.2 and related Veritas products. An attacker with local access can delete arbitrary files by leveraging a path traversal in the pbx_exchange... |
| CVE-2022-42307 | 2022-10-03 | An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to an XML External Entity (XXE) Injection attack through the DiscoveryService... |
| CVE-2022-42306 | 2022-10-03 | An issue was discovered in Veritas NetBackup through 8.2 and related Veritas products. An attacker with local access can send a crafted packet to pbx_exchange during registration and cause a... |
| CVE-2022-42305 | 2022-10-03 | An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to a Path traversal attack through the DiscoveryService service. |
| CVE-2022-42304 | 2022-10-03 | An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a SQL Injection attack affecting idm, nbars, and SLP manager... |
| CVE-2022-42303 | 2022-10-03 | An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a second-order SQL Injection attack affecting the NBFSMCLIENT service by... |
| CVE-2022-42302 | 2022-10-03 | An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a SQL Injection attack affecting the NBFSMCLIENT service. |
| CVE-2022-42301 | 2022-10-03 | An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to an XML External Entity (XXE) injection attack through the nbars... |
| CVE-2022-42300 | 2022-10-03 | An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server nbars process can be crashed resulting in a denial of service. (Note: the... |
| CVE-2022-42299 | 2022-10-03 | An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to a denial of service attack through the DiscoveryService service. |
| CVE-2022-40721 | 2022-10-03 | Arbitrary file upload vulnerability in php uploader |
| CVE-2022-33882 | 2022-10-03 | Under certain conditions, an attacker could create an unintended sphere of control through a vulnerability present in file delete operation in Autodesk desktop app (ADA). An attacker could leverage this... |
| CVE-2022-41443 | 2022-10-03 | phpipam v1.5.0 was discovered to contain a header injection vulnerability via the component /admin/subnets/ripe-query.php. |
| CVE-2022-42247 | 2022-10-03 | pfSense v2.5.2 was discovered to contain a cross-site scripting (XSS) vulnerability in the browser.php component. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload... |
| CVE-2021-40556 | 2022-10-06 | A stack overflow vulnerability exists in the httpd service in ASUS RT-AX56U Router Version 3.0.0.4.386.44266. This vulnerability is caused by the strcat function called by "caupload" input handle function allowing... |
| CVE-2022-26235 | 2022-10-06 | A vulnerability was discovered in the Remisol Advance v2.0.12.1 and below for the Normand Message Server. On installation, the permissions set by Remisol Advance allow non-privileged users to overwrite and/or... |