CVE List - 2022 / October
Showing 1 - 100 of 1849 CVEs for October 2022 (Page 1 of 19)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-42004 | 2022-10-02 | In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only... |
| CVE-2022-33886 | 2022-10-03 | A maliciously crafted MODEL and SLDPRT file can be used to write beyond the allocated buffer while parsing through Autodesk AutoCAD 2023, 2022, 2021, 2020, and Maya 2023 and 2022.... |
| CVE-2022-33890 | 2022-10-03 | A maliciously crafted PCT or DWF file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could... |
| CVE-2022-36551 | 2022-10-03 | A Server Side Request Forgery (SSRF) in the Data Import module in Heartex - Label Studio Community Edition versions 1.5.0 and earlier allows an authenticated user to access arbitrary files... |
| CVE-2022-41301 | 2022-10-03 | A maliciously crafted PKT file when consumed through SubassemblyComposer.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to... |
| CVE-2022-41040 | 2022-10-03 | Microsoft Exchange Server Elevation of Privilege Vulnerability |
| CVE-2022-41082 | 2022-10-03 | Microsoft Exchange Server Remote Code Execution Vulnerability |
| CVE-2022-40886 | 2022-10-03 | DedeCMS 5.7.98 has a file upload vulnerability in the background. |
| CVE-2022-32173 | 2022-10-03 | OrchardCore - HTML Injection |
| CVE-2022-38817 | 2022-10-03 | Dapr Dashboard v0.1.0 through v0.10.0 is vulnerable to Incorrect Access Control that allows attackers to obtain sensitive data. |
| CVE-2022-40922 | 2022-10-03 | A vulnerability in the LIEF::MachO::BinaryParser::init_and_parse function of LIEF v0.12.1 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted MachO file. |
| CVE-2022-40123 | 2022-10-03 | mojoPortal v2.7 was discovered to contain a path traversal vulnerability via the "f" parameter at /DesignTools/CssEditor.aspx. This vulnerability allows authenticated attackers to read arbitrary files in the system. |
| CVE-2022-2628 | 2022-10-03 | DSGVO All in one for WP < 4.2 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-2763 | 2022-10-03 | WP Socializer < 7.3 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-2839 | 2022-10-03 | Zephyr Project Manager < 3.2.55 - Unauthorised AJAX Calls To Stored XSS |
| CVE-2022-3124 | 2022-10-03 | Frontend File Manager < 21.3 - Unauthenticated File Renaming |
| CVE-2022-3125 | 2022-10-03 | Frontend File Manager < 21.3 - Subscriber+ Arbitrary File Upload |
| CVE-2022-3128 | 2022-10-03 | Donation Thermometer < 2.1.3 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-3132 | 2022-10-03 | Goolytics - Simple Google Analytics < 1.1.2 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-41419 | 2022-10-03 | Bento4 v1.6.0-639 was discovered to contain a memory leak via the AP4_Processor::Process function in the mp4encrypt binary. |
| CVE-2022-41420 | 2022-10-03 | nasm v2.16 was discovered to contain a stack overflow in the Ndisasm component |
| CVE-2022-41423 | 2022-10-03 | Bento4 v1.6.0-639 was discovered to contain a segmentation violation in the mp4fragment component. |
| CVE-2022-41424 | 2022-10-03 | Bento4 v1.6.0-639 was discovered to contain a memory leak via the AP4_SttsAtom::Create function in mp42hls. |
| CVE-2022-41425 | 2022-10-03 | Bento4 v1.6.0-639 was discovered to contain a segmentation violation via the AP4_Processor::ProcessFragments function in mp4decrypt. |
| CVE-2022-41426 | 2022-10-03 | Bento4 v1.6.0-639 was discovered to contain a memory leak via the AP4_AtomFactory::CreateAtomFromStream function in mp4split. |
| CVE-2022-41427 | 2022-10-03 | Bento4 v1.6.0-639 was discovered to contain a memory leak in the AP4_AvcFrameParser::Feed function in mp4mux. |
| CVE-2022-41428 | 2022-10-03 | Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP4_BitReader::ReadBits function in mp4mux. |
| CVE-2022-41429 | 2022-10-03 | Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP4_Atom::TypeFromString function in mp4tag. |
| CVE-2022-41430 | 2022-10-03 | Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP4_BitReader::ReadBit function in mp4mux. |
| CVE-2022-40764 | 2022-10-03 | Snyk CLI before 1.996.0 allows arbitrary command execution, affecting Snyk IDE plugins and the snyk npm package. Exploitation could follow from the common practice of viewing untrusted files in the... |
| CVE-2022-33889 | 2022-10-03 | A maliciously crafted GIF or JPEG files when parsed through Autodesk Design Review 2018, and AutoCAD 2023 and 2022 could be used to write beyond the allocated heap buffer. This... |
| CVE-2022-33884 | 2022-10-03 | Parsing a maliciously crafted X_B file can force Autodesk AutoCAD 2023 and 2022 to read beyond allocated boundaries. This vulnerability in conjunction with other vulnerabilities could lead to code execution... |
| CVE-2022-33885 | 2022-10-03 | A maliciously crafted X_B, CATIA, and PDF file when parsed through Autodesk AutoCAD 2023 and 2022 can be used to write beyond the allocated buffer. This vulnerability can lead to... |
| CVE-2022-33887 | 2022-10-03 | A maliciously crafted PDF file when parsed through Autodesk AutoCAD 2023 causes an unhandled exception. An attacker can leverage this vulnerability to cause a crash or read sensitive data or... |
| CVE-2022-33888 | 2022-10-03 | A malicious crafted Dwg2Spd file when processed through Autodesk DWG application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead... |
| CVE-2022-33883 | 2022-10-03 | A malicious crafted file consumed through Moldflow Synergy, Moldflow Adviser, Moldflow Communicator, and Advanced Material Exchange applications could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities... |
| CVE-2022-42308 | 2022-10-03 | An issue was discovered in Veritas NetBackup through 8.2 and related Veritas products. An attacker with local access can delete arbitrary files by leveraging a path traversal in the pbx_exchange... |
| CVE-2022-42307 | 2022-10-03 | An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to an XML External Entity (XXE) Injection attack through the DiscoveryService... |
| CVE-2022-42306 | 2022-10-03 | An issue was discovered in Veritas NetBackup through 8.2 and related Veritas products. An attacker with local access can send a crafted packet to pbx_exchange during registration and cause a... |
| CVE-2022-42305 | 2022-10-03 | An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to a Path traversal attack through the DiscoveryService service. |
| CVE-2022-42304 | 2022-10-03 | An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a SQL Injection attack affecting idm, nbars, and SLP manager... |
| CVE-2022-42303 | 2022-10-03 | An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a second-order SQL Injection attack affecting the NBFSMCLIENT service by... |
| CVE-2022-42302 | 2022-10-03 | An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a SQL Injection attack affecting the NBFSMCLIENT service. |
| CVE-2022-42301 | 2022-10-03 | An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to an XML External Entity (XXE) injection attack through the nbars... |
| CVE-2022-42300 | 2022-10-03 | An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server nbars process can be crashed resulting in a denial of service. (Note: the... |
| CVE-2022-42299 | 2022-10-03 | An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to a denial of service attack through the DiscoveryService service. |
| CVE-2022-40721 | 2022-10-03 | Arbitrary file upload vulnerability in php uploader |
| CVE-2022-33882 | 2022-10-03 | Under certain conditions, an attacker could create an unintended sphere of control through a vulnerability present in file delete operation in Autodesk desktop app (ADA). An attacker could leverage this... |
| CVE-2022-41443 | 2022-10-03 | phpipam v1.5.0 was discovered to contain a header injection vulnerability via the component /admin/subnets/ripe-query.php. |
| CVE-2022-42247 | 2022-10-03 | pfSense v2.5.2 was discovered to contain a cross-site scripting (XSS) vulnerability in the browser.php component. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload... |
| CVE-2021-40556 | 2022-10-06 | A stack overflow vulnerability exists in the httpd service in ASUS RT-AX56U Router Version 3.0.0.4.386.44266. This vulnerability is caused by the strcat function called by "caupload" input handle function allowing... |
| CVE-2022-26235 | 2022-10-06 | A vulnerability was discovered in the Remisol Advance v2.0.12.1 and below for the Normand Message Server. On installation, the permissions set by Remisol Advance allow non-privileged users to overwrite and/or... |
| CVE-2022-26236 | 2022-10-06 | The default privileges for the running service Normand Remisol Advance Launcher in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows non-privileged users to overwrite and manipulate executables and libraries. This... |
| CVE-2022-26237 | 2022-10-06 | The default privileges for the running service Normand Viewer Service in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows non-privileged users to overwrite and manipulate executables and libraries. This allows... |
| CVE-2022-26238 | 2022-10-06 | The default privileges for the running service Normand Service Manager in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows non-privileged users to overwrite and manipulate executables and libraries. This allows... |
| CVE-2022-26239 | 2022-10-06 | The default privileges for the running service Normand License Manager in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows unprivileged users to overwrite and manipulate executables and libraries. This allows... |
| CVE-2022-26240 | 2022-10-06 | The default privileges for the running service Normand Message Buffer in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows non-privileged users to overwrite and manipulate executables and libraries. This allows... |
| CVE-2022-2637 | 2022-10-06 | Privilege Escalation Vulnerability in Hitachi Storage Plug-in for VMware vCenter |
| CVE-2022-2781 | 2022-10-06 | In affected versions of Octopus Server it was identified that the same encryption process was used for both encrypting session cookies and variables. |
| CVE-2022-27810 | 2022-10-06 | It was possible to trigger an infinite recursion condition in the error handler when Hermes executed specific maliciously formed JavaScript. This condition was only possible to trigger in dev-mode (when... |
| CVE-2022-2783 | 2022-10-06 | In affected versions of Octopus Server it was identified that a session cookie could be used as the CSRF token |
| CVE-2022-2975 | 2022-10-06 | Avaya Aura Application Enablement Services weak permissions in web application |
| CVE-2022-2986 | 2022-10-06 | Enabling and disabling installed H5P libraries did not include the necessary token to prevent a CSRF risk. |
| CVE-2022-3002 | 2022-10-06 | Cross-site Scripting (XSS) - Stored in yetiforcecompany/yetiforcecrm |
| CVE-2022-3273 | 2022-10-06 | Allocation of Resources Without Limits or Throttling in ikus060/rdiffweb |
| CVE-2022-3376 | 2022-10-06 | Weak Password Requirements in ikus060/rdiffweb |
| CVE-2022-3389 | 2022-10-06 | Path Traversal in ikus060/rdiffweb |
| CVE-2022-37888 | 2022-10-06 | There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management... |
| CVE-2022-39988 | 2022-10-06 | A cross-site scripting (XSS) vulnerability in Centreon 22.04.0 allows attackers to execute arbitrary web script or HTML via a crafted payload injected into the Service>Templates service_alias parameter. |
| CVE-2022-40159 | 2022-10-06 | Stack Overflow in JXPath |
| CVE-2022-40160 | 2022-10-06 | Stack Overflow in JXPath |
| CVE-2022-40494 | 2022-10-06 | NPS before v0.26.10 was discovered to contain an authentication bypass vulnerability via constantly generating and sending the Auth key and Timestamp parameters. |
| CVE-2022-40895 | 2022-10-06 | In certain Nedi products, a vulnerability in the web UI of NeDi login & Community login could allow an unauthenticated, remote attacker to affect the integrity of a device via... |
| CVE-2022-41355 | 2022-10-06 | Online Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /leave_system/classes/Master.php?f=delete_department. |
| CVE-2022-41517 | 2022-10-06 | TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a stack overflow in the lang parameter in the setLanguageCfg function |
| CVE-2022-41518 | 2022-10-06 | TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a command injection vulnerability via the UploadFirmwareFile function at /cgi-bin/cstecgi.cgi. |
| CVE-2022-41520 | 2022-10-06 | TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the File parameter in the UploadCustomModule function. |
| CVE-2022-41521 | 2022-10-06 | TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the sPort/ePort parameter in the setIpPortFilterRules function. |
| CVE-2022-41522 | 2022-10-06 | TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an unauthenticated stack overflow via the "main" function. |
| CVE-2022-41523 | 2022-10-06 | TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the command parameter in the setTracerouteCfg function. |
| CVE-2022-41524 | 2022-10-06 | TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the week, sTime, and eTime parameters in the setParentalRules function. |
| CVE-2022-41525 | 2022-10-06 | TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a command injection vulnerability via the OpModeCfg function at /cgi-bin/cstecgi.cgi. |
| CVE-2022-41526 | 2022-10-06 | TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the ip parameter in the setDiagnosisCfg function. |
| CVE-2022-41527 | 2022-10-06 | TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the pppoeUser parameter in the setOpModeCfg function. |
| CVE-2022-41528 | 2022-10-06 | TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the text parameter in the setSmsCfg function. |
| CVE-2022-41556 | 2022-10-06 | A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It... |
| CVE-2022-42241 | 2022-10-06 | Simple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/classes/Master.php?f=delete_message. |
| CVE-2022-42242 | 2022-10-06 | Simple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/classes/Master.php?f=delete_booking. |
| CVE-2022-42243 | 2022-10-06 | Simple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/admin/storages/manage_storage.php?id=. |
| CVE-2022-42249 | 2022-10-06 | Simple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/admin/storages/view_storage.php?id=. |
| CVE-2022-42250 | 2022-10-06 | Simple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/admin/inquiries/view_details.php?id=. |
| CVE-2022-42457 | 2022-10-06 | Generex CS141 through 2.10 allows remote command execution by administrators via a web interface that reaches run_update in /usr/bin/gxserve-update.sh (e.g., command execution can occur via a reverse shell installed by... |
| CVE-2022-31008 | 2022-10-06 | Predictable credential obfuscation seed value used in rabbitmq-server |
| CVE-2022-39222 | 2022-10-06 | OAuth authorization code exposure in Dex |
| CVE-2022-39237 | 2022-10-06 | Digital Signature Hash Algorithms Not Validated in sylabs/sif |
| CVE-2022-39244 | 2022-10-06 | Buffer overflow in pjlib scanner and pjmedia |
| CVE-2022-39265 | 2022-10-06 | Mail settings' command parameter injection in mybb |
| CVE-2022-39269 | 2022-10-06 | Media transport downgrade from the secure version (SRTP) to non-secure (RTP) in pjsip |
| CVE-2022-39270 | 2022-10-06 | Arbitrary HTML injection in table-of-contents theme component in DiscoTOC |
| CVE-2022-39273 | 2022-10-06 | Default OAuth Authorization Server secret in FlyteAdmin |