CVE List - 2022 / October
Showing 901 - 1000 of 1849 CVEs for October 2022 (Page 10 of 19)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-23770 | 2022-10-17 | WISA Smart Wing CMS Remote Command Execution Vulnerability |
| CVE-2022-23771 | 2022-10-17 | IPTIME NAS1DUAL CSRF Vulnerability |
| CVE-2022-2428 | 2022-10-17 | A crafted tag in the Jupyter Notebook viewer in GitLab EE/CE affecting all versions before 15.1.6, 15.2 to 15.2.4, and 15.3 to 15.3.2 allows an attacker to issue arbitrary HTTP... |
| CVE-2022-2455 | 2022-10-17 | A business logic issue in the handling of large repositories in all versions of GitLab CE/EE from 10.0 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting... |
| CVE-2022-2527 | 2022-10-17 | An issue in Incident Timelines has been discovered in GitLab CE/EE affecting all versions starting from 14.9 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from... |
| CVE-2022-2533 | 2022-10-17 | An issue has been discovered in GitLab affecting all versions starting from 12.10 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. GitLab... |
| CVE-2022-2563 | 2022-10-17 | Tutor LMS < 2.0.10 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-25723 | 2022-10-17 | Memory corruption in multimedia due to use after free during callback registration failure in Snapdragon Mobile |
| CVE-2022-2574 | 2022-10-17 | Meks Easy Social Share < 1.2.8 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-25750 | 2022-10-17 | Memory corruption in BTHOST due to double free while music playback and calls over bluetooth headset in Snapdragon Mobile |
| CVE-2022-2592 | 2022-10-17 | A lack of length validation in Snippet descriptions in GitLab CE/EE affecting all versions prior to 15.1.6, 15.2 prior to 15.2.4 and 15.3 prior to 15.3.2 allows an authenticated attacker... |
| CVE-2022-2630 | 2022-10-17 | An improper access control issue in GitLab CE/EE affecting all versions starting from 15.2 before 15.2.4, all versions from 15.3 before 15.3.2 allows disclosure of confidential information via the Incident... |
| CVE-2022-28291 | 2022-10-17 | Insufficiently Protected Credentials: An authenticated user with debug privileges can retrieve stored Nessus policy credentials from the “nessusd” process in cleartext via process dumping. The affected products are all versions... |
| CVE-2022-2834 | 2022-10-17 | Helpful < 4.5.26 - Information Disclosure |
| CVE-2022-2865 | 2022-10-17 | A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions before 15.1.6, 15.2 to 15.2.4 and 15.3 prior to 15.3.2. It was possible to exploit a vulnerability... |
| CVE-2022-2884 | 2022-10-17 | A vulnerability in GitLab CE/EE affecting all versions from 11.3.4 prior to 15.1.5, 15.2 to 15.2.3, 15.3 to 15.3 to 15.3.1 allows an an authenticated user to achieve remote code... |
| CVE-2022-2908 | 2022-10-17 | A potential DoS vulnerability was discovered in Gitlab CE/EE versions starting from 10.7 before 15.1.5, all versions starting from 15.2 before 15.2.3, all versions starting from 15.3 before 15.3.1 allowed... |
| CVE-2022-2931 | 2022-10-17 | A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. Malformed content... |
| CVE-2022-2992 | 2022-10-17 | A vulnerability in GitLab CE/EE affecting all versions from 11.10 prior to 15.1.6, 15.2 to 15.2.4, 15.3 to 15.3.2 allows an authenticated user to achieve remote code execution via the... |
| CVE-2022-3030 | 2022-10-17 | An improper access control issue in GitLab CE/EE affecting all versions starting before 15.1.6, all versions from 15.2 before 15.2.4, all versions from 15.3 before 15.3.2 allows disclosure of pipeline... |
| CVE-2022-3031 | 2022-10-17 | An issue has been discovered in GitLab CE/EE affecting all versions before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. It may be... |
| CVE-2022-3060 | 2022-10-17 | Improper control of a resource identifier in Error Tracking in GitLab CE/EE affecting all versions from 12.7 allows an authenticated attacker to generate content which could cause a victim to... |
| CVE-2022-3066 | 2022-10-17 | An issue has been discovered in GitLab affecting all versions starting from 10.0 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. It... |
| CVE-2022-3067 | 2022-10-17 | An issue has been discovered in the Import functionality of GitLab CE/EE affecting all versions starting from 14.4 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting... |
| CVE-2022-3082 | 2022-10-17 | miniOrange Discord Integration < 2.1.6 - Subscriber+ App Disabling |
| CVE-2022-3126 | 2022-10-17 | Frontend File Manager < 21.4 - File Upload via CSRF |
| CVE-2022-3131 | 2022-10-17 | Search Logger <= 0.9 - Admin+ SQLi |
| CVE-2022-3139 | 2022-10-17 | We’re Open! < 1.42 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-3149 | 2022-10-17 | WP Custom Cursors < 3.0.1 - Stored Cross-Site Scripting via CSRF |
| CVE-2022-3150 | 2022-10-17 | WP Custom Cursors < 3.2 - Admin+ SQLi |
| CVE-2022-3151 | 2022-10-17 | WP Custom Cursors < 3.0.1 - Arbitrary Cursor Deletion via CSRF |
| CVE-2022-3158 | 2022-10-17 | Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31 are vulnerable to an input validation vulnerability. The FactoryTalk VantagePoint SQL Server lacks input validation when users enter SQL statements... |
| CVE-2022-3165 | 2022-10-17 | An integer underflow issue was found in the QEMU VNC server while processing ClientCutText messages in the extended format. A malicious client could use this flaw to make QEMU unresponsive... |
| CVE-2022-3206 | 2022-10-17 | Passster < 3.5.5.5.2 - Insecure Storage of Password |
| CVE-2022-3243 | 2022-10-17 | Import all XML, CSV & TXT into WordPress < 6.5.8 - Admin+ SQLi |
| CVE-2022-3244 | 2022-10-17 | Import all XML, CSV & TXT into WordPress < 6.5.8 - Missing Authorisation |
| CVE-2022-3279 | 2022-10-17 | An unhandled exception in job log parsing in GitLab CE/EE affecting all versions prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an attacker to prevent... |
| CVE-2022-3282 | 2022-10-17 | Drag and Drop Multiple File Upload < 1.3.6.5 - File Upload Size Limit Bypass |
| CVE-2022-3283 | 2022-10-17 | A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions before before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 While... |
| CVE-2022-3286 | 2022-10-17 | Lack of IP address checking in GitLab EE affecting all versions from 14.2 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows a group member to... |
| CVE-2022-3288 | 2022-10-17 | A branch/tag name confusion in GitLab CE/EE affecting all versions prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an attacker to manipulate pages where the... |
| CVE-2022-3291 | 2022-10-17 | Serialization of sensitive data in GitLab EE affecting all versions from 14.9 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 can leak sensitive information via cache |
| CVE-2022-3293 | 2022-10-17 | Email addresses were leaked in WebHook logs in GitLab EE affecting all versions from 9.3 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 |
| CVE-2022-33210 | 2022-10-17 | Memory corruption in automotive multimedia due to use of out-of-range pointer offset while parsing command request packet with a very large type value. in Snapdragon Auto |
| CVE-2022-33214 | 2022-10-17 | Memory corruption in display due to time-of-check time-of-use of metadata reserved size in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables |
| CVE-2022-33217 | 2022-10-17 | Memory corruption in Qualcomm IPC due to buffer copy without checking the size of input while starting communication with a compromised kernel. in Snapdragon Mobile |
| CVE-2022-3325 | 2022-10-17 | Improper access control in the GitLab CE/EE API affecting all versions starting from 12.8 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1.... |
| CVE-2022-3330 | 2022-10-17 | It was possible for a guest user to read a todo targeting an inaccessible note in Gitlab CE/EE affecting all versions from 15.0 prior to 15.2.5, 15.3 prior to 15.3.4,... |
| CVE-2022-3331 | 2022-10-17 | An issue has been discovered in GitLab EE affecting all versions starting from 14.5 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2.... |
| CVE-2022-3351 | 2022-10-17 | An issue has been discovered in GitLab EE affecting all versions starting from 13.7 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1.... |
| CVE-2022-3421 | 2022-10-17 | Privilege escalation in Google Drive for Desktop on MacOS |
| CVE-2022-3517 | 2022-10-17 | A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial... |
| CVE-2022-3533 | 2022-10-17 | Linux Kernel BPF usdt.c parse_usdt_arg memory leak |
| CVE-2022-3534 | 2022-10-17 | Linux Kernel libbpf btf_dump.c btf_dump_name_dups use after free |
| CVE-2022-3540 | 2022-10-17 | An issue has been discovered in hunter2 affecting all versions before 2.1.0. Improper handling of auto-completion input allows an authenticated attacker to extract other users email addresses |
| CVE-2022-3541 | 2022-10-17 | Linux Kernel BPF spl2sw_driver.c spl2sw_nvmem_get_mac_address use after free |
| CVE-2022-3544 | 2022-10-17 | Linux Kernel Netfilter sysfs.c damon_sysfs_add_target memory leak |
| CVE-2022-3545 | 2022-10-17 | Linux Kernel IPsec nfp_cppcore.c area_cache_get use after free |
| CVE-2022-3550 | 2022-10-17 | X.org Server xkb.c _GetCountedString buffer overflow |
| CVE-2022-3551 | 2022-10-17 | X.org Server xkb.c ProcXkbGetKbdByName memory leak |
| CVE-2022-3552 | 2022-10-17 | Unrestricted Upload of File with Dangerous Type in boxbilling/boxbilling |
| CVE-2022-3553 | 2022-10-17 | X.org Server xquartz X11Controller.m denial of service |
| CVE-2022-3559 | 2022-10-17 | Exim Regex use after free |
| CVE-2022-3563 | 2022-10-17 | Linux Kernel BlueZ mgmt-tester.c read_50_controller_cap_complete null pointer dereference |
| CVE-2022-3566 | 2022-10-17 | Linux Kernel TCP tcp_setsockopt race condition |
| CVE-2022-3567 | 2022-10-17 | Linux Kernel IPv6 inet6_dgram_ops race condition |
| CVE-2022-38743 | 2022-10-17 | Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31 are vulnerable to an improper access control vulnerability. The FactoryTalk VantagePoint SQL Server account could allow a malicious user with... |
| CVE-2022-40055 | 2022-10-17 | An issue in GX Group GPON ONT Titanium 2122A T2122-V1.26EXL allows attackers to escalate privileges via a brute force attack at the login page. |
| CVE-2022-40605 | 2022-10-17 | MITRE CALDERA before 4.1.0 allows XSS in the Operations tab and/or Debrief plugin via a crafted operation name, a different vulnerability than CVE-2022-40606. |
| CVE-2022-40606 | 2022-10-17 | MITRE CALDERA before 4.1.0 allows XSS in the Operations tab and/or Debrief plugin via a crafted operation name, a different vulnerability than CVE-2022-40605. |
| CVE-2022-41139 | 2022-10-17 | MITRE CALDERA 4.1.0 allows stored XSS via app.contact.gist (aka the gist contact configuration field), leading to execution of arbitrary commands on agents. |
| CVE-2022-41431 | 2022-10-17 | xzs v3.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /admin/question/edit. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload... |
| CVE-2022-41471 | 2022-10-17 | 74cmsSE v3.12.0 allows authenticated attackers with low-level privileges to arbitrarily change the rights and credentials of the Super Administrator account. |
| CVE-2022-41472 | 2022-10-17 | 74cmsSE v3.12.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /apiadmin/notice/add. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload... |
| CVE-2022-41498 | 2022-10-17 | Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /phpinventory/editbrand.php. |
| CVE-2022-41542 | 2022-10-17 | devhub 0.102.0 was discovered to contain a broken session control. |
| CVE-2022-41751 | 2022-10-17 | Jhead 3.06.0.1 allows attackers to execute arbitrary OS commands by placing them in a JPEG filename and then using the regeneration -rgt50 option. |
| CVE-2022-42029 | 2022-10-17 | Chamilo 1.11.16 is affected by an authenticated local file inclusion vulnerability which allows authenticated users with access to 'big file uploads' to copy/move files from anywhere in the file system... |
| CVE-2022-42142 | 2022-10-17 | Online Tours & Travels Management System v1.0 is vulnerable to Arbitrary code execution via ip/tour/admin/operations/update_settings.php. |
| CVE-2022-42143 | 2022-10-17 | Open Source SACCO Management System v1.0 is vulnerable to SQL Injection via /sacco_shield/manage_payment.php. |
| CVE-2022-42147 | 2022-10-17 | kkFileView 4.0 is vulnerable to Cross Site Scripting (XSS) via controller\ Filecontroller.java. |
| CVE-2022-42149 | 2022-10-17 | kkFileView 4.0 is vulnerable to Server-side request forgery (SSRF) via controller\OnlinePreviewController.java. |
| CVE-2022-42154 | 2022-10-17 | An arbitrary file upload vulnerability in the component /apiadmin/upload/attach of 74cmsSE v3.13.0 allows attackers to execute arbitrary code via a crafted PHP file. |
| CVE-2022-42163 | 2022-10-17 | Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/fromNatStaticSetting. |
| CVE-2022-42164 | 2022-10-17 | Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetClientState. |
| CVE-2022-42165 | 2022-10-17 | Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetDeviceName. |
| CVE-2022-42166 | 2022-10-17 | Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetSpeedWan. |
| CVE-2022-42167 | 2022-10-17 | Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetFirewallCfg. |
| CVE-2022-42168 | 2022-10-17 | Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/fromSetIpMacBind. |
| CVE-2022-42169 | 2022-10-17 | Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/addWifiMacFilter. |
| CVE-2022-42170 | 2022-10-17 | Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formWifiWpsStart. |
| CVE-2022-42171 | 2022-10-17 | Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/saveParentControlInfo. |
| CVE-2022-42221 | 2022-10-17 | Netgear R6220 v1.1.0.114_1.0.1 suffers from Incorrect Access Control, resulting in a command injection vulnerability. |
| CVE-2022-42237 | 2022-10-17 | A SQL Injection issue in Merchandise Online Store v.1.0 allows an attacker to log in to the admin account. |
| CVE-2022-42975 | 2022-10-17 | socket/transport.ex in Phoenix before 1.6.14 mishandles check_origin wildcarding. NOTE: LiveView applications are unaffected by default because of the presence of a LiveView CSRF token. |
| CVE-2022-42980 | 2022-10-17 | go-admin (aka GO Admin) 2.0.12 uses the string go-admin as a production JWT key. |
| CVE-2022-42983 | 2022-10-17 | anji-plus AJ-Report 0.9.8.6 allows remote attackers to bypass login authentication by spoofing JWT Tokens. |
| CVE-2022-2052 | 2022-10-17 | TRUMPF TruTops default user accounts vulnerability |
| CVE-2022-3281 | 2022-10-17 | WAGO: multiple products - Loss of MAC-Address-Filtering after reboot |
| CVE-2022-39052 | 2022-10-17 | DoS attack using email |