CVE List - 2022 / October
Showing 1501 - 1600 of 1849 CVEs for October 2022 (Page 16 of 19)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-32574 | 2022-10-25 | A double-free vulnerability exists in the web interface /action/ipcamSetParamPost functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to memory corruption.... |
| CVE-2022-32586 | 2022-10-25 | An OS command injection vulnerability exists in the web interface /action/ipcamRecordPost functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to... |
| CVE-2022-32760 | 2022-10-25 | A denial of service vulnerability exists in the XCMD doDebug functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted XCMD can lead to denial of... |
| CVE-2022-32765 | 2022-10-25 | An OS command injection vulnerability exists in the sysupgrade command injection functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker... |
| CVE-2022-32773 | 2022-10-25 | An OS command injection vulnerability exists in the XCMD doDebug functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted XCMD can lead to arbitrary command... |
| CVE-2022-32775 | 2022-10-25 | An integer overflow vulnerability exists in the web interface /action/ipcamRecordPost functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to memory... |
| CVE-2022-33150 | 2022-10-25 | An OS command injection vulnerability exists in the js_package install functionality of Robustel R1510 3.1.16. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a... |
| CVE-2022-33189 | 2022-10-25 | An OS command injection vulnerability exists in the XCMD setAlexa functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z. A specially-crafted XCMD can lead to arbitrary command execution. An... |
| CVE-2022-33192 | 2022-10-25 | Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A XCMD can lead to arbitrary command execution.... |
| CVE-2022-33193 | 2022-10-25 | Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A XCMD can lead to arbitrary command execution.... |
| CVE-2022-33194 | 2022-10-25 | Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A XCMD can lead to arbitrary command execution.... |
| CVE-2022-33195 | 2022-10-25 | Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A XCMD can lead to arbitrary command execution.... |
| CVE-2022-33204 | 2022-10-25 | Four OS command injection vulnerabilities exists in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to... |
| CVE-2022-33205 | 2022-10-25 | Four OS command injection vulnerabilities exists in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to... |
| CVE-2022-33206 | 2022-10-25 | Four OS command injection vulnerabilities exists in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to... |
| CVE-2022-33207 | 2022-10-25 | Four OS command injection vulnerabilities exists in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to... |
| CVE-2022-33897 | 2022-10-25 | A directory traversal vulnerability exists in the web_server /ajax/remove/ functionality of Robustel R1510 3.1.16. A specially-crafted network request can lead to arbitrary file deletion. An attacker can send a sequence... |
| CVE-2022-33938 | 2022-10-25 | A format string injection vulnerability exists in the ghome_process_control_packet functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted XCMD can lead to memory corruption, information... |
| CVE-2022-34845 | 2022-10-25 | A firmware update vulnerability exists in the sysupgrade functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network packet can lead to arbitrary firmware update. An attacker can send a... |
| CVE-2022-34850 | 2022-10-25 | An OS command injection vulnerability exists in the web_server /action/import_authorized_keys/ functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can... |
| CVE-2022-35244 | 2022-10-25 | A format string injection vulnerability exists in the XCMD getVarHA functionality of abode systems, inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted XCMD can lead to memory corruption,... |
| CVE-2022-35261 | 2022-10-25 | A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can... |
| CVE-2022-35262 | 2022-10-25 | A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can... |
| CVE-2022-35263 | 2022-10-25 | A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can... |
| CVE-2022-35264 | 2022-10-25 | A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can... |
| CVE-2022-35265 | 2022-10-25 | A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can... |
| CVE-2022-35266 | 2022-10-25 | A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can... |
| CVE-2022-35267 | 2022-10-25 | A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can... |
| CVE-2022-35268 | 2022-10-25 | A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can... |
| CVE-2022-35269 | 2022-10-25 | A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can... |
| CVE-2022-35270 | 2022-10-25 | A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can... |
| CVE-2022-35271 | 2022-10-25 | A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can... |
| CVE-2022-35874 | 2022-10-25 | Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. Specially-crafted configuration values can lead to memory corruption,... |
| CVE-2022-35875 | 2022-10-25 | Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. Specially-crafted configuration values can lead to memory corruption,... |
| CVE-2022-35876 | 2022-10-25 | Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. Specially-crafted configuration values can lead to memory corruption,... |
| CVE-2022-35877 | 2022-10-25 | Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. Specially-crafted configuration values can lead to memory corruption,... |
| CVE-2022-35878 | 2022-10-25 | Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted UPnP negotiation can lead to memory... |
| CVE-2022-35879 | 2022-10-25 | Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted UPnP negotiation can lead to memory... |
| CVE-2022-35880 | 2022-10-25 | Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted UPnP negotiation can lead to memory... |
| CVE-2022-35881 | 2022-10-25 | Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted UPnP negotiation can lead to memory... |
| CVE-2022-35884 | 2022-10-25 | Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to... |
| CVE-2022-35885 | 2022-10-25 | Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to... |
| CVE-2022-35886 | 2022-10-25 | Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to... |
| CVE-2022-35887 | 2022-10-25 | Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to... |
| CVE-2022-38436 | 2022-10-25 | Adobe Illustrator CDR File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| CVE-2022-38435 | 2022-10-25 | Adobe Illustrator PCX File Parsing Memory Corruption Remote Code Execution Vulnerability |
| CVE-2022-27912 | 2022-10-25 | [20221001] - Core - Debug Mode leaks full request payloads including passwords |
| CVE-2022-27913 | 2022-10-25 | [20221002] - Core - RXSS through reflection of user input in headings |
| CVE-2022-3474 | 2022-10-26 | Bazel leaks user credentials through the remote assets API |
| CVE-2022-3671 | 2022-10-26 | SourceCodester eLearning System manage.php sql injection |
| CVE-2022-3704 | 2022-10-26 | Ruby on Rails _table.html.erb cross site scripting |
| CVE-2022-43747 | 2022-10-26 | baramundi Management Agent (bMA) in baramundi Management Suite (bMS) 2021 R1 and R2 and 2022 R1 allows remote code execution. This is fixed in security update S-2022-01, which contains fixed... |
| CVE-2022-2782 | 2022-10-26 | In affected versions of Octopus Server it is possible for a session token to be valid indefinitely due to improper validation of the session token parameters. |
| CVE-2022-3363 | 2022-10-26 | Business Logic Errors in ikus060/rdiffweb |
| CVE-2022-3662 | 2022-10-26 | Axiomatic Bento4 mp42hls Ap4Sample.h GetOffset use after free |
| CVE-2022-3663 | 2022-10-26 | Axiomatic Bento4 MP4fragment Ap4StsdAtom.cpp AP4_StsdAtom null pointer dereference |
| CVE-2022-3664 | 2022-10-26 | Axiomatic Bento4 avcinfo Ap4BitStream.cpp WriteBytes heap-based overflow |
| CVE-2022-3665 | 2022-10-26 | Axiomatic Bento4 avcinfo AvcInfo.cpp heap-based overflow |
| CVE-2022-3666 | 2022-10-26 | Axiomatic Bento4 mp42ts Ap4LinearReader.cpp Advance use after free |
| CVE-2022-3667 | 2022-10-26 | Axiomatic Bento4 mp42aac Ap4ByteStream.cpp WritePartial heap-based overflow |
| CVE-2022-3668 | 2022-10-26 | Axiomatic Bento4 mp4edit CreateAtomFromStream memory leak |
| CVE-2022-3669 | 2022-10-26 | Axiomatic Bento4 mp4edit Create memory leak |
| CVE-2022-3670 | 2022-10-26 | Axiomatic Bento4 mp42hevc WriteSample heap-based overflow |
| CVE-2022-3672 | 2022-10-26 | SourceCodester Sanitization Management System SystemSettings.php cross site scripting |
| CVE-2022-3673 | 2022-10-26 | SourceCodester Sanitization Management System Master.php cross site scripting |
| CVE-2022-3674 | 2022-10-26 | SourceCodester Sanitization Management System missing authentication |
| CVE-2022-3705 | 2022-10-26 | vim autocmd quickfix.c qf_update_buffer use after free |
| CVE-2022-37202 | 2022-10-26 | JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/advicefeedback/list |
| CVE-2022-39286 | 2022-10-26 | Execution with Unnecessary Privileges in JupyterApp |
| CVE-2022-39348 | 2022-10-26 | Twisted vulnerable to NameVirtualHost Host header injection |
| CVE-2022-39355 | 2022-10-26 | Discourse Patreon vulnerable to improper validation of email during Patreon authentication |
| CVE-2022-39357 | 2022-10-26 | Winter vulnerable to Prototype Pollution in Snowboard framework |
| CVE-2022-39358 | 2022-10-26 | Metabase vulnerable to circumvention of Locked parameter in Signed Embedding |
| CVE-2022-39359 | 2022-10-26 | Metabase's GeoJSON validation doesn't prevent redirects to blocked URLs |
| CVE-2022-39360 | 2022-10-26 | Metabase SSO users able to circumvent IdP login by doing password reset |
| CVE-2022-39361 | 2022-10-26 | Metabase vulnerable to Remote Code Execution via H2 |
| CVE-2022-39362 | 2022-10-26 | Metabase vulnerable to arbitrary SQL execution from queryhash |
| CVE-2022-39944 | 2022-10-26 | The Apache Linkis JDBC EngineConn module has a RCE Vulnerability |
| CVE-2022-42468 | 2022-10-26 | Apache Flume prior to 1.11.0 has an Improper Input Validation (JNDI Injection) in JMSSource |
| CVE-2022-42998 | 2022-10-26 | D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the srcip parameter at /goform/form2IPQoSTcAdd. |
| CVE-2022-42999 | 2022-10-26 | D-Link DIR-816 A2 1.10 B05 was discovered to contain multiple command injection vulnerabilities via the admuser and admpass parameters at /goform/setSysAdm. |
| CVE-2022-43000 | 2022-10-26 | D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the wizardstep4_pskpwd parameter at /goform/form2WizardStep4. |
| CVE-2022-43001 | 2022-10-26 | D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the pskValue parameter in the setSecurity function. |
| CVE-2022-43002 | 2022-10-26 | D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the wizardstep54_pskpwd parameter at /goform/form2WizardStep54. |
| CVE-2022-43003 | 2022-10-26 | D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the pskValue parameter in the setRepeaterSecurity function. |
| CVE-2022-43750 | 2022-10-26 | drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user-space client to corrupt the monitor's internal memory. |
| CVE-2022-43766 | 2022-10-26 | Apache IoTDB prior to 0.13.3 allows DoS |
| CVE-2022-43774 | 2022-10-26 | The HandlerPageP_KID class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system. |
| CVE-2022-43775 | 2022-10-26 | The HICT_Loop class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system. |
| CVE-2022-43776 | 2022-10-26 | The url parameter of the /api/geojson endpoint in Metabase versions <44.5 can be used to perform Server Side Request Forgery attacks. Previously implemented blacklists could be circumvented by leveraging 301... |
| CVE-2022-25849 | 2022-10-26 | Cross-site Scripting (XSS) |
| CVE-2022-31256 | 2022-10-26 | sendmail: mail to root privilege escalation via sm-client.pre script |
| CVE-2022-43749 | 2022-10-26 | Improper privilege management vulnerability in summary report management in Synology Presto File Server before 2.1.2-1601 allows remote authenticated users to bypass security constraint via unspecified vectors. |
| CVE-2022-43748 | 2022-10-26 | Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in file operation management in Synology Presto File Server before 2.1.2-1601 allows remote attackers to write arbitrary files... |
| CVE-2022-20811 | 2022-10-26 | Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities |
| CVE-2022-20822 | 2022-10-26 | Cisco Identity Services Engine Unauthorized File Access Vulnerability |
| CVE-2022-20933 | 2022-10-26 | Cisco Meraki MX and Z3 Teleworker Gateway VPN Denial of Service Vulnerability |
| CVE-2022-20953 | 2022-10-26 | Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities |
| CVE-2022-20954 | 2022-10-26 | Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities |
| CVE-2022-20955 | 2022-10-26 | Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities |