CVE List - 2022 / October
Showing 1601 - 1700 of 1849 CVEs for October 2022 (Page 17 of 19)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-20959 | 2022-10-26 | Cisco Identity Services Engine Cross-Site Scripting Vulnerability |
| CVE-2022-20776 | 2022-10-26 | Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities |
| CVE-2022-40238 | 2022-10-26 | A Remote Code Injection vulnerability exists in CERT software prior to version 1.50.5 |
| CVE-2022-40703 | 2022-10-26 | CWE-302 Authentication Bypass by Assumed-Immutable Data in AliveCor Kardia App version 5.17.1-754993421 and prior on Android allows an unauthenticated attacker with physical access to the Android device containing the app... |
| CVE-2022-3714 | 2022-10-27 | SourceCodester Online Medicine Ordering System sql injection |
| CVE-2022-3716 | 2022-10-27 | SourceCodester Online Medicine Ordering System cross site scripting |
| CVE-2022-2508 | 2022-10-27 | In affected versions of Octopus Server it is possible to reveal the existence of resources in a space that the user does not have access to due to verbose error... |
| CVE-2022-3095 | 2022-10-27 | Incorrect parsing of the backslash characters in Dart library |
| CVE-2022-31898 | 2022-10-27 | gl-inet GL-MT300N-V2 Mango v3.212 and GL-AX1800 Flint v3.214 were discovered to contain multiple command injection vulnerabilities via the ping_addr and trace_addr function parameters. |
| CVE-2022-32407 | 2022-10-27 | Softr v2.0 was discovered to contain a Cross-Site Scripting (XSS) vulnerability via the First Name parameter under the Create A New Account module. This vulnerability allows attackers to execute arbitrary... |
| CVE-2022-36182 | 2022-10-27 | Hashicorp Boundary v0.8.0 is vulnerable to Clickjacking which allow for the interception of login credentials, re-direction of users to malicious sites, or causing users to perform malicious actions on the... |
| CVE-2022-3725 | 2022-10-27 | Crash in the OPUS protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file |
| CVE-2022-39329 | 2022-10-27 | Profile of disabled user stays accessible |
| CVE-2022-39330 | 2022-10-27 | Database resource exhaustion for logged-in users via sharee recommendations with circles |
| CVE-2022-39364 | 2022-10-27 | Exception logging in Sharepoint app reveals clear-text connection details |
| CVE-2022-39365 | 2022-10-27 | RCE vulnerability in Pimcore/Mail & Dynamic Text Layout |
| CVE-2022-39976 | 2022-10-27 | School Activity Updates with SMS Notification v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /modules/announcement/index.php?view=edit&id=. |
| CVE-2022-39977 | 2022-10-27 | Online Pet Shop We App v1.0 was discovered to contain an arbitrary file upload vulnerability via the Editing function in the User module. This vulnerability allows attackers to execute arbitrary... |
| CVE-2022-39978 | 2022-10-27 | Online Pet Shop We App v1.0 was discovered to contain an arbitrary file upload vulnerability via the Editing function in the Product List module. This vulnerability allows attackers to execute... |
| CVE-2022-40183 | 2022-10-27 | Reflected Cross Site Scripting (XSS) in VIDEOJET multi 4000 |
| CVE-2022-40184 | 2022-10-27 | Stored Cross Site Scripting (XSS) in VIDEOJET multi 4000 |
| CVE-2022-40874 | 2022-10-27 | Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow vulnerability in the GetParentControlInfo function, which can cause a denial of service attack through a carefully constructed http request. |
| CVE-2022-40875 | 2022-10-27 | Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow in the function GetParentControlInfo. |
| CVE-2022-40876 | 2022-10-27 | In Tenda ax1803 v1.0.0.1, the http requests handled by the fromAdvSetMacMtuWan functions, wanSpeed, cloneType, mac, can cause a stack overflow and enable remote code execution (RCE). |
| CVE-2022-42054 | 2022-10-27 | Multiple stored cross-site scripting (XSS) vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into... |
| CVE-2022-42055 | 2022-10-27 | Multiple command injection vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 via the ping and traceroute tools allow attackers to read arbitrary files on the system. |
| CVE-2022-42991 | 2022-10-27 | A stored cross-site scripting (XSS) vulnerability in Simple Online Public Access Catalog v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit... |
| CVE-2022-42992 | 2022-10-27 | Multiple stored cross-site scripting (XSS) vulnerabilities in Train Scheduler App v1.0 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Train Code, Train... |
| CVE-2022-42993 | 2022-10-27 | Password Storage Application v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Setup page. |
| CVE-2022-43340 | 2022-10-27 | A Cross-Site Request Forgery (CSRF) in dzzoffice 2.02.1_SC_UTF8 allows attackers to arbitrarily create user accounts and grant Administrator rights to regular users. |
| CVE-2022-43364 | 2022-10-27 | An access control issue in the password reset page of IP-COM EW9 V15.11.0.14(9732) allows unauthenticated attackers to arbitrarily change the admin password. |
| CVE-2022-43365 | 2022-10-27 | IP-COM EW9 V15.11.0.14(9732) was discovered to contain a buffer overflow in the formSetDebugCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string. |
| CVE-2022-43366 | 2022-10-27 | IP-COM EW9 V15.11.0.14(9732) allows unauthenticated attackers to access sensitive information via the checkLoginUser, ate, telnet, version, setDebugCfg, and boot interfaces. |
| CVE-2022-43367 | 2022-10-27 | IP-COM EW9 V15.11.0.14(9732) was discovered to contain a command injection vulnerability in the formSetDebugCfg function. |
| CVE-2022-25918 | 2022-10-27 | Regular Expression Denial of Service (ReDoS) |
| CVE-2021-45475 | 2022-10-27 | Information disclosure in Yordam Library Information Document Automation Program |
| CVE-2021-45476 | 2022-10-27 | Information disclosure in Yordam Library Information Document Automation Program |
| CVE-2022-2809 | 2022-10-27 | Unauthenticated out of bounds heap write in bmcweb |
| CVE-2022-3409 | 2022-10-27 | Unauthenticated out of bounds stack write in bmcweb |
| CVE-2022-38744 | 2022-10-27 | FactoryTalk Alarm and Events Server Vulnerable to Denial-Of-Service Attack |
| CVE-2022-41996 | 2022-10-27 | WordPress Avada premium theme <= 7.8.1 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-24670 | 2022-10-27 | Any user can run unrestricted LDAP queries against a configuration endpoint |
| CVE-2022-24669 | 2022-10-27 | Anonymous users can register / de-register for configuration change notifications |
| CVE-2022-0072 | 2022-10-27 | Directory Traversal in OpenLiteSpeed Web Server |
| CVE-2022-0073 | 2022-10-27 | Authenticated Remote Code Execution in OpenLiteSpeed Web Server |
| CVE-2022-0074 | 2022-10-27 | Privilege Escalation in OpenLiteSpeed Web Server |
| CVE-2022-41627 | 2022-10-27 | The physical IoT device of the AliveCor's KardiaMobile, a smartphone-based personal electrocardiogram (EKG) has no encryption for its data-over-sound protocols. Exploiting this vulnerability could allow an attacker to read patient... |
| CVE-2022-40965 | 2022-10-27 | Delta Electronics DIAEnergie |
| CVE-2022-41555 | 2022-10-27 | Delta Electronics DIAEnergie |
| CVE-2022-40967 | 2022-10-27 | Delta Electronics DIAEnergie |
| CVE-2022-41701 | 2022-10-27 | Delta Electronics DIAEnergie |
| CVE-2022-41773 | 2022-10-27 | Delta Electronics DIAEnergie |
| CVE-2022-41133 | 2022-10-27 | Delta Electronics DIAEnergie |
| CVE-2022-41651 | 2022-10-27 | Delta Electronics DIAEnergie |
| CVE-2022-41702 | 2022-10-27 | Delta Electronics DIAEnergie |
| CVE-2022-3385 | 2022-10-27 | Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack-based buffer overflow. An unauthorized attacker can remotely overflow the stack buffer and enable remote code execution. |
| CVE-2022-3386 | 2022-10-27 | Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack-based buffer overflow. An unauthorized attacker can use an outsized filename to overflow the stack buffer and enable remote code... |
| CVE-2022-3387 | 2022-10-27 | Advantech R-SeeNet Versions 2.4.19 and prior are vulnerable to path traversal attacks. An unauthorized attacker could remotely exploit vulnerable PHP code to delete .PDF files. |
| CVE-2022-3379 | 2022-10-27 | Horner Automation's Cscape version 9.90 SP7 and prior does not properly validate user-supplied data. If a user opens a maliciously formed FNT file, then an attacker could execute arbitrary code... |
| CVE-2022-3378 | 2022-10-27 | Horner Automation's Cscape version 9.90 SP 7 and prior does not properly validate user-supplied data. If a user opens a maliciously formed FNT file, then an attacker could execute arbitrary... |
| CVE-2022-3377 | 2022-10-27 | Horner Automation's Cscape version 9.90 SP 6 and prior does not properly validate user-supplied data. If a user opens a maliciously formed FNT file, then an attacker could execute arbitrary... |
| CVE-2022-3729 | 2022-10-28 | seccome Ehoney attack sql injection |
| CVE-2022-3734 | 2022-10-28 | Redis on Windows dbghelp.dll uncontrolled search path |
| CVE-2022-43284 | 2022-10-28 | Nginx NJS v0.7.2 to v0.7.4 was discovered to contain a segmentation violation via njs_scope_valid_value at njs_scope.h. NOTE: the vendor disputes the significance of this report because NJS does not operate... |
| CVE-2021-35387 | 2022-10-28 | Hospital Management System v 4.0 is vulnerable to SQL Injection via file:hospital/hms/admin/view-patient.php. |
| CVE-2021-35388 | 2022-10-28 | Hospital Management System v 4.0 is vulnerable to Cross Site Scripting (XSS) via /hospital/hms/admin/patient-search.php. |
| CVE-2021-37781 | 2022-10-28 | Employee Record Management System v 1.2 is vulnerable to Cross Site Scripting (XSS) via editempprofile.php. |
| CVE-2021-37782 | 2022-10-28 | Employee Record Management System v 1.2 is vulnerable to SQL Injection via editempprofile.php. |
| CVE-2021-38217 | 2022-10-28 | SEMCMS v 1.2 is vulnerable to SQL Injection via SEMCMS_User.php. |
| CVE-2021-38728 | 2022-10-28 | SEMCMS SHOP v 1.1 is vulnerable to Cross Site Scripting (XSS) via Ant_M_Coup.php. |
| CVE-2021-38729 | 2022-10-28 | SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Plist.php. |
| CVE-2021-38730 | 2022-10-28 | SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Info.php. |
| CVE-2021-38731 | 2022-10-28 | SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Zekou.php. |
| CVE-2021-38732 | 2022-10-28 | SEMCMS SHOP v 1.1 is vulnerable to SQL via Ant_Message.php. |
| CVE-2021-38733 | 2022-10-28 | SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_BlogCat.php. |
| CVE-2021-38734 | 2022-10-28 | SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Menu.php. |
| CVE-2021-38736 | 2022-10-28 | SEMCMS Shop V 1.1 is vulnerable to SQL Injection via Ant_Global.php. |
| CVE-2021-38737 | 2022-10-28 | SEMCMS v 1.1 is vulnerable to SQL Injection via Ant_Pro.php. |
| CVE-2022-26884 | 2022-10-28 | Apache DolphinScheduler exposes files without authentication |
| CVE-2022-2826 | 2022-10-28 | An issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8, all versions starting from 12.10 before 12.10.7, all versions starting from 13.0 before 13.0.1. TODO |
| CVE-2022-2882 | 2022-10-28 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1.... |
| CVE-2022-3018 | 2022-10-28 | An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 9.3 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 allows... |
| CVE-2022-31678 | 2022-10-28 | VMware Cloud Foundation (NSX-V) contains an XML External Entity (XXE) vulnerability. On VCF 3.x instances with NSX-V deployed, this may allow a user to exploit this issue leading to a... |
| CVE-2022-3697 | 2022-10-28 | A flaw was found in Ansible in the amazon.aws collection when using the tower_callback parameter from the amazon.aws.ec2_instance module. This flaw allows an attacker to take advantage of this issue... |
| CVE-2022-3730 | 2022-10-28 | seccome Ehoney falco sql injection |
| CVE-2022-3731 | 2022-10-28 | seccome Ehoney token sql injection |
| CVE-2022-3732 | 2022-10-28 | seccome Ehoney set sql injection |
| CVE-2022-3733 | 2022-10-28 | SourceCodester Web-Based Student Clearance System edit-admin.php sql injection |
| CVE-2022-3735 | 2022-10-28 | seccome Ehoney signup access control |
| CVE-2022-3741 | 2022-10-28 | Improper Restriction of Excessive Authentication Attempts in chatwoot/chatwoot |
| CVE-2022-37621 | 2022-10-28 | Prototype pollution vulnerability in function resolveShims in resolve-shims.js in thlorenz browserify-shim 3.8.15 via the fullPath variable in resolve-shims.js. |
| CVE-2022-37913 | 2022-10-28 | Vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an unauthenticated remote attacker to bypass authentication. Successful exploitation of these vulnerabilities could allow an attacker to... |
| CVE-2022-37914 | 2022-10-28 | Vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an unauthenticated remote attacker to bypass authentication. Successful exploitation of these vulnerabilities could allow an attacker to... |
| CVE-2022-37915 | 2022-10-28 | A vulnerability in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an unauthenticated remote attacker to run arbitrary commands on the underlying host. Successful exploitation of this... |
| CVE-2022-39366 | 2022-10-28 | DataHub missing JWT signature check |
| CVE-2022-39367 | 2022-10-28 | Vulnerability in handling of uploaded QTI ZIP files |
| CVE-2022-43164 | 2022-10-28 | A stored cross-site scripting (XSS) vulnerability in the Global Lists feature (/index.php?module=global_lists/lists) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected... |
| CVE-2022-43165 | 2022-10-28 | A stored cross-site scripting (XSS) vulnerability in the Global Variables feature (/index.php?module=global_vars/vars) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected... |
| CVE-2022-43166 | 2022-10-28 | A stored cross-site scripting (XSS) vulnerability in the Global Entities feature (/index.php?module=entities/entities) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected... |
| CVE-2022-43167 | 2022-10-28 | A stored cross-site scripting (XSS) vulnerability in the Users Alerts feature (/index.php?module=users_alerts/users_alerts) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected... |