CVE List - 2022 / October
Showing 1701 - 1800 of 1849 CVEs for October 2022 (Page 18 of 19)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-43167 | 2022-10-28 | A stored cross-site scripting (XSS) vulnerability in the Users Alerts... |
| CVE-2022-43168 | 2022-10-28 | Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability... |
| CVE-2022-43169 | 2022-10-28 | A stored cross-site scripting (XSS) vulnerability in the Users Access... |
| CVE-2022-43170 | 2022-10-28 | A stored cross-site scripting (XSS) vulnerability in the Dashboard Configuration... |
| CVE-2022-43228 | 2022-10-28 | Barangay Management System v1.0 was discovered to contain a SQL... |
| CVE-2022-43229 | 2022-10-28 | Simple Cold Storage Management System v1.0 was discovered to contain... |
| CVE-2022-43230 | 2022-10-28 | Simple Cold Storage Management System v1.0 was discovered to contain... |
| CVE-2022-43231 | 2022-10-28 | Canteen Management System v1.0 was discovered to contain an arbitrary... |
| CVE-2022-43232 | 2022-10-28 | Canteen Management System v1.0 was discovered to contain a SQL... |
| CVE-2022-43233 | 2022-10-28 | Canteen Management System v1.0 was discovered to contain a SQL... |
| CVE-2022-43275 | 2022-10-28 | Canteen Management System v1.0 was discovered to contain an arbitrary... |
| CVE-2022-43276 | 2022-10-28 | Canteen Management System v1.0 was discovered to contain a SQL... |
| CVE-2022-43280 | 2022-10-28 | wasm-interp v1.0.29 was discovered to contain an out-of-bounds read via... |
| CVE-2022-43281 | 2022-10-28 | wasm-interp v1.0.29 was discovered to contain a heap overflow via... |
| CVE-2022-43282 | 2022-10-28 | wasm-interp v1.0.29 was discovered to contain an out-of-bounds read via... |
| CVE-2022-43283 | 2022-10-28 | wasm2c v1.0.29 was discovered to contain an abort in CWriter::Write. |
| CVE-2022-43285 | 2022-10-28 | Nginx NJS v0.7.4 was discovered to contain a segmentation violation... |
| CVE-2022-43286 | 2022-10-28 | Nginx NJS v0.7.2 was discovered to contain a heap-use-after-free bug... |
| CVE-2022-33859 | 2022-10-28 | Unrestricted file upload in Eaton Foreseer EPMS |
| CVE-2021-36206 | 2022-10-28 | CEVAS |
| CVE-2021-38399 | 2022-10-28 | Honeywell Experion PKS and ACE Controllers Relative Path Traversal |
| CVE-2021-38395 | 2022-10-28 | Honeywell Experion PKS and ACE Controllers Injection |
| CVE-2021-38397 | 2022-10-28 | Honeywell Experion PKS and ACE Controllers Unrestricted Upload of File with Dangerous Type |
| CVE-2022-3616 | 2022-10-28 | OctoRPKI crash when maximum iterations number is reached |
| CVE-2022-3512 | 2022-10-28 | Lock WARP switch bypass using warp-cli 'add-trusted-ssid' command |
| CVE-2022-3321 | 2022-10-28 | Lock WARP switch feature bypass on WARP mobile client for iOS |
| CVE-2022-3337 | 2022-10-28 | Lock WARP switch bypass by removing VPN profile on iOS mobile client |
| CVE-2022-3322 | 2022-10-28 | Lock WARP switch bypass on WARP mobile client using iOS quick action |
| CVE-2022-3320 | 2022-10-28 | Bypassing Cloudflare Zero Trust policies using warp-cli set-custom-endpoint command |
| CVE-2022-37424 | 2022-10-28 | The FILES Directive allows arbitrary files from the frontend system (including sensitive files) to be included when a VM is started from that template, which may result in Information Disclosure. |
| CVE-2022-37425 | 2022-10-28 | The FILES directive inside a VM template allows execution of uploaded files when the template is instantiated, resulting in a Remote Code Execution (RCE) attack. |
| CVE-2022-37426 | 2022-10-28 | Unrestricted Upload of File with Dangerous Type vulnerability in OpenNebula... |
| CVE-2021-36858 | 2022-10-28 | WordPress Testimonials plugin <= 2.6 - Auth. Stored Cross-Site Scripting (XSS) vulnerability |
| CVE-2021-36863 | 2022-10-28 | WordPress Quiz And Survey Master plugin <= 7.3.4 - Auth. Stored Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-2864 | 2022-10-28 | The demon image annotation plugin for WordPress is vulnerable to... |
| CVE-2022-3400 | 2022-10-28 | The Bricks theme for WordPress is vulnerable to authorization bypass... |
| CVE-2021-36864 | 2022-10-28 | WordPress Quiz And Survey Master plugin <= 7.3.4 - Auth. Reflected Cross-Site Scripting (XSS) vulnerability |
| CVE-2021-36898 | 2022-10-28 | WordPress Quiz And Survey Master plugin <= 7.3.4 - Auth. SQL Injection (SQLi) vulnerability |
| CVE-2022-41648 | 2022-10-28 | The HEIDENHAIN Controller TNC 640, version 340590 07 SP5, running... |
| CVE-2022-2474 | 2022-10-28 | Authentication is currently unsupported in Haas Controller version 100.20.000.1110 when... |
| CVE-2022-2475 | 2022-10-28 | Haas Controller version 100.20.000.1110 has insufficient granularity of access control... |
| CVE-2022-41636 | 2022-10-28 | Communication traffic involving "Ethernet Q Commands" service of Haas Controller... |
| CVE-2022-3228 | 2022-10-28 | Using custom code, an attacker can write into name or... |
| CVE-2022-3401 | 2022-10-28 | The Bricks theme for WordPress is vulnerable to remote code... |
| CVE-2022-3402 | 2022-10-28 | The Log HTTP Requests plugin for WordPress is vulnerable to... |
| CVE-2022-3708 | 2022-10-28 | The Web Stories plugin for WordPress is vulnerable to Server-Side... |
| CVE-2022-41973 | 2022-10-29 | multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to... |
| CVE-2022-41974 | 2022-10-29 | multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to... |
| CVE-2022-42916 | 2022-10-29 | In curl before 7.86.0, the HSTS check could be bypassed... |
| CVE-2022-44023 | 2022-10-29 | PwnDoc through 0.5.3 might allow remote attackers to identify disabled... |
| CVE-2021-42777 | 2022-10-29 | Stimulsoft (aka Stimulsoft Reports) 2013.1.1600.0, when Compilation Mode is used,... |
| CVE-2022-3754 | 2022-10-29 | Weak Password Requirements in thorsten/phpmyfaq |
| CVE-2022-42915 | 2022-10-29 | curl before 7.86.0 has a double free. If curl is... |
| CVE-2022-44019 | 2022-10-29 | In Total.js 4 before 0e5ace7, /api/common/ping can achieve remote command... |
| CVE-2022-44020 | 2022-10-29 | An issue was discovered in OpenStack Sushy-Tools through 0.21.0 and... |
| CVE-2022-44022 | 2022-10-29 | PwnDoc through 0.5.3 might allow remote attackers to identify valid... |
| CVE-2022-44032 | 2022-10-30 | An issue was discovered in the Linux kernel through 6.0.6.... |
| CVE-2022-44033 | 2022-10-30 | An issue was discovered in the Linux kernel through 6.0.6.... |
| CVE-2022-44034 | 2022-10-30 | An issue was discovered in the Linux kernel through 6.0.6.... |
| CVE-2020-21016 | 2022-10-31 | D-Link DIR-846 devices with firmware 100A35 allow remote attackers to... |
| CVE-2021-40241 | 2022-10-31 | xfig 3.2.7 is vulnerable to Buffer Overflow. |
| CVE-2021-40661 | 2022-10-31 | A remote, unauthenticated, directory traversal vulnerability was identified within the... |
| CVE-2022-2167 | 2022-10-31 | Newspaper < 12 - Reflected Cross-Site Scripting |
| CVE-2022-2190 | 2022-10-31 | Envira Gallery Lite < 1.8.4.7 - Reflected Cross-Site Scripting |
| CVE-2022-2627 | 2022-10-31 | Newspaper < 12 - Reflected Cross-Site Scripting |
| CVE-2022-27583 | 2022-10-31 | A remote unprivileged attacker can interact with the configuration interface... |
| CVE-2022-3096 | 2022-10-31 | WP Total Hacks <= 4.7.2 - Subscriber+ Arbitrary Options Update to Stored XSS |
| CVE-2022-31690 | 2022-10-31 | Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior... |
| CVE-2022-31692 | 2022-10-31 | Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior... |
| CVE-2022-3237 | 2022-10-31 | WP Contact Slider < 2.4.8 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-3254 | 2022-10-31 | AWP Classifieds Plugin < 4.3 - Unauthenticated SQLi |
| CVE-2022-3334 | 2022-10-31 | Easy WP SMTP < 1.5.0 - Admin+ PHP Objection Injection |
| CVE-2022-3357 | 2022-10-31 | Smart Slider 3 < 3.5.1.11 - PHP Object Injection |
| CVE-2022-3360 | 2022-10-31 | LearnPress < 4.1.7.2 - Unauthenticated PHP Object Injection via REST API |
| CVE-2022-3366 | 2022-10-31 | PublishPress Capabilities < 2.5.2 - Admin+ PHP Objection Injection |
| CVE-2022-3374 | 2022-10-31 | Ocean Extra < 2.0.5 - Admin+ PHP Objection Injection |
| CVE-2022-3380 | 2022-10-31 | Customizer Export/Import < 0.9.5 - Admin+ PHP Objection Injection |
| CVE-2022-3408 | 2022-10-31 | WP Word Count <= 3.2.3 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-3419 | 2022-10-31 | Automatic User Roles Switcher < 1.1.2 - Subscriber+ Privilege Escalation |
| CVE-2022-3420 | 2022-10-31 | Official Integration for Billingo < 3.4.0 - ShopManager+ Stored XSS |
| CVE-2022-3440 | 2022-10-31 | Rock Convert < 2.6.0 - Reflected Cross-Site Scripting |
| CVE-2022-3441 | 2022-10-31 | Rock Convert < 2.11.0 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-3499 | 2022-10-31 | An authenticated attacker could utilize the identical agent and cluster... |
| CVE-2022-37620 | 2022-10-31 | A Regular Expression Denial of Service (ReDoS) flaw was found... |
| CVE-2022-37623 | 2022-10-31 | Prototype pollution vulnerability in function resolveShims in resolve-shims.js in thlorenz... |
| CVE-2022-3765 | 2022-10-31 | Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq |
| CVE-2022-3766 | 2022-10-31 | Cross-site Scripting (XSS) - Reflected in thorsten/phpmyfaq |
| CVE-2022-3770 | 2022-10-31 | Yunjing CMS upload_img.html unrestricted upload |
| CVE-2022-3771 | 2022-10-31 | easyii CMS File Upload Management Upload.php file unrestricted upload |
| CVE-2022-3774 | 2022-10-31 | SourceCodester Train Scheduler App resource injection |
| CVE-2022-3783 | 2022-10-31 | node-red-dashboard ui_text Format ui-component-ctrl.js cross site scripting |
| CVE-2022-3784 | 2022-10-31 | Axiomatic Bento4 mp4hls Ap4Mp4AudioInfo.cpp ReadBits heap-based overflow |
| CVE-2022-3785 | 2022-10-31 | Axiomatic Bento4 Avcinfo SetDataSize heap-based overflow |
| CVE-2022-39294 | 2022-10-31 | (DoS) Denial of Service from unchecked request length in conduit-hyper |
| CVE-2022-40471 | 2022-10-31 | Remote Code Execution in Clinic's Patient Management System v 1.0... |
| CVE-2022-40487 | 2022-10-31 | ProcessWire v3.0.200 was discovered to contain multiple cross-site scripting (XSS)... |
| CVE-2022-40488 | 2022-10-31 | ProcessWire v3.0.200 was discovered to contain a Cross-Site Request Forgery... |
| CVE-2022-40617 | 2022-10-31 | strongSwan before 5.9.8 allows remote attackers to cause a denial... |
| CVE-2022-43148 | 2022-10-31 | rtf2html v0.2.0 was discovered to contain a heap overflow in... |
| CVE-2022-43151 | 2022-10-31 | timg v1.4.4 was discovered to contain a memory leak via... |