CVE List - 2022 / October
Showing 101 - 200 of 1849 CVEs for October 2022 (Page 2 of 19)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-39274 | 2022-10-06 | Buffer Overflow in `ProcessRadioRxDone` in LoRaMac-node |
| CVE-2022-39275 | 2022-10-06 | Improper object type validation in saleor |
| CVE-2022-39279 | 2022-10-06 | Discourse-chat plugin susceptible to XSS in channel name and description |
| CVE-2022-39280 | 2022-10-06 | Regular expression denial of service in dparse |
| CVE-2022-39284 | 2022-10-06 | Secure or HttpOnly flag set in Config\Cookie is not reflected in Cookies issued in Codeigniter4 |
| CVE-2022-3397 | 2022-10-06 | OMRON CX-Programmer Out-of-bounds Write |
| CVE-2022-3398 | 2022-10-06 | OMRON CX-Programmer Out-of-bounds Write |
| CVE-2022-3396 | 2022-10-06 | OMRON CX-Programmer Out-of-bounds Write |
| CVE-2022-32172 | 2022-10-06 | Zinc - Cross-Site Scripting |
| CVE-2022-31252 | 2022-10-06 | permissions: chkstat does not check for group-writable parent directories or target files in safeOpen() |
| CVE-2022-32171 | 2022-10-06 | Zinc - Stored XSS |
| CVE-2022-41853 | 2022-10-06 | Remote code execution in HyperSQL DataBase |
| CVE-2022-22503 | 2022-10-06 | IBM Robotic Process Automation 21.0.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote... |
| CVE-2022-36774 | 2022-10-06 | IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to man in the middle attacks through manipulation of the client proxy configuration. IBM X-Force ID: 233575. |
| CVE-2022-38709 | 2022-10-06 | IBM Robotic Process Automation 21.0.1, 21.0.2, and 21.0.3 for Cloud Pak is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus... |
| CVE-2022-41294 | 2022-10-06 | IBM Robotic Process Automation 21.0.0, 21.0.1, 21.0.2, 21.0.3, and 21.0.4 is vulnerable to cross origin resource sharing using the bot api. IBM X-Force ID: 236807. |
| CVE-2020-15855 | 2022-10-07 | Two cross-site scripting vulnerabilities were fixed in Bodhi 5.6.1. |
| CVE-2021-40162 | 2022-10-07 | A maliciously crafted TIF, PICT, TGA, or RLC files in Autodesk Image Processing component may be forced to read beyond allocated boundaries when parsing the TIFF, PICT, TGA, or RLC... |
| CVE-2021-40163 | 2022-10-07 | A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through Autodesk Image Processing component. |
| CVE-2021-40164 | 2022-10-07 | A heap-based buffer overflow could occur while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code. |
| CVE-2021-40165 | 2022-10-07 | A maliciously crafted TIFF, PICT, TGA, or RLC file in Autodesk Image Processing component may be used to write beyond the allocated buffer while parsing TIFF, PICT, TGA, or RLC... |
| CVE-2021-40166 | 2022-10-07 | A maliciously crafted PNG file in Autodesk Image Processing component may be used to attempt to free an object that has already been freed while parsing them. This vulnerability may... |
| CVE-2022-26452 | 2022-10-07 | In isp, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not... |
| CVE-2022-26471 | 2022-10-07 | In telephony, there is a possible escalation of privilege due to a parcel format mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User... |
| CVE-2022-26472 | 2022-10-07 | In ims, there is a possible escalation of privilege due to a parcel format mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User... |
| CVE-2022-26473 | 2022-10-07 | In vdec fmt, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is... |
| CVE-2022-26474 | 2022-10-07 | In sensorhub, there is a possible out of bounds write due to an incorrect calculation of buffer size. This could lead to local escalation of privilege with System execution privileges... |
| CVE-2022-26475 | 2022-10-07 | In wlan, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2022-31680 | 2022-10-07 | The vCenter Server contains an unsafe deserialisation vulnerability in the PSC (Platform services controller). A malicious actor with admin access on vCenter server may exploit this issue to execute arbitrary... |
| CVE-2022-31681 | 2022-10-07 | VMware ESXi contains a null-pointer deference vulnerability. A malicious actor with privileges within the VMX process only, may create a denial of service condition on the host. |
| CVE-2022-32589 | 2022-10-07 | In Wi-Fi driver, there is a possible way to disconnect Wi-Fi due to an improper resource release. This could lead to remote denial of service with no additional execution privileges... |
| CVE-2022-32590 | 2022-10-07 | In wlan, there is a possible use after free due to an incorrect status check. This could lead to local escalation of privilege with System execution privileges needed. User interaction... |
| CVE-2022-32591 | 2022-10-07 | In ril, there is a possible system crash due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction... |
| CVE-2022-32592 | 2022-10-07 | In cpu dvfs, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed.... |
| CVE-2022-32593 | 2022-10-07 | In vowe, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2022-3275 | 2022-10-07 | Puppetlabs-apt Command Injection |
| CVE-2022-3276 | 2022-10-07 | Puppetlabs-mysql Command Injection |
| CVE-2022-3422 | 2022-10-07 | Improper Privilege Management in tooljet/tooljet |
| CVE-2022-3423 | 2022-10-07 | Allocation of Resources Without Limits or Throttling in nocodb/nocodb |
| CVE-2022-36634 | 2022-10-07 | An access control issue in ZKTeco ZKBioSecurity V5000 3.0.5_r allows attackers to arbitrarily create admin users via a crafted HTTP request. |
| CVE-2022-36635 | 2022-10-07 | ZKteco ZKBioSecurity V5000 4.1.3 was discovered to contain a SQL injection vulnerability via the component /baseOpLog.do. |
| CVE-2022-36868 | 2022-10-07 | Improper restriction of broadcasting Intent in MouseNKeyHidDevice prior to SMR Oct-2022 Release 1 leaks MAC address of the connected Bluetooth device. |
| CVE-2022-37885 | 2022-10-07 | There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management... |
| CVE-2022-37886 | 2022-10-07 | There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management... |
| CVE-2022-37887 | 2022-10-07 | There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management... |
| CVE-2022-37889 | 2022-10-07 | There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management... |
| CVE-2022-37890 | 2022-10-07 | Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Successful exploitation results in the execution of arbitrary commands on the underlying operating system of... |
| CVE-2022-37891 | 2022-10-07 | Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Successful exploitation results in the execution of arbitrary commands on the underlying operating system of... |
| CVE-2022-37892 | 2022-10-07 | A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of... |
| CVE-2022-37893 | 2022-10-07 | An authenticated command injection vulnerability exists in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands as... |
| CVE-2022-37894 | 2022-10-07 | An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability... |
| CVE-2022-37895 | 2022-10-07 | An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability... |
| CVE-2022-37896 | 2022-10-07 | A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the... |
| CVE-2022-39847 | 2022-10-07 | Use after free vulnerability in set_nft_pid and signal_handler function of NFC driver prior to SMR Oct-2022 Release 1 allows attackers to perform malicious actions. |
| CVE-2022-39848 | 2022-10-07 | Exposure of sensitive information in AT_Distributor prior to SMR Oct-2022 Release 1 allows local attacker to access SerialNo via log. |
| CVE-2022-39849 | 2022-10-07 | Improper access control in knox_vpn_policy service prior to SMR Oct-2022 Release 1 allows allows unauthorized read of configuration data. |
| CVE-2022-39850 | 2022-10-07 | Improper access control in mum_container_policy service prior to SMR Oct-2022 Release 1 allows allows unauthorized read of configuration data. |
| CVE-2022-39851 | 2022-10-07 | Improper access control vulnerability in CocktailBarService prior to SMR Oct-2022 Release 1 allows local attacker to bind service that require BIND_REMOTEVIEWS permission. |
| CVE-2022-39852 | 2022-10-07 | A heap-based overflow vulnerability in makeContactAGIF in libagifencoder.quram.so library prior to SMR Oct-2022 Release 1 allows attacker to perform code execution. |
| CVE-2022-39853 | 2022-10-07 | A use after free vulnerability in perf-mgr driver prior to SMR Oct-2022 Release 1 allows attacker to cause memory access fault. |
| CVE-2022-39854 | 2022-10-07 | Improper protection in IOMMU prior to SMR Oct-2022 Release 1 allows unauthorized access to secure memory. |
| CVE-2022-39855 | 2022-10-07 | Improper access control vulnerability in FACM application prior to SMR Oct-2022 Release 1 allows a local attacker to connect arbitrary AP and Bluetooth devices. |
| CVE-2022-39856 | 2022-10-07 | Improper access control vulnerability in imsservice application prior to SMR Oct-2022 Release 1 allows local attackers to access call information. |
| CVE-2022-39857 | 2022-10-07 | Improper access control vulnerability in CameraTestActivity in FactoryCameraFB prior to version 3.5.51 allows attackers to access broadcasting Intent as system uid privilege. |
| CVE-2022-39858 | 2022-10-07 | Path traversal vulnerability in AtBroadcastReceiver in FactoryCamera prior to version 3.5.51 allows attackers to write arbitrary file as FactoryCamera privilege. |
| CVE-2022-39859 | 2022-10-07 | Implicit intent hijacking vulnerability in UPHelper library prior to version 3.0.12 allows attackers to access sensitive information via implicit intent. |
| CVE-2022-39860 | 2022-10-07 | Improper access control vulnerability in QuickShare prior to version 13.2.3.5 allows attackers to access sensitive information via implicit broadcast. |
| CVE-2022-39861 | 2022-10-07 | Unprotected Receiver in AtBroadcastReceiver in FactoryCamera prior to version 3.5.51 allows attackers to record video without camera privilege. |
| CVE-2022-39862 | 2022-10-07 | Improper authorization in Dynamic Lockscreen prior to SMR Sep-2022 Release 1 in Android R(11) and 3.3.03.66 in Android S(12) allows unauthorized use of javascript interface api. |
| CVE-2022-39863 | 2022-10-07 | Intent redirection vulnerability in Samsung Account prior to version 13.5.01.3 allows attackers to access content providers without permission. |
| CVE-2022-39864 | 2022-10-07 | Improper access control vulnerability in WifiSetupLaunchHelper in SmartThings prior to version 1.7.89.25 allows attackers to access sensitive information via implicit intent. |
| CVE-2022-39865 | 2022-10-07 | Improper access control vulnerability in ContentsSharingActivity.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast. |
| CVE-2022-39866 | 2022-10-07 | Improper access control vulnerability in RegisteredEventMediator.kt SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast. |
| CVE-2022-39867 | 2022-10-07 | Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via SHOW_PERSISTENT_BANNER broadcast. |
| CVE-2022-39868 | 2022-10-07 | Improper access control vulnerability in GedSamsungAccount.kt SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast. |
| CVE-2022-39869 | 2022-10-07 | Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via REMOVE_PERSISTENT_BANNER broadcast. |
| CVE-2022-39870 | 2022-10-07 | Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via PUSH_MESSAGE_RECEIVED broadcast. |
| CVE-2022-39871 | 2022-10-07 | Improper access control vulnerability cloudNotificationManager.java in SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcasts. |
| CVE-2022-39872 | 2022-10-07 | Improper restriction of broadcasting Intent in ShareLive prior to version 13.2.03.5 leaks MAC address of the connected Bluetooth device. |
| CVE-2022-39873 | 2022-10-07 | Improper authorization vulnerability in Samsung Internet prior to version 18.0.4.14 allows physical attackers to add bookmarks in secret mode without user authentication. |
| CVE-2022-39874 | 2022-10-07 | Sensitive log information leakage vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout. |
| CVE-2022-39875 | 2022-10-07 | Improper component protection vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout. |
| CVE-2022-39876 | 2022-10-07 | Insertion of Sensitive Information into Log in PushRegIdUpdateClient of SReminder prior to 8.2.01.13 allows attacker to access device IMEI. |
| CVE-2022-39878 | 2022-10-07 | Improper access control vulnerability in Samsung Checkout prior to version 5.0.55.3 allows attackers to access sensitive information via implicit intent broadcast. |
| CVE-2022-39959 | 2022-10-07 | Panini Everest Engine 2.0.4 allows unprivileged users to create a file named Everest.exe in the %PROGRAMDATA%\Panini folder. This leads to privilege escalation because a service, running as SYSTEM, uses the... |
| CVE-2022-40824 | 2022-10-07 | B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_where() function. Note: Multiple third parties have disputed this as not a valid vulnerability. |
| CVE-2022-40825 | 2022-10-07 | B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php where_in() function. Note: Multiple third parties have disputed this as not a valid vulnerability. |
| CVE-2022-40826 | 2022-10-07 | B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_having() function. Note: Multiple third parties have disputed this as not a valid vulnerability. |
| CVE-2022-40829 | 2022-10-07 | B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_like() function. Note: Multiple third parties have disputed this as not a valid vulnerability. |
| CVE-2022-40830 | 2022-10-07 | B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php where_not_in() function. Note: Multiple third parties have disputed this as not a valid vulnerability. |
| CVE-2022-40831 | 2022-10-07 | B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php like() function. Note: Multiple third parties have disputed this as not a valid vulnerability. |
| CVE-2022-40832 | 2022-10-07 | B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php having() function. Note: Multiple third parties have disputed this as not a valid vulnerability. |
| CVE-2022-40833 | 2022-10-07 | B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_where_in() function. Note: Multiple third parties have disputed this as not a valid vulnerability. |
| CVE-2022-40834 | 2022-10-07 | B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_not_like() function. Note: Multiple third parties have disputed this as not a valid vulnerability. |
| CVE-2022-40835 | 2022-10-07 | B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php. Note: Multiple third parties have disputed this as not a valid vulnerability |
| CVE-2022-41377 | 2022-10-07 | Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /pet_shop/admin/?page=maintenance/manage_category. |
| CVE-2022-41378 | 2022-10-07 | Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /pet_shop/admin/?page=inventory/manage_inventory. |
| CVE-2022-41379 | 2022-10-07 | An arbitrary file upload vulnerability in the component /leave_system/classes/Users.php?f=save of Online Leave Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. |
| CVE-2022-41392 | 2022-10-07 | A cross-site scripting (XSS) vulnerability in TotalJS commit 8c2c8909 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website name text field under... |
| CVE-2022-41414 | 2022-10-07 | An insecure default in the component auth.login.prompt.enabled of Liferay Portal v7.0.0 through v7.4.2 allows attackers to enumerate usernames, site names, and pages. |