CVE List - 2022 / October
Showing 601 - 700 of 1849 CVEs for October 2022 (Page 7 of 19)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-42078 | 2022-10-12 | Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet. |
| CVE-2022-42079 | 2022-10-12 | Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 was discovered to contain a stack overflow via the function formWifiBasicSet. |
| CVE-2022-42080 | 2022-10-12 | Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 was discovered to contain a heap overflow via sched_start_time parameter. |
| CVE-2022-42081 | 2022-10-12 | Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 was discovered to contain a stack overflow via sched_end_time parameter. |
| CVE-2022-42086 | 2022-10-12 | Tenda AX1803 US_AX1803v2.0br_v1.0.0.1_2994_CN_ZGYD01_4 is vulnerable to Cross Site Request Forgery (CSRF) via function TendaAteMode. |
| CVE-2022-42087 | 2022-10-12 | Tenda AX1803 US_AX1803v2.0br_v1.0.0.1_2994_CN_ZGYD01_4 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot. |
| CVE-2022-42711 | 2022-10-12 | In Progress WhatsUp Gold before 22.1.0, an SNMP MIB Walker application endpoint failed to adequately sanitize malicious input. This could allow an unauthenticated attacker to execute arbitrary code in a... |
| CVE-2022-42715 | 2022-10-12 | A reflected XSS vulnerability exists in REDCap before 12.04.18 in the Alerts & Notifications upload feature. A crafted CSV file will, when uploaded, trigger arbitrary JavaScript code execution. |
| CVE-2022-42897 | 2022-10-12 | Array Networks AG/vxAG with ArrayOS AG before 9.4.0.469 allows unauthenticated command injection that leads to privilege escalation and control of the system. NOTE: ArrayOS AG 10.x is unaffected. |
| CVE-2022-0030 | 2022-10-12 | PAN-OS: Authentication Bypass in Web Interface |
| CVE-2022-31228 | 2022-10-12 | Dell EMC XtremIO versions prior to X2 6.4.0-22 contain a bruteforce vulnerability. A remote unauthenticated attacker can potentially exploit this vulnerability and gain access to an admin account. |
| CVE-2022-32483 | 2022-10-12 | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability in order to modify a UEFI variable. |
| CVE-2022-32484 | 2022-10-12 | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability in order to modify a UEFI variable. |
| CVE-2022-32485 | 2022-10-12 | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. |
| CVE-2022-32487 | 2022-10-12 | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. |
| CVE-2022-32488 | 2022-10-12 | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. |
| CVE-2022-32489 | 2022-10-12 | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. |
| CVE-2022-32491 | 2022-10-12 | Dell Client BIOS contains a Buffer Overflow vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by manipulating an SMI to cause an arbitrary write during SMM. |
| CVE-2022-32493 | 2022-10-12 | Dell BIOS contains an Stack-Based Buffer Overflow vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. |
| CVE-2022-33918 | 2022-10-12 | Dell GeoDrive, Versions 2.1 - 2.2, contains an information disclosure vulnerability. An authenticated non-admin user could potentially exploit this vulnerability and gain access to sensitive information. |
| CVE-2022-33919 | 2022-10-12 | Dell GeoDrive, versions 2.1 - 2.2, contains an information disclosure vulnerability in GUI. An authenticated non-admin user could potentially exploit this vulnerability and view sensitive information. |
| CVE-2022-33920 | 2022-10-12 | Dell GeoDrive, versions prior to 2.2, contains an Unquoted File Path vulnerability. A low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code in the... |
| CVE-2022-33921 | 2022-10-12 | Dell GeoDrive, versions prior to 2.2, contains Multiple DLL Hijacking Vulnerabilities. A low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code in the SYSTEM... |
| CVE-2022-33922 | 2022-10-12 | Dell GeoDrive, versions prior to 2.2, contains Insecure File and Folder Permissions vulnerabilities. A low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code in... |
| CVE-2022-33937 | 2022-10-12 | Dell GeoDrive, Versions 1.0 - 2.2, contain a Path Traversal Vulnerability in the reporting function. A local, low privileged attacker could potentially exploit this vulnerability, to gain unauthorized delete access... |
| CVE-2022-34390 | 2022-10-12 | Dell BIOS contains a use of uninitialized variable vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. |
| CVE-2022-34391 | 2022-10-12 | Dell Client BIOS Versions prior to the remediated version contain an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to... |
| CVE-2022-3492 | 2022-10-13 | SourceCodester Human Resource Management System Profile Photo os command injection |
| CVE-2022-3493 | 2022-10-13 | SourceCodester Human Resource Management System Add Employee cross site scripting |
| CVE-2022-42722 | 2022-10-13 | In the Linux kernel 5.8 through 5.19.x before 5.19.16, local attackers able to inject WLAN frames into the mac80211 stack could cause a NULL pointer dereference denial-of-service attack against the... |
| CVE-2022-42889 | 2022-10-13 | Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults |
| CVE-2021-20030 | 2022-10-13 | SonicWall GMS is vulnerable to file path manipulation resulting that an unauthenticated attacker can gain access to web directory containing application's binaries and configuration files. |
| CVE-2022-24697 | 2022-10-13 | Apache Kylin prior to 4.0.2 allows command injection when the configuration overwrites function overwrites system parameters |
| CVE-2022-2828 | 2022-10-13 | In affected versions of Octopus Server it is possible to reveal information about teams via the API due to an Insecure Direct Object Reference (IDOR) vulnerability |
| CVE-2022-31123 | 2022-10-13 | Grafana plugin signature bypass vulnerability |
| CVE-2022-31130 | 2022-10-13 | Grafana data source and plugin proxy endpoints leaking authentication tokens to some destination plugins |
| CVE-2022-34020 | 2022-10-13 | Cross Site Request Forgery (CSRF) vulnerability in ResIOT ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 allows attackers to add new admin users to the platform or other unspecified... |
| CVE-2022-34021 | 2022-10-13 | Multiple Cross Site Scripting (XSS) vulnerabilities in ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 via the form fields. |
| CVE-2022-34022 | 2022-10-13 | SQL injection vulnerability in ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 via a crafted POST request to /ResiotQueryDBActive. |
| CVE-2022-3456 | 2022-10-13 | Allocation of Resources Without Limits or Throttling in ikus060/rdiffweb |
| CVE-2022-3457 | 2022-10-13 | Origin Validation Error in ikus060/rdiffweb |
| CVE-2022-35080 | 2022-10-13 | SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via png_load at /lib/png.c. |
| CVE-2022-35081 | 2022-10-13 | SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via png_read_header at /src/png2swf.c. |
| CVE-2022-35134 | 2022-10-13 | Boodskap IoT Platform v4.4.9-02 contains a cross-site scripting (XSS) vulnerability. |
| CVE-2022-35135 | 2022-10-13 | Boodskap IoT Platform v4.4.9-02 allows attackers to escalate privileges via a crafted request sent to /api/user/upsert/<uuid>. |
| CVE-2022-35136 | 2022-10-13 | Boodskap IoT Platform v4.4.9-02 allows attackers to make unauthenticated API requests. |
| CVE-2022-35611 | 2022-10-13 | A Cross-Site Request Forgery (CSRF) in MQTTRoute v3.3 and below allows attackers to create and remove dashboards. |
| CVE-2022-35612 | 2022-10-13 | A cross-site scripting (XSS) vulnerability in MQTTRoute v3.3 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the dashboard name text field. |
| CVE-2022-35944 | 2022-10-13 | October CMS Safe Mode bypass leads to authenticated RCE (Remote Code Execution) |
| CVE-2022-37208 | 2022-10-13 | JFinal CMS 5.1.0 is vulnerable to SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting... |
| CVE-2022-38902 | 2022-10-13 | A Cross-site scripting (XSS) vulnerability in the Blog module - add new topic functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote attackers to inject arbitrary JS script or... |
| CVE-2022-39201 | 2022-10-13 | Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins |
| CVE-2022-39229 | 2022-10-13 | Grafana users with email as a username can block other users from signing in |
| CVE-2022-39278 | 2022-10-13 | Istio vulnerable to denial of service attack due to Golang Regex Library |
| CVE-2022-39293 | 2022-10-13 | Azure RTOS USBX Host PIMA vulnerable to read integer underflow with buffer overflow |
| CVE-2022-39295 | 2022-10-13 | Improper Neutralization of Alternate XSS Syntax in Knowage-Server |
| CVE-2022-39300 | 2022-10-13 | Signature bypass via multiple root elements in node-SAML |
| CVE-2022-39302 | 2022-10-13 | Ree6 may bypass webhook protection |
| CVE-2022-39303 | 2022-10-13 | Ree6 vulnerable to SQL Injection |
| CVE-2022-40187 | 2022-10-13 | Foresight GC3 Launch Monitor 1.3.15.68 ships with a Target Communication Framework (TCF) service enabled. This service listens on a TCP port on all interfaces and allows for process debugging, file... |
| CVE-2022-41390 | 2022-10-13 | OcoMon v4.0 was discovered to contain a SQL injection vulnerability via the cod parameter at download.php. |
| CVE-2022-41391 | 2022-10-13 | OcoMon v4.0 was discovered to contain a SQL injection vulnerability via the cod parameter at showImg.php. |
| CVE-2022-41473 | 2022-10-13 | RPCMS v3.0.2 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the Search function. |
| CVE-2022-41474 | 2022-10-13 | RPCMS v3.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily change the password of any account. |
| CVE-2022-41475 | 2022-10-13 | RPCMS v3.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add an administrator account. |
| CVE-2022-41480 | 2022-10-13 | Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to contain a buffer overflow in the 0x475dc function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. |
| CVE-2022-41481 | 2022-10-13 | Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to contain a buffer overflow in the 0x47de1c function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. |
| CVE-2022-41482 | 2022-10-13 | Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to contain a buffer overflow in the 0x47c5dc function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. |
| CVE-2022-41483 | 2022-10-13 | Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to contain a buffer overflow in the 0x4a12cc function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. |
| CVE-2022-41484 | 2022-10-13 | Tenda AC1900 AP500(US)_V1_180320(Beta) was discovered to contain a buffer overflow in the 0x32384 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. |
| CVE-2022-41485 | 2022-10-13 | Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to contain a buffer overflow in the 0x47ce00 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. |
| CVE-2022-41489 | 2022-10-13 | WAYOS LQ_09 22.03.17V was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to send crafted requests to the server from the affected device. This vulnerability is exploitable... |
| CVE-2022-41495 | 2022-10-13 | ClipperCMS 1.3.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the rss_url_news parameter at /manager/index.php. |
| CVE-2022-41496 | 2022-10-13 | iCMS v7.0.16 was discovered to contain a Server-Side Request Forgery (SSRF) via the url parameter at admincp.php. |
| CVE-2022-41497 | 2022-10-13 | ClipperCMS 1.3.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the pkg_url parameter at /manager/index.php. |
| CVE-2022-41533 | 2022-10-13 | Online Diagnostic Lab Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /php_action/editProductImage.php. This vulnerability allows attackers to execute arbitrary code via a crafted... |
| CVE-2022-41534 | 2022-10-13 | Online Diagnostic Lab Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /php_action/createOrder.php. This vulnerability allows attackers to execute arbitrary code via a crafted... |
| CVE-2022-41674 | 2022-10-13 | An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c. |
| CVE-2022-42156 | 2022-10-13 | D-Link COVR 1200,1203 v1.08 was discovered to contain a command injection vulnerability via the tomography_ping_number parameter at function SetNetworkTomographySettings. |
| CVE-2022-42159 | 2022-10-13 | D-Link COVR 1200,1202,1203 v1.08 was discovered to have a predictable seed in a Pseudo-Random Number Generator. |
| CVE-2022-42160 | 2022-10-13 | D-Link COVR 1200,1202,1203 v1.08 was discovered to contain a command injection vulnerability via the system_time_timezone parameter at function SetNTPServerSettings. |
| CVE-2022-42161 | 2022-10-13 | D-Link COVR 1200,1202,1203 v1.08 was discovered to contain a command injection vulnerability via the /SetTriggerWPS/PIN parameter at function SetTriggerWPS. |
| CVE-2022-42719 | 2022-10-13 | A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames)... |
| CVE-2022-42720 | 2022-10-13 | Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN... |
| CVE-2022-42721 | 2022-10-13 | A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN... |
| CVE-2022-42899 | 2022-10-13 | Bentley MicroStation and MicroStation-based applications may be affected by out-of-bounds read and stack overflow issues when opening crafted SKP files. Exploiting these issues could lead to information disclosure and code... |
| CVE-2022-42900 | 2022-10-13 | Bentley MicroStation and MicroStation-based applications may be affected by out-of-bounds read issues when opening crafted FBX files. Exploiting these issues could lead to information disclosure and code execution. The fixed... |
| CVE-2022-42901 | 2022-10-13 | Bentley MicroStation and MicroStation-based applications may be affected by out-of-bounds and stack overflow issues when opening crafted XMT files. Exploiting these issues could lead to information disclosure and code execution.... |
| CVE-2022-42902 | 2022-10-13 | In Linaro Automated Validation Architecture (LAVA) before 2022.10, there is dynamic code execution in lava_server/lavatable.py. Due to improper input sanitization, an anonymous user can force the lava-server-gunicorn service to execute... |
| CVE-2022-42906 | 2022-10-13 | powerline-gitstatus (aka Powerline Gitstatus) before 1.3.2 allows arbitrary code execution. git repositories can contain per-repository configuration that changes the behavior of git, including running arbitrary commands. When using powerline-gitstatus, changing... |
| CVE-2022-3479 | 2022-10-14 | A vulnerability found in nss. By this security vulnerability, nss client auth crash without a user certificate in the database and this can lead us to a segmentation fault or... |
| CVE-2022-3496 | 2022-10-14 | SourceCodester Human Resource Management System Admin Panel employeeadd.php access control |
| CVE-2022-3497 | 2022-10-14 | SourceCodester Human Resource Management System Master List cross site scripting |
| CVE-2022-3502 | 2022-10-14 | Human Resource Management System Leave cross site scripting |
| CVE-2022-35051 | 2022-10-14 | OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b55af. |
| CVE-2022-38671 | 2022-10-14 | In camera driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel. |
| CVE-2022-42232 | 2022-10-14 | Simple Cold Storage Management System v1.0 is vulnerable to SQL Injection via /csms/classes/Master.php?f=delete_storage. |
| CVE-2021-0699 | 2022-10-14 | In HTBLogKM of TBD, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the kernel with... |
| CVE-2021-22685 | 2022-10-14 | Cassia Networks Access Controller Path Traversal |
| CVE-2021-27406 | 2022-10-14 | PerFact OpenVPN-Client |