CVE List - 2022 / October
Showing 1201 - 1300 of 1849 CVEs for October 2022 (Page 13 of 19)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-3606 | 2022-10-19 | Linux Kernel BPF libbpf.c find_prog_by_sec_insn null pointer dereference |
| CVE-2022-3607 | 2022-10-19 | Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in octoprint/octoprint |
| CVE-2022-3608 | 2022-10-19 | Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq |
| CVE-2022-38901 | 2022-10-19 | A Cross-site scripting (XSS) vulnerability in the Document and Media module - file upload functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote attackers to inject arbitrary JS script... |
| CVE-2022-39233 | 2022-10-19 | Tuleap subject to Missing Authorization allowing for branch prefix modification |
| CVE-2022-39267 | 2022-10-19 | Brokercap Bifrost vulnerable to authentication bypass for admin and monitor user groups |
| CVE-2022-39301 | 2022-10-19 | sra-admin is vulnerable to storage cross-site scripting (XSS) via unrestricted file upload |
| CVE-2022-40798 | 2022-10-19 | OcoMon 4.0RC1 is vulnerable to Incorrect Access Control. Through a request the user can obtain the real email, sending the same request with correct email its possible to account takeover. |
| CVE-2022-40884 | 2022-10-19 | Bento4 1.6.0 has memory leaks via the mp4fragment. |
| CVE-2022-40885 | 2022-10-19 | Bento4 v1.6.0-639 has a memory allocation issue that can cause denial of service. |
| CVE-2022-41415 | 2022-10-19 | Acer Altos W2000h-W570h F4 R01.03.0018 was discovered to contain a stack overflow in the RevserveMem component. This vulnerability allows attackers to cause a Denial of Service (DoS) via injecting crafted... |
| CVE-2022-41707 | 2022-10-19 | Relatedcode's Messenger version 7bcd20b allows an authenticated external attacker to access sensitive data of any user of the application. This is possible because the application exposes user data to the... |
| CVE-2022-41708 | 2022-10-19 | Relatedcode's Messenger version 7bcd20b allows an authenticated external attacker to access existing chats in the workspaces of any user of the application. This is possible because the application does not... |
| CVE-2022-41709 | 2022-10-19 | Markdownify version 1.4.1 allows an external attacker to execute arbitrary code remotely on any client attempting to view a malicious markdown file through Markdownify. This is possible because the application... |
| CVE-2022-42227 | 2022-10-19 | jsonlint 1.0 is vulnerable to heap-buffer-overflow via /home/hjsz/jsonlint/src/lexer. |
| CVE-2022-42466 | 2022-10-19 | XSS vulnerability, eg for String properties. |
| CVE-2022-43014 | 2022-10-19 | OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the joborderID parameter. |
| CVE-2022-43015 | 2022-10-19 | OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the entriesPerPage parameter. |
| CVE-2022-43016 | 2022-10-19 | OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the callback component. |
| CVE-2022-43017 | 2022-10-19 | OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the indexFile component. |
| CVE-2022-43018 | 2022-10-19 | OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the email parameter in the Check Email function. |
| CVE-2022-43019 | 2022-10-19 | OpenCATS v0.9.6 was discovered to contain a remote code execution (RCE) vulnerability via the getDataGridPager's ajax functionality. |
| CVE-2022-43020 | 2022-10-19 | OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the tag_id variable in the Tag update function. |
| CVE-2022-43021 | 2022-10-19 | OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the entriesPerPage variable. |
| CVE-2022-43022 | 2022-10-19 | OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the tag_id variable in the Tag deletion function. |
| CVE-2022-43023 | 2022-10-19 | OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the importID parameter in the Import viewerrors function. |
| CVE-2022-43024 | 2022-10-19 | Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to contain a stack overflow via the list parameter at /goform/SetVirtualServerCfg. |
| CVE-2022-43025 | 2022-10-19 | Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to contain a stack overflow via the startIp parameter at /goform/SetPptpServerCfg. |
| CVE-2022-43026 | 2022-10-19 | Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to contain a stack overflow via the endIp parameter at /goform/SetPptpServerCfg. |
| CVE-2022-43027 | 2022-10-19 | Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to contain a stack overflow via the firewallEn parameter at /goform/SetFirewallCfg. |
| CVE-2022-43028 | 2022-10-19 | Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to contain a stack overflow via the timeZone parameter at /goform/SetSysTimeCfg. |
| CVE-2022-43029 | 2022-10-19 | Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to contain a stack overflow via the time parameter at /goform/SetSysTimeCfg. |
| CVE-2022-43032 | 2022-10-19 | An issue was discovered in Bento4 v1.6.0-639. There is a memory leak in AP4_DescriptorFactory::CreateDescriptorFromStream in Core/Ap4DescriptorFactory.cpp, as demonstrated by mp42aac. |
| CVE-2022-43033 | 2022-10-19 | An issue was discovered in Bento4 1.6.0-639. There is a bad free in the component AP4_HdlrAtom::~AP4_HdlrAtom() which allows attackers to cause a Denial of Service (DoS) via a crafted input. |
| CVE-2022-43034 | 2022-10-19 | An issue was discovered in Bento4 v1.6.0-639. There is a heap buffer overflow vulnerability in the AP4_BitReader::SkipBits(unsigned int) function in mp42ts. |
| CVE-2022-43035 | 2022-10-19 | An issue was discovered in Bento4 v1.6.0-639. There is a heap-buffer-overflow in AP4_Dec3Atom::AP4_Dec3Atom at Ap4Dec3Atom.cpp, leading to a Denial of Service (DoS), as demonstrated by mp42aac. |
| CVE-2022-43037 | 2022-10-19 | An issue was discovered in Bento4 1.6.0-639. There is a memory leak in the function AP4_File::ParseStream in /Core/Ap4File.cpp. |
| CVE-2022-43038 | 2022-10-19 | Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP4_BitReader::ReadCache() function in mp42ts. |
| CVE-2022-43039 | 2022-10-19 | GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gf_isom_meta_restore_items_ref at /isomedia/meta.c. |
| CVE-2022-43040 | 2022-10-19 | GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a heap buffer overflow via the function gf_isom_box_dump_start_ex at /isomedia/box_funcs.c. |
| CVE-2022-43042 | 2022-10-19 | GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a heap buffer overflow via the function FixSDTPInTRAF at isomedia/isom_intern.c. |
| CVE-2022-43043 | 2022-10-19 | GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function BD_CheckSFTimeOffset at /bifs/field_decode.c. |
| CVE-2022-43044 | 2022-10-19 | GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gf_isom_get_meta_item_info at /isomedia/meta.c. |
| CVE-2022-43045 | 2022-10-19 | GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gf_dump_vrml_sffield at /scene_manager/scene_dump.c. |
| CVE-2022-43184 | 2022-10-19 | D-Link DIR878 1.30B08 Hotfix_04 was discovered to contain a command injection vulnerability via the component /bin/proc.cgi. |
| CVE-2022-43185 | 2022-10-19 | A stored cross-site scripting (XSS) vulnerability in the Configuration/Holidays module of Rukovoditel v3.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name... |
| CVE-2022-43407 | 2022-10-19 | Jenkins Pipeline: Input Step Plugin 451.vf1a_a_4f405289 and earlier does not restrict or sanitize the optionally specified ID of the 'input' step, which is used for the URLs that process user... |
| CVE-2022-43408 | 2022-10-19 | Jenkins Pipeline: Stage View Plugin 2.26 and earlier does not correctly encode the ID of 'input' steps when using it to generate URLs to proceed or abort Pipeline builds, allowing... |
| CVE-2022-43409 | 2022-10-19 | Jenkins Pipeline: Supporting APIs Plugin 838.va_3a_087b_4055b and earlier does not sanitize or properly encode URLs of hyperlinks sending POST requests in build logs, resulting in a stored cross-site scripting (XSS)... |
| CVE-2022-43410 | 2022-10-19 | Jenkins Mercurial Plugin 1251.va_b_121f184902 and earlier provides information about which jobs were triggered or scheduled for polling through its webhook endpoint, including jobs the user has no permission to access. |
| CVE-2022-43411 | 2022-10-19 | Jenkins GitLab Plugin 1.5.35 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods... |
| CVE-2022-43412 | 2022-10-19 | Jenkins Generic Webhook Trigger Plugin 1.84.1 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use... |
| CVE-2022-43413 | 2022-10-19 | Jenkins Job Import Plugin 3.5 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in... |
| CVE-2022-43414 | 2022-10-19 | Jenkins NUnit Plugin 0.27 and earlier implements an agent-to-controller message that parses files inside a user-specified directory as test results, allowing attackers able to control agent processes to obtain test... |
| CVE-2022-43415 | 2022-10-19 | Jenkins REPO Plugin 1.15.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. |
| CVE-2022-43416 | 2022-10-19 | Jenkins Katalon Plugin 1.0.32 and earlier implements an agent/controller message that does not limit where it can be executed and allows invoking Katalon with configurable arguments, allowing attackers able to... |
| CVE-2022-43417 | 2022-10-19 | Jenkins Katalon Plugin 1.0.32 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs... |
| CVE-2022-43418 | 2022-10-19 | A cross-site request forgery (CSRF) vulnerability in Jenkins Katalon Plugin 1.0.33 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing... |
| CVE-2022-43419 | 2022-10-19 | Jenkins Katalon Plugin 1.0.32 and earlier stores API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or... |
| CVE-2022-43420 | 2022-10-19 | Jenkins Contrast Continuous Application Security Plugin 3.9 and earlier does not escape data returned from the Contrast service when generating a report, resulting in a stored cross-site scripting (XSS) vulnerability... |
| CVE-2022-43421 | 2022-10-19 | A missing permission check in Jenkins Tuleap Git Branch Source Plugin 3.2.4 and earlier allows unauthenticated attackers to trigger Tuleap projects whose configured repository matches the attacker-specified value. |
| CVE-2022-43422 | 2022-10-19 | Jenkins Compuware Topaz Utilities Plugin 1.0.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain... |
| CVE-2022-43423 | 2022-10-19 | Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able... |
| CVE-2022-43424 | 2022-10-19 | Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to... |
| CVE-2022-43425 | 2022-10-19 | Jenkins Custom Checkbox Parameter Plugin 1.4 and earlier does not escape the name and description of Custom Checkbox Parameter parameters on views displaying parameters, resulting in a stored cross-site scripting... |
| CVE-2022-43426 | 2022-10-19 | Jenkins S3 Explorer Plugin 1.0.8 and earlier does not mask the AWS_SECRET_ACCESS_KEY form field, increasing the potential for attackers to observe and capture it. |
| CVE-2022-43427 | 2022-10-19 | Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials... |
| CVE-2022-43428 | 2022-10-19 | Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes... |
| CVE-2022-43429 | 2022-10-19 | Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes... |
| CVE-2022-43430 | 2022-10-19 | Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. |
| CVE-2022-43431 | 2022-10-19 | Jenkins Compuware Strobe Measurement Plugin 1.0.1 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored... |
| CVE-2022-43432 | 2022-10-19 | Jenkins XFramium Builder Plugin 1.0.22 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download. |
| CVE-2022-43433 | 2022-10-19 | Jenkins ScreenRecorder Plugin 0.7 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download. |
| CVE-2022-43434 | 2022-10-19 | Jenkins NeuVector Vulnerability Scanner Plugin 1.20 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download. |
| CVE-2022-43435 | 2022-10-19 | Jenkins 360 FireLine Plugin 1.7.2 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download. |
| CVE-2022-1738 | 2022-10-19 | Fuji Electric D300win Out-of-bounds Read |
| CVE-2022-1523 | 2022-10-19 | Fuji Electric D300win Write-what-where condition |
| CVE-2022-38107 | 2022-10-19 | Sensitive Data Disclosure Vulnerability |
| CVE-2022-36795 | 2022-10-19 | BIG-IP software SYN cookies vulnerability CVE-2022-36795 |
| CVE-2022-41617 | 2022-10-19 | BIG-IP Advanced WAF and ASM iControl REST vulnerability CVE-2022-41617 |
| CVE-2022-41624 | 2022-10-19 | BIG-IP iRules vulnerability CVE-2022-41624 |
| CVE-2022-41691 | 2022-10-19 | BIG-IP Advanced WAF/ASM bd vulnerability CVE-2022-41691 |
| CVE-2022-41694 | 2022-10-19 | BIG-IP and BIG-IQ mcpd vulnerability CVE-2022-41694 |
| CVE-2022-41741 | 2022-10-19 | NGINX ngx_http_mp4_module vulnerability CVE-2022-41741 |
| CVE-2022-41742 | 2022-10-19 | NGINX ngx_http_mp4_module vulnerability CVE-2022-41742 |
| CVE-2022-41743 | 2022-10-19 | NGINX ngx_http_hls_module vulnerability CVE-2022-41743 |
| CVE-2022-41770 | 2022-10-19 | BIG-IP and BIG-IQ iControl REST vulnerability CVE-2022-41770 |
| CVE-2022-41780 | 2022-10-19 | F5OS CLI vulnerability CVE-2022-41780 |
| CVE-2022-41787 | 2022-10-19 | BIG-IP DNS Express vulnerability CVE-2022-41787 |
| CVE-2022-41806 | 2022-10-19 | BIG-IP AFM NAT64 Policy Vulnerability CVE-2022-41806 |
| CVE-2022-41813 | 2022-10-19 | BIG-IP PEM and AFM TMUI, TMSH and iControl vulnerability CVE-2022-41813 |
| CVE-2022-41832 | 2022-10-19 | BIG-IP SIP vulnerability CVE-2022-41832 |
| CVE-2022-41833 | 2022-10-19 | BIG-IP iRule vulnerability CVE-2022-41833 |
| CVE-2022-41835 | 2022-10-19 | F5OS vulnerability CVE-2022-41835 |
| CVE-2022-41836 | 2022-10-19 | BIG-IP Advanced WAF and ASM bd vulnerability CVE-2022-41836 |
| CVE-2022-41983 | 2022-10-19 | BIG-IP TMM Vulnerability CVE-2022-41983 |
| CVE-2022-37598 | 2022-10-20 | Prototype pollution vulnerability in function DEFNODE in ast.js in mishoo UglifyJS 3.13.2 via the name variable in ast.js. NOTE: the vendor considers this an invalid report. |
| CVE-2020-12744 | 2022-10-20 | The MSI installer in Verint Desktop Resources 15.2 allows an unprivileged local user to elevate their privileges during install or repair. |
| CVE-2020-9285 | 2022-10-20 | Some versions of Sonos One (1st and 2nd generation) allow partial or full memory access via attacker controlled hardware that can be attached to the Mini-PCI Express slot on the... |
| CVE-2021-33231 | 2022-10-20 | Cross Site Scripting (XSS) vulnerability in New equipment page in EasyVista Service Manager 2018.1.181.1 allows remote attackers to run arbitrary code via the notes field. |