CVE List - 2022 / October
Showing 1401 - 1500 of 1849 CVEs for October 2022 (Page 15 of 19)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-44467 | 2022-10-24 | spx_restservice KillDupUsr_func Broken Access Control |
| CVE-2021-44769 | 2022-10-24 | TLS Certificate Generation Function Improper Input Validation |
| CVE-2021-44776 | 2022-10-24 | spx_restservice SubNet_handler_func Broken Access Control |
| CVE-2021-45925 | 2022-10-24 | Username Enumeration |
| CVE-2021-46279 | 2022-10-24 | Session Fixation and Insufficient Session Expiration |
| CVE-2021-46848 | 2022-10-24 | GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size... |
| CVE-2021-46850 | 2022-10-24 | myVesta Control Panel before 0.9.8-26-43 and Vesta Control Panel before... |
| CVE-2022-3344 | 2022-10-24 | A flaw was found in the KVM's AMD nested virtualization... |
| CVE-2022-36368 | 2022-10-24 | Multiple stored cross-site scripting vulnerabilities in the web user interface... |
| CVE-2022-3676 | 2022-10-24 | In Eclipse Openj9 before version 0.35.0, interface calls can be... |
| CVE-2022-38580 | 2022-10-24 | Zalando Skipper v0.13.236 is vulnerable to Server-Side Request Forgery (SSRF). |
| CVE-2022-39305 | 2022-10-24 | Gin-vue-admin vulnerable to Unrestricted Upload of File with Dangerous Type |
| CVE-2022-39313 | 2022-10-24 | Parse Server crashes when receiving file download request with invalid byte range |
| CVE-2022-39314 | 2022-10-24 | User enumeration in the code-based login and password reset forms |
| CVE-2022-39836 | 2022-10-24 | An issue was discovered in Connected Vehicle Systems Alliance (COVESA)... |
| CVE-2022-39837 | 2022-10-24 | An issue was discovered in Connected Vehicle Systems Alliance (COVESA)... |
| CVE-2022-40690 | 2022-10-24 | Cross-site scripting vulnerability in BookStack versions prior to v22.09 allows... |
| CVE-2022-40984 | 2022-10-24 | Stack-based buffer overflow in WTViewerE series WTViewerE 761941 from 1.31... |
| CVE-2022-41796 | 2022-10-24 | Untrusted search path vulnerability in the installer of Content Transfer... |
| CVE-2022-41797 | 2022-10-24 | Improper authorization in handler for custom URL scheme vulnerability in... |
| CVE-2022-41799 | 2022-10-24 | Improper access control vulnerability in GROWI prior to v5.1.4 (v5... |
| CVE-2022-41986 | 2022-10-24 | Information disclosure vulnerability in Android App 'IIJ SmartKey' versions prior... |
| CVE-2022-43680 | 2022-10-24 | In libexpat through 2.4.9, there is a use-after free caused... |
| CVE-2022-38117 | 2022-10-24 | Juiker app - Hard-coded Credentials |
| CVE-2022-31468 | 2022-10-24 | OX App Suite through 8.2 allows XSS via an attachment... |
| CVE-2022-29851 | 2022-10-24 | documentconverter in OX App Suite through 7.10.6, in a non-default... |
| CVE-2022-33757 | 2022-10-24 | An authenticated attacker could read Nessus Debug Log file attachments... |
| CVE-2022-2421 | 2022-10-25 | Socket.io - Improper type validation in attachment parsing |
| CVE-2022-2422 | 2022-10-25 | Feathers - SQL injection via attribute aliases |
| CVE-2022-29822 | 2022-10-25 | Feathers - Improper parameter filtering in the Feathers js library, which may ultimately lead to SQL injection |
| CVE-2022-29823 | 2022-10-25 | Feathers - Query “__proto__” is converted to real prototype |
| CVE-2022-41704 | 2022-10-25 | Apache Batik prior to 1.16 allows RCE when loading untrusted SVG input |
| CVE-2022-42890 | 2022-10-25 | Apache Batik prior to 1.16 allows RCE via scripting |
| CVE-2022-2762 | 2022-10-25 | AdminPad < 2.2 - Note Update via CSRF |
| CVE-2022-28169 | 2022-10-25 | Brocade Webtools in Brocade Fabric OS versions before Brocade Fabric... |
| CVE-2022-28170 | 2022-10-25 | Brocade Fabric OS Web Application services before Brocade Fabric v9.1.0,... |
| CVE-2022-3097 | 2022-10-25 | LBStopAttack < 1.1.3 - Arbitrary Settings Update via CSRF |
| CVE-2022-3246 | 2022-10-25 | Blog2Social < 6.9.10 - Subscriber+ SQLi |
| CVE-2022-3247 | 2022-10-25 | Blog2Social < 6.9.10 - Subscriber+ SSRF |
| CVE-2022-3300 | 2022-10-25 | Form Maker by 10Web < 1.15.6 - Admin+ SQLI |
| CVE-2022-3302 | 2022-10-25 | Anti-Spam by CleanTalk < 5.185.1 - Admin+ SQLi |
| CVE-2022-33178 | 2022-10-25 | A vulnerability in the radius authentication system of Brocade Fabric... |
| CVE-2022-33179 | 2022-10-25 | A vulnerability in Brocade Fabric OS CLI before Brocade Fabric... |
| CVE-2022-33180 | 2022-10-25 | A vulnerability in Brocade Fabric OS CLI before Brocade Fabric... |
| CVE-2022-33181 | 2022-10-25 | An information disclosure vulnerability in Brocade Fabric OS CLI before... |
| CVE-2022-33182 | 2022-10-25 | A privilege escalation vulnerability in Brocade Fabric OS CLI before... |
| CVE-2022-33183 | 2022-10-25 | A vulnerability in Brocade Fabric OS CLI before Brocade Fabric... |
| CVE-2022-33184 | 2022-10-25 | A vulnerability in fab_seg.c.h libraries of all Brocade Fabric OS... |
| CVE-2022-33185 | 2022-10-25 | Several commands in Brocade Fabric OS before Brocade Fabric OS... |
| CVE-2022-3335 | 2022-10-25 | Kadence WooCommerce Email Designer < 1.5.7 - Admin+ PHP Objection Injection |
| CVE-2022-3350 | 2022-10-25 | Contact Bank <= 3.0.30 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-3391 | 2022-10-25 | Retain Live Chat <= 0.1 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-3392 | 2022-10-25 | WP Humans.txt <= 1.0.6 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-3393 | 2022-10-25 | Post to CSV by BestWebSoft <= 1.4.0 - Author+ CSV Injection |
| CVE-2022-3394 | 2022-10-25 | WP All Export Pro < 1.7.9 - Authenticated Code Injection |
| CVE-2022-3395 | 2022-10-25 | WP All Export Pro < 1.7.9 - Authenticated SQLi |
| CVE-2022-34870 | 2022-10-25 | Apache Geode stored Cross-Site Scripting (XSS) via data injection vulnerability in Pulse web application |
| CVE-2022-35132 | 2022-10-25 | Usermin through 1.850 allows a remote authenticated user to execute... |
| CVE-2022-35739 | 2022-10-25 | PRTG Network Monitor through 22.2.77.2204 does not prevent custom input... |
| CVE-2022-3644 | 2022-10-25 | The collection remote for pulp_ansible stores tokens in plaintext instead... |
| CVE-2022-36451 | 2022-10-25 | A vulnerability in the MiCollab Client server component of Mitel... |
| CVE-2022-36452 | 2022-10-25 | A vulnerability in the web conferencing component of Mitel MiCollab... |
| CVE-2022-36453 | 2022-10-25 | A vulnerability in the MiCollab Client API of Mitel MiCollab... |
| CVE-2022-36454 | 2022-10-25 | A vulnerability in the MiCollab Client API of Mitel MiCollab... |
| CVE-2022-38162 | 2022-10-25 | Reflected cross-site scripting (XSS) vulnerabilities in WithSecure through 2022-08-10) exists... |
| CVE-2022-38181 | 2022-10-25 | The Arm Mali GPU kernel driver allows unprivileged users to... |
| CVE-2022-38870 | 2022-10-25 | Free5gc v3.2.1 is vulnerable to Information disclosure. |
| CVE-2022-39312 | 2022-10-25 | Dataease Mysql Data Source JDBC Connection Parameters Not Verified Leads to Deserialization Vulnerability |
| CVE-2022-39315 | 2022-10-25 | Kirby CMS vulnerable to user enumeration in the brute force protection |
| CVE-2022-39321 | 2022-10-25 | GitHub Actions Runner vulnerable to Docker Command Escaping |
| CVE-2022-39322 | 2022-10-25 | @keystone-6/core vulnerable to field-level access-control bypass for multiselect field |
| CVE-2022-39326 | 2022-10-25 | kartverket/github-workflows's run-terraform allows for RCE via terraform plan |
| CVE-2022-39327 | 2022-10-25 | Improper Control of Generation of Code ('Code Injection') in Azure CLI |
| CVE-2022-39340 | 2022-10-25 | OpenFGA Information Disclosure |
| CVE-2022-39341 | 2022-10-25 | OpenFGA Authorization Bypass |
| CVE-2022-39342 | 2022-10-25 | OpenFGA Authorization Bypass |
| CVE-2022-39345 | 2022-10-25 | Gin-vue-admin arbitrary file upload vulnerability caused by path traversal |
| CVE-2022-39349 | 2022-10-25 | Tasks.org vulnerable to data exfiltration by malicous app or adb |
| CVE-2022-39350 | 2022-10-25 | @dependencytrack/frontend vulnerable to Persistent Cross-Site-Scripting via Vulnerability Details |
| CVE-2022-39351 | 2022-10-25 | Dependency-Track vulnerable to logging of API keys in clear text when handling API requests using keys with insufficient permissions |
| CVE-2022-39354 | 2022-10-25 | evm has incorrect is_static parameter for custom stateful precompiles |
| CVE-2022-41711 | 2022-10-25 | Badaso version 2.6.0 allows an unauthenticated remote attacker to execute... |
| CVE-2022-36783 | 2022-10-25 | AlgoSec – FireFlow Reflected Cross-Site-Scripting (RXSS) |
| CVE-2022-27623 | 2022-10-25 | Missing authentication for critical function vulnerability in iSCSI management functionality... |
| CVE-2022-27622 | 2022-10-25 | Server-Side Request Forgery (SSRF) vulnerability in Package Center functionality in... |
| CVE-2022-38200 | 2022-10-25 | BUG-000142376 - Reflected Cross-Site Scripting (XSS) vulnerability in ArcGIS Server. |
| CVE-2022-38199 | 2022-10-25 | BUG-000144172 - Remote file download issue in ArcGIS Server |
| CVE-2022-38198 | 2022-10-25 | BUG-000146513 - Reflected XSS vulnerability in ArcGIS Server |
| CVE-2022-38197 | 2022-10-25 | BUG-000148347 Unvalidated redirect issues in ArcGIS Server. |
| CVE-2022-38196 | 2022-10-25 | BUG-000150537 - ArcGIS Server has a local file inclusion (LFI) vulnerability |
| CVE-2022-38195 | 2022-10-25 | BUG-000150540 - Reflected XSS vulnerability in ArcGIS Server |
| CVE-2022-27804 | 2022-10-25 | An os command injection vulnerability exists in the web interface... |
| CVE-2022-27805 | 2022-10-25 | An authentication bypass vulnerability exists in the GHOME control functionality... |
| CVE-2022-29472 | 2022-10-25 | An OS command injection vulnerability exists in the web interface... |
| CVE-2022-29475 | 2022-10-25 | An information disclosure vulnerability exists in the XFINDER functionality of... |
| CVE-2022-29477 | 2022-10-25 | An authentication bypass vulnerability exists in the web interface /action/factory*... |
| CVE-2022-29520 | 2022-10-25 | An OS command injection vulnerability exists in the console_main_loop :sys... |
| CVE-2022-29889 | 2022-10-25 | A hard-coded password vulnerability exists in the telnet functionality of... |
| CVE-2022-30541 | 2022-10-25 | An OS command injection vulnerability exists in the XCMD setUPnP... |
| CVE-2022-30603 | 2022-10-25 | An OS command injection vulnerability exists in the web interface... |