CVE List - 2022 / October
Showing 201 - 300 of 1849 CVEs for October 2022 (Page 3 of 19)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-41442 | 2022-10-07 | PicUploader v2.6.3 was discovered to contain cross-site scripting (XSS) vulnerability via the setStorageParams function in SettingController.php. |
| CVE-2022-41512 | 2022-10-07 | An arbitrary file upload vulnerability in the component /php_action/editFile.php of Online Diagnostic Lab Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. |
| CVE-2022-41513 | 2022-10-07 | Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /diagnostic/edittest.php. |
| CVE-2022-41514 | 2022-10-07 | Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/ajax.php?action=delete_loan. |
| CVE-2022-41515 | 2022-10-07 | Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/ajax.php?action=delete_payment. |
| CVE-2022-41574 | 2022-10-07 | An access-control vulnerability in Gradle Enterprise 2022.4 through 2022.3.1 allows remote attackers to prevent backups from occurring, and send emails with arbitrary text content to the configured installation-administrator contact address,... |
| CVE-2022-41672 | 2022-10-07 | Session still functional after user is deactivated |
| CVE-2022-42073 | 2022-10-07 | Online Diagnostic Lab Management System v1.0 is vulnerable to SQL Injection via /diagnostic/editclient.php?id=. |
| CVE-2022-42074 | 2022-10-07 | Online Diagnostic Lab Management System v1.0 is vulnerable to SQL Injection via /diagnostic/editcategory.php?id=. |
| CVE-2022-42075 | 2022-10-07 | Wedding Planner v1.0 is vulnerable to arbitrary code execution. |
| CVE-2022-42092 | 2022-10-07 | Backdrop CMS 1.22.0 has Unrestricted File Upload vulnerability via 'themes' that allows attackers to Remote Code Execution. Note: Third parties dispute this and argue that advanced permissions are required. |
| CVE-2022-3414 | 2022-10-07 | SourceCodester Web-Based Student Clearance System POST Parameter login.php sql injection |
| CVE-2022-39285 | 2022-10-07 | Stored Cross-Site Scripting Vulnerability In File Parameter in zoneminder |
| CVE-2022-39287 | 2022-10-07 | Plaintext transmission of CSRF tokens in tiny-csrf |
| CVE-2022-39289 | 2022-10-07 | Database log access in ZoneMinder |
| CVE-2022-39290 | 2022-10-07 | CSRF key bypass using HTTP methods in zoneminder |
| CVE-2022-39291 | 2022-10-07 | Denial of service through logs in zoneminder |
| CVE-2022-39877 | 2022-10-07 | Improper access control vulnerability in ProfileSharingAccount in Group Sharing prior to versions 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below allows attackers to identify the device. |
| CVE-2022-40827 | 2022-10-07 | B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php where() function. Note: Multiple third parties have disputed this as not a valid vulnerability. |
| CVE-2022-40828 | 2022-10-07 | B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_where_not_in() function. Note: Multiple third parties have disputed this as not a valid vulnerability. |
| CVE-2022-40872 | 2022-10-07 | An SQL injection vulnerability issue was discovered in Sourcecodester Simple E-Learning System 1.0., in /vcs/classRoom.php?classCode=, classCode. |
| CVE-2022-2928 | 2022-10-07 | An option refcount overflow exists in dhcpd |
| CVE-2022-2929 | 2022-10-07 | DHCP memory leak |
| CVE-2022-33896 | 2022-10-07 | A buffer underflow vulnerability exists in the way Hword of Hancom Office 2020 version 11.0.0.5357 parses XML-based office files. A specially-crafted malformed file can cause memory corruption by using memory... |
| CVE-2022-22480 | 2022-10-07 | IBM QRadar SIEM 7.4 and 7.5 data node rebalancing does not function correctly when using encrypted hosts which could result in information disclosure. IBM X-Force ID: 225889. |
| CVE-2022-22493 | 2022-10-07 | IBM WebSphere Automation for Cloud Pak for Watson AIOps 1.4.2 is vulnerable to cross-site request forgery, caused by improper cookie attribute setting. IBM X-Force ID: 226449. |
| CVE-2022-30613 | 2022-10-07 | IBM QRadar SIEM 7.4 and 7.5 could disclose sensitive information via a local service to a privileged user. IBM X-Force ID: 227366. |
| CVE-2022-34308 | 2022-10-07 | IBM CICS TX 11.1 could allow a local user to cause a denial of service due to improper load handling. IBM X-Force ID: 229437. |
| CVE-2022-36772 | 2022-10-07 | IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information that should only be available to a privileged user. |
| CVE-2022-41291 | 2022-10-07 | IBM InfoSphere Information Server 11.7 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 236699. |
| CVE-2022-21936 | 2022-10-07 | Metasys MVE |
| CVE-2022-3434 | 2022-10-08 | SourceCodester Web-Based Student Clearance System add-student.php prepare cross site scripting |
| CVE-2022-3435 | 2022-10-08 | Linux Kernel IPv4 fib_semantics.c fib_nh_match out-of-bounds |
| CVE-2022-39281 | 2022-10-08 | Remote Denial of Service via Tasks endpoint in fat_free_crm |
| CVE-2022-3436 | 2022-10-09 | SourceCodester Web-Based Student Clearance System Photo edit-photo.php unrestricted upload |
| CVE-2022-42703 | 2022-10-09 | mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse. |
| CVE-2022-42010 | 2022-10-09 | An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to... |
| CVE-2022-42011 | 2022-10-09 | An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to... |
| CVE-2022-42012 | 2022-10-09 | An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to... |
| CVE-2021-25044 | 2022-10-10 | Cryptocurrency Pricing list and Ticker <= 1.5 - Reflected Cross-Site Scripting |
| CVE-2021-35226 | 2022-10-10 | Hashed Credential Exposure Vulnerability |
| CVE-2021-44171 | 2022-10-10 | A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiOS version 6.0.0 through 6.0.14, FortiOS version 6.2.0 through 6.2.10, FortiOS version 6.4.0 through... |
| CVE-2022-2350 | 2022-10-10 | Disable User Login <= 1.0.1 - Unauthenticated Settings Update |
| CVE-2022-2448 | 2022-10-10 | reSmush.it Image Optimizer < 0.4.6 - Admin+ Cross-Site Scripting |
| CVE-2022-2554 | 2022-10-10 | Enable Media Replace < 4.0.0 - Admin+ Path Traversal |
| CVE-2022-26121 | 2022-10-10 | An exposure of resource to wrong sphere vulnerability [CWE-668] in FortiAnalyzer and FortiManager GUI 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11, 5.6.0 through 5.6.11 may... |
| CVE-2022-2629 | 2022-10-10 | Top Bar < 3.0.4 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-2823 | 2022-10-10 | Slider, Gallery, and Carousel by MetaSlider < 3.27.9 - Admin+ Stored Cross Site Scripting |
| CVE-2022-2891 | 2022-10-10 | WP 2FA < 2.3.0 - Time-Based Side-Channel Attack |
| CVE-2022-29055 | 2022-10-10 | A access of uninitialized pointer in Fortinet FortiOS version 7.2.0, 7.0.0 through 7.0.5, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.x, FortiProxy version 7.0.0 through 7.0.4, 2.0.0 through 2.0.9, 1.2.x allows... |
| CVE-2022-2981 | 2022-10-10 | Download Monitor < 4.5.98 - Admin+ Arbitrary File Download |
| CVE-2022-3136 | 2022-10-10 | Social Rocket < 1.3.3 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-3137 | 2022-10-10 | TaskBuilder < 1.0.8 - Subscriber+ Stored XSS via SVG file upload |
| CVE-2022-3154 | 2022-10-10 | Multiple Plugins from Viszt Peter - Multiple CSRF |
| CVE-2022-3207 | 2022-10-10 | Simple File List < 4.4.12 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-3208 | 2022-10-10 | Simple File List < 4.4.13 - Page Creation via CSRF |
| CVE-2022-3209 | 2022-10-10 | Soledad < 8.2.5 - Reflected Cross-site Scripting |
| CVE-2022-3220 | 2022-10-10 | Advanced Comment Form < 1.2.1 - Admin+ Authenticated Stored XSS |
| CVE-2022-33872 | 2022-10-10 | An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in Telnet login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through... |
| CVE-2022-33873 | 2022-10-10 | An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in Console login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through... |
| CVE-2022-33874 | 2022-10-10 | An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in SSH login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through... |
| CVE-2022-3433 | 2022-10-10 | The aeson library is not safe to use to consume untrusted JSON input. A remote user could abuse this flaw to produce a hash collision in the underlying unordered-containers library... |
| CVE-2022-3438 | 2022-10-10 | Open Redirect in ikus060/rdiffweb |
| CVE-2022-35844 | 2022-10-10 | An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow... |
| CVE-2022-35846 | 2022-10-10 | An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiTester Telnet port 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated attacker to guess the... |
| CVE-2022-40248 | 2022-10-10 | An HTML injection vulnerability exists in CERT/CC VINCE software prior to version 1.50.4 |
| CVE-2022-40257 | 2022-10-10 | An HTML injection vulnerability exists in CERT/CC VINCE software prior to version 1.50.4 |
| CVE-2022-41744 | 2022-10-10 | A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One Vulnerability Protection integrated component could allow a local attacker to escalate privileges and turn a specific working directory into a... |
| CVE-2022-41745 | 2022-10-10 | An Out-of-Bounds access vulnerability in Trend Micro Apex One could allow a local attacker to create a specially crafted message to cause memory corruption on a certain service process which... |
| CVE-2022-41746 | 2022-10-10 | A forced browsing vulnerability in Trend Micro Apex One could allow an attacker with access to the Apex One console on affected installations to escalate privileges and modify certain agent... |
| CVE-2022-41747 | 2022-10-10 | An improper certification validation vulnerability in Trend Micro Apex One agents could allow a local attacker to load a DLL file with system service privileges on affected installations. Please note:... |
| CVE-2022-41748 | 2022-10-10 | A registry permissions vulnerability in the Trend Micro Apex One Data Loss Prevention (DLP) module could allow a local attacker with administrative credentials to bypass certain elements of the product's... |
| CVE-2022-41749 | 2022-10-10 | An origin validation error vulnerability in Trend Micro Apex One agents could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the... |
| CVE-2022-42724 | 2022-10-10 | app/Controller/UsersController.php in MISP before 2.4.164 allows attackers to discover role names (this is information that only the site admin should have). |
| CVE-2022-42725 | 2022-10-10 | Warpinator through 1.2.14 allows access outside of an intended directory, as demonstrated by symbolic directory links. |
| CVE-2022-3442 | 2022-10-10 | Crealogix EBICS ebics.aspx cross site scripting |
| CVE-2022-36063 | 2022-10-10 | USBX Host CDC ECM integer underflow with buffer overflow |
| CVE-2022-39288 | 2022-10-10 | Denial of service in Fastify via Content-Type header |
| CVE-2022-39292 | 2022-10-10 | Exposure of sensitive Slack webhook URLs in debug logs and traces |
| CVE-2022-20830 | 2022-10-10 | Cisco Software-Defined Application Visibility and Control on Cisco vManage Authentication Bypass Vulnerability |
| CVE-2022-20944 | 2022-10-10 | Cisco IOS XE Software for Catalyst 9200 Series Switches Arbitrary Code Execution Vulnerability |
| CVE-2022-20870 | 2022-10-10 | Cisco IOS XE Software for Catalyst Switches MPLS Denial of Service Vulnerability |
| CVE-2022-20915 | 2022-10-10 | Cisco IOS XE Software IPv6 VPN over MPLS Denial of Service Vulnerability |
| CVE-2022-20920 | 2022-10-10 | Cisco IOS and IOS XE Software SSH Denial of Service Vulnerability |
| CVE-2022-20837 | 2022-10-10 | Cisco IOS XE Software DNS NAT Protocol Application Layer Gateway Denial of Service Vulnerability |
| CVE-2022-20864 | 2022-10-10 | Cisco IOS XE ROM Monitor Software for Catalyst Switches Information Disclosure Vulnerability |
| CVE-2022-34334 | 2022-10-10 | IBM Sterling Partner Engagement Manager 2.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 229704. |
| CVE-2022-34402 | 2022-10-10 | Dell Wyse ThinOS 2205 contains a Regular Expression Denial of Service Vulnerability in UI. An admin privilege attacker could potentially exploit this vulnerability, leading to denial-of-service. |
| CVE-2022-34425 | 2022-10-10 | Dell Enterprise SONiC OS, 4.0.0, 4.0.1, contain a cryptographic key vulnerability in SSH. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to unauthorized access to communication. |
| CVE-2020-14129 | 2022-10-11 | A logic vulnerability exists in a Xiaomi product. The vulnerability is caused by an identity verification failure, which can be exploited by an attacker who can obtain a brief elevation... |
| CVE-2020-14131 | 2022-10-11 | The Xiaomi Security Center expresses heartfelt thanks to ADLab of VenusTech ! At the same time, we also welcome more outstanding and professional security experts and security teams to join... |
| CVE-2021-0696 | 2022-10-11 | In dllist_remove_node of TBD, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with no additional execution privileges... |
| CVE-2021-0951 | 2022-10-11 | In DevmemIntHeapAcquire of TBD, there is a possible arbitrary code execution due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed.... |
| CVE-2022-20351 | 2022-10-11 | In queryInternal of CallLogProvider.java, there is a possible access to voicemail information due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User... |
| CVE-2022-20394 | 2022-10-11 | In getInputMethodWindowVisibleHeight of InputMethodManagerService.java, there is a possible way to determine when another app is showing an IME due to a missing permission check. This could lead to local information... |
| CVE-2022-20409 | 2022-10-11 | In io_identity_cow of io_uring.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with System execution privileges... |
| CVE-2022-20410 | 2022-10-11 | In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed.... |
| CVE-2022-20412 | 2022-10-11 | In fdt_next_tag of fdt.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges... |
| CVE-2022-20413 | 2022-10-11 | In start of Threads.cpp, there is a possible way to record audio during a phone call due to a logic error in the code. This could lead to local information... |
| CVE-2022-20415 | 2022-10-11 | In handleFullScreenIntent of StatusBarNotificationActivityStarter.java, there is a possible bypass of the restriction of starting activity from background due to a logic error in the code. This could lead to local... |