CVE List - 2022 / November
Showing 1301 - 1400 of 2020 CVEs for November 2022 (Page 14 of 21)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-43782 | 2022-11-17 | Affected versions of Atlassian Crowd allow an attacker to authenticate as the crowd application via security misconfiguration and subsequent ability to call privileged endpoints in Crowd's REST API under the... |
| CVE-2022-40751 | 2022-11-17 | IBM UrbanCode Deploy information disclosure |
| CVE-2022-38390 | 2022-11-17 | Multiple IBM Business Automation Workflow versions are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially... |
| CVE-2022-32537 | 2022-11-17 | Medtronic MiniMed 600 Series Pump System Communication Issue |
| CVE-2022-3090 | 2022-11-17 | Red Lion Controls Crimson 3.0 versions 707.000 and prior, Crimson 3.1 versions 3126.001 and prior, and Crimson 3.2 versions 3.2.0044.0 and prior are vulnerable to path traversal. When attempting to... |
| CVE-2022-45072 | 2022-11-17 | WordPress WPML Multilingual CMS premium plugin <= 4.5.13 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-45071 | 2022-11-17 | WordPress WPML Multilingual CMS premium plugin <= 4.5.13 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-38461 | 2022-11-17 | WordPress WPML Multilingual CMS premium plugin <= 4.5.10 - Broken Access Control vulnerability |
| CVE-2022-40200 | 2022-11-17 | WordPress wpForo Forum plugin <= 2.0.9 - Auth. Arbitrary File Upload vulnerability |
| CVE-2021-36905 | 2022-11-17 | WordPress Quiz And Survey Master plugin <= 7.3.4 - Multiple Auth. Stored Cross-Site Scripting (XSS) vulnerabilities |
| CVE-2022-45375 | 2022-11-17 | WordPress iFeature Slider plugin <= 1.2 - Auth. Stored Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-45066 | 2022-11-17 | WordPress WooSwipe WooCommerce Gallery plugin <= 2.0.1 - Auth. Broken Access Control vulnerability |
| CVE-2022-36357 | 2022-11-17 | WordPress ULTIMATE TABLES plugin <= 1.6.5 - Unauth. Reflected Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-45077 | 2022-11-17 | WordPress Betheme theme <= 26.5.1.4 - Auth. PHP Object Injection vulnerability |
| CVE-2022-41791 | 2022-11-17 | WordPress ProfileGrid plugin <= 5.1.6 - Auth. CSV Injection vulnerability |
| CVE-2022-44591 | 2022-11-17 | WordPress Anthologize plugin <= 0.8.0 - Auth. Stored Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-41132 | 2022-11-17 | WordPress Ezoic plugin <= 2.8.8 - Unauthenticated Plugin Settings Change Leading To Stored XSS Vulnerability |
| CVE-2022-41315 | 2022-11-17 | WordPress Ezoic plugin <= 2.8.8 - Auth. Stored Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-40192 | 2022-11-17 | WordPress wpForo Forum plugin <= 2.0.9 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-44736 | 2022-11-17 | WordPress Chameleon plugin <= 1.4.3 - Auth. Stored Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-40694 | 2022-11-17 | WordPress News Announcement Scroll plugin <= 8.8.8 - Auth. Stored Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-45069 | 2022-11-17 | WordPress Crowdsignal Dashboard plugin <= 3.0.9 - Privilege Escalation vulnerability |
| CVE-2022-36787 | 2022-11-17 | webvendome - webvendome SQL Injection |
| CVE-2022-36784 | 2022-11-17 | Elsight – Elsight Halo Remote Code Execution (RCE) |
| CVE-2022-39181 | 2022-11-17 | GLPI - Reports plugin for GLPI Reflected Cross-Site-Scripting (RXSS) |
| CVE-2022-39180 | 2022-11-17 | College Management System v1.0 - SQL Injection (SQLi) |
| CVE-2022-39178 | 2022-11-17 | Webvendome - webvendome Internal Server IP Disclosure |
| CVE-2022-39179 | 2022-11-17 | College Management System v1.0 - Authenticated remote code execution |
| CVE-2022-36785 | 2022-11-17 | D-Link – G integrated Access Device4 Information Disclosure & Authorization Bypass. |
| CVE-2022-28768 | 2022-11-17 | Local Privilege Escalation in Zoom Client Installer for macOS |
| CVE-2022-28766 | 2022-11-17 | DLL injection in Zoom Windows Clients |
| CVE-2022-36924 | 2022-11-17 | Local Privilege Escalation in Zoom Rooms Installer for Windows |
| CVE-2022-43447 | 2022-11-17 | Delta Electronics DIAEnergie SQL Injection |
| CVE-2022-43457 | 2022-11-17 | Delta Electronics DIAEnergie SQL Injection |
| CVE-2022-43452 | 2022-11-17 | Delta Electronics DIAEnergie SQL Injection |
| CVE-2022-41775 | 2022-11-17 | Delta Electronics DIAEnergie SQL Injection |
| CVE-2022-43506 | 2022-11-17 | Delta Electronics DIAEnergie SQL Injection |
| CVE-2022-24939 | 2022-11-17 | Malformed Zigbee packet with invalid destination address causes Assert |
| CVE-2021-22141 | 2022-11-18 | An open redirect flaw was found in Kibana versions before 7.13.0 and 6.8.16. If a logged in user visits a maliciously crafted URL, it could result in Kibana redirecting the... |
| CVE-2021-31739 | 2022-11-18 | The SEPPmail solution is vulnerable to a Cross-Site Scripting vulnerability (XSS), because user input is not correctly encoded in HTML attributes when returned by the server.SEPPmail 11.1.10 allows XSS via... |
| CVE-2021-33621 | 2022-11-18 | The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to... |
| CVE-2021-37936 | 2022-11-18 | It was discovered that Kibana was not sanitizing document fields containing HTML snippets. Using this vulnerability, an attacker with the ability to write documents to an elasticsearch index could inject... |
| CVE-2022-30256 | 2022-11-18 | An issue was discovered in MaraDNS Deadwood through 3.5.0021 that allows variant V1 of unintended domain name resolution. A revoked domain name can still be resolvable for a long time,... |
| CVE-2022-31606 | 2022-11-18 | NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a failure to properly validate data might allow an attacker with... |
| CVE-2022-31607 | 2022-11-18 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where a local user with basic capabilities can cause improper input validation, which may lead... |
| CVE-2022-31608 | 2022-11-18 | NVIDIA GPU Display Driver for Linux contains a vulnerability in an optional D-Bus configuration file, where a local user with basic capabilities can impact protected D-Bus endpoints, which may lead... |
| CVE-2022-31610 | 2022-11-18 | NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where a local user with basic capabilities can cause an out-of-bounds write, which may lead... |
| CVE-2022-31612 | 2022-11-18 | NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a local user with basic capabilities can cause an out-of-bounds read,... |
| CVE-2022-31613 | 2022-11-18 | NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer, where any local user can cause a null-pointer dereference, which may lead to a kernel panic. |
| CVE-2022-31615 | 2022-11-18 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where a local user with basic capabilities can cause a null-pointer dereference, which may lead to... |
| CVE-2022-31616 | 2022-11-18 | NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a local user with basic capabilities can cause an out-of-bounds read,... |
| CVE-2022-31617 | 2022-11-18 | NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where a local user with basic capabilities can cause an out-of-bounds read, which may lead... |
| CVE-2022-31694 | 2022-11-18 | InstallBuilder Qt installers built with versions previous to 22.10 try to load DLLs from the installer binary parent directory when displaying popups. This may allow an attacker to plant a... |
| CVE-2022-34665 | 2022-11-18 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a local user with basic capabilities can cause a null-pointer dereference, which may... |
| CVE-2022-34667 | 2022-11-18 | NVIDIA CUDA Toolkit SDK contains a stack-based buffer overflow vulnerability in cuobjdump, where an unprivileged remote attacker could exploit this buffer overflow condition by persuading a local user to download... |
| CVE-2022-34827 | 2022-11-18 | Carel Boss Mini 1.5.0 has Improper Access Control. |
| CVE-2022-37197 | 2022-11-18 | IOBit IOTransfer V4 is vulnerable to Unquoted Service Path. |
| CVE-2022-38871 | 2022-11-18 | In Free5gc v3.0.5, the AMF breaks due to malformed NAS messages. |
| CVE-2022-4055 | 2022-11-18 | When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead to additional headers being passed to thunderbird that should not be included per... |
| CVE-2022-41880 | 2022-11-18 | ThreadUnsafeUnigramCandidateSampler Heap out of bounds in Tensorflow |
| CVE-2022-41883 | 2022-11-18 | Out of bounds segmentation fault due to unequal op inputs in Tensorflow |
| CVE-2022-41884 | 2022-11-18 | Seg fault in `ndarray_tensor_bridge` due to zero and large inputs in Tensorflow |
| CVE-2022-41885 | 2022-11-18 | Overflow in `FusedResizeAndPadConv2D` in Tensorflow |
| CVE-2022-41886 | 2022-11-18 | Overflow in `ImageProjectiveTransformV2` in Tensorflow |
| CVE-2022-41887 | 2022-11-18 | Overflow in `tf.keras.losses.poisson` in Tensorflow |
| CVE-2022-41888 | 2022-11-18 | Unckecked rank size in `tf.image.generate_bounding_box_proposals` in Tensorflow |
| CVE-2022-41889 | 2022-11-18 | Segfault via invalid attributes in `pywrap_tfe_src.cc` in Tensorflow |
| CVE-2022-41890 | 2022-11-18 | `CHECK` fail in `BCast` overflow in Tensorflow |
| CVE-2022-41891 | 2022-11-18 | Segfault in `tf.raw_ops.TensorListConcat` in Tensorflow |
| CVE-2022-41893 | 2022-11-18 | `CHECK_EQ` fail in `tf.raw_ops.TensorListResize` in Tensorflow |
| CVE-2022-41894 | 2022-11-18 | Buffer overflow in `CONV_3D_TRANSPOSE` on TFLite |
| CVE-2022-41895 | 2022-11-18 | `MirrorPadGrad` heap out of bounds read in Tensorflow |
| CVE-2022-41896 | 2022-11-18 | `tf.raw_ops.Mfcc` crashes in Tensorflow |
| CVE-2022-41897 | 2022-11-18 | `FractionalMaxPoolGrad` Heap out of bounds read in Tensorflow |
| CVE-2022-41898 | 2022-11-18 | `CHECK` fail via inputs in `SparseFillEmptyRowsGrad` in Tensorflow |
| CVE-2022-41899 | 2022-11-18 | `CHECK` fail via inputs in `SdcaOptimizer` in Tensorflow |
| CVE-2022-41900 | 2022-11-18 | FractionalMaxPool and FractionalAVGPool heap out-of-bounds acess in Tensorflow |
| CVE-2022-41901 | 2022-11-18 | `CHECK_EQ` fail via input in `SparseMatrixNNZ` in Tensorflow |
| CVE-2022-41907 | 2022-11-18 | Overflow in `ResizeNearestNeighborGrad` in Tensorflow |
| CVE-2022-41908 | 2022-11-18 | `CHECK` fail via inputs in `PyFunc` in Tensorflow |
| CVE-2022-41909 | 2022-11-18 | Segfault in `CompositeTensorVariantToComponents` in Tensorflow |
| CVE-2022-41911 | 2022-11-18 | Invalid char to bool conversion when printing a tensor in Tensorflow |
| CVE-2022-42904 | 2022-11-18 | Zoho ManageEngine ADManager Plus through 7151 allows authenticated admin users to execute the commands in proxy settings. |
| CVE-2022-43308 | 2022-11-18 | INTELBRAS SG 2404 MR 20180928-rel64938 allows authenticated attackers to arbitrarily create Administrator accounts via crafted user cookies. |
| CVE-2022-43673 | 2022-11-18 | Wire through 3.22.3993 on Windows advertises deletion of sent messages; nonetheless, all messages can be retrieved (for a limited period of time) from the AppData\Roaming\Wire\IndexedDB\https_app.wire.com_0.indexeddb.leveldb database. |
| CVE-2022-44204 | 2022-11-18 | D-Link DIR3060 DIR3060A1_FW111B04.bin is vulnerable to Buffer Overflow. |
| CVE-2022-44378 | 2022-11-18 | Automotive Shop Management System v1.0 is vulnerable to SQL via /asms/classes/Master.php?f=delete_mechanic. |
| CVE-2022-44379 | 2022-11-18 | Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/classes/Master.php?f=delete_service. |
| CVE-2022-44413 | 2022-11-18 | Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/admin/mechanics/manage_mechanic.php?id=. |
| CVE-2022-44414 | 2022-11-18 | Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/admin/services/manage_service.php?id=. |
| CVE-2022-44415 | 2022-11-18 | Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/admin/mechanics/view_mechanic.php?id=. |
| CVE-2022-44641 | 2022-11-18 | In Linaro Automated Validation Architecture (LAVA) before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive use of memory... |
| CVE-2022-44820 | 2022-11-18 | Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/admin/?page=transactions/manage_transaction&id=. |
| CVE-2022-45132 | 2022-11-18 | In Linaro Automated Validation Architecture (LAVA) before 2022.11.1, remote code execution can be achieved through user-submitted Jinja2 template. The REST API endpoint for validating device configuration files in lava-server loads... |
| CVE-2022-45163 | 2022-11-18 | An information-disclosure vulnerability exists on select NXP devices when configured in Serial Download Protocol (SDP) mode: i.MX RT 1010, i.MX RT 1015, i.MX RT 1020, i.MX RT 1050, i.MX RT... |
| CVE-2022-45473 | 2022-11-18 | In drachtio-server 0.8.18, /var/log/drachtio has mode 0777 and drachtio.log has mode 0666. |
| CVE-2022-45474 | 2022-11-18 | drachtio-server 0.8.18 has a request-handler.cpp event_cb use-after-free for any request. |
| CVE-2022-24037 | 2022-11-18 | Unauthorized modification in Karmasis Informatics Infraskope SIEM+ |
| CVE-2022-24038 | 2022-11-18 | Unauthorized modification in Karmasis Informatics Infraskope SIEM+ |
| CVE-2022-45471 | 2022-11-18 | In JetBrains Hub before 2022.3.15181 Throttling was missed when sending emails to a particular email address |