CVE List - 2022 / November
Showing 1601 - 1700 of 2020 CVEs for November 2022 (Page 17 of 21)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-44193 | 2022-11-22 | Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow in /usr/sbin/httpd via parameters: starthour, startminute , endhour, and endminute. |
| CVE-2022-44194 | 2022-11-22 | Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameters apmode_dns1_pri and apmode_dns1_sec. |
| CVE-2022-44196 | 2022-11-22 | Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameter openvpn_push1. |
| CVE-2022-44197 | 2022-11-22 | Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameter openvpn_server_ip. |
| CVE-2022-44198 | 2022-11-22 | Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameter openvpn_push1. |
| CVE-2022-44199 | 2022-11-22 | Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameter openvpn_server_ip. |
| CVE-2022-44200 | 2022-11-22 | Netgear R7000P V1.3.0.8, V1.3.1.64 is vulnerable to Buffer Overflow via parameters: stamode_dns1_pri and stamode_dns1_sec. |
| CVE-2022-44201 | 2022-11-22 | D-Link DIR823G 1.02B05 is vulnerable to Commad Injection. |
| CVE-2022-44202 | 2022-11-22 | D-Link DIR878 1.02B04 and 1.02B05 are vulnerable to Buffer Overflow. |
| CVE-2022-44801 | 2022-11-22 | D-Link DIR-878 1.02B05 is vulnerable to Incorrect Access Control. |
| CVE-2022-44804 | 2022-11-22 | D-Link DIR-882 1.10B02 and1.20B06 is vulnerable to Buffer Overflow via the websRedirect function. |
| CVE-2022-44806 | 2022-11-22 | D-Link DIR-882 1.10B02 and 1.20B06 is vulnerable to Buffer Overflow. |
| CVE-2022-44807 | 2022-11-22 | D-Link DIR-882 1.10B02 and 1.20B06 is vulnerable to Buffer Overflow via webGetVarString. |
| CVE-2022-44808 | 2022-11-22 | A command injection vulnerability has been found on D-Link DIR-823G devices with firmware version 1.02B03 that allows an attacker to execute arbitrary operating system commands through well-designed /HNAP1 requests. Before... |
| CVE-2022-45330 | 2022-11-22 | AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the Category parameter at \category.php. This vulnerability allows attackers to access database information. |
| CVE-2022-45331 | 2022-11-22 | AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the p_id parameter at \post.php. This vulnerability allows attackers to access database information. |
| CVE-2022-45529 | 2022-11-22 | AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the post_category_id parameter at \admin\includes\edit_post.php. This vulnerability allows attackers to access database information. |
| CVE-2022-45535 | 2022-11-22 | AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the edit parameter at \admin\categories.php. This vulnerability allows attackers to access database information. |
| CVE-2022-45536 | 2022-11-22 | AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the id parameter at \admin\post_comments.php. This vulnerability allows attackers to access database information. |
| CVE-2022-37931 | 2022-11-22 | A vulnerability in NetBatch-Plus software allows unauthorized access to the application |
| CVE-2022-45363 | 2022-11-22 | WordPress Betheme premium theme <= 26.6.1 - Auth. Stored Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-2513 | 2022-11-22 | Cleartext Credentials Vulnerability on Hitachi Energy’s Multiple IED Connectivity Packages (IED ConnPacks) and PCM600 Products |
| CVE-2022-3910 | 2022-11-22 | Use after free in IO_uring in the Linux Kernel |
| CVE-2022-44737 | 2022-11-22 | WordPress All In One WP Security plugin <= 5.1.0 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities |
| CVE-2022-40228 | 2022-11-22 | IBM DataPower Gateway session fixation |
| CVE-2022-2791 | 2022-11-22 | Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulnerable to CWE-434 Unrestricted Upload of File with Dangerous Type, and will upload any file written into the PLC logic... |
| CVE-2021-3942 | 2022-11-22 | Certain HP Print products and Digital Sending products may be vulnerable to potential remote code execution and buffer overflow with use of Link-Local Multicast Name Resolution or LLMNR. |
| CVE-2022-44117 | 2022-11-23 | Boa 0.94.14rc21 is vulnerable to SQL Injection via username. NOTE: the is disputed by multiple third parties because Boa does not ship with any support for SQL. |
| CVE-2022-45868 | 2022-11-23 | The web-based admin console in H2 Database Engine before 2.2.220 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext... |
| CVE-2009-1142 | 2022-11-23 | An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can gain privileges via a symlink attack on /tmp files if vmware-user-suid-wrapper is setuid root and the ChmodChownDirectory function is enabled. |
| CVE-2009-1143 | 2022-11-23 | An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can bypass intended access restrictions on mounting shares via a symlink attack that leverages a realpath race condition in mount.vmhgfs (aka... |
| CVE-2020-23583 | 2022-11-23 | OPTILINK OP-XT71000N V2.2 is vulnerable to Remote Code Execution. The issue occurs when the attacker sends an arbitrary code on "/diag_ping_admin.asp" to "PingTest" interface that leads to COMMAND EXECUTION. An... |
| CVE-2020-23584 | 2022-11-23 | Unauthenticated remote code execution in OPTILINK OP-XT71000N, Hardware Version: V2.2 occurs when the attacker passes arbitrary commands with IP-ADDRESS using " | " to execute commands on " /diag_tracert_admin.asp "... |
| CVE-2020-23585 | 2022-11-23 | A remote attacker can conduct a cross-site request forgery (CSRF) attack on OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028. The vulnerability is due to insufficient CSRF protections for... |
| CVE-2020-23586 | 2022-11-23 | A vulnerability found in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to Add Network Traffic... |
| CVE-2020-23587 | 2022-11-23 | A vulnerability found in the OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to men in... |
| CVE-2020-23588 | 2022-11-23 | A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to "Enable or Disable Ports"... |
| CVE-2020-23589 | 2022-11-23 | A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to cause a Denial of... |
| CVE-2020-23590 | 2022-11-23 | A vulnerability in Optilink OP-XT71000N Hardware version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated remote attacker to conduct a cross-site request forgery (CSRF) attack to change the Password for... |
| CVE-2020-23591 | 2022-11-23 | A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an attacker to upload arbitrary files through " /mgm_dev_upgrade.asp " which can "delete every file for Denial... |
| CVE-2020-23592 | 2022-11-23 | A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to Reset ONU to Factory... |
| CVE-2020-23593 | 2022-11-23 | A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2, Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross site request forgery (CSRF) attack to enable syslog mode through... |
| CVE-2021-29334 | 2022-11-23 | An issue was discovered in JIZHI CMS 1.9.4. There is a CSRF vulnerability that can add an admin account via index, /admin.php/Admin/adminadd.html |
| CVE-2021-35284 | 2022-11-23 | SQL Injection vulnerability in function get_user in login_manager.php in rizalafani cms-php v1. |
| CVE-2021-43258 | 2022-11-23 | CartView.php in ChurchInfo 1.3.0 allows attackers to achieve remote code execution through insecure uploads. This requires authenticated access tot he ChurchInfo application. Once authenticated, a user can add names to... |
| CVE-2021-46854 | 2022-11-23 | mod_radius in ProFTPD before 1.3.7c allows memory disclosure to RADIUS servers because it copies blocks of 16 characters. |
| CVE-2022-23740 | 2022-11-23 | Improper Neutralization of Argument Delimiters in a Command in GitHub Enterprise Server leading to Remote Code Execution |
| CVE-2022-34830 | 2022-11-23 | An Arm product family through 2022-06-29 has a TOCTOU Race Condition that allows non-privileged user to make improper GPU processing operations to gain access to already freed memory. |
| CVE-2022-35500 | 2022-11-23 | Amasty Blog 2.10.3 is vulnerable to Cross Site Scripting (XSS) via leave comment functionality. |
| CVE-2022-35501 | 2022-11-23 | Stored Cross-site Scripting (XSS) exists in the Amasty Blog Pro 2.10.3 and 2.10.4 plugin for Magento 2 because of the duplicate post function. |
| CVE-2022-36111 | 2022-11-23 | immundb has insufficient verification of data authenticity |
| CVE-2022-36337 | 2022-11-23 | An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. A stack buffer overflow vulnerability in the MebxConfiguration driver leads to arbitrary code execution. Control of a UEFI... |
| CVE-2022-37421 | 2022-11-23 | Silverstripe silverstripe/cms through 4.11.0 allows XSS. |
| CVE-2022-37429 | 2022-11-23 | Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 2) via JavaScript payload to the href attribute of a link by splitting a javascript URL with white space characters. |
| CVE-2022-37430 | 2022-11-23 | Silverstripe silverstripe/framework through 4.11 allows XSS vulnerability via href attribute of a link (issue 2 of 2). |
| CVE-2022-37772 | 2022-11-23 | Maarch RM 2.8.3 solution contains an improper restriction of excessive authentication attempts due to excessive verbose responses from the application. An unauthenticated remote attacker could potentially exploit this vulnerability, leading... |
| CVE-2022-38113 | 2022-11-23 | Information Disclosure Vulnerability |
| CVE-2022-38114 | 2022-11-23 | Client-Side Desync Vulnerability |
| CVE-2022-38115 | 2022-11-23 | Insecure Methods Vulnerability |
| CVE-2022-38145 | 2022-11-23 | Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 3) via remote attackers adding a Javascript payload to a page's meta description and get it executed in the versioned history... |
| CVE-2022-38147 | 2022-11-23 | Silverstripe silverstripe/framework through 4.11 allows XSS (issue 3 of 3). |
| CVE-2022-39833 | 2022-11-23 | FileCloud Versions 20.2 and later allows remote attackers to potentially cause unauthorized remote code execution and access to reported API endpoints via a crafted HTTP request. |
| CVE-2022-40304 | 2022-11-23 | An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free... |
| CVE-2022-40770 | 2022-11-23 | Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to authenticated command injection. This can be exploited by high-privileged users. |
| CVE-2022-40771 | 2022-11-23 | Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to an XML External Entity attack that leads to Information Disclosure. |
| CVE-2022-40772 | 2022-11-23 | Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to a validation bypass that allows users to access sensitive data via the report module. |
| CVE-2022-41446 | 2022-11-23 | An access control issue in /Admin/dashboard.php of Record Management System using CodeIgniter v1.0 allows attackers to access and modify user data. |
| CVE-2022-41875 | 2022-11-23 | Remote Code Execution in Optica |
| CVE-2022-41922 | 2022-11-23 | yiisoft/yii before v1.1.27 vulnerable to Remote Code Execution if the application calls `unserialize()` on arbitrary user input |
| CVE-2022-41923 | 2022-11-23 | Grails Spring Security Core plugin vulnerable to privilege escalation |
| CVE-2022-41924 | 2022-11-23 | Tailscale Windows daemon is vulnerable to RCE via CSRF |
| CVE-2022-41925 | 2022-11-23 | Tailscale daemon is vulnerable to information disclosure via CSRF |
| CVE-2022-41927 | 2022-11-23 | XWiki Platform vulnerable to Cross-Site Request Forgery (CSRF) allowing to delete or rename tags |
| CVE-2022-41928 | 2022-11-23 | XWiki Platform vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in AttachmentSelector.xml |
| CVE-2022-41929 | 2022-11-23 | Missing Authorization in User#setDisabledStatus in org.xwiki.platform:xwiki-platform-oldcore |
| CVE-2022-41930 | 2022-11-23 | org.xwiki.platform:xwiki-platform-user-profile-ui missing authorization to enable or disable users |
| CVE-2022-41931 | 2022-11-23 | Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in xwiki-platform-icon-ui |
| CVE-2022-41932 | 2022-11-23 | Creation of new database tables through login form on PostgreSQL |
| CVE-2022-41933 | 2022-11-23 | Plaintext storage of password in org.xwiki.platform:xwiki-platform-security-authentication-default |
| CVE-2022-41934 | 2022-11-23 | Improper Neutralization of Directives in Dynamically Evaluated Code in org.xwiki.platform:xwiki-platform-menu-ui |
| CVE-2022-41935 | 2022-11-23 | Exposure of Sensitive Information to an Unauthorized Actor in org.xwiki.platform:xwiki-platform-livetable-ui |
| CVE-2022-41946 | 2022-11-23 | TemporaryFolder on unix-like systems does not limit access to created files in pgjdbc |
| CVE-2022-42095 | 2022-11-23 | Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Page content. |
| CVE-2022-43196 | 2022-11-23 | dedecmdv6 v6.1.9 is vulnerable to Arbitrary file deletion via file_manage_control.php. |
| CVE-2022-43213 | 2022-11-23 | Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at editorder.php. |
| CVE-2022-44118 | 2022-11-23 | dedecmdv6 v6.1.9 is vulnerable to Remote Code Execution (RCE) via file_manage_control.php. |
| CVE-2022-44120 | 2022-11-23 | dedecmdv6 6.1.9 is vulnerable to SQL Injection. via sys_sql_query.php. |
| CVE-2022-44139 | 2022-11-23 | Apartment Visitor Management System v1.0 is vulnerable to SQL Injection via /avms/index.php. |
| CVE-2022-44140 | 2022-11-23 | Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /Member/memberedit.html component. |
| CVE-2022-44249 | 2022-11-23 | TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter in the UploadFirmwareFile function. |
| CVE-2022-44250 | 2022-11-23 | TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the hostName parameter in the setOpModeCfg function. |
| CVE-2022-44251 | 2022-11-23 | TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the ussd parameter in the setUssd function. |
| CVE-2022-44252 | 2022-11-23 | TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter in the setUploadSetting function. |
| CVE-2022-44253 | 2022-11-23 | TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter ip in the setDiagnosisCfg function. |
| CVE-2022-44254 | 2022-11-23 | TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter text in the setSmsCfg function. |
| CVE-2022-44255 | 2022-11-23 | TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a pre-authentication buffer overflow in the main function via long post data. |
| CVE-2022-44256 | 2022-11-23 | TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter lang in the setLanguageCfg function. |
| CVE-2022-44257 | 2022-11-23 | TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter pppoeUser in the setOpModeCfg function. |
| CVE-2022-44258 | 2022-11-23 | TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter command in the setTracerouteCfg function. |
| CVE-2022-44259 | 2022-11-23 | TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter week, sTime, and eTime in the setParentalRules function. |