CVE List - 2022 / November
Showing 701 - 800 of 2020 CVEs for November 2022 (Page 8 of 21)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-3265 | 2022-11-09 | A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. It was possible to exploit... |
| CVE-2022-3280 | 2022-11-09 | An open redirect in GitLab CE/EE affecting all versions from 10.1 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to trick users into... |
| CVE-2022-3285 | 2022-11-09 | Bypass of healthcheck endpoint allow list affecting all versions from 12.0 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an unauthorized attacker to prevent access... |
| CVE-2022-3413 | 2022-11-09 | Incorrect authorization during display of Audit Events in GitLab EE affecting all versions from 14.5 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2, allowed Developers to... |
| CVE-2022-3483 | 2022-11-09 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.1 before 15.3.5, all versions starting from 15.4 before 15.4.4, all versions starting from 15.5 before 15.5.2.... |
| CVE-2022-3486 | 2022-11-09 | An open redirect vulnerability in GitLab EE/CE affecting all versions from 9.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2, allows an attacker to redirect users... |
| CVE-2022-3706 | 2022-11-09 | Improper authorization in GitLab CE/EE affecting all versions from 7.14 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a user retrying a job in a... |
| CVE-2022-3726 | 2022-11-09 | Lack of sand-boxing of OpenAPI documents in GitLab CE/EE affecting all versions from 12.6 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to... |
| CVE-2022-3793 | 2022-11-09 | An improper authorization issue in GitLab CE/EE affecting all versions from 14.4 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to read variables... |
| CVE-2022-3818 | 2022-11-09 | An uncontrolled resource consumption issue when parsing URLs in GitLab CE/EE affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to... |
| CVE-2022-3819 | 2022-11-09 | An improper authorization issue in GitLab CE/EE affecting all versions from 15.0 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a malicious users to set... |
| CVE-2022-39306 | 2022-11-09 | Grafana contains Improper Input Validation |
| CVE-2022-39307 | 2022-11-09 | Grafana subject to Exposure of Sensitive Information resulting in User enumeration via forget password |
| CVE-2022-39368 | 2022-11-09 | Californium Failing DTLS handshakes causes Data Loss due to throttling blocking processing of records |
| CVE-2022-39879 | 2022-11-09 | Improper authorization vulnerability in?CallBGProvider prior to SMR Nov-2022 Release 1 allows local attacker to grant permission for accessing information with phone uid. |
| CVE-2022-39880 | 2022-11-09 | Improper input validation vulnerability in DualOutFocusViewer prior to SMR Nov-2022 Release 1 allows local attacker to perform an arbitrary code execution. |
| CVE-2022-39881 | 2022-11-09 | Improper input validation vulnerability for processing SIB12 PDU in Exynos modems prior to SMR Sep-2022 Release allows remote attacker to read out of bounds memory. |
| CVE-2022-39882 | 2022-11-09 | Heap overflow vulnerability in sflacf_fal_bytes_peek function in libsmat.so library prior to SMR Nov-2022 Release 1 allows local attacker to execute arbitrary code. |
| CVE-2022-39883 | 2022-11-09 | Improper authorization vulnerability in StorageManagerService prior to SMR Nov-2022 Release 1 allows local attacker to call privileged API. |
| CVE-2022-39884 | 2022-11-09 | Improper access control vulnerability in IImsService prior to SMR Nov-2022 Release 1 allows local attacker to access to Call information. |
| CVE-2022-39885 | 2022-11-09 | Improper access control vulnerability in BootCompletedReceiver_CMCC in DeviceManagement prior to SMR Nov-2022 Release 1 allows local attacker to access to Device information. |
| CVE-2022-39886 | 2022-11-09 | Improper access control vulnerability in IpcRxServiceModeBigDataInfo in RIL prior to SMR Nov-2022 Release 1 allows local attacker to access Device information. |
| CVE-2022-39887 | 2022-11-09 | Improper access control vulnerability in clearAllGlobalProxy in MiscPolicy prior to SMR Nov-2022 Release 1 allows local attacker to configure EDM setting. |
| CVE-2022-39889 | 2022-11-09 | Improper access control vulnerability in GalaxyWatch4Plugin prior to versions 2.2.11.22101351 and 2.2.12.22101351 allows attackers to access wearable device information. |
| CVE-2022-39890 | 2022-11-09 | Improper Authorization in Samsung Billing prior to version 5.0.56.0 allows attacker to get sensitive information. |
| CVE-2022-39891 | 2022-11-09 | Heap overflow vulnerability in parse_pce function in libsavsaudio.so in Editor Lite prior to version 4.0.41.3 allows attacker to get information. |
| CVE-2022-39892 | 2022-11-09 | Improper access control in Samsung Pass prior to version 4.0.05.1 allows attackers to unauthenticated access via keep open feature. |
| CVE-2022-39893 | 2022-11-09 | Sensitive information exposure vulnerability in FmmBaseModel in Galaxy Buds Pro Manage prior to version 4.1.22092751 allows local attackers with log access permission to get device identifier data through device log. |
| CVE-2022-40797 | 2022-11-09 | Roxy Fileman 1.4.6 allows Remote Code Execution via a .phar upload, because the default FORBIDDEN_UPLOADS value in conf.json only blocks .php, .php4, and .php5 files. (Visiting any .phar file invokes... |
| CVE-2022-41049 | 2022-11-09 | Windows Mark of the Web Security Feature Bypass Vulnerability |
| CVE-2022-41054 | 2022-11-09 | Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability |
| CVE-2022-41061 | 2022-11-09 | Microsoft Word Remote Code Execution Vulnerability |
| CVE-2022-41073 | 2022-11-09 | Windows Print Spooler Elevation of Privilege Vulnerability |
| CVE-2022-41080 | 2022-11-09 | Microsoft Exchange Server Elevation of Privilege Vulnerability |
| CVE-2022-41091 | 2022-11-09 | Windows Mark of the Web Security Feature Bypass Vulnerability |
| CVE-2022-41125 | 2022-11-09 | Windows CNG Key Isolation Service Elevation of Privilege Vulnerability |
| CVE-2022-41128 | 2022-11-09 | Windows Scripting Languages Remote Code Execution Vulnerability |
| CVE-2022-42964 | 2022-11-09 | Exponential ReDoS in pymatgen leads to denial of service |
| CVE-2022-42965 | 2022-11-09 | Exponential ReDoS in snowflake-connector-python leads to denial of service |
| CVE-2022-42966 | 2022-11-09 | Exponential ReDoS in cleo leads to denial of service |
| CVE-2022-43031 | 2022-11-09 | DedeCMS v6.1.9 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add Administrator accounts and modify Admin passwords. |
| CVE-2022-43058 | 2022-11-09 | Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms//classes/Master.php?f=delete_activity. |
| CVE-2022-43118 | 2022-11-09 | A cross-site scripting (XSS) vulnerability in flatCore-CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Username text field. |
| CVE-2022-43119 | 2022-11-09 | A cross-site scripting (XSS) vulnerability in Clansphere CMS v2011.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Username parameter. |
| CVE-2022-43120 | 2022-11-09 | A cross-site scripting (XSS) vulnerability in the /panel/fields/add component of Intelliants Subrion CMS v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the... |
| CVE-2022-43121 | 2022-11-09 | A cross-site scripting (XSS) vulnerability in the CMS Field Add page of Intelliants Subrion CMS v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected... |
| CVE-2022-43277 | 2022-11-09 | Canteen Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via ip/youthappam/php_action/editFile.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. |
| CVE-2022-43278 | 2022-11-09 | Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the categoriesId parameter at /php_action/fetchSelectedCategories.php. |
| CVE-2022-43290 | 2022-11-09 | Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /youthappam/editcategory.php. |
| CVE-2022-43291 | 2022-11-09 | Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /youthappam/editclient.php. |
| CVE-2022-43292 | 2022-11-09 | Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /youthappam/editfood.php. |
| CVE-2022-43310 | 2022-11-09 | An Uncontrolled Search Path Element in Foxit Software released Foxit Reader v11.2.118.51569 allows attackers to escalate privileges when searching for DLL libraries without specifying an absolute path. |
| CVE-2022-43320 | 2022-11-09 | FeehiCMS v2.1.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the id parameter at /web/admin/index.php?r=log%2Fview-layer. |
| CVE-2022-43321 | 2022-11-09 | Shopwind v3.4.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the component /common/library/Page.php. |
| CVE-2022-44244 | 2022-11-09 | An authentication bypass in Lin-CMS v0.2.1 allows attackers to escalate privileges to Super Administrator. |
| CVE-2022-44546 | 2022-11-09 | The kernel module has the vulnerability that the mapping is not cleared after the memory is automatically released. Successful exploitation of this vulnerability may cause a system restart. |
| CVE-2022-44547 | 2022-11-09 | The Display Service module has a UAF vulnerability. Successful exploitation of this vulnerability may affect the display service availability. |
| CVE-2022-44548 | 2022-11-09 | There is a vulnerability in permission verification during the Bluetooth pairing process. Successful exploitation of this vulnerability may cause the dialog box for confirming the pairing not to be displayed... |
| CVE-2022-44549 | 2022-11-09 | The LBS module has a vulnerability in geofencing API access. Successful exploitation of this vulnerability may cause third-party apps to access the geofencing APIs without authorization, affecting user confidentiality. |
| CVE-2022-44550 | 2022-11-09 | The graphics display module has a UAF vulnerability when traversing graphic layers. Successful exploitation of this vulnerability may affect system availability. |
| CVE-2022-44551 | 2022-11-09 | The iaware module has a vulnerability in thread security. Successful exploitation of this vulnerability will affect confidentiality, integrity, and availability. |
| CVE-2022-44552 | 2022-11-09 | The lock screen module has defects introduced in the design process. Successful exploitation of this vulnerability may affect system availability. |
| CVE-2022-44553 | 2022-11-09 | The HiView module has a vulnerability of not filtering third-party apps out when the HiView module traverses to invoke the system provider. Successful exploitation of this vulnerability may cause third-party... |
| CVE-2022-44554 | 2022-11-09 | The power module has a vulnerability in permission verification. Successful exploitation of this vulnerability may cause abnormal status of a module on the device. |
| CVE-2022-44555 | 2022-11-09 | The DDMP/ODMF module has a service hijacking vulnerability. Successful exploit of this vulnerability may cause services to be unavailable. |
| CVE-2022-44557 | 2022-11-09 | The SmartTrimProcessEvent module has a vulnerability of obtaining the read and write permissions on arbitrary system files. Successful exploitation of this vulnerability may affect data confidentiality. |
| CVE-2022-44558 | 2022-11-09 | The AMS module has a vulnerability of serialization/deserialization mismatch. Successful exploitation of this vulnerability may cause privilege escalation. |
| CVE-2022-44559 | 2022-11-09 | The AMS module has a vulnerability of serialization/deserialization mismatch. Successful exploitation of this vulnerability may cause privilege escalation. |
| CVE-2022-44560 | 2022-11-09 | The launcher module has an Intent redirection vulnerability. Successful exploitation of this vulnerability may cause launcher module data to be modified. |
| CVE-2022-44561 | 2022-11-09 | The preset launcher module has a permission verification vulnerability. Successful exploitation of this vulnerability makes unauthorized apps add arbitrary widgets and shortcuts without interaction. |
| CVE-2022-44562 | 2022-11-09 | The system framework layer has a vulnerability of serialization/deserialization mismatch. Successful exploitation of this vulnerability may cause privilege escalation. |
| CVE-2022-44563 | 2022-11-09 | There is a race condition vulnerability in SD upgrade mode. Successful exploitation of this vulnerability may affect data confidentiality. |
| CVE-2022-45059 | 2022-11-09 | An issue was discovered in Varnish Cache 7.x before 7.1.2 and 7.2.x before 7.2.1. A request smuggling attack can be performed on Varnish Cache servers by requesting that certain headers... |
| CVE-2022-45060 | 2022-11-09 | An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. An attacker may introduce characters through HTTP/2 pseudo-headers... |
| CVE-2022-45061 | 2022-11-09 | An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted,... |
| CVE-2022-45062 | 2022-11-09 | In Xfce xfce4-settings before 4.16.4 and 4.17.x before 4.17.1, there is an argument injection vulnerability in xfce4-mime-helper. |
| CVE-2022-31253 | 2022-11-09 | openldap2: /usr/lib/openldap/start allows ldap user/group to recursively chown arbitrary directory trees to itself |
| CVE-2021-34566 | 2022-11-09 | WAGO I/O-Check Service prone to Memory Overflow |
| CVE-2021-34567 | 2022-11-09 | WAGO I/O-Check Service prone to Out-of-bounds Read |
| CVE-2021-34568 | 2022-11-09 | WAGO I/O-Check Service prone to Allocation of Resources Without Limits or Throttling |
| CVE-2021-34569 | 2022-11-09 | WAGO I/O-Check Service prone to Out-of-bounds Write |
| CVE-2022-43488 | 2022-11-09 | WordPress Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.5 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-41978 | 2022-11-09 | WordPress Zoho CRM Lead Magnet plugin <= 1.7.5.8 - Auth. Arbitrary Options Update vulnerability |
| CVE-2021-34577 | 2022-11-09 | Hardcoded credentials in Kaden PICOFLUX AiR |
| CVE-2021-34579 | 2022-11-09 | PHOENIX CONTACT: FL MGUARD DM version 1.12.0 and 1.13.0 Improper Privilege Management |
| CVE-2022-0031 | 2022-11-09 | Cortex XSOAR: Local Privilege Escalation (PE) Vulnerability in Cortex XSOAR Engine |
| CVE-2022-25932 | 2022-11-09 | The firmware of InHand Networks InRouter302 V3.5.45 introduces fixes for TALOS-2022-1472 and TALOS-2022-1474. The fixes are incomplete. An attacker can still perform, respectively, a privilege escalation and an information disclosure... |
| CVE-2022-26023 | 2022-11-09 | A leftover debug code vulnerability exists in the console verify functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to disabling security features. An attacker... |
| CVE-2022-28689 | 2022-11-09 | A leftover debug code vulnerability exists in the console support functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted network request can lead to arbitrary command execution. An attacker can send... |
| CVE-2022-29481 | 2022-11-09 | A leftover debug code vulnerability exists in the console nvram functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to disabling security features. An attacker... |
| CVE-2022-29888 | 2022-11-09 | A leftover debug code vulnerability exists in the httpd port 4444 upload.cgi functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted HTTP request can lead to arbitrary file deletion. An attacker... |
| CVE-2022-30543 | 2022-11-09 | A leftover debug code vulnerability exists in the console infct functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to execution of privileged operations. An... |
| CVE-2022-32588 | 2022-11-09 | An out-of-bounds write vulnerability exists in the PICT parsing pctwread_14841 functionality of Accusoft ImageGear 20.0. A specially-crafted malformed file can lead to memory corruption. An attacker can provide a malicious... |
| CVE-2020-12931 | 2022-11-09 | Improper parameters handling in the AMD Secure Processor (ASP) kernel may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity. |
| CVE-2021-26391 | 2022-11-09 | Insufficient verification of multiple header signatures while loading a Trusted Application (TA) may allow an attacker with privileges to gain code execution in that TA or the OS/kernel. |
| CVE-2021-26393 | 2022-11-09 | Insufficient memory cleanup in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the... |
| CVE-2020-12930 | 2022-11-09 | Improper parameters handling in AMD Secure Processor (ASP) drivers may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity. |
| CVE-2021-26360 | 2022-11-09 | An attacker with local access to the system can make unauthorized modifications of the security configuration of the SOC registers. This could allow potential corruption of AMD secure processor’s encrypted... |
| CVE-2021-26392 | 2022-11-09 | Insufficient verification of missing size check in 'LoadModule' may lead to an out-of-bounds write potentially allowing an attacker with privileges to gain code execution of the OS/kernel by loading a... |
| CVE-2022-27674 | 2022-11-09 | Insufficient validation in the IOCTL input/output buffer in AMD μProf may allow an attacker to bypass bounds checks potentially leading to a Windows kernel crash resulting in denial of service. |