CVE List - 2022 / November
Showing 801 - 900 of 2020 CVEs for November 2022 (Page 9 of 21)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-23831 | 2022-11-09 | Insufficient validation of the IOCTL input buffer in AMD μProf may allow an attacker to send an arbitrary buffer leading to a potential Windows kernel crash resulting in denial of... |
| CVE-2022-27673 | 2022-11-09 | Insufficient access controls in the AMD Link Android app may potentially result in information disclosure. |
| CVE-2022-23824 | 2022-11-09 | IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure. |
| CVE-2022-44590 | 2022-11-09 | WordPress Simple Video Embedder plugin <= 2.2 - Auth. Stored Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-45063 | 2022-11-10 | xterm before 375 allows code execution via font ops, e.g., because an OSC 50 response may have Ctrl-g and therefore lead to command execution within the vi line-editing mode of... |
| CVE-2021-40226 | 2022-11-10 | xpdfreader 4.03 is vulnerable to Buffer Overflow. |
| CVE-2021-40289 | 2022-11-10 | mm-wki v0.2.1 is vulnerable to Cross Site Scripting (XSS). |
| CVE-2022-26088 | 2022-11-10 | An issue was discovered in BMC Remedy before 22.1. Email-based Incident Forwarding allows remote authenticated users to inject HTML (such as an SSRF payload) into the Activity Log by placing... |
| CVE-2022-34666 | 2022-11-10 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a local user with basic capabilities can cause a null-pointer dereference, which may... |
| CVE-2022-35740 | 2022-11-10 | dotCMS before 22.06 allows remote attackers to bypass intended access control and obtain sensitive information by using a semicolon in a URL to introduce a matrix parameter. (This is also... |
| CVE-2022-36022 | 2022-11-10 | Some Deeplearning4J packages use unclaimed s3 bucket in tests and examples |
| CVE-2022-36938 | 2022-11-10 | DexLoader function get_stringidx_fromdex() in Redex prior to commit 3b44c64 can load an out of bound address when loading the string index table, potentially allowing remote code execution during processing of... |
| CVE-2022-39388 | 2022-11-10 | Istio may allow identity impersonation if user has localhost access |
| CVE-2022-39392 | 2022-11-10 | Wasmtime vulnerable to out of bounds read/write with zero-memory-pages configuration |
| CVE-2022-39393 | 2022-11-10 | Wasmtime vulnerable to data leakage between instances in the pooling allocator |
| CVE-2022-39394 | 2022-11-10 | wasmtime_trap_code C API function has out of bounds write vulnerability |
| CVE-2022-39395 | 2022-11-10 | Vela Insecure Defaults |
| CVE-2022-39396 | 2022-11-10 | Parse Server vulnerable to Remote Code Execution via prototype pollution in MongoDB BSON parser |
| CVE-2022-39398 | 2022-11-10 | InfotelGLPI vulnerable to Cross-site Scripting |
| CVE-2022-41874 | 2022-11-10 | Tauri Filesystem Scope can be Partially Bypassed |
| CVE-2022-41876 | 2022-11-10 | ezplatform-graphql GraphQL queries can expose password hashes |
| CVE-2022-41878 | 2022-11-10 | Parse Server Prototype pollution and Injection via Cloud Code Webhooks or Cloud Code Triggers |
| CVE-2022-41879 | 2022-11-10 | Parse Server subject to Prototype pollution via Cloud Code Webhooks |
| CVE-2022-43074 | 2022-11-10 | AyaCMS v3.1.2 was discovered to contain an arbitrary file upload vulnerability via the component /admin/fst_upload.inc.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. |
| CVE-2022-43679 | 2022-11-10 | The Docker image of ownCloud Server through 10.11 contains a misconfiguration that renders the trusted_domains config useless. This could be abused to spoof the URL in password-reset e-mail messages. |
| CVE-2022-44087 | 2022-11-10 | ESPCMS P8.21120101 was discovered to contain a remote code execution (RCE) vulnerability in the component UPFILE_PIC_ZOOM_HIGHT. |
| CVE-2022-44088 | 2022-11-10 | ESPCMS P8.21120101 was discovered to contain a remote code execution (RCE) vulnerability in the component INPUT_ISDESCRIPTION. |
| CVE-2022-44089 | 2022-11-10 | ESPCMS P8.21120101 was discovered to contain a remote code execution (RCE) vulnerability in the component IS_GETCACHE. |
| CVE-2022-44727 | 2022-11-10 | The EU Cookie Law GDPR (Banner + Blocker) module before 2.1.3 for PrestaShop allows SQL Injection via a cookie ( lgcookieslaw or __lglaw ). |
| CVE-2022-45129 | 2022-11-10 | Payara before 2022-11-04, when deployed to the root context, allows attackers to visit META-INF and WEB-INF, a different vulnerability than CVE-2022-37422. This affects Payara Platform Community before 4.1.2.191.38, 5.x before... |
| CVE-2022-45130 | 2022-11-10 | Plesk Obsidian allows a CSRF attack, e.g., via the /api/v2/cli/commands REST API to change an Admin password. NOTE: Obsidian is a specific version of the Plesk product: version numbers were... |
| CVE-2022-38119 | 2022-11-10 | POWERCOM CO., LTD. UPSMON PRO - Broken Authentication |
| CVE-2022-38120 | 2022-11-10 | POWERCOM CO., LTD. UPSMON PRO - Path Traversal |
| CVE-2022-38121 | 2022-11-10 | POWERCOM CO., LTD. UPSMON PRO - Insufficiently Protected Credentials |
| CVE-2022-38122 | 2022-11-10 | POWERCOM CO., LTD. UPSMON PRO - Cleartext Transmission of Sensitive Information |
| CVE-2022-39036 | 2022-11-10 | FLOWRING Agentflow BPM - Arbitrary File Upload |
| CVE-2022-39037 | 2022-11-10 | FLOWRING Agentflow BPM - Path Traversal |
| CVE-2022-39038 | 2022-11-10 | FLOWRING Agentflow BPM - Broken Access Control |
| CVE-2022-3866 | 2022-11-10 | Nomad Workload Identity Token Can List Non-sensitive Metadata for Paths Under nomad/ |
| CVE-2022-3867 | 2022-11-10 | Nomad Event Stream Subscriber Using a Token with TTL Receives Updates Until Garbage Collected |
| CVE-2022-31255 | 2022-11-10 | SUMA/UYUNI directory path traversal vulnerability in CobblerSnipperViewAction |
| CVE-2022-43753 | 2022-11-10 | SUMA/UYUNI arbitrary file disclosure vulnerability in ScapResultDownload |
| CVE-2022-43754 | 2022-11-10 | SUMA/UYUNI reflected cross site scripting in /rhn/audit/scap/Search.do |
| CVE-2022-42785 | 2022-11-10 | Wiesemann & Theis: Authentication bypass in Com-Server family |
| CVE-2022-42786 | 2022-11-10 | Wiesemann & Theis: XSS vulnerability in web interface of the Com-Server family |
| CVE-2022-42787 | 2022-11-10 | Wiesemann & Theis: Small number space for allocating session id in Com-Server family |
| CVE-2022-20946 | 2022-11-10 | A vulnerability in the generic routing encapsulation (GRE) tunnel decapsulation feature of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service... |
| CVE-2022-20947 | 2022-11-10 | A vulnerability in dynamic access policies (DAP) functionality of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an... |
| CVE-2022-20918 | 2022-11-10 | A vulnerability in the Simple Network Management Protocol (SNMP) access controls for Cisco FirePOWER Software for Adaptive Security Appliance (ASA) FirePOWER module, Cisco Firepower Management Center (FMC) Software, and Cisco... |
| CVE-2022-20927 | 2022-11-10 | A vulnerability in the SSL/TLS client of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause a denial... |
| CVE-2022-20924 | 2022-11-10 | A vulnerability in the Simple Network Management Protocol (SNMP) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker... |
| CVE-2022-20854 | 2022-11-10 | A vulnerability in the processing of SSH connections of Cisco Firepower Management Center (FMC) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a... |
| CVE-2022-20826 | 2022-11-10 | A vulnerability in the secure boot implementation of Cisco Secure Firewalls 3100 Series that are running Cisco Adaptive Security Appliance (ASA) Software or Cisco Firepower Threat Defense (FTD) Software could... |
| CVE-2022-20949 | 2022-11-10 | A vulnerability in the management web server of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker with high privileges to execute configuration commands on an affected... |
| CVE-2022-20950 | 2022-11-10 | A vulnerability in the interaction of SIP and Snort 3 for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the Snort 3 detection engine... |
| CVE-2022-20934 | 2022-11-10 | A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software and Cisco FXOS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating... |
| CVE-2022-20925 | 2022-11-10 | A vulnerability in the web management interface of the Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system.... |
| CVE-2022-20926 | 2022-11-10 | A vulnerability in the web management interface of the Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system.... |
| CVE-2022-20928 | 2022-11-10 | A vulnerability in the authentication and authorization flows for VPN connections in Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker... |
| CVE-2022-20922 | 2022-11-10 | Multiple vulnerabilities in the Server Message Block Version 2 (SMB2) processor of the Snort detection engine on multiple Cisco products could allow an unauthenticated, remote attacker to bypass the configured... |
| CVE-2022-20943 | 2022-11-10 | Multiple vulnerabilities in the Server Message Block Version 2 (SMB2) processor of the Snort detection engine on multiple Cisco products could allow an unauthenticated, remote attacker to bypass the configured... |
| CVE-2022-20941 | 2022-11-10 | A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to access sensitive information. This vulnerability is due to missing... |
| CVE-2022-20940 | 2022-11-10 | A vulnerability in the TLS handler of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to gain access to sensitive information. This vulnerability is due to... |
| CVE-2022-20831 | 2022-11-10 | Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a... |
| CVE-2022-20832 | 2022-11-10 | Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a... |
| CVE-2022-20833 | 2022-11-10 | Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a... |
| CVE-2022-20834 | 2022-11-10 | Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a... |
| CVE-2022-20835 | 2022-11-10 | Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a... |
| CVE-2022-20836 | 2022-11-10 | Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a... |
| CVE-2022-20838 | 2022-11-10 | Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a... |
| CVE-2022-20839 | 2022-11-10 | Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a... |
| CVE-2022-20840 | 2022-11-10 | Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a... |
| CVE-2022-20843 | 2022-11-10 | Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a... |
| CVE-2022-20872 | 2022-11-10 | Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a... |
| CVE-2022-20905 | 2022-11-10 | Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a... |
| CVE-2022-20932 | 2022-11-10 | Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a... |
| CVE-2022-20935 | 2022-11-10 | Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a... |
| CVE-2022-20936 | 2022-11-10 | Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a... |
| CVE-2022-20938 | 2022-11-10 | A vulnerability in the module import function of the administrative interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to view sensitive information. This vulnerability... |
| CVE-2022-41719 | 2022-11-10 | Panic in github.com/shamaton/msgpack/v2 |
| CVE-2022-41607 | 2022-11-10 | ETIC Telecom Remote Access Server Path Traversal |
| CVE-2022-40981 | 2022-11-10 | ETIC Telecom Remote Access Server Unrestricted Upload of File with Dangerous Type |
| CVE-2022-3703 | 2022-11-10 | ETIC Telecom Remote Access Server Insufficient Verification of Data Authenticity |
| CVE-2022-42460 | 2022-11-10 | WordPress Traffic Manager plugin <= 1.4.5 - Broken Access Control vulnerability leading to Stored Cross-Site Scripting (XSS) |
| CVE-2021-0185 | 2022-11-10 | Improper input validation in the firmware for some Intel(R) Server Board M10JNP Family before version 7.216 may allow a privileged user to potentially enable an escalation of privilege via local... |
| CVE-2022-3941 | 2022-11-11 | Activity Log Plugin HTTP Header neutralization for logs |
| CVE-2022-3950 | 2022-11-11 | sanluan PublicCMS Tab dwz.min.js initLink cross site scripting |
| CVE-2022-3939 | 2022-11-11 | lanyulei ferry API file.go path traversal |
| CVE-2022-3940 | 2022-11-11 | lanyulei ferry task.go path traversal |
| CVE-2022-3942 | 2022-11-11 | SourceCodester Sanitization Management System cross site scripting |
| CVE-2022-3943 | 2022-11-11 | ForU CMS cms_chip.php cross site scripting |
| CVE-2022-3944 | 2022-11-11 | jerryhanjj ERP Commodity Management inventory.php uploadImages unrestricted upload |
| CVE-2022-3945 | 2022-11-11 | Improper Restriction of Excessive Authentication Attempts in kareadita/kavita |
| CVE-2022-3947 | 2022-11-11 | eolinker goku_lite list sql injection |
| CVE-2022-3948 | 2022-11-11 | eolinker goku_lite getList sql injection |
| CVE-2022-3949 | 2022-11-11 | Sourcecodester Simple Cashiering System User Account cross site scripting |
| CVE-2022-3952 | 2022-11-11 | ManyDesigns Portofino WarFileLauncher.java createTempDir temp file |
| CVE-2022-3955 | 2022-11-11 | tholum crm42 Login class.user.php sql injection |
| CVE-2022-3956 | 2022-11-11 | tsruban HHIMS Patient Portrait sql injection |
| CVE-2022-3957 | 2022-11-11 | GPAC SVG Parser svg_attributes.c svg_parse_preserveaspectratio memory leak |