CVE List - 2022 / December
Showing 1 - 100 of 2356 CVEs for December 2022 (Page 1 of 24)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-28607 | 2022-12-01 | An issue was discovered in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to gain sensitive information via the action parameter to /system/user/modules/mod_users/controller.php. |
| CVE-2022-29837 | 2022-12-01 | Path traversal Vulnerability in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi Devices |
| CVE-2022-30528 | 2022-12-01 | SQL Injection vulnerability in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to execute arbitrary commands via the username parameter to /system/user/modules/mod_users/controller.php. |
| CVE-2022-3226 | 2022-12-01 | An OS command injection vulnerability allows admins to execute code via SSL VPN configuration uploads in Sophos Firewall releases older than version 19.5 GA. |
| CVE-2022-35120 | 2022-12-01 | IXPdata EasyInstall 6.6.14725 contains an access control issue. |
| CVE-2022-36431 | 2022-12-01 | An arbitrary file upload vulnerability in Rocket TRUfusion Enterprise before 7.9.6.1 allows unauthenticated attackers to execute arbitrary code via a crafted JSP file. Issue fixed in version 7.9.6.1. |
| CVE-2022-3696 | 2022-12-01 | A post-auth code injection vulnerability allows admins to execute code in Webadmin of Sophos Firewall releases older than version 19.5 GA. |
| CVE-2022-37016 | 2022-12-01 | Symantec Endpoint Protection (Windows) agent may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to... |
| CVE-2022-37017 | 2022-12-01 | Symantec Endpoint Protection (Windows) agent, prior to 14.3 RU6/14.3 RU5 Patch 1, may be susceptible to a Security Control Bypass vulnerability, which is a type of issue that can potentially... |
| CVE-2022-3709 | 2022-12-01 | A stored XSS vulnerability allows admin to super-admin privilege escalation in the Webadmin import group wizard of Sophos Firewall releases older than version 19.5 GA. |
| CVE-2022-3710 | 2022-12-01 | A post-auth read-only SQL injection vulnerability allows API clients to read non-sensitive configuration database contents in the API controller of Sophos Firewall releases older than version 19.5 GA. |
| CVE-2022-3711 | 2022-12-01 | A post-auth read-only SQL injection vulnerability allows users to read non-sensitive configuration database contents in the User Portal of Sophos Firewall releases older than version 19.5 GA. |
| CVE-2022-3713 | 2022-12-01 | A code injection vulnerability allows adjacent attackers to execute code in the Wifi controller of Sophos Firewall releases older than version 19.5 GA. |
| CVE-2022-40489 | 2022-12-01 | ThinkCMF version 6.0.7 is affected by a Cross Site Request Forgery (CSRF) vulnerability that allows a Super Administrator user to be injected into administrative users. |
| CVE-2022-40849 | 2022-12-01 | ThinkCMF version 6.0.7 is affected by Stored Cross-Site Scripting (XSS). An attacker who successfully exploited this vulnerability could inject a Persistent XSS payload in the Slideshow Management section that execute... |
| CVE-2022-4246 | 2022-12-01 | Kakao PotPlayer MID File denial of service |
| CVE-2022-4247 | 2022-12-01 | Movie Ticket Booking System booking.php sql injection |
| CVE-2022-4248 | 2022-12-01 | Movie Ticket Booking System editBooking.php sql injection |
| CVE-2022-4249 | 2022-12-01 | Movie Ticket Booking System POST Request cross site scripting |
| CVE-2022-4250 | 2022-12-01 | Movie Ticket Booking System booking.php cross site scripting |
| CVE-2022-4251 | 2022-12-01 | Movie Ticket Booking System editBooking.php cross site scripting |
| CVE-2022-4252 | 2022-12-01 | SourceCodester Canteen Management System categories.php builtin_echo cross site scripting |
| CVE-2022-4253 | 2022-12-01 | SourceCodester Canteen Management System customer.php builtin_echo cross site scripting |
| CVE-2022-4257 | 2022-12-01 | C-DATA Web Management System GET Parameter jumpto.php argument injection |
| CVE-2022-42718 | 2022-12-01 | Incorrect default permissions in the installation folder for NI LabVIEW Command Line Interface (CLI) may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2022-43333 | 2022-12-01 | Telenia Software s.r.l TVox before v22.0.17 was discovered to contain a remote code execution (RCE) vulnerability in the component action_export_control.php. |
| CVE-2022-44211 | 2022-12-01 | In GL.iNet Goodcloud 1.1 Incorrect access control allows a remote attacker to access/change devices' settings. |
| CVE-2022-44212 | 2022-12-01 | In GL.iNet Goodcloud 1.0, insecure design allows remote attacker to access devices' admin panel. |
| CVE-2022-44262 | 2022-12-01 | ff4j 1.8.1 is vulnerable to Remote Code Execution (RCE). |
| CVE-2022-45045 | 2022-12-01 | Multiple Xiongmai NVR devices, including MBD6304T V4.02.R11.00000117.10001.131900.00000 and NBD6808T-PL V4.02.R11.C7431119.12001.130000.00000, allow authenticated users to execute arbitrary commands as root, as exploited in the wild starting in approximately 2019. A remote... |
| CVE-2022-45640 | 2022-12-01 | Tenda Tenda AC6V1.0 V15.03.05.19 is affected by buffer overflow. Causes a denial of service (local). |
| CVE-2022-45050 | 2022-12-01 | Reflected XSS in Axiell Iguana CMS |
| CVE-2022-4221 | 2022-12-01 | OS command injection in ASUS M25 NAS |
| CVE-2022-3270 | 2022-12-01 | Incomplete Documentation of remote functions in FESTO products. |
| CVE-2022-1471 | 2022-12-01 | Remote Code execution in SnakeYAML |
| CVE-2022-45797 | 2022-12-01 | An arbitrary file deletion vulnerability in the Damage Cleanup Engine component of Trend Micro Apex One and Trend Micro Apex One as a Service could allow a local attacker to... |
| CVE-2021-38997 | 2022-12-01 | IBM API Connect HOST header injection |
| CVE-2022-2969 | 2022-12-01 | ICSA-22-307-03 Delta Industrial Automation DIALink Path traversal |
| CVE-2022-41296 | 2022-12-01 | IBM Db2U cross-site respect forgery |
| CVE-2022-41297 | 2022-12-01 | IBM Db2U cross-site request forgery |
| CVE-2022-43900 | 2022-12-01 | IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps security bypass |
| CVE-2022-43901 | 2022-12-01 | IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps information disclosure |
| CVE-2022-41968 | 2022-12-01 | Nextcloud Server's calendar name length not validated before writing to database |
| CVE-2022-41969 | 2022-12-01 | Nextcloud Server has no password length limit when creating a user as an administrator |
| CVE-2022-41970 | 2022-12-01 | Nextcloud Server's disabled download shares still allow download through preview images |
| CVE-2022-41971 | 2022-12-01 | Nextcloud Talk guests can continue to receive video streams from call after being removed from a conversation |
| CVE-2022-46366 | 2022-12-02 | Apache Tapestry prior to version 4 (EOL) allows RCE though deserialization of untrusted input |
| CVE-2022-3520 | 2022-12-02 | Heap-based Buffer Overflow in vim/vim |
| CVE-2022-3591 | 2022-12-02 | Use After Free in vim/vim |
| CVE-2022-4262 | 2022-12-02 | Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2022-4271 | 2022-12-02 | Cross-site Scripting (XSS) - Reflected in osticket/osticket |
| CVE-2022-43272 | 2022-12-02 | DCMTK v3.6.7 was discovered to contain a memory leak via the T_ASC_Association object. |
| CVE-2022-43325 | 2022-12-02 | An unauthenticated command injection vulnerability in the product license validation function of Telos Alliance Omnia MPX Node 1.3.* - 1.4.* allows attackers to execute arbitrary commands via a crafted payload... |
| CVE-2022-44277 | 2022-12-02 | Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/classes/Master.php?f=delete_product. |
| CVE-2022-44290 | 2022-12-02 | webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in deleteapprovalstages.php. |
| CVE-2022-44291 | 2022-12-02 | webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in phasesets.php. |
| CVE-2022-44345 | 2022-12-02 | Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=quotes/view_quote&id=. |
| CVE-2022-44347 | 2022-12-02 | Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=inquiries/view_inquiry&id=. |
| CVE-2022-44348 | 2022-12-02 | Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/orders/update_status.php?id=. |
| CVE-2022-44362 | 2022-12-02 | Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/AddSysLogRule. |
| CVE-2022-44363 | 2022-12-02 | Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/setSnmpInfo. |
| CVE-2022-44365 | 2022-12-02 | Tenda i21 V1.0.0.14(4656) has a stack overflow vulnerability via /goform/setSysPwd. |
| CVE-2022-44366 | 2022-12-02 | Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/setDiagnoseInfo. |
| CVE-2022-44367 | 2022-12-02 | Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/setUplinkInfo. |
| CVE-2022-44928 | 2022-12-02 | D-Link DVG-G5402SP GE_1.03 was discovered to contain a command injection vulnerability via the Maintenance function. |
| CVE-2022-44929 | 2022-12-02 | An access control issue in D-Link DVG-G5402SP GE_1.03 allows unauthenticated attackers to escalate privileges via arbitrarily editing VoIP SIB profiles. |
| CVE-2022-44930 | 2022-12-02 | D-Link DHP-W310AV 3.10EU was discovered to contain a command injection vulnerability via the System Checks function. |
| CVE-2022-44944 | 2022-12-02 | Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Announcement function at /index.php?module=help_pages/pages&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML... |
| CVE-2022-44945 | 2022-12-02 | Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the heading_field_id parameter. |
| CVE-2022-44946 | 2022-12-02 | Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Page function at /index.php?module=help_pages/pages&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML... |
| CVE-2022-44947 | 2022-12-02 | Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Highlight Row feature at /index.php?module=entities/listing_types&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML... |
| CVE-2022-44948 | 2022-12-02 | Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Entities Group feature at/index.php?module=entities/entities_groups. This vulnerability allows attackers to execute arbitrary web scripts or HTML via... |
| CVE-2022-44949 | 2022-12-02 | Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Field function at /index.php?module=entities/fields&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or... |
| CVE-2022-44950 | 2022-12-02 | Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Field function at /index.php?module=entities/fields&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or... |
| CVE-2022-44951 | 2022-12-02 | Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Form tab function at /index.php?module=entities/forms&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts... |
| CVE-2022-44952 | 2022-12-02 | Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in /index.php?module=configuration/application. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected... |
| CVE-2022-44953 | 2022-12-02 | webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /linkedcontent/listfiles.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload... |
| CVE-2022-44954 | 2022-12-02 | webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /contacts/listcontacts.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload... |
| CVE-2022-44955 | 2022-12-02 | webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the Chat function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload... |
| CVE-2022-44956 | 2022-12-02 | webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /projects/listprojects.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload... |
| CVE-2022-44957 | 2022-12-02 | webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /clients/listclients.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload... |
| CVE-2022-44959 | 2022-12-02 | webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /meetings/listmeetings.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload... |
| CVE-2022-44960 | 2022-12-02 | webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /general/search.php?searchtype=simple. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload... |
| CVE-2022-44961 | 2022-12-02 | webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /forums/editforum.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload... |
| CVE-2022-44962 | 2022-12-02 | webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /calendar/viewcalendar.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload... |
| CVE-2022-45215 | 2022-12-02 | A cross-site scripting (XSS) vulnerability in Book Store Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under... |
| CVE-2022-45480 | 2022-12-02 | PC Keyboard WiFi & Bluetooth allows an attacker (in a man-in-the-middle position between the server and a connected device) to see all data (including keypresses) in cleartext. CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
| CVE-2022-45482 | 2022-12-02 | Lazy Mouse server enforces weak password requirements and doesn't implement rate limiting, allowing remote unauthenticated users to easily and quickly brute force the PIN and execute arbitrary commands. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| CVE-2022-45483 | 2022-12-02 | Lazy Mouse allows an attacker (in a man in the middle position between the server and a connected device) to see all data (including keypresses) in cleartext. CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
| CVE-2022-45562 | 2022-12-02 | Insecure permissions in Telos Alliance Omnia MPX Node v1.0.0 to v1.4.9 allow attackers to manipulate and access system settings with backdoor account low privilege, this can lead to change hardware... |
| CVE-2022-45641 | 2022-12-02 | Tenda AC6V1.0 V15.03.05.19 is vulnerable to Buffer Overflow via formSetMacFilterCfg. |
| CVE-2022-45643 | 2022-12-02 | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the deviceId parameter in the addWifiMacFilter function. |
| CVE-2022-45644 | 2022-12-02 | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the deviceId parameter in the formSetClientState function. |
| CVE-2022-45645 | 2022-12-02 | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the deviceMac parameter in the addWifiMacFilter function. |
| CVE-2022-45646 | 2022-12-02 | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the limitSpeedUp parameter in the formSetClientState function. |
| CVE-2022-45647 | 2022-12-02 | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the limitSpeed parameter in the formSetClientState function. |
| CVE-2022-45648 | 2022-12-02 | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the devName parameter in the formSetDeviceName function. |
| CVE-2022-45649 | 2022-12-02 | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the endIp parameter in the formSetPPTPServer function. |
| CVE-2022-45650 | 2022-12-02 | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the firewallEn parameter in the formSetFirewallCfg function. |
| CVE-2022-45651 | 2022-12-02 | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the list parameter in the formSetVirtualSer function. |