CVE List - 2022 / December
Showing 1001 - 1100 of 2356 CVEs for December 2022 (Page 11 of 24)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-39428 | 2022-12-15 | Cross Site Scripting (XSS) vulnerability in Users.php in eyoucms 1.5.4 allows remote attackers to run arbitrary code and gain escalated privilege via the filename for edit_users_head_pic. |
| CVE-2022-32833 | 2022-12-15 | An issue existed with the file paths used to store website data. The issue was resolved by improving how website data is stored. This issue is fixed in iOS 16.... |
| CVE-2022-32860 | 2022-12-15 | An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5, macOS Big Sur 11.6.8. An app may be... |
| CVE-2022-32916 | 2022-12-15 | An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in iOS 16. An app may... |
| CVE-2022-32942 | 2022-12-15 | The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2. An app may be able to execute... |
| CVE-2022-32943 | 2022-12-15 | The issue was addressed with improved bounds checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. Shake-to-undo may allow a deleted photo to be re-surfaced... |
| CVE-2022-32945 | 2022-12-15 | An access issue was addressed with additional sandbox restrictions on third-party apps. This issue is fixed in macOS Ventura 13. An app may be able to record audio with paired... |
| CVE-2022-32948 | 2022-12-15 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to execute arbitrary... |
| CVE-2022-40000 | 2022-12-15 | Cross Site Scripting (XSS) vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbitrary code via the username field of the admin log in page. |
| CVE-2022-40001 | 2022-12-15 | Cross Site Scripting (XSS) vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbitrary code via the title field of the create article page. |
| CVE-2022-40002 | 2022-12-15 | Cross Site Scripting (XSS) vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbirtary code via the callback parameter to /cms/notify. |
| CVE-2022-40004 | 2022-12-15 | Cross Site Scripting (XSS) vulnerability in Things Board 3.4.1 allows remote attackers to escalate privilege via crafted URL to the Audit Log. |
| CVE-2022-40373 | 2022-12-15 | Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.1.1 allows remote attackers to run arbitrary code via upload of crafted XML file. |
| CVE-2022-42805 | 2022-12-15 | An integer overflow was addressed with improved input validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to execute arbitrary... |
| CVE-2022-42821 | 2022-12-15 | A logic issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.2, macOS Big Sur 11.7.2, macOS Ventura 13. An app may bypass Gatekeeper checks. |
| CVE-2022-42837 | 2022-12-15 | An issue existed in the parsing of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, iOS... |
| CVE-2022-42840 | 2022-12-15 | The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2... |
| CVE-2022-42841 | 2022-12-15 | A type confusion issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2. Processing a maliciously crafted package may... |
| CVE-2022-42842 | 2022-12-15 | The issue was addressed with improved memory handling. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 16.2 and iPadOS 16.2,... |
| CVE-2022-42843 | 2022-12-15 | This issue was addressed with improved data protection. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2, watchOS 9.2. A user may be able... |
| CVE-2022-42844 | 2022-12-15 | The issue was addressed with improved memory handling. This issue is fixed in iOS 16.2 and iPadOS 16.2. An app may be able to break out of its sandbox. |
| CVE-2022-42845 | 2022-12-15 | The issue was addressed with improved memory handling. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 16.2 and iPadOS 16.2,... |
| CVE-2022-42846 | 2022-12-15 | The issue was addressed with improved memory handling. This issue is fixed in iOS 16.2 and iPadOS 16.2, iOS 15.7.2 and iPadOS 15.7.2. Parsing a maliciously crafted video file may... |
| CVE-2022-42847 | 2022-12-15 | An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.1. An app may be able to execute arbitrary code with kernel privileges. |
| CVE-2022-42848 | 2022-12-15 | A logic issue was addressed with improved checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, iOS 15.7.2 and iPadOS 15.7.2, tvOS 16.2. An app may be able... |
| CVE-2022-42849 | 2022-12-15 | An access issue existed with privileged API calls. This issue was addressed with additional restrictions. This issue is fixed in iOS 16.2 and iPadOS 16.2, tvOS 16.2, watchOS 9.2. A... |
| CVE-2022-42850 | 2022-12-15 | The issue was addressed with improved memory handling. This issue is fixed in iOS 16.2 and iPadOS 16.2. An app may be able to execute arbitrary code with kernel privileges. |
| CVE-2022-42851 | 2022-12-15 | The issue was addressed with improved memory handling. This issue is fixed in iOS 16.2 and iPadOS 16.2, tvOS 16.2. Parsing a maliciously crafted TIFF file may lead to disclosure... |
| CVE-2022-42852 | 2022-12-15 | The issue was addressed with improved memory handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2,... |
| CVE-2022-42853 | 2022-12-15 | An access issue was addressed with improved access restrictions. This issue is fixed in macOS Ventura 13.1. An app may be able to modify protected parts of the file system. |
| CVE-2022-42854 | 2022-12-15 | The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.2, macOS Ventura 13.1. An app may be able to disclose kernel memory. |
| CVE-2022-42855 | 2022-12-15 | A logic issue was addressed with improved state management. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and... |
| CVE-2022-42856 | 2022-12-15 | A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.1.2. Processing... |
| CVE-2022-42859 | 2022-12-15 | Multiple issues were addressed by removing the vulnerable code. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, watchOS 9.2. An app may be able to... |
| CVE-2022-42861 | 2022-12-15 | This issue was addressed with improved checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2. An app... |
| CVE-2022-42862 | 2022-12-15 | This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. An app may be able to bypass Privacy... |
| CVE-2022-42863 | 2022-12-15 | A memory corruption issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing... |
| CVE-2022-42864 | 2022-12-15 | A race condition was addressed with improved state handling. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 15.7.2 and iPadOS... |
| CVE-2022-42865 | 2022-12-15 | This issue was addressed by enabling hardened runtime. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2, watchOS 9.2. An app may be able... |
| CVE-2022-42866 | 2022-12-15 | The issue was addressed with improved handling of caches. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2, watchOS 9.2. An app may be... |
| CVE-2022-42867 | 2022-12-15 | A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2.... |
| CVE-2022-44235 | 2022-12-15 | Beijing Zed-3 Technologies Co.,Ltd VoIP simpliclty ASG 8.5.0.17807 (20181130-16:12) is vulnerable to Cross Site Scripting (XSS). |
| CVE-2022-44236 | 2022-12-15 | Beijing Zed-3 Technologies Co.,Ltd VoIP simpliclty ASG 8.5.0.17807 (20181130-16:12) has a Weak password vulnerability. |
| CVE-2022-4502 | 2022-12-15 | Cross-site Scripting (XSS) - Reflected in openemr/openemr |
| CVE-2022-4503 | 2022-12-15 | Cross-site Scripting (XSS) - Generic in openemr/openemr |
| CVE-2022-45033 | 2022-12-15 | A cross-site scripting (XSS) vulnerability in Expense Tracker 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Chat text field. |
| CVE-2022-4504 | 2022-12-15 | Improper Input Validation in openemr/openemr |
| CVE-2022-4505 | 2022-12-15 | Authorization Bypass Through User-Controlled Key in openemr/openemr |
| CVE-2022-4506 | 2022-12-15 | Unrestricted Upload of File with Dangerous Type in openemr/openemr |
| CVE-2022-4511 | 2022-12-15 | RainyGao DocSys path traversal |
| CVE-2022-4513 | 2022-12-15 | European Environment Agency eionet.contreg cross site scripting |
| CVE-2022-4514 | 2022-12-15 | Opencaching Deutschland oc-server3 varset.inc.php cross site scripting |
| CVE-2022-4520 | 2022-12-15 | WSO2 carbon-registry Advanced Search advancedSearchForm-ajaxprocessor.jsp cross site scripting |
| CVE-2022-4522 | 2022-12-15 | CalendarXP cross site scripting |
| CVE-2022-4526 | 2022-12-15 | django-photologue Default Template photo_detail.html cross site scripting |
| CVE-2022-45338 | 2022-12-15 | An arbitrary file upload vulnerability in the profile picture upload function of Exact Synergy Enterprise 267 before 267SP13 and Exact Synergy Enterprise 500 before 500SP6 allows attackers to execute arbitrary... |
| CVE-2022-45969 | 2022-12-15 | Alist v3.4.0 is vulnerable to Directory Traversal, |
| CVE-2022-46392 | 2022-12-15 | An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. An adversary with access to precise enough information about memory accesses (typically, an untrusted operating system attacking... |
| CVE-2022-46393 | 2022-12-15 | An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. There is a potential heap-based buffer overflow and heap-based buffer over-read in DTLS if MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled... |
| CVE-2022-46631 | 2022-12-15 | TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wscDisabled parameter in the setting/setWiFiSignalCfg function. |
| CVE-2022-46634 | 2022-12-15 | TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wscDisabled parameter in the setting/setWiFiWpsCfg function. |
| CVE-2022-46689 | 2022-12-15 | A race condition was addressed with additional validation. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 15.7.2 and iPadOS 15.7.2,... |
| CVE-2022-46690 | 2022-12-15 | An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2, watchOS 9.2. An app may... |
| CVE-2022-46691 | 2022-12-15 | A memory consumption issue was addressed with improved memory handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and... |
| CVE-2022-46692 | 2022-12-15 | A logic issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud for Windows 14.1, iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1,... |
| CVE-2022-46693 | 2022-12-15 | An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in tvOS 16.2, iCloud for Windows 14.1, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS... |
| CVE-2022-46694 | 2022-12-15 | An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, iOS 15.7.2 and iPadOS 15.7.2, tvOS 16.2, watchOS 9.2. Parsing... |
| CVE-2022-46695 | 2022-12-15 | A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and... |
| CVE-2022-46696 | 2022-12-15 | A memory corruption issue was addressed with improved input validation. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing... |
| CVE-2022-46697 | 2022-12-15 | An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.1. An app may be able to execute arbitrary code with kernel privileges. |
| CVE-2022-46698 | 2022-12-15 | A logic issue was addressed with improved checks. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud for Windows 14.1, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS... |
| CVE-2022-46699 | 2022-12-15 | A memory corruption issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing... |
| CVE-2022-46700 | 2022-12-15 | A memory corruption issue was addressed with improved input validation. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and... |
| CVE-2022-46701 | 2022-12-15 | The issue was addressed with improved bounds checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2. Connecting to a malicious NFS server may... |
| CVE-2022-46702 | 2022-12-15 | The issue was addressed with improved memory handling. This issue is fixed in iOS 16.2 and iPadOS 16.2. An app may be able to disclose kernel memory. |
| CVE-2022-23507 | 2022-12-15 | Light client verification not taking into account chain ID |
| CVE-2022-23524 | 2022-12-15 | Helm vulnerable to Denial of service through string value parsing |
| CVE-2022-23525 | 2022-12-15 | Helm vulnerable to Denial of service via NULL Pointer Dereference |
| CVE-2022-23526 | 2022-12-15 | Helm contains Denial of service through schema file |
| CVE-2022-23474 | 2022-12-15 | editor.js contains Code Injection |
| CVE-2022-41561 | 2022-12-15 | TIBCO JasperReports Server RCE Vulnerability |
| CVE-2022-41562 | 2022-12-15 | TIBCO JasperReports Server XSS Issue on Roles |
| CVE-2022-41563 | 2022-12-15 | TIBCO JasperReports Server Stored XSS Vulnerability |
| CVE-2022-24377 | 2022-12-15 | Command Injection |
| CVE-2022-2536 | 2022-12-15 | The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.8.1. This is due to insufficient validation of... |
| CVE-2022-3427 | 2022-12-15 | The Corner Ad plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.56. This is due to missing or incorrect nonce validation on its... |
| CVE-2022-32531 | 2022-12-15 | Apache BookKeeper: Java Client Uses Connection to Host that Failed Hostname Verification |
| CVE-2022-44588 | 2022-12-15 | WordPress Cryptocurrency Widgets Pack Plugin <=1.8.1 is vulnerable to SQL Injection |
| CVE-2021-4226 | 2022-12-15 | RSFirewall < 1.1.25 - IP Block Bypass |
| CVE-2022-4519 | 2022-12-15 | The WP User plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters in versions up to, and including, 7.0 due to insufficient input sanitization and output... |
| CVE-2022-38662 | 2022-12-15 | HCL Digital Experience is susceptible to open redirects |
| CVE-2022-38653 | 2022-12-15 | HCL Digital Experience is susceptible to cross-site scripting (XSS) |
| CVE-2022-41960 | 2022-12-15 | BigBlueButton contains DoS via failed authToken validation |
| CVE-2022-26579 | 2022-12-16 | PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allow a root privileged attacker to install unsigned packages. The attacker must have shell access to the device and gain root privileges in order... |
| CVE-2022-26580 | 2022-12-16 | PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allow the execution of specific command injections on selected binaries in the ADB daemon shell service. The attacker must have physical USB access to... |
| CVE-2022-26581 | 2022-12-16 | PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allow an unauthorized attacker to perform privileged actions through the execution of specific binaries listed in ADB daemon. The attacker must have physical USB... |
| CVE-2022-26582 | 2022-12-16 | PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allow an attacker to gain root access through command injection in systool client. The attacker must have shell access to the device in order... |
| CVE-2022-38106 | 2022-12-16 | Cross-Site Scripting Vulnerability in Serv-U Web Client |
| CVE-2022-4565 | 2022-12-16 | Dromara HuTool cn.hutool.core.util.ZipUtil.java resource consumption |
| CVE-2021-31650 | 2022-12-16 | A SQL injection vulnerability in Sourcecodester Online Grading System 1.0 allows remote attackers to execute arbitrary SQL commands via the uname parameter. |