CVE List - 2022 / December
Showing 1201 - 1300 of 2356 CVEs for December 2022 (Page 13 of 24)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-20607 | 2022-12-16 | In the Pixel cellular firmware, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with LTE authentication needed.... |
| CVE-2022-20608 | 2022-12-16 | In Pixel cellular firmware, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges... |
| CVE-2022-20609 | 2022-12-16 | In Pixel cellular firmware, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges... |
| CVE-2022-20610 | 2022-12-16 | In cellular modem firmware, there is a possible out of bounds read due to a missing bounds check. This could lead to remote code execution with LTE authentication needed. User... |
| CVE-2022-25626 | 2022-12-16 | An unauthenticated user can access Identity Manager’s management console specific page URLs. However, the system doesn’t allow the user to carry out server side tasks without a valid web session. |
| CVE-2022-25627 | 2022-12-16 | An authenticated administrator who has physical access to the environment can carry out Remote Command Execution on Management Console in Symantec Identity Manager 14.4 |
| CVE-2022-25628 | 2022-12-16 | An authenticated user can perform XML eXternal Entity injection in Management Console in Symantec Identity Manager 14.4 |
| CVE-2022-3109 | 2022-12-16 | An issue was discovered in the FFmpeg package, where vp3_decode_frame in libavcodec/vp3.c lacks check of the return value of av_malloc() and will cause a null pointer dereference, impacting availability. |
| CVE-2022-31707 | 2022-12-16 | vRealize Operations (vROps) contains a privilege escalation vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of... |
| CVE-2022-31708 | 2022-12-16 | vRealize Operations (vROps) contains a broken access control vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score... |
| CVE-2022-36223 | 2022-12-16 | In Emby Server 4.6.7.0, the playlist name field is vulnerable to XSS stored where it is possible to steal the administrator access token and flip or steal the media server... |
| CVE-2022-37832 | 2022-12-16 | Mutiny 7.2.0-10788 suffers from Hardcoded root password. |
| CVE-2022-38756 | 2022-12-16 | CVE-2022-38756 vulnerability in GW Web prior to 18.4.2 |
| CVE-2022-4130 | 2022-12-16 | A blind site-to-site request forgery vulnerability was found in Satellite server. It is possible to trigger an external interaction to an attacker's server by modifying the Referer header in an... |
| CVE-2022-42501 | 2022-12-16 | In HexString2Value of util.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges... |
| CVE-2022-42502 | 2022-12-16 | In FacilityLock::Parse of simdata.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges... |
| CVE-2022-42503 | 2022-12-16 | In ProtocolMiscBuilder::BuildSetLinkCapaReportCriteria of protocolmiscbuilder.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges... |
| CVE-2022-42504 | 2022-12-16 | In CallDialReqData::encodeCallNumber of callreqdata.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges... |
| CVE-2022-42505 | 2022-12-16 | In ProtocolMiscBuilder::BuildSetSignalReportCriteria of protocolmiscbuilder.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges... |
| CVE-2022-42506 | 2022-12-16 | In SimUpdatePbEntry::encode of simdata.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges... |
| CVE-2022-42507 | 2022-12-16 | In ProtocolSimBuilder::BuildSimUpdatePb3gEntry of protocolsimbuilder.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges... |
| CVE-2022-42508 | 2022-12-16 | In ProtocolCallBuilder::BuildSendUssd of protocolcallbuilder.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges... |
| CVE-2022-42509 | 2022-12-16 | In CallDialReqData::encode of callreqdata.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges... |
| CVE-2022-42510 | 2022-12-16 | In StringsRequestData::encode of requestdata.cpp, there is a possible out of bounds read due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed.... |
| CVE-2022-42511 | 2022-12-16 | In EmbmsSessionData::encode of embmsdata.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges... |
| CVE-2022-42512 | 2022-12-16 | In VsimOperationDataExt::encode of vsimdata.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed.... |
| CVE-2022-42513 | 2022-12-16 | In ProtocolEmbmsBuilder::BuildSetSession of protocolembmsbuilder.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges... |
| CVE-2022-42514 | 2022-12-16 | In ProtocolImsBuilder::BuildSetConfig of protocolimsbuilder.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed.... |
| CVE-2022-42515 | 2022-12-16 | In MiscService::DoOemSetRtpPktlossThreshold of miscservice.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed.... |
| CVE-2022-42516 | 2022-12-16 | In ProtocolSimBuilderLegacy::BuildSimGetGbaAuth of protocolsimbuilderlegacy.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed.... |
| CVE-2022-42517 | 2022-12-16 | In MiscService::DoOemSetTcsFci of miscservice.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed.... |
| CVE-2022-42518 | 2022-12-16 | In BroadcastSmsConfigsRequestData::encode of smsdata.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges... |
| CVE-2022-42519 | 2022-12-16 | In CdmaBroadcastSmsConfigsRequestData::encode of cdmasmsdata.cpp, there is a possible stack clash leading to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is... |
| CVE-2022-42520 | 2022-12-16 | In ServiceInterface::HandleRequest of serviceinterface.cpp, there is a possible use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for... |
| CVE-2022-42521 | 2022-12-16 | In encode of wlandata.cpp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed.... |
| CVE-2022-42522 | 2022-12-16 | In DoSetCarrierConfig of miscservice.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed.... |
| CVE-2022-42523 | 2022-12-16 | In fillSetupDataCallInfo_V1_6 of ril_service_1_6.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges... |
| CVE-2022-42524 | 2022-12-16 | In sms_GetTpUdlIe of sms_PduCodec.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges... |
| CVE-2022-42525 | 2022-12-16 | In fillSetupDataCallInfo_V1_6 of ril_service_1_6.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges... |
| CVE-2022-42526 | 2022-12-16 | In ConvertUtf8ToUcs2 of radio_hal_utils.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges... |
| CVE-2022-42527 | 2022-12-16 | In cd_SsParseMsg of cd_SsCodec.c, there is a possible crash due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User... |
| CVE-2022-42529 | 2022-12-16 | Product: AndroidVersions: Android kernelAndroid ID: A-235292841References: N/A |
| CVE-2022-42530 | 2022-12-16 | In Pixel firmware, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User... |
| CVE-2022-42531 | 2022-12-16 | In mmu_map_for_fw of gs_ldfw_load.c, there is a possible mitigation bypass due to Permissive Memory Allocation. This could lead to local escalation of privilege with no additional execution privileges needed. User... |
| CVE-2022-42532 | 2022-12-16 | In Pixel firmware, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User... |
| CVE-2022-42534 | 2022-12-16 | In trusty_ffa_mem_reclaim of shared-mem-smcall.c, there is a possible privilege escalation due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User... |
| CVE-2022-42535 | 2022-12-16 | In a query in MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection. This could lead to local information disclosure with User execution privileges needed. User... |
| CVE-2022-42542 | 2022-12-16 | In phNxpNciHal_core_initialized of phNxpNciHal.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges... |
| CVE-2022-42543 | 2022-12-16 | In fdt_path_offset_namelen of fdt_ro.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed.... |
| CVE-2022-42544 | 2022-12-16 | In getView of AddAppNetworksFragment.java, there is a possible way to mislead the user about network add requests due to improper input validation. This could lead to local escalation of privilege... |
| CVE-2022-4556 | 2022-12-16 | Alinto SOGo Identity SOGoUserDefaults.m _migrateMailIdentities cross site scripting |
| CVE-2022-4558 | 2022-12-16 | Alinto SOGo Folder/Mail NSString+Utilities.m cross site scripting |
| CVE-2022-4559 | 2022-12-16 | INEX IPX-Manager list.foil.php cross site scripting |
| CVE-2022-4560 | 2022-12-16 | Joget wflow-core UniversalTheme.java getInternalJsCssLib cross site scripting |
| CVE-2022-4561 | 2022-12-16 | SemanticDrilldown Extension GET Parameter SDBrowseDataPage.php printFilterLine cross site scripting |
| CVE-2022-4563 | 2022-12-16 | Freedom of the Press SecureDrop gpg-agent.conf symlink |
| CVE-2022-4564 | 2022-12-16 | University of Central Florida Materia API Controller api.php before cross-site request forgery |
| CVE-2022-4566 | 2022-12-16 | y_project RuoYi GenController sql injection |
| CVE-2022-45796 | 2022-12-16 | SHARP Multifunction Printer - Command Injection |
| CVE-2022-46109 | 2022-12-16 | Tenda AC15 V15.03.06.23 is vulnerable to Buffer Overflow via function formSetClientState. |
| CVE-2022-46135 | 2022-12-16 | In AeroCms v0.0.1, there is an arbitrary file upload vulnerability at /admin/posts.php?source=edit_post , through which we can upload webshell and control the web server. |
| CVE-2022-46137 | 2022-12-16 | AeroCMS v0.0.1 is vulnerable to Directory Traversal. The impact is: obtain sensitive information (remote). The component is: AeroCMS v0.0.1. |
| CVE-2022-47208 | 2022-12-16 | The “puhttpsniff” service, which runs by default, is susceptible to command injection due to improperly sanitized user input. An unauthenticated attacker on the same network segment as the router can... |
| CVE-2022-47209 | 2022-12-16 | A support user exists on the device and appears to be a backdoor for Technical Support staff. The default password for this account is “support” and cannot be changed by... |
| CVE-2022-47210 | 2022-12-16 | The default console presented to users over telnet (when enabled) is restricted to a subset of commands. Commands issued at this console, however, appear to be fed directly into a... |
| CVE-2022-47377 | 2022-12-16 | Password recovery vulnerability in SICK SIM2000ST Partnumber 2086502 with firmware version <1.13.4 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password... |
| CVE-2022-41961 | 2022-12-16 | BigBlueButton subject to Ineffective user bans |
| CVE-2022-41962 | 2022-12-16 | BigBlueButton contains Incorrect Authorization for setting emoji status |
| CVE-2021-28655 | 2022-12-16 | Apache Zeppelin: Arbitrary file deletion vulnerability |
| CVE-2022-46870 | 2022-12-16 | Apache Zeppelin: Stored XSS in note permissions |
| CVE-2022-41963 | 2022-12-16 | BigBlueButton contains Improper Preservation of Permissions for whiteboard |
| CVE-2022-4555 | 2022-12-16 | The WP Shamsi plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the deactivate() function hooked via init() in versions up to, and including,... |
| CVE-2022-4326 | 2022-12-16 | Trellix xAgent permission bypass vulnerability |
| CVE-2022-41964 | 2022-12-16 | BigBlueButton contains Response leaks in anonymous polls |
| CVE-2022-41972 | 2022-12-16 | Contiki-NG contains NULL Pointer Dereference in BLE L2CAP module |
| CVE-2022-2966 | 2022-12-16 | Delta Electronics DOPSoft Out-of-bounds Read |
| CVE-2022-3166 | 2022-12-16 | MicroLogix 1100 & 1400 Product Web Server Application Vulnerable to Denial-Of-Service Condition Attack |
| CVE-2022-46670 | 2022-12-16 | Rockwell Automation MicroLogix 1100 & 1400 Vulnerable to Cross-Site Scripting Attack |
| CVE-2022-3157 | 2022-12-16 | Rockwell Automation GuardLogix and ControlLogix controllers Vulnerable to Denial-Of-Service Attack |
| CVE-2022-23490 | 2022-12-16 | Improper access control to polling votes |
| CVE-2022-23530 | 2022-12-16 | GuardDog vulnerable to arbitrary file write when scanning a specially-crafted remote PyPI package |
| CVE-2022-23531 | 2022-12-16 | Arbitrary file write when scanning a specially-crafted local PyPI package |
| CVE-2022-4584 | 2022-12-17 | Axiomatic Bento4 mp42aac heap-based overflow |
| CVE-2022-4588 | 2022-12-17 | Boston Sleep slice Layout cross site scripting |
| CVE-2022-4589 | 2022-12-17 | cyface Terms and Conditions Module views.py returnTo redirect |
| CVE-2021-4246 | 2022-12-17 | roxlukas LMeve Login Page sql injection |
| CVE-2022-4567 | 2022-12-17 | Improper Access Control in openemr/openemr |
| CVE-2022-4572 | 2022-12-17 | UBI Reader UBIFS File output.py ubireader_extract_files path traversal |
| CVE-2022-4581 | 2022-12-17 | 1j01 mind-map app.coffee cross site scripting |
| CVE-2022-4582 | 2022-12-17 | starter-public-edition-4 cross site scripting |
| CVE-2022-4583 | 2022-12-17 | jLEMS JUtil.java unpackJar path traversal |
| CVE-2022-4585 | 2022-12-17 | Opencaching Deutschland oc-server3 Cookie start.tpl cross site scripting |
| CVE-2022-4586 | 2022-12-17 | Opencaching Deutschland oc-server3 Cachelist cachelists.tpl cross site scripting |
| CVE-2022-4587 | 2022-12-17 | Opencaching Deutschland oc-server3 Login Page login.tpl cross site scripting |
| CVE-2022-4590 | 2022-12-17 | mschaef toto Todo List cross site scripting |
| CVE-2022-4591 | 2022-12-17 | mschaef toto Email Parameter cross site scripting |
| CVE-2022-23488 | 2022-12-17 | BigBlueButton vulnerable to Insertion of Sensitive Information Into Sent Data |
| CVE-2022-44751 | 2022-12-17 | HCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView |
| CVE-2022-44753 | 2022-12-17 | HCL Notes is susceptible to a stack based buffer overflow vulnerability in wp6sr.dll in Micro Focus KeyView |
| CVE-2022-44755 | 2022-12-17 | HCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView |