CVE List - 2022 / December
Showing 1801 - 1900 of 2356 CVEs for December 2022 (Page 19 of 24)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-46873 | 2022-12-22 | Because Firefox did not implement the <code>unsafe-hashes</code> CSP directive, an attacker who was able to inject markup into a page otherwise protected by a Content Security Policy may have been... |
| CVE-2022-46874 | 2022-12-22 | A file with a long filename could have had its filename truncated to remove the valid extension, leaving a malicious extension in its place. This could potentially led to user... |
| CVE-2022-46875 | 2022-12-22 | The executable file warning was not presented when downloading .atloc and .ftploc files, which can run commands on a user's computer. <br>*Note: This issue only affected Mac OS operating systems.... |
| CVE-2022-46877 | 2022-12-22 | By confusing the browser, the fullscreen notification could have been delayed or suppressed, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox < 108. |
| CVE-2022-46878 | 2022-12-22 | Mozilla developers Randell Jesup, Valentin Gosu, Olli Pettay, and the Mozilla Fuzzing Team reported memory safety bugs present in Thunderbird 102.5. Some of these bugs showed evidence of memory corruption... |
| CVE-2022-46879 | 2022-12-22 | Mozilla developers and community members Lukas Bernhard, Gabriele Svelto, Randell Jesup, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 107. Some of these bugs showed evidence... |
| CVE-2022-46880 | 2022-12-22 | A missing check related to tex units could have led to a use-after-free and potentially exploitable crash.<br />*Note*: This advisory was added on December 13th, 2022 after we better understood... |
| CVE-2022-46881 | 2022-12-22 | An optimization in WebGL was incorrect in some cases, and could have led to memory corruption and a potentially exploitable crash. *Note*: This advisory was added on December 13th, 2022... |
| CVE-2022-46882 | 2022-12-22 | A use-after-free in WebGL extensions could have led to a potentially exploitable crash. This vulnerability affects Firefox < 107, Firefox ESR < 102.6, and Thunderbird < 102.6. |
| CVE-2022-46883 | 2022-12-22 | Mozilla developers Gabriele Svelto, Yulia Startsev, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 106. Some of these bugs showed evidence of memory corruption... |
| CVE-2022-46885 | 2022-12-22 | Mozilla developers Timothy Nikkel, Ashley Hale, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 105. Some of these bugs showed evidence of memory corruption and we... |
| CVE-2022-47926 | 2022-12-22 | AyaCMS 3.1.2 is vulnerable to file deletion via /aya/module/admin/fst_del.inc.php |
| CVE-2022-47931 | 2022-12-22 | IO FinNet tss-lib before 2.0.0 allows a collision of hash values. |
| CVE-2022-47895 | 2022-12-22 | In JetBrains IntelliJ IDEA before 2022.3.1 the "Validate JSP File" action used the HTTP protocol to download required JAR files. |
| CVE-2022-47896 | 2022-12-22 | In JetBrains IntelliJ IDEA before 2022.3.1 code Templates were vulnerable to SSTI attacks. |
| CVE-2022-45347 | 2022-12-22 | Apache ShardingSphere-Proxy: MySQL authentication bypass |
| CVE-2022-23541 | 2022-12-22 | jsonwebtoken's insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC |
| CVE-2022-23540 | 2022-12-22 | jsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify() |
| CVE-2022-23556 | 2022-12-22 | CodeIgniter is vulnerable to IP address spoofing when using proxy |
| CVE-2022-38658 | 2022-12-22 | HCL BigFix Server Automation (SA) is affected by a security vulnerability around Notification Service |
| CVE-2022-46170 | 2022-12-22 | CodeIgniter is vulnerable to improper authentication via Session Handlers |
| CVE-2022-35646 | 2022-12-22 | IBM Security Verify Governance, Identity Manager security bypass |
| CVE-2022-22461 | 2022-12-22 | IBM Security Verify Governance, Identity Manager information disclosure |
| CVE-2022-43857 | 2022-12-22 | IBM Navigator for i information disclosure |
| CVE-2022-3805 | 2022-12-22 | The Jeg Elementor Kit plugin for WordPress is vulnerable to authorization bypass in various functions used to update the plugin settings in versions up to, and including, 2.5.6. Unauthenticated users... |
| CVE-2022-3794 | 2022-12-22 | The Jeg Elementor Kit plugin for WordPress is vulnerable to authorization bypass in various AJAX actions in versions up to, and including, 2.5.6. Authenticated users can use an easily available... |
| CVE-2022-43858 | 2022-12-22 | IBM Navigator for i information disclosure |
| CVE-2022-43859 | 2022-12-22 | IBM Navigator for i SQL injection |
| CVE-2022-43860 | 2022-12-22 | IBM Navigator for i SQL injection |
| CVE-2022-22456 | 2022-12-22 | IBM Security Verify Governance, Identity Manager cross-site scripting |
| CVE-2022-22458 | 2022-12-22 | IBM Security Verify Governance, Identity Manager information disclosure |
| CVE-2022-22457 | 2022-12-22 | IBM Security Verify Governance, Identity Manager information disclosure |
| CVE-2022-45798 | 2022-12-22 | A link following vulnerability in the Damage Cleanup Engine component of Trend Micro Apex One and Trend Micro Apex One as a Service could allow a local attacker to escalate... |
| CVE-2022-22449 | 2022-12-22 | IBM Security Verify Governance, Identity Manager information disclosure |
| CVE-2022-23513 | 2022-12-22 | Pi-Hole/AdminLTE vulnerable due to improper access control in queryads endpoint |
| CVE-2022-23539 | 2022-12-22 | jsonwebtoken unrestricted key type could lead to legacy keys usage |
| CVE-2021-32692 | 2022-12-23 | Activity Watch vulnerable to command execution on macOS via printAppTitle.scpt |
| CVE-2022-28228 | 2022-12-23 | Out-of-bounds read was discovered in YDB server. An attacker could construct a query with insert statement that would allow him to read sensitive information from other memory locations or cause... |
| CVE-2022-28229 | 2022-12-23 | The hash functionality in userver before 42059b6319661583b3080cab9b595d4f8ac48128 allows attackers to cause a denial of service via crafted HTTP request, involving collisions. |
| CVE-2022-38757 | 2022-12-23 | CVE-2022-38757 ZENworks |
| CVE-2022-40011 | 2022-12-23 | Cross Site Scripting (XSS) vulnerability in typora through 1.38 allows remote attackers to run arbitrary code via export from editor. |
| CVE-2022-43551 | 2022-12-23 | A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS... |
| CVE-2022-44565 | 2022-12-23 | An improper access validation vulnerability exists in airMAX AC <8.7.11, airFiber 60/LR <2.6.2, airFiber 60 XG/HD <v1.0.0 and airFiber GBE <1.4.1 that allows a malicious actor to retrieve status and... |
| CVE-2022-44567 | 2022-12-23 | A command injection vulnerability exists in Rocket.Chat-Desktop <3.8.14 that could allow an attacker to pass a malicious url of openInternalVideoChatWindow to shell.openExternal(), which may lead to remote code execution (internalVideoChatWindow.ts#L17).... |
| CVE-2022-45706 | 2022-12-23 | IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overflow via the hostname parameter in the formSetNetCheckTools function. |
| CVE-2022-45707 | 2022-12-23 | IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overflow via the rules parameter in the formAddDnsHijack function. |
| CVE-2022-45708 | 2022-12-23 | IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overflow via the sPortMapIndex parameter in the formDelPortMapping function. |
| CVE-2022-45709 | 2022-12-23 | IP-COM M50 V15.11.0.33(10768) was discovered to contain multiple command injection vulnerabilities via the pEnable, pLevel, and pModule parameters in the formSetDebugCfg function. |
| CVE-2022-45710 | 2022-12-23 | IP-COM M50 V15.11.0.33(10768) was discovered to contain multiple buffer overflows via the pEnable, pLevel, and pModule parameters in the formSetDebugCfg function. |
| CVE-2022-45711 | 2022-12-23 | IP-COM M50 V15.11.0.33(10768) was discovered to contain a command injection vulnerability via the hostname parameter in the formSetNetCheckTools function. |
| CVE-2022-45712 | 2022-12-23 | IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overflow via the rules parameter in the formAddDnsForward function. |
| CVE-2022-45714 | 2022-12-23 | IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overflow via the indexSet parameter in the formQOSRuleDel function. |
| CVE-2022-45715 | 2022-12-23 | IP-COM M50 V15.11.0.33(10768) was discovered to contain multiple buffer overflows via the pLanPortRange and pWanPortRange parameters in the formSetPortMapping function. |
| CVE-2022-45716 | 2022-12-23 | IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overflow via the indexSet parameter in the formIPMacBindDel function. |
| CVE-2022-45717 | 2022-12-23 | IP-COM M50 V15.11.0.33(10768) was discovered to contain a command injection vulnerability via the usbPartitionName parameter in the formSetUSBPartitionUmount function. This vulnerability is exploited via a crafted GET request. |
| CVE-2022-45718 | 2022-12-23 | IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overflow via the rules parameter in the formIPMacBindAdd function. |
| CVE-2022-45719 | 2022-12-23 | IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overflow via the gotoUrl parameter in the formPortalAuth function. |
| CVE-2022-45720 | 2022-12-23 | IP-COM M50 V15.11.0.33(10768) was discovered to contain multiple buffer overflows via the ip, mac, and remark parameters in the formIPMacBindModify function. |
| CVE-2022-45721 | 2022-12-23 | IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overflow via the picName parameter in the formDelWewifiPic function. |
| CVE-2022-46492 | 2022-12-23 | nbnbk commit 879858451d53261d10f77d4709aee2d01c72c301 was discovered to contain an arbitrary file read vulnerability via the component /api/Index/getFileBinary. |
| CVE-2022-46560 | 2022-12-23 | D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discovered to contain a stack overflow via the Password parameter in the SetWan2Settings module. |
| CVE-2022-46561 | 2022-12-23 | D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discovered to contain a stack overflow via the Password parameter in the SetWanSettings module. |
| CVE-2022-46562 | 2022-12-23 | D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discovered to contain a stack overflow via the PSK parameter in the SetQuickVPNSettings module. |
| CVE-2022-46563 | 2022-12-23 | D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discovered to contain a stack overflow via the Password parameter in the SetDynamicDNSSettings module. |
| CVE-2022-46566 | 2022-12-23 | D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discovered to contain a stack overflow via the Password parameter in the SetQuickVPNSettings module. |
| CVE-2022-46568 | 2022-12-23 | D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discovered to contain a stack overflow via the AccountPassword parameter in the SetSysEmailSettings module. |
| CVE-2022-46569 | 2022-12-23 | D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discovered to contain a stack overflow via the Key parameter in the SetWLanRadioSecurity module. |
| CVE-2022-46570 | 2022-12-23 | D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discovered to contain a stack overflow via the Password parameter in the SetWan3Settings module. |
| CVE-2022-46641 | 2022-12-23 | D-Link DIR-846 A1_FW100A43 was discovered to contain a command injection vulnerability via the lan(0)_dhcps_staticlist parameter in the SetIpMacBindSettings function. |
| CVE-2022-46642 | 2022-12-23 | D-Link DIR-846 A1_FW100A43 was discovered to contain a command injection vulnerability via the auto_upgrade_hour parameter in the SetAutoUpgradeInfo function. |
| CVE-2022-4665 | 2022-12-23 | Unrestricted Upload of File with Dangerous Type in ampache/ampache |
| CVE-2022-4683 | 2022-12-23 | Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in usememos/memos |
| CVE-2022-4684 | 2022-12-23 | Improper Access Control in usememos/memos |
| CVE-2022-4686 | 2022-12-23 | Authorization Bypass Through User-Controlled Key in usememos/memos |
| CVE-2022-4687 | 2022-12-23 | Incorrect Use of Privileged APIs in usememos/memos |
| CVE-2022-4688 | 2022-12-23 | Improper Authorization in usememos/memos |
| CVE-2022-4689 | 2022-12-23 | Improper Access Control in usememos/memos |
| CVE-2022-4690 | 2022-12-23 | Cross-site Scripting (XSS) - Stored in usememos/memos |
| CVE-2022-4691 | 2022-12-23 | Cross-site Scripting (XSS) - Stored in usememos/memos |
| CVE-2022-4692 | 2022-12-23 | Cross-site Scripting (XSS) - Stored in usememos/memos |
| CVE-2022-4694 | 2022-12-23 | Cross-site Scripting (XSS) - Stored in usememos/memos |
| CVE-2022-4695 | 2022-12-23 | Cross-site Scripting (XSS) - Stored in usememos/memos |
| CVE-2022-4719 | 2022-12-23 | Business Logic Errors in ikus060/rdiffweb |
| CVE-2022-4720 | 2022-12-23 | Open Redirect in ikus060/rdiffweb |
| CVE-2022-4721 | 2022-12-23 | Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in ikus060/rdiffweb |
| CVE-2022-4722 | 2022-12-23 | Authentication Bypass by Primary Weakness in ikus060/rdiffweb |
| CVE-2022-4723 | 2022-12-23 | Allocation of Resources Without Limits or Throttling in ikus060/rdiffweb |
| CVE-2022-4724 | 2022-12-23 | Improper Access Control in ikus060/rdiffweb |
| CVE-2022-47524 | 2022-12-23 | F-Secure SAFE Browser 19.1 before 19.2 for Android allows an IDN homograph attack. |
| CVE-2022-47633 | 2022-12-23 | An image signature validation bypass vulnerability in Kyverno 1.8.3 and 1.8.4 allows a malicious image registry (or a man-in-the-middle attacker) to inject unsigned arbitrary container images into a protected Kubernetes... |
| CVE-2022-47938 | 2022-12-23 | An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. fs/ksmbd/smb2misc.c has an out-of-bounds read and OOPS for SMB2_TREE_CONNECT. |
| CVE-2022-47939 | 2022-12-23 | An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. fs/ksmbd/smb2pdu.c has a use-after-free and OOPS for SMB2_TREE_DISCONNECT. |
| CVE-2022-47940 | 2022-12-23 | An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.18 before 5.18.18. fs/ksmbd/smb2pdu.c lacks length validation in the non-padding case in smb2_write. |
| CVE-2022-47941 | 2022-12-23 | An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. fs/ksmbd/smb2pdu.c omits a kfree call in certain smb2_handle_negotiate error conditions, aka a memory leak. |
| CVE-2022-47942 | 2022-12-23 | An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. There is a heap-based buffer overflow in set_ntacl_dacl, related to use of SMB2_QUERY_INFO_HE after a... |
| CVE-2022-47943 | 2022-12-23 | An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. There is an out-of-bounds read and OOPS for SMB2_WRITE, when there is a large length... |
| CVE-2022-47945 | 2022-12-23 | ThinkPHP Framework before 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled (lang_switch_on=true). An unauthenticated and remote attacker can exploit this to execute... |
| CVE-2022-47946 | 2022-12-23 | An issue was discovered in the Linux kernel 5.10.x before 5.10.155. A use-after-free in io_sqpoll_wait_sq in fs/io_uring.c allows an attacker to crash the kernel, resulting in denial of service. finish_wait... |
| CVE-2022-33324 | 2022-12-23 | Denial-of-Service Vulnerability in Ethernet port of MELSEC iQ-R, iQ-L Series and MELIPC Series |
| CVE-2022-46171 | 2022-12-23 | Tauri vulnerable to path traversal |