CVE List - 2022 / December
Showing 2001 - 2100 of 2356 CVEs for December 2022 (Page 21 of 24)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-4741 | 2022-12-25 | docconv XMLToText memory allocation |
| CVE-2021-4280 | 2022-12-25 | styler_praat_scripts Slash file_segmenter.praat denial of service |
| CVE-2022-30260 | 2022-12-26 | Emerson DeltaV Distributed Control System (DCS) has insufficient verification of... |
| CVE-2018-16135 | 2022-12-26 | The Opera Mini application 47.1.2249.129326 for Android allows remote attackers... |
| CVE-2019-11851 | 2022-12-26 | The ACENet service in Sierra Wireless ALEOS before 4.4.9, 4.5.x... |
| CVE-2019-13988 | 2022-12-26 | Sierra Wireless MGOS before 3.15.2 and 4.x before 4.3 allows... |
| CVE-2019-14802 | 2022-12-26 | HashiCorp Nomad 0.5.0 through 0.9.4 (fixed in 0.9.5) reveals unintended... |
| CVE-2019-18177 | 2022-12-26 | In certain Citrix products, information disclosure can be achieved by... |
| CVE-2019-19030 | 2022-12-26 | Cloud Native Computing Foundation Harbor before 1.10.3 and 2.x before... |
| CVE-2019-19705 | 2022-12-26 | Realtek Audio Drivers for Windows, as used on the Lenovo... |
| CVE-2019-9011 | 2022-12-26 | In Pilz PMC programming tool 3.x before 3.5.17 (based on... |
| CVE-2019-9579 | 2022-12-26 | An issue was discovered in Illumos in Nexenta NexentaStor 4.0.5... |
| CVE-2020-10650 | 2022-12-26 | A deserialization flaw was discovered in jackson-databind through 2.9.10.4. It... |
| CVE-2020-11101 | 2022-12-26 | Sierra Wireless AirLink Mobility Manager (AMM) before 2.17 mishandles sessions... |
| CVE-2020-12067 | 2022-12-26 | In Pilz PMC programming tool 3.x before 3.5.17 (based on... |
| CVE-2020-12069 | 2022-12-26 | CODESYS V3 prone to Inadequate Password Hashing |
| CVE-2020-24600 | 2022-12-26 | Shilpi CAPExWeb 1.1 allows SQL injection via a servlet/capexweb.cap_sendMail GET... |
| CVE-2020-28191 | 2022-12-26 | The console in Togglz before 2.9.4 allows CSRF. |
| CVE-2021-30134 | 2022-12-26 | php-mod/curl (a wrapper of the PHP cURL extension) before 2.3.2... |
| CVE-2021-35065 | 2022-12-26 | The glob-parent package before 6.0.1 for Node.js allows ReDoS (regular... |
| CVE-2021-35951 | 2022-12-26 | fastrack Reflex 2.0 W307S_REFLEX_v90.89 Activity Tracker allows an Unauthenticated Remote... |
| CVE-2021-35952 | 2022-12-26 | fastrack Reflex 2.0 W307S_REFLEX_v90.89 Activity Tracker allows a Remote attacker... |
| CVE-2021-35953 | 2022-12-26 | fastrack Reflex 2.0 W307S_REFLEX_v90.89 Activity Tracker allows a Remote attacker... |
| CVE-2021-35954 | 2022-12-26 | fastrack Reflex 2.0 W307S_REFLEX_v90.89 Activity Tracker allows physically proximate attackers... |
| CVE-2021-38561 | 2022-12-26 | golang.org/x/text/language in golang.org/x/text before 0.3.7 can panic with an out-of-bounds... |
| CVE-2021-39369 | 2022-12-26 | In Philips (formerly Carestream) Vue MyVue PACS through 12.2.x.x, the... |
| CVE-2021-43395 | 2022-12-26 | An issue was discovered in illumos before f859e7171bb5db34321e45585839c6c3200ebb90, OmniOS Community... |
| CVE-2021-44758 | 2022-12-26 | Heimdal before 7.7.1 allows attackers to cause a NULL pointer... |
| CVE-2021-44854 | 2022-12-26 | An issue was discovered in MediaWiki before 1.35.5, 1.36.x before... |
| CVE-2021-44855 | 2022-12-26 | An issue was discovered in MediaWiki before 1.35.5, 1.36.x before... |
| CVE-2021-44856 | 2022-12-26 | An issue was discovered in MediaWiki before 1.35.5, 1.36.x before... |
| CVE-2021-45466 | 2022-12-26 | In CWP (aka Control Web Panel or CentOS Web Panel)... |
| CVE-2021-45467 | 2022-12-26 | In CWP (aka Control Web Panel or CentOS Web Panel)... |
| CVE-2022-24116 | 2022-12-26 | Certain General Electric Renewable Energy products have inadequate encryption strength.... |
| CVE-2022-24117 | 2022-12-26 | Certain General Electric Renewable Energy products download firmware without an... |
| CVE-2022-24118 | 2022-12-26 | Certain General Electric Renewable Energy products allow attackers to use... |
| CVE-2022-24119 | 2022-12-26 | Certain General Electric Renewable Energy products have a hidden feature... |
| CVE-2022-24120 | 2022-12-26 | Certain General Electric Renewable Energy products store cleartext credentials in... |
| CVE-2022-26964 | 2022-12-26 | Weak password derivation for export in Devolutions Remote Desktop Manager... |
| CVE-2022-26969 | 2022-12-26 | In Directus before 9.7.0, the default settings of CORS_ORIGIN and... |
| CVE-2022-29852 | 2022-12-26 | OX App Suite through 8.2 allows XSS because BMFreehand10 and... |
| CVE-2022-29853 | 2022-12-26 | OX App Suite through 8.2 allows XSS via a certain... |
| CVE-2022-31469 | 2022-12-26 | OX App Suite through 7.10.6 allows XSS via a deep... |
| CVE-2022-36664 | 2022-12-26 | Password Manager for IIS 2.0 has a cross-site scripting (XSS)... |
| CVE-2022-37307 | 2022-12-26 | OX App Suite through 7.10.6 allows XSS via XHTML CDATA... |
| CVE-2022-37308 | 2022-12-26 | OX App Suite through 7.10.6 allows XSS via HTML in... |
| CVE-2022-37309 | 2022-12-26 | OX App Suite through 7.10.6 allows XSS via script code... |
| CVE-2022-37310 | 2022-12-26 | OX App Suite through 7.10.6 allows XSS via a malicious... |
| CVE-2022-37311 | 2022-12-26 | OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via... |
| CVE-2022-37312 | 2022-12-26 | OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via... |
| CVE-2022-37313 | 2022-12-26 | OX App Suite through 7.10.6 allows SSRF because the anti-SSRF... |
| CVE-2022-41765 | 2022-12-26 | An issue was discovered in MediaWiki before 1.35.8, 1.36.x and... |
| CVE-2022-41767 | 2022-12-26 | An issue was discovered in MediaWiki before 1.35.8, 1.36.x and... |
| CVE-2019-25085 | 2022-12-26 | GNOME gvdb gvdb-builder.c gvdb_table_write_contents_async use after free |
| CVE-2022-4742 | 2022-12-26 | json-pointer index.js set prototype pollution |
| CVE-2022-4161 | 2022-12-26 | Contest Gallery < 19.1.5 - Author+ SQL Injection |
| CVE-2022-4268 | 2022-12-26 | Plugin Logic < 1.0.8 - Admin+ SQLi |
| CVE-2022-4153 | 2022-12-26 | Contest Gallery < 19.1.5.1 - Author+ SQL Injection |
| CVE-2022-4157 | 2022-12-26 | Contest Gallery < 19.1.5 - Admin+ SQL Injection |
| CVE-2022-4155 | 2022-12-26 | Contest Gallery < 19.1.5 - Admin+ SQL Injection |
| CVE-2022-4042 | 2022-12-26 | Paytium < 4.3.7 - Admin+ Stored XSS |
| CVE-2022-4243 | 2022-12-26 | ImageInject <= 1.17 - Admin+ Stored XSS |
| CVE-2022-4197 | 2022-12-26 | Sliderby10Web < 1.2.53 - Admin+ Stored XSS |
| CVE-2022-4165 | 2022-12-26 | Contest Gallery < 19.1.5 - Author+ SQL Injection |
| CVE-2022-4158 | 2022-12-26 | Contest Gallery < 19.1.5 - Unauthenticated SQL Injection |
| CVE-2022-4150 | 2022-12-26 | Contest Gallery < 19.1.5 - Author+ SQL Injection |
| CVE-2022-4166 | 2022-12-26 | Contest Gallery < 19.1.5 - Author+ SQL Injection |
| CVE-2022-4163 | 2022-12-26 | Contest Gallery < 19.1.5 - Author+ SQL Injection |
| CVE-2022-4154 | 2022-12-26 | Contest Gallery Pro < 19.1.5 - Admin+ SQL Injection |
| CVE-2022-4267 | 2022-12-26 | Bulk Delete Users by Email <= 1.2 - Reflected Cross-Site Scripting |
| CVE-2022-4156 | 2022-12-26 | Contest Gallery < 19.1.5.1 - Unauthenticated SQL Injection |
| CVE-2022-4117 | 2022-12-26 | IWS - Geo Form Fields <= 1.0 - Unauthenticated SQLi |
| CVE-2022-3840 | 2022-12-26 | Google Apps Login < 3.4.5 - Admin+ Stored XSS |
| CVE-2022-4164 | 2022-12-26 | Contest Gallery < 19.1.5 - Author+ SQL Injection |
| CVE-2022-4162 | 2022-12-26 | Contest Gallery < 19.1.5 - Author+ SQL Injection |
| CVE-2022-4227 | 2022-12-26 | Booster for WooCommerce - Reflected Cross-Site Scripting |
| CVE-2022-4110 | 2022-12-26 | Eventify <= 2.1 - Admin+ Stored XSS |
| CVE-2022-4226 | 2022-12-26 | Simple Basic Contact Form < 20221201 - Admin+ Stored XSS |
| CVE-2022-4047 | 2022-12-26 | Return Refund and Exchange For WooCommerce < 4.0.9 - Unauthenticated Arbitrary File Upload |
| CVE-2022-4266 | 2022-12-26 | Bulk Delete Users by Email <= 1.2 - User Deletion via CSRF |
| CVE-2022-4152 | 2022-12-26 | Contest Gallery < 19.1.5 - Author+ SQL Injection |
| CVE-2022-4159 | 2022-12-26 | Contest Gallery < 19.1.5.1 - Author+ SQL Injection |
| CVE-2022-4151 | 2022-12-26 | Contest Gallery < 19.1.5 - Admin+ SQL Injection |
| CVE-2022-4160 | 2022-12-26 | Contest Gallery < 19.1.5 - Author+ SQL Injection |
| CVE-2022-3835 | 2022-12-26 | Kwayy HTML Sitemap < 4.0 - Admin+ Stored XSS |
| CVE-2022-4242 | 2022-12-26 | WP Google Review Slider < 11.6 - Admin+ Stored XSS |
| CVE-2022-4120 | 2022-12-26 | Stop Spammers Security < 2022.6 - Unauthenticated PHP Object Injection |
| CVE-2022-4239 | 2022-12-26 | Workreap < 2.6.4 - Subscriber+ Arbitrary Posts Deletion via IDOR |
| CVE-2021-24942 | 2022-12-26 | Menu Item Visibility Control <= 0.5 - Admin+ Arbitrary PHP Code Execution |
| CVE-2021-4281 | 2022-12-26 | Brave UX for-the-badge combine-prs.yml os command injection |
| CVE-2022-45423 | 2022-12-27 | Some Dahua software products have a vulnerability of unauthenticated request... |
| CVE-2022-45424 | 2022-12-27 | Some Dahua software products have a vulnerability of unauthenticated request... |
| CVE-2022-45425 | 2022-12-27 | Some Dahua software products have a vulnerability of using of... |
| CVE-2022-45426 | 2022-12-27 | Some Dahua software products have a vulnerability of unrestricted download... |
| CVE-2022-45427 | 2022-12-27 | Some Dahua software products have a vulnerability of unrestricted upload... |
| CVE-2022-45428 | 2022-12-27 | Some Dahua software products have a vulnerability of sensitive information... |
| CVE-2022-45429 | 2022-12-27 | Some Dahua software products have a vulnerability of server-side request... |
| CVE-2022-45430 | 2022-12-27 | Some Dahua software products have a vulnerability of unauthenticated enable... |
| CVE-2022-45431 | 2022-12-27 | Some Dahua software products have a vulnerability of unauthenticated restart... |
| CVE-2022-45432 | 2022-12-27 | Some Dahua software products have a vulnerability of unauthenticated search... |