CVE List - 2022 / December
Showing 2201 - 2300 of 2356 CVEs for December 2022 (Page 23 of 24)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2019-25092 | 2022-12-28 | Nakiami Mellivora Admin Panel user.inc.php print_user_ip_log cross site scripting |
| CVE-2018-25050 | 2022-12-28 | Harvest Chosen abstract-chosen.coffee AbstractChosen cross site scripting |
| CVE-2022-3922 | 2022-12-28 | Broken Link Checker < 1.11.20 - Admin+ Cross-Site Scripting |
| CVE-2018-25051 | 2022-12-28 | JmPotato Pomash editor.html cross site scripting |
| CVE-2018-25052 | 2022-12-28 | Catalyst-Plugin-Session Session ID Session.pm _load_sessionid cross site scripting |
| CVE-2018-25053 | 2022-12-28 | moappi Json2html json2html.js cross site scripting |
| CVE-2018-25054 | 2022-12-28 | shred cilla Search search.jsp cross site scripting |
| CVE-2018-25055 | 2022-12-28 | FarCry Solr Pro Plugin Search solrProSearch.cfc cross site scripting |
| CVE-2018-25056 | 2022-12-28 | yolapi metadata.py render_description cross site scripting |
| CVE-2022-4778 | 2022-12-28 | path traversal in elvexys StreamX using StreamView HTML component with public web server feature |
| CVE-2022-4779 | 2022-12-28 | authentication bypass in elvexys StreamX using StreamView HTML component with public web server feature |
| CVE-2022-4780 | 2022-12-28 | hard coded credentials in elvexys ISOS firmwares |
| CVE-2021-4294 | 2022-12-28 | OpenShift OSIN CheckClientSecret timing discrepancy |
| CVE-2022-23553 | 2022-12-28 | URL access filters bypass in Alpine |
| CVE-2022-23554 | 2022-12-28 | Authentication bypass in Alpine |
| CVE-2022-4817 | 2022-12-28 | centic9 jgit-cookbook temp file |
| CVE-2017-20150 | 2022-12-28 | challenge website sql injection |
| CVE-2018-25057 | 2022-12-28 | simple_php_link_shortener index.php sql injection |
| CVE-2022-4818 | 2022-12-28 | Talend Open Studio for MDM SystemStorageWrapper.java xml external entity reference |
| CVE-2022-4819 | 2022-12-28 | HotCRP cross site scripting |
| CVE-2022-4820 | 2022-12-28 | FlatPress Admin Area admin.entry.list.php cross site scripting |
| CVE-2022-4821 | 2022-12-28 | FlatPress XML File Handler/MD File admin.uploader.php onupload cross site scripting |
| CVE-2022-4822 | 2022-12-28 | FlatPress Setup main.lib.php cross site scripting |
| CVE-2022-4823 | 2022-12-28 | InSTEDD Nuntium geopoll_controller.rb timing discrepancy |
| CVE-2022-30519 | 2022-12-29 | XSS in signing form in Reprise Software RLM License Administration v14.2BL4 allows remote attacker to inject arbitrary code via password field. |
| CVE-2022-36437 | 2022-12-29 | The Connection handler in Hazelcast and Hazelcast Jet allows a remote unauthenticated attacker to access and manipulate data in the cluster with the identity of another already authenticated connection. The... |
| CVE-2022-4839 | 2022-12-29 | Cross-site Scripting (XSS) - Stored in usememos/memos |
| CVE-2022-4840 | 2022-12-29 | Cross-site Scripting (XSS) - Stored in usememos/memos |
| CVE-2022-4841 | 2022-12-29 | Cross-site Scripting (XSS) - Stored in usememos/memos |
| CVE-2022-4843 | 2022-12-29 | NULL Pointer Dereference in radareorg/radare2 |
| CVE-2022-4844 | 2022-12-29 | Cross-Site Request Forgery (CSRF) in usememos/memos |
| CVE-2022-4845 | 2022-12-29 | Cross-Site Request Forgery (CSRF) in usememos/memos |
| CVE-2022-4846 | 2022-12-29 | Cross-Site Request Forgery (CSRF) in usememos/memos |
| CVE-2022-4847 | 2022-12-29 | Incorrectly Specified Destination in a Communication Channel in usememos/memos |
| CVE-2022-4848 | 2022-12-29 | Improper Verification of Source of a Communication Channel in usememos/memos |
| CVE-2022-4849 | 2022-12-29 | Cross-Site Request Forgery (CSRF) in usememos/memos |
| CVE-2022-4850 | 2022-12-29 | Cross-Site Request Forgery (CSRF) in usememos/memos |
| CVE-2022-4851 | 2022-12-29 | Improper Handling of Values in usememos/memos |
| CVE-2018-25058 | 2022-12-29 | Twitter-Post-Fetcher Link Target twitterFetcher.js reverse tabnabbing |
| CVE-2021-4295 | 2022-12-29 | ONC code-validator-api XML CodeValidatorApiConfiguration.java vocabularyValidationConfigurations xml external entity reference |
| CVE-2021-4296 | 2022-12-29 | w3c Unicorn ValidatorNuMessage.java ValidatorNuMessage cross site scripting |
| CVE-2022-46178 | 2022-12-29 | Path Traversal In MeterSpere allows file upload to any path |
| CVE-2022-46181 | 2022-12-29 | Gotify server XSS vulnerability in the application image file upload |
| CVE-2022-34669 | 2022-12-30 | NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can access or modify system files or other files that are... |
| CVE-2022-34670 | 2022-12-30 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged regular user can cause truncation errors when casting a primitive to a... |
| CVE-2022-34671 | 2022-12-30 | NVIDIA GPU Display Driver for Windows contains a vulnerability in the user-mode layer, where an unprivileged user can cause an out-of-bounds write, which may lead to code execution, information disclosure,... |
| CVE-2022-34672 | 2022-12-30 | NVIDIA Control Panel for Windows contains a vulnerability where an unauthorized user or an unprivileged regular user can compromise the security of the software by gaining privileges, reading sensitive information,... |
| CVE-2022-34673 | 2022-12-30 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an out-of-bounds array access may lead to denial of service, information disclosure, or data... |
| CVE-2022-34674 | 2022-12-30 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where a helper function maps more physical pages than were requested, which may lead to... |
| CVE-2022-34675 | 2022-12-30 | NVIDIA Display Driver for Linux contains a vulnerability in the Virtual GPU Manager, where it does not check the return value from a null-pointer dereference, which may lead to denial... |
| CVE-2022-34676 | 2022-12-30 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds read may lead to denial of service, information disclosure, or data tampering. |
| CVE-2022-34677 | 2022-12-30 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged regular user can cause an integer to be truncated, which may lead... |
| CVE-2022-34678 | 2022-12-30 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged user can cause a null-pointer dereference, which may lead to denial... |
| CVE-2022-34679 | 2022-12-30 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an unhandled return value can lead to a null-pointer dereference, which may lead to... |
| CVE-2022-34680 | 2022-12-30 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an integer truncation can lead to an out-of-bounds read, which may lead to denial... |
| CVE-2022-34681 | 2022-12-30 | NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler, where improper input validation of a display-related data structure may lead to denial of... |
| CVE-2022-34682 | 2022-12-30 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause a null-pointer dereference, which may lead to denial of... |
| CVE-2022-34683 | 2022-12-30 | NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a null-pointer dereference occurs, which may lead to denial of service. |
| CVE-2022-34684 | 2022-12-30 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an off-by-one error may lead to data tampering or information disclosure. |
| CVE-2022-42254 | 2022-12-30 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an out-of-bounds array access may lead to denial of service, data tampering, or information... |
| CVE-2022-42255 | 2022-12-30 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an out-of-bounds array access may lead to denial of service, information disclosure, or data... |
| CVE-2022-42256 | 2022-12-30 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow in index validation may lead to denial of service, information disclosure,... |
| CVE-2022-42257 | 2022-12-30 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to information disclosure, data tampering or denial of service. |
| CVE-2022-42258 | 2022-12-30 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to denial of service, data tampering, or information disclosure. |
| CVE-2022-42259 | 2022-12-30 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to denial of service. |
| CVE-2022-42260 | 2022-12-30 | NVIDIA vGPU Display Driver for Linux guest contains a vulnerability in a D-Bus configuration file, where an unauthorized user in the guest VM can impact protected D-Bus endpoints, which may... |
| CVE-2022-42261 | 2022-12-30 | NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where an input index is not validated, which may lead to buffer overrun, which in turn may... |
| CVE-2022-42262 | 2022-12-30 | NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where an input index is not validated, which may lead to buffer overrun, which in turn may... |
| CVE-2022-42263 | 2022-12-30 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an Integer overflow may lead to denial of service or information disclosure. |
| CVE-2022-42264 | 2022-12-30 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause the use of an out-of-range pointer offset, which may... |
| CVE-2022-42265 | 2022-12-30 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to information disclosure or data tampering. |
| CVE-2022-42266 | 2022-12-30 | NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where an unprivileged regular user can cause exposure of sensitive information to... |
| CVE-2022-42267 | 2022-12-30 | NVIDIA GPU Display Driver for Windows contains a vulnerability where a regular user can cause an out-of-bounds read, which may lead to code execution, denial of service, escalation of privileges,... |
| CVE-2022-42269 | 2022-12-30 | NVIDIA Trusted OS contains a vulnerability in an SMC call handler, where failure to validate untrusted input may allow a highly privileged local attacker to cause information disclosure and compromise... |
| CVE-2022-42270 | 2022-12-30 | NVIDIA distributions of Linux contain a vulnerability in nvdla_emu_task_submit, where unvalidated input may allow a local attacker to cause stack-based buffer overflow in kernel code, which may lead to escalation... |
| CVE-2022-44137 | 2022-12-30 | SourceCodester Sanitization Management System 1.0 is vulnerable to SQL Injection. |
| CVE-2022-46580 | 2022-12-30 | TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the user_edit_page parameter in the wifi_captive_portal function. |
| CVE-2022-46581 | 2022-12-30 | TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the cameo.cameo.nslookup_target parameter in the tools_nslookup function. |
| CVE-2022-46582 | 2022-12-30 | TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the login_name parameter in the do_graph_auth (sub_4061E0) function. |
| CVE-2022-46583 | 2022-12-30 | TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the reboot_type parameter in the wizard_ipv6 (sub_41C380) function. |
| CVE-2022-46584 | 2022-12-30 | TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the qcawifi.wifi%d_vap%d.maclist parameter in the kick_ban_wifi_mac_deny (sub_415D7C) function. |
| CVE-2022-46585 | 2022-12-30 | TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the REMOTE_USER parameter in the get_access (sub_45AC2C) function. |
| CVE-2022-46586 | 2022-12-30 | TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the qcawifi.wifi%d_vap%d.maclist parameter in the kick_ban_wifi_mac_allow (sub_415B00) function. |
| CVE-2022-46588 | 2022-12-30 | TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the sys_service parameter in the setup_wizard_mydlink (sub_4104B8) function. |
| CVE-2022-46589 | 2022-12-30 | TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the cameo.cameo.netstat_option parameter in the tools_netstat (sub_41E730) function. |
| CVE-2022-46590 | 2022-12-30 | TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the cameo.cameo.netstat_rsname parameter in the tools_netstat (sub_41E730) function. |
| CVE-2022-46591 | 2022-12-30 | TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the reject_url parameter in the reject (sub_41BD60) function. |
| CVE-2022-46592 | 2022-12-30 | TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the wps_sta_enrollee_pin parameter in the set_sta_enrollee_pin_5g function. |
| CVE-2022-46593 | 2022-12-30 | TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the wps_sta_enrollee_pin parameter in the do_sta_enrollee_wifi function. |
| CVE-2022-46594 | 2022-12-30 | TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the update_file_name parameter in the auto_up_fw (sub_420A04) function. |
| CVE-2022-46596 | 2022-12-30 | TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the del_num parameter in the icp_delete_img (sub_41DEDC) function. |
| CVE-2022-46597 | 2022-12-30 | TRENDnet TEW755AP 1.13B01 was discovered to contain a command injection vulnerability via the sys_service parameter in the setup_wizard_mydlink (sub_4104B8) function. |
| CVE-2022-46598 | 2022-12-30 | TRENDnet TEW755AP 1.13B01 was discovered to contain a command injection vulnerability via the wps_sta_enrollee_pin parameter in the action set_sta_enrollee_pin_5g function. |
| CVE-2022-46599 | 2022-12-30 | TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the setlogo_num parameter in the icp_setlogo_img (sub_41DBF4) function. |
| CVE-2022-46600 | 2022-12-30 | TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the wps_sta_enrollee_pin parameter in the action set_sta_enrollee_pin_24g function. |
| CVE-2022-46601 | 2022-12-30 | TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the setbg_num parameter in the icp_setbg_img (sub_41DD68) function. |
| CVE-2022-47115 | 2022-12-30 | Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the wepauth parameter at /goform/WifiBasicSet. |
| CVE-2022-47116 | 2022-12-30 | Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the SYSPS parameter at /goform/SysToolChangePwd. |
| CVE-2022-47117 | 2022-12-30 | Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the security parameter at /goform/WifiBasicSet. |
| CVE-2022-47118 | 2022-12-30 | Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the wepkey1 parameter at /goform/WifiBasicSet. |