CVE List - 2022 / December
Showing 401 - 500 of 2356 CVEs for December 2022 (Page 5 of 24)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-45217 | 2022-12-07 | A cross-site scripting (XSS) vulnerability in Book Store Management System... |
| CVE-2022-45550 | 2022-12-07 | AyaCMS 3.1.2 is vulnerable to Remote Code Execution (RCE). |
| CVE-2022-45915 | 2022-12-07 | ILIAS before 7.16 allows OS Command Injection. |
| CVE-2022-45916 | 2022-12-07 | ILIAS before 7.16 allows XSS. |
| CVE-2022-45917 | 2022-12-07 | ILIAS before 7.16 has an Open Redirect. |
| CVE-2022-46682 | 2022-12-07 | Jenkins Plot Plugin 2.1.11 and earlier does not configure its... |
| CVE-2022-46683 | 2022-12-07 | Jenkins Google Login Plugin 1.4 through 1.6 (both inclusive) improperly... |
| CVE-2022-46684 | 2022-12-07 | Jenkins Checkmarx Plugin 2022.3.3 and earlier does not escape values... |
| CVE-2022-46685 | 2022-12-07 | In Jenkins Gitea Plugin 1.4.4 and earlier, the implementation of... |
| CVE-2022-46686 | 2022-12-07 | Jenkins Custom Build Properties Plugin 2.79.vc095ccc85094 and earlier does not... |
| CVE-2022-46687 | 2022-12-07 | Jenkins Spring Config Plugin 2.0.0 and earlier does not escape... |
| CVE-2022-46688 | 2022-12-07 | A cross-site request forgery (CSRF) vulnerability in Jenkins Sonar Gerrit... |
| CVE-2022-46770 | 2022-12-07 | qubes-mirage-firewall (aka Mirage firewall for QubesOS) 0.8.x through 0.8.3 allows... |
| CVE-2022-41622 | 2022-12-07 | iControl SOAP vulnerability |
| CVE-2022-41800 | 2022-12-07 | Appliance mode iControl REST vulnerability |
| CVE-2022-46741 | 2022-12-07 | Out-of-bounds read in gather_tree in PaddlePaddle before 2.4. |
| CVE-2022-46742 | 2022-12-07 | Code injection in paddle.audio.functional.get_window in PaddlePaddle 2.4.0-rc0 allows arbitrary code... |
| CVE-2022-45910 | 2022-12-07 | Apache ManifoldCF: LDAP Injection Vulnerability - ActiveDirectory Authorities |
| CVE-2022-3641 | 2022-12-07 | Elevation of privilege in the Azure SQL Data Source in... |
| CVE-2022-41720 | 2022-12-07 | Restricted file access on Windows in os and net/http |
| CVE-2020-36565 | 2022-12-07 | Directory traversal on Windows in github.com/labstack/echo/v4 |
| CVE-2022-41735 | 2022-12-07 | IBM Business Process Manager cross-site scripting |
| CVE-2022-20686 | 2022-12-07 | Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) functionality... |
| CVE-2022-20687 | 2022-12-07 | Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) functionality... |
| CVE-2022-20688 | 2022-12-07 | A vulnerability in the Cisco Discovery Protocol functionality of Cisco... |
| CVE-2022-20689 | 2022-12-07 | Multiple vulnerabilities in the Cisco Discovery Protocol functionality of Cisco... |
| CVE-2022-20690 | 2022-12-07 | Multiple vulnerabilities in the Cisco Discovery Protocol functionality of Cisco... |
| CVE-2022-20691 | 2022-12-07 | A vulnerability in the Cisco Discovery Protocol functionality of Cisco... |
| CVE-2022-43581 | 2022-12-07 | IBM Content Navigator code execution |
| CVE-2022-23486 | 2022-12-07 | libp2p-rust denial of service vulnerability from lack of resource management |
| CVE-2022-23487 | 2022-12-07 | libp2p denial of service vulnerability from lack of resource management |
| CVE-2022-23491 | 2022-12-07 | Removal of TrustCor root certificate |
| CVE-2022-23471 | 2022-12-07 | containerd CRI stream server: Host memory exhaustion through terminal resize goroutine leak |
| CVE-2022-2002 | 2022-12-07 | GE CIMPLICITY Untrusted Pointer Dereference |
| CVE-2022-2948 | 2022-12-07 | GE CIMPLICITY Heap-based Buffer Overflow |
| CVE-2022-2952 | 2022-12-07 | GE CIMPLICITY Access of Uninitialized Pointer |
| CVE-2022-3084 | 2022-12-07 | GE CIMPLICITY Access of Uninitialized Pointer |
| CVE-2022-3092 | 2022-12-07 | GE CIMPLICITY Out-of-bounds Write |
| CVE-2022-4291 | 2022-12-07 | Aswjsflt.dll in Avast Antivirus windows caused a crash of the Mozilla Firefox browser due to heap corruption |
| CVE-2022-41802 | 2022-12-08 | Kernel subsystem in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGetres. |
| CVE-2022-4353 | 2022-12-08 | LinZhaoguan pb-cms IpUtil.getIpAddr cross site scripting |
| CVE-2022-44455 | 2022-12-08 | The appspawn and nwebspawn services were found to be vulnerable to buffer overflow vulnerability due to insufficient input validation. |
| CVE-2022-45118 | 2022-12-08 | Telephony in communication subsystem sends public events with personal data, but the permission is not set. |
| CVE-2022-45877 | 2022-12-08 | PIN code is transmitted to the peer device in plain text during cross-device authentication, which reduces the difficulty of man-in-the-middle attacks. |
| CVE-2020-36609 | 2022-12-08 | annyshow DuxCMS Article edit cross site scripting |
| CVE-2020-36610 | 2022-12-08 | annyshow DuxCMS cross-site request forgery |
| CVE-2022-3260 | 2022-12-08 | The response header has not enabled X-FRAME-OPTIONS, Which helps prevents... |
| CVE-2022-3262 | 2022-12-08 | A flaw was found in Openshift. A pod with a... |
| CVE-2022-33186 | 2022-12-08 | A vulnerability in Brocade Fabric OS software v9.1.1, v9.0.1e, v8.2.3c,... |
| CVE-2022-37916 | 2022-12-08 | Broken Access Control for some Web-based Management URLs in AirWave Management Platform |
| CVE-2022-37917 | 2022-12-08 | Broken Access Control for some Web-based Management URLs in AirWave Management Platform |
| CVE-2022-37918 | 2022-12-08 | Broken Access Control for some Web-based Management URLs in AirWave Management Platform |
| CVE-2022-38599 | 2022-12-08 | Teleport v3.2.2, Teleport v3.5.6-rc6, and Teleport v3.6.3-b2 was discovered to... |
| CVE-2022-38754 | 2022-12-08 | CVE-2022-38754 - Micro Focus Operations Bridge Manager and OpsBridge Containerized - Cross Site Scripting (XSS) |
| CVE-2022-38765 | 2022-12-08 | Canon Medical Informatics Vitrea Vision 7.7.76.1 does not adequately enforce... |
| CVE-2022-39894 | 2022-12-08 | Improper access control vulnerability in ContactListStartActivityHelper in Phone prior to... |
| CVE-2022-39895 | 2022-12-08 | Improper access control vulnerability in ContactListUtils in Phone prior to... |
| CVE-2022-39896 | 2022-12-08 | Improper access control vulnerabilities in Contacts prior to SMR Dec-2022... |
| CVE-2022-39897 | 2022-12-08 | Exposure of Sensitive Information vulnerability in kernel prior to SMR... |
| CVE-2022-39898 | 2022-12-08 | Improper access control vulnerability in IIccPhoneBook prior to SMR Dec-2022... |
| CVE-2022-39899 | 2022-12-08 | Improper authentication vulnerability in Samsung WindowManagerService prior to SMR Dec-2022... |
| CVE-2022-39900 | 2022-12-08 | Improper access control vulnerability in Nice Catch prior to SMR... |
| CVE-2022-39901 | 2022-12-08 | Improper authentication in Exynos baseband prior to SMR DEC-2022 Release... |
| CVE-2022-39902 | 2022-12-08 | Improper authorization in Exynos baseband prior to SMR DEC-2022 Release... |
| CVE-2022-39903 | 2022-12-08 | Improper access control vulnerability in RCS call prior to SMR... |
| CVE-2022-39904 | 2022-12-08 | Exposure of Sensitive Information vulnerability in Samsung Settings prior to... |
| CVE-2022-39905 | 2022-12-08 | Implicit intent hijacking vulnerability in Telecom application prior to SMR... |
| CVE-2022-39906 | 2022-12-08 | Improper access control vulnerability in SecTelephonyProvider prior to SMR Dec-2022... |
| CVE-2022-39907 | 2022-12-08 | Integer overflow vulnerability in Samsung decoding library for video thumbnails... |
| CVE-2022-39908 | 2022-12-08 | TOCTOU vulnerability in Samsung decoding library for video thumbnails prior... |
| CVE-2022-39909 | 2022-12-08 | Insufficient verification of data authenticity vulnerability in Samsung Gear IconX... |
| CVE-2022-39910 | 2022-12-08 | Improper access control vulnerability in Samsung Pass prior to version... |
| CVE-2022-39911 | 2022-12-08 | Improper check or handling of exceptional conditions vulnerability in Samsung... |
| CVE-2022-39912 | 2022-12-08 | Improper handling of insufficient permissions vulnerability in setSecureFolderPolicy in PersonaManagerService... |
| CVE-2022-39913 | 2022-12-08 | Exposure of Sensitive Information to an Unauthorized Actor in Persona... |
| CVE-2022-39914 | 2022-12-08 | Exposure of Sensitive Information from an Unauthorized Actor vulnerability in... |
| CVE-2022-39915 | 2022-12-08 | Improper access control vulnerability in Calendar prior to versions 11.6.08.0... |
| CVE-2022-40939 | 2022-12-08 | In certain Secustation products the administrator account password can be... |
| CVE-2022-4122 | 2022-12-08 | A vulnerability was found in buildah. Incorrect following of symlinks... |
| CVE-2022-4123 | 2022-12-08 | A flaw was found in Buildah. The local path and... |
| CVE-2022-4347 | 2022-12-08 | xiandafu beetl-bbs WebUtils.java cross site scripting |
| CVE-2022-4348 | 2022-12-08 | y_project RuoYi-Cloud JSON cross site scripting |
| CVE-2022-4349 | 2022-12-08 | CTF-hacker pwn delete.html cross-site request forgery |
| CVE-2022-4350 | 2022-12-08 | Mingsoft MCMS search.do cross site scripting |
| CVE-2022-4354 | 2022-12-08 | LinZhaoguan pb-cms Message Board comment cross site scripting |
| CVE-2022-4364 | 2022-12-08 | Teledyne FLIR AX8 Web Service palette.php command injection |
| CVE-2022-4366 | 2022-12-08 | Missing Authorization in lirantal/daloradius |
| CVE-2022-44931 | 2022-12-08 | Tenda A18 v15.13.07.09 was discovered to contain a stack overflow... |
| CVE-2022-44932 | 2022-12-08 | An access control issue in Tenda A18 v15.13.07.09 allows unauthenticated... |
| CVE-2022-44938 | 2022-12-08 | Weak reset token generation in SeedDMS v6.0.20 and v5.1.7 allows... |
| CVE-2022-45497 | 2022-12-08 | Tenda W6-S v1.0.0.4(510) was discovered to contain a command injection... |
| CVE-2022-45498 | 2022-12-08 | An issue in the component tpi_systool_handle(0) (/goform/SysToolReboot) of Tenda W6-S... |
| CVE-2022-45499 | 2022-12-08 | Tenda W6-S v1.0.0.4(510) was discovered to contain a stack overflow... |
| CVE-2022-45501 | 2022-12-08 | Tenda W6-S v1.0.0.4(510) was discovered to contain a stack overflow... |
| CVE-2022-45503 | 2022-12-08 | Tenda W6-S v1.0.0.4(510) was discovered to contain a stack overflow... |
| CVE-2022-45504 | 2022-12-08 | An issue in the component tpi_systool_handle(0) (/goform/SysToolRestoreSet) of Tenda W6-S... |
| CVE-2022-45505 | 2022-12-08 | Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow... |
| CVE-2022-45506 | 2022-12-08 | Tenda W30E v1.0.1.25(633) was discovered to contain a command injection... |
| CVE-2022-45507 | 2022-12-08 | Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow... |
| CVE-2022-45508 | 2022-12-08 | Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow... |