CVE List - 2022 / December
Showing 501 - 600 of 2356 CVEs for December 2022 (Page 6 of 24)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-45510 | 2022-12-08 | Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the mit_ssid_index parameter at /goform/AdvSetWrlsafeset. |
| CVE-2022-45511 | 2022-12-08 | Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the PPPOEPassword parameter at /goform/QuickIndex. |
| CVE-2022-45512 | 2022-12-08 | Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/SafeEmailFilter. |
| CVE-2022-45513 | 2022-12-08 | Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/P2pListFilter. |
| CVE-2022-45514 | 2022-12-08 | Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/webExcptypemanFilter. |
| CVE-2022-45515 | 2022-12-08 | Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the entries parameter at /goform/addressNat. |
| CVE-2022-45516 | 2022-12-08 | Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/NatStaticSetting. |
| CVE-2022-45517 | 2022-12-08 | Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/VirtualSer. |
| CVE-2022-45518 | 2022-12-08 | Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/SetIpBind. |
| CVE-2022-45519 | 2022-12-08 | Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the Go parameter at /goform/SafeMacFilter. |
| CVE-2022-45520 | 2022-12-08 | Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/qossetting. |
| CVE-2022-45521 | 2022-12-08 | Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/SafeUrlFilter. |
| CVE-2022-45522 | 2022-12-08 | Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/SafeClientFilter. |
| CVE-2022-45523 | 2022-12-08 | Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/L7Im. |
| CVE-2022-45524 | 2022-12-08 | Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the opttype parameter at /goform/IPSECsave. |
| CVE-2022-45525 | 2022-12-08 | Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the downaction parameter at /goform/CertListInfo. |
| CVE-2022-46792 | 2022-12-08 | Hasura GraphQL Engine before 2.15.2 mishandles row-level authorization in the Update Many API for Postgres backends. The fixed versions are 2.10.2, 2.11.3, 2.12.1, 2.13.2, 2.14.1, and 2.15.2. (Versions before 2.10.0... |
| CVE-2022-23492 | 2022-12-08 | go-libp2p denial of service vulnerability from lack of resource management |
| CVE-2022-23476 | 2022-12-08 | Unchecked return value from xmlTextReaderExpand in Nokogiri |
| CVE-2022-20968 | 2022-12-08 | A vulnerability in the Cisco Discovery Protocol processing feature of Cisco IP Phone 7800 and 8800 Series firmware could allow an unauthenticated, adjacent attacker to cause a stack overflow on... |
| CVE-2022-46824 | 2022-12-08 | In JetBrains IntelliJ IDEA before 2022.2.4 a buffer overflow in the fsnotifier daemon on macOS was possible. |
| CVE-2022-46825 | 2022-12-08 | In JetBrains IntelliJ IDEA before 2022.3 the built-in web server leaked information about open projects. |
| CVE-2022-46826 | 2022-12-08 | In JetBrains IntelliJ IDEA before 2022.3 the built-in web server allowed an arbitrary file to be read by exploiting a path traversal vulnerability. |
| CVE-2022-46827 | 2022-12-08 | In JetBrains IntelliJ IDEA before 2022.3 an XXE attack leading to SSRF via requests to custom plugin repositories was possible. |
| CVE-2022-46828 | 2022-12-08 | In JetBrains IntelliJ IDEA before 2022.3 a DYLIB injection on macOS was possible. |
| CVE-2022-46829 | 2022-12-08 | In JetBrains JetBrains Gateway before 2022.3 a client could connect without a valid token if the host consented. |
| CVE-2022-46830 | 2022-12-08 | In JetBrains TeamCity between 2022.10 and 2022.10.1 a custom STS endpoint allowed internal port scanning. |
| CVE-2022-46831 | 2022-12-08 | In JetBrains TeamCity between 2022.10 and 2022.10.1 connecting to AWS using the "Default Credential Provider Chain" allowed TeamCity project administrators to access AWS resources normally limited to TeamCity system administrators. |
| CVE-2022-41717 | 2022-12-08 | Excessive memory growth in net/http and golang.org/x/net/http2 |
| CVE-2022-23496 | 2022-12-08 | A crafted list can trigger a ArrayIndexOutOfBoundsException in Yauaa |
| CVE-2022-23495 | 2022-12-08 | ProtoNode may be modified such that common method calls may panic in ipfs/go-merkledag |
| CVE-2022-23494 | 2022-12-08 | Cross-site scripting vulnerability in TinyMCE alerts |
| CVE-2022-23469 | 2022-12-08 | Authorization header displayed in the debug logs |
| CVE-2022-46153 | 2022-12-08 | Routes exposed with an empty TLSOption in traefik |
| CVE-2022-46158 | 2022-12-08 | Potential Information exposure in the upload directory in PrestaShop |
| CVE-2022-41949 | 2022-12-08 | Semi-blind Server-Side Request Forgery in dhis2-core |
| CVE-2022-41948 | 2022-12-08 | Privilege Chaining with the user admin role in dhis2-core |
| CVE-2022-41947 | 2022-12-08 | Cross-site Scripting with user-uploaded files in dhis2-core |
| CVE-2022-25629 | 2022-12-09 | An authenticated user who has the privilege to add/edit annotations on the Content tab, can craft a malicious annotation that can be executed on the annotations page (Annotation Text Column). |
| CVE-2022-25630 | 2022-12-09 | An authenticated user can embed malicious content with XSS into the admin group policy page. |
| CVE-2022-29838 | 2022-12-09 | Authentication issue with the encrypted volumes and auto mount feature in My Cloud devices |
| CVE-2022-29839 | 2022-12-09 | Remote Backups Application Discloses Stored Credentials |
| CVE-2022-3259 | 2022-12-09 | Openshift 4.9 does not use HTTP Strict Transport Security (HSTS) which may allow man-in-the-middle (MITM) attacks. |
| CVE-2022-34297 | 2022-12-09 | Yii Yii2 Gii through 2.2.4 allows stored XSS by injecting a payload into any field. |
| CVE-2022-3724 | 2022-12-09 | Crash in the USB HID protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file on Windows |
| CVE-2022-4170 | 2022-12-09 | The rxvt-unicode package is vulnerable to a remote code execution, in the Perl background extension, when an attacker can control the data written to the user's terminal and certain options... |
| CVE-2022-4336 | 2022-12-09 | In BAOTA linux panel there exists a stored xss vulnerability attackers can use to obtain sensitive information via the log analysis feature. |
| CVE-2022-4375 | 2022-12-09 | Mingsoft MCMS list sql injection |
| CVE-2022-4377 | 2022-12-09 | S-CMS Contact Information Page cross site scripting |
| CVE-2022-4390 | 2022-12-09 | A network misconfiguration is present in versions prior to 1.0.9.90 of the NETGEAR RAX30 AX2400 series of routers. IPv6 is enabled for the WAN interface by default on these devices.... |
| CVE-2022-44213 | 2022-12-09 | ZKTeco Xiamen Information Technology ZKBio ECO ADMS <=3.1-164 is vulnerable to Cross Site Scripting (XSS). |
| CVE-2022-44790 | 2022-12-09 | Interspire Email Marketer through 6.5.1 allows SQL Injection via the surveys module. An unauthenticated attacker could successfully perform an attack to extract potentially sensitive information from the database if the... |
| CVE-2022-44838 | 2022-12-09 | Automotive Shop Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /services/view_service.php. |
| CVE-2022-45290 | 2022-12-09 | Kbase Doc v1.0 was discovered to contain an arbitrary file deletion vulnerability via the component /web/IndexController.java. |
| CVE-2022-45292 | 2022-12-09 | User invites for Funkwhale v1.2.8 do not permanently expire after being used for signup and can be used again after an account has been deleted. |
| CVE-2022-33187 | 2022-12-09 | Brocade SANnav before v2.2.1 logs usernames and encoded passwords in debug-enabled logs |
| CVE-2022-2752 | 2022-12-09 | Potential vulnerabilities in GM login process |
| CVE-2022-4264 | 2022-12-09 | Incorrect privilege assignment in M-Files Web Server |
| CVE-2022-23493 | 2022-12-09 | Out of Bound Read in xrdp |
| CVE-2022-23468 | 2022-12-09 | Buffer Overflow in xrdp |
| CVE-2022-23478 | 2022-12-09 | Out of Bound Write in xrdp |
| CVE-2022-23479 | 2022-12-09 | Buffer Overflow occurs in xrdp |
| CVE-2022-23480 | 2022-12-09 | Buffer Overflow in xrdp |
| CVE-2022-23481 | 2022-12-09 | Out-of-Bound Read in xrdp |
| CVE-2022-23482 | 2022-12-09 | Out-of-Bound Read in xrdp |
| CVE-2022-23483 | 2022-12-09 | Out-of-Bound Read in libxrdp |
| CVE-2022-23484 | 2022-12-09 | Integer Overflow in xrdp |
| CVE-2022-23477 | 2022-12-09 | Buffer Overflow in xrdp |
| CVE-2022-41299 | 2022-12-09 | IBM Cloud Transformation Advisor cross-site scripting |
| CVE-2022-46166 | 2022-12-09 | Spring Boot Admins integrated notifier support allows arbitrary code execution |
| CVE-2022-46157 | 2022-12-09 | Remote php code execution in Akeneo PIM |
| CVE-2022-23510 | 2022-12-09 | SQl injection in cube-js |
| CVE-2022-23497 | 2022-12-09 | Insecure file access in FreshRSS |
| CVE-2022-4396 | 2022-12-10 | RDFlib pyrdfa3 __init__.py _get_option cross site scripting |
| CVE-2022-4397 | 2022-12-10 | morontt zend-blog-number-2 Comment Comment.php cross-site request forgery |
| CVE-2022-4398 | 2022-12-10 | Integer Overflow or Wraparound in radareorg/radare2 |
| CVE-2022-4399 | 2022-12-10 | TicklishHoneyBee nodau db.c sql injection |
| CVE-2022-45145 | 2022-12-10 | egg-compile.scm in CHICKEN 5.x before 5.3.1 allows arbitrary OS command execution during package installation via escape characters in a .egg file. |
| CVE-2022-23485 | 2022-12-10 | Invite code reuse via cookie manipulation in sentry |
| CVE-2022-4401 | 2022-12-11 | pallidlight online-course-selection-system cross site scripting |
| CVE-2022-4400 | 2022-12-11 | zbl1996 FS-Blog Title cross site scripting |
| CVE-2022-4402 | 2022-12-11 | RainyGao DocSys ZIP File Decompression path traversal |
| CVE-2022-4403 | 2022-12-11 | SourceCodester Canteen Management System ajax_represent.php sql injection |
| CVE-2022-4407 | 2022-12-11 | Cross-site Scripting (XSS) - Reflected in thorsten/phpmyfaq |
| CVE-2022-4408 | 2022-12-11 | Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq |
| CVE-2022-4409 | 2022-12-11 | Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in thorsten/phpmyfaq |
| CVE-2022-4413 | 2022-12-11 | Cross-site Scripting (XSS) - Reflected in nuxt/framework |
| CVE-2022-4414 | 2022-12-11 | Cross-site Scripting (XSS) - DOM in nuxt/framework |
| CVE-2022-42716 | 2022-12-12 | An issue was discovered in the Arm Mali GPU Kernel Driver. There is a use-after-free. A non-privileged user can make improper GPU processing operations to gain access to already freed... |
| CVE-2021-41943 | 2022-12-12 | Logrhythm Web Console 7.4.9 allows for HTML tag injection through Contextualize Action -> Create a new Contextualize Action -> Inject your HTML tag in the name field. |
| CVE-2021-4244 | 2022-12-12 | yikes-inc-easy-mailchimp-extender Plugin add_field_to_form.php cross site scripting |
| CVE-2022-23511 | 2022-12-12 | A privilege escalation issue exists within the Amazon CloudWatch Agent for Windows, software for collecting metrics and logs from Amazon EC2 instances and on-premises servers, in versions up to and... |
| CVE-2022-25836 | 2022-12-12 | Bluetooth® Low Energy Pairing in Bluetooth Core Specification v4.0 through v5.3 may permit an unauthenticated MITM to acquire credentials with two pairing devices via adjacent access when the MITM negotiates... |
| CVE-2022-25837 | 2022-12-12 | Bluetooth® Pairing in Bluetooth Core Specification v1.0B through v5.3 may permit an unauthenticated MITM to acquire credentials with two pairing devices via adjacent access when at least one device supports... |
| CVE-2022-41881 | 2022-12-12 | Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion.... |
| CVE-2022-44031 | 2022-12-12 | Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization of the blockquote syntax in Textile-formatted fields. |
| CVE-2022-4416 | 2022-12-12 | RainyGao DocSys getReposAllUsers.do getReposAllUsers sql injection |
| CVE-2022-4421 | 2022-12-12 | rAthena FluxCP Service Desk Image URL view.php cross site scripting |
| CVE-2022-44637 | 2022-12-12 | Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization in Redcloth3 Textile-formatted fields. Depending on the configuration, this may require login... |
| CVE-2022-45043 | 2022-12-12 | Tenda AX12 V22.03.01.16_cn is vulnerable to command injection via goform/fast_setting_internet_set. |