CVE List - 2022 / December
Showing 601 - 700 of 2356 CVEs for December 2022 (Page 7 of 24)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-45227 | 2022-12-12 | The web portal of Dragino Lora LG01 18ed40 IoT v4.3.4 has the directory listing at the URL https://10.10.20.74/lib/. This address has a backup file which can be downloaded without any... |
| CVE-2022-45228 | 2022-12-12 | Dragino Lora LG01 18ed40 IoT v4.3.4 was discovered to contain a Cross-Site Request Forgery in the logout page. |
| CVE-2022-45269 | 2022-12-12 | A directory traversal vulnerability in the component SCS.Web.Server.SPI/1.0 of Linx Sphere LINX 7.35.ST15 allows attackers to read arbitrary files. |
| CVE-2022-45275 | 2022-12-12 | An arbitrary file upload vulnerability in /queuing/admin/ajax.php?action=save_settings of Dynamic Transaction Queuing System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. |
| CVE-2022-45756 | 2022-12-12 | SENS v1.0 is vulnerable to Cross Site Scripting (XSS). |
| CVE-2022-45758 | 2022-12-12 | SENS v1.0 is vulnerable to Cross Site Scripting (XSS) via com.liuyanzhao.sens.web.controller.admin, getRegister. |
| CVE-2022-45759 | 2022-12-12 | SENS v1.0 has a file upload vulnerability. |
| CVE-2022-45760 | 2022-12-12 | SENS v1.0 is vulnerable to Incorrect Access Control vulnerability. |
| CVE-2022-45956 | 2022-12-12 | Boa Web Server versions 0.94.13 through 0.94.14 fail to validate the correct security constraint on the HEAD HTTP method allowing everyone to bypass the Basic Authorization mechanism. |
| CVE-2022-45957 | 2022-12-12 | ZTE ZXHN-H108NS router with firmware version H108NSV1.0.7u_ZRD_GR2_A68 is vulnerable to remote stack buffer overflow. |
| CVE-2022-45968 | 2022-12-12 | Alist v3.4.0 is vulnerable to File Upload. A user with only file upload permission can upload any file to any folder (even a password protected one). |
| CVE-2022-45970 | 2022-12-12 | Alist v3.5.1 is vulnerable to Cross Site Scripting (XSS) via the bulletin board. |
| CVE-2022-45977 | 2022-12-12 | Tenda AX12 V22.03.01.21_CN was found to have a command injection vulnerability via /goform/setMacFilterCfg function. |
| CVE-2022-45979 | 2022-12-12 | Tenda AX12 v22.03.01.21_CN was discovered to contain a stack overflow via the ssid parameter at /goform/fast_setting_wifi_set . |
| CVE-2022-45980 | 2022-12-12 | Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via /goform/SysToolRestoreSet . |
| CVE-2022-45996 | 2022-12-12 | Tenda W20E V16.01.0.6(3392) is vulnerable to Command injection via cmd_get_ping_output. |
| CVE-2022-45997 | 2022-12-12 | Tenda W20E V16.01.0.6(3392) is vulnerable to Buffer Overflow. |
| CVE-2022-46903 | 2022-12-12 | Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows an authenticated attacker to inject arbitrary HTML tags into the page processed by the user's browser, including scripts in the... |
| CVE-2022-46904 | 2022-12-12 | Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows an authenticated attacker to inject arbitrary HTML tags into the page processed by the user's browser, including scripts in the... |
| CVE-2022-46905 | 2022-12-12 | Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows an unauthenticated attacker to inject arbitrary HTML tags into the page processed by the user's browser, including scripts in the... |
| CVE-2022-46906 | 2022-12-12 | Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows an authenticated attacker to inject arbitrary HTML tags into the page processed by the user's browser, including scripts in the... |
| CVE-2022-46908 | 2022-12-12 | SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE. |
| CVE-2022-2808 | 2022-12-12 | IDOR in Prens Student Information System |
| CVE-2022-24439 | 2022-12-12 | Remote Code Execution (RCE) |
| CVE-2022-25912 | 2022-12-12 | Remote Code Execution (RCE) |
| CVE-2022-2641 | 2022-12-12 | Horner Automation’s RCC 972 with firmware version 15.40 has a static encryption key on the device. This could allow an attacker to perform unauthorized changes to the device, remotely execute... |
| CVE-2022-41559 | 2022-12-12 | TIBCO Nimbus Open Redirect Vulnerability |
| CVE-2022-41560 | 2022-12-12 | TIBCO Nimbus Denial of Service Vulnerability |
| CVE-2022-43515 | 2022-12-12 | X-Forwarded-For header is active by default causes access to Zabbix sites in maintenance mode |
| CVE-2022-43516 | 2022-12-12 | Zabbix Agent installer adds “allow all TCP any any” firewall rule |
| CVE-2022-2640 | 2022-12-12 | The Config-files of Horner Automation’s RCC 972 with firmware version 15.40 are encrypted with weak XOR encryption vulnerable to reverse engineering. This could allow an attacker to obtain credentials to... |
| CVE-2022-2642 | 2022-12-12 | Horner Automation’s RCC 972 firmware version 15.40 contains global variables. This could allow an attacker to read out sensitive values and variable keys from the device. |
| CVE-2022-2807 | 2022-12-12 | SQL Injection in Prens Student Information System |
| CVE-2022-2993 | 2022-12-12 | bt: host: Wrong key validation check |
| CVE-2022-31596 | 2022-12-12 | Under certain conditions, an attacker authenticated as a CMS administrator and with high privileges access to the Network in SAP BusinessObjects Business Intelligence Platform (Monitoring DB) - version 430, can... |
| CVE-2022-3485 | 2022-12-12 | Weak Password Recovery in ifm moneo appliance |
| CVE-2022-4311 | 2022-12-12 | An insertion of sensitive information into log file vulnerability exists in PcVue versions 15 through 15.2.2. This could allow a user with access to the log files to discover connection... |
| CVE-2022-4312 | 2022-12-12 | A cleartext storage of sensitive information vulnerability exists in PcVue versions 8.10 through 15.2.3. This could allow an unauthorized user with access the email and short messaging service (SMS) accounts... |
| CVE-2022-3359 | 2022-12-12 | Shortcodes and extra features for Phlox theme < 2.10.7 - PHP Objection Injection |
| CVE-2022-3908 | 2022-12-12 | Helloprint < 1.4.7 - Reflected Cross-Site Scripting |
| CVE-2022-3882 | 2022-12-12 | WP Memory < 2.46 - Subscriber+ Arbitrary Plugin Installation |
| CVE-2022-4097 | 2022-12-12 | All In One WP Security & Firewall < 5.0.8 - IP Spoofing |
| CVE-2022-3912 | 2022-12-12 | User Registration < 2.2.4.1 - Subscriber+ Arbitrary File Upload |
| CVE-2022-3883 | 2022-12-12 | StopBadBots < 7.24 - Subscriber+ Arbitrary Plugin Installation |
| CVE-2022-3933 | 2022-12-12 | Essential Real Estate < 3.9.6 - Reflected Cross-Site-Scripting |
| CVE-2022-3925 | 2022-12-12 | Buddybadges <= 1.0.0 - Admin+ SQLi |
| CVE-2022-4005 | 2022-12-12 | Donation Button <= 4.0.0 - Contributor+ Stored XSS |
| CVE-2022-3934 | 2022-12-12 | Flat PM < 3.0.13 - Reflected Cross-Site Scripting |
| CVE-2022-3919 | 2022-12-12 | Jetpack CRM < 5.4.3 - Admin+ Cross-Site Scripting |
| CVE-2022-3935 | 2022-12-12 | Welcart e-Commerce < 2.8.4 - Multiple Subscriber+ Stored Cross-Site Scripting |
| CVE-2022-4004 | 2022-12-12 | Donation Button <= 4.0.0 - Subscriber+ Broken Access Control leading to SMS Spam |
| CVE-2022-3915 | 2022-12-12 | Dokan < 3.7.6 - Unauthenticated SQLi |
| CVE-2022-3981 | 2022-12-12 | Icegram Express < 5.5.1 - Subscriber+ SQLi |
| CVE-2022-3853 | 2022-12-12 | Supra CSV <= 4.0.3 - Stored Cross-Site Scripting via CSRF |
| CVE-2022-3605 | 2022-12-12 | WP CSV Exporter < 1.3.7 - CSV Injection |
| CVE-2022-3982 | 2022-12-12 | Booking Calendar < 3.2.2 - Unauthenticated Arbitrary File Upload |
| CVE-2022-3609 | 2022-12-12 | GetYourGuide Ticketing < 1.0.4 - Admin+ Stored XSS |
| CVE-2022-3999 | 2022-12-12 | WooCommerce Shipping - DPD baltic < 1.2.57 - Subscriber+ Arbitrary Options Deletion |
| CVE-2022-4010 | 2022-12-12 | Image Hover Effects < 5.5 - Admin+ Stored XSS |
| CVE-2022-3930 | 2022-12-12 | Directorist < 7.4.2.2 - Subscriber+ Arbitrary User Password Update via IDOR |
| CVE-2022-3906 | 2022-12-12 | Easy Form Builder < 3.4.0 - Admin+ Stored XSS |
| CVE-2022-3879 | 2022-12-12 | Car Dealer < 3.05 - Subscriber+ Arbitrary Plugin Installation |
| CVE-2022-3880 | 2022-12-12 | AntiHacker < 4.20 - Subscriber+ Arbitrary Plugin Installation |
| CVE-2022-3881 | 2022-12-12 | WPTools < 3.43 - Subscriber+ Arbitrary Plugin Installation |
| CVE-2022-3946 | 2022-12-12 | Welcart e-Commerce < 2.8.4 - Subscriber+ Arbitrary Shipping Method Creation/Update/Deletion |
| CVE-2022-4000 | 2022-12-12 | WooCommerce Shipping - DPD baltic < 1.2.11 - Admin+ Stored XSS |
| CVE-2022-3862 | 2022-12-12 | Livemesh Addons for Elementor < 7.2.4 - Admin+ Stored XSS |
| CVE-2022-3989 | 2022-12-12 | Motors - Car Dealer, Classifieds & Listing < 1.4.4 - Arbitrary File Upload |
| CVE-2022-3900 | 2022-12-12 | Cooked Pro < 1.7.5.7 - Unauthenticated PHP Object Injection |
| CVE-2022-3921 | 2022-12-12 | Listingo < 3.2.7 - Unauthenticated Arbitrary File Upload |
| CVE-2022-4016 | 2022-12-12 | Booster for WooCommerce - Custom Role Creation/Deletion via CSRF |
| CVE-2022-41261 | 2022-12-12 | SAP Solution Manager (Diagnostic Agent) - version 7.20, allows an authenticated attacker on Windows system to access a file containing sensitive data which can be used to access a configuration... |
| CVE-2022-41262 | 2022-12-12 | Due to insufficient input validation, SAP NetWeaver AS Java (HTTP Provider Service) - version 7.50, allows an unauthenticated attacker to inject a script into a web request header. On successful... |
| CVE-2022-41263 | 2022-12-12 | Due to a missing authentication check, SAP Business Objects Business Intelligence Platform (Web Intelligence) - versions 420, 430, allows an authenticated non-administrator attacker to modify the data source information for... |
| CVE-2019-25078 | 2022-12-13 | pacparser pacparser.c pacparser_find_proxy buffer overflow |
| CVE-2022-24480 | 2022-12-13 | Outlook for Android Elevation of Privilege Vulnerability |
| CVE-2022-26804 | 2022-12-13 | Microsoft Office Graphics Remote Code Execution Vulnerability |
| CVE-2022-26805 | 2022-12-13 | Microsoft Office Graphics Remote Code Execution Vulnerability |
| CVE-2022-26806 | 2022-12-13 | Microsoft Office Graphics Remote Code Execution Vulnerability |
| CVE-2022-41074 | 2022-12-13 | Windows Graphics Component Information Disclosure Vulnerability |
| CVE-2022-41076 | 2022-12-13 | PowerShell Remote Code Execution Vulnerability |
| CVE-2022-41077 | 2022-12-13 | Windows Fax Compose Form Elevation of Privilege Vulnerability |
| CVE-2022-41089 | 2022-12-13 | .NET Framework Remote Code Execution Vulnerability |
| CVE-2022-41094 | 2022-12-13 | Windows Hyper-V Elevation of Privilege Vulnerability |
| CVE-2022-41115 | 2022-12-13 | Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability |
| CVE-2022-41121 | 2022-12-13 | Windows Graphics Component Elevation of Privilege Vulnerability |
| CVE-2022-41127 | 2022-12-13 | Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability |
| CVE-2022-41278 | 2022-12-13 | A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions... |
| CVE-2022-41287 | 2022-12-13 | A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions... |
| CVE-2022-44667 | 2022-12-13 | Windows Media Remote Code Execution Vulnerability |
| CVE-2022-44668 | 2022-12-13 | Windows Media Remote Code Execution Vulnerability |
| CVE-2022-44669 | 2022-12-13 | Windows Error Reporting Elevation of Privilege Vulnerability |
| CVE-2022-44670 | 2022-12-13 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability |
| CVE-2022-44671 | 2022-12-13 | Windows Graphics Component Elevation of Privilege Vulnerability |
| CVE-2022-44673 | 2022-12-13 | Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability |
| CVE-2022-44674 | 2022-12-13 | Windows Bluetooth Driver Information Disclosure Vulnerability |
| CVE-2022-44675 | 2022-12-13 | Windows Bluetooth Driver Elevation of Privilege Vulnerability |
| CVE-2022-44676 | 2022-12-13 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability |
| CVE-2022-44677 | 2022-12-13 | Windows Projected File System Elevation of Privilege Vulnerability |
| CVE-2022-44678 | 2022-12-13 | Windows Print Spooler Elevation of Privilege Vulnerability |