CVE List - 2022 / December
Showing 101 - 200 of 2356 CVEs for December 2022 (Page 2 of 24)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-45652 | 2022-12-02 | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the startIp parameter in the formSetPPTPServer function. |
| CVE-2022-45653 | 2022-12-02 | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the page parameter in the fromNatStaticSetting function. |
| CVE-2022-45654 | 2022-12-02 | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the ssid parameter in the form_fast_setting_wifi_set function. |
| CVE-2022-45655 | 2022-12-02 | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the timeZone parameter in the form_fast_setting_wifi_set function. |
| CVE-2022-45656 | 2022-12-02 | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the time parameter in the fromSetSysTime function. |
| CVE-2022-45657 | 2022-12-02 | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the list parameter in the fromSetIpMacBind function. |
| CVE-2022-45658 | 2022-12-02 | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the schedEndTime parameter in the setSchedWifi function. |
| CVE-2022-45659 | 2022-12-02 | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the wpapsk_crypto parameter in the fromSetWirelessRepeat function. |
| CVE-2022-45660 | 2022-12-02 | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the schedStartTime parameter in the setSchedWifi function. |
| CVE-2022-45661 | 2022-12-02 | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the time parameter in the setSmartPowerManagement function. |
| CVE-2022-45663 | 2022-12-02 | Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the index parameter in the formWifiMacFilterSet function. |
| CVE-2022-45664 | 2022-12-02 | Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the list parameter in the formwrlSSIDget function. |
| CVE-2022-45667 | 2022-12-02 | Tenda i22 V1.0.0.3(4687) is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet. |
| CVE-2022-45668 | 2022-12-02 | Tenda i22 V1.0.0.3(4687) is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot. |
| CVE-2022-45669 | 2022-12-02 | Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the index parameter in the formWifiMacFilterGet function. |
| CVE-2022-45670 | 2022-12-02 | Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the ping1 parameter in the formSetAutoPing function. |
| CVE-2022-45671 | 2022-12-02 | Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the appData parameter in the formSetAppFilterRule function. |
| CVE-2022-45672 | 2022-12-02 | Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the formWx3AuthorizeSet function. |
| CVE-2022-45673 | 2022-12-02 | Tenda AC6V1.0 V15.03.05.19 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet. |
| CVE-2022-45674 | 2022-12-02 | Tenda AC6V1.0 V15.03.05.19 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot. |
| CVE-2022-4270 | 2022-12-02 | Incorrect privilege assignment in M-Files Web Server |
| CVE-2022-46159 | 2022-12-02 | Any authenticated Discourse user can create an unlisted topic |
| CVE-2022-46145 | 2022-12-02 | authentik vulnerable to unauthorized user creation and potential account takeover |
| CVE-2022-46167 | 2022-12-02 | Capsule vulnerable to privilege escalation by ServiceAccount deployed in a Tenant Namespace |
| CVE-2022-4218 | 2022-12-02 | The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. This is due to missing nonce validation on the list_quizzes() function.... |
| CVE-2022-4219 | 2022-12-02 | The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. This is due to missing nonce validation on the manage() function.... |
| CVE-2022-4220 | 2022-12-02 | The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. This is due to missing nonce validation on the list_questions() function.... |
| CVE-2022-4215 | 2022-12-02 | The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'date' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2.3 due to insufficient... |
| CVE-2022-4214 | 2022-12-02 | The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'ip' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2.3 due to insufficient... |
| CVE-2022-4213 | 2022-12-02 | The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'dn' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2.2 due to insufficient... |
| CVE-2022-4208 | 2022-12-02 | The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'datef' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2 due to insufficient... |
| CVE-2022-4209 | 2022-12-02 | The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'pointsf' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2 due to insufficient... |
| CVE-2022-4210 | 2022-12-02 | The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'dnf' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2 due to insufficient... |
| CVE-2022-4211 | 2022-12-02 | The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'emailf' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2 due to insufficient... |
| CVE-2022-4212 | 2022-12-02 | The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'ipf' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2 due to insufficient... |
| CVE-2022-4217 | 2022-12-02 | The Chained Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'api_key' parameter in versions up to, and including, 1.3.2.2 due to insufficient input sanitization and output... |
| CVE-2022-4216 | 2022-12-02 | The Chained Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'facebook_appid' parameter in versions up to, and including, 1.3.2.2 due to insufficient input sanitization and output... |
| CVE-2022-23465 | 2022-12-02 | SwiftTerm vulnerable to arbitrary command execution |
| CVE-2022-4273 | 2022-12-03 | SourceCodester Human Resource Management System Content-Type employee.php unrestricted upload |
| CVE-2022-4277 | 2022-12-03 | Shaoxing Background Management System Bd sql injection |
| CVE-2022-4278 | 2022-12-03 | SourceCodester Human Resource Management System employeeadd.php sql injection |
| CVE-2022-4279 | 2022-12-03 | SourceCodester Human Resource Management System employeeview.php cross site scripting |
| CVE-2021-37533 | 2022-12-03 | Apache Commons Net's FTP client trusts the host from PASV response by default |
| CVE-2022-3491 | 2022-12-03 | Heap-based Buffer Overflow in vim/vim |
| CVE-2022-4272 | 2022-12-03 | FeMiner wms unrestricted upload |
| CVE-2022-4274 | 2022-12-03 | House Rental System view-property.php sql injection |
| CVE-2022-4275 | 2022-12-03 | House Rental System POST Request search-property.php sql injection |
| CVE-2022-4276 | 2022-12-03 | House Rental System POST Request tenant-engine.php unrestricted upload |
| CVE-2022-4280 | 2022-12-03 | Dot Tech Smart Campus System findUser information disclosure |
| CVE-2022-35507 | 2022-12-04 | A response-header CRLF injection vulnerability in the Proxmox Virtual Environment (PVE) and Proxmox Mail Gateway (PMG) web interface allows a remote attacker to set cookies for a victim's browser that... |
| CVE-2022-35508 | 2022-12-04 | Proxmox Virtual Environment (PVE) and Proxmox Mail Gateway (PMG) are vulnerable to SSRF when proxying HTTP requests between pve(pmg)proxy and pve(pmg)daemon. An attacker with an unprivileged account can craft an... |
| CVE-2022-46391 | 2022-12-04 | AWStats 7.x through 7.8 allows XSS in the hostinfo plugin due to printing a response from Net::XWhois without proper checks. |
| CVE-2022-46405 | 2022-12-04 | Mastodon through 4.0.2 allows attackers to cause a denial of service (large Sidekiq pull queue) by creating bot accounts that follow attacker-controlled accounts on certain other servers associated with a... |
| CVE-2022-46410 | 2022-12-04 | An issue was discovered in Veritas NetBackup Flex Scale through 3.0. An attacker with non-root privileges may escalate privileges to root by using specific commands. |
| CVE-2022-46411 | 2022-12-04 | An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. A default password is persisted after installation and may be discovered and used to... |
| CVE-2022-46412 | 2022-12-04 | An issue was discovered in Veritas NetBackup Flex Scale through 3.0. A non-privileged user may escape a restricted shell and execute privileged commands. |
| CVE-2022-46413 | 2022-12-04 | An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. Authenticated remote command execution can occur via the management portal. |
| CVE-2022-46414 | 2022-12-04 | An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. Unauthenticated remote command execution can occur via the management portal. |
| CVE-2022-40968 | 2022-12-04 | WordPress 2kb Amazon Affiliates Store Plugin <= 2.1.5 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2022-35730 | 2022-12-04 | WordPress Oceanwp sticky header plugin <= 1.0.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-30122 | 2022-12-05 | A possible denial of service vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 in the multipart parsing component of Rack. |
| CVE-2022-30123 | 2022-12-05 | A sequence injection vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 which could allow is a possible shell escape in the Lint and CommonLogger components of Rack. |
| CVE-2022-32221 | 2022-12-05 | When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle... |
| CVE-2022-35258 | 2022-12-05 | An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions... |
| CVE-2022-35260 | 2022-12-05 | curl can be told to parse a `.netrc` file for credentials. If that file endsin a line with 4095 consecutive non-white space letters and no newline, curlwould first read past... |
| CVE-2022-37783 | 2022-12-05 | All Craft CMS versions between 3.0.0 and 3.7.32 disclose password hashes of users who authenticate using their E-Mail address or username in Anti-CSRF-Tokens. Craft CMS uses a cookie called CRAFT_CSRF_TOKEN... |
| CVE-2021-34181 | 2022-12-05 | Cross Site Scripting (XSS) vulnerability in TomExam 3.0 via p_name parameter to list.thtml. |
| CVE-2021-39434 | 2022-12-05 | A default username and password for an administrator account was discovered in ZKTeco ZKTime 10.0 through 11.1.0, builds 20180901, 20190510.1, 20200309.3, 20200930, 20201231, and 20210220. |
| CVE-2022-23143 | 2022-12-05 | ZTE OTCP product is impacted by a permission and access control vulnerability. Due to improper permission settings, an attacker with high permissions could use this vulnerability to maliciously delete and... |
| CVE-2022-27773 | 2022-12-05 | A privilege escalation vulnerability is identified in Ivanti EPM (LANDesk Management Suite) that allows a user to execute commands with elevated privileges. |
| CVE-2022-32224 | 2022-12-05 | A possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record < 7.0.3.1, <6.1.6.1, <6.0.5.1 and <5.2.8.1 which could allow an attacker, that can manipulate data... |
| CVE-2022-32594 | 2022-12-05 | In widevine, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2022-32596 | 2022-12-05 | In widevine, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2022-32597 | 2022-12-05 | In widevine, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2022-32598 | 2022-12-05 | In widevine, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2022-32619 | 2022-12-05 | In keyinstall, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2022-32620 | 2022-12-05 | In mpu, there is a possible memory corruption due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not... |
| CVE-2022-32621 | 2022-12-05 | In isp, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction... |
| CVE-2022-32622 | 2022-12-05 | In gz, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is... |
| CVE-2022-32624 | 2022-12-05 | In throttling, there is a possible out of bounds write due to an incorrect calculation of buffer size. This could lead to local escalation of privilege with System execution privileges... |
| CVE-2022-32625 | 2022-12-05 | In display, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2022-32626 | 2022-12-05 | In display, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2022-32628 | 2022-12-05 | In isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2022-32629 | 2022-12-05 | In isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2022-32630 | 2022-12-05 | In throttling, there is a possible out of bounds write due to an incorrect calculation of buffer size. This could lead to local escalation of privilege with System execution privileges... |
| CVE-2022-32631 | 2022-12-05 | In Wi-Fi, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction... |
| CVE-2022-32632 | 2022-12-05 | In Wi-Fi, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction... |
| CVE-2022-32633 | 2022-12-05 | In Wi-Fi, there is a possible memory access violation due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is... |
| CVE-2022-32634 | 2022-12-05 | In ccci, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction... |
| CVE-2022-35254 | 2022-12-05 | An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions... |
| CVE-2022-35255 | 2022-12-05 | A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource() in SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc. There are two problems with this: 1) It does... |
| CVE-2022-35256 | 2022-12-05 | The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling. |
| CVE-2022-35259 | 2022-12-05 | XML Injection with Endpoint Manager 2022. 3 and below causing a download of a malicious file to run and possibly execute to gain unauthorized privileges. |
| CVE-2022-37325 | 2022-12-05 | In Sangoma Asterisk through 16.28.0, 17.x and 18.x through 18.14.0, and 19.x through 19.6.0, an incoming Setup message to addons/ooh323c/src/ooq931.c with a malformed Calling or Called Party IE can cause... |
| CVE-2022-38336 | 2022-12-05 | An access control issue in MobaXterm before v22.1 allows attackers to make connections to the server via the SSH or SFTP protocols without authentication. |
| CVE-2022-38337 | 2022-12-05 | When aborting a SFTP connection, MobaXterm before v22.1 sends a hardcoded password to the server. The server treats this as an invalid login attempt which can result in a Denial... |
| CVE-2022-40918 | 2022-12-05 | Buffer overflow in firmware lewei_cam binary version 2.0.10 in Force 1 Discovery Wifi U818A HD+ FPV Drone allows attacker to gain remote code execution as root user via a specially... |
| CVE-2022-41642 | 2022-12-05 | OS command injection vulnerability in Nadesiko3 (PC Version) v3.3.61 and earlier allows a remote attacker to execute an arbitrary OS command when processing compression and decompression on the product. |
| CVE-2022-41777 | 2022-12-05 | Improper check or handling of exceptional conditions vulnerability in Nako3edit, editor component of nadesiko3 (PC Version) v3.3.74 and earlier allows a remote attacker to inject an invalid value to decodeURIComponent... |
| CVE-2022-41798 | 2022-12-05 | Session information easily guessable vulnerability exists in Kyocera Document Solutions MFPs and printers, which may allow a network-adjacent attacker to log in to the product by spoofing a user with... |