CVE List - 2022 / December
Showing 301 - 400 of 2356 CVEs for December 2022 (Page 4 of 24)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-42762 | 2022-12-06 | In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. |
| CVE-2022-42763 | 2022-12-06 | In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. |
| CVE-2022-42764 | 2022-12-06 | In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. |
| CVE-2022-42765 | 2022-12-06 | In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. |
| CVE-2022-42766 | 2022-12-06 | In wlan driver, there is a possible missing permission check, This could lead to local information disclosure. |
| CVE-2022-42767 | 2022-12-06 | In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. |
| CVE-2022-42768 | 2022-12-06 | In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. |
| CVE-2022-42769 | 2022-12-06 | In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. |
| CVE-2022-42770 | 2022-12-06 | In wlan driver, there is a race condition, This could lead to local denial of service in wlan services. |
| CVE-2022-42771 | 2022-12-06 | In wlan driver, there is a race condition, This could lead to local denial of service in wlan services. |
| CVE-2022-42772 | 2022-12-06 | In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. |
| CVE-2022-42773 | 2022-12-06 | In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. |
| CVE-2022-42774 | 2022-12-06 | In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. |
| CVE-2022-42775 | 2022-12-06 | In camera driver, there is a possible memory corruption due to improper locking. This could lead to local denial of service in kernel. |
| CVE-2022-42776 | 2022-12-06 | In UscAIEngine service, there is a missing permission check. This could lead to set up UscAIEngine service with no additional execution privileges needed. |
| CVE-2022-42777 | 2022-12-06 | In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. |
| CVE-2022-42778 | 2022-12-06 | In windows manager service, there is a missing permission check. This could lead to set up windows manager service with no additional execution privileges needed. |
| CVE-2022-42779 | 2022-12-06 | In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. |
| CVE-2022-42780 | 2022-12-06 | In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. |
| CVE-2022-42781 | 2022-12-06 | In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. |
| CVE-2022-42782 | 2022-12-06 | In wlan driver, there is a possible missing permission check, This could lead to local information disclosure. |
| CVE-2022-4296 | 2022-12-06 | TP-Link TL-WR740N ARP resource consumption |
| CVE-2022-4300 | 2022-12-06 | FastCMS Template edit injection |
| CVE-2022-4314 | 2022-12-06 | Improper Privilege Management in ikus060/rdiffweb |
| CVE-2022-43369 | 2022-12-06 | AutoTaxi Stand Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component search.php. |
| CVE-2022-44030 | 2022-12-06 | Redmine 5.x before 5.0.4 allows downloading of file attachments of any Issue or any Wiki page due to insufficient permission checks. Depending on the configuration, this may require login as... |
| CVE-2022-44289 | 2022-12-06 | Thinkphp 5.1.41 and 5.0.24 has a code logic error which causes file upload getshell. |
| CVE-2022-44900 | 2022-12-06 | A directory traversal vulnerability in the SevenZipFile.extractall() function of the python library py7zr v0.20.0 and earlier allows attackers to write arbitrary files via extracting a crafted 7z file. |
| CVE-2022-45326 | 2022-12-06 | An XML external entity (XXE) injection vulnerability in Kwoksys Kwok Information Server before v2.9.5.SP31 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks. |
| CVE-2022-45548 | 2022-12-06 | AyaCMS v3.1.2 has an Arbitrary File Upload vulnerability. |
| CVE-2022-46382 | 2022-12-06 | RackN Digital Rebar through 4.6.14, 4.7 through 4.7.22, 4.8 through 4.8.5, 4.9 through 4.9.12, and 4.10 through 4.10.8 has Insecure Permissions. After signing into Digital Rebar, users are issued authentication... |
| CVE-2022-46383 | 2022-12-06 | RackN Digital Rebar through 4.6.14, 4.7 through 4.7.22, 4.8 through 4.8.5, 4.9 through 4.9.12, and 4.10 through 4.10.8 has exposed a privileged token via a public API endpoint (Incorrect Access... |
| CVE-2022-46151 | 2022-12-06 | Reflected XSS |
| CVE-2022-34881 | 2022-12-06 | Information Exposure Vulnerability in JP1/Automatic Operation |
| CVE-2022-40209 | 2022-12-06 | WP Smart Import plugin <= 1.0.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2022-38123 | 2022-12-06 | Insufficient validation of plugin files |
| CVE-2022-35843 | 2022-12-06 | An authentication bypass by assumed-immutable data vulnerability [CWE-302] in the FortiOS SSH login component 7.2.0, 7.0.0 through 7.0.7, 6.4.0 through 6.4.9, 6.2 all versions, 6.0 all versions and FortiProxy SSH... |
| CVE-2022-40680 | 2022-12-06 | A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiOS 6.0.7 - 6.0.15, 6.2.2 - 6.2.12, 6.4.0 - 6.4.9 and 7.0.0 - 7.0.3 allows a privileged... |
| CVE-2022-30305 | 2022-12-06 | An insufficient logging [CWE-778] vulnerability in FortiSandbox versions 4.0.0 to 4.0.2, 3.2.0 to 3.2.3 and 3.1.0 to 3.1.5 and FortiDeceptor versions 4.2.0, 4.1.0 through 4.1.1, 4.0.0 through 4.0.2, 3.3.0 through... |
| CVE-2022-38379 | 2022-12-06 | Improper neutralization of input during web page generation [CWE-79] in FortiSOAR 7.0.0 through 7.0.3 and 7.2.0 may allow an authenticated attacker to inject HTML tags via input fields of various... |
| CVE-2022-33876 | 2022-12-06 | Multiple instances of improper input validation vulnerability in Fortinet FortiADC version 7.1.0, version 7.0.0 through 7.0.2 and version 6.2.4 and below allows an authenticated attacker to retrieve files with specific... |
| CVE-2022-33875 | 2022-12-06 | An improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerability in Fortinet FortiADC version 7.1.0, version 7.0.0 through 7.0.2 and version 6.2.4 and below allows an... |
| CVE-2022-23472 | 2022-12-06 | Use of insecure random number generator in Passeo |
| CVE-2022-23470 | 2022-12-06 | Arbitrary file access in the Galaxy data analysis platform |
| CVE-2022-34361 | 2022-12-06 | IBM Sterling Secure Proxy information disclosure |
| CVE-2022-23466 | 2022-12-06 | DOM-based cross-site scripting (XSS) in teler dashboard |
| CVE-2022-46154 | 2022-12-06 | Arbitrary file access in KodExplorer |
| CVE-2022-43867 | 2022-12-06 | IBM Spectrum Scale command execution |
| CVE-2022-46161 | 2022-12-06 | Code injection in pdfmake |
| CVE-2022-23475 | 2022-12-06 | dalorRadius full account take over |
| CVE-2022-46332 | 2022-12-06 | Proofpoint Enterprise Protection (PPS/PoD) XSS in "Attachment Names" |
| CVE-2022-46333 | 2022-12-06 | Proofpoint Enterprise Protection perl eval() arbitrary command execution |
| CVE-2022-45359 | 2022-12-06 | WordPress YITH WooCommerce Gift Cards Premium Plugin <= 3.19.0 is vulnerable to Arbitrary File Upload |
| CVE-2022-42888 | 2022-12-06 | WordPress ARMember Plugin <= 5.5.1 is vulnerable to Privilege Escalation |
| CVE-2022-45848 | 2022-12-06 | WordPress Contest Gallery Plugin <= 13.1.0.9 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2022-45816 | 2022-12-06 | WordPress GD bbPress Attachments Plugin <= 4.3.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2022-45833 | 2022-12-06 | WordPress Easy WP SMTP Plugin <= 1.5.1 is vulnerable to Directory Traversal |
| CVE-2022-45829 | 2022-12-06 | WordPress Easy WP SMTP Plugin <= 1.5.1 is vulnerable to Arbitrary File Deletion |
| CVE-2022-42699 | 2022-12-06 | WordPress Easy WP SMTP Plugin <= 1.5.1 is vulnerable to Remote Code Execution (RCE) |
| CVE-2022-3643 | 2022-12-07 | Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds... |
| CVE-2022-45918 | 2022-12-07 | ILIAS before 7.16 allows External Control of File Name or Path. |
| CVE-2022-34840 | 2022-12-07 | Use of hard-coded credentials vulnerability in multiple Buffalo network devices allows a network-adjacent attacker to alter?configuration settings of the device. The affected products/versions are as follows: WZR-300HP firmware Ver. 2.00... |
| CVE-2022-37406 | 2022-12-07 | Cross-site scripting vulnerability in Aficio SP 4210N firmware versions prior to Web Support 1.05 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script. |
| CVE-2022-39044 | 2022-12-07 | Hidden functionality vulnerability in multiple Buffalo network devices allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command. The affected products/versions are as follows: WCR-300 firmware... |
| CVE-2022-40966 | 2022-12-07 | Authentication bypass vulnerability in multiple Buffalo network devices allows a network-adjacent attacker to bypass authentication and access the device. The affected products/versions are as follows: WCR-300 firmware Ver. 1.87 and... |
| CVE-2022-41783 | 2022-12-07 | tdpServer of TP-Link RE300 V1 improperly processes its input, which may allow an attacker to cause a denial-of-service (DoS) condition of the product's OneMesh function. |
| CVE-2022-41994 | 2022-12-07 | Stored cross-site scripting vulnerability in Permission Settings of baserCMS versions prior to 4.7.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script. |
| CVE-2022-42328 | 2022-12-07 | Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced... |
| CVE-2022-42329 | 2022-12-07 | Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced... |
| CVE-2022-42458 | 2022-12-07 | Authentication bypass using an alternate path or channel vulnerability in bingo!CMS version1.7.4.1 and earlier allows a remote unauthenticated attacker to upload an arbitrary file. As a result, an arbitrary script... |
| CVE-2022-42486 | 2022-12-07 | Stored cross-site scripting vulnerability in User group management of baserCMS versions prior to 4.7.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script. |
| CVE-2022-4261 | 2022-12-07 | Rapid7 Nexpose Update Validation Issue |
| CVE-2022-4322 | 2022-12-07 | maku-boot Scheduled Task AbstractScheduleJob.java doExecute injection |
| CVE-2022-4341 | 2022-12-07 | csliuwy coder-chain_gdut cross site scripting |
| CVE-2022-43464 | 2022-12-07 | Hidden functionality vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71x10.1.107112.43A and earlier allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings. |
| CVE-2022-43468 | 2022-12-07 | External initialization of trusted variables or data stores vulnerability exists in WordPress Popular Posts 6.0.5 and earlier, therefore the vulnerable product accepts untrusted external inputs to update certain internal variables.... |
| CVE-2022-43508 | 2022-12-07 | Use-after free vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. |
| CVE-2022-43509 | 2022-12-07 | Out-of-bounds write vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. |
| CVE-2022-43660 | 2022-12-07 | Improper neutralization of Server-Side Includes (SSW) within a web page in Movable Type series allows a remote authenticated attacker with Privilege of 'Manage of Content Types' may execute an arbitrary... |
| CVE-2022-43667 | 2022-12-07 | Stack-based buffer overflow vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP... |
| CVE-2022-43668 | 2022-12-07 | Typora versions prior to 1.4.4 fails to properly neutralize JavaScript code, which may result in executing JavaScript code contained in the file when opening a file with the affected product. |
| CVE-2022-44153 | 2022-12-07 | Rapid Software LLC Rapid SCADA 5.8.4 is vulnerable to Cross Site Scripting (XSS). |
| CVE-2022-44351 | 2022-12-07 | Skycaiji v2.5.1 was discovered to contain a deserialization vulnerability via /SkycaijiApp/admin/controller/Mystore.php. |
| CVE-2022-44361 | 2022-12-07 | An issue was discovered in ZZCMS 2022. There is a cross-site scripting (XSS) vulnerability in admin/ad_list.php. |
| CVE-2022-44371 | 2022-12-07 | hope-boot 1.0.0 has a deserialization vulnerability that can cause Remote Code Execution (RCE). |
| CVE-2022-44373 | 2022-12-07 | A stack overflow vulnerability exists in TrendNet Wireless AC Easy-Upgrader TEW-820AP (Version v1.0R, firmware version 1.01.B01) which may result in remote code execution. |
| CVE-2022-44393 | 2022-12-07 | Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=services/view_service&id=. |
| CVE-2022-44606 | 2022-12-07 | OS command injection vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71x10.1.107112.43A and earlier allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings. |
| CVE-2022-44608 | 2022-12-07 | Uncontrolled resource consumption vulnerability in Cybozu Remote Service 4.0.0 to 4.0.3 allows a remote authenticated attacker to consume huge storage space, which may result in a denial-of-service (DoS) condition. |
| CVE-2022-44620 | 2022-12-07 | Improper authentication vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71x10.1.107112.43A and earlier allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings. |
| CVE-2022-44849 | 2022-12-07 | A Cross-Site Request Forgery (CSRF) in the Administrator List of MetInfo v7.7 allows attackers to arbitrarily add Super Administrator account. |
| CVE-2022-44942 | 2022-12-07 | Casdoor before v1.126.1 was discovered to contain an arbitrary file deletion vulnerability via the uploadFile function. |
| CVE-2022-45008 | 2022-12-07 | Online Leave Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /leave_system/admin/?page=maintenance/department. This vulnerability allows attackers to execute arbitrary web scripts or HTML... |
| CVE-2022-45009 | 2022-12-07 | Online Leave Management System v1.0 was discovered to contain an arbitrary file upload vulnerability at /leave_system/classes/SystemSettings.php?f=update_settings. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. |
| CVE-2022-45010 | 2022-12-07 | Simple Phone Book/Directory Web App v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter at /PhoneBook/edit.php. |
| CVE-2022-45025 | 2022-12-07 | Markdown Preview Enhanced v0.6.5 and v0.19.6 for VSCode and Atom was discovered to contain a command injection vulnerability via the PDF file import function. |
| CVE-2022-45026 | 2022-12-07 | An issue in Markdown Preview Enhanced v0.6.5 and v0.19.6 for VSCode and Atom allows attackers to execute arbitrary commands during the GFM export process. |
| CVE-2022-45113 | 2022-12-07 | Improper validation of syntactic correctness of input vulnerability exist in Movable Type series. Having a user to access a specially crafted URL may allow a remote unauthenticated attacker to set... |
| CVE-2022-45122 | 2022-12-07 | Cross-site scripting vulnerability in Movable Type Movable Type 7 r.5301 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5301 and earlier (Movable Type Advanced 7 Series), Movable Type... |
| CVE-2022-45217 | 2022-12-07 | A cross-site scripting (XSS) vulnerability in Book Store Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Level parameter under... |