CVE List - 2022 / December
Showing 401 - 500 of 2356 CVEs for December 2022 (Page 5 of 24)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-45550 | 2022-12-07 | AyaCMS 3.1.2 is vulnerable to Remote Code Execution (RCE). |
| CVE-2022-45915 | 2022-12-07 | ILIAS before 7.16 allows OS Command Injection. |
| CVE-2022-45916 | 2022-12-07 | ILIAS before 7.16 allows XSS. |
| CVE-2022-45917 | 2022-12-07 | ILIAS before 7.16 has an Open Redirect. |
| CVE-2022-46682 | 2022-12-07 | Jenkins Plot Plugin 2.1.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. |
| CVE-2022-46683 | 2022-12-07 | Jenkins Google Login Plugin 1.4 through 1.6 (both inclusive) improperly determines that a redirect URL after login is legitimately pointing to Jenkins. |
| CVE-2022-46684 | 2022-12-07 | Jenkins Checkmarx Plugin 2022.3.3 and earlier does not escape values returned from the Checkmarx service API before inserting them into HTML reports, resulting in a stored cross-site scripting (XSS) vulnerability. |
| CVE-2022-46685 | 2022-12-07 | In Jenkins Gitea Plugin 1.4.4 and earlier, the implementation of Gitea personal access tokens did not support credentials masking, potentially exposing them through the build log. |
| CVE-2022-46686 | 2022-12-07 | Jenkins Custom Build Properties Plugin 2.79.vc095ccc85094 and earlier does not escape property values and build display names on the Custom Build Properties and Build Summary pages, resulting in a stored... |
| CVE-2022-46687 | 2022-12-07 | Jenkins Spring Config Plugin 2.0.0 and earlier does not escape build display names shown on the Spring Config view, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers... |
| CVE-2022-46688 | 2022-12-07 | A cross-site request forgery (CSRF) vulnerability in Jenkins Sonar Gerrit Plugin 377.v8f3808963dc5 and earlier allows attackers to have Jenkins connect to Gerrit servers (previously configured by Jenkins administrators) using attacker-specified... |
| CVE-2022-46770 | 2022-12-07 | qubes-mirage-firewall (aka Mirage firewall for QubesOS) 0.8.x through 0.8.3 allows guest OS users to cause a denial of service (CPU consumption and loss of forwarding) via a crafted multicast UDP... |
| CVE-2022-41622 | 2022-12-07 | iControl SOAP vulnerability |
| CVE-2022-41800 | 2022-12-07 | Appliance mode iControl REST vulnerability |
| CVE-2022-46741 | 2022-12-07 | Out-of-bounds read in gather_tree in PaddlePaddle before 2.4. |
| CVE-2022-46742 | 2022-12-07 | Code injection in paddle.audio.functional.get_window in PaddlePaddle 2.4.0-rc0 allows arbitrary code execution. |
| CVE-2022-45910 | 2022-12-07 | Apache ManifoldCF: LDAP Injection Vulnerability - ActiveDirectory Authorities |
| CVE-2022-3641 | 2022-12-07 | Elevation of privilege in the Azure SQL Data Source in Devolutions Remote Desktop Manager 2022.3.13 to 2022.3.24 allows an authenticated user to spoof a privileged account. |
| CVE-2022-41720 | 2022-12-07 | Restricted file access on Windows in os and net/http |
| CVE-2020-36565 | 2022-12-07 | Directory traversal on Windows in github.com/labstack/echo/v4 |
| CVE-2022-41735 | 2022-12-07 | IBM Business Process Manager cross-site scripting |
| CVE-2022-20686 | 2022-12-07 | Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to execute arbitrary code on... |
| CVE-2022-20687 | 2022-12-07 | Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to execute arbitrary code on... |
| CVE-2022-20688 | 2022-12-07 | A vulnerability in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to execute arbitrary code on an affected... |
| CVE-2022-20689 | 2022-12-07 | Multiple vulnerabilities in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, adjacent attacker to cause Cisco Discovery Protocol memory corruption... |
| CVE-2022-20690 | 2022-12-07 | Multiple vulnerabilities in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, adjacent attacker to cause Cisco Discovery Protocol memory corruption... |
| CVE-2022-20691 | 2022-12-07 | A vulnerability in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Adaptive Telephone Adapter firmware could allow an unauthenticated, adjacent attacker to cause a DoS condition of an... |
| CVE-2022-43581 | 2022-12-07 | IBM Content Navigator code execution |
| CVE-2022-23486 | 2022-12-07 | libp2p-rust denial of service vulnerability from lack of resource management |
| CVE-2022-23487 | 2022-12-07 | libp2p denial of service vulnerability from lack of resource management |
| CVE-2022-23491 | 2022-12-07 | Removal of TrustCor root certificate |
| CVE-2022-23471 | 2022-12-07 | containerd CRI stream server: Host memory exhaustion through terminal resize goroutine leak |
| CVE-2022-2002 | 2022-12-07 | GE CIMPLICITY Untrusted Pointer Dereference |
| CVE-2022-2948 | 2022-12-07 | GE CIMPLICITY Heap-based Buffer Overflow |
| CVE-2022-2952 | 2022-12-07 | GE CIMPLICITY Access of Uninitialized Pointer |
| CVE-2022-3084 | 2022-12-07 | GE CIMPLICITY Access of Uninitialized Pointer |
| CVE-2022-3092 | 2022-12-07 | GE CIMPLICITY Out-of-bounds Write |
| CVE-2022-4291 | 2022-12-07 | Aswjsflt.dll in Avast Antivirus windows caused a crash of the Mozilla Firefox browser due to heap corruption |
| CVE-2022-41802 | 2022-12-08 | Kernel subsystem in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGetres. |
| CVE-2022-4353 | 2022-12-08 | LinZhaoguan pb-cms IpUtil.getIpAddr cross site scripting |
| CVE-2022-44455 | 2022-12-08 | The appspawn and nwebspawn services were found to be vulnerable to buffer overflow vulnerability due to insufficient input validation. |
| CVE-2022-45118 | 2022-12-08 | Telephony in communication subsystem sends public events with personal data, but the permission is not set. |
| CVE-2022-45877 | 2022-12-08 | PIN code is transmitted to the peer device in plain text during cross-device authentication, which reduces the difficulty of man-in-the-middle attacks. |
| CVE-2020-36609 | 2022-12-08 | annyshow DuxCMS Article edit cross site scripting |
| CVE-2020-36610 | 2022-12-08 | annyshow DuxCMS cross-site request forgery |
| CVE-2022-3260 | 2022-12-08 | The response header has not enabled X-FRAME-OPTIONS, Which helps prevents against Clickjacking attack.. Some browsers would interpret these results incorrectly, allowing clickjacking attacks. |
| CVE-2022-3262 | 2022-12-08 | A flaw was found in Openshift. A pod with a DNSPolicy of "ClusterFirst" may incorrectly resolve the hostname based on a service provided. This flaw allows an attacker to supply... |
| CVE-2022-33186 | 2022-12-08 | A vulnerability in Brocade Fabric OS software v9.1.1, v9.0.1e, v8.2.3c, v7.4.2j, and earlier versions could allow a remote unauthenticated attacker to execute on a Brocade Fabric OS switch commands capable... |
| CVE-2022-37916 | 2022-12-08 | Broken Access Control for some Web-based Management URLs in AirWave Management Platform |
| CVE-2022-37917 | 2022-12-08 | Broken Access Control for some Web-based Management URLs in AirWave Management Platform |
| CVE-2022-37918 | 2022-12-08 | Broken Access Control for some Web-based Management URLs in AirWave Management Platform |
| CVE-2022-38599 | 2022-12-08 | Teleport v3.2.2, Teleport v3.5.6-rc6, and Teleport v3.6.3-b2 was discovered to contain an information leak via the /user/get-role-list web interface. |
| CVE-2022-38754 | 2022-12-08 | CVE-2022-38754 - Micro Focus Operations Bridge Manager and OpsBridge Containerized - Cross Site Scripting (XSS) |
| CVE-2022-38765 | 2022-12-08 | Canon Medical Informatics Vitrea Vision 7.7.76.1 does not adequately enforce access controls. An authenticated user is able to gain unauthorized access to imaging records by tampering with the vitrea-view/studies/search patientId... |
| CVE-2022-39894 | 2022-12-08 | Improper access control vulnerability in ContactListStartActivityHelper in Phone prior to SMR Dec-2022 Release 1 allows to access sensitive information via implicit intent. |
| CVE-2022-39895 | 2022-12-08 | Improper access control vulnerability in ContactListUtils in Phone prior to SMR Dec-2022 Release 1 allows to access contact group information via implicit intent. |
| CVE-2022-39896 | 2022-12-08 | Improper access control vulnerabilities in Contacts prior to SMR Dec-2022 Release 1 allows to access sensitive information via implicit intent. |
| CVE-2022-39897 | 2022-12-08 | Exposure of Sensitive Information vulnerability in kernel prior to SMR Dec-2022 Release 1 allows attackers to access the kernel address information via log. |
| CVE-2022-39898 | 2022-12-08 | Improper access control vulnerability in IIccPhoneBook prior to SMR Dec-2022 Release 1 allows attackers to access some information of usim. |
| CVE-2022-39899 | 2022-12-08 | Improper authentication vulnerability in Samsung WindowManagerService prior to SMR Dec-2022 Release 1 allows attacker to send the input event using S Pen gesture. |
| CVE-2022-39900 | 2022-12-08 | Improper access control vulnerability in Nice Catch prior to SMR Dec-2022 Release 1 allows physical attackers to access contents of all toast generated in the application installed in Secure Folder... |
| CVE-2022-39901 | 2022-12-08 | Improper authentication in Exynos baseband prior to SMR DEC-2022 Release 1 allows remote attacker to disable the network traffic encryption between UE and gNodeB. |
| CVE-2022-39902 | 2022-12-08 | Improper authorization in Exynos baseband prior to SMR DEC-2022 Release 1 allows remote attacker to get sensitive information including IMEI via emergency call. |
| CVE-2022-39903 | 2022-12-08 | Improper access control vulnerability in RCS call prior to SMR Dec-2022 Release 1 allows local attackers to access RCS incoming call number. |
| CVE-2022-39904 | 2022-12-08 | Exposure of Sensitive Information vulnerability in Samsung Settings prior to SMR Dec-2022 Release 1 allows local attackers to access the Network Access Identifier via log. |
| CVE-2022-39905 | 2022-12-08 | Implicit intent hijacking vulnerability in Telecom application prior to SMR Dec-2022 Release 1 allows attacker to access sensitive information via implicit intent. |
| CVE-2022-39906 | 2022-12-08 | Improper access control vulnerability in SecTelephonyProvider prior to SMR Dec-2022 Release 1 allows attackers to access message information. |
| CVE-2022-39907 | 2022-12-08 | Integer overflow vulnerability in Samsung decoding library for video thumbnails prior to SMR Dec-2022 Release 1 allows local attacker to perform Out-Of-Bounds Write. |
| CVE-2022-39908 | 2022-12-08 | TOCTOU vulnerability in Samsung decoding library for video thumbnails prior to SMR Dec-2022 Release 1 allows local attacker to perform Out-Of-Bounds Write. |
| CVE-2022-39909 | 2022-12-08 | Insufficient verification of data authenticity vulnerability in Samsung Gear IconX PC Manager prior to version 2.1.221019.51 allows local attackers to create arbitrary file using symbolic link. |
| CVE-2022-39910 | 2022-12-08 | Improper access control vulnerability in Samsung Pass prior to version 4.0.06.7 allow physical attackers to access data of Samsung Pass on a certain state of an unlocked device using pop-up... |
| CVE-2022-39911 | 2022-12-08 | Improper check or handling of exceptional conditions vulnerability in Samsung Pass prior to version 4.0.06.1 allows attacker to access Samsung Pass. |
| CVE-2022-39912 | 2022-12-08 | Improper handling of insufficient permissions vulnerability in setSecureFolderPolicy in PersonaManagerService prior to Android T(13) allows local attackers to set some setting value in Secure folder. |
| CVE-2022-39913 | 2022-12-08 | Exposure of Sensitive Information to an Unauthorized Actor in Persona Manager prior to Android T(13) allows local attacker to access user profiles information. |
| CVE-2022-39914 | 2022-12-08 | Exposure of Sensitive Information from an Unauthorized Actor vulnerability in Samsung DisplayManagerService prior to Android T(13) allows local attacker to access connected DLNA device information. |
| CVE-2022-39915 | 2022-12-08 | Improper access control vulnerability in Calendar prior to versions 11.6.08.0 in Android Q(10), 12.2.11.3000 in Android R(11), 12.3.07.2000 in Android S(12), and 12.4.02.0 in Android T(13) allows attackers to access... |
| CVE-2022-40939 | 2022-12-08 | In certain Secustation products the administrator account password can be read. This affects V2.5.5.3116-S50-SMA-B20171107A, V2.3.4.1301-M20-TSA-B20150617A, V2.5.5.3116-S50-RXA-B20180502A, V2.5.5.3116-S50-SMA-B20190723A, V2.5.5.3116-S50-SMB-B20161012A, V2.3.4.2103-S50-NTD-B20170508B, V2.5.5.3116-S50-SMB-B20160601A, V2.5.5.2601-S50-TSA-B20151229A, and V2.5.5.3116-S50-SMA-B20170217. |
| CVE-2022-4122 | 2022-12-08 | A vulnerability was found in buildah. Incorrect following of symlinks while reading .containerignore and .dockerignore results in information disclosure. |
| CVE-2022-4123 | 2022-12-08 | A flaw was found in Buildah. The local path and the lowest subdirectory may be disclosed due to incorrect absolute path traversal, resulting in an impact to confidentiality. |
| CVE-2022-4347 | 2022-12-08 | xiandafu beetl-bbs WebUtils.java cross site scripting |
| CVE-2022-4348 | 2022-12-08 | y_project RuoYi-Cloud JSON cross site scripting |
| CVE-2022-4349 | 2022-12-08 | CTF-hacker pwn delete.html cross-site request forgery |
| CVE-2022-4350 | 2022-12-08 | Mingsoft MCMS search.do cross site scripting |
| CVE-2022-4354 | 2022-12-08 | LinZhaoguan pb-cms Message Board comment cross site scripting |
| CVE-2022-4364 | 2022-12-08 | Teledyne FLIR AX8 Web Service palette.php command injection |
| CVE-2022-4366 | 2022-12-08 | Missing Authorization in lirantal/daloradius |
| CVE-2022-44931 | 2022-12-08 | Tenda A18 v15.13.07.09 was discovered to contain a stack overflow via the security_5g parameter at /goform/WifiBasicSet. |
| CVE-2022-44932 | 2022-12-08 | An access control issue in Tenda A18 v15.13.07.09 allows unauthenticated attackers to access the Telnet service. |
| CVE-2022-44938 | 2022-12-08 | Weak reset token generation in SeedDMS v6.0.20 and v5.1.7 allows attackers to execute a full account takeover via a brute force attack. |
| CVE-2022-45497 | 2022-12-08 | Tenda W6-S v1.0.0.4(510) was discovered to contain a command injection vulnerability in the tpi_get_ping_output function at /goform/exeCommand. |
| CVE-2022-45498 | 2022-12-08 | An issue in the component tpi_systool_handle(0) (/goform/SysToolReboot) of Tenda W6-S v1.0.0.4(510) allows unauthenticated attackers to arbitrarily reboot the device. |
| CVE-2022-45499 | 2022-12-08 | Tenda W6-S v1.0.0.4(510) was discovered to contain a stack overflow via the wl_radio parameter at /goform/WifiMacFilterGet. |
| CVE-2022-45501 | 2022-12-08 | Tenda W6-S v1.0.0.4(510) was discovered to contain a stack overflow via the wl_radio parameter at /goform/wifiSSIDset. |
| CVE-2022-45503 | 2022-12-08 | Tenda W6-S v1.0.0.4(510) was discovered to contain a stack overflow via the linkEn parameter at /goform/setAutoPing. |
| CVE-2022-45504 | 2022-12-08 | An issue in the component tpi_systool_handle(0) (/goform/SysToolRestoreSet) of Tenda W6-S v1.0.0.4(510) allows unauthenticated attackers to arbitrarily reboot the device. |
| CVE-2022-45505 | 2022-12-08 | Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the cmdinput parameter at /goform/exeCommand. |
| CVE-2022-45506 | 2022-12-08 | Tenda W30E v1.0.1.25(633) was discovered to contain a command injection vulnerability via the fileNameMit parameter at /goform/delFileName. |
| CVE-2022-45507 | 2022-12-08 | Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the editNameMit parameter at /goform/editFileName. |
| CVE-2022-45508 | 2022-12-08 | Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the new_account parameter at /goform/editUserName. |
| CVE-2022-45509 | 2022-12-08 | Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the account parameter at /goform/addUserName. |