CVE List - 2022 / December
Showing 601 - 700 of 2356 CVEs for December 2022 (Page 7 of 24)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-45043 | 2022-12-12 | Tenda AX12 V22.03.01.16_cn is vulnerable to command injection via goform/fast_setting_internet_set. |
| CVE-2022-45227 | 2022-12-12 | The web portal of Dragino Lora LG01 18ed40 IoT v4.3.4... |
| CVE-2022-45228 | 2022-12-12 | Dragino Lora LG01 18ed40 IoT v4.3.4 was discovered to contain... |
| CVE-2022-45269 | 2022-12-12 | A directory traversal vulnerability in the component SCS.Web.Server.SPI/1.0 of Linx... |
| CVE-2022-45275 | 2022-12-12 | An arbitrary file upload vulnerability in /queuing/admin/ajax.php?action=save_settings of Dynamic Transaction... |
| CVE-2022-45756 | 2022-12-12 | SENS v1.0 is vulnerable to Cross Site Scripting (XSS). |
| CVE-2022-45758 | 2022-12-12 | SENS v1.0 is vulnerable to Cross Site Scripting (XSS) via... |
| CVE-2022-45759 | 2022-12-12 | SENS v1.0 has a file upload vulnerability. |
| CVE-2022-45760 | 2022-12-12 | SENS v1.0 is vulnerable to Incorrect Access Control vulnerability. |
| CVE-2022-45956 | 2022-12-12 | Boa Web Server versions 0.94.13 through 0.94.14 fail to validate... |
| CVE-2022-45957 | 2022-12-12 | ZTE ZXHN-H108NS router with firmware version H108NSV1.0.7u_ZRD_GR2_A68 is vulnerable to... |
| CVE-2022-45968 | 2022-12-12 | Alist v3.4.0 is vulnerable to File Upload. A user with... |
| CVE-2022-45970 | 2022-12-12 | Alist v3.5.1 is vulnerable to Cross Site Scripting (XSS) via... |
| CVE-2022-45977 | 2022-12-12 | Tenda AX12 V22.03.01.21_CN was found to have a command injection... |
| CVE-2022-45979 | 2022-12-12 | Tenda AX12 v22.03.01.21_CN was discovered to contain a stack overflow... |
| CVE-2022-45980 | 2022-12-12 | Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request... |
| CVE-2022-45996 | 2022-12-12 | Tenda W20E V16.01.0.6(3392) is vulnerable to Command injection via cmd_get_ping_output. |
| CVE-2022-45997 | 2022-12-12 | Tenda W20E V16.01.0.6(3392) is vulnerable to Buffer Overflow. |
| CVE-2022-46903 | 2022-12-12 | Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows... |
| CVE-2022-46904 | 2022-12-12 | Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows... |
| CVE-2022-46905 | 2022-12-12 | Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows... |
| CVE-2022-46906 | 2022-12-12 | Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows... |
| CVE-2022-46908 | 2022-12-12 | SQLite through 3.40.0, when relying on --safe for execution of... |
| CVE-2022-24439 | 2022-12-12 | Remote Code Execution (RCE) |
| CVE-2022-2808 | 2022-12-12 | IDOR in Prens Student Information System |
| CVE-2022-25912 | 2022-12-12 | Remote Code Execution (RCE) |
| CVE-2022-2641 | 2022-12-12 | Horner Automation’s RCC 972 with firmware version 15.40 has a... |
| CVE-2022-41559 | 2022-12-12 | TIBCO Nimbus Open Redirect Vulnerability |
| CVE-2022-41560 | 2022-12-12 | TIBCO Nimbus Denial of Service Vulnerability |
| CVE-2022-43515 | 2022-12-12 | X-Forwarded-For header is active by default causes access to Zabbix sites in maintenance mode |
| CVE-2022-43516 | 2022-12-12 | Zabbix Agent installer adds “allow all TCP any any” firewall rule |
| CVE-2022-2640 | 2022-12-12 | The Config-files of Horner Automation’s RCC 972 with firmware version... |
| CVE-2022-2642 | 2022-12-12 | Horner Automation’s RCC 972 firmware version 15.40 contains global variables.... |
| CVE-2022-2807 | 2022-12-12 | SQL Injection in Prens Student Information System |
| CVE-2022-2993 | 2022-12-12 | bt: host: Wrong key validation check |
| CVE-2022-31596 | 2022-12-12 | Under certain conditions, an attacker authenticated as a CMS administrator... |
| CVE-2022-3485 | 2022-12-12 | Weak Password Recovery in ifm moneo appliance |
| CVE-2022-4311 | 2022-12-12 | An insertion of sensitive information into log file vulnerability exists... |
| CVE-2022-4312 | 2022-12-12 | A cleartext storage of sensitive information vulnerability exists in PcVue... |
| CVE-2022-3359 | 2022-12-12 | Shortcodes and extra features for Phlox theme < 2.10.7 - PHP Objection Injection |
| CVE-2022-3908 | 2022-12-12 | Helloprint < 1.4.7 - Reflected Cross-Site Scripting |
| CVE-2022-3882 | 2022-12-12 | WP Memory < 2.46 - Subscriber+ Arbitrary Plugin Installation |
| CVE-2022-4097 | 2022-12-12 | All In One WP Security & Firewall < 5.0.8 - IP Spoofing |
| CVE-2022-3912 | 2022-12-12 | User Registration < 2.2.4.1 - Subscriber+ Arbitrary File Upload |
| CVE-2022-3883 | 2022-12-12 | StopBadBots < 7.24 - Subscriber+ Arbitrary Plugin Installation |
| CVE-2022-3933 | 2022-12-12 | Essential Real Estate < 3.9.6 - Reflected Cross-Site-Scripting |
| CVE-2022-3925 | 2022-12-12 | Buddybadges <= 1.0.0 - Admin+ SQLi |
| CVE-2022-4005 | 2022-12-12 | Donation Button <= 4.0.0 - Contributor+ Stored XSS |
| CVE-2022-3934 | 2022-12-12 | Flat PM < 3.0.13 - Reflected Cross-Site Scripting |
| CVE-2022-3919 | 2022-12-12 | Jetpack CRM < 5.4.3 - Admin+ Cross-Site Scripting |
| CVE-2022-3935 | 2022-12-12 | Welcart e-Commerce < 2.8.4 - Multiple Subscriber+ Stored Cross-Site Scripting |
| CVE-2022-4004 | 2022-12-12 | Donation Button <= 4.0.0 - Subscriber+ Broken Access Control leading to SMS Spam |
| CVE-2022-3915 | 2022-12-12 | Dokan < 3.7.6 - Unauthenticated SQLi |
| CVE-2022-3981 | 2022-12-12 | Icegram Express < 5.5.1 - Subscriber+ SQLi |
| CVE-2022-3853 | 2022-12-12 | Supra CSV <= 4.0.3 - Stored Cross-Site Scripting via CSRF |
| CVE-2022-3605 | 2022-12-12 | WP CSV Exporter < 1.3.7 - CSV Injection |
| CVE-2022-3982 | 2022-12-12 | Booking Calendar < 3.2.2 - Unauthenticated Arbitrary File Upload |
| CVE-2022-3609 | 2022-12-12 | GetYourGuide Ticketing < 1.0.4 - Admin+ Stored XSS |
| CVE-2022-3999 | 2022-12-12 | WooCommerce Shipping - DPD baltic < 1.2.57 - Subscriber+ Arbitrary Options Deletion |
| CVE-2022-4010 | 2022-12-12 | Image Hover Effects < 5.5 - Admin+ Stored XSS |
| CVE-2022-3930 | 2022-12-12 | Directorist < 7.4.2.2 - Subscriber+ Arbitrary User Password Update via IDOR |
| CVE-2022-3906 | 2022-12-12 | Easy Form Builder < 3.4.0 - Admin+ Stored XSS |
| CVE-2022-3879 | 2022-12-12 | Car Dealer < 3.05 - Subscriber+ Arbitrary Plugin Installation |
| CVE-2022-3880 | 2022-12-12 | AntiHacker < 4.20 - Subscriber+ Arbitrary Plugin Installation |
| CVE-2022-3881 | 2022-12-12 | WPTools < 3.43 - Subscriber+ Arbitrary Plugin Installation |
| CVE-2022-3946 | 2022-12-12 | Welcart e-Commerce < 2.8.4 - Subscriber+ Arbitrary Shipping Method Creation/Update/Deletion |
| CVE-2022-4000 | 2022-12-12 | WooCommerce Shipping - DPD baltic < 1.2.11 - Admin+ Stored XSS |
| CVE-2022-3862 | 2022-12-12 | Livemesh Addons for Elementor < 7.2.4 - Admin+ Stored XSS |
| CVE-2022-3989 | 2022-12-12 | Motors - Car Dealer, Classifieds & Listing < 1.4.4 - Arbitrary File Upload |
| CVE-2022-3900 | 2022-12-12 | Cooked Pro < 1.7.5.7 - Unauthenticated PHP Object Injection |
| CVE-2022-3921 | 2022-12-12 | Listingo < 3.2.7 - Unauthenticated Arbitrary File Upload |
| CVE-2022-4016 | 2022-12-12 | Booster for WooCommerce - Custom Role Creation/Deletion via CSRF |
| CVE-2022-41261 | 2022-12-12 | SAP Solution Manager (Diagnostic Agent) - version 7.20, allows an... |
| CVE-2022-41262 | 2022-12-12 | Due to insufficient input validation, SAP NetWeaver AS Java (HTTP... |
| CVE-2022-41263 | 2022-12-12 | Due to a missing authentication check, SAP Business Objects Business... |
| CVE-2019-25078 | 2022-12-13 | pacparser pacparser.c pacparser_find_proxy buffer overflow |
| CVE-2022-24480 | 2022-12-13 | Outlook for Android Elevation of Privilege Vulnerability |
| CVE-2022-26804 | 2022-12-13 | Microsoft Office Graphics Remote Code Execution Vulnerability |
| CVE-2022-26805 | 2022-12-13 | Microsoft Office Graphics Remote Code Execution Vulnerability |
| CVE-2022-26806 | 2022-12-13 | Microsoft Office Graphics Remote Code Execution Vulnerability |
| CVE-2022-41074 | 2022-12-13 | Windows Graphics Component Information Disclosure Vulnerability |
| CVE-2022-41076 | 2022-12-13 | PowerShell Remote Code Execution Vulnerability |
| CVE-2022-41077 | 2022-12-13 | Windows Fax Compose Form Elevation of Privilege Vulnerability |
| CVE-2022-41089 | 2022-12-13 | .NET Framework Remote Code Execution Vulnerability |
| CVE-2022-41094 | 2022-12-13 | Windows Hyper-V Elevation of Privilege Vulnerability |
| CVE-2022-41115 | 2022-12-13 | Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability |
| CVE-2022-41121 | 2022-12-13 | Windows Graphics Component Elevation of Privilege Vulnerability |
| CVE-2022-41127 | 2022-12-13 | Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability |
| CVE-2022-41278 | 2022-12-13 | A vulnerability has been identified in JT2Go (All versions <... |
| CVE-2022-41287 | 2022-12-13 | A vulnerability has been identified in JT2Go (All versions <... |
| CVE-2022-44667 | 2022-12-13 | Windows Media Remote Code Execution Vulnerability |
| CVE-2022-44668 | 2022-12-13 | Windows Media Remote Code Execution Vulnerability |
| CVE-2022-44669 | 2022-12-13 | Windows Error Reporting Elevation of Privilege Vulnerability |
| CVE-2022-44670 | 2022-12-13 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability |
| CVE-2022-44671 | 2022-12-13 | Windows Graphics Component Elevation of Privilege Vulnerability |
| CVE-2022-44673 | 2022-12-13 | Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability |
| CVE-2022-44674 | 2022-12-13 | Windows Bluetooth Driver Information Disclosure Vulnerability |
| CVE-2022-44675 | 2022-12-13 | Windows Bluetooth Driver Elevation of Privilege Vulnerability |
| CVE-2022-44676 | 2022-12-13 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability |
| CVE-2022-44677 | 2022-12-13 | Windows Projected File System Elevation of Privilege Vulnerability |