Lista CVE 2022/31xxx

CVE nel gruppo: 31xxx

CVE-2022-31021 (N/A)

CVE-2022-31022 (Unlinkability broken in ursa when verifiers use malicious keys)

CVE-2022-31023 (Missing Role Based Access Control for the REST handlers in bleve/http package)

CVE-2022-31024 (Dev error stack trace leaking into prod in Play Framework)

CVE-2022-31025 (Federated editing allows iframing remote servers by default in richdocuments)

CVE-2022-31026 (Invite bypasses user approval in Discourse)

CVE-2022-31027 (Use of Uninitialized Variable in trilogy)

CVE-2022-31028 (Authorization Bypass Through User-Controlled Key when using CILogonOAuthenticator in oauthenticator)

CVE-2022-31029 (Possible DDOS by establishing keep-alive connections with anonymous HTTP clients in MinIO)

CVE-2022-31030 (Authenticated XSS in Pi-hole AdminLTE)

CVE-2022-31031 (containerd CRI plugin: Host memory exhaustion through ExecSync)

CVE-2022-31032 (Potential stack buffer overflow when parsing message as a STUN client)

CVE-2022-31033 (Resources of private projects can be exposed in Tuleap)

CVE-2022-31034 (Authorization header leak in rubygem Mechanize)

CVE-2022-31035 (Insecure entropy in argo-cd)

CVE-2022-31036 (External URLs for Deployments can include javascript in argo-cd)

CVE-2022-31037 (Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server)

CVE-2022-31038 (OroCommerce vulnerable to Cross-site Scripting via Shipping rule editing page)

CVE-2022-31039 (XSS vulnerability in repository issue list in Gogs)

CVE-2022-31040 (Improper privilege management – Anyone can view room settings in GreenLight)

CVE-2022-31041 (Open Redirect in open-forms)

CVE-2022-31042 (Insufficient content-type validation for uploaded files in open-forms)

CVE-2022-31043 (Failure to strip the Cookie header on change in host or HTTP downgrade in Guzzle)

CVE-2022-31044 (Fix failure to strip Authorization header on HTTP downgrade in Guzzle)

CVE-2022-31045 (Plaintext Storage of Keys and Passwords in Rundeck and PagerDuty Process Automation)

CVE-2022-31046 (Ill-formed headers may lead to unexpected behavior in Istio)

CVE-2022-31047 (Information Disclosure via Export Module in TYPO3 CMS)

CVE-2022-31048 (Insertion of Sensitive Information into Log File in typo3/cms-core)

CVE-2022-31049 (Cross-Site Scripting in Form Framework)

CVE-2022-31050 (Cross-Site Scripting in Frontend Login Mailer)

CVE-2022-31051 (Insufficient Session Expiration in TYPO3 Admin Tool)

CVE-2022-31052 (Exposure of Sensitive Information to an Unauthorized Actor in semantic-release)

CVE-2022-31053 (URL previews can crash Synapse media repositories or Synapse monoliths)

CVE-2022-31054 (Signature forgery in Biscuit)

CVE-2022-31055 (Uses of deprecated API can be used to cause DoS in user-facing endpoints in Argo Events)

CVE-2022-31056 (Improper Access Control in kctf)

CVE-2022-31057 (SQL injection with _actor parameter in GLPI)

CVE-2022-31058 (Authenticated Stored XSS in Shopware Administration)

CVE-2022-31059 (SQL injection via the field name of a tracker in Tuleap)

CVE-2022-31060 (Discourse Calendar Event names susceptible to Cross-site Scripting)