Lista CVE 2022/31xxx

CVE nel gruppo: 31xxx

CVE-2022-31041 (N/A)

CVE-2022-31042 (Insufficient content-type validation for uploaded files in open-forms)

CVE-2022-31043 (Failure to strip the Cookie header on change in host or HTTP downgrade in Guzzle)

CVE-2022-31044 (Fix failure to strip Authorization header on HTTP downgrade in Guzzle)

CVE-2022-31045 (Plaintext Storage of Keys and Passwords in Rundeck and PagerDuty Process Automation)

CVE-2022-31046 (Ill-formed headers may lead to unexpected behavior in Istio)

CVE-2022-31047 (Information Disclosure via Export Module in TYPO3 CMS)

CVE-2022-31048 (Insertion of Sensitive Information into Log File in typo3/cms-core)

CVE-2022-31049 (Cross-Site Scripting in Form Framework)

CVE-2022-31050 (Cross-Site Scripting in Frontend Login Mailer)

CVE-2022-31051 (Insufficient Session Expiration in TYPO3 Admin Tool)

CVE-2022-31052 (Exposure of Sensitive Information to an Unauthorized Actor in semantic-release)

CVE-2022-31053 (URL previews can crash Synapse media repositories or Synapse monoliths)

CVE-2022-31054 (Signature forgery in Biscuit)

CVE-2022-31055 (Uses of deprecated API can be used to cause DoS in user-facing endpoints in Argo Events)

CVE-2022-31056 (Improper Access Control in kctf)

CVE-2022-31057 (SQL injection with _actor parameter in GLPI)

CVE-2022-31058 (Authenticated Stored XSS in Shopware Administration)

CVE-2022-31059 (SQL injection via the field name of a tracker in Tuleap)

CVE-2022-31060 (Discourse Calendar Event names susceptible to Cross-site Scripting)

CVE-2022-31061 (Banner topic data is exposed on login-required Discourse sites)

CVE-2022-31062 (SQL injection on login page in GLPI)

CVE-2022-31063 (Unauthenticated Local File Inclusion)

CVE-2022-31064 (Cross site scripting via the title of a document in Tuleap)

CVE-2022-31065 (Cross site scripting in username that will trigger by sending chat)

CVE-2022-31066 (Cross site scripting vulnerability for private chat in bigbluebutton)

CVE-2022-31068 (Configuration API in EdgeXFoundry exposes message bus credentials to local unauthenticated users)

CVE-2022-31069 (Sensitive Data Exposure on Refused Inventory Files in GLPI)

CVE-2022-31070 (Potential Authorization Header Exposure in NPM Packages @finastra/nestjs-proxy, @ffdc/nestjs-proxy)

CVE-2022-31071 (Potential Sensitive Cookie Exposure in NPM Packages @finastra/nestjs-proxy, @ffdc/nestjs-proxy)

CVE-2022-31072 (Octopoller gem published with world-writable files)

CVE-2022-31073 (Octokit gem published with world-writable files)

CVE-2022-31074 (KubeEdge Edge ServiceBus module DoS)

CVE-2022-31075 (KubeEdge Cloud AdmissionController component DoS)

CVE-2022-31076 (KubeEdge DoS when signing the CSR from EdgeCore)

CVE-2022-31077 (Malicious Message can crash CloudCore in KubeEdge)

CVE-2022-31078 (Malicious response from KubeEdge can crash CSI Driver controller server)

CVE-2022-31079 (KubeEdge CloudCore Router memory exhaustion)

CVE-2022-31080 (KubeEdge Cloud Stream and Edge Stream DoS from large stream message)

CVE-2022-31081 (KubeEdge Websocket Client in package Viaduct: DoS from large response message)

CVE-2022-31082 (Inconsistent Interpretation of HTTP Requests (‘HTTP Request Smuggling’) in HTTP::Daemon)

CVE-2022-31083 (SQL Injection via package deployment tasks in glpi-inventory-plugin)

CVE-2022-31084 (Authentication bypass in Parse Server Apple Game Center auth adapter )

CVE-2022-31085 (Unauthenticated Remote Code Execution in ldap-account-manager)

CVE-2022-31086 (Missing Encryption of Sensitive Data in ldap-account-manager)

CVE-2022-31087 (Incorrect Regular Expressions in ldap-account-manager)

CVE-2022-31088 (Incorrect Default Permissions in ldap-account-manager)

CVE-2022-31089 (Unauthenticated LDAP Injection in ldap-account-manager)

CVE-2022-31090 (Invalid file request can crashe parse-server)

CVE-2022-31091 (CURLOPT_HTTPAUTH option not cleared on change of origin in Guzzle)

CVE-2022-31092 (Change in port should be considered a change in origin in Guzzle)

CVE-2022-31093 (SQL injection in pimcore)

CVE-2022-31094 (Improper Handling of `callbackUrl` parameter in next-auth)

CVE-2022-31095 (Cross site scripting vulnerability in ScratchTools)

CVE-2022-31096 (Exposure of Sensitive Information in discourse-chat)

CVE-2022-31097 (Invites restricted to an email or invite links restricted to an email domain may be bypassed by a under certain conditions in Discourse)

CVE-2022-31098 (Stored XSS in Grafana’s Unified Alerting)

CVE-2022-31099 (Weave GitOps leaked cluster credentials into logs on connection errors)

CVE-2022-31100 (Uncontrolled Recursion in rulex)

CVE-2022-31101 (Reachable Assertion in rulex)