Lista CVE 2022/31xxx
CVE nel gruppo: 31xxx
CVE-2022-31061 (Clicca per dettagli)
CVE-2022-31062 (SQL injection on login page in GLPI)
CVE-2022-31063 (Unauthenticated Local File Inclusion)
CVE-2022-31064 (Cross site scripting via the title of a document in Tuleap)
CVE-2022-31065 (Cross site scripting in username that will trigger by sending chat)
CVE-2022-31066 (Cross site scripting vulnerability for private chat in bigbluebutton)
CVE-2022-31068 (Configuration API in EdgeXFoundry exposes message bus credentials to local unauthenticated users)
CVE-2022-31069 (Sensitive Data Exposure on Refused Inventory Files in GLPI)
CVE-2022-31070 (Potential Authorization Header Exposure in NPM Packages @finastra/nestjs-proxy, @ffdc/nestjs-proxy)
CVE-2022-31071 (Potential Sensitive Cookie Exposure in NPM Packages @finastra/nestjs-proxy, @ffdc/nestjs-proxy)
CVE-2022-31072 (Octopoller gem published with world-writable files)
CVE-2022-31073 (Octokit gem published with world-writable files)
CVE-2022-31074 (KubeEdge Edge ServiceBus module DoS)
CVE-2022-31075 (KubeEdge Cloud AdmissionController component DoS)
CVE-2022-31076 (KubeEdge DoS when signing the CSR from EdgeCore)
CVE-2022-31077 (Malicious Message can crash CloudCore in KubeEdge)
CVE-2022-31078 (Malicious response from KubeEdge can crash CSI Driver controller server)
CVE-2022-31079 (KubeEdge CloudCore Router memory exhaustion)
CVE-2022-31080 (KubeEdge Cloud Stream and Edge Stream DoS from large stream message)
CVE-2022-31081 (KubeEdge Websocket Client in package Viaduct: DoS from large response message)
CVE-2022-31082 (Inconsistent Interpretation of HTTP Requests (‘HTTP Request Smuggling’) in HTTP::Daemon)
CVE-2022-31083 (SQL Injection via package deployment tasks in glpi-inventory-plugin)
CVE-2022-31084 (Authentication bypass in Parse Server Apple Game Center auth adapter )
CVE-2022-31085 (Unauthenticated Remote Code Execution in ldap-account-manager)
CVE-2022-31086 (Missing Encryption of Sensitive Data in ldap-account-manager)
CVE-2022-31087 (Incorrect Regular Expressions in ldap-account-manager)
CVE-2022-31088 (Incorrect Default Permissions in ldap-account-manager)
CVE-2022-31089 (Unauthenticated LDAP Injection in ldap-account-manager)
CVE-2022-31090 (Invalid file request can crashe parse-server)
CVE-2022-31091 (CURLOPT_HTTPAUTH option not cleared on change of origin in Guzzle)
CVE-2022-31092 (Change in port should be considered a change in origin in Guzzle)
CVE-2022-31093 (SQL injection in pimcore)
CVE-2022-31094 (Improper Handling of `callbackUrl` parameter in next-auth)
CVE-2022-31095 (Cross site scripting vulnerability in ScratchTools)
CVE-2022-31096 (Exposure of Sensitive Information in discourse-chat)
CVE-2022-31097 (Invites restricted to an email or invite links restricted to an email domain may be bypassed by a under certain conditions in Discourse)
CVE-2022-31098 (Stored XSS in Grafana’s Unified Alerting)
CVE-2022-31099 (Weave GitOps leaked cluster credentials into logs on connection errors)
CVE-2022-31100 (Uncontrolled Recursion in rulex)
CVE-2022-31101 (Reachable Assertion in rulex)
CVE-2022-31102 (SQL Injection in prestashop/blockwishlist)
CVE-2022-31103 (Cross-site Scripting for Argo CD single sign on users)
CVE-2022-31104 (Improper handling of CSS at-rules in lettersanitizer)
CVE-2022-31105 (Miscompilation of `i8x16.swizzle` and `select` with v128 inputs in Wasmtime)
CVE-2022-31106 (Argo CD’s certificate verification is skipped for connections to OIDC providers)
CVE-2022-31107 (Prototype Pollution in underscore.deep)
CVE-2022-31108 (Grafana account takeover via OAuth vulnerability)
CVE-2022-31109 (Arbitrary `CSS` injection into the generated graph affecting the container HTML in mermaid.js)
CVE-2022-31110 (HTTP Host Header Attack Vulnerability in laminas-diactoros)
CVE-2022-31111 (Denial of Service (DoS) vulnerability in RSSHub)
CVE-2022-31112 (Discrepency in transfer value and actual value due to incorrect truncation in Frontier)
CVE-2022-31113 (Protected fields exposed via LiveQuery in parse-server)
CVE-2022-31115 (Cross-Site Scripting in Canarytoken history)
CVE-2022-31116 (Unsafe YAML deserialization in opensearch-ruby)
CVE-2022-31117 (Incorrect handling of invalid surrogate pair characters in ujson)
CVE-2022-31118 (Double free of buffer during string decoding in ujson)
CVE-2022-31119 (Missing brute force protection on cloud federation sharing in Nextcloud Server)
CVE-2022-31120 (Password disclosure in log file in Nextcloud Mail App)
CVE-2022-31121 (Federated share accepting/declining is not logged in audit log in Nextcloud Server)
CVE-2022-31122 (Improper Input Validation in fabric hyperledger)
CVE-2022-31123 (Wire-server vulnerable to Token Recipient Confusion resulting in account impersonation, deletion or malicious account creation)
CVE-2022-31124 (Grafana plugin signature bypass vulnerability)
CVE-2022-31125 (Possible leak of key’s raw field if declared length is incorrect in openssh_key_parser)
CVE-2022-31126 (Authentication Bypass in Roxy-wi)
CVE-2022-31127 (Unauthenticated Remote Code Execution in Roxy-wi)
CVE-2022-31128 (Improper handling of email input in next-auth)
CVE-2022-31129 (Fine grained permissions are not checked in Tuleap)
CVE-2022-31130 (Inefficient Regular Expression Complexity in moment)
CVE-2022-31131 (Grafana data source and plugin proxy endpoints leaking authentication tokens to some destination plugins)
CVE-2022-31132 (Ownership check missing when updating or deleting mail attachments in Nextcloud mail)
CVE-2022-31133 (Unauthenticated SSRF in 3rd party module “cerdic/csstidy”)
CVE-2022-31134 (Cross site scripting in HumHub)
CVE-2022-31135 (Zulip Server public data export contains attachments that are non-public)
CVE-2022-31136 (Maliciously crafted evidence packet may cause denial of service)
CVE-2022-31137 (Cross-site Scripting in BookWyrm)
CVE-2022-31138 (Unauthenticated Remote Code Execution in Roxy-WI)
CVE-2022-31139 (OS Command Injection in mailcow)
CVE-2022-31140 (No security checking for UnsafeAccess.getInstance() in UnsafeAccessor)
CVE-2022-31142 (Valinor error messages leading to potential data exfiltration)
CVE-2022-31143 (Potential Timing Attack Vector in @fastify/bearer-auth)