Lista CVE 2022/36xxx

CVE nel gruppo: 36xxx

CVE-2022-36040 (N/A)

CVE-2022-36041 (Rizin Out-of-bounds Write vulnerability in pyc/marshal.c)

CVE-2022-36042 (Rizin Out-of-bounds Write vulnerability in Mach-O binary plugin)

CVE-2022-36043 (Rizin Out-of-bounds Write vulnerability in dyld cache binary plugin)

CVE-2022-36044 (Rizin Double Free in bobj.c when using qnx binary plugin)

CVE-2022-36045 (Rizin Out-of-bounds Write vulnerability in Lua binary plugin)

CVE-2022-36046 (Account takeover via cryptographically weak PRNG in NodeBB Forum)

CVE-2022-36048 (Unexpected server crash in Next.js version 12.2.3)

CVE-2022-36049 (IP address leak via image proxy bypass in Zulip Server)

CVE-2022-36051 (Flux2 Helm Controller denial of service)

CVE-2022-36052 (Broken Authorization in ZITADEL Actions)

CVE-2022-36053 (Out-of-bounds read when decompressing UDP header)

CVE-2022-36054 (Out-of-bounds read in the uIP buffer module)

CVE-2022-36055 (Out-of-bounds write when decompressing 6LoWPAN payload in Contiki-NG)

CVE-2022-36056 (Denial of service in Helm)

CVE-2022-36057 ( Vulnerabilities with blob verification in sigstore cosign)

CVE-2022-36058 (Discourse-Chat Cross-Site Scripting issue for channel names and descriptions)

CVE-2022-36059 (elrond-go MultiESDTNFTTransfer call on a SC address with missing function name)

CVE-2022-36060 (Prototype pollution in matrix-js-sdk)

CVE-2022-36061 (Prototype pollution in matrix-react-sdk)

CVE-2022-36062 (Elrond go can execute on same context checks in VM)

CVE-2022-36063 (Grafana folders admin only permission privilege escalation)

CVE-2022-36064 (USBX Host CDC ECM integer underflow with buffer overflow)

CVE-2022-36065 (Shescape Inefficient Regular Expression Complexity vulnerability)

CVE-2022-36066 (GrowthBook account creation and file upload vulnerability in self-hosted configurations)

CVE-2022-36067 (Discourse vulnerable to RCE via admins uploading maliciously zipped file)

CVE-2022-36068 (vm2 vulnerable to Sandbox Escape before v3.9.11)

CVE-2022-36069 (Discourse moderators can edit themes via the API)

CVE-2022-36070 (Poetry Argument Injection vulnerability can lead to local Code Execution)

CVE-2022-36071 (Poetry’s Untrusted Search Path can lead to Local Code Execution on Windows)

CVE-2022-36072 (Recovery codes abuse in SFTPGo)

CVE-2022-36073 (SilverwareGames.io used == for hashing instead of ===)

CVE-2022-36074 (RubyGems allows creation of users with arbitrary unverified emails)

CVE-2022-36075 (Authentication headers exposed on by Nextcloud Server)

CVE-2022-36076 (File list exposure in Nextcloud Files Access Control)

CVE-2022-36077 (Account takeover via SSO plugins in NodeBB)

CVE-2022-36078 (Electron subject to Exfiltration of hashed SMB credentials on Windows via file:// redirect)

CVE-2022-36079 (Slice Memory Allocation with Excessive Size Value in binary)

CVE-2022-36080 (Parse Server vulnerable to brute force guessing of user sensitive data via search patterns)

CVE-2022-36081 (Wikmd Cross-site Scripting vulnerability)

CVE-2022-36082 (Wikmd vulnerable to Local File Enumeration when accessing /list)

CVE-2022-36083 (mangadex-downloader vulnerable to unauthorized file reading)

CVE-2022-36084 (JOSE vulnerable to resource exhaustion via specifically crafted JWE)

CVE-2022-36085 (cruddl vulnerable to AQL injection through flexSearch)

CVE-2022-36086 (OPA Compiler: Bypass of WithUnsafeBuiltins using `with` keyword to mock functions)

CVE-2022-36087 (linked_list_allocator vulnerable to out-of-bound writes on `Heap` initialization and `Heap::extend`)

CVE-2022-36088 (OAuthLib vulnerable DoS when attacker provides malicious IPV6 URI)

CVE-2022-36089 (GoCD Windows installations outside default location inadequately restrict installation file permissions)

CVE-2022-36090 (VelaUX APIServer vulnerable to Authentication Bypass by Capture-replay)

CVE-2022-36091 (org.xwiki.platform:xwiki-platform-oldcore Improper Authorization check for inactive users)

CVE-2022-36092 (XWiki Platform Web Templates vulnerable to Missing Authorization and Exposure of Private Personal Information to an Unauthorized Actor)

CVE-2022-36093 (XWiki Platform Old Core vulnerable to Authentication Bypass Using the Login Action)

CVE-2022-36094 (XWiki Platform Web Templates vulnerable to Unauthorized User Registration Through the Distribution Wizard)

CVE-2022-36095 (XWiki Platform Web Parent POM vulnerable to XSS in the attachment history)

CVE-2022-36096 (XWiki Cross-Site Request Forgery (CSRF) for actions on tags)

CVE-2022-36097 (XWiki Platform vulnerable to Cross-site Scripting in the deleted attachments list)

CVE-2022-36098 (XWiki Platform Attachment UI vulnerable to cross-site scripting in the move attachment form)

CVE-2022-36099 (XWiki Platform Mentions UI vulnerable to Cross-site Scripting)

CVE-2022-36100 (XWiki Platform Wiki UI Main Wiki Eval Injection vulnerability)

CVE-2022-36101 (XWiki Platform Applications Tag and XWiki Platform Tag UI vulnerable to Eval Injection)