Lista CVE 2022/36xxx

CVE nel gruppo: 36xxx

CVE-2022-36062 (Clicca per dettagli)

CVE-2022-36063 (Grafana folders admin only permission privilege escalation)

CVE-2022-36064 (USBX Host CDC ECM integer underflow with buffer overflow)

CVE-2022-36065 (Shescape Inefficient Regular Expression Complexity vulnerability)

CVE-2022-36066 (GrowthBook account creation and file upload vulnerability in self-hosted configurations)

CVE-2022-36067 (Discourse vulnerable to RCE via admins uploading maliciously zipped file)

CVE-2022-36068 (vm2 vulnerable to Sandbox Escape before v3.9.11)

CVE-2022-36069 (Discourse moderators can edit themes via the API)

CVE-2022-36070 (Poetry Argument Injection vulnerability can lead to local Code Execution)

CVE-2022-36071 (Poetry’s Untrusted Search Path can lead to Local Code Execution on Windows)

CVE-2022-36072 (Recovery codes abuse in SFTPGo)

CVE-2022-36073 (SilverwareGames.io used == for hashing instead of ===)

CVE-2022-36074 (RubyGems allows creation of users with arbitrary unverified emails)

CVE-2022-36075 (Authentication headers exposed on by Nextcloud Server)

CVE-2022-36076 (File list exposure in Nextcloud Files Access Control)

CVE-2022-36077 (Account takeover via SSO plugins in NodeBB)

CVE-2022-36078 (Electron subject to Exfiltration of hashed SMB credentials on Windows via file:// redirect)

CVE-2022-36079 (Slice Memory Allocation with Excessive Size Value in binary)

CVE-2022-36080 (Parse Server vulnerable to brute force guessing of user sensitive data via search patterns)

CVE-2022-36081 (Wikmd Cross-site Scripting vulnerability)

CVE-2022-36082 (Wikmd vulnerable to Local File Enumeration when accessing /list)

CVE-2022-36083 (mangadex-downloader vulnerable to unauthorized file reading)

CVE-2022-36084 (JOSE vulnerable to resource exhaustion via specifically crafted JWE)

CVE-2022-36085 (cruddl vulnerable to AQL injection through flexSearch)

CVE-2022-36086 (OPA Compiler: Bypass of WithUnsafeBuiltins using `with` keyword to mock functions)

CVE-2022-36087 (linked_list_allocator vulnerable to out-of-bound writes on `Heap` initialization and `Heap::extend`)

CVE-2022-36088 (OAuthLib vulnerable DoS when attacker provides malicious IPV6 URI)

CVE-2022-36089 (GoCD Windows installations outside default location inadequately restrict installation file permissions)

CVE-2022-36090 (VelaUX APIServer vulnerable to Authentication Bypass by Capture-replay)

CVE-2022-36091 (org.xwiki.platform:xwiki-platform-oldcore Improper Authorization check for inactive users)

CVE-2022-36092 (XWiki Platform Web Templates vulnerable to Missing Authorization and Exposure of Private Personal Information to an Unauthorized Actor)

CVE-2022-36093 (XWiki Platform Old Core vulnerable to Authentication Bypass Using the Login Action)

CVE-2022-36094 (XWiki Platform Web Templates vulnerable to Unauthorized User Registration Through the Distribution Wizard)

CVE-2022-36095 (XWiki Platform Web Parent POM vulnerable to XSS in the attachment history)

CVE-2022-36096 (XWiki Cross-Site Request Forgery (CSRF) for actions on tags)

CVE-2022-36097 (XWiki Platform vulnerable to Cross-site Scripting in the deleted attachments list)

CVE-2022-36098 (XWiki Platform Attachment UI vulnerable to cross-site scripting in the move attachment form)

CVE-2022-36099 (XWiki Platform Mentions UI vulnerable to Cross-site Scripting)

CVE-2022-36100 (XWiki Platform Wiki UI Main Wiki Eval Injection vulnerability)

CVE-2022-36101 (XWiki Platform Applications Tag and XWiki Platform Tag UI vulnerable to Eval Injection)

CVE-2022-36102 (Sensitive data in backend customer module)

CVE-2022-36103 (Acess control list bypassed via crafted specific URLs)

CVE-2022-36104 (Talos worker join token can be used to get elevated access level to the Talos API)

CVE-2022-36105 (Denial of Service via Page Error Handling in TYPO3/cms)

CVE-2022-36106 (User Enumeration via Response Timing in TYPO3)

CVE-2022-36107 (Missing check for expiration time of password reset token in TYPO3)

CVE-2022-36108 (Stored Cross-Site Scripting via FileDumpController)

CVE-2022-36109 (Cross-Site Scripting in typo3/cms-core)

CVE-2022-36110 (Moby vulnerability relating to supplementary group permissions)

CVE-2022-36111 (Netmaker vulnerable to Insufficient Granularity of Access Control)

CVE-2022-36112 (immundb has insufficient verification of data authenticity)

CVE-2022-36113 (Blind Server-Side Request Forgery (SSRF) in GLPI)

CVE-2022-36114 (Extracting malicious crates can corrupt arbitrary files)

CVE-2022-36115 (Extracting malicious crates can fill the file system)

CVE-2022-36116 (Clicca per dettagli)

CVE-2022-36117 (Clicca per dettagli)

CVE-2022-36118 (Clicca per dettagli)

CVE-2022-36119 (Clicca per dettagli)

CVE-2022-36120 (Clicca per dettagli)

CVE-2022-36121 (Clicca per dettagli)

CVE-2022-36122 (Clicca per dettagli)

CVE-2022-36123 (Clicca per dettagli)

CVE-2022-36124 (Clicca per dettagli)

CVE-2022-36125 (Memory overconsumption in Avro Rust SDK)

CVE-2022-36126 (Integer overflow when reading corrupted .avro file in Avro Rust SDK)

CVE-2022-36127 (Clicca per dettagli)

CVE-2022-36129 (Service unavailability impact in NodeJS agent(version <= 0.5.0))

CVE-2022-36130 (Clicca per dettagli)

CVE-2022-36131 (Clicca per dettagli)

CVE-2022-36133 (Clicca per dettagli)

CVE-2022-36136 (Clicca per dettagli)

CVE-2022-36137 (Clicca per dettagli)

CVE-2022-36139 (Clicca per dettagli)

CVE-2022-36140 (Clicca per dettagli)

CVE-2022-36141 (Clicca per dettagli)

CVE-2022-36142 (Clicca per dettagli)

CVE-2022-36143 (Clicca per dettagli)

CVE-2022-36144 (Clicca per dettagli)

CVE-2022-36145 (Clicca per dettagli)

CVE-2022-36146 (Clicca per dettagli)