US-CERT Bulletin (SB22-304):Vulnerability Summary for the Week of October 24, 2022
Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
10web — form_maker | The Form Maker by 10Web WordPress plugin before 1.15.6 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin | 2022-10-25 | 7.2 | CVE-2022-3300 CONFIRM |
adenion — blog2social | The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.9.10 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscribers | 2022-10-25 | 8.8 | CVE-2022-3246 CONFIRM |
adobe — illustrator |
Adobe Illustrator versions 26.4 (and earlier) and 25.4.7 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-10-25 | 7.8 | CVE-2022-38435 MISC |
adobe– illustrator |
Adobe Illustrator versions 26.4 (and earlier) and 25.4.7 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-10-25 | 7.8 | CVE-2022-38436 MISC |
advantech — r-seenet | Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack-based buffer overflow. An unauthorized attacker can remotely overflow the stack buffer and enable remote code execution. | 2022-10-27 | 9.8 | CVE-2022-3385 MISC |
advantech — r-seenet | Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack-based buffer overflow. An unauthorized attacker can use an outsized filename to overflow the stack buffer and enable remote code execution. | 2022-10-27 | 9.8 | CVE-2022-3386 MISC |
apache — batik | A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16. | 2022-10-25 | 7.5 | CVE-2022-41704 MISC MLIST MLIST DEBIAN |
apache — batik | A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16. | 2022-10-25 | 7.5 | CVE-2022-42890 MISC MLIST MLIST DEBIAN |
apache — flume | Apache Flume versions 1.4.0 through 1.10.1 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with an unsafe providerURL. This issue is fixed by limiting JNDI to allow only the use of the java protocol or no protocol. | 2022-10-26 | 9.8 | CVE-2022-42468 CONFIRM CONFIRM CONFIRM |
apache — heron | Heron versions <= 0.20.4-incubating allows CRLF log injection because of the lack of escaping in the log statements. Please update to version 0.20.5-incubating which addresses this issue. | 2022-10-24 | 9.8 | CVE-2021-42010 MISC MLIST |
apache — iotdb | Apache IoTDB version 0.12.2 to 0.12.6, 0.13.0 to 0.13.2 are vulnerable to a Denial of Service attack when accepting untrusted patterns for REGEXP queries with Java 8. Users should upgrade to 0.13.3 which addresses this issue or use a later version of Java to avoid it. | 2022-10-26 | 7.5 | CVE-2022-43766 CONFIRM |
apache — linkis | In Apache Linkis <=1.2.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures a JDBC EC with a MySQL data source and malicious parameters. Therefore, the parameters in the jdbc url should be blacklisted. Versions of Apache Linkis <= 1.2.0 will be affected, We recommend users to update to 1.3.0. | 2022-10-26 | 8.8 | CVE-2022-39944 CONFIRM |
arm — midguard_gpu_kernel_driver | An Arm product family through 2022-08-12 mail GPU kernel driver allows non-privileged users to make improper GPU processing operations to gain access to already freed memory. | 2022-10-25 | 8.8 | CVE-2022-38181 MISC MISC |
autodesk — autocad_plant_3d | A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | 2022-10-21 | 7.8 | CVE-2022-41309 MISC |
autodesk — autocad_plant_3d | A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | 2022-10-21 | 7.8 | CVE-2022-41310 MISC |
autodesk — autocad_plant_3d | A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | 2022-10-21 | 7.8 | CVE-2022-42933 MISC |
autodesk — autocad_plant_3d | A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | 2022-10-21 | 7.8 | CVE-2022-42934 MISC |
autodesk — autocad_plant_3d | A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | 2022-10-21 | 7.8 | CVE-2022-42935 MISC |
autodesk — autocad_plant_3d | A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | 2022-10-21 | 7.8 | CVE-2022-42936 MISC |
autodesk — autocad_plant_3d | A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | 2022-10-21 | 7.8 | CVE-2022-42937 MISC |
autodesk — autocad_plant_3d | A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | 2022-10-21 | 7.8 | CVE-2022-42938 MISC |
autodesk — autocad_plant_3d | A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | 2022-10-21 | 7.8 | CVE-2022-42939 MISC |
autodesk — autocad_plant_3d | A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | 2022-10-21 | 7.8 | CVE-2022-42940 MISC |
autodesk — autocad_plant_3d | A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | 2022-10-21 | 7.8 | CVE-2022-42941 MISC |
autodesk — autocad_plant_3d | A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | 2022-10-21 | 7.8 | CVE-2022-42942 MISC |
autodesk — autocad_plant_3d | A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | 2022-10-21 | 7.8 | CVE-2022-42943 MISC |
autodesk — autocad_plant_3d | A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | 2022-10-21 | 7.8 | CVE-2022-42944 MISC |
automox — automox | The Automox Agent before 40 on Windows incorrectly sets permissions on key files. | 2022-10-21 | 7.8 | CVE-2022-36122 MISC MISC |
axiosys — bento4 | A vulnerability was found in Axiomatic Bento4. It has been declared as critical. This vulnerability affects the function GetOffset of the file Ap4Sample.h of the component mp42hls. The manipulation leads to use after free. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-212002 is the identifier assigned to this vulnerability. | 2022-10-26 | 7.8 | CVE-2022-3662 MISC MISC MISC |
axiosys — bento4 | A vulnerability classified as critical has been found in Axiomatic Bento4. Affected is the function AP4_BitStream::WriteBytes of the file Ap4BitStream.cpp of the component avcinfo. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212004. | 2022-10-26 | 7.8 | CVE-2022-3664 MISC MISC MISC |
axiosys — bento4 | A vulnerability classified as critical was found in Axiomatic Bento4. Affected by this vulnerability is an unknown functionality of the file AvcInfo.cpp of the component avcinfo. The manipulation leads to heap-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-212005 was assigned to this vulnerability. | 2022-10-26 | 7.8 | CVE-2022-3665 MISC MISC MISC |
axiosys — bento4 | A vulnerability, which was classified as critical, has been found in Axiomatic Bento4. Affected by this issue is the function AP4_LinearReader::Advance of the file Ap4LinearReader.cpp of the component mp42ts. The manipulation leads to use after free. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-212006 is the identifier assigned to this vulnerability. | 2022-10-26 | 7.8 | CVE-2022-3666 MISC MISC MISC |
axiosys — bento4 | A vulnerability was found in Axiomatic Bento4. It has been classified as critical. Affected is the function WriteSample of the component mp42hevc. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-212010 is the identifier assigned to this vulnerability. | 2022-10-26 | 7.8 | CVE-2022-3670 MISC MISC MISC |
axiosys — bento4 | A vulnerability, which was classified as critical, was found in Axiomatic Bento4. This affects the function AP4_MemoryByteStream::WritePartial of the file Ap4ByteStream.cpp of the component mp42aac. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212007. | 2022-10-26 | 7.5 | CVE-2022-3667 MISC MISC MISC |
baramundi — management_suite | baramundi Management Agent (bMA) in baramundi Management Suite (bMS) 2021 R1 and R2 and 2022 R1 allows remote code execution. This is fixed in 2022 R2. | 2022-10-26 | 9.8 | CVE-2022-43747 MISC |
barangay_management_system_project — barangay_management_system | Barangay Management System v1.0 was discovered to contain a SQL injection vulnerability via the hidden_id parameter at /clearance/clearance.php. | 2022-10-28 | 7.2 | CVE-2022-43228 MISC |
bestwebsoft — post_to_csv | The Post to CSV by BestWebSoft WordPress plugin through 1.4.0 does not properly escape fields when exporting data as CSV, leading to a CSV injection | 2022-10-25 | 9.8 | CVE-2022-3393 CONFIRM |
broadcom — fabric_operating_system | Brocade Webtools in Brocade Fabric OS versions before Brocade Fabric OS versions v9.1.1, v9.0.1e, and v8.2.3c could allow a low privilege webtools, user, to gain elevated admin rights, or privileges, beyond what is intended or entitled for that user. By exploiting this vulnerability, a user whose role is not an admin can create a new user with an admin role using the operator session id. The issue was replicated after intercepting the admin, and operator authorization headers sent unencrypted and editing a user addition request to use the operator’s authorization header. | 2022-10-25 | 8.8 | CVE-2022-28169 MISC |
broadcom — fabric_operating_system | A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, and 7.4.2j could allow a local authenticated user to break out of restricted shells with “set context” and escalate privileges. | 2022-10-25 | 8.8 | CVE-2022-33179 MISC |
broadcom — fabric_operating_system | A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a remote authenticated attacker to perform stack buffer overflow using in “firmwaredownload” and “diagshow” commands. | 2022-10-25 | 8.8 | CVE-2022-33183 MISC |
broadcom — fabric_operating_system | A privilege escalation vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, could allow a local authenticated user to escalate its privilege to root using switch commands “supportlink”, “firmwaredownload”, “portcfgupload, license, and “fosexec”. | 2022-10-25 | 7.8 | CVE-2022-33182 MISC |
broadcom — fabric_operating_system | A vulnerability in fab_seg.c.h libraries of all Brocade Fabric OS versions before Brocade Fabric OS v9.1.1, v9.0.1e, v8.2.3c, v8.2.0_cbn5, 7.4.2j could allow local authenticated attackers to exploit stack-based buffer overflows and execute arbitrary code as the root user account. | 2022-10-25 | 7.8 | CVE-2022-33184 MISC |
broadcom — fabric_operating_system | Several commands in Brocade Fabric OS before Brocade Fabric OS v.9.0.1e, and v9.1.0 use unsafe string functions to process user input. Authenticated local attackers could abuse these vulnerabilities to exploit stack-based buffer overflows, allowing arbitrary code execution as the root user account. | 2022-10-25 | 7.8 | CVE-2022-33185 MISC |
broadcom — fabric_operating_system | A vulnerability in the radius authentication system of Brocade Fabric OS before Brocade Fabric OS 9.0 could allow a remote attacker to execute arbitrary code on the Brocade switch. | 2022-10-25 | 7.2 | CVE-2022-33178 MISC |
canteen_management_system_project — canteen_management_system | Canteen Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via /youthappam/manage_website.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | 2022-10-28 | 7.2 | CVE-2022-43231 MISC |
canteen_management_system_project — canteen_management_system | Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the userid parameter at /php_action/fetchOrderData.php. | 2022-10-28 | 7.2 | CVE-2022-43232 MISC |
canteen_management_system_project — canteen_management_system | Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the userid parameter at /php_action/fetchSelectedUser.php. | 2022-10-28 | 7.2 | CVE-2022-43233 MISC |
canteen_management_system_project — canteen_management_system | Canteen Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via /youthappam/php_action/editProductImage.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | 2022-10-28 | 7.2 | CVE-2022-43275 MISC |
canteen_management_system_project — canteen_management_system | Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the productId parameter at /php_action/fetchSelectedfood.php. | 2022-10-28 | 7.2 | CVE-2022-43276 MISC |
cert — vince | A Remote Code Injection vulnerability exists in CERT software prior to version 1.50.5. An authenticated attacker can inject arbitrary pickle object as part of a user’s profile. This can lead to code execution on the server when the user’s profile is accessed. | 2022-10-26 | 8.8 | CVE-2022-40238 MISC |
cleantalk — spam_protection\,_antispam\,_firewall | The Spam protection, AntiSpam, FireWall by CleanTalk WordPress plugin before 5.185.1 does not validate ids before using them in a SQL statement, which could lead to SQL injection exploitable by high privilege users such as admin | 2022-10-25 | 7.2 | CVE-2022-3302 CONFIRM |
dataease — dataease | Dataease is an open source data visualization analysis tool. Dataease prior to 1.15.2 has a deserialization vulnerability. In Dataease, the Mysql data source in the data source function can customize the JDBC connection parameters and the Mysql server target to be connected. In `backend/src/main/java/io/dataease/provider/datasource/JdbcProvider.java`, the `MysqlConfiguration` class does not filter any parameters. If an attacker adds some parameters to a JDBC url and connects to a malicious mysql server, the attacker can trigger the mysql jdbc deserialization vulnerability. Through the deserialization vulnerability, the attacker can execute system commands and obtain server privileges. Version 1.15.2 contains a patch for this issue. | 2022-10-25 | 9.8 | CVE-2022-39312 MISC MISC MISC CONFIRM |
dell — emc_powerscale_onefs | Dell PowerScale OneFS, versions 8.2.0.x-9.4.0.x contain allocation of Resources Without Limits or Throttling vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service and performance issue on that node. | 2022-10-21 | 7.5 | CVE-2022-34439 CONFIRM |
dell — powerstoreos | Dell PowerStore versions 2.1.0.x contain an Authentication bypass vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability under specific configuration. An attacker would gain unauthorized access upon successful exploit. | 2022-10-21 | 9.8 | CVE-2022-26870 CONFIRM |
deltaww — diaenergie | The HandlerPageP_KID class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system. | 2022-10-26 | 9.8 | CVE-2022-43774 MISC |
deltaww — diaenergie | The HICT_Loop class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system. | 2022-10-26 | 9.8 | CVE-2022-43775 MISC |
deltaww — diaenergie | The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckIoTHubNameExisted. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries. | 2022-10-27 | 8.8 | CVE-2022-40967 MISC |
deltaww — diaenergie | The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in GetDIAE_line_message_settingsListParameters. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries. | 2022-10-27 | 8.8 | CVE-2022-41133 MISC |
deltaww — diaenergie | The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckDIACloud. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries. | 2022-10-27 | 8.8 | CVE-2022-41773 MISC |
discourse — patreon | Discourse Patreon enables syncronization between Discourse Groups and Patreon rewards. On sites with Patreon login enabled, an improper authentication vulnerability could be used to take control of a victim’s forum account. This vulnerability is patched in commit number 846d012151514b35ce42a1636c7d70f6dcee879e of the discourse-patreon plugin. Out of an abundance of caution, any Discourse accounts which have logged in with an unverified-email Patreon account will be logged out and asked to verify their email address on their next login. As a workaround, disable the patreon integration and log out all users with associated Patreon accounts. | 2022-10-26 | 9.8 | CVE-2022-39355 MISC CONFIRM |
dlink — dir-816_firmware | D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the srcip parameter at /goform/form2IPQoSTcAdd. | 2022-10-26 | 9.8 | CVE-2022-42998 MISC MISC |
dlink — dir-816_firmware | D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the wizardstep4_pskpwd parameter at /goform/form2WizardStep4. | 2022-10-26 | 9.8 | CVE-2022-43000 MISC MISC |
dlink — dir-816_firmware | D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the pskValue parameter in the setSecurity function. | 2022-10-26 | 9.8 | CVE-2022-43001 MISC MISC |
dlink — dir-816_firmware | D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the wizardstep54_pskpwd parameter at /goform/form2WizardStep54. | 2022-10-26 | 9.8 | CVE-2022-43002 MISC MISC |
dlink — dir-816_firmware | D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the pskValue parameter in the setRepeaterSecurity function. | 2022-10-26 | 9.8 | CVE-2022-43003 MISC MISC |
dlink — dir-816_firmware | D-Link DIR-816 A2 1.10 B05 was discovered to contain multiple command injection vulnerabilities via the admuser and admpass parameters at /goform/setSysAdm. | 2022-10-26 | 7.5 | CVE-2022-42999 MISC MISC |
elearning_system_project — elearning_system | A vulnerability classified as critical was found in SourceCodester eLearning System 1.0. This vulnerability affects unknown code of the file /admin/students/manage.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-212014 is the identifier assigned to this vulnerability. | 2022-10-26 | 9.8 | CVE-2022-3671 N/A N/A |
employee_record_management_system_project — employee_record_management_system | Employee Record Management System v 1.2 is vulnerable to SQL Injection via editempprofile.php. | 2022-10-28 | 9.8 | CVE-2021-37782 MISC MISC |
evm_project — evm | SputnikVM, also called evm, is a Rust implementation of Ethereum Virtual Machine. A custom stateful precompile can use the `is_static` parameter to determine if the call is executed in a static context (via `STATICCALL`), and thus decide if stateful operations should be done. Prior to version 0.36.0, the passed `is_static` parameter was incorrect — it was only set to `true` if the call came from a direct `STATICCALL` opcode. However, once a static call context is entered, it should stay static. The issue only impacts custom precompiles that actually uses `is_static`. For those affected, the issue can lead to possible incorrect state transitions. Version 0.36.0 contains a patch. There are no known workarounds. | 2022-10-25 | 7.5 | CVE-2022-39354 MISC CONFIRM |
exiv2 — exiv2 | A vulnerability, which was classified as critical, has been found in Exiv2. Affected by this issue is the function BmffImage::boxHandler of the file bmffimage.cpp. The manipulation leads to memory corruption. The attack may be launched remotely. The name of the patch is a58e52ed702d3bc7b8bab7ec1d70a4849eebece3. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-212348. | 2022-10-27 | 9.8 | CVE-2022-3717 MISC MISC |
exiv2 — exiv2 | A vulnerability has been found in Exiv2 and classified as critical. This vulnerability affects the function QuickTimeVideo::userDataDecoder of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to heap-based buffer overflow. The attack can be initiated remotely. The name of the patch is a38e124076138e529774d5ec9890d0731058115a. It is recommended to apply a patch to fix this issue. VDB-212350 is the identifier assigned to this vulnerability. | 2022-10-27 | 9.8 | CVE-2022-3719 MISC MISC MISC |
extended_keccak_code_package_project — extended_keccak_code_package | The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface. | 2022-10-21 | 9.8 | CVE-2022-37454 MISC MISC MISC MISC |
f5 — nginx | A vulnerability was found in Nginx and classified as problematic. This issue affects some unknown processing of the file ngx_resolver.c of the component IPv4 Off Handler. The manipulation leads to memory leak. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211937 was assigned to this vulnerability. | 2022-10-21 | 7.5 | CVE-2022-3638 N/A N/A N/A |
featherjs — feathers-sequelize | Due to improper input validation in the Feathers js library, it is possible to perform a SQL injection attack on the back-end database, in case the feathers-sequelize package is used. | 2022-10-26 | 9.8 | CVE-2022-2422 CONFIRM CONFIRM |
featherjs — feathers-sequelize | Due to improper parameter filtering in the Feathers js library, which may ultimately lead to SQL injection | 2022-10-26 | 9.8 | CVE-2022-29822 CONFIRM CONFIRM |
featherjs — feathers-sequelize | Feather-Sequalize cleanQuery method uses insecure recursive logic to filter unsupported keys from the query object. This results in a Remote Code Execution (RCE) with privileges of application. | 2022-10-26 | 9.8 | CVE-2022-29823 CONFIRM CONFIRM |
free5gc — free5gc | Free5gc v3.2.1 is vulnerable to Information disclosure. | 2022-10-25 | 7.5 | CVE-2022-38870 MISC |
gin-vue-admin_project — gin-vue-admin | Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. Versions prior to 2.5.4 contain a file upload ability. The affected code fails to validate fileMd5 and fileName parameters, resulting in an arbitrary file being read. This issue is patched in 2.5.4b. There are no known workarounds. | 2022-10-24 | 9.8 | CVE-2022-39305 MISC CONFIRM |
gin-vue-admin_project — gin-vue-admin | Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. Gin-vue-admin prior to 2.5.4 is vulnerable to path traversal, which leads to file upload vulnerabilities. Version 2.5.4 contains a patch for this issue. There are no workarounds aside from upgrading to a patched version. | 2022-10-25 | 7.5 | CVE-2022-39345 CONFIRM MISC MISC MISC |
github — runner | GitHub Actions Runner is the application that runs a job from a GitHub Actions workflow. The actions runner invokes the docker cli directly in order to run job containers, service containers, or container actions. A bug in the logic for how the environment is encoded into these docker commands was discovered in versions prior to 2.296.2, 2.293.1, 2.289.4, 2.285.2, and 2.283.4 that allows an input to escape the environment variable and modify that docker command invocation directly. Jobs that use container actions, job containers, or service containers alongside untrusted user inputs in environment variables may be vulnerable. The Actions Runner has been patched, both on `github.com` and hotfixes for GHES and GHAE customers in versions 2.296.2, 2.293.1, 2.289.4, 2.285.2, and 2.283.4. GHES and GHAE customers may want to patch their instance in order to have their runners automatically upgrade to these new runner versions. As a workaround, users may consider removing any container actions, job containers, or service containers from their jobs until they are able to upgrade their runner versions. | 2022-10-25 | 9.9 | CVE-2022-39321 MISC MISC CONFIRM |
gnu — libtasn1 | GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der. | 2022-10-24 | 9.1 | CVE-2021-46848 MISC MISC MISC |
goabode — iota_all-in-one_security_kit_firmware | Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A XCMD can lead to arbitrary command execution. An attacker can send a sequence of malicious commands to trigger these vulnerabilities.This vulnerability specifically focuses on the unsafe use of the `WL_SSID` and `WL_SSID_HEX` configuration values in the function at offset `0x1c7d28` of firmware 6.9Z. | 2022-10-25 | 10 | CVE-2022-33192 MISC |
goabode — iota_all-in-one_security_kit_firmware | Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A XCMD can lead to arbitrary command execution. An attacker can send a sequence of malicious commands to trigger these vulnerabilities.This vulnerability specifically focuses on the unsafe use of the `WL_WPAPSK` configuration value in the function located at offset `0x1c7d28` of firmware 6.9Z. | 2022-10-25 | 10 | CVE-2022-33193 MISC |
goabode — iota_all-in-one_security_kit_firmware | Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A XCMD can lead to arbitrary command execution. An attacker can send a sequence of malicious commands to trigger these vulnerabilities.This vulnerability focuses on the unsafe use of the `WL_Key` and `WL_DefaultKeyID` configuration values in the function located at offset `0x1c7d28` of firmware 6.9Z , and even more specifically on the command execution occuring at offset `0x1c7f6c`. | 2022-10-25 | 10 | CVE-2022-33194 MISC |
goabode — iota_all-in-one_security_kit_firmware | Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A XCMD can lead to arbitrary command execution. An attacker can send a sequence of malicious commands to trigger these vulnerabilities.This vulnerability focuses on the unsafe use of the `WL_DefaultKeyID` in the function located at offset `0x1c7d28` of firmware 6.9Z, and even more specifically on the command execution occuring at offset `0x1c7fac`. | 2022-10-25 | 10 | CVE-2022-33195 MISC |
goabode — iota_all-in-one_security_kit_firmware | Four OS command injection vulnerabilities exists in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability focuses on the unsafe use of the `ssid_hex` HTTP parameter to construct an OS Command at offset `0x19afc0` of the `/root/hpgw` binary included in firmware 6.9Z. | 2022-10-25 | 9.9 | CVE-2022-33204 MISC |
goabode — iota_all-in-one_security_kit_firmware | Four OS command injection vulnerabilities exists in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability focuses on the unsafe use of the `wpapsk_hex` HTTP parameter to construct an OS Command at offset `0x19b0ac` of the `/root/hpgw` binary included in firmware 6.9Z. | 2022-10-25 | 9.9 | CVE-2022-33205 MISC |
goabode — iota_all-in-one_security_kit_firmware | Four OS command injection vulnerabilities exists in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability focuses on the unsafe use of the `key` and `default_key_id` HTTP parameters to construct an OS Command crafted at offset `0x19b1f4` of the `/root/hpgw` binary included in firmware 6.9Z. | 2022-10-25 | 9.9 | CVE-2022-33206 MISC |
goabode — iota_all-in-one_security_kit_firmware | Four OS command injection vulnerabilities exists in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability focuses on a second unsafe use of the `default_key_id` HTTP parameter to construct an OS Command at offset `0x19B234` of the `/root/hpgw` binary included in firmware 6.9Z. | 2022-10-25 | 9.9 | CVE-2022-33207 MISC |
goabode — iota_all-in-one_security_kit_firmware | An os command injection vulnerability exists in the web interface util_set_abode_code functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability. | 2022-10-25 | 9.8 | CVE-2022-27804 MISC |
goabode — iota_all-in-one_security_kit_firmware | An authentication bypass vulnerability exists in the GHOME control functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted network request can lead to arbitrary XCMD execution. An attacker can send a malicious XML payload to trigger this vulnerability. | 2022-10-25 | 9.8 | CVE-2022-27805 MISC |
goabode — iota_all-in-one_security_kit_firmware | An OS command injection vulnerability exists in the web interface util_set_serial_mac functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability. | 2022-10-25 | 9.8 | CVE-2022-29472 MISC |
goabode — iota_all-in-one_security_kit_firmware | An authentication bypass vulnerability exists in the web interface /action/factory* functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP header can lead to authentication bypass. An attacker can send an HTTP request to trigger this vulnerability. | 2022-10-25 | 9.8 | CVE-2022-29477 MISC |
goabode — iota_all-in-one_security_kit_firmware | An OS command injection vulnerability exists in the console_main_loop :sys functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z. A specially-crafted XCMD can lead to arbitrary command execution. An attacker can send an XML payload to trigger this vulnerability. | 2022-10-25 | 9.8 | CVE-2022-29520 MISC |
goabode — iota_all-in-one_security_kit_firmware | A hard-coded password vulnerability exists in the telnet functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z. Use of a hard-coded root password can lead to arbitrary command execution. An attacker can authenticate with hard-coded credentials to trigger this vulnerability. | 2022-10-25 | 9.8 | CVE-2022-29889 MISC |
goabode — iota_all-in-one_security_kit_firmware | An OS command injection vulnerability exists in the XCMD setUPnP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted XCMD can lead to arbitrary command execution. An attacker can send a malicious XML payload to trigger this vulnerability. | 2022-10-25 | 9.8 | CVE-2022-30541 MISC |
goabode — iota_all-in-one_security_kit_firmware | A stack-based buffer overflow vulnerability exists in the XCMD setIPCam functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted XCMD can lead to remote code execution. An attacker can send a malicious XML payload to trigger this vulnerability. | 2022-10-25 | 9.8 | CVE-2022-32454 MISC |
goabode — iota_all-in-one_security_kit_firmware | An OS command injection vulnerability exists in the XCMD doDebug functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted XCMD can lead to arbitrary command execution. An attacker can send a malicious XML payload to trigger this vulnerability. | 2022-10-25 | 9.8 | CVE-2022-32773 MISC |
goabode — iota_all-in-one_security_kit_firmware | An OS command injection vulnerability exists in the XCMD setAlexa functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z. A specially-crafted XCMD can lead to arbitrary command execution. An attacker can send a malicious XML payload to trigger this vulnerability. | 2022-10-25 | 9.8 | CVE-2022-33189 MISC |
goabode — iota_all-in-one_security_kit_firmware | A format string injection vulnerability exists in the ghome_process_control_packet functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted XCMD can lead to memory corruption, information disclosure and denial of service. An attacker can send a malicious XML payload to trigger this vulnerability. | 2022-10-25 | 9.8 | CVE-2022-33938 MISC |
goabode — iota_all-in-one_security_kit_firmware | A format string injection vulnerability exists in the XCMD getVarHA functionality of abode systems, inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted XCMD can lead to memory corruption, information disclosure, and denial of service. An attacker can send a malicious XML payload to trigger this vulnerability. | 2022-10-25 | 9.8 | CVE-2022-35244 MISC |
goabode — iota_all-in-one_security_kit_firmware | Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. Specially-crafted configuration values can lead to memory corruption, information disclosure and denial of service. An attacker can modify a configuration value and then execute an XCMD to trigger these vulnerabilities.This vulnerability arises from format string injection via the `ssid` and `ssid_hex` configuration parameters, as used within the `testWifiAP` XCMD handler | 2022-10-25 | 9.8 | CVE-2022-35874 MISC |
goabode — iota_all-in-one_security_kit_firmware | Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. Specially-crafted configuration values can lead to memory corruption, information disclosure and denial of service. An attacker can modify a configuration value and then execute an XCMD to trigger these vulnerabilities.This vulnerability arises from format string injection via the `wpapsk` configuration parameter, as used within the `testWifiAP` XCMD handler | 2022-10-25 | 9.8 | CVE-2022-35875 MISC |
goabode — iota_all-in-one_security_kit_firmware | Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. Specially-crafted configuration values can lead to memory corruption, information disclosure and denial of service. An attacker can modify a configuration value and then execute an XCMD to trigger these vulnerabilities.This vulnerability arises from format string injection via the `default_key_id` and `key` configuration parameters, as used within the `testWifiAP` XCMD handler | 2022-10-25 | 9.8 | CVE-2022-35876 MISC |
goabode — iota_all-in-one_security_kit_firmware | Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. Specially-crafted configuration values can lead to memory corruption, information disclosure and denial of service. An attacker can modify a configuration value and then execute an XCMD to trigger these vulnerabilities.This vulnerability arises from format string injection via the `default_key_id` configuration parameter, as used within the `testWifiAP` XCMD handler | 2022-10-25 | 9.8 | CVE-2022-35877 MISC |
goabode — iota_all-in-one_security_kit_firmware | An OS command injection vulnerability exists in the web interface /action/iperf functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2022-10-25 | 8.8 | CVE-2022-30603 MISC |
goabode — iota_all-in-one_security_kit_firmware | An OS command injection vulnerability exists in the web interface /action/ipcamRecordPost functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2022-10-25 | 8.8 | CVE-2022-32586 MISC |
goabode — iota_all-in-one_security_kit_firmware | An integer overflow vulnerability exists in the web interface /action/ipcamRecordPost functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to memory corruption. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2022-10-25 | 8.8 | CVE-2022-32775 MISC |
goabode — iota_all-in-one_security_kit_firmware | Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted UPnP negotiation can lead to memory corruption, information disclosure, and denial of service. An attacker can host a malicious UPnP service to trigger these vulnerabilities.This vulnerability arises from format string injection via `ST` and `Location` HTTP response headers, as used within the `DoEnumUPnPService` action handler. | 2022-10-25 | 8.8 | CVE-2022-35878 MISC |
goabode — iota_all-in-one_security_kit_firmware | Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted UPnP negotiation can lead to memory corruption, information disclosure, and denial of service. An attacker can host a malicious UPnP service to trigger these vulnerabilities.This vulnerability arises from format string injection via `controlURL` XML tag, as used within the `DoUpdateUPnPbyService` action handler. | 2022-10-25 | 8.8 | CVE-2022-35879 MISC |
goabode — iota_all-in-one_security_kit_firmware | Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted UPnP negotiation can lead to memory corruption, information disclosure, and denial of service. An attacker can host a malicious UPnP service to trigger these vulnerabilities.This vulnerability arises from format string injection via `NewInternalClient` XML tag, as used within the `DoUpdateUPnPbyService` action handler. | 2022-10-25 | 8.8 | CVE-2022-35880 MISC |
goabode — iota_all-in-one_security_kit_firmware | Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted UPnP negotiation can lead to memory corruption, information disclosure, and denial of service. An attacker can host a malicious UPnP service to trigger these vulnerabilities.This vulnerability arises from format string injection via `errorCode` and `errorDescription` XML tags, as used within the `DoUpdateUPnPbyService` action handler. | 2022-10-25 | 8.8 | CVE-2022-35881 MISC |
goabode — iota_all-in-one_security_kit_firmware | Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability arises from format string injection via the `ssid_hex` HTTP parameter, as used within the `/action/wirelessConnect` handler. | 2022-10-25 | 8.8 | CVE-2022-35884 MISC |
goabode — iota_all-in-one_security_kit_firmware | Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability arises from format string injection via the `wpapsk_hex` HTTP parameter, as used within the `/action/wirelessConnect` handler. | 2022-10-25 | 8.8 | CVE-2022-35885 MISC |
goabode — iota_all-in-one_security_kit_firmware | Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability arises from format string injection via the `default_key_id` and `key` HTTP parameters, as used within the `/action/wirelessConnect` handler. | 2022-10-25 | 8.8 | CVE-2022-35886 MISC |
goabode — iota_all-in-one_security_kit_firmware | Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability arises from format string injection via the `default_key_id` HTTP parameter, as used within the `/action/wirelessConnect` handler. | 2022-10-25 | 8.8 | CVE-2022-35887 MISC |
goabode — iota_all-in-one_security_kit_firmware | An information disclosure vulnerability exists in the XFINDER functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted man-in-the-middle attack can lead to increased privileges. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. | 2022-10-25 | 8.1 | CVE-2022-29475 MISC |
goabode — iota_all-in-one_security_kit_firmware | A denial of service vulnerability exists in the XCMD doDebug functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted XCMD can lead to denial of service. An attacker can send a malicious XML payload to trigger this vulnerability. | 2022-10-25 | 7.5 | CVE-2022-32760 MISC |
gradle — enterprise | A credential-exposure vulnerability in the support-bundle mechanism in Gradle Enterprise 2022.3 through 2022.3.3 allows remote attackers to access a subset of application data (e.g., cleartext credentials). This is fixed in 2022.3.3. | 2022-10-21 | 7.5 | CVE-2022-41575 MISC MISC |
hospital_management_system_project — hospital_management_system | Hospital Management System v 4.0 is vulnerable to SQL Injection via file:hospital/hms/admin/view-patient.php. | 2022-10-28 | 8.8 | CVE-2021-35387 MISC MISC |
iij — iij_smartkey | Information disclosure vulnerability in Android App ‘IIJ SmartKey’ versions prior to 2.1.4 allows an attacker to obtain a one-time password issued by the product under certain conditions. | 2022-10-24 | 7.5 | CVE-2022-41986 MISC MISC |
jflyfox — jfinal_cms | JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/advicefeedback/list | 2022-10-26 | 8.8 | CVE-2022-37202 MISC MISC |
jupyter — jupyter_core | Jupyter Core is a package for the core common functionality of Jupyter projects. Jupyter Core prior to version 4.11.2 contains an arbitrary code execution vulnerability in `jupyter_core` that stems from `jupyter_core` executing untrusted files in CWD. This vulnerability allows one user to run code as another. Version 4.11.2 contains a patch for this issue. There are no known workarounds. | 2022-10-26 | 8.8 | CVE-2022-39286 MISC CONFIRM |
kadencewp — kadence_woocommerce_email_designer | The Kadence WooCommerce Email Designer WordPress plugin before 1.5.7 unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import (intentionally or not) a malicious file and a suitable gadget chain is present on the blog. | 2022-10-25 | 7.2 | CVE-2022-3335 CONFIRM |
kartverket — github-workflows | kartverket/github-workflows are shared reusable workflows for GitHub Actions. Prior to version 2.7.5, all users of the `run-terraform` reusable workflow from the kartverket/github-workflows repo are affected by a code injection vulnerability. A malicious actor could potentially send a PR with a malicious payload leading to execution of arbitrary JavaScript code in the context of the workflow. Users should upgrade to at least version 2.7.5 to resolve the issue. As a workaround, review any pull requests from external users for malicious payloads before allowing them to trigger a build. | 2022-10-25 | 8.8 | CVE-2022-39326 CONFIRM MISC MISC |
keystonejs — keystone | @keystone-6/core is a core package for Keystone 6, a content management system for Node.js. Starting with version 2.2.0 and prior to version 2.3.1, users who expected their `multiselect` fields to use the field-level access control – if configured – are vulnerable to their field-level access control not being used. List-level access control is not affected. Field-level access control for fields other than `multiselect` are not affected. Version 2.3.1 contains a fix for this issue. As a workaround, stop using the `multiselect` field. | 2022-10-25 | 9.8 | CVE-2022-39322 CONFIRM MISC |
lannerinc — iac-ast2500_firmware | Use of hard-coded TLS certificate by default allows an attacker to perform Man-in-the-Middle (MitM) attacks even in the presence of the HTTPS connection. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.00.0. | 2022-10-24 | 8.1 | CVE-2021-4228 MISC |
lannerinc — iac-ast2500a_firmware | Multiple command injections and stack-based buffer overflows vulnerabilities in the SubNet_handler_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. | 2022-10-24 | 9.8 | CVE-2021-26727 MISC MISC |
lannerinc — iac-ast2500a_firmware | Command injection and stack-based buffer overflow vulnerabilities in the KillDupUsr_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. | 2022-10-24 | 9.8 | CVE-2021-26728 MISC MISC |
lannerinc — iac-ast2500a_firmware | Command injection and multiple stack-based buffer overflows vulnerabilities in the Login_handler_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. | 2022-10-24 | 9.8 | CVE-2021-26729 MISC MISC |
lannerinc — iac-ast2500a_firmware | A stack-based buffer overflow vulnerability in a subfunction of the Login_handler_func function of spx_restservice allows an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. | 2022-10-24 | 9.8 | CVE-2021-26730 MISC MISC |
lannerinc — iac-ast2500a_firmware | Command injection and multiple stack-based buffer overflows vulnerabilities in the modifyUserb_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. | 2022-10-24 | 9.8 | CVE-2021-26731 MISC MISC |
lannerinc — iac-ast2500a_firmware | Session fixation and insufficient session expiration vulnerabilities allow an attacker to perfom session hijacking attacks against users. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. | 2022-10-24 | 9.8 | CVE-2021-46279 MISC MISC |
lannerinc — iac-ast2500a_firmware | A broken access control vulnerability in the FirstReset_handler_func function of spx_restservice allows an attacker to arbitrarily send reboot commands to the BMC, causing a Denial-of-Service (DoS) condition. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. | 2022-10-24 | 7.5 | CVE-2021-26733 MISC MISC |
lannerinc — iac-ast2500a_firmware | A broken access control vulnerability in the KillDupUsr_func function of spx_restservice allows an attacker to arbitrarily terminate active sessions of other users, causing a Denial-of-Service (DoS) condition. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. | 2022-10-24 | 7.5 | CVE-2021-44467 MISC MISC |
lannerinc — iac-ast2500a_firmware | An improper input validation vulnerability in the TLS certificate generation function allows an attacker to cause a Denial-of-Service (DoS) condition which can only be reverted via a factory reset. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. | 2022-10-24 | 7.5 | CVE-2021-44769 MISC MISC |
libexpat_project — libexpat | In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations. | 2022-10-24 | 7.5 | CVE-2022-43680 MISC MISC MISC MLIST DEBIAN |
linux — linux_kernel | A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_new_inode of the file fs/nilfs2/inode.c of the component BPF. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211992. | 2022-10-21 | 9.8 | CVE-2022-3649 N/A N/A |
linux — linux_kernel | A vulnerability, which was classified as critical, was found in Linux Kernel. Affected is the function l2cap_conn_del of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211944. | 2022-10-21 | 8.8 | CVE-2022-3640 MISC MISC |
linux — linux_kernel | A vulnerability was found in Linux Kernel. It has been classified as critical. This affects the function devlink_param_set/devlink_param_get of the file net/core/devlink.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211929 was assigned to this vulnerability. | 2022-10-21 | 7.8 | CVE-2022-3625 N/A N/A |
linux — linux_kernel | A vulnerability, which was classified as critical, was found in Linux Kernel. This affects the function __mtk_ppe_check_skb of the file drivers/net/ethernet/mediatek/mtk_ppe.c of the component Ethernet Handler. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211935. | 2022-10-21 | 7.8 | CVE-2022-3636 N/A N/A |
linux — linux_kernel | drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user-space client to corrupt the monitor’s internal memory. | 2022-10-26 | 7.8 | CVE-2022-43750 MISC MISC MISC MISC |
linux — linux_kernel | A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function tst_timer of the file drivers/atm/idt77252.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. VDB-211934 is the identifier assigned to this vulnerability. | 2022-10-21 | 7 | CVE-2022-3635 N/A N/A |
litespeedtech — openlitespeed | Improper Input Validation vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server Dashboard allows Command Injection. This affects 1.7.0 versions before 1.7.16.1. | 2022-10-27 | 8.8 | CVE-2022-0073 MISC MISC |
litespeedtech — openlitespeed | Untrusted Search Path vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server Container allows Privilege Escalation. This affects versions from 1.6.15 before 1.7.16.1. | 2022-10-27 | 8.8 | CVE-2022-0074 MISC |
metabase — metabase | Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, H2 (Sample Database) could allow Remote Code Execution (RCE), which can be abused by users able to write SQL queries on H2 databases. This issue is patched in versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9. Metabase no longer allows DDL statements in H2 native queries. | 2022-10-26 | 8.8 | CVE-2022-39361 CONFIRM |
metabase — metabase | Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, unsaved SQL queries are auto-executed, which could pose a possible attack vector. This issue is patched in versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9. Metabase no longer automatically executes ad-hoc native queries. Now the native editor shows the query and gives the user the option to manually run the query if they want. | 2022-10-26 | 8.8 | CVE-2022-39362 MISC CONFIRM |
microsoft — azure_command-line_interface | Azure CLI is the command-line interface for Microsoft Azure. In versions previous to 2.40.0, Azure CLI contains a vulnerability for potential code injection. Critical scenarios are where a hosting machine runs an Azure CLI command where parameter values have been provided by an external source. The vulnerability is only applicable when the Azure CLI command is run on a Windows machine and with any version of PowerShell and when the parameter value contains the `&` or `|` symbols. If any of these prerequisites are not met, this vulnerability is not applicable. Users should upgrade to version 2.40.0 or greater to receive a a mitigation for the vulnerability. | 2022-10-25 | 9.8 | CVE-2022-39327 CONFIRM MISC MISC |
mitel — micollab | A vulnerability in the MiCollab Client server component of Mitel MiCollab through 9.5.0.101 could allow an authenticated attacker to conduct a Server-Side Request Forgery (SSRF) attack due to insufficient restriction of URL parameters. A successful exploit could allow an attacker to leverage connections and permissions available to the host server. | 2022-10-25 | 8.8 | CVE-2022-36451 MISC MISC |
mitel — micollab | A vulnerability in the MiCollab Client API of Mitel MiCollab 9.1.3 through 9.5.0.101 could allow an authenticated attacker to modify their profile parameters due to improper authorization controls. A successful exploit could allow the authenticated attacker to control another extension number. | 2022-10-25 | 8.8 | CVE-2022-36453 MISC MISC |
octopus — octopus_server | In affected versions of Octopus Server it is possible for a session token to be valid indefinitely due to improper validation of the session token parameters. | 2022-10-27 | 9.1 | CVE-2022-2782 MISC |
online_medicine_ordering_system_project — online_medicine_ordering_system | A vulnerability classified as critical has been found in SourceCodester Online Medicine Ordering System 1.0. Affected is an unknown function of the file admin/?page=orders/view_order. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. VDB-212346 is the identifier assigned to this vulnerability. | 2022-10-27 | 9.8 | CVE-2022-3714 MISC |
online_pet_shop_we_app_project — online_pet_shop_we_app | Online Pet Shop We App v1.0 was discovered to contain an arbitrary file upload vulnerability via the Editing function in the User module. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file uploaded through the picture upload point. | 2022-10-27 | 7.2 | CVE-2022-39977 MISC |
online_pet_shop_we_app_project — online_pet_shop_we_app | Online Pet Shop We App v1.0 was discovered to contain an arbitrary file upload vulnerability via the Editing function in the Product List module. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file uploaded through the picture upload point. | 2022-10-27 | 7.2 | CVE-2022-39978 MISC |
open-xchange — ox_app_suite | documentconverter in OX App Suite through 7.10.6, in a non-default configuration with ghostscript, allows OS Command Injection because file conversion may occur for an EPS document that is disguised as a PDF document. | 2022-10-25 | 9.8 | CVE-2022-29851 MISC |
openfga — openfga | OpenFGA is an authorization/permission engine. Versions prior to version 0.2.4 are vulnerable to authorization bypass under certain conditions. Users who have wildcard (`*`) defined on tupleset relations in their authorization model are vulnerable. Version 0.2.4 contains a patch for this issue. | 2022-10-25 | 9.8 | CVE-2022-39341 CONFIRM MISC MISC |
openfga — openfga | OpenFGA is an authorization/permission engine. Versions prior to version 0.2.4 are vulnerable to authorization bypass under certain conditions. Users whose model has a relation defined as a tupleset (the right hand side of a ‘from’ statement) that involves anything other than a direct relationship (e.g. ‘as self’) are vulnerable. Version 0.2.4 contains a patch for this issue. | 2022-10-25 | 9.8 | CVE-2022-39342 CONFIRM MISC MISC |
opensuse — factory | A Improper Link Resolution Before File Access (‘Link Following’) vulnerability in a script called by the sendmail systemd service of openSUSE Factory allows local attackers to escalate from user mail to root. This issue affects: SUSE openSUSE Factory sendmail versions prior to 8.17.1-1.1. | 2022-10-26 | 7.8 | CVE-2022-31256 CONFIRM |
oxilab — accordions | Auth. WordPress Options Change (siteurl, users_can_register, default_role, admin_email and new_admin_email) vulnerability in Biplob Adhikari’s Accordions – Multiple Accordions or FAQs Builder plugin (versions <= 2.0.3 on WordPress. | 2022-10-21 | 7.2 | CVE-2022-38104 CONFIRM CONFIRM |
parseplatform — parse-server | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Versions prior to 4.10.17, and prior to 5.2.8 on the 5.x branch, crash when a file download request is received with an invalid byte range, resulting in a Denial of Service. This issue has been patched in versions 4.10.17, and 5.2.8. There are no known workarounds. | 2022-10-24 | 7.5 | CVE-2022-39313 CONFIRM |
pikepdf_project — pikepdf | pikepdf before 2.10.0 allows an XXE attack against PDF XMP metadata parsing. | 2022-10-24 | 9.8 | CVE-2021-46849 MISC MISC |
redis — redis | A vulnerability, which was classified as problematic, was found in Redis. Affected is the function sigsegvHandler of the file debug.c of the component Crash Report. The manipulation leads to denial of service. The name of the patch is 0bf90d944313919eb8e63d3588bf63a367f020a3. It is recommended to apply a patch to fix this issue. VDB-211962 is the identifier assigned to this vulnerability. | 2022-10-21 | 7.5 | CVE-2022-3647 N/A N/A |
robustel — r1510_firmware | An OS command injection vulnerability exists in the sysupgrade command injection functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability. | 2022-10-25 | 9.8 | CVE-2022-32765 MISC |
robustel — r1510_firmware | An OS command injection vulnerability exists in the js_package install functionality of Robustel R1510 3.1.16. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability. | 2022-10-25 | 9.8 | CVE-2022-33150 MISC |
robustel — r1510_firmware | A directory traversal vulnerability exists in the web_server /ajax/remove/ functionality of Robustel R1510 3.1.16. A specially-crafted network request can lead to arbitrary file deletion. An attacker can send a sequence of requests to trigger this vulnerability. | 2022-10-25 | 9.1 | CVE-2022-33897 MISC |
robustel — r1510_firmware | A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.The `/action/import_authorized_keys/` API is affected by command injection vulnerability. | 2022-10-25 | 7.5 | CVE-2022-35261 MISC |
robustel — r1510_firmware | A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.The `/action/import_xml_file/` API is affected by command injection vulnerability. | 2022-10-25 | 7.5 | CVE-2022-35262 MISC |
robustel — r1510_firmware | A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.The `/action/import_file/` API is affected by command injection vulnerability. | 2022-10-25 | 7.5 | CVE-2022-35263 MISC |
robustel — r1510_firmware | A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.The `/action/import_aaa_cert_file/` API is affected by command injection vulnerability. | 2022-10-25 | 7.5 | CVE-2022-35264 MISC |
robustel — r1510_firmware | A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.The `/action/import_nodejs_app/` API is affected by command injection vulnerability. | 2022-10-25 | 7.5 | CVE-2022-35265 MISC |
robustel — r1510_firmware | A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.The `/action/import_firmware/` API is affected by command injection vulnerability. | 2022-10-25 | 7.5 | CVE-2022-35266 MISC |
robustel — r1510_firmware | A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.The `/action/import_https_cert_file/` API is affected by command injection vulnerability. | 2022-10-25 | 7.5 | CVE-2022-35267 MISC |
robustel — r1510_firmware | A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.The `/action/import_sdk_file/` API is affected by command injection vulnerability. | 2022-10-25 | 7.5 | CVE-2022-35268 MISC |
robustel — r1510_firmware | A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.The `/action/import_e2c_json_file/` API is affected by command injection vulnerability. | 2022-10-25 | 7.5 | CVE-2022-35269 MISC |
robustel — r1510_firmware | A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.The `/action/import_wireguard_cert_file/` API is affected by command injection vulnerability. | 2022-10-25 | 7.5 | CVE-2022-35270 MISC |
robustel — r1510_firmware | A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.The `/action/import_cert_file/` API is affected by command injection vulnerability. | 2022-10-25 | 7.5 | CVE-2022-35271 MISC |
robustel — r1510_firmware | An OS command injection vulnerability exists in the web_server /action/import_authorized_keys/ functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability. | 2022-10-25 | 7.2 | CVE-2022-34850 MISC |
sanitization_management_system_project — sanitization_management_system | A vulnerability has been found in SourceCodester Sanitization Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to missing authentication. The attack can be launched remotely. The identifier VDB-212017 was assigned to this vulnerability. | 2022-10-26 | 9.8 | CVE-2022-3674 N/A |
school_activity_updates_with_sms_notification_project — school_activity_updates_with_sms_notification | School Activity Updates with SMS Notification v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /modules/announcement/index.php?view=edit&id=. | 2022-10-27 | 9.8 | CVE-2022-39976 MISC |
sem-cms — semcms | SEMCMS v 1.2 is vulnerable to SQL Injection via SEMCMS_User.php. | 2022-10-28 | 9.8 | CVE-2021-38217 MISC |
sem-cms — semcms | SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Plist.php. | 2022-10-28 | 9.8 | CVE-2021-38729 MISC MISC |
sem-cms — semcms | SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Info.php. | 2022-10-28 | 9.8 | CVE-2021-38730 MISC MISC |
sem-cms — semcms | SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Zekou.php. | 2022-10-28 | 9.8 | CVE-2021-38731 MISC MISC |
sem-cms — semcms | SEMCMS SHOP v 1.1 is vulnerable to SQL via Ant_Message.php. | 2022-10-28 | 9.8 | CVE-2021-38732 MISC MISC |
sem-cms — semcms | SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_BlogCat.php. | 2022-10-28 | 9.8 | CVE-2021-38733 MISC MISC |
sem-cms — semcms | SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Menu.php. | 2022-10-28 | 9.8 | CVE-2021-38734 MISC MISC |
sem-cms — semcms | SEMCMS Shop V 1.1 is vulnerable to SQL Injection via Ant_Global.php. | 2022-10-28 | 9.8 | CVE-2021-38736 MISC MISC |
sem-cms — semcms | SEMCMS v 1.1 is vulnerable to SQL Injection via Ant_Pro.php. | 2022-10-28 | 9.8 | CVE-2021-38737 MISC MISC |
shescape_project — shescape | The package shescape from 1.5.10 and before 1.6.1 are vulnerable to Regular Expression Denial of Service (ReDoS) via the escape function in index.js, due to the usage of insecure regex in the escapeArgBash function. | 2022-10-27 | 7.5 | CVE-2022-25918 MISC MISC MISC MISC |
siemens — siveillance_video_mobile_server | A vulnerability has been identified in Siveillance Video Mobile Server V2022 R2 (All versions < V22.2a (80)). The mobile server component of affected applications improperly handles the log in for Active Directory accounts that are part of Administrators group. This could allow an unauthenticated remote attacker to access the application without a valid account. | 2022-10-21 | 9.8 | CVE-2022-43400 MISC |
simple_cold_storage_management_system_project — simple_cold_storage_managment_system | Simple Cold Storage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /bookings/update_status.php. | 2022-10-28 | 7.2 | CVE-2022-43229 MISC |
simple_cold_storage_management_system_project — simple_cold_storage_managment_system | Simple Cold Storage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=bookings/view_details. | 2022-10-28 | 7.2 | CVE-2022-43230 MISC |
socket — socket.io-parser | Due to improper type validation in attachment parsing the Socket.io js library, it is possible to overwrite the _placeholder object which allows an attacker to place references to functions at arbitrary places in the resulting query object. | 2022-10-26 | 9.8 | CVE-2022-2421 CONFIRM CONFIRM |
soflyy — wp_all_export | The WP All Export Pro WordPress plugin before 1.7.9 uses the contents of the cc_sql POST parameter directly as a database query, allowing users which has been given permission to run exports to execute arbitrary SQL statements, leading to a SQL Injection vulnerability. By default only users with the Administrator role can perform exports, but this can be delegated to lower privileged users as well. | 2022-10-25 | 8.8 | CVE-2022-3395 CONFIRM |
soflyy — wp_all_export | The WP All Export Pro WordPress plugin before 1.7.9 does not limit some functionality during exports only to users with the Administrator role, allowing any logged in user which has been given privileges to perform exports to execute arbitrary code on the site. By default only administrators can run exports, but the privilege can be delegated to lower privileged users. | 2022-10-25 | 7.2 | CVE-2022-3394 CONFIRM |
softmotions — iowow | IOWOW is a C utility library and persistent key/value storage engine. Versions 1.4.15 and prior contain a stack buffer overflow vulnerability that allows for Denial of Service (DOS) when it parses scientific notation numbers present in JSON. A patch for this issue is available at commit a79d31e4cff1d5a08f665574b29fd885897a28fd in the `master` branch of the repository. There are no workarounds other than applying the patch. | 2022-10-21 | 7.5 | CVE-2022-23462 CONFIRM MISC |
sony — content_transfer | Untrusted search path vulnerability in the installer of Content Transfer (for Windows) Ver.1.3 and prior allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2022-10-24 | 7.8 | CVE-2022-41796 MISC MISC |
st — stm32_mw_usb_host | A buffer overflow vulnerability in stm32_mw_usb_host of STMicroelectronics allows an attacker to execute arbitrary code when the descriptor contains more endpoints than USBH_MAX_NUM_ENDPOINTS. The library is typically integrated when using a RTOS such as FreeRTOS on STM32 MCUs. | 2022-10-21 | 9.8 | CVE-2021-42553 CONFIRM |
synology — diskstation_manager | Missing authentication for critical function vulnerability in iSCSI management functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote attackers to read or write arbitrary files via unspecified vectors. | 2022-10-25 | 9.1 | CVE-2022-27623 CONFIRM |
synology — presto_file_server | Improper privilege management vulnerability in summary report management in Synology Presto File Server before 2.1.2-1601 allows remote authenticated users to bypass security constraint via unspecified vectors. | 2022-10-26 | 8.8 | CVE-2022-43749 CONFIRM |
synology — presto_file_server | Improper limitation of a pathname to a restricted directory (‘Path Traversal’) vulnerability in file operation management in Synology Presto File Server before 2.1.2-1601 allows remote attackers to write arbitrary files via unspecified vectors. | 2022-10-26 | 7.5 | CVE-2022-43748 CONFIRM |
tenda — ax1803_firmware | Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow vulnerability in the GetParentControlInfo function, which can cause a denial of service attack through a carefully constructed http request. | 2022-10-27 | 7.5 | CVE-2022-40874 MISC |
tenda — ax1803_firmware | Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow in the function GetParentControlInfo. | 2022-10-27 | 7.5 | CVE-2022-40875 MISC |
uatech — badaso | Badaso version 2.6.0 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users. | 2022-10-25 | 9.8 | CVE-2022-41711 MISC MISC |
vestacp — control_panel | myVesta Control Panel before 0.9.8-26-43 and Vesta Control Panel before 0.9.8-26 are vulnerable to command injection. An authenticated and remote administrative user can execute arbitrary commands via the v_sftp_license parameter when sending HTTP POST requests to the /edit/server endpoint. | 2022-10-24 | 7.2 | CVE-2021-46850 MISC MISC MISC MISC MISC |
vim — vim | A vulnerability was found in vim and classified as problematic. Affected by this issue is the function qf_update_buffer of the file quickfix.c of the component autocmd Handler. The manipulation leads to use after free. The attack may be launched remotely. Upgrading to version 9.0.0805 is able to address this issue. The name of the patch is d0fab10ed2a86698937e3c3fed2f10bd9bb5e731. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-212324. | 2022-10-26 | 7.5 | CVE-2022-3705 MISC MISC |
webmin — usermin | Usermin through 1.850 allows a remote authenticated user to execute OS commands via command injection in a filename for the GPG module. | 2022-10-25 | 8.8 | CVE-2022-35132 MISC MISC |
wintercms — winter | Winter is a free, open-source content management system based on the Laravel PHP framework. The Snowboard framework in versions 1.1.8, 1.1.9, and 1.2.0 is vulnerable to prototype pollution in the main Snowboard class as well as its plugin loader. The 1.0 branch of Winter is not affected, as it does not contain the Snowboard framework. This issue has been patched in v1.1.10 and v1.2.1. As a workaround, one may avoid this issue by following some common security practices for JavaScript, including implementing a content security policy and auditing scripts. | 2022-10-26 | 9.8 | CVE-2022-39357 MISC MISC MISC CONFIRM MISC |
yokogawa — wtviewerefree | Stack-based buffer overflow in WTViewerE series WTViewerE 761941 from 1.31 to 1.61 and WTViewerEfree from 1.01 to 1.52 allows an attacker to cause the product to crash by processing a long file name. | 2022-10-24 | 9.8 | CVE-2022-40984 MISC MISC |
yordam — library_automation_system | Yordam Library Information Document Automation product before version 19.02 has an unauthenticated Information disclosure vulnerability. | 2022-10-27 | 7.5 | CVE-2021-45475 CONFIRM |
zalando — skipper | Zalando Skipper v0.13.236 is vulnerable to Server-Side Request Forgery (SSRF). | 2022-10-25 | 9.8 | CVE-2022-38580 MISC MISC MISC MISC |
Medium Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
adenion — blog2social | The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.9.10 does not have authorisation in an AJAX action, and does not ensure that the URL to make a request to is an external one. As a result, any authenticated users, such as subscriber could perform SSRF attacks | 2022-10-25 | 6.5 | CVE-2022-3247 CONFIRM |
adminpad_project — adminpad | The AdminPad WordPress plugin before 2.2 does not have CSRF check when updating admin’s note, allowing attackers to make a logged in admin update their notes via a CSRF attack | 2022-10-25 | 6.5 | CVE-2022-2762 MISC |
advantech — r-seenet | Advantech R-SeeNet Versions 2.4.19 and prior are vulnerable to path traversal attacks. An unauthorized attacker could remotely exploit vulnerable PHP code to delete .PDF files. | 2022-10-27 | 5.3 | CVE-2022-3387 MISC |
algosec — fireflow | AlgoSec – FireFlow Reflected Cross-Site-Scripting (RXSS) A malicious user injects JavaScript code into a parameter called IntersectudRule on the search/result.html page. The malicious user changes the request from POST to GET and sends the URL to another user (victim). JavaScript code is executed on the browser of the other user. | 2022-10-25 | 5.4 | CVE-2022-36783 MISC |
alivecor — kardia | CWE-302 Authentication Bypass by Assumed-Immutable Data in AliveCor Kardia App version 5.17.1-754993421 and prior on Android allows an unauthenticated attacker with physical access to the Android device containing the app to bypass application authentication and alter information in the app. | 2022-10-26 | 6.1 | CVE-2022-40703 MISC |
apache — geode | Apache Geode versions up to 1.15.0 are vulnerable to a Cross-Site Scripting (XSS) via data injection when using Pulse web application to view Region entries. | 2022-10-25 | 5.4 | CVE-2022-34870 MISC MLIST |
axiosys — bento4 | A vulnerability was found in Axiomatic Bento4. It has been rated as problematic. This issue affects the function AP4_StsdAtom of the file Ap4StsdAtom.cpp of the component MP4fragment. The manipulation leads to null pointer dereference. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212003. | 2022-10-26 | 5.5 | CVE-2022-3663 MISC MISC MISC |
axiosys — bento4 | A vulnerability has been found in Axiomatic Bento4 and classified as problematic. This vulnerability affects the function AP4_AtomFactory::CreateAtomFromStream of the component mp4edit. The manipulation leads to memory leak. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212008. | 2022-10-26 | 5.5 | CVE-2022-3668 MISC MISC MISC |
axiosys — bento4 | A vulnerability was found in Axiomatic Bento4 and classified as problematic. This issue affects the function AP4_AvccAtom::Create of the component mp4edit. The manipulation leads to memory leak. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-212009 was assigned to this vulnerability. | 2022-10-26 | 5.5 | CVE-2022-3669 MISC MISC MISC |
bookstackapp — bookstack | Cross-site scripting vulnerability in BookStack versions prior to v22.09 allows a remote authenticated attacker to inject an arbitrary script. | 2022-10-24 | 5.4 | CVE-2022-40690 MISC MISC MISC |
bricksbuilder — bricks | The Bricks theme for WordPress is vulnerable to authorization bypass due to a missing capability check on the bricks_save_post AJAX action in versions 1.0 to 1.5.3. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to edit any page, post, or template on the vulnerable WordPress website. | 2022-10-28 | 6.5 | CVE-2022-3400 MISC MISC |
broadcom — fabric_operating_system | Brocade Fabric OS Web Application services before Brocade Fabric v9.1.0, v9.0.1e, v8.2.3c, v7.4.2j store server and user passwords in the debug statements. This could allow a local user to extract the passwords from a debug file. | 2022-10-25 | 6.5 | CVE-2022-28170 MISC |
broadcom — fabric_operating_system | A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5 could allow a local authenticated attacker to export out sensitive files with “seccryptocfg”, “configupload”. | 2022-10-25 | 5.5 | CVE-2022-33180 MISC |
broadcom — fabric_operating_system | An information disclosure vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a local authenticated attacker to read sensitive files using switch commands “configshow” and “supportlink”. | 2022-10-25 | 5.5 | CVE-2022-33181 MISC |
cisco — identity_services_engine | A vulnerability in the External RESTful Services (ERS) API of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by persuading an authenticated administrator of the web-based management interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | 2022-10-26 | 5.4 | CVE-2022-20959 CISCO |
dell — emc_isilon_onefs | The Dell Isilon OneFS versions 8.2.2 and earlier SSHD process improperly allows Transmission Control Protocol (TCP) and stream forwarding. This provides the remotesupport user and users with restricted shells more access than is intended. | 2022-10-21 | 4.3 | CVE-2020-5355 CONFIRM |
dell — emc_powerscale_onefs | Dell PowerScale OneFS, versions 8.2.2-9.3.0, contain an OS command injection vulnerability. A privileged local malicious user could potentially exploit this vulnerability, leading to a full system compromise. This impacts compliance mode clusters. | 2022-10-21 | 6.7 | CVE-2022-34437 CONFIRM |
dell — emc_powerscale_onefs | Dell PowerScale OneFS, versions 8.2.x-9.4.0.x, contain a privilege context switching error. A local authenticated malicious user with high privileges could potentially exploit this vulnerability, leading to full system compromise. This impacts compliance mode clusters. | 2022-10-21 | 6.7 | CVE-2022-34438 CONFIRM |
dell — emc_powerscale_onefs | Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, and 9.3.0.6, contain sensitive data in log files vulnerability. A privileged local user may potentially exploit this vulnerability, leading to disclosure of this sensitive data. | 2022-10-21 | 4.4 | CVE-2022-31239 CONFIRM |
deltaww — diaenergie | The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PostEnergyType API. | 2022-10-27 | 5.4 | CVE-2022-40965 MISC |
deltaww — diaenergie | The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PutLineMessageSetting API. | 2022-10-27 | 5.4 | CVE-2022-41555 MISC |
deltaww — diaenergie | The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the SetPF API. | 2022-10-27 | 5.4 | CVE-2022-41651 MISC |
deltaww — diaenergie | The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PutShift API. | 2022-10-27 | 5.4 | CVE-2022-41701 MISC |
deltaww — diaenergie | The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the InsertReg API. | 2022-10-27 | 5.4 | CVE-2022-41702 MISC |
eclipse — openj9 | In Eclipse Openj9 before version 0.35.0, interface calls can be inlined without a runtime type check. Malicious bytecode could make use of this inlining to access or modify memory via an incompatible type. | 2022-10-24 | 6.5 | CVE-2022-3676 CONFIRM CONFIRM CONFIRM |
employee_record_management_system_project — employee_record_management_system | Employee Record Management System v 1.2 is vulnerable to Cross Site Scripting (XSS) via editempprofile.php. | 2022-10-28 | 5.4 | CVE-2021-37781 MISC MISC |
esri — arcgis_server | There is as reflected cross site scripting issue in Esri ArcGIS Server versions 10.9.1 and below which may allow a remote unauthorized attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim’s browser. | 2022-10-25 | 6.1 | CVE-2022-38195 CONFIRM |
esri — arcgis_server | There is a reflected cross site scripting issue in the Esri ArcGIS Server services directory versions 10.9.1 and below that may allow a remote, unauthenticated attacker to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim’s browser. | 2022-10-25 | 6.1 | CVE-2022-38198 CONFIRM |
esri — arcgis_server | A remote file download issue can occur in some capabilities of Esri ArcGIS Server web services that may in some edge cases allow a remote, unauthenticated attacker to induce an unsuspecting victim to launch a process in the victim’s PATH environment. Current browsers provide users with warnings against running unsigned executables downloaded from the internet. | 2022-10-25 | 6.1 | CVE-2022-38199 CONFIRM |
exiv2 — exiv2 | A vulnerability, which was classified as problematic, was found in Exiv2. This affects the function QuickTimeVideo::decodeBlock of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to null pointer dereference. It is possible to initiate the attack remotely. The name of the patch is 459910c36a21369c09b75bcfa82f287c9da56abf. It is recommended to apply a patch to fix this issue. The identifier VDB-212349 was assigned to this vulnerability. | 2022-10-27 | 6.5 | CVE-2022-3718 MISC MISC MISC |
expresstech — quiz_and_survey_master | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in ExpressTech Quiz And Survey Master plugin <= 7.3.4 on WordPress. | 2022-10-28 | 5.4 | CVE-2021-36863 CONFIRM CONFIRM |
fluxcd — source-controller | Flux is an open and extensible continuous delivery solution for Kubernetes. Versions prior to 0.35.0 are subject to a Denial of Service. Users that have permissions to change Flux’s objects, either through a Flux source or directly within a cluster, can provide invalid data to fields `.spec.interval` or `.spec.timeout` (and structured variations of these fields), causing the entire object type to stop being processed. This issue is patched in version 0.35.0. As a workaround, Admission controllers can be employed to restrict the values that can be used for fields `.spec.interval` and `.spec.timeout`, however upgrading to the latest versions is still the recommended mitigation. | 2022-10-22 | 4.3 | CVE-2022-39272 CONFIRM MISC |
free5gc — free5gc | In free5GC 3.2.1, a malformed NGAP message can crash the AMF and NGAP decoders via an index-out-of-range panic in aper.GetBitString. | 2022-10-24 | 5.5 | CVE-2022-43677 MISC |
genivi — diagnostic_log_and_trace | An issue was discovered in Connected Vehicle Systems Alliance (COVESA) dlt-daemon through 2.18.8. Due to a faulty DLT file parser, a crafted DLT file that crashes the process can be created. This is due to missing validation checks. There is a heap-based buffer over-read of one byte. | 2022-10-25 | 5.5 | CVE-2022-39836 MISC MISC |
genivi — diagnostic_log_and_trace | An issue was discovered in Connected Vehicle Systems Alliance (COVESA) dlt-daemon through 2.18.8. Due to a faulty DLT file parser, a crafted DLT file that crashes the process can be created. This is due to missing validation checks. There is a NULL pointer dereference, | 2022-10-25 | 5.5 | CVE-2022-39837 MISC MISC |
getkirby — kirby | Kirby is a Content Management System. Prior to versions 3.5.8.2, 3.6.6.2, 3.7.5.1, and 3.8.1, a user enumeration vulnerability affects all Kirby sites with user accounts unless Kirby’s API and Panel are disabled in the config. It can only be exploited for targeted attacks because the attack does not scale to brute force. The problem has been patched in Kirby 3.5.8.2, Kirby 3.6.6.2, Kirby 3.7.5.1, and Kirby 3.8.1. In all of the mentioned releases, the maintainers have rewritten the affected code so that the delay is also inserted after the brute force limit is reached. | 2022-10-25 | 5.3 | CVE-2022-39315 CONFIRM MISC MISC MISC MISC |
gitlab — gitlab | An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 9.3 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 allows a project maintainer to access the DataDog integration API key from webhook logs. | 2022-10-28 | 4.9 | CVE-2022-3018 MISC CONFIRM |
gitlab — gitlab | An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. A malicious maintainer could exfiltrate a GitHub integration’s access token by modifying the integration URL such that authenticated requests are sent to an attacker controlled server. | 2022-10-28 | 4.3 | CVE-2022-2882 MISC MISC CONFIRM |
goabode — iota_all-in-one_security_kit_firmware | A double-free vulnerability exists in the web interface /action/ipcamSetParamPost functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to memory corruption. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2022-10-25 | 6.5 | CVE-2022-32574 MISC |
google — bazel | A bad credential handling in the remote assets API for Bazel versions prior to 5.3.2 and 4.2.3 sends all user-provided credentials instead of only the required ones for the requests. We recommend upgrading to versions later than or equal to 5.3.2 or 4.2.3. | 2022-10-26 | 4.3 | CVE-2022-3474 CONFIRM |
hospital_management_system_project — hospital_management_system | Hospital Management System v 4.0 is vulnerable to Cross Site Scripting (XSS) via /hospital/hms/admin/patient-search.php. | 2022-10-28 | 5.4 | CVE-2021-35388 MISC MISC |
ipfire — ipfire | Multiple stored cross-site scripting vulnerabilities in the web user interface of IPFire versions prior to 2.27 allows a remote authenticated attacker with administrative privilege to inject an arbitrary script. | 2022-10-24 | 4.8 | CVE-2022-36368 MISC MISC MISC MISC |
jadx_project — jadx | jadx is a set of command line and GUI tools for producing Java source code from Android Dex and Apk files. versions prior to 1.4.5 are subject to a Denial of Service when opening zip files with HTML sequences. This issue has been patched in version 1.4.5. There are no known workarounds. | 2022-10-21 | 5.5 | CVE-2022-39259 CONFIRM |
joomla — joomla\! | An issue was discovered in Joomla! 4.2.0 through 4.2.3. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in various components. | 2022-10-25 | 6.1 | CVE-2022-27913 MISC |
joomla — joomla\! | An issue was discovered in Joomla! 4.0.0 through 4.2.3. Sites with publicly enabled debug mode exposed data of previous requests. | 2022-10-25 | 5.3 | CVE-2022-27912 MISC |
juiker — juiker | Juiker app hard-coded its AES key in the source code. A physical attacker, after getting the Android root privilege, can use the AES key to decrypt users’ ciphertext and tamper with it. | 2022-10-24 | 6.1 | CVE-2022-38117 MISC |
lannerinc — iac-ast2500a_firmware | A broken access control vulnerability in the First_network_func function of spx_restservice allows an attacker to arbitrarily change the network configuration of the BMC. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. | 2022-10-24 | 5.3 | CVE-2021-26732 MISC MISC |
lannerinc — iac-ast2500a_firmware | A broken access control vulnerability in the SubNet_handler_func function of spx_restservice allows an attacker to arbitrarily change the security access rights to KVM and Virtual Media functionalities. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. | 2022-10-24 | 5.3 | CVE-2021-44776 MISC MISC |
lannerinc — iac-ast2500a_firmware | Observable discrepancies in the login process allow an attacker to guess legitimate user names registered in the BMC. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. | 2022-10-24 | 5.3 | CVE-2021-45925 MISC MISC |
laubrotel — lbstopattack | The LBStopAttack WordPress plugin through 1.1.2 does not use nonces when saving its settings, making it possible for attackers to conduct CSRF attacks. This could allow attackers to disable the plugin’s protections. | 2022-10-25 | 6.5 | CVE-2022-3097 MISC |
lemon8_project — lemon8 | Improper authorization in handler for custom URL scheme vulnerability in Lemon8 App for Android versions prior to 3.3.5 and Lemon8 App for iOS versions prior to 3.3.5 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack. | 2022-10-24 | 6.5 | CVE-2022-41797 MISC MISC MISC |
linux — linux_kernel | A flaw was found in the KVM’s AMD nested virtualization (SVM). A malicious L1 guest could purposely fail to intercept the shutdown of a cooperative nested guest (L2), possibly leading to a page fault and kernel panic in the host (L0). | 2022-10-25 | 5.5 | CVE-2022-3344 MISC MISC |
linux — linux_kernel | A vulnerability was found in Linux Kernel. It has been rated as problematic. This issue affects some unknown processing of the file fs/fscache/cookie.c of the component IPsec. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211931. | 2022-10-21 | 5.5 | CVE-2022-3630 N/A N/A |
linux — linux_kernel | A vulnerability classified as problematic has been found in Linux Kernel. This affects the function rtl8188f_spur_calibration of the file drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_8188f.c of the component Wireless. The manipulation of the argument hw_ctrl_s1/sw_ctrl_s1 leads to use of uninitialized variable. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211959. | 2022-10-21 | 5.5 | CVE-2022-3642 MISC MISC |
linux — linux_kernel | A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects the function nilfs_attach_log_writer of the file fs/nilfs2/segment.c of the component BPF. The manipulation leads to memory leak. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211961 was assigned to this vulnerability. | 2022-10-21 | 5.3 | CVE-2022-3646 N/A N/A |
litespeedtech — openlitespeed | Directory Traversal vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server Dashboard allows Path Traversal. This affects versions from 1.5.11 through 1.5.12, from 1.6.5 through 1.6.20.1, from 1.7.0 before 1.7.16.1 | 2022-10-27 | 5.8 | CVE-2022-0072 MISC MISC |
metabase — metabase | Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, and 1.42.6, it was possible to circumvent locked parameters when requesting data for a question in an embedded dashboard by constructing a malicious request to the backend. This issue is patched in versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, and 1.42.6. | 2022-10-26 | 6.5 | CVE-2022-39358 CONFIRM |
metabase — metabase | Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, custom GeoJSON map URL address would follow redirects to addresses that were otherwise disallowed, like link-local or private-network. This issue is patched in versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9. Metabase no longer follow redirects on GeoJSON map URLs. An environment variable `MB_CUSTOM_GEOJSON_ENABLED` was also added to disable custom GeoJSON completely (`true` by default). | 2022-10-26 | 6.5 | CVE-2022-39359 CONFIRM MISC |
metabase — metabase | Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9 single sign on (SSO) users were able to do password resets on Metabase, which could allow a user access without going through the SSO IdP. This issue is patched in versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9. Metabase now blocks password reset for all users who use SSO for their Metabase login. | 2022-10-26 | 6.5 | CVE-2022-39360 MISC CONFIRM |
metabase — metabase | The url parameter of the /api/geojson endpoint in Metabase versions <44.5 can be used to perform Server Side Request Forgery attacks. Previously implemented blacklists could be circumvented by leveraging 301 and 302 redirects. | 2022-10-26 | 6.5 | CVE-2022-43776 MISC |
mitel — micollab | A vulnerability in the MiCollab Client API of Mitel MiCollab through 9.5.0.101 could allow an authenticated attacker to modify their profile parameters due to improper authorization controls. A successful exploit could allow the authenticated attacker to impersonate another user’s name. | 2022-10-25 | 6.5 | CVE-2022-36454 MISC MISC |
octopus — octopus_server | In affected versions of Octopus Server it is possible to reveal the existence of resources in a space that the user does not have access to due to verbose error messaging. | 2022-10-27 | 5.3 | CVE-2022-2508 MISC |
online_medicine_ordering_system_project — online_medicine_ordering_system | A vulnerability classified as problematic was found in SourceCodester Online Medicine Ordering System 1.0. Affected by this vulnerability is an unknown functionality of the file /omos/admin/?page=user/list. The manipulation of the argument First Name/Middle Name/Last Name leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-212347. | 2022-10-27 | 5.4 | CVE-2022-3716 MISC |
open-xchange — ox_app_suite | OX App Suite through 8.2 allows XSS via an attachment or OX Drive content when a client uses the len or off parameter. | 2022-10-25 | 6.1 | CVE-2022-31468 MISC |
openfga — openfga | OpenFGA is an authorization/permission engine. Prior to version 0.2.4, the `streamed-list-objects` endpoint was not validating the authorization header, resulting in disclosure of objects in the store. Users `openfga/openfga` versions 0.2.3 and prior who are exposing the OpenFGA service to the internet are vulnerable. Version 0.2.4 contains a patch for this issue. | 2022-10-25 | 5.3 | CVE-2022-39340 CONFIRM MISC MISC |
owasp — dependency-track | Dependency-Track is a Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Prior to version 4.6.0, performing an API request using a valid API key with insufficient permissions causes the API key to be written to Dependency-Track’s audit log in clear text. Actors with access to the audit log can exploit this flaw to gain access to valid API keys. The issue has been fixed in Dependency-Track 4.6.0. Instead of logging the entire API key, only the last 4 characters of the key will be logged. It is strongly recommended to check historic logs for occurrences of this behavior, and re-generating API keys in case of leakage. | 2022-10-25 | 4.4 | CVE-2022-39351 MISC CONFIRM MISC |
owasp — dependency-track_frontend | @dependencytrack/frontend is a Single Page Application (SPA) used in Dependency-Track, an open source Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Due to the common practice of providing vulnerability details in markdown format, the Dependency-Track frontend renders them using the JavaScript library Showdown. Showdown does not have any XSS countermeasures built in, and versions before 4.6.1 of the Dependency-Track frontend did not encode or sanitize Showdown’s output. This made it possible for arbitrary JavaScript included in vulnerability details via HTML attributes to be executed in context of the frontend. Actors with the `VULNERABILITY_MANAGEMENT` permission can exploit this weakness by creating or editing a custom vulnerability and providing XSS payloads in any of the following fields: Description, Details, Recommendation, or References. The payload will be executed for users with the `VIEW_PORTFOLIO` permission when browsing to the modified vulnerability’s page. Alternatively, malicious JavaScript could be introduced via any of the vulnerability databases mirrored by Dependency-Track. However, this attack vector is highly unlikely, and the maintainers of Dependency-Track are not aware of any occurrence of this happening. Note that the `Vulnerability Details` element of the `Audit Vulnerabilities` tab in the project view is not affected. The issue has been fixed in frontend version 4.6.1. | 2022-10-25 | 5.4 | CVE-2022-39350 CONFIRM MISC MISC |
paessler — prtg_network_monitor | PRTG Network Monitor through 22.2.77.2204 does not prevent custom input for a device’s icon, which can be modified to insert arbitrary content into the style tag for that device. When the device page loads, the arbitrary Cascading Style Sheets (CSS) data is inserted into the style tag, loading malicious content. Due to PRTG Network Monitor preventing “characters, and from modern browsers disabling JavaScript support in style tags, this vulnerability could not be escalated into a Cross-Site Scripting vulnerability. | 2022-10-25 | 5.3 | CVE-2022-35739 MISC MISC |
password_storage_application_project — password_storage_application | Password Storage Application v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Setup page. | 2022-10-27 | 5.4 | CVE-2022-42993 MISC MISC MISC |
pulpproject — pulp_ansible | The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp’s encrypted field and exposes them in read/write mode via the API () instead of marking it as write only. | 2022-10-25 | 5.5 | CVE-2022-3644 MISC |
retain — retain_live_chat | The Retain Live Chat WordPress plugin through 0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2022-10-25 | 4.8 | CVE-2022-3391 CONFIRM |
rubyonrails — rails | A vulnerability classified as problematic has been found in Ruby on Rails. This affects an unknown part of the file actionpack/lib/action_dispatch/middleware/templates/routes/_table.html.erb. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is be177e4566747b73ff63fd5f529fab564e475ed4. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-212319. | 2022-10-26 | 5.4 | CVE-2022-3704 MISC MISC MISC |
rukovoditel — rukovoditel | A stored cross-site scripting (XSS) vulnerability in the Global Lists feature (/index.php?module=global_lists/lists) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking “Add”. | 2022-10-28 | 5.4 | CVE-2022-43164 MISC |
rukovoditel — rukovoditel | A stored cross-site scripting (XSS) vulnerability in the Global Variables feature (/index.php?module=global_vars/vars) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Value parameter after clicking “Create”. | 2022-10-28 | 5.4 | CVE-2022-43165 MISC |
rukovoditel — rukovoditel | A stored cross-site scripting (XSS) vulnerability in the Global Entities feature (/index.php?module=entities/entities) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking “Add New Entity”. | 2022-10-28 | 5.4 | CVE-2022-43166 MISC |
sanitization_management_system_project — sanitization_management_system | A vulnerability, which was classified as problematic, has been found in SourceCodester Sanitization Management System 1.0. This issue affects some unknown processing of the file /php-sms/classes/SystemSettings.php. The manipulation of the argument name/shortname leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-212015. | 2022-10-26 | 6.1 | CVE-2022-3672 N/A |
sanitization_management_system_project — sanitization_management_system | A vulnerability, which was classified as problematic, was found in SourceCodester Sanitization Management System 1.0. Affected is an unknown function of the file /php-sms/classes/Master.php. The manipulation of the argument message leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-212016. | 2022-10-26 | 6.1 | CVE-2022-3673 N/A |
sem-cms — semcms | SEMCMS SHOP v 1.1 is vulnerable to Cross Site Scripting (XSS) via Ant_M_Coup.php. | 2022-10-28 | 6.1 | CVE-2021-38728 MISC MISC |
simple_online_public_access_catalog_project — simple_online_public_access_catalog | A stored cross-site scripting (XSS) vulnerability in Simple Online Public Access Catalog v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit Account Full Name field. | 2022-10-27 | 5.4 | CVE-2022-42991 MISC MISC MISC |
softr — softr | Softr v2.0 was discovered to contain a Cross-Site Scripting (XSS) vulnerability via the First Name parameter under the Create A New Account module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | 2022-10-27 | 6.1 | CVE-2022-32407 MISC MISC |
synology — diskstation_manager | Server-Side Request Forgery (SSRF) vulnerability in Package Center functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote authenticated users to access intranet resources via unspecified vectors. | 2022-10-25 | 4.3 | CVE-2022-27622 CONFIRM |
tasks — tasks | The Tasks.org Android app is an open-source app for to-do lists and reminders. The Tasks.org app uses the activity `ShareLinkActivity.kt` to handle “share” intents coming from other components in the same device and convert them to tasks. Those intents may contain arbitrary file paths as attachments, in which case the files pointed by those paths are copied in the app’s external storage directory. Prior to versions 12.7.1 and 13.0.1, those paths were not validated, allowing a malicious or compromised application in the same device to force Tasks.org to copy files from its internal storage to its external storage directory, where they became accessible to any component with permission to read the external storage. This vulnerability can lead to sensitive information disclosure. All information in the user’s notes and the app’s preferences, including the encrypted credentials of CalDav integrations if enabled, could be accessed by third party applications installed on the same device. This issue was fixed in versions 12.7.1 and 13.0.1. There are no known workarounds. | 2022-10-25 | 5.5 | CVE-2022-39349 CONFIRM MISC |
tech-banker — contact_bank | The Contact Bank WordPress plugin through 3.0.30 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2022-10-25 | 4.8 | CVE-2022-3350 MISC |
tenable — nessus | An authenticated attacker could read Nessus Debug Log file attachments from the web UI without having the correct privileges to do so. This may lead to the disclosure of information on the scan target and/or the Nessus scan to unauthorized parties able to reach the Nessus instance. | 2022-10-25 | 6.5 | CVE-2022-33757 MISC |
themepoints — testimonials | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Themepoints Testimonials plugin <= 2.6 on WordPress. | 2022-10-28 | 4.8 | CVE-2021-36858 CONFIRM CONFIRM |
train_scheduler_app_project — train_scheduler_app | Multiple stored cross-site scripting (XSS) vulnerabilities in Train Scheduler App v1.0 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Train Code, Train Name, and Destination text fields. | 2022-10-27 | 5.4 | CVE-2022-42992 MISC MISC MISC |
twistedmatrix — twisted | Twisted is an event-based framework for internet applications. Started with version 0.9.4, when the host header does not match a configured host `twisted.web.vhost.NameVirtualHost` will return a `NoResource` resource which renders the Host header unescaped into the 404 response allowing HTML and script injection. In practice this should be very difficult to exploit as being able to modify the Host header of a normal HTTP request implies that one is already in a privileged position. This issue was fixed in version 22.10.0rc1. There are no known workarounds. | 2022-10-26 | 5.4 | CVE-2022-39348 MISC CONFIRM MISC |
weseek — growi | Improper access control vulnerability in GROWI prior to v5.1.4 (v5 series) and versions prior to v4.5.25 (v4 series) allows a remote authenticated attacker to bypass access restriction and download the markdown data from the pages set to private by the other users. | 2022-10-24 | 6.5 | CVE-2022-41799 MISC MISC |
wp_humans.txt_project — wp_humans.txt | The WP Humans.txt WordPress plugin through 1.0.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2022-10-25 | 4.8 | CVE-2022-3392 CONFIRM |
yordam — library_automation_system | Yordam Library Information Document Automation product before version 19.02 has an unauthenticated reflected XSS vulnerability. | 2022-10-27 | 6.1 | CVE-2021-45476 CONFIRM |
Low Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
getkirby — kirby | Kirby is a flat-file CMS. In versions prior to 3.5.8.2, 3.6.6.2, 3.7.5.1, and 3.8.1, Kirby is subject to user enumeration due to Improper Restriction of Excessive Authentication Attempts. This vulnerability affects you only if you are using the `code` or `password-reset` auth method with the `auth.methods` option or if you have enabled the `debug` option in production. By using two or more IP addresses and multiple login attempts, valid user accounts will lock, but invalid accounts will not, leading to account enumeration. This issue has been patched in versions 3.5.8.2, 3.6.6.2, 3.7.5.1, and 3.8.1. If you cannot update immediately, you can work around the issue by setting the `auth.methods` option to `password`, which disables the code-based login and password reset forms. | 2022-10-24 | 3.7 | CVE-2022-39314 CONFIRM |
linux — linux_kernel | A vulnerability was found in Linux Kernel and classified as problematic. Affected by this issue is the function rlb_arp_xmit of the file drivers/net/bonding/bond_alb.c of the component IPsec. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211928. | 2022-10-21 | 3.3 | CVE-2022-3624 N/A N/A |
linux — linux_kernel | A vulnerability was found in Linux Kernel. It has been declared as problematic. This vulnerability affects the function vsock_connect of the file net/vmw_vsock/af_vsock.c of the component IPsec. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. VDB-211930 is the identifier assigned to this vulnerability. | 2022-10-21 | 3.3 | CVE-2022-3629 N/A N/A |
linux — linux_kernel | A vulnerability classified as problematic has been found in Linux Kernel. Affected is the function j1939_session_destroy of the file net/can/j1939/transport.c of the component IPsec. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211932. | 2022-10-21 | 3.3 | CVE-2022-3633 MISC MISC |
robustel — r1510_firmware | A firmware update vulnerability exists in the sysupgrade functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network packet can lead to arbitrary firmware update. An attacker can send a sequence of requests to trigger this vulnerability. | 2022-10-25 | 2.7 | CVE-2022-34845 MISC |
Severity Not Yet Assigned
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
alivecor — kardiamobile | The physical IoT device of the AliveCor’s KardiaMobile, a smartphone-based personal electrocardiogram (EKG) has no encryption for its data-over-sound protocols. Exploiting this vulnerability could allow an attacker to read patient EKG results or create a denial-of-service condition by emitting sounds at similar frequencies as the device, disrupting the smartphone microphone’s ability to accurately read the data. To carry out this attack, the attacker must be close (less than 5 feet) to pick up and emit sound waves. | 2022-10-27 | not yet calculated | CVE-2022-41627 MISC |
ansible — ansible |
A flaw was found in Ansible in the amazon.aws collection when using the tower_callback parameter from the amazon.aws.ec2_instance module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs. | 2022-10-28 | not yet calculated | CVE-2022-3697 MISC |
apache — dolphinscheduler | Users can read any files by log server, Apache DolphinScheduler users should upgrade to version 2.0.6 or higher. | 2022-10-28 | not yet calculated | CVE-2022-26884 MISC MLIST |
aruba — edgeconnect_enterprise_orchestrator | Vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an unauthenticated remote attacker to bypass authentication. Successful exploitation of these vulnerabilities could allow an attacker to gain administrative privileges leading to a complete compromise of the Aruba EdgeConnect Enterprise Orchestrator with versions 9.1.2.40051 and below, 9.0.7.40108 and below, 8.10.23.40009 and below, and any older branches of Orchestrator not specifically mentioned. | 2022-10-28 | not yet calculated | CVE-2022-37913 MISC |
aruba — edgeconnect_enterprise_orchestrator | Vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an unauthenticated remote attacker to bypass authentication. Successful exploitation of these vulnerabilities could allow an attacker to gain administrative privileges leading to a complete compromise of the Aruba EdgeConnect Enterprise Orchestrator with versions 9.1.2.40051 and below, 9.0.7.40108 and below, 8.10.23.40009 and below, and any older branches of Orchestrator not specifically mentioned. | 2022-10-28 | not yet calculated | CVE-2022-37914 MISC |
aruba — edgeconnect_enterprise_orchestrator | A vulnerability in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an unauthenticated remote attacker to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the underlying operating system leading to a complete system compromise of Aruba EdgeConnect Enterprise Orchestration with versions 9.1.x branch only, Any 9.1.x Orchestrator instantiated as a new machine with a release prior to 9.1.3.40197, Orchestrators upgraded to 9.1.x were not affected. | 2022-10-28 | not yet calculated | CVE-2022-37915 MISC |
bosch — videojet_multi_4000 | An error in the URL handler of the VIDEOJET multi 4000 may lead to a reflected cross site scripting (XSS) in the web-based interface. An attacker with knowledge of the encoder address can send a crafted link to a user, which will execute JavaScript code in the context of the user. | 2022-10-27 | not yet calculated | CVE-2022-40183 CONFIRM |
bosch — videojet_multi_4000 | Incomplete filtering of JavaScript code in different configuration fields of the web based interface of the VIDEOJET multi 4000 allows an attacker with administrative credentials to store JavaScript code which will be executed for all administrators accessing the same configuration option. | 2022-10-27 | not yet calculated | CVE-2022-40184 CONFIRM |
chatwoot — chatwoot |
Impact varies for each individual vulnerability in the application. For generation of accounts, it may be possible, depending on the amount of system resources available, to create a DoS event in the server. These accounts still need to be activated; however, it is possible to identify the output Status Code to separate accounts that are generated and waiting for email verification. \n\nFor the sign in directories, it is possible to brute force login attempts to either login portal, which could lead to account compromise. | 2022-10-28 | not yet calculated | CVE-2022-3741 CONFIRM MISC |
cisco — anyconnect | A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z3 Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. An attacker could exploit this vulnerability by crafting a malicious request and sending it to the affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to crash and restart, resulting in the failure of the established SSL VPN connections and forcing remote users to initiate a new VPN connection and re-authenticate. A sustained attack could prevent new SSL VPN connections from being established. Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention. Cisco Meraki has released software updates that address this vulnerability. | 2022-10-26 | not yet calculated | CVE-2022-20933 CISCO |
cisco — identity_services_engine | A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to read and delete files on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains certain character sequences to an affected system. A successful exploit could allow the attacker to read or delete specific files on the device that their configured administrative level should not have access to. Cisco plans to release software updates that address this vulnerability. | 2022-10-26 | not yet calculated | CVE-2022-20822 CISCO |
cisco — telepresence_and_roomos | Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | 2022-10-26 | not yet calculated | CVE-2022-20776 CISCO |
cisco — telepresence_and_roomos |
Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | 2022-10-26 | not yet calculated | CVE-2022-20811 CISCO |
cisco — telepresence_and_roomos | Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | 2022-10-26 | not yet calculated | CVE-2022-20953 CISCO |
cisco — telepresence_and_roomos | Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | 2022-10-26 | not yet calculated | CVE-2022-20954 CISCO |
cisco — telepresence_and_roomos | Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | 2022-10-26 | not yet calculated | CVE-2022-20955 CISCO |
cloudflare — octorpki |
Attackers can create long chains of CAs that would lead to OctoRPKI exceeding its max iterations parameter. In consequence it would cause the program to crash, preventing it from finishing the validation and leading to a denial of service. | 2022-10-28 | not yet calculated | CVE-2022-3616 MISC |
cloudflare — warp_client |
Using warp-cli command “add-trusted-ssid”, a user was able to disconnect WARP client and bypass the “Lock WARP switch” feature resulting in Zero Trust policies not being enforced on an affected endpoint. | 2022-10-28 | not yet calculated | CVE-2022-3512 MISC |
cloudflare — warp_mobile_client | It was possible for a user to delete a VPN profile from WARP mobile client on iOS platform despite the Lock WARP switch https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/#lock-warp-switch feature being enabled on Zero Trust Platform. This led to bypassing policies and restrictions enforced for enrolled devices by the Zero Trust platform. | 2022-10-28 | not yet calculated | CVE-2022-3337 MISC |
cloudflare — zero_trust_platform | It was possible to bypass policies configured for Zero Trust Secure Web Gateway by using warp-cli ‘set-custom-endpoint’ subcommand. Using this command with an unreachable endpoint caused the WARP Client to disconnect and allowed bypassing administrative restrictions on a Zero Trust enrolled endpoint. | 2022-10-28 | not yet calculated | CVE-2022-3320 MISC |
cloudflare — zero_trust_platform |
It was possible to bypass Lock WARP switch feature https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/#lock-warp-switch on the WARP iOS mobile client by enabling both “Disable for cellular networks” and “Disable for Wi-Fi networks” switches at once in the application settings. Such configuration caused the WARP client to disconnect and allowed the user to bypass restrictions and policies enforced by the Zero Trust platform. | 2022-10-28 | not yet calculated | CVE-2022-3321 MISC |
cloudflare — zero_trust_platform |
Lock Warp switch is a feature of Zero Trust platform which, when enabled, prevents users of enrolled devices from disabling WARP client. Due to insufficient policy verification by WARP iOS client, this feature could be bypassed by using the “Disable WARP” quick action. | 2022-10-28 | not yet calculated | CVE-2022-3322 MISC |
curl — curl | curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTP(S) URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request (HTTP proxies often only allow outgoing connections to specific port numbers, like 443 for HTTPS) and instead return a non-200 status code to the client. Due to flaws in the error/cleanup handling, this could trigger a double free in curl if one of the following schemes were used in the URL for the transfer: dict, gopher, gophers, ldap, ldaps, rtmp, rtmps, or telnet. The earliest affected version is 7.77.0. | 2022-10-29 | not yet calculated | CVE-2022-42915 MISC FEDORA |
curl — curl | In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using its HSTS support, curl can be instructed to use HTTPS directly (instead of using an insecure cleartext HTTP step) even when HTTP is provided in the URL. This mechanism could be bypassed if the host name in the given URL uses IDN characters that get replaced with ASCII counterparts as part of the IDN conversion, e.g., using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop of U+002E (.). The earliest affected version is 7.77.0 2021-05-26. | 2022-10-29 | not yet calculated | CVE-2022-42916 MISC FEDORA |
datahub — datahub | DataHub is an open-source metadata platform. Prior to version 0.8.45, the `StatelessTokenService` of the DataHub metadata service (GMS) does not verify the signature of JWT tokens. This allows an attacker to connect to DataHub instances as any user if Metadata Service authentication is enabled. This vulnerability occurs because the `StatelessTokenService` of the Metadata service uses the `parse` method of `io.jsonwebtoken.JwtParser`, which does not perform a verification of the cryptographic token signature. This means that JWTs are accepted regardless of the used algorithm. This issue may lead to an authentication bypass. Version 0.8.45 contains a patch for the issue. There are no known workarounds. | 2022-10-28 | not yet calculated | CVE-2022-39366 MISC MISC MISC CONFIRM MISC |
dzzoffice — dzzoffice | A Cross-Site Request Forgery (CSRF) in dzzoffice 2.02.1_SC_UTF8 allows attackers to arbitrarily create user accounts and grant Administrator rights to regular users. | 2022-10-27 | not yet calculated | CVE-2022-43340 MISC MISC MISC |
eaton — foreseer_epms |
A security vulnerability was discovered in the Eaton Foreseer EPMS software. Foreseer EPMS connects an operation’s vast array of devices to assist in the reduction of energy consumption and avoid unplanned downtime caused by the failures of critical systems. A threat actor may upload arbitrary files using the file upload feature. This vulnerability is present in versions 4.x, 5.x, 6.x & 7.0 to 7.5. A new version (v7.6) containing the remediation has been made available by Eaton and a mitigation has been provided for the affected versions that are currently supported. Customers are advised to update the software to the latest version (v7.6). Foreseer EPMS versions 4.x, 5.x, 6.x are no longer supported by Eaton. Please refer to the End-of-Support notification https://www.eaton.com/in/en-us/catalog/services/foreseer/foreseer-legacy.html . | 2022-10-28 | not yet calculated | CVE-2022-33859 MISC |
esri — arcgis_server | Esri ArcGIS Server versions 10.9.1 and prior have a path traversal vulnerability that may result in a denial of service by allowing a remote, authenticated attacker to overwrite internal ArcGIS Server directory. | 2022-10-25 | not yet calculated | CVE-2022-38196 CONFIRM |
esri — arcgis_server | Esri ArcGIS Server versions 10.9.1 and below have an unvalidated redirect issue that may allow a remote, unauthenticated attacker to phish a user into accessing an attacker controlled website via a crafted query parameter. | 2022-10-25 | not yet calculated | CVE-2022-38197 CONFIRM |
esri — arcgis_server | A cross site scripting vulnerability exists in some map service configurations of ArcGIS Server versions 10.8.1 and 10.7.1. Specifically crafted web requests can execute arbitrary JavaScript in the context of the victim’s browser. | 2022-10-25 | not yet calculated | CVE-2022-38200 CONFIRM |
exiv2 — exiv2 | A vulnerability was found in Exiv2 and classified as problematic. This issue affects the function QuickTimeVideo::userDataDecoder of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to null pointer dereference. The attack may be initiated remotely. The name of the patch is 6bb956ad808590ce2321b9ddf6772974da27c4ca. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-212495. | 2022-10-29 | not yet calculated | CVE-2022-3755 MISC MISC MISC |
exiv2 — exiv2 | A vulnerability was found in Exiv2. It has been classified as critical. Affected is the function QuickTimeVideo::userDataDecoder of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to integer overflow. It is possible to launch the attack remotely. The name of the patch is bf4f28b727bdedbd7c88179c30d360e54568a62e. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-212496. | 2022-10-29 | not yet calculated | CVE-2022-3756 MISC MISC |
exiv2 — exiv2 | A vulnerability was found in Exiv2. It has been declared as critical. Affected by this vulnerability is the function QuickTimeVideo::decodeBlock of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The name of the patch is d3651fdbd352cbaf259f89abf7557da343339378. It is recommended to apply a patch to fix this issue. The identifier VDB-212497 was assigned to this vulnerability. | 2022-10-29 | not yet calculated | CVE-2022-3757 MISC MISC MISC |
forgerock — access_management | It may be possible to gain some details of the deployment through a well-crafted attack. This may allow that data to be used to probe internal network services. | 2022-10-27 | not yet calculated | CVE-2022-24669 MISC MISC |
forgerock — access_management | An attacker can use the unrestricted LDAP queries to determine configuration entries | 2022-10-27 | not yet calculated | CVE-2022-24670 MISC MISC |
gitlab — gitlab | An issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8, all versions starting from 12.10 before 12.10.7, all versions starting from 13.0 before 13.0.1. TODO | 2022-10-28 | not yet calculated | CVE-2022-2826 CONFIRM MISC MISC |
gl-inet — multiple_products | gl-inet GL-MT300N-V2 Mango v3.212 and GL-AX1800 Flint v3.214 were discovered to contain multiple command injection vulnerabilities via the ping_addr and trace_addr function parameters. | 2022-10-27 | not yet calculated | CVE-2022-31898 MISC |
gl.inet_goodcloud_iot_device_management_system — gl.inet_goodcloud_iot_device_management_system | Multiple stored cross-site scripting (XSS) vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Company Name and Description text fields. | 2022-10-27 | not yet calculated | CVE-2022-42054 MISC |
gl.inet_goodcloud_iot_device_management_system — gl.inet_goodcloud_iot_device_management_system | Multiple command injection vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 via the ping and traceroute tools allow attackers to read arbitrary files on the system. | 2022-10-27 | not yet calculated | CVE-2022-42055 MISC |
google — multiple_products |
The implementation of backslash parsing in the Dart URI class for versions prior to 2.18 and Flutter versions prior to 3.30 differs from the WhatWG URL standards. Dart uses the RFC 3986 syntax, which creates incompatibilities with the ‘\’ characters in URIs, which can lead to auth bypass in webapps interpreting URIs. We recommend updating Dart or Flutter to mitigate the issue. | 2022-10-27 | not yet calculated | CVE-2022-3095 CONFIRM |
haas — haas_cnc_controller | Communication traffic involving “Ethernet Q Commands” service of Haas Controller version 100.20.000.1110 is transmitted in cleartext. This allows an attacker to obtain sensitive information being passed to and from the controller. | 2022-10-28 | not yet calculated | CVE-2022-41636 MISC |
haas_automation_inc — haas_controller | Authentication is currently unsupported in Haas Controller version 100.20.000.1110 when using the “Ethernet Q Commands” service, which allows any user on the same network segment as the controller (even while connected remotely) to access the service and write unauthorized macros to the device. | 2022-10-28 | not yet calculated | CVE-2022-2474 MISC |
haas_automation_inc — haas_controller | Haas Controller version 100.20.000.1110 has insufficient granularity of access control when using the “Ethernet Q Commands” service. Any user is able to write macros into registers outside of the authorized accessible range. This could allow a user to access privileged resources or resources out of context. | 2022-10-28 | not yet calculated | CVE-2022-2475 MISC |
heidenhain — controller_tnc_640 | The HEIDENHAIN Controller TNC 640, version 340590 07 SP5, running HEROS 5.08.3 controlling the HARTFORD 5A-65E CNC machine is vulnerable to improper authentication, which may allow an attacker to deny service to the production line, steal sensitive data from the production line, and alter any products created by the production line. | 2022-10-28 | not yet calculated | CVE-2022-41648 MISC |
honeywell — experion_pks |
Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to improper neutralization of special elements in output, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition. | 2022-10-28 | not yet calculated | CVE-2021-38395 CONFIRM CONFIRM |
honeywell — experion_pks |
Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to unrestricted file uploads, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition. | 2022-10-28 | not yet calculated | CVE-2021-38397 CONFIRM CONFIRM |
honeywell — experion_pks |
Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to relative path traversal, which may allow an attacker access to unauthorized files and directories. | 2022-10-28 | not yet calculated | CVE-2021-38399 CONFIRM CONFIRM |
horner_automation — cscape |
Horner Automation’s Cscape version 9.90 SP 7 and prior does not properly validate user-supplied data. If a user opens a maliciously formed FNT file, then an attacker could execute arbitrary code within the current process by accessing an uninitialized pointer, leading to an out-of-bounds memory write. | 2022-10-27 | not yet calculated | CVE-2022-3378 MISC |
horner_automation — cscape | Horner Automation’s Cscape version 9.90 SP7 and prior does not properly validate user-supplied data. If a user opens a maliciously formed FNT file, then an attacker could execute arbitrary code within the current process by writing outside the memory buffer. | 2022-10-27 | not yet calculated | CVE-2022-3379 MISC |
host_engineering — h0-ecom100 |
Using custom code, an attacker can write into name or description fields larger than the appropriate buffer size causing a stack-based buffer overflow on Host Engineering H0-ECOM100 Communications Module Firmware versions v5.0.155 and prior. This may allow an attacker to crash the affected device or cause it to become unresponsive. | 2022-10-28 | not yet calculated | CVE-2022-3228 MISC |
iku-soft — rdiffweb |
Business Logic Errors in GitHub repository ikus060/rdiffweb prior to 2.5.0a7. | 2022-10-26 | not yet calculated | CVE-2022-3363 CONFIRM MISC |
ip-com_ew9 — ip-com_ew9 | An access control issue in the password reset page of IP-COM EW9 V15.11.0.14(9732) allows unauthenticated attackers to arbitrarily change the admin password. | 2022-10-27 | not yet calculated | CVE-2022-43364 MISC |
ip-com_ew9 — ip-com_ew9 | IP-COM EW9 V15.11.0.14(9732) was discovered to contain a buffer overflow in the formSetDebugCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string. | 2022-10-27 | not yet calculated | CVE-2022-43365 MISC |
ip-com_ew9 — ip-com_ew9 | IP-COM EW9 V15.11.0.14(9732) allows unauthenticated attackers to access sensitive information via the checkLoginUser, ate, telnet, version, setDebugCfg, and boot interfaces. | 2022-10-27 | not yet calculated | CVE-2022-43366 MISC |
ip-com_ew9 — ip-com_ew9 | IP-COM EW9 V15.11.0.14(9732) was discovered to contain a command injection vulnerability in the formSetDebugCfg function. | 2022-10-27 | not yet calculated | CVE-2022-43367 MISC |
johnson_controls — cevas | All versions of CEVAS prior to 1.01.46 do not sufficiently validate user-controllable input and could allow a user to bypass authentication and retrieve data with specially crafted SQL queries. | 2022-10-28 | not yet calculated | CVE-2021-36206 CERT CONFIRM |
mitel — micollab | A vulnerability in the web conferencing component of Mitel MiCollab through 9.5.0.101 could allow an unauthenticated attacker to upload malicious files. A successful exploit could allow an attacker to execute arbitrary code within the context of the application. | 2022-10-25 | not yet calculated | CVE-2022-36452 MISC MISC |
multipath-tools — multipath-tools | multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction with CVE-2022-41974. Local users able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which could lead to controlled file writes outside of the /dev/shm directory. This could be used indirectly for local privilege escalation to root. | 2022-10-29 | not yet calculated | CVE-2022-41973 MISC MISC MISC FULLDISC |
multipath-tools — multipath-tools | multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited alone or in conjunction with CVE-2022-41973. Local users able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This can lead to local privilege escalation to root. This occurs because an attacker can repeat a keyword, which is mishandled because arithmetic ADD is used instead of bitwise OR. | 2022-10-29 | not yet calculated | CVE-2022-41974 MISC MISC MISC FULLDISC |
multiple_products — multiple_products | In Tenda ax1803 v1.0.0.1, the http requests handled by the fromAdvSetMacMtuWan functions, wanSpeed, cloneType, mac, can cause a stack overflow and enable remote code execution (RCE). | 2022-10-27 | not yet calculated | CVE-2022-40876 MISC MISC |
nextcloud — server | Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server and Nextcloud Enterprise Server prior to versions 23.0.9 and 24.0.5 are vulnerable to exposure of information that cannot be controlled by administrators without direct database access. Versions 23.0.9 and 24.0.5 contains patches for this issue. No known workarounds are available. | 2022-10-27 | not yet calculated | CVE-2022-39329 MISC CONFIRM MISC |
nextcloud — server | Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server prior to versions 23.0.10 and 24.0.6 and Nextcloud Enterprise Server prior to versions 22.2.10, 23.0.10, and 24.0.6 are vulnerable to a logged-in attacker slowing down the system by generating a lot of database/cpu load. Nextcloud Server versions 23.0.10 and 24.0.6 and Nextcloud Enterprise Server versions 22.2.10, 23.0.10, and 24.0.6 contain patches for this issue. As a workaround, disable the Circles app. | 2022-10-27 | not yet calculated | CVE-2022-39330 MISC CONFIRM MISC |
nextcloud — server | Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. In Nextcloud Server prior to versions 23.0.9 and 24.0.5 and Nextcloud Enterprise Server prior to versions 22.2.10.5, 23.0.9, and 24.0.5 an attacker reading `nextcloud.log` may gain knowledge of credentials to connect to a SharePoint service. Nextcloud Server versions 23.0.9 and 24.0.5 and Nextcloud Enterprise Server versions 22.2.10.5, 23.0.9, and 24.0.5 contain a patch for this issue. As a workaround, set `zend.exception_ignore_args = On` as an option in `php.ini`. | 2022-10-27 | not yet calculated | CVE-2022-39364 MISC CONFIRM MISC MISC |
nginx_njs — nginx_njs | Nginx NJS v0.7.2 to v0.7.4 was discovered to contain a segmentation violation via njs_scope_valid_value at njs_scope.h. | 2022-10-28 | not yet calculated | CVE-2022-43284 MISC MISC |
nginx_njs — nginx_njs | Nginx NJS v0.7.4 was discovered to contain a segmentation violation in njs_promise_reaction_job. | 2022-10-28 | not yet calculated | CVE-2022-43285 MISC |
nginx_njs — nginx_njs | Nginx NJS v0.7.2 was discovered to contain a heap-use-after-free bug caused by illegal memory copy in the function njs_json_parse_iterator_call at njs_json.c. | 2022-10-28 | not yet calculated | CVE-2022-43286 MISC MISC |
openbmc — bmcweb | A vulnerability in bmcweb of OpenBMC Project allows user to cause denial of service. When fuzzing the multipart_parser code using AFL++ with address sanitizer enabled to find smallest memory corruptions possible. It detected problem in how multipart_parser handles unclosed http headers. If long enough http header is passed in the multipart form without colon there is one byte overwrite on heap. It can be conducted multiple times in a loop to cause DoS. | 2022-10-27 | not yet calculated | CVE-2022-2809 CONFIRM |
openbmc — openbmc |
A vulnerability in bmcweb of OpenBMC Project allows user to cause denial of service. This vulnerability was identified during mitigation for CVE-2022-2809. When fuzzing the multipart_parser code using AFL++ with address sanitizer enabled to find smallest memory corruptions possible. It detected problem in how multipart_parser handles unclosed http headers. If long enough http header is passed in the multipart form without colon there is one byte overwrite on heap. It can be conducted multiple times in a loop to cause DoS. | 2022-10-27 | not yet calculated | CVE-2022-3409 CONFIRM |
opennebula — opennebula |
Files or Directories Accessible to External Parties vulnerability in OpenNebula on Linux allows File Discovery. | 2022-10-28 | not yet calculated | CVE-2022-37424 MISC |
opennebula — opennebula |
Improper Neutralization of Special Elements used in a Command (‘Command Injection’) vulnerability in OpenNebula OpenNebula core on Linux allows Remote Code Inclusion. | 2022-10-28 | not yet calculated | CVE-2022-37425 MISC |
opennebula — opennebula |
Unrestricted Upload of File with Dangerous Type vulnerability in OpenNebula OpenNebula core on Linux allows File Content Injection. | 2022-10-28 | not yet calculated | CVE-2022-37426 MISC |
packet_storm — hashicorp_boundary | Hashicorp Boundary v0.8.0 is vulnerable to Clickjacking which allow for the interception of login credentials, re-direction of users to malicious sites, or causing users to perform malicious actions on the site. | 2022-10-27 | not yet calculated | CVE-2022-36182 MISC MISC |
phpmyfaq — phpmyfaq |
Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.8. | 2022-10-29 | not yet calculated | CVE-2022-3754 MISC CONFIRM |
pimcore — pimcore |
Pimcore is an open source data and experience management platform. Prior to version 10.5.9, the user controlled twig templates rendering in `Pimcore/Mail` & `ClassDefinition\Layout\Text` is vulnerable to server-side template injection, which could lead to remote code execution. Version 10.5.9 contains a patch for this issue. As a workaround, one may apply the patch manually. | 2022-10-27 | not yet calculated | CVE-2022-39365 MISC MISC MISC CONFIRM |
qtiworks — qtiworks | QTIWorks is a software suite for standards-based assessment delivery. Prior to version 1.0-beta15, the QTIWorks Engine allows users to upload QTI content packages as ZIP files. The ZIP handling code does not sufficiently check the paths of files contained within ZIP files, so can insert files into other locations in the filesystem if they are writable by the process running the QTIWorks Engine. In extreme cases, this could allow anonymous users to change files in arbitrary locations in the filesystem. In normal QTIWorks Engine deployments, the impact is somewhat reduced because the default QTIWorks configuration does not enable the public demo functionality, so ZIP files can only be uploaded by users with “instructor” privileges. This vulnerability is fixed in version 1.0-beta15. There are no database configuration changes required when upgrading to this version. No known workarounds for this issue exist. | 2022-10-28 | not yet calculated | CVE-2022-39367 MISC MISC CONFIRM |
redis — redis | A vulnerability was found in Redis. It has been declared as critical. This vulnerability affects unknown code in the library C:/Program Files/Redis/dbghelp.dll. The manipulation leads to uncontrolled search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212416. | 2022-10-28 | not yet calculated | CVE-2022-3734 N/A N/A |
resolveshims — resolveshims | Prototype pollution vulnerability in function resolveShims in resolve-shims.js in thlorenz browserify-shim 3.8.15 via the fullPath variable in resolve-shims.js. | 2022-10-28 | not yet calculated | CVE-2022-37621 MISC MISC MISC |
rockwell_automation — factorytalk_alarm_and_events |
An unauthenticated attacker with network access to a victim’s Rockwell Automation FactoryTalk Alarm and Events service could open a connection, causing the service to fault and become unavailable. The affected port could be used as a server ping port and uses messages structured with XML. | 2022-10-27 | not yet calculated | CVE-2022-38744 MISC |
rukovoditel — rukovoditel | A stored cross-site scripting (XSS) vulnerability in the Users Alerts feature (/index.php?module=users_alerts/users_alerts) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter after clicking “Add”. | 2022-10-28 | not yet calculated | CVE-2022-43167 MISC |
rukovoditel — rukovoditel | Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the reports_id parameter. | 2022-10-28 | not yet calculated | CVE-2022-43168 MISC |
rukovoditel — rukovoditel | A stored cross-site scripting (XSS) vulnerability in the Users Access Groups feature (/index.php?module=users_groups/users_groups) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking “Add New Group”. | 2022-10-28 | not yet calculated | CVE-2022-43169 MISC |
rukovoditel — rukovoditel | A stored cross-site scripting (XSS) vulnerability in the Dashboard Configuration feature (index.php?module=dashboard_configure/index) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter after clicking “Add info block”. | 2022-10-28 | not yet calculated | CVE-2022-43170 MISC |
seccome — ehoney | A vulnerability, which was classified as critical, has been found in seccome Ehoney. This issue affects some unknown processing of the file /api/v1/attack. The manipulation of the argument AttackIP leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-212411. | 2022-10-28 | not yet calculated | CVE-2022-3729 N/A |
seccome — ehoney | A vulnerability, which was classified as critical, was found in seccome Ehoney. Affected is an unknown function of the file /api/v1/attack/falco. The manipulation of the argument Payload leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-212412. | 2022-10-28 | not yet calculated | CVE-2022-3730 N/A |
seccome — ehoney | A vulnerability has been found in seccome Ehoney and classified as critical. Affected by this vulnerability is an unknown functionality of the file /api/v1/attack/token. The manipulation of the argument Payload leads to sql injection. The attack can be launched remotely. The identifier VDB-212413 was assigned to this vulnerability. | 2022-10-28 | not yet calculated | CVE-2022-3731 N/A |
seccome — ehoney | A vulnerability was found in seccome Ehoney and classified as critical. Affected by this issue is some unknown functionality of the file /api/v1/bait/set. The manipulation of the argument Payload leads to sql injection. The attack may be launched remotely. VDB-212414 is the identifier assigned to this vulnerability. | 2022-10-28 | not yet calculated | CVE-2022-3732 N/A |
seccome — ehoney | A vulnerability was found in seccome Ehoney. It has been rated as critical. This issue affects some unknown processing of the file /api/public/signup. The manipulation leads to improper access controls. The identifier VDB-212417 was assigned to this vulnerability. | 2022-10-28 | not yet calculated | CVE-2022-3735 N/A |
snyk — joyqi/hyper-down | The package joyqi/hyper-down from 0.0.0 are vulnerable to Cross-site Scripting (XSS) because the module of parse markdown does not filter the href attribute very well. | 2022-10-26 | not yet calculated | CVE-2022-25849 CONFIRM |
sourcecodester — web-based_student_clearance_system |
A vulnerability was found in SourceCodester Web-Based Student Clearance System. It has been classified as critical. This affects an unknown part of the file Admin/edit-admin.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212415. | 2022-10-28 | not yet calculated | CVE-2022-3733 N/A N/A |
stimulsoft — stimulsoft | Stimulsoft (aka Stimulsoft Reports) 2013.1.1600.0, when Compilation Mode is used, allows an attacker to execute arbitrary C# code on any machine that renders a report, including the application server or a user’s local machine, as demonstrated by System.Diagnostics.Process.Start. | 2022-10-29 | not yet calculated | CVE-2021-42777 MISC |
vmware — cloud_foundation | VMware Cloud Foundation (NSX-V) contains an XML External Entity (XXE) vulnerability. On VCF 3.x instances with NSX-V deployed, this may allow a user to exploit this issue leading to a denial-of-service condition or unintended information disclosure. | 2022-10-28 | not yet calculated | CVE-2022-31678 MISC |
wasm-interp — wasm-interp | wasm-interp v1.0.29 was discovered to contain an out-of-bounds read via the component OnReturnCallExpr->GetReturnCallDropKeepCount. | 2022-10-28 | not yet calculated | CVE-2022-43280 MISC |
wasm-interp — wasm-interp | wasm-interp v1.0.29 was discovered to contain a heap overflow via the component std::vector<wabt::Type, std::allocator<wabt::Type>>::size() at /bits/stl_vector.h. | 2022-10-28 | not yet calculated | CVE-2022-43281 MISC |
wasm-interp — wasm-interp | wasm-interp v1.0.29 was discovered to contain an out-of-bounds read via the component OnReturnCallIndirectExpr->GetReturnCallDropKeepCount. | 2022-10-28 | not yet calculated | CVE-2022-43282 MISC |
wasm2c — wasm2c | wasm2c v1.0.29 was discovered to contain an abort in CWriter::Write. | 2022-10-28 | not yet calculated | CVE-2022-43283 MISC |
wireshark — wireshark |
Crash in the OPUS protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file | 2022-10-27 | not yet calculated | CVE-2022-3725 MISC MISC CONFIRM |
withsecure — f-secure_policy_manager | Reflected cross-site scripting (XSS) vulnerabilities in WithSecure through 2022-08-10) exists within the F-Secure Policy Manager due to an unvalidated parameter in the endpoint, which allows remote attackers to provide a malicious input. | 2022-10-25 | not yet calculated | CVE-2022-38162 MISC MISC MISC |
wordpress — wordpress | Auth. (editor+) Reflected Cross-Site Scripting (XSS) vulnerability in ExpressTech Quiz And Survey Master plugin <= 7.3.4 on WordPress. | 2022-10-28 | not yet calculated | CVE-2021-36864 CONFIRM CONFIRM |
wordpress — wordpress | Auth. SQL Injection (SQLi) vulnerability in Quiz And Survey Master plugin <= 7.3.4 on WordPress. | 2022-10-28 | not yet calculated | CVE-2021-36898 CONFIRM CONFIRM |
wordpress — wordpress |
The demon image annotation plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.7. This is due to missing nonce validation in the ~/includes/settings.php file. This makes it possible for unauthenticated attackers to modify the plugin’s settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2022-10-28 | not yet calculated | CVE-2022-2864 MISC MISC MISC |
wordpress — wordpress | The Bricks theme for WordPress is vulnerable to remote code execution due to the theme allowing site editors to include executable code blocks in website content in versions 1.2 to 1.5.3. This, combined with the missing authorization vulnerability (CVE-2022-3400), makes it possible for authenticated attackers with minimal permissions, such as a subscriber, can edit any page, post, or template on the vulnerable WordPress website and inject a code execution block that can be used to achieve remote code execution. | 2022-10-28 | not yet calculated | CVE-2022-3401 MISC MISC |
wordpress — wordpress | The Log HTTP Requests plugin for WordPress is vulnerable to Stored Cross-Site Scripting via logged HTTP requests in versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers who can trick a site’s administrator into performing an action like clicking on a link, or an authenticated user with access to a page that sends a request using user-supplied data via the server, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2022-10-28 | not yet calculated | CVE-2022-3402 MISC MISC MISC |
wordpress — wordpress | The Web Stories plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including 1.24.0 due to insufficient validation of URLs supplied via the ‘url’ parameter found via the /v1/hotlink/proxy REST API Endpoint. This made it possible for authenticated users to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | 2022-10-28 | not yet calculated | CVE-2022-3708 MISC MISC MISC MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada premium theme versions <= 7.8.1 on WordPress leading to arbitrary plugin installation/activation. | 2022-10-27 | not yet calculated | CVE-2022-41996 CONFIRM CONFIRM CONFIRM |
This product is provided subject to this Notification and this Privacy & Use policy.
Please share your thoughts.
CISA recently updated an anonymous product survey;they’d welcome your feedback.
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on Patreon using the button below
To keep up to date follow us on the below channels.