US-CERT Bulletin (SB22-311):Vulnerability Summary for the Week of October 31, 2022

Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
honeywell — c200_firmware Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to unrestricted file uploads, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition. 2022-10-28 10 CVE-2021-38397
CONFIRM
CONFIRM
dlink — dir-846_firmware D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary code as root via HNAP1/control/SetGuestWLanSettings.php. 2022-10-31 9.8 CVE-2020-21016
MISC
MISC
mkcms_project — mkcms MKCMS V6.2 has SQL injection via /ucenter/reg.php name parameter. 2022-11-03 9.8 CVE-2020-22818
MISC
mkcms_project — mkcms MKCMS V6.2 has SQL injection via the /ucenter/active.php verify parameter. 2022-11-03 9.8 CVE-2020-22819
MISC
mkcms_project — mkcms MKCMS V6.2 has SQL injection via the /ucenter/repass.php name parameter. 2022-11-03 9.8 CVE-2020-22820
MISC
honeywell — c200_firmware Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to improper neutralization of special elements in output, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition. 2022-10-28 9.8 CVE-2021-38395
CONFIRM
CONFIRM
xfig_project — xfig xfig 3.2.7 is vulnerable to Buffer Overflow. 2022-10-31 9.8 CVE-2021-40241
MISC
stimulsoft — reports Stimulsoft (aka Stimulsoft Reports) 2013.1.1600.0, when Compilation Mode is used, allows an attacker to execute arbitrary C# code on any machine that renders a report, including the application server or a user’s local machine, as demonstrated by System.Diagnostics.Process.Start. 2022-10-29 9.8 CVE-2021-42777
MISC
ibm — infosphere_information_server “IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 223598.” 2022-11-03 9.8 CVE-2022-22425
MISC
octopus — octopus_server In affected versions of Octopus Server where access is managed by an external authentication provider, it was possible that the API key/keys of a disabled/deleted user were still valid after the access was revoked. 2022-11-01 9.8 CVE-2022-2572
MISC
sick — sim2000_firmware Password recovery vulnerability in SICK SICK SIM4000 (PPC) Partnumber 1078787 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to a increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. Please make sure that you apply general security practices when operating the SIM4000. The following general security practices could mitigate the associated security risk. A fix is planned but not yet scheduled. 2022-11-01 9.8 CVE-2022-27582
MISC
sick — sim2000st_firmware Password recovery vulnerability in SICK SIM2000ST Partnumber 2086502 and 1080579 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to a increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. Please make sure that you apply general security practices when operating the SIM2000ST. The following general security practices could mitigate the associated security risk. A fix is planned but not yet scheduled. 2022-11-01 9.8 CVE-2022-27584
MISC
sick — sim1000_fx_firmware Password recovery vulnerability in SICK SIM1000 FX Partnumber 1097816 and 1097817 with firmware version < 1.6.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. The recommended solution is to update the firmware to a version >= 1.6.0 as soon as possible. (available in SICK Support Portal) 2022-11-01 9.8 CVE-2022-27585
MISC
sick — sim1004-0p0g311_firmware Password recovery vulnerability in SICK SIM1004 Partnumber 1098148 with firmware version < 2.0.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to a increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The recommended solution is to update the firmware to a version >= 2.0.0 as soon as possible. 2022-11-01 9.8 CVE-2022-27586
MISC
gitlab — gitlab An issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8, all versions starting from 12.10 before 12.10.7, all versions starting from 13.0 before 13.0.1. TODO 2022-10-28 9.8 CVE-2022-2826
CONFIRM
MISC
MISC
pingcap — tidb Use of Externally-Controlled Format String in GitHub repository pingcap/tidb prior to 6.4.0, 6.1.3. 2022-11-04 9.8 CVE-2022-3023
CONFIRM
MISC
vmware — spring_security Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9 could be susceptible to authorization rules bypass via forward or include dispatcher types. Specifically, an application is vulnerable when all of the following are true: The application expects that Spring Security applies security to forward and include dispatcher types. The application uses the AuthorizationFilter either manually or via the authorizeHttpRequests() method. The application configures the FilterChainProxy to apply to forward and/or include requests (e.g. spring.security.filter.dispatcher-types = request, error, async, forward, include). The application may forward or include the request to a higher privilege-secured endpoint.The application configures Spring Security to apply to every dispatcher type via authorizeHttpRequests().shouldFilterAllDispatcherTypes(true) 2022-10-31 9.8 CVE-2022-31692
MISC
awpcp — another_wordpress_classifieds_plugin The WordPress Classifieds Plugin WordPress plugin before 4.3 does not properly sanitise and escape some parameters before using them in a SQL statement via an AJAX action available to unauthenticated users and when a specific premium module is active, leading to a SQL injection 2022-10-31 9.8 CVE-2022-3254
CONFIRM
apple — iphone_os The issue was addressed with improved bounds checks. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. A buffer overflow may result in arbitrary code execution. 2022-11-01 9.8 CVE-2022-32941
MISC
MISC
MISC
MISC
MISC
cloudflare — warp It was possible to bypass policies configured for Zero Trust Secure Web Gateway by using warp-cli ‘set-custom-endpoint’ subcommand. Using this command with an unreachable endpoint caused the WARP Client to disconnect and allowed bypassing administrative restrictions on a Zero Trust enrolled endpoint. 2022-10-28 9.8 CVE-2022-3320
MISC
eaton — foreseer_electrical_power_monitoring_system A security vulnerability was discovered in the Eaton Foreseer EPMS software. Foreseer EPMS connects an operation’s vast array of devices to assist in the reduction of energy consumption and avoid unplanned downtime caused by the failures of critical systems. A threat actor may upload arbitrary files using the file upload feature. This vulnerability is present in versions 4.x, 5.x, 6.x & 7.0 to 7.5. A new version (v7.6) containing the remediation has been made available by Eaton and a mitigation has been provided for the affected versions that are currently supported. Customers are advised to update the software to the latest version (v7.6). Foreseer EPMS versions 4.x, 5.x, 6.x are no longer supported by Eaton. Please refer to the End-of-Support notification https://www.eaton.com/in/en-us/catalog/services/foreseer/foreseer-legacy.html . 2022-10-28 9.8 CVE-2022-33859
MISC
frauscher — frauscher_diagnostic_system_102 Frauscher Sensortechnik GmbH FDS102 for FAdC R2 and FAdCi R2 v2.8.0 to v2.9.1 are vulnerable to malicious code upload without authentication by using the configuration upload function. This could lead to a complete compromise of the FDS102 device. 2022-11-02 9.8 CVE-2022-3575
CONFIRM
ehoney_project — ehoney A vulnerability, which was classified as critical, has been found in seccome Ehoney. This issue affects some unknown processing of the file /api/v1/attack. The manipulation of the argument AttackIP leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-212411. 2022-10-28 9.8 CVE-2022-3729
N/A
ehoney_project — ehoney A vulnerability, which was classified as critical, was found in seccome Ehoney. Affected is an unknown function of the file /api/v1/attack/falco. The manipulation of the argument Payload leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-212412. 2022-10-28 9.8 CVE-2022-3730
N/A
ehoney_project — ehoney A vulnerability has been found in seccome Ehoney and classified as critical. Affected by this vulnerability is an unknown functionality of the file /api/v1/attack/token. The manipulation of the argument Payload leads to sql injection. The attack can be launched remotely. The identifier VDB-212413 was assigned to this vulnerability. 2022-10-28 9.8 CVE-2022-3731
N/A
ehoney_project — ehoney A vulnerability was found in seccome Ehoney and classified as critical. Affected by this issue is some unknown functionality of the file /api/v1/bait/set. The manipulation of the argument Payload leads to sql injection. The attack may be launched remotely. VDB-212414 is the identifier assigned to this vulnerability. 2022-10-28 9.8 CVE-2022-3732
N/A
redis — redis A vulnerability was found in Redis. It has been declared as critical. This vulnerability affects unknown code in the library C:/Program Files/Redis/dbghelp.dll. The manipulation leads to uncontrolled search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212416. 2022-10-28 9.8 CVE-2022-3734
N/A
N/A
ehoney_project — ehoney A vulnerability was found in seccome Ehoney. It has been rated as critical. This issue affects some unknown processing of the file /api/public/signup. The manipulation leads to improper access controls. The identifier VDB-212417 was assigned to this vulnerability. 2022-10-28 9.8 CVE-2022-3735
N/A
chatwoot — chatwoot Impact varies for each individual vulnerability in the application. For generation of accounts, it may be possible, depending on the amount of system resources available, to create a DoS event in the server. These accounts still need to be activated; however, it is possible to identify the output Status Code to separate accounts that are generated and waiting for email verification. \n\nFor the sign in directories, it is possible to brute force login attempts to either login portal, which could lead to account compromise. 2022-10-28 9.8 CVE-2022-3741
CONFIRM
MISC
opennebula — opennebula Improper Neutralization of Special Elements used in a Command (‘Command Injection’) vulnerability in OpenNebula OpenNebula core on Linux allows Remote Code Inclusion. 2022-10-28 9.8 CVE-2022-37425
MISC
phpmyfaq — phpmyfaq Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.8. 2022-10-29 9.8 CVE-2022-3754
MISC
CONFIRM
browserify-shim_project — browserify-shim Prototype pollution vulnerability in function resolveShims in resolve-shims.js in thlorenz browserify-shim 3.8.15 via the fullPath variable in resolve-shims.js. 2022-10-28 9.8 CVE-2022-37621
MISC
MISC
MISC
browserify-shim_project — _browserify-shim Prototype pollution vulnerability in function resolveShims in resolve-shims.js in thlorenz browserify-shim 3.8.15 via the shimPath variable in resolve-shims.js. 2022-10-31 9.8 CVE-2022-37623
MISC
MISC
MISC
easyiicms — easyiicms A vulnerability, which was classified as critical, has been found in easyii CMS. This issue affects the function file of the file helpers/Upload.php of the component File Upload Management. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The identifier VDB-212501 was assigned to this vulnerability. 2022-10-31 9.8 CVE-2022-3771
N/A
tim_campus_confession_wall_project — tim_campus_confession_wall A vulnerability has been found in Tim Campus Confession Wall and classified as critical. Affected by this vulnerability is an unknown functionality of the file share.php. The manipulation of the argument post_id leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212611. 2022-11-01 9.8 CVE-2022-3789
N/A
N/A
arubanetworks — aruba_edgeconnect_enterprise_orchestrator Vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an unauthenticated remote attacker to bypass authentication. Successful exploitation of these vulnerabilities could allow an attacker to gain administrative privileges leading to a complete compromise of the Aruba EdgeConnect Enterprise Orchestrator with versions 9.1.2.40051 and below, 9.0.7.40108 and below, 8.10.23.40009 and below, and any older branches of Orchestrator not specifically mentioned. 2022-10-28 9.8 CVE-2022-37913
MISC
arubanetworks — aruba_edgeconnect_enterprise_orchestrator Vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an unauthenticated remote attacker to bypass authentication. Successful exploitation of these vulnerabilities could allow an attacker to gain administrative privileges leading to a complete compromise of the Aruba EdgeConnect Enterprise Orchestrator with versions 9.1.2.40051 and below, 9.0.7.40108 and below, 8.10.23.40009 and below, and any older branches of Orchestrator not specifically mentioned. 2022-10-28 9.8 CVE-2022-37914
MISC
arubanetworks — aruba_edgeconnect_enterprise_orchestrator A vulnerability in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an unauthenticated remote attacker to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the underlying operating system leading to a complete system compromise of Aruba EdgeConnect Enterprise Orchestration with versions 9.1.x branch only, Any 9.1.x Orchestrator instantiated as a new machine with a release prior to 9.1.3.40197, Orchestrators upgraded to 9.1.x were not affected. 2022-10-28 9.8 CVE-2022-37915
MISC
deltaww — infrasuite_device_master Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize user-supplied data provided through the Device-Gateway service port without proper verification. An attacker could provide malicious serialized objects to execute arbitrary code upon deserialization. 2022-10-31 9.8 CVE-2022-38142
MISC
centreon — centreon A vulnerability was found in centreon. It has been declared as critical. This vulnerability affects unknown code of the file formContactGroup.php of the component Contact Groups Form. The manipulation of the argument cg_id leads to sql injection. The attack can be initiated remotely. The name of the patch is 293b10628f7d9f83c6c82c78cf637cbe9b907369. It is recommended to apply a patch to fix this issue. VDB-212794 is the identifier assigned to this vulnerability. 2022-11-02 9.8 CVE-2022-3827
MISC
MISC
MISC
fortinet — fortiadc An improper handling of malformed request vulnerability [CWE-228] exists in FortiADC 5.0 all versions, 6.0.0 all versions, 6.1.0 all versions, 6.2.0 through 6.2.3, and 7.0.0 through 7.0.2. This may allow a remote attacker without privileges to bypass some Web Application Firewall (WAF) protection such as the SQL Injection and XSS filters via a malformed HTTP request. 2022-11-02 9.8 CVE-2022-38381
CONFIRM
glpi-project — glpi GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Time based attack using a SQL injection in api REST user_token. This issue has been patched, please upgrade to version 10.0.4. As a workaround, disable login with user_token on API Rest. 2022-11-03 9.8 CVE-2022-39323
CONFIRM
xmldom_project — xmldom xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. xmldom parses XML that is not well-formed because it contains multiple top level elements, and adds all root nodes to the `childNodes` collection of the `Document`, without reporting any error or throwing. This breaks the assumption that there is only a single root node in the tree, which led to issuance of CVE-2022-39299 as it is a potential issue for dependents. Update to @xmldom/xmldom@~0.7.7, @xmldom/xmldom@~0.8.4 (dist-tag latest) or @xmldom/xmldom@>=0.9.0-beta.4 (dist-tag next). As a workaround, please one of the following approaches depending on your use case: instead of searching for elements in the whole DOM, only search in the `documentElement`or reject a document with a document that has more then 1 `childNode`. 2022-11-02 9.8 CVE-2022-39353
MISC
CONFIRM
datahub_project — datahub DataHub is an open-source metadata platform. Prior to version 0.8.45, the `StatelessTokenService` of the DataHub metadata service (GMS) does not verify the signature of JWT tokens. This allows an attacker to connect to DataHub instances as any user if Metadata Service authentication is enabled. This vulnerability occurs because the `StatelessTokenService` of the Metadata service uses the `parse` method of `io.jsonwebtoken.JwtParser`, which does not perform a verification of the cryptographic token signature. This means that JWTs are accepted regardless of the used algorithm. This issue may lead to an authentication bypass. Version 0.8.45 contains a patch for the issue. There are no known workarounds. 2022-10-28 9.8 CVE-2022-39366
MISC
MISC
MISC
CONFIRM
MISC
fluentd — fluentd Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. A remote code execution (RCE) vulnerability in non-default configurations of Fluentd allows unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads. Fluentd setups are only affected if the environment variable `FLUENT_OJ_OPTION_MODE` is explicitly set to `object`. Please note: The option FLUENT_OJ_OPTION_MODE was introduced in Fluentd version 1.13.2. Earlier versions of Fluentd are not affected by this vulnerability. This issue was patched in version 1.15.3. As a workaround do not use `FLUENT_OJ_OPTION_MODE=object`. 2022-11-02 9.8 CVE-2022-39379
MISC
CONFIRM
keystonejs — keystone Keystone is a headless CMS for Node.js — built with GraphQL and React.`@keystone-6/[email protected] || 3.0.1` users that use `NODE_ENV` to trigger security-sensitive functionality in their production builds are vulnerable to `NODE_ENV` being inlined to `”development”` for user code, irrespective of what your environment variables. If you do not use `NODE_ENV` in your user code to trigger security-sensitive functionality, you are not impacted by this vulnerability. Any dependencies that use `NODE_ENV` to trigger particular behaviors (optimizations, security or otherwise) should still respect your environment’s configured `NODE_ENV` variable. The application’s dependencies, as found in `node_modules` (including `@keystone-6/core`), are typically not compiled as part of this process, and thus should be unaffected. We have tested this assumption by verifying that `NODE_ENV=production yarn keystone start` still uses secure cookies when using `statelessSessions`. This vulnerability has been fixed in @keystone-6/[email protected], regression tests have been added for this vulnerability in #8063. 2022-11-03 9.8 CVE-2022-39382
MISC
CONFIRM
MISC
deltaww — infrasuite_device_master The database backup function in Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior lacks proper authentication. An attacker could provide malicious serialized objects which, when deserialized, could activate an opcode for a backup scheduling function without authentication. This function allows the user to designate all function arguments and the file to be executed. This could allow the attacker to start any new process and achieve remote code execution. 2022-10-31 9.8 CVE-2022-40202
MISC
phppointofsale — php_point_of_sale The application was vulnerable to a session fixation that could be used hijack accounts. 2022-10-31 9.8 CVE-2022-40293
MISC
phppointofsale — php_point_of_sale The application was vulnerable to a Server-Side Request Forgery attacks, allowing the backend server to interact with unexpected endpoints, potentially including internal and local services, leading to attacks in other downstream systems. 2022-10-31 9.8 CVE-2022-40296
MISC
clinic\’s_patient_management_system_project — clinic\’s_patient_management_system Remote Code Execution in Clinic’s Patient Management System v 1.0 allows Attacker to Upload arbitrary php webshell via profile picture upload functionality in users.php 2022-10-31 9.8 CVE-2022-40471
MISC
MISC
MISC
softnext — mail_sqr_expert Mail SQR Expert’s specific function has insufficient filtering for special characters. An unauthenticated remote attacker can exploit this vulnerability to perform arbitrary system command and disrupt service. 2022-10-31 9.8 CVE-2022-40741
MISC
hitachi — infrastructure_analytics_advisor Server-Side Request Forgery (SSRF) vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Data Center Analytics, Analytics probe components), Hitachi Ops Center Analyzer on Linux (Hitachi Ops Center Analyzer detail view, Hitachi Ops Center Analyzer probe components) allows Server Side Request Forgery. 2022-11-01 9.8 CVE-2022-41552
MISC
heidenhain — heros The HEIDENHAIN Controller TNC 640, version 340590 07 SP5, running HEROS 5.08.3 controlling the HARTFORD 5A-65E CNC machine is vulnerable to improper authentication, which may allow an attacker to deny service to the production line, steal sensitive data from the production line, and alter any products created by the production line. 2022-10-28 9.8 CVE-2022-41648
MISC
deltaww — infrasuite_device_master Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior allow attacker provided data already serialized into memory to be used in file operation application programmable interfaces (APIs). This could create arbitrary files, which could be used in API operations and could ultimately result in remote code execution. 2022-10-31 9.8 CVE-2022-41657
MISC
deltaww — infrasuite_device_master Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior mishandle .ZIP archives containing characters used in path traversal. This path traversal could result in remote code execution. 2022-10-31 9.8 CVE-2022-41772
MISC
deltaww — infrasuite_device_master Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize network packets without proper verification. If the device connects to an attacker-controlled server, the attacker could send maliciously crafted packets that would be deserialized and executed, leading to remote code execution. 2022-10-31 9.8 CVE-2022-41779
MISC
auieo — candidats CandidATS version 3.0.0 allows an external attacker to perform CRUD operations on the application databases. This is possible because the application does not correctly validate the entriesPerPage parameter against SQLi attacks. 2022-11-03 9.8 CVE-2022-42744
MISC
MISC
apple — macos An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13, watchOS 9.1. A remote user may be able to cause kernel code execution. 2022-11-01 9.8 CVE-2022-42808
MISC
MISC
MISC
MISC
apple — macos A certificate validation issue existed in the handling of WKWebView. This issue was addressed with improved validation. This issue is fixed in tvOS 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13, watchOS 9.1. Processing a maliciously crafted certificate may lead to arbitrary code execution. 2022-11-01 9.8 CVE-2022-42813
MISC
MISC
MISC
MISC
haxx — curl curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTP(S) URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request (HTTP proxies often only allow outgoing connections to specific port numbers, like 443 for HTTPS) and instead return a non-200 status code to the client. Due to flaws in the error/cleanup handling, this could trigger a double free in curl if one of the following schemes were used in the URL for the transfer: dict, gopher, gophers, ldap, ldaps, rtmp, rtmps, or telnet. The earliest affected version is 7.77.0. 2022-10-29 9.8 CVE-2022-42915
MISC
FEDORA
tenda — ac23_firmware Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the devName parameter in the formSetDeviceName function. 2022-11-03 9.8 CVE-2022-43101
MISC
tenda — ac23_firmware Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the timeZone parameter in the fromSetSysTime function. 2022-11-03 9.8 CVE-2022-43102
MISC
tenda — ac23_firmware Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the list parameter in the formSetQosBand function. 2022-11-03 9.8 CVE-2022-43103
MISC
tenda — ac23_firmware Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the wpapsk_crypto parameter in the fromSetWirelessRepeat function. 2022-11-03 9.8 CVE-2022-43104
MISC
tenda — ac23_firmware Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the shareSpeed parameter in the fromSetWifiGusetBasic function. 2022-11-03 9.8 CVE-2022-43105
MISC
tenda — ac23_firmware Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the schedStartTime parameter in the setSchedWifi function. 2022-11-03 9.8 CVE-2022-43106
MISC
tenda — ac23_firmware Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the time parameter in the setSmartPowerManagement function. 2022-11-03 9.8 CVE-2022-43107
MISC
tenda — ac23_firmware Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the firewallEn parameter in the formSetFirewallCfg function. 2022-11-03 9.8 CVE-2022-43108
MISC
dlink — dir-823g_firmware D-Link DIR-823G v1.0.2 was found to contain a command injection vulnerability in the function SetNetworkTomographySettings. This vulnerability allows attackers to execute arbitrary commands via a crafted packet. 2022-11-03 9.8 CVE-2022-43109
MISC
MISC
rukovoditel — rukovoditel Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the reports_id parameter. 2022-10-28 9.8 CVE-2022-43168
MISC
f5 — njs Nginx NJS v0.7.2 was discovered to contain a heap-use-after-free bug caused by illegal memory copy in the function njs_json_parse_iterator_call at njs_json.c. 2022-10-28 9.8 CVE-2022-43286
MISC
MISC
lesspipe_project — lesspipe lesspipe before 2.06 allows attackers to execute code via Perl Storable (pst) files, because of deserialized object destructor execution via a key/value pair in a hash. 2022-11-01 9.8 CVE-2022-44542
MISC
MISC
zoom — virtual_desktop_infrastructure The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.2 is susceptible to a URL parsing vulnerability. If a malicious Zoom meeting URL is opened, the malicious link may direct the user to connect to an arbitrary network address, leading to additional attacks including session takeovers. 2022-10-31 9.6 CVE-2022-28763
MISC
sauter-controls — moduweb_firmware SAUTER Controls moduWeb firmware version 2.7.1 is vulnerable to reflective cross-site scripting (XSS). The web application does not adequately sanitize request strings of malicious JavaScript. An attacker utilizing XSS could then execute malicious code in users’ browsers and steal sensitive information, including user credentials. 2022-10-31 9.6 CVE-2022-40190
MISC
silabs — gecko_bootloader Out-of-Bounds error in GBL parser in Silicon Labs Gecko Bootloader version 4.0.1 and earlier allows attacker to overwrite flash Sign key and OTA decryption key via malicious bootloader upgrade. 2022-11-02 9.1 CVE-2022-24936
MISC
MISC
sick — flx3-cpuc1_firmware A remote unprivileged attacker can interact with the configuration interface of a Flexi-Compact FLX3-CPUC1 or FLX3-CPUC2 running an affected firmware version to potentially impact the availability of the FlexiCompact. 2022-10-31 9.1 CVE-2022-27583
MISC
vmware — cloud_foundation VMware Cloud Foundation (NSX-V) contains an XML External Entity (XXE) vulnerability. On VCF 3.x instances with NSX-V deployed, this may allow a user to exploit this issue leading to a denial-of-service condition or unintended information disclosure. 2022-10-28 9.1 CVE-2022-31678
MISC
train_scheduler_app_project — train_scheduler_app A vulnerability was found in SourceCodester Train Scheduler App 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /train_scheduler_app/?action=delete. The manipulation of the argument id leads to improper control of resource identifiers. The attack may be launched remotely. The identifier of this vulnerability is VDB-212504. 2022-10-31 9.1 CVE-2022-3774
MISC
MISC
MISC
ibm — infosphere_information_server “IBM InfoSphere Information Server 11.7 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 236584.” 2022-11-03 9.1 CVE-2022-40747
MISC
deltaww — infrasuite_device_master Delta Electronics InfraSuite Device Master versions 00.00.01a and prior allow unauthenticated users to access the aprunning endpoint, which could allow an attacker to retrieve any file from the “RunningConfigs” directory. The attacker could then view and modify configuration files such as UserListInfo.xml, which would allow them to see existing administrative passwords. 2022-10-31 9.1 CVE-2022-41629
MISC
phppointofsale — php_point_of_sale The application was found to be vulnerable to an authenticated Stored Cross-Site Scripting (XSS) vulnerability in messaging functionality, leading to privilege escalation or a compromise of a targeted account. 2022-10-31 9 CVE-2022-40287
MISC
phppointofsale — php_point_of_sale The application was vulnerable to an authenticated Stored Cross-Site Scripting (XSS) in the user profile data fields, which could be leveraged to escalate privileges within and compromise any account that views their user profile. 2022-10-31 9 CVE-2022-40288
MISC
phppointofsale — php_point_of_sale The application was vulnerable to an authenticated Stored Cross-Site Scripting (XSS) in the upload and download functionality, which could be leveraged to escalate privileges or compromise any accounts they can coerce into observing the targeted files. 2022-10-31 9 CVE-2022-40289
MISC
expresstech — quiz_and_survey_master Multiple Insecure Direct Object References (IDOR) vulnerabilities in ExpressTech Quiz And Survey Master plugin <= 7.3.6 on WordPress. 2022-11-03 8.8 CVE-2021-36906
CONFIRM
CONFIRM
haascnc — haas_controller_firmware Haas Controller version 100.20.000.1110 has insufficient granularity of access control when using the “Ethernet Q Commands” service. Any user is able to write macros into registers outside of the authorized accessible range. This could allow a user to access privileged resources or resources out of context. 2022-10-28 8.8 CVE-2022-2475
MISC
keywordrush — content_egg Cross-Site Request Forgery (CSRF) vulnerability in Keywordrush Content Egg plugin <= 5.4.0 on WordPress. 2022-11-03 8.8 CVE-2022-25952
CONFIRM
CONFIRM
apple — macos A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution. 2022-11-01 8.8 CVE-2022-26709
MISC
MISC
MISC
MISC
MISC
apple — macos A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, tvOS 15.5, watchOS 8.6. Processing maliciously crafted web content may lead to arbitrary code execution. 2022-11-01 8.8 CVE-2022-26710
MISC
MISC
MISC
MISC
apple — macos A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution. 2022-11-01 8.8 CVE-2022-26716
MISC
MISC
MISC
MISC
MISC
apple — macos A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5, iTunes 12.12.4 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution. 2022-11-01 8.8 CVE-2022-26717
MISC
MISC
MISC
MISC
MISC
MISC
apple — macos A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution. 2022-11-01 8.8 CVE-2022-26719
MISC
MISC
MISC
MISC
MISC
superwhite — demon_image_annotation The demon image annotation plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.7. This is due to missing nonce validation in the ~/includes/settings.php file. This makes it possible for unauthenticated attackers to modify the plugin’s settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2022-10-28 8.8 CVE-2022-2864
MISC
MISC
MISC
ibm — infosphere_information_server “IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a “user that the website trusts. IBM X-Force ID: 227295. 2022-11-03 8.8 CVE-2022-30608
MISC
hypr — workforce_access Incorrect Permission Assignment for Critical Resource vulnerability in HYPR Workforce Access on Windows allows Authentication Abuse. 2022-11-03 8.8 CVE-2022-3258
MISC
apple — iphone_os An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, iOS 15.7 and iPadOS 15.7, watchOS 9, macOS Monterey 12.6, tvOS 16. Processing maliciously crafted web content may lead to arbitrary code execution. 2022-11-01 8.8 CVE-2022-32888
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MLIST
apple — macos A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13. Processing maliciously crafted web content may lead to arbitrary code execution. 2022-11-01 8.8 CVE-2022-32922
MISC
MISC
MISC
apple — macos The issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, macOS Monterey 12.6. A remote user may be able to cause kernel code execution. 2022-11-01 8.8 CVE-2022-32934
MISC
MISC
MISC
google — chrome Use after free in CSS in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High) 2022-11-01 8.8 CVE-2022-3304
MISC
MISC
google — chrome Use after free in survey in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High) 2022-11-01 8.8 CVE-2022-3305
MISC
MISC
google — chrome Use after free in survey in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High) 2022-11-01 8.8 CVE-2022-3306
MISC
MISC
google — chrome Use after free in media in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High) 2022-11-01 8.8 CVE-2022-3307
MISC
MISC
google — chrome Type confusion in Blink in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: Low) 2022-11-01 8.8 CVE-2022-3315
MISC
MISC
nextend — smart_slider_3 The Smart Slider 3 WordPress plugin before 3.5.1.11 unserialises the content of an imported file, which could lead to PHP object injection issues when a user import (intentionally or not) a malicious file, and a suitable gadget chain is present on the site. 2022-10-31 8.8 CVE-2022-3357
CONFIRM
google — chrome Use after free in Custom Elements in Google Chrome prior to 106.0.5249.91 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High) 2022-11-01 8.8 CVE-2022-3370
MISC
MISC
google — chrome Out of bounds write in V8 in Google Chrome prior to 106.0.5249.91 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chrome security severity: High) 2022-11-01 8.8 CVE-2022-3373
MISC
MISC
bricksbuilder — bricks The Bricks theme for WordPress is vulnerable to remote code execution due to the theme allowing site editors to include executable code blocks in website content in versions 1.2 to 1.5.3. This, combined with the missing authorization vulnerability (CVE-2022-3400), makes it possible for authenticated attackers with minimal permissions, such as a subscriber, can edit any page, post, or template on the vulnerable WordPress website and inject a code execution block that can be used to achieve remote code execution. 2022-10-28 8.8 CVE-2022-3401
MISC
MISC
cloudflare — warp Using warp-cli command “add-trusted-ssid”, a user was able to disconnect WARP client and bypass the “Lock WARP switch” feature resulting in Zero Trust policies not being enforced on an affected endpoint. 2022-10-28 8.8 CVE-2022-3512
MISC
google — chrome Type confusion in V8 in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High) 2022-11-01 8.8 CVE-2022-3652
MISC
MISC
google — chrome Heap buffer overflow in Vulkan in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High) 2022-11-01 8.8 CVE-2022-3653
MISC
MISC
google — chrome Use after free in Layout in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High) 2022-11-01 8.8 CVE-2022-3654
MISC
MISC
google — chrome Heap buffer overflow in Media Galleries in Google Chrome prior to 107.0.5304.62 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: Medium) 2022-11-01 8.8 CVE-2022-3655
MISC
MISC
google — chrome Insufficient data validation in File System in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chrome security severity: Medium) 2022-11-01 8.8 CVE-2022-3656
MISC
MISC
google — chrome Use after free in Extensions in Google Chrome prior to 107.0.5304.62 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chrome security severity: Medium) 2022-11-01 8.8 CVE-2022-3657
MISC
MISC
google — chrome Use after free in Feedback service on Chrome OS in Google Chrome on Chrome OS prior to 107.0.5304.62 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interaction. (Chrome security severity: Medium) 2022-11-01 8.8 CVE-2022-3658
MISC
MISC
google — chrome Use after free in Accessibility in Google Chrome on Chrome OS prior to 107.0.5304.62 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions. (Chrome security severity: Medium) 2022-11-01 8.8 CVE-2022-3659
MISC
MISC
google — chrome Type confusion in V8 in Google Chrome prior to 107.0.5304.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High) 2022-11-01 8.8 CVE-2022-3723
MISC
MISC
web-based_student_clearance_system_project — web-based_student_clearance_system A vulnerability was found in SourceCodester Web-Based Student Clearance System. It has been classified as critical. This affects an unknown part of the file Admin/edit-admin.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212415. 2022-10-28 8.8 CVE-2022-3733
N/A
N/A
exiv2 — exiv2 A vulnerability was found in Exiv2. It has been classified as critical. Affected is the function QuickTimeVideo::userDataDecoder of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to integer overflow. It is possible to launch the attack remotely. The name of the patch is bf4f28b727bdedbd7c88179c30d360e54568a62e. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-212496. 2022-10-29 8.8 CVE-2022-3756
MISC
MISC
exiv2 — exiv2 A vulnerability was found in Exiv2. It has been declared as critical. Affected by this vulnerability is the function QuickTimeVideo::decodeBlock of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The name of the patch is d3651fdbd352cbaf259f89abf7557da343339378. It is recommended to apply a patch to fix this issue. The identifier VDB-212497 was assigned to this vulnerability. 2022-10-29 8.8 CVE-2022-3757
MISC
MISC
MISC
xjyunjing — yunjing_content_management_system A vulnerability classified as critical was found in Yunjing CMS. This vulnerability affects unknown code of the file /index/user/upload_img.html. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212500. 2022-10-31 8.8 CVE-2022-3770
N/A
N/A
easyiicms — easyiicms A vulnerability, which was classified as problematic, was found in easyii CMS. Affected is an unknown function of the file /admin/sign/out. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. VDB-212502 is the identifier assigned to this vulnerability. 2022-10-31 8.8 CVE-2022-3772
N/A
N/A
oracle — restaurant_menu_-_food_ordering_system_-_table_reservation The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.1. This is due to missing or incorrect nonce validation on several functions called via AJAX actions such as forms_action, set_option, & chosen_options to name a few . This makes it possible for unauthenticated attackers to perform a variety of administrative actions like modifying forms, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2022-11-03 8.8 CVE-2022-3776
MISC
MISC
ibax — go-ibax A vulnerability classified as critical has been found in IBAX go-ibax. Affected is an unknown function of the file /api/v2/open/tablesInfo. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-212634 is the identifier assigned to this vulnerability. 2022-11-01 8.8 CVE-2022-3798
N/A
N/A
ibax — go-ibax A vulnerability classified as critical was found in IBAX go-ibax. Affected by this vulnerability is an unknown functionality of the file /api/v2/open/tablesInfo. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212635. 2022-11-01 8.8 CVE-2022-3799
N/A
N/A
ibax — go-ibax A vulnerability, which was classified as critical, has been found in IBAX go-ibax. Affected by this issue is some unknown functionality of the file /api/v2/open/rowsInfo. The manipulation of the argument table_name leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212636. 2022-11-01 8.8 CVE-2022-3800
N/A
N/A
ibax — go-ibax A vulnerability, which was classified as critical, was found in IBAX go-ibax. This affects an unknown part of the file /api/v2/open/rowsInfo. The manipulation of the argument order leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-212637 was assigned to this vulnerability. 2022-11-01 8.8 CVE-2022-3801
N/A
N/A
ibax — go-ibax A vulnerability has been found in IBAX go-ibax and classified as critical. This vulnerability affects unknown code of the file /api/v2/open/rowsInfo. The manipulation of the argument where leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-212638 is the identifier assigned to this vulnerability. 2022-11-01 8.8 CVE-2022-3802
N/A
N/A
m-files — hubshare Javascript injection in PDFtron in M-Files Hubshare before 3.3.10.9 allows authenticated attackers to perform an account takeover via a crafted PDF upload. 2022-10-31 8.8 CVE-2022-39016
MISC
glpi-project — glpi GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Deleted/deactivated user could continue to use their account as long as its cookie is valid. This issue has been patched, please upgrade to version 10.0.4. There are currently no known workarounds. 2022-11-03 8.8 CVE-2022-39234
CONFIRM
discourse — discourse Discourse is a platform for community discussion. Users who receive an invitation link that is not scoped to a single email address can enter any non-admin user’s email and gain access to their account when accepting the invitation. All users should upgrade to the latest version. A workaround is temporarily disabling invitations with `SiteSetting.max_invites_per_day = 0` or scope them to individual email addresses. 2022-11-02 8.8 CVE-2022-39356
CONFIRM
MISC
phppointofsale — php_point_of_sale The application was vulnerable to Cross-Site Request Forgery (CSRF) attacks, allowing an attacker to coerce users into sending malicious requests to the site to delete their account, or in rare circumstances, hijack their account and create other admin accounts. 2022-10-31 8.8 CVE-2022-40291
MISC
phppointofsale — php_point_of_sale The application was identified to have an CSV injection in data export functionality, allowing for malicious code to be embedded within export data and then triggered in exported data viewers. 2022-10-31 8.8 CVE-2022-40294
MISC
deltaww — infrasuite_device_master Delta Electronics InfraSuite Device Master versions 00.00.01a and prior lacks authentication for a function that changes group privileges. An attacker could use this to create a denial-of-service state or escalate their own privileges. 2022-10-31 8.8 CVE-2022-41644
MISC
formalms — formalms There is a vulnerability on Forma LMS version 3.1.0 and earlier that could allow an authenticated attacker (with the role of student) to privilege escalate in order to upload a Zip file through the SCORM importer feature. The exploitation of this vulnerability could lead to a remote code injection. 2022-10-31 8.8 CVE-2022-41681
CONFIRM
xen — xen Xenstore: Guests can crash xenstored Due to a bug in the fix of XSA-115 a malicious guest can cause xenstored to use a wrong pointer during node creation in an error path, resulting in a crash of xenstored or a memory corruption in xenstored causing further damage. Entering the error path can be controlled by the guest e.g. by exceeding the quota value of maximum nodes per domain. 2022-11-01 8.8 CVE-2022-42309
MISC
CONFIRM
MLIST
DEBIAN
auieo — candidats CandidATS version 3.0.0 allows an external attacker to steal the cookie of arbitrary users. This is possible because the application does not correctly validate the files uploaded by the user. 2022-11-03 8.8 CVE-2022-42750
MISC
MISC
auieo — candidats CandidATS version 3.0.0 allows an external attacker to elevate privileges in the application. This is possible because the application suffers from CSRF. This allows to persuade an administrator to create a new account with administrative permissions. 2022-11-03 8.8 CVE-2022-42751
MISC
MISC
apple — iphone_os A memory consumption issue was addressed with improved memory handling. This issue is fixed in tvOS 16, iOS 16, macOS Ventura 13, watchOS 9. Processing a maliciously crafted image may lead to arbitrary code execution. 2022-11-01 8.8 CVE-2022-42795
MISC
MISC
MISC
MISC
apple — macos A type confusion issue was addressed with improved memory handling. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing maliciously crafted web content may lead to arbitrary code execution. 2022-11-01 8.8 CVE-2022-42823
MISC
MISC
MISC
MISC
MISC
MLIST
formalms — formalms Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker (with the role of student) to perform a SQL injection on the ‘id’ parameter in the ‘appCore/index.php?r=adm/mediagallery/delete’ function in order to dump the entire database or delete all contents from the ‘core_user_file’ table. 2022-10-31 8.8 CVE-2022-42923
CONFIRM
formalms — formalms There is a vulnerability on Forma LMS version 3.1.0 and earlier that could allow an authenticated attacker (with the role of student) to privilege escalate in order to upload a Zip file through the plugin upload component. The exploitation of this vulnerability could lead to a remote code injection. 2022-10-31 8.8 CVE-2022-42925
CONFIRM
online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms/?page=appointments/view_appointment. 2022-11-02 8.8 CVE-2022-43226
MISC
totaljs — total.js In Total.js 4 before 0e5ace7, /api/common/ping can achieve remote command execution via shell metacharacters in the host parameter. 2022-10-30 8.8 CVE-2022-44019
MISC
MISC
MISC
pixman — pixman In libpixman in Pixman before 0.42.2, there is an out-of-bounds write (aka heap-based buffer overflow) in rasterize_edges_8 due to an integer overflow in pixman_sample_floor_y. 2022-11-03 8.8 CVE-2022-44638
MISC
MLIST
fortinet — fortimail An insufficient verification of data authenticity vulnerability [CWE-345] in FortiClient, FortiMail and FortiOS AV engines version 6.2.168 and below and version 6.4.274 and below may allow an attacker to bypass the AV engine via manipulating MIME attachment with junk and pad characters in base64. 2022-11-02 8.6 CVE-2022-26122
CONFIRM
apple — macos A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13. A sandboxed process may be able to circumvent sandbox restrictions. 2022-11-01 8.6 CVE-2022-32890
MISC
apple — safari An access issue was addressed with improvements to the sandbox. This issue is fixed in Safari 16, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Ventura 13. A sandboxed process may be able to circumvent sandbox restrictions. 2022-11-01 8.6 CVE-2022-32892
MISC
MISC
MISC
MISC
cloudflare — warp_mobile_client It was possible for a user to delete a VPN profile from WARP mobile client on iOS platform despite the Lock WARP switch https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/#lock-warp-switch feature being enabled on Zero Trust Platform. This led to bypassing policies and restrictions enforced for enrolled devices by the Zero Trust platform. 2022-10-28 8.5 CVE-2022-3337
MISC
cloudflare — warp_mobile_client It was possible to bypass Lock WARP switch feature https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/#lock-warp-switch on the WARP iOS mobile client by enabling both “Disable for cellular networks” and “Disable for Wi-Fi networks” switches at once in the application settings. Such configuration caused the WARP client to disconnect and allowed the user to bypass restrictions and policies enforced by the Zero Trust platform. 2022-10-28 8.2 CVE-2022-3321
MISC
stb_project — stb stb_image.h 2.27 has a heap-based buffer over in stbi__jpeg_load, leading to Information Disclosure or Denial of Service. 2022-11-02 8.1 CVE-2021-37789
MISC
fortinet — fortios A key management error vulnerability [CWE-320] affecting the RSA SSH host key in FortiOS 7.2.0 and below, 7.0.6 and below, 6.4.9 and below may allow an unauthenticated attacker to perform a man in the middle attack. 2022-11-02 8.1 CVE-2022-30307
CONFIRM
vmware — spring_security Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can modify a request initiated by the Client (via the browser) to the Authorization Server which can lead to a privilege escalation on the subsequent approval. This scenario can happen if the Authorization Server responds with an OAuth2 Access Token Response containing an empty scope list (per RFC 6749, Section 5.1) on the subsequent request to the token endpoint to obtain the access token. 2022-10-31 8.1 CVE-2022-31690
MISC
thimpress — learnpress The LearnPress WordPress plugin before 4.1.7.2 unserialises user input in a REST API endpoint available to unauthenticated users, which could lead to PHP Object Injection when a suitable gadget is present, leadint to remote code execution (RCE). To successfully exploit this vulnerability attackers must have knowledge of the site secrets, allowing them to generate a valid hash via the wp_hash() function. 2022-10-31 8.1 CVE-2022-3360
CONFIRM
google — web_stories The Web Stories plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including 1.24.0 due to insufficient validation of URLs supplied via the ‘url’ parameter found via the /v1/hotlink/proxy REST API Endpoint. This made it possible for authenticated users to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. 2022-10-28 8.1 CVE-2022-3708
MISC
MISC
MISC
MISC
haascnc — haas_controller_firmware Authentication is currently unsupported in Haas Controller version 100.20.000.1110 when using the “Ethernet Q Commands” service, which allows any user on the same network segment as the controller (even while connected remotely) to access the service and write unauthorized macros to the device. 2022-10-28 8 CVE-2022-2474
MISC
apereo — phpcas phpCAS is an authentication library that allows PHP applications to easily authenticate users via a Central Authentication Service (CAS) server. The phpCAS library uses HTTP headers to determine the service URL used to validate tickets. This allows an attacker to control the host header and use a valid ticket granted for any authorized service in the same SSO realm (CAS server) to authenticate to the service protected by phpCAS. Depending on the settings of the CAS server service registry in worst case this may be any other service URL (if the allowed URLs are configured to “^(https)://.*”) or may be strictly limited to known and authorized services in the same SSO federation if proper URL service validation is applied. This vulnerability may allow an attacker to gain access to a victim’s account on a vulnerable CASified service without victim’s knowledge, when the victim visits attacker’s website while being logged in to the same CAS server. phpCAS 1.6.0 is a major version upgrade that starts enforcing service URL discovery validation, because there is unfortunately no 100% safe default config to use in PHP. Starting this version, it is required to pass in an additional service base URL argument when constructing the client class. For more information, please refer to the upgrading doc. This vulnerability only impacts the CAS client that the phpCAS library protects against. The problematic service URL discovery behavior in phpCAS < 1.6.0 will only be disabled, and thus you are not impacted from it, if the phpCAS configuration has the following setup: 1. `phpCAS::setUrl()` is called (a reminder that you have to pass in the full URL of the current page, rather than your service base URL), and 2. `phpCAS::setCallbackURL()` is called, only when the proxy mode is enabled. 3. If your PHP’s HTTP header input `X-Forwarded-Host`, `X-Forwarded-Server`, `Host`, `X-Forwarded-Proto`, `X-Forwarded-Protocol` is sanitized before reaching PHP (by a reverse proxy, for example), you will not be impacted by this vulnerability either. If your CAS server service registry is configured to only allow known and trusted service URLs the severity of the vulnerability is reduced substantially in its severity since an attacker must be in control of another authorized service. Otherwise, you should upgrade the library to get the safe service discovery behavior. 2022-11-01 8 CVE-2022-39369
CONFIRM
jhead_project — jhead jhead 3.06 is vulnerable to Buffer Overflow via exif.c in function Put16u. 2022-11-04 7.8 CVE-2021-34055
MISC
netskope — netskope Netskope client is impacted by a vulnerability where an authenticated, local attacker can view sensitive information stored in NSClient logs which should be restricted. The vulnerability exists because the sensitive information is not masked/scrubbed before writing in the logs. A malicious user can use the sensitive information to download data and impersonate another user. 2022-11-03 7.8 CVE-2021-44862
MISC
fortinet — fortisiem A improper authentication vulnerability in Fortinet FortiSIEM before 6.5.0 allows a local attacker with CLI access to perform operations on the Glassfish server directly via a hardcoded password. 2022-11-02 7.8 CVE-2022-26119
CONFIRM
apple — macos A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13. Processing a maliciously crafted image may lead to arbitrary code execution. 2022-11-01 7.8 CVE-2022-26730
MISC
apple — macos A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. A malicious application may be able to execute arbitrary code with system privileges. 2022-11-01 7.8 CVE-2022-26762
MISC
MISC
apple — mac_os_x A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. An app may be able to gain elevated privileges. 2022-11-01 7.8 CVE-2022-32794
MISC
MISC
MISC
apple — iphone_os The issue was addressed with improved memory handling. This issue is fixed in iOS 16, macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges. 2022-11-01 7.8 CVE-2022-32865
MISC
MISC
apple — macos The issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, watchOS 9, macOS Monterey 12.6, tvOS 16. An app may be able to execute arbitrary code with kernel privileges. 2022-11-01 7.8 CVE-2022-32866
MISC
MISC
MISC
MISC
MISC
apple — iphone_os The issue was addressed with improved memory handling. This issue is fixed in iOS 16. An app may be able to execute arbitrary code with kernel privileges. 2022-11-01 7.8 CVE-2022-32887
MISC
apple — iphone_os The issue was addressed with improved memory handling. This issue is fixed in iOS 16, watchOS 9. An app may be able to execute arbitrary code with kernel privileges. 2022-11-01 7.8 CVE-2022-32889
MISC
MISC
apple — iphone_os The issue was addressed with improved memory handling. This issue is fixed in iOS 15.7 and iPadOS 15.7, iOS 16, macOS Ventura 13, watchOS 9. An app may be able to execute arbitrary code with kernel privileges. 2022-11-01 7.8 CVE-2022-32898
MISC
MISC
MISC
MISC
apple — iphone_os The issue was addressed with improved memory handling. This issue is fixed in iOS 15.7 and iPadOS 15.7, iOS 16, macOS Ventura 13, watchOS 9. An app may be able to execute arbitrary code with kernel privileges. 2022-11-01 7.8 CVE-2022-32899
MISC
MISC
MISC
MISC
apple — iphone_os A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 16, iOS 16, watchOS 9. An app may be able to execute arbitrary code with kernel privileges. 2022-11-01 7.8 CVE-2022-32903
MISC
MISC
MISC
apple — macos This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13. Processing a maliciously crafted DMG file may lead to arbitrary code execution with system privileges. 2022-11-01 7.8 CVE-2022-32905
MISC
apple — iphone_os This issue was addressed with improved checks. This issue is fixed in tvOS 16, iOS 16, watchOS 9. An app may be able to execute arbitrary code with kernel privileges. 2022-11-01 7.8 CVE-2022-32907
MISC
MISC
MISC
apple — iphone_os A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, watchOS 9, macOS Monterey 12.6, tvOS 16. An app may be able to execute arbitrary code with kernel privileges. 2022-11-01 7.8 CVE-2022-32914
MISC
MISC
MISC
MISC
MISC
MISC
apple — macos A type confusion issue was addressed with improved checks. This issue is fixed in macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges. 2022-11-01 7.8 CVE-2022-32915
MISC
apple — macos The issue was addressed with improved memory handling. This issue is fixed in tvOS 16.1, macOS Big Sur 11.7, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6. An app may be able to execute arbitrary code with kernel privileges. 2022-11-01 7.8 CVE-2022-32924
MISC
MISC
MISC
MISC
MISC
MISC
apple — iphone_os The issue was addressed with improved memory handling. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16, watchOS 9.1. An app may be able to execute arbitrary code with kernel privileges. 2022-11-01 7.8 CVE-2022-32932
MISC
MISC
MISC
apple — iphone_os The issue was addressed with improved bounds checks. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16. An app may be able to execute arbitrary code with kernel privileges. 2022-11-01 7.8 CVE-2022-32939
MISC
MISC
apple — macos The issue was addressed with improved bounds checks. This issue is fixed in tvOS 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13, watchOS 9.1. An app may be able to execute arbitrary code with kernel privileges. 2022-11-01 7.8 CVE-2022-32940
MISC
MISC
MISC
MISC
apple — macos A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. An app may be able to execute arbitrary code with kernel privileges. 2022-11-01 7.8 CVE-2022-32944
MISC
MISC
MISC
MISC
MISC
MISC
MISC
apple — macos The issue was addressed with improved memory handling. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13, watchOS 9.1. An app may be able to execute arbitrary code with kernel privileges. 2022-11-01 7.8 CVE-2022-32947
MISC
MISC
MISC
fortinet — fortitester An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the command line interpreter of FortiTester 3.0.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands. 2022-11-02 7.8 CVE-2022-33870
CONFIRM
ibm — infosphere_information_server “IBM InfoSphere Information Server 11.7 could allow a locally authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-“Force ID: 231361. 2022-11-03 7.8 CVE-2022-35717
MISC
axiosys — bento4 A vulnerability classified as critical was found in Axiomatic Bento4 5e7bb34. Affected by this vulnerability is the function AP4_Mp4AudioDsiParser::ReadBits of the file Ap4Mp4AudioInfo.cpp of the component mp4hls. The manipulation leads to heap-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212563. 2022-10-31 7.8 CVE-2022-3784
N/A
N/A
N/A
axiosys — bento4 A vulnerability, which was classified as critical, has been found in Axiomatic Bento4. Affected by this issue is the function AP4_DataBuffer::SetDataSize of the component Avcinfo. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212564. 2022-10-31 7.8 CVE-2022-3785
N/A
N/A
N/A
schneider-electric — ecostruxure_operator_terminal_expert A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that allows adversaries with local user privileges to load a malicious DLL which could lead to execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior). 2022-11-04 7.8 CVE-2022-41666
MISC
schneider-electric — ecostruxure_operator_terminal_expert A CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability exists that allows adversaries with local user privileges to load a malicious DLL which could lead to execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior). 2022-11-04 7.8 CVE-2022-41667
MISC
schneider-electric — ecostruxure_operator_terminal_expert A CWE-704: Incorrect Project Conversion vulnerability exists that allows adversaries with local user privileges to load a project file from an adversary-controlled network share which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior). 2022-11-04 7.8 CVE-2022-41668
MISC
opensvc — multipath-tools multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction with CVE-2022-41974. Local users able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which could lead to controlled file writes outside of the /dev/shm directory. This could be used indirectly for local privilege escalation to root. 2022-10-29 7.8 CVE-2022-41973
MISC
MISC
MISC
FULLDISC
MISC
opensvc — multipath-tools multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited alone or in conjunction with CVE-2022-41973. Local users able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This can lead to local privilege escalation to root. This occurs because an attacker can repeat a keyword, which is mishandled because arithmetic ADD is used instead of bitwise OR. 2022-10-29 7.8 CVE-2022-41974
MISC
MISC
MISC
FULLDISC
MISC
apple — ipados This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 15.7 and iPadOS 15.7, macOS Ventura 13. An app may be able to gain elevated privileges. 2022-11-01 7.8 CVE-2022-42796
MISC
MISC
apple — macos This issue was addressed with improved checks. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. A user may be able to cause unexpected app termination or arbitrary code execution. 2022-11-01 7.8 CVE-2022-42800
MISC
MISC
MISC
MISC
MISC
MISC
apple — macos A logic issue was addressed with improved checks. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1. An app may be able to execute arbitrary code with kernel privileges. 2022-11-01 7.8 CVE-2022-42801
MISC
MISC
MISC
MISC
MISC
MISC
apple — macos The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13. Processing a maliciously crafted gcx file may lead to unexpected app termination or arbitrary code execution. 2022-11-01 7.8 CVE-2022-42809
MISC
apple — macos A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app may cause unexpected app termination or arbitrary code execution. 2022-11-01 7.8 CVE-2022-42820
MISC
MISC
apple — iphone_os An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.. 2022-11-01 7.8 CVE-2022-42827
MISC
MISC
webassembly — wasm wasm-interp v1.0.29 was discovered to contain a heap overflow via the component std::vector<wabt::Type, std::allocator<wabt::Type>>::size() at /bits/stl_vector.h. 2022-10-28 7.8 CVE-2022-43281
MISC
hcltech — verse The application was signed using a key length less than or equal to 1024 bits, making it potentially vulnerable to forged digital signatures. An attacker could forge the same digital signature of the app after maliciously modifying the app. 2022-11-01 7.5 CVE-2020-4099
CONFIRM
hcltech — hcl_launch_container_image The provided HCL Launch Container images contain non-unique HTTPS certificates and a database encryption key. The fix provides directions and tools to replace the non-unique keys and certificates. This does not affect the standard installer packages. 2022-10-31 7.5 CVE-2021-27784
CONFIRM
honeywell — c200_firmware Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to relative path traversal, which may allow an attacker access to unauthorized files and directories. 2022-10-28 7.5 CVE-2021-38399
CONFIRM
CONFIRM
mt — ind780_firmware A remote, unauthenticated, directory traversal vulnerability was identified within the web interface used by IND780 Advanced Weighing Terminals Build 8.0.07 March 19, 2018 (SS Label ‘IND780_8.0.07’), Version 7.2.10 June 18, 2012 (SS Label ‘IND780_7.2.10’). It was possible to traverse the folders of the affected host by providing a traversal path to the ‘webpage’ parameter in AutoCE.ini This could allow a remote unauthenticated adversary to access additional files on the affected system. This could also allow the adversary to perform further enumeration against the affected host to identify the versions of the systems in use, in order to launch further attacks in future. 2022-10-31 7.5 CVE-2021-40661
MISC
MISC
hitachi — vantara_pentaho A vulnerability in Hitachi Vantara Pentaho Business Analytics Server versions before 9.2.0.2 and 8.3.0.25 does not cascade the hidden property to the children of the Home folder. This directory listing provides an attacker with the complete index of all the resources located inside the directory. 2022-11-02 7.5 CVE-2021-45446
MISC
hitachi — vantara_pentaho Hitachi Vantara Pentaho Business Analytics Server versions before 9.3.0.0, 9.2.0.2 and 8.3.0.25 with the Data Lineage feature enabled transmits database passwords in clear text. The transmission of sensitive data in clear text allows unauthorized actors with access to the network to sniff and obtain sensitive information that can be later used to gain unauthorized access. 2022-11-02 7.5 CVE-2021-45447
MISC
muhammara_project — muhammara The package muhammara before 2.6.0; all versions of package hummus are vulnerable to Denial of Service (DoS) when PDFStreamForResponse() is used with invalid data. 2022-11-01 7.5 CVE-2022-25885
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
muhammara_project — muhammara The package muhammara before 2.6.1, from 3.0.0 and before 3.1.1; all versions of package hummus are vulnerable to Denial of Service (DoS) when supplied with a maliciously crafted PDF file to be parsed. 2022-11-01 7.5 CVE-2022-25892
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
zephyrproject — zephyr The denial-of-service can be triggered by transmitting a carefully crafted CAN frame on the same CAN network as the vulnerable node. The frame must have a CAN ID matching an installed filter in the vulnerable node (this can easily be guessed based on CAN traffic analyses). The frame must contain the opposite RTR bit as what the filter installed in the vulnerable node contains (if the filter matches RTR frames, the frame must be a data frame or vice versa). 2022-10-31 7.5 CVE-2022-2741
MISC
schoolbox — schoolbox The application was vulnerable to multiple instances of SQL injection (authenticated and unauthenticated) through a vulnerable parameter. Due to the stacked query support, complex SQL commands could be crafted and injected into the vulnerable parameter and using a sleep based inferential SQL injection it was possible to extract data from the database. 2022-10-31 7.5 CVE-2022-3059
MISC
trihedral — vtscada An Improper Input Validation vulnerability exists in Trihedral VTScada version 12.0.38 and prior. A specifically malformed HTTP request could cause the affected VTScada to crash. Both local area network (LAN)-only and internet facing systems are affected. 2022-11-02 7.5 CVE-2022-3181
MISC
apache — unstructured_information_management_architecture A relative path traversal vulnerability in a FileUtil class used by the PEAR management component of Apache UIMA allows an attacker to create files outside the designated target directory using carefully crafted ZIP entry names. This issue affects Apache UIMA Apache UIMA version 3.3.0 and prior versions. Note that PEAR files should never be installed into an UIMA installation from untrusted sources because PEAR archives are executable plugins that will be able to perform any actions with the same privileges as the host Java Virtual Machine. 2022-11-03 7.5 CVE-2022-32287
MISC
MLIST
apple — mac_os_x A logic issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.8, macOS Monterey 12.5, Security Update 2022-005 Catalina. An archive may be able to bypass Gatekeeper. 2022-11-01 7.5 CVE-2022-32910
MISC
MISC
MISC
apple — iphone_os The issue was addressed with improved memory handling. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16. Joining a malicious Wi-Fi network may result in a denial-of-service of the Settings app. 2022-11-01 7.5 CVE-2022-32927
MISC
MISC
cloudflare — warp_mobile_client Lock Warp switch is a feature of Zero Trust platform which, when enabled, prevents users of enrolled devices from disabling WARP client. Due to insufficient policy verification by WARP iOS client, this feature could be bypassed by using the “Disable WARP” quick action. 2022-10-28 7.5 CVE-2022-3322
MISC
fortinet — fortios An exposure of sensitive information to an unauthorized actor vulnerabiltiy [CWE-200] in FortiOS SSL-VPN versions 7.2.0, versions 7.0.0 through 7.0.6 and versions 6.4.0 through 6.4.9 may allow a remote unauthenticated attacker to gain information about LDAP and SAML settings configured in FortiOS. 2022-11-02 7.5 CVE-2022-35842
CONFIRM
openssl — openssl A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution. Many platforms implement stack overflow protections which would mitigate against the risk of remote code execution. The risk may be further mitigated based on stack layout for any given platform/compiler. Pre-announcements of CVE-2022-3602 described this issue as CRITICAL. Further analysis based on some of the mitigating factors described above have led this to be downgraded to HIGH. Users are still encouraged to upgrade to a new version as soon as possible. In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects. Fixed in OpenSSL 3.0.7 (Affected 3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6). 2022-11-01 7.5 CVE-2022-3602
CONFIRM
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
CISCO
GENTOO
CONFIRM
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MISC
MLIST
MLIST
MLIST
MLIST
MLIST
CONFIRM
CERT-VN
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MISC
MISC
MISC
MISC
MISC
MISC
cloudflare — octorpki Attackers can create long chains of CAs that would lead to OctoRPKI exceeding its max iterations parameter. In consequence it would cause the program to crash, preventing it from finishing the validation and leading to a denial of service. 2022-10-28 7.5 CVE-2022-3616
MISC
redhat — ansible_collection A flaw was found in Ansible in the amazon.aws collection when using the tower_callback parameter from the amazon.aws.ec2_instance module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs. 2022-10-28 7.5 CVE-2022-3697
MISC
opennebula — opennebula Unrestricted Upload of File with Dangerous Type vulnerability in OpenNebula OpenNebula core on Linux allows File Content Injection. 2022-10-28 7.5 CVE-2022-37426
MISC
html-minifier_project — html-minifier A Regular Expression Denial of Service (ReDoS) flaw was found in kangax html-minifier 4.0.0 via the candidate variable in htmlminifier.js. 2022-10-31 7.5 CVE-2022-37620
MISC
MISC
MISC
devolutions — remote_desktop_manager Database connections on deleted users could stay active on MySQL data sources in Remote Desktop Manager 2022.3.7 and below which allow deleted users to access unauthorized data. This issue affects : Remote Desktop Manager 2022.3.7 and prior versions. 2022-11-01 7.5 CVE-2022-3780
MISC
openssl — openssl A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address in a certificate to overflow an arbitrary number of bytes containing the `.’ character (decimal 46) on the stack. This buffer overflow could result in a crash (causing a denial of service). In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects. 2022-11-01 7.5 CVE-2022-3786
CONFIRM
MISC
m-files — hubshare Broken access controls on PDFtron data in M-Files Hubshare before 3.3.11.3 allows unauthenticated attackers to access restricted PDF files via a known URL. 2022-10-31 7.5 CVE-2022-39018
MISC
m-files — hubshare Broken access controls on PDFtron WebviewerUI in M-Files Hubshare before 3.3.11.3 allows unauthenticated attackers to upload malicious files to the application server. 2022-10-31 7.5 CVE-2022-39019
MISC
conduit-hyper_project — conduit-hyper conduit-hyper integrates a conduit application with the hyper server. Prior to version 0.4.2, `conduit-hyper` did not check any limit on a request’s length before calling [`hyper::body::to_bytes`](https://docs.rs/hyper/latest/hyper/body/fn.to_bytes.html). An attacker could send a malicious request with an abnormally large `Content-Length`, which could lead to a panic if memory allocation failed for that request. In version 0.4.2, `conduit-hyper` sets an internal limit of 128 MiB per request, otherwise returning status 400 (“Bad Request”). This crate is part of the implementation of Rust’s [crates.io](https://crates.io/), but that service is not affected due to its existing cloud infrastructure, which already drops such malicious requests. Even with the new limit in place, `conduit-hyper` is not recommended for production use, nor to directly serve the public Internet. 2022-10-31 7.5 CVE-2022-39294
CONFIRM
strongswan — strongswan strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker’s control) that doesn’t properly respond but (for example) just does nothing after the initial TCP handshake, or sends an excessive amount of application data. 2022-10-31 7.5 CVE-2022-40617
CONFIRM
ndk-design — ndkadvancedcustomizationfields A SQL injection vulnerability in the height and width parameter in NdkAdvancedCustomizationFields v3.5.0 allows unauthenticated attackers to exfiltrate database data. 2022-11-01 7.5 CVE-2022-40839
MISC
MISC
MISC
haascnc — haas_controller Communication traffic involving “Ethernet Q Commands” service of Haas Controller version 100.20.000.1110 is transmitted in cleartext. This allows an attacker to obtain sensitive information being passed to and from the controller. 2022-10-28 7.5 CVE-2022-41636
MISC
deltaww — infrasuite_device_master Delta Electronics InfraSuite Device Master versions 00.00.01a and prior lack proper authentication for functions that create and modify user groups. An attacker could provide malicious serialized objects that could run these functions without authentication to create a new user and add them to the administrator group. 2022-10-31 7.5 CVE-2022-41688
MISC
golang — go Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavior to set a value for a different environment variable. For example, the environment variable string “A=B\x00C=D” sets the variables “A=B” and “C=D”. 2022-11-02 7.5 CVE-2022-41716
MISC
MISC
MISC
MISC
deltaww — infrasuite_device_master Delta Electronics InfraSuite Device Master versions 00.00.01a and prior allow unauthenticated users to trigger the WriteConfiguration method, which could allow an attacker to provide new values for user configuration files such as UserListInfo.xml. This could lead to the changing of administrative passwords. 2022-10-31 7.5 CVE-2022-41776
MISC
apache — tomcat If Apache Tomcat 8.5.0 to 8.5.52, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false (the default for 8.5.x only), Tomcat did not reject a request containing an invalid Content-Length header making a request smuggling attack possible if Tomcat was located behind a reverse proxy that also failed to reject the request with the invalid header. 2022-11-01 7.5 CVE-2022-42252
MISC
xen — xen Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service (DoS) of xenstored. There are multiple ways how guests can cause large memory allocations in xenstored: – – by issuing new requests to xenstored without reading the responses, causing the responses to be buffered in memory – – by causing large number of watch events to be generated via setting up multiple xenstore watches and then e.g. deleting many xenstore nodes below the watched path – – by creating as many nodes as allowed with the maximum allowed size and path length in as many transactions as possible – – by accessing many nodes inside a transaction 2022-11-01 7.5 CVE-2022-42311
MISC
CONFIRM
DEBIAN
auieo — candidats CandidATS version 3.0.0 allows an external attacker to read arbitrary files from the server. This is possible because the application is vulnerable to XXE. 2022-11-03 7.5 CVE-2022-42745
MISC
MISC
haxx — curl In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using its HSTS support, curl can be instructed to use HTTPS directly (instead of using an insecure cleartext HTTP step) even when HTTP is provided in the URL. This mechanism could be bypassed if the host name in the given URL uses IDN characters that get replaced with ASCII counterparts as part of the IDN conversion, e.g., using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop of U+002E (.). The earliest affected version is 7.77.0 2021-05-26. 2022-10-29 7.5 CVE-2022-42916
MISC
FEDORA
fast_food_ordering_system_project — fast_food_ordering_system Fast Food Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the component /fastfood/purchase.php. 2022-11-01 7.5 CVE-2022-43081
MISC
open5gs — open5gs open5gs v2.4.11 was discovered to contain a memory leak in the component src/upf/pfcp-path.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PFCP packet. 2022-11-01 7.5 CVE-2022-43221
MISC
open5gs — open5gs open5gs v2.4.11 was discovered to contain a memory leak in the component src/smf/pfcp-path.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PFCP packet. 2022-11-01 7.5 CVE-2022-43222
MISC
open5gs — open5gs open5gs v2.4.11 was discovered to contain a memory leak in the component ngap-handler.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted UE attachment. 2022-11-01 7.5 CVE-2022-43223
MISC
f5 — njs Nginx NJS v0.7.2 to v0.7.4 was discovered to contain a segmentation violation via njs_scope_valid_value at njs_scope.h. 2022-10-28 7.5 CVE-2022-43284
MISC
MISC
f5 — njs Nginx NJS v0.7.4 was discovered to contain a segmentation violation in njs_promise_reaction_job. 2022-10-28 7.5 CVE-2022-43285
MISC
openharmony — openharmony OpenHarmony-v3.1.2 and prior versions had a DOS vulnerability in distributedhardware_device_manager when joining a network. Network attakcers can send an abonormal packet when joining a network, cause a nullptr reference and device reboot. 2022-11-03 7.5 CVE-2022-43495
MISC
ibm — robotic_process_automation “IBM Robotic Process Automation 21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5 is vulnerable to incorrect permission assignment which could allow access to application configurations. IBM X-Force ID: 238679.” 2022-11-03 7.5 CVE-2022-43574
MISC
jetbrains — teamcity In JetBrains TeamCity version before 2022.10, Project Viewer could see scrambled secure values in the MetaRunner settings 2022-11-03 7.5 CVE-2022-44623
MISC
jetbrains — teamcity In JetBrains TeamCity version before 2022.10, Password parameters could be exposed in the build log if they contained special characters 2022-11-03 7.5 CVE-2022-44624
MISC
google — chrome Insufficient policy enforcement in developer tools in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chrome security severity: Medium) 2022-11-01 7.4 CVE-2022-3308
MISC
MISC
sick — sim2000-2p04g10_firmware Password recovery vulnerability in SICK SIM2x00 (ARM) Partnumber 1092673 and 1081902 with firmware version <= 1.2.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. The recommended solution is to update the firmware to a version >1.2.0 as soon as possible. 2022-11-01 7.3 CVE-2022-43989
MISC
sick — sim1012-0p0g200_firmware Password recovery vulnerability in SICK SIM1012 Partnumber 1098146 with firmware version < 2.2.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. The recommended solution is to update the firmware to a version >= 2.2.0 as soon as possible. (available in SICK Support Portal) 2022-11-01 7.3 CVE-2022-43990
MISC
expresstech — quiz_and_survey_master Auth. SQL Injection (SQLi) vulnerability in Quiz And Survey Master plugin <= 7.3.4 on WordPress. 2022-10-28 7.2 CVE-2021-36898
CONFIRM
CONFIRM
wp-ecommerce — easy_wp_smtp The Easy WP SMTP WordPress plugin before 1.5.0 unserialises the content of an imported file, which could lead to PHP object injection issue when an admin import (intentionally or not) a malicious file and a suitable gadget chain is present on the blog. 2022-10-31 7.2 CVE-2022-3334
CONFIRM
publishpress — capabilities The PublishPress Capabilities WordPress plugin before 2.5.2, PublishPress Capabilities Pro WordPress plugin before 2.5.2 unserializes the content of imported files, which could lead to PHP object injection attacks by administrators, on multisite WordPress configurations. Successful exploitation in this case requires other plugins with a suitable gadget chain to be present on the site. 2022-10-31 7.2 CVE-2022-3366
CONFIRM
oceanwp — ocean_extra The Ocean Extra WordPress plugin before 2.0.5 unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import (intentionally or not) a malicious Customizer Styling file and a suitable gadget chain is present on the blog. 2022-10-31 7.2 CVE-2022-3374
CONFIRM
wpbeaverbuilder — customizer_export\/import The Customizer Export/Import WordPress plugin before 0.9.5 unserializes the content of an imported file, which could lead to PHP object injection issues when an admin imports (intentionally or not) a malicious file and a suitable gadget chain is present on the blog. 2022-10-31 7.2 CVE-2022-3380
CONFIRM
garage_management_system_project — garage_management_system Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /garage/editorder.php. 2022-11-02 7.2 CVE-2022-41551
MISC
online_tours_\&_travels_management_system_project — online_tours_\&_travels_management_system Online Tours & Travels Management System v1.0 was discovered to contain an arbitrary file upload vulnerability in the component /operations/travellers.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. 2022-11-03 7.2 CVE-2022-43061
MISC
online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_appointment. 2022-11-03 7.2 CVE-2022-43062
MISC
online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Users.php?f=delete_client. 2022-11-03 7.2 CVE-2022-43063
MISC
online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms/classes/Master.php?f=delete_message. 2022-11-02 7.2 CVE-2022-43066
MISC
online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_reservation. 2022-11-02 7.2 CVE-2022-43068
MISC
vehicle_booking_system_project — vehicle_booking_system An arbitrary file upload vulnerability in admin-add-vehicle.php of Vehicle Booking System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. 2022-11-01 7.2 CVE-2022-43083
MISC
restaurant_pos_system_project — restaurant_pos_system An arbitrary file upload vulnerability in add_product.php of Restaurant POS System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. 2022-11-01 7.2 CVE-2022-43085
MISC
online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=user/manage_user. 2022-11-01 7.2 CVE-2022-43124
MISC
online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /appointments/manage_appointment.php. 2022-11-01 7.2 CVE-2022-43125
MISC
online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/tests/manage_test.php. 2022-11-01 7.2 CVE-2022-43126
MISC
online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /appointments/update_status.php. 2022-11-01 7.2 CVE-2022-43127
MISC
online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms/admin/?page=appointments/view_appointment. 2022-11-02 7.2 CVE-2022-43227
MISC
simple_cold_storage_management_system_project — simple_cold_storage_managment_system Simple Cold Storage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /bookings/update_status.php. 2022-10-28 7.2 CVE-2022-43229
MISC
MISC
canteen_management_system_project — canteen_management_system Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /editorder.php. 2022-11-01 7.2 CVE-2022-43328
MISC
canteen_management_system_project — canteen_management_system Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /print.php. 2022-11-01 7.2 CVE-2022-43329
MISC
canteen_management_system_project — canteen_management_system Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /editorder.php. 2022-11-01 7.2 CVE-2022-43330
MISC
canteen_management_system_project — canteen_management_system Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php_action/printOrder.php. 2022-11-01 7.2 CVE-2022-43331
MISC
sanitization_management_system_project — sanitization_management_system Sanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=orders/view_order. 2022-11-01 7.2 CVE-2022-43353
MISC
sanitization_management_system_project — sanitization_management_system Sanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=orders/manage_request. 2022-11-01 7.2 CVE-2022-43354
MISC
sanitization_management_system_project — sanitization_management_system Sanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php-sms/classes/Master.php?f=delete_service. 2022-11-01 7.2 CVE-2022-43355
MISC
slims — senayan_library_management_system Senayan Library Management System v9.4.2 was discovered to contain a SQL injection vulnerability via the collType parameter at loan_by_class.php. 2022-11-01 7.2 CVE-2022-43362
MISC
apple — iphone_os An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 16, iOS 16, watchOS 9. An app may be able to cause unexpected system termination or write kernel memory. 2022-11-01 7.1 CVE-2022-32925
MISC
MISC
MISC
xen — xen x86: unintended memory sharing between guests On Intel systems that support the “virtualize APIC accesses” feature, a guest can read and write the global shared xAPIC page by moving the local APIC out of xAPIC mode. Access to this shared page bypasses the expected isolation that should exist between two guests. 2022-11-01 7.1 CVE-2022-42327
MISC
CONFIRM
MLIST
webassembly — wabt wasm-interp v1.0.29 was discovered to contain an out-of-bounds read via the component OnReturnCallExpr->GetReturnCallDropKeepCount. 2022-10-28 7.1 CVE-2022-43280
MISC
webassembly — wabt wasm-interp v1.0.29 was discovered to contain an out-of-bounds read via the component OnReturnCallIndirectExpr->GetReturnCallDropKeepCount. 2022-10-28 7.1 CVE-2022-43282
MISC
sudo_project — sudo Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer. The impact could vary depending on the system libraries, compiler, and processor architecture. 2022-11-02 7.1 CVE-2022-43995
MISC
MISC
MISC
MISC
xen — xen Xenstore: Guests can get access to Xenstore nodes of deleted domains Access rights of Xenstore nodes are per domid. When a domain is gone, there might be Xenstore nodes left with access rights containing the domid of the removed domain. This is normally no problem, as those access right entries will be corrected when such a node is written later. There is a small time window when a new domain is created, where the access rights of a past domain with the same domid as the new one will be regarded to be still valid, leading to the new domain being able to get access to a node which was meant to be accessible by the removed domain. For this to happen another domain needs to write the node before the newly created domain is being introduced to Xenstore by dom0. 2022-11-01 7 CVE-2022-42320
MISC
CONFIRM
MLIST
DEBIAN
apple — macos A race condition was addressed with improved state handling. This issue is fixed in macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges. 2022-11-01 7 CVE-2022-42791
MISC
apple — iphone_os A race condition was addressed with improved locking. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1. An app may be able to execute arbitrary code with kernel privileges. 2022-11-01 7 CVE-2022-42803
MISC
MISC
MISC
MISC
MISC
MISC
apple — macos A race condition was addressed with improved locking. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges. 2022-11-01 7 CVE-2022-42806
MISC
MISC
Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apple — iphone_os The issue was addressed with improved bounds checks. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16. An app with root privileges may be able to execute arbitrary code with kernel privileges. 2022-11-01 6.7 CVE-2022-32926
MISC
MISC
MISC
MISC
MISC
fortinet — fortitester A hidden functionality vulnerability [CWE-1242] in FortiTester CLI 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow a local, privileged user to obtain a root shell on the device via an undocumented command. 2022-11-02 6.7 CVE-2022-38372
CONFIRM
apple — macos A use after free issue was addressed with improved memory management. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app with root privileges may be able to execute arbitrary code with kernel privileges. 2022-11-01 6.7 CVE-2022-42829
MISC
MISC
apple — macos The issue was addressed with improved memory handling. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app with root privileges may be able to execute arbitrary code with kernel privileges. 2022-11-01 6.7 CVE-2022-42830
MISC
MISC
diplib — diplib diplib v3.0.0 is vulnerable to Double Free. 2022-11-04 6.5 CVE-2021-39432
MISC
MISC
hitachi — vantara_pentaho Pentaho Business Analytics Server versions before 9.2.0.2 and 8.3.0.25 using the Pentaho Analyzer plugin exposes a service endpoint for templates which allows a user-supplied path to access resources that are out of bounds. The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. By using special elements such as “..” and “/” separators, attackers can escape outside of the restricted location to access files or directories that are elsewhere on the system. 2022-11-02 6.5 CVE-2021-45448
MISC
ibm — infosphere_information_server “IBM InfoSphere Information Server 11.7 could allow an authenticated user to access information restricted to users with elevated privileges due to improper access controls. IBM X-Force ID: 224427.” 2022-11-03 6.5 CVE-2022-22442
MISC
apple — iphone_os An input validation issue was addressed with improved input validation. This issue is fixed in iOS 16.0.3. Processing a maliciously crafted email message may lead to a denial-of-service. 2022-11-01 6.5 CVE-2022-22658
MISC
apache — dolphinscheduler Users can read any files by log server, Apache DolphinScheduler users should upgrade to version 2.0.6 or higher. 2022-10-28 6.5 CVE-2022-26884
MISC
MLIST
oracle — restaurant_menu_-_food_ordering_system_-_table_reservation The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to authorization bypass via several AJAX actions in versions up to, and including 2.3.0 due to missing capability checks and missing nonce validation. This makes it possible for authenticated attackers with minimal permissions to perform a wide variety of actions such as modifying the plugin’s settings and modifying the ordering system preferences. 2022-11-03 6.5 CVE-2022-2696
MISC
MISC
MISC
hosteng — h0-ecom100_firmware Using custom code, an attacker can write into name or description fields larger than the appropriate buffer size causing a stack-based buffer overflow on Host Engineering H0-ECOM100 Communications Module Firmware versions v5.0.155 and prior. This may allow an attacker to crash the affected device or cause it to become unresponsive. 2022-10-28 6.5 CVE-2022-3228
MISC
apple — iphone_os A correctness issue in the JIT was addressed with improved checks. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing maliciously crafted web content may disclose internal states of the app. 2022-11-01 6.5 CVE-2022-32923
MISC
MISC
MISC
MISC
MISC
MISC
MLIST
google — chrome Use after free in assistant in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via specific UI gestures. (Chrome security severity: Medium) 2022-11-01 6.5 CVE-2022-3309
MISC
MISC
google — chrome Insufficient policy enforcement in custom tabs in Google Chrome on Android prior to 106.0.5249.62 allowed an attacker who convinced the user to install an application to bypass same origin policy via a crafted application. (Chrome security severity: Medium) 2022-11-01 6.5 CVE-2022-3310
MISC
MISC
google — chrome Use after free in import in Google Chrome prior to 106.0.5249.62 allowed a remote attacker who had compromised a WebUI process to potentially perform a sandbox escape via a crafted HTML page. (Chrome security severity: Medium) 2022-11-01 6.5 CVE-2022-3311
MISC
MISC
google — chrome Incorrect security UI in full screen in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chrome security severity: Medium) 2022-11-01 6.5 CVE-2022-3313
MISC
MISC
google — chrome Use after free in logging in Google Chrome prior to 106.0.5249.62 allowed a remote attacker who had compromised a WebUI process to potentially perform a sandbox escape via a crafted HTML page. (Chrome security severity: Medium) 2022-11-01 6.5 CVE-2022-3314
MISC
MISC
google — chrome Use after free in ChromeOS Notifications in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a remote attacker who convinced a user to reboot Chrome OS to potentially exploit heap corruption via UI interaction. (Chrome security severity: Low) 2022-11-01 6.5 CVE-2022-3318
MISC
MISC
addify — automatic_user_roles_switcher The Automatic User Roles Switcher WordPress plugin before 1.1.2 does not have authorisation and proper CSRF checks, allowing any authenticated users like subscriber to add any role to themselves, such as administrator 2022-10-31 6.5 CVE-2022-3419
CONFIRM
ibm — cognos_analytics “IBM Cognos Analytics 11.2.1, 11.2.0, 11.1.7 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 229963.” 2022-11-03 6.5 CVE-2022-34339
MISC
apache — dolphinscheduler When users add resources to the resource center with a relation path will cause path traversal issues and only for logged-in users. You could upgrade to version 3.0.0 or higher 2022-11-01 6.5 CVE-2022-34662
MISC
tenable — nessus An authenticated attacker could utilize the identical agent and cluster node linking keys to potentially allow for a scenario where unauthorized disclosure of agent logs and data is present. 2022-10-31 6.5 CVE-2022-3499
MISC
google — chrome Insufficient data validation in Extensions in Google Chrome prior to 107.0.5304.62 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted Chrome Extension. (Chrome security severity: Low) 2022-11-01 6.5 CVE-2022-3661
MISC
MISC
opennebula — opennebula Files or Directories Accessible to External Parties vulnerability in OpenNebula on Linux allows File Discovery. 2022-10-28 6.5 CVE-2022-37424
MISC
exiv2 — exiv2 A vulnerability was found in Exiv2 and classified as problematic. This issue affects the function QuickTimeVideo::userDataDecoder of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to null pointer dereference. The attack may be initiated remotely. The name of the patch is 6bb956ad808590ce2321b9ddf6772974da27c4ca. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-212495. 2022-10-29 6.5 CVE-2022-3755
MISC
MISC
MISC
devolutions — remote_desktop_manager Dashlane password and Keepass Server password in My Account Settings are not encrypted in the database in Devolutions Remote Desktop Manager 2022.2.26 and prior versions and Devolutions Server 2022.3.1 and prior versions which allows database users to read the data. This issue affects : Remote Desktop Manager 2022.2.26 and prior versions. Devolutions Server 2022.3.1 and prior versions. 2022-11-01 6.5 CVE-2022-3781
MISC
axiosys — bento4 A vulnerability was found in Axiomatic Bento4. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Incomplete Fix CVE-2019-13238. The manipulation leads to resource consumption. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212660. 2022-11-01 6.5 CVE-2022-3807
N/A
N/A
N/A
axiosys — bento4 A vulnerability was found in Axiomatic Bento4 and classified as problematic. Affected by this issue is the function ParseCommandLine of the file Mp4Tag/Mp4Tag.cpp of the component mp4tag. The manipulation leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-212666 is the identifier assigned to this vulnerability. 2022-11-02 6.5 CVE-2022-3809
MISC
MISC
MISC
axiosys — bento4 A vulnerability was found in Axiomatic Bento4. It has been classified as problematic. This affects the function AP4_File::AP4_File of the file Mp42Hevc.cpp of the component mp42hevc. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212667. 2022-11-02 6.5 CVE-2022-3810
MISC
MISC
MISC
axiosys — bento4 A vulnerability was found in Axiomatic Bento4. It has been rated as problematic. Affected by this issue is the function AP4_ContainerAtom::AP4_ContainerAtom of the component mp4encrypt. The manipulation leads to memory leak. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-212678 is the identifier assigned to this vulnerability. 2022-11-01 6.5 CVE-2022-3812
N/A
N/A
N/A
axiosys — bento4 A vulnerability classified as problematic has been found in Axiomatic Bento4. This affects an unknown part of the component mp4edit. The manipulation leads to memory leak. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212679. 2022-11-01 6.5 CVE-2022-3813
N/A
N/A
N/A
axiosys — bento4 A vulnerability classified as problematic was found in Axiomatic Bento4. This vulnerability affects unknown code of the component mp4decrypt. The manipulation leads to memory leak. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212680. 2022-11-01 6.5 CVE-2022-3814
N/A
N/A
N/A
axiosys — bento4 A vulnerability, which was classified as problematic, has been found in Axiomatic Bento4. This issue affects some unknown processing of the component mp4decrypt. The manipulation leads to memory leak. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-212681 was assigned to this vulnerability. 2022-11-01 6.5 CVE-2022-3815
N/A
N/A
N/A
axiosys — bento4 A vulnerability, which was classified as problematic, was found in Axiomatic Bento4. Affected is an unknown function of the component mp4decrypt. The manipulation leads to memory leak. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-212682 is the identifier assigned to this vulnerability. 2022-11-01 6.5 CVE-2022-3816
N/A
N/A
N/A
axiosys — bento4 A vulnerability has been found in Axiomatic Bento4 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component mp4mux. The manipulation leads to memory leak. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212683. 2022-11-01 6.5 CVE-2022-3817
N/A
N/A
N/A
huaxiaerp — huaxia_erp A vulnerability was found in Huaxia ERP 2.3 and classified as critical. Affected by this issue is some unknown functionality of the component User Management. The manipulation of the argument login leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212792. 2022-11-02 6.5 CVE-2022-3825
MISC
MISC
huaxiaerp — huaxia_erp A vulnerability was found in Huaxia ERP. It has been classified as problematic. This affects an unknown part of the file /depotHead/list of the component Retail Management. The manipulation of the argument search leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-212793 was assigned to this vulnerability. 2022-11-02 6.5 CVE-2022-3826
MISC
MISC
vr_calendar_project — vr_calendar The VR Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.3. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to delete, and modify calendars as well as the plugin settings, via forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2022-11-03 6.5 CVE-2022-3852
MISC
MISC
MISC
edetw — u-office_force U-Office Force Download function has a path traversal vulnerability. A remote attacker with general user privilege can exploit this vulnerability to download arbitrary system file. 2022-10-31 6.5 CVE-2022-39022
MISC
edetw — u-office_force U-Office Force Download function has a path traversal vulnerability. A remote attacker with general user privilege can exploit this vulnerability to download arbitrary system file. 2022-10-31 6.5 CVE-2022-39023
MISC
qtiworks_project — qtiworks QTIWorks is a software suite for standards-based assessment delivery. Prior to version 1.0-beta15, the QTIWorks Engine allows users to upload QTI content packages as ZIP files. The ZIP handling code does not sufficiently check the paths of files contained within ZIP files, so can insert files into other locations in the filesystem if they are writable by the process running the QTIWorks Engine. In extreme cases, this could allow anonymous users to change files in arbitrary locations in the filesystem. In normal QTIWorks Engine deployments, the impact is somewhat reduced because the default QTIWorks configuration does not enable the public demo functionality, so ZIP files can only be uploaded by users with “instructor” privileges. This vulnerability is fixed in version 1.0-beta15. There are no database configuration changes required when upgrading to this version. No known workarounds for this issue exist. 2022-10-28 6.5 CVE-2022-39367
MISC
MISC
CONFIRM
glpi-project — glpi GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Users may be able to inject custom fields values in `mailto` links. This issue has been patched, please upgrade to version 10.0.4. There are currently no known workarounds. 2022-11-03 6.5 CVE-2022-39376
CONFIRM
fortinet — fortimail An improper access control vulnerability [CWE-284] in FortiMail 7.2.0, 7.0.0 through 7.0.3, 6.4 all versions, 6.2 all versions, 6.0 all versions may allow an authenticated admin user assigned to a specific domain to access and modify other domains information via insecure direct object references (IDOR). 2022-11-02 6.5 CVE-2022-39945
CONFIRM
ibm — mq_appliance “IBM MQ Appliance 9.2 CD, 9.2 LTS, 9.3 CD, and LTS 9.3 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 235532.” 2022-11-03 6.5 CVE-2022-40230
MISC
ibm — infosphere_information_server “IBM InfoSphere Information Server 11.7 could allow a user to cause a denial of service by removing the ability to run jobs due to improper input validation. IBM X-Force ID: 235725.” 2022-11-03 6.5 CVE-2022-40235
MISC
processwire — processwire ProcessWire v3.0.200 was discovered to contain a Cross-Site Request Forgery (CSRF). 2022-10-31 6.5 CVE-2022-40488
MISC
MISC
softnext — mail_sqr_expert Mail SQR Expert system has a Local File Inclusion vulnerability. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP file with .asp file extension under specific system paths, to access and modify partial system information but does not affect service availability. 2022-10-31 6.5 CVE-2022-40742
MISC
formalms — formalms Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker (with the role of student) to perform a SQL injection on the ‘search[value] parameter in the appLms/ajax.server.php?r=mycertificate/getMyCertificates’ function in order to dump the entire database. 2022-10-31 6.5 CVE-2022-41680
CONFIRM
xen — xen Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service (DoS) of xenstored. There are multiple ways how guests can cause large memory allocations in xenstored: – – by issuing new requests to xenstored without reading the responses, causing the responses to be buffered in memory – – by causing large number of watch events to be generated via setting up multiple xenstore watches and then e.g. deleting many xenstore nodes below the watched path – – by creating as many nodes as allowed with the maximum allowed size and path length in as many transactions as possible – – by accessing many nodes inside a transaction 2022-11-01 6.5 CVE-2022-42312
MISC
CONFIRM
DEBIAN
xen — xen Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service (DoS) of xenstored. There are multiple ways how guests can cause large memory allocations in xenstored: – – by issuing new requests to xenstored without reading the responses, causing the responses to be buffered in memory – – by causing large number of watch events to be generated via setting up multiple xenstore watches and then e.g. deleting many xenstore nodes below the watched path – – by creating as many nodes as allowed with the maximum allowed size and path length in as many transactions as possible – – by accessing many nodes inside a transaction 2022-11-01 6.5 CVE-2022-42313
MISC
CONFIRM
DEBIAN
xen — xen Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service (DoS) of xenstored. There are multiple ways how guests can cause large memory allocations in xenstored: – – by issuing new requests to xenstored without reading the responses, causing the responses to be buffered in memory – – by causing large number of watch events to be generated via setting up multiple xenstore watches and then e.g. deleting many xenstore nodes below the watched path – – by creating as many nodes as allowed with the maximum allowed size and path length in as many transactions as possible – – by accessing many nodes inside a transaction 2022-11-01 6.5 CVE-2022-42314
MISC
CONFIRM
DEBIAN
xen — xen Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service (DoS) of xenstored. There are multiple ways how guests can cause large memory allocations in xenstored: – – by issuing new requests to xenstored without reading the responses, causing the responses to be buffered in memory – – by causing large number of watch events to be generated via setting up multiple xenstore watches and then e.g. deleting many xenstore nodes below the watched path – – by creating as many nodes as allowed with the maximum allowed size and path length in as many transactions as possible – – by accessing many nodes inside a transaction 2022-11-01 6.5 CVE-2022-42315
MISC
CONFIRM
DEBIAN
xen — xen Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service (DoS) of xenstored. There are multiple ways how guests can cause large memory allocations in xenstored: – – by issuing new requests to xenstored without reading the responses, causing the responses to be buffered in memory – – by causing large number of watch events to be generated via setting up multiple xenstore watches and then e.g. deleting many xenstore nodes below the watched path – – by creating as many nodes as allowed with the maximum allowed size and path length in as many transactions as possible – – by accessing many nodes inside a transaction 2022-11-01 6.5 CVE-2022-42316
MISC
CONFIRM
DEBIAN
xen — xen Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service (DoS) of xenstored. There are multiple ways how guests can cause large memory allocations in xenstored: – – by issuing new requests to xenstored without reading the responses, causing the responses to be buffered in memory – – by causing large number of watch events to be generated via setting up multiple xenstore watches and then e.g. deleting many xenstore nodes below the watched path – – by creating as many nodes as allowed with the maximum allowed size and path length in as many transactions as possible – – by accessing many nodes inside a transaction 2022-11-01 6.5 CVE-2022-42317
MISC
CONFIRM
DEBIAN
xen — xen Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service (DoS) of xenstored. There are multiple ways how guests can cause large memory allocations in xenstored: – – by issuing new requests to xenstored without reading the responses, causing the responses to be buffered in memory – – by causing large number of watch events to be generated via setting up multiple xenstore watches and then e.g. deleting many xenstore nodes below the watched path – – by creating as many nodes as allowed with the maximum allowed size and path length in as many transactions as possible – – by accessing many nodes inside a transaction 2022-11-01 6.5 CVE-2022-42318
MISC
CONFIRM
DEBIAN
xen — xen Xenstore: Guests can cause Xenstore to not free temporary memory When working on a request of a guest, xenstored might need to allocate quite large amounts of memory temporarily. This memory is freed only after the request has been finished completely. A request is regarded to be finished only after the guest has read the response message of the request from the ring page. Thus a guest not reading the response can cause xenstored to not free the temporary memory. This can result in memory shortages causing Denial of Service (DoS) of xenstored. 2022-11-01 6.5 CVE-2022-42319
MISC
CONFIRM
MLIST
DEBIAN
xen — xen Xenstore: Guests can crash xenstored via exhausting the stack Xenstored is using recursion for some Xenstore operations (e.g. for deleting a sub-tree of Xenstore nodes). With sufficiently deep nesting levels this can result in stack exhaustion on xenstored, leading to a crash of xenstored. 2022-11-01 6.5 CVE-2022-42321
MISC
CONFIRM
MLIST
DEBIAN
apple — iphone_os A logic issue was addressed with improved state management. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16, watchOS 9.1. Visiting a maliciously crafted website may leak sensitive data. 2022-11-01 6.5 CVE-2022-42817
MISC
MISC
MISC
formalms — formalms Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker (with the role of student) to perform a SQL injection on the ‘dyn_filter’ parameter in the ‘appLms/ajax.adm_server.php?r=widget/userselector/getusertabledata’ function in order to dump the entire database. 2022-10-31 6.5 CVE-2022-42924
CONFIRM
struktur — libde265 Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_hevc_epel_pixels_8_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. 2022-11-02 6.5 CVE-2022-43235
MISC
struktur — libde265 Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vulnerability via put_qpel_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. 2022-11-02 6.5 CVE-2022-43236
MISC
struktur — libde265 Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vulnerability via void put_epel_hv_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. 2022-11-02 6.5 CVE-2022-43237
MISC
struktur — libde265 Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_qpel_h_3_v_3_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. 2022-11-02 6.5 CVE-2022-43238
MISC
struktur — libde265 Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via mc_chroma<unsigned short> in motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. 2022-11-02 6.5 CVE-2022-43239
MISC
struktur — libde265 Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_hevc_qpel_h_2_v_1_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. 2022-11-02 6.5 CVE-2022-43240
MISC
struktur — libde265 Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_qpel_v_3_8_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. 2022-11-02 6.5 CVE-2022-43241
MISC
struktur — libde265 Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via mc_luma<unsigned char> in motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. 2022-11-02 6.5 CVE-2022-43242
MISC
struktur — libde265 Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_weighted_pred_avg_8_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. 2022-11-02 6.5 CVE-2022-43243
MISC
struktur — libde265 Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_qpel_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. 2022-11-02 6.5 CVE-2022-43244
MISC
struktur — libde265 Libde265 v1.0.8 was discovered to contain a segmentation violation via apply_sao_internal<unsigned short> in sao.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. 2022-11-02 6.5 CVE-2022-43245
MISC
struktur — libde265 Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_weighted_pred_avg_16_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. 2022-11-02 6.5 CVE-2022-43248
MISC
struktur — libde265 Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_epel_hv_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. 2022-11-02 6.5 CVE-2022-43249
MISC
struktur — libde265 Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_qpel_0_0_fallback_16 in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. 2022-11-02 6.5 CVE-2022-43250
MISC
struktur — libde265 Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_epel_16_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. 2022-11-02 6.5 CVE-2022-43252
MISC
struktur — libde265 Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_unweighted_pred_16_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. 2022-11-02 6.5 CVE-2022-43253
MISC
openharmony — openharmony OpenHarmony-v3.1.2 and prior versions had an Multiple path traversal vulnerability in appspawn and nwebspawn services. Local attackers can create arbitrary directories or escape application sandbox.If chained with other vulnerabilities it would allow an unprivileged process to gain full root privileges. 2022-11-03 6.5 CVE-2022-43451
MISC
apple — macos A race condition was addressed with improved locking. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app with root privileges may be able to execute arbitrary code with kernel privileges. 2022-11-01 6.4 CVE-2022-42831
MISC
MISC
apple — macos A race condition was addressed with improved locking. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app with root privileges may be able to execute arbitrary code with kernel privileges. 2022-11-01 6.4 CVE-2022-42832
MISC
MISC
linux — linux_kernel An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/cm4000_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between cmm_open() and cm4000_detach(). 2022-10-30 6.4 CVE-2022-44032
MISC
MISC
linux — linux_kernel An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/cm4040_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between cm4040_open() and reader_detach(). 2022-10-30 6.4 CVE-2022-44033
MISC
MISC
linux — linux_kernel An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/scr24x_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between scr24x_open() and scr24x_remove(). 2022-10-30 6.4 CVE-2022-44034
MISC
MISC
tribalsystems — zenario A vulnerability, which was classified as problematic, has been found in Tribal Systems Zenario CMS. Affected by this issue is some unknown functionality of the file admin_organizer.js of the component Error Log Module. The manipulation leads to cross site scripting. The attack may be launched remotely. The name of the patch is dfd0afacb26c3682a847bea7b49ea440b63f3baa. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-212816. 2022-11-02 6.1 CVE-2020-36608
N/A
N/A
johnsoncontrols — cevas All versions of CEVAS prior to 1.01.46 do not sufficiently validate user-controllable input and could allow a user to bypass authentication and retrieve data with specially crafted SQL queries. 2022-10-28 6.1 CVE-2021-36206
CERT
CONFIRM
tagdiv — newspaper The Newspaper WordPress theme before 12 does not sanitise a parameter before outputting it back in an HTML attribute via an AJAX action, leading to a Reflected Cross-Site Scripting 2022-10-31 6.1 CVE-2022-2167
CONFIRM
enviragallery — envira_gallery The Gallery Plugin for WordPress plugin before 1.8.4.7 does not escape the $_SERVER[‘REQUEST_URI’] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers 2022-10-31 6.1 CVE-2022-2190
CONFIRM
tagdiv — newspaper The Newspaper WordPress theme before 12 does not sanitise a parameter before outputting it back in an HTML attribute via an AJAX action, leading to a Reflected Cross-Site Scripting. 2022-10-31 6.1 CVE-2022-2627
CONFIRM
facetwp — log_http_requests The Log HTTP Requests plugin for WordPress is vulnerable to Stored Cross-Site Scripting via logged HTTP requests in versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers who can trick a site’s administrator into performing an action like clicking on a link, or an authenticated user with access to a page that sends a request using user-supplied data via the server, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2022-10-28 6.1 CVE-2022-3402
MISC
MISC
MISC
rockcontent — rock_convert The Rock Convert WordPress plugin before 2.11.0 does not sanitise and escape an URL before outputting it back in an attribute when a specific widget is present on a page, leading to a Reflected Cross-Site Scripting 2022-10-31 6.1 CVE-2022-3440
CONFIRM
phpmyfaq — phpmyfaq Cross-site Scripting (XSS) – Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.8. 2022-10-31 6.1 CVE-2022-3766
CONFIRM
MISC
nodered — node-red-dashboard A vulnerability, which was classified as problematic, has been found in node-red-dashboard. This issue affects some unknown processing of the file components/ui-component/ui-component-ctrl.js of the component ui_text Format Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 9305d1a82f19b235dfad24a7d1dd4ed244db7743. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-212555. 2022-10-31 6.1 CVE-2022-3783
N/A
N/A
N/A
eolink — apinto-dashboard A vulnerability was found in eolinker apinto-dashboard. It has been rated as problematic. This issue affects some unknown processing of the file /login. The manipulation of the argument callback leads to open redirect. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-212633 was assigned to this vulnerability. 2022-11-01 6.1 CVE-2022-3797
N/A
N/A
eolink — apinto-dashboard A vulnerability was found in eolinker apinto-dashboard and classified as problematic. This issue affects some unknown processing of the file /api/discoveries/. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212639. 2022-11-01 6.1 CVE-2022-3803
N/A
N/A
N/A
eolink — apinto-dashboard A vulnerability was found in eolinker apinto-dashboard. It has been classified as problematic. Affected is an unknown function of the file /login. The manipulation of the argument callback leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212640. 2022-11-01 6.1 CVE-2022-3804
N/A
N/A
N/A
fortinet — fortiadc A improper neutralization of input during web page generation (‘cross-site scripting’) in Fortinet FortiADC 7.0.0 – 7.0.2 and 6.2.0 – 6.2.4 allows an attacker to execute unauthorized code or commands via the URL and User fields observed in the traffic and event logviews. 2022-11-02 6.1 CVE-2022-38374
CONFIRM
webmin — webmin A vulnerability, which was classified as problematic, was found in Webmin. Affected is an unknown function of the file xterm/index.cgi. The manipulation leads to basic cross site scripting. It is possible to launch the attack remotely. The name of the patch is d3d33af3c0c3fd3a889c84e287a038b7a457d811. It is recommended to apply a patch to fix this issue. VDB-212862 is the identifier assigned to this vulnerability. 2022-11-02 6.1 CVE-2022-3844
N/A
N/A
phpipam — phpipam A vulnerability has been found in phpipam and classified as problematic. Affected by this vulnerability is an unknown functionality of the file app/admin/import-export/import-load-data.php of the component Import Preview Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.5.0 is able to address this issue. The name of the patch is 22c797c3583001211fe7d31bccd3f1d4aeeb3bbc. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-212863. 2022-11-02 6.1 CVE-2022-3845
N/A
N/A
N/A
schoolbox — schoolbox Multiple instances of XSS (stored and reflected) was found in the application. For example, features such as student assessment submission, file upload, news, ePortfolio and calendar event creation were found to be vulnerable to cross-site scripting. 2022-10-31 6.1 CVE-2022-39020
MISC
edetw — u-office_force U-Office Force login function has an Open Redirect vulnerability. An unauthenticated remote attacker can exploit this vulnerability to redirect user to arbitrary website. 2022-10-31 6.1 CVE-2022-39021
MISC
edetw — u-office_force U-Office Force Bulletin function has insufficient filtering for special characters. An unauthenticated remote attacker can exploit this vulnerability to inject JavaScript and perform XSS (Reflected Cross-Site Scripting) attack. 2022-10-31 6.1 CVE-2022-39024
MISC
edetw — u-office_force U-Office Force PrintMessage function has insufficient filtering for special characters. An unauthenticated remote attacker can exploit this vulnerability to inject JavaScript and perform XSS (Reflected Cross-Site Scripting) attack. 2022-10-31 6.1 CVE-2022-39025
MISC
phppointofsale — php_point_of_sale The application was vulnerable to an unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability in the barcode generation functionality, allowing attackers to generate an unsafe link that could compromise users. 2022-10-31 6.1 CVE-2022-40290
MISC
processwire — processwire ProcessWire v3.0.200 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the Search Users and Search Pages function. These vulnerabilities allow attackers to execute arbitrary web scripts or HTML via injection of a crafted payload. 2022-10-31 6.1 CVE-2022-40487
MISC
MISC
ndk-design — ndkadvancedcustomizationfields ndk design NdkAdvancedCustomizationFields 3.5.0 is vulnerable to Cross Site Scripting (XSS) via createPdf.php. 2022-11-02 6.1 CVE-2022-40840
MISC
MISC
formalms — formalms Forma LMS version 3.1.0 and earlier are affected by an Cross-Site scripting vulnerability, that could allow a remote attacker to inject javascript code on the “back_url” parameter in appLms/index.php?modname=faq&op=play function. The exploitation of this vulnerability could allow an attacker to steal the user´s cookies in order to log in to the application. 2022-10-31 6.1 CVE-2022-41679
CONFIRM
auieo — candidats CandidATS version 3.0.0 on ‘indexFile’ of the ‘ajax.php’ resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks. 2022-11-03 6.1 CVE-2022-42746
MISC
MISC
auieo — candidats CandidATS version 3.0.0 on ‘sortBy’ of the ‘ajax.php’ resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks. 2022-11-03 6.1 CVE-2022-42747
MISC
MISC
auieo — candidats CandidATS version 3.0.0 on ‘sortDirection’ of the ‘ajax.php’ resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks. 2022-11-03 6.1 CVE-2022-42748
MISC
MISC
auieo — candidats CandidATS version 3.0.0 on ‘page’ of the ‘ajax.php’ resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks. 2022-11-03 6.1 CVE-2022-42749
MISC
MISC
salonerp_project — salonerp SalonERP version 3.0.2 allows an external attacker to steal the cookie of arbitrary users. This is possible because the application does not correctly validate the page parameter against XSS attacks. 2022-11-03 6.1 CVE-2022-42753
MISC
MISC
apple — macos The issue was addressed with improved UI handling. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Visiting a malicious website may lead to user interface spoofing. 2022-11-01 6.1 CVE-2022-42799
MISC
MISC
MISC
MISC
MISC
MLIST
train_scheduler_app_project — train_scheduler_app A cross-site scripting (XSS) vulnerability in /admin/add-fee.php of Train Scheduler App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cmddept parameter. 2022-11-01 6.1 CVE-2022-43079
MISC
fast_food_ordering_system_project — fast_food_ordering_system A cross-site scripting (XSS) vulnerability in /fastfood/purchase.php of Fast Food Ordering System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the customer parameter. 2022-11-01 6.1 CVE-2022-43082
MISC
apache — airflow In Apache Airflow versions prior to 2.4.2, the “Trigger DAG with config” screen was susceptible to XSS attacks via the `origin` query argument. 2022-11-02 6.1 CVE-2022-43982
CONFIRM
BUGTRAQ
apache — airflow In Apache Airflow versions prior to 2.4.2, there was an open redirect in the webserver’s `/confirm` endpoint. 2022-11-02 6.1 CVE-2022-43985
CONFIRM
BUGTRAQ
alpine_project — alpine Alpine before 2.25 allows remote attackers to cause a denial of service (application crash) when LIST or LSUB is sent before STARTTLS. 2022-11-03 5.9 CVE-2021-46853
MISC
MISC
ibm — websphere_application_server “IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Web services could allow a man-in-the-middle attacker to conduct SOAPAction spoofing to execute unwanted or unauthorized operations. IBM X-Force ID: 234762.” 2022-11-03 5.9 CVE-2022-38712
MISC
apple — macos This issue was addressed with improved data protection. This issue is fixed in macOS Ventura 13. A user in a privileged network position may be able to track user activity. 2022-11-01 5.9 CVE-2022-42818
MISC
github — enterprise_server An improper cache key vulnerability was identified in GitHub Enterprise Server that allowed an unauthorized actor to access private repository files through a public repository. To exploit this, an actor would need to already be authorized on the GitHub Enterprise Server instance, be able to create a public repository, and have a site administrator visit a specially crafted URL. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.6 and was fixed in versions 3.2.20, 3.3.15, 3.4.10, 3.5.7, 3.6.3. This vulnerability was reported via the GitHub Bug Bounty program. 2022-11-01 5.7 CVE-2022-23738
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
hitachi — ops_center_analyzer Insertion of Sensitive Information into Log File vulnerability in Hitachi Ops Center Analyzer on Linux (Virtual Strage Software Agent component) allows local users to gain sensitive information. 2022-11-01 5.5 CVE-2022-3191
MISC
apple — iphone_os A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 16, macOS Ventura 13. An app may be able to cause a denial-of-service. 2022-11-01 5.5 CVE-2022-32827
MISC
MISC
apple — iphone_os The issue was addressed with improved memory handling. This issue is fixed in iOS 16, macOS Ventura 13, watchOS 9. An app may be able to leak sensitive kernel state. 2022-11-01 5.5 CVE-2022-32858
MISC
MISC
MISC
apple — macos This issue was addressed with improved data protection. This issue is fixed in macOS Big Sur 11.7.1, macOS Ventura 13, macOS Monterey 12.6.1. An app with root privileges may be able to access private information. 2022-11-01 5.5 CVE-2022-32862
MISC
MISC
MISC
apple — macos A configuration issue was addressed with additional restrictions. This issue is fixed in macOS Big Sur 11.7, macOS Monterey 12.6. An app may be able to access user-sensitive data. 2022-11-01 5.5 CVE-2022-32877
MISC
MISC
apple — macos A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, watchOS 9, macOS Monterey 12.6, tvOS 16. An app may be able to modify protected parts of the file system. 2022-11-01 5.5 CVE-2022-32881
MISC
MISC
MISC
MISC
MISC
MISC
apple — macos An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, macOS Monterey 12.6. An app may be able to access user-sensitive data. 2022-11-01 5.5 CVE-2022-32904
MISC
MISC
MISC
apple — iphone_os The issue was addressed with improved handling of caches. This issue is fixed in iOS 16. An app may be able to access user-sensitive data. 2022-11-01 5.5 CVE-2022-32909
MISC
apple — iphone_os This issue was addressed with improved data protection. This issue is fixed in iOS 16, macOS Ventura 13. An app may be able to bypass Privacy preferences. 2022-11-01 5.5 CVE-2022-32918
MISC
MISC
apple — iphone_os A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 15.7 and iPadOS 15.7, iOS 16.1 and iPadOS 16. An app may be able to access iOS backups. 2022-11-01 5.5 CVE-2022-32929
MISC
MISC
MISC
apple — macos An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13. An app may be able to disclose kernel memory. 2022-11-01 5.5 CVE-2022-32936
MISC
apple — iphone_os This issue was addressed with improved entitlements. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to record audio using a pair of connected AirPods. 2022-11-01 5.5 CVE-2022-32946
MISC
bitdefender — engines An Improper Access Control vulnerability in the bdservicehost.exe component, as used in Bitdefender Engines for Windows, allows an attacker to delete privileged registry keys by pointing a Registry symlink to a privileged key. This issue affects: Bitdefender Engines versions prior to 7.92659. It also affects Bitdefender Antivirus Free, Bitdefender Antivirus Plus, Bitdefender Internet Security, Bitdefender Total Security, as well as Bitdefender Endpoint Security Tools for Windows with engine versions prior to 7.92659. 2022-11-01 5.5 CVE-2022-3369
MISC
fortinet — forticlient An exposure of sensitive information to an unauthorized actor vulnerabiltiy [CWE-200] in FortiClient for Mac versions 7.0.0 through 7.0.5 may allow a local authenticated attacker to obtain the SSL-VPN password in cleartext via running a logstream for the FortiTray process in the terminal. 2022-11-02 5.5 CVE-2022-33878
CONFIRM
redhat — fedora_coreos Fedora CoreOS supports setting a GRUB bootloader password using a Butane config. When this feature is enabled, GRUB requires a password to access the GRUB command-line, modify kernel command-line arguments, or boot non-default OSTree deployments. Recent Fedora CoreOS releases have a misconfiguration which allows booting non-default OSTree deployments without entering a password. This allows someone with access to the GRUB menu to boot into an older version of Fedora CoreOS, reverting any security fixes that have recently been applied to the machine. A password is still required to modify kernel command-line arguments and to access the GRUB command line. 2022-11-03 5.5 CVE-2022-3675
MISC
MISC
MISC
pdfhummus — hummusjs Muhammara is a node module with c/cpp bindings to modify PDF with js for node or electron (based/replacement on/of galkhana/hummusjs). The package muhammara before 2.6.0; all versions of package hummus are vulnerable to Denial of Service (DoS) when supplied with a maliciously crafted PDF file to be appended to another. This issue has been patched in 2.6.0 for muhammara and not at all for hummus. As a workaround, do not process files from untrusted sources. 2022-11-02 5.5 CVE-2022-39381
CONFIRM
MISC
MISC
MISC
fortinet — fortiedr An improper control of a resource through its lifetime vulnerability [CWE-664] in FortiEDR CollectorWindows 4.0.0 through 4.1, 5.0.0 through 5.0.3.751, 5.1.0 may allow a privileged user to terminate the FortiEDR processes with special tools and bypass the EDR protection. 2022-11-02 5.5 CVE-2022-39949
CONFIRM
zettlr — zettlr Zettlr version 2.3.0 allows an external attacker to remotely obtain arbitrary local files on any client that attempts to view a malicious markdown file through Zettlr. This is possible because the application does not have a CSP policy (or at least not strict enough) and/or does not properly validate the contents of markdown files before rendering them. 2022-11-03 5.5 CVE-2022-40276
MISC
MISC
hitachi — infrastructure_analytics_advisor Insertion of Sensitive Information into Temporary File vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Analytics probe component), Hitachi Ops Center Analyzer on Linux (Hitachi Ops Center Analyzer probe component) allows local users to gain sensitive information. 2022-11-01 5.5 CVE-2022-41553
MISC
markdownify_project — markdownify Markdownify version 1.4.1 allows an external attacker to remotely obtain arbitrary local files on any client that attempts to view a malicious markdown file through Markdownify. This is possible because the application does not have a CSP policy (or at least not strict enough) and/or does not properly validate the contents of markdown files before rendering them. 2022-11-03 5.5 CVE-2022-41710
MISC
MISC
xen — xen Xenstore: Guests can create orphaned Xenstore nodes By creating multiple nodes inside a transaction resulting in an error, a malicious guest can create orphaned nodes in the Xenstore data base, as the cleanup after the error will not remove all nodes already created. When the transaction is committed after this situation, nodes without a valid parent can be made permanent in the data base. 2022-11-01 5.5 CVE-2022-42310
MISC
CONFIRM
MLIST
DEBIAN
xen — xen Xenstore: Cooperating guests can create arbitrary numbers of nodes T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Since the fix of XSA-322 any Xenstore node owned by a removed domain will be modified to be owned by Dom0. This will allow two malicious guests working together to create an arbitrary number of Xenstore nodes. This is possible by domain A letting domain B write into domain A’s local Xenstore tree. Domain B can then create many nodes and reboot. The nodes created by domain B will now be owned by Dom0. By repeating this process over and over again an arbitrary number of nodes can be created, as Dom0’s number of nodes isn’t limited by Xenstore quota. 2022-11-01 5.5 CVE-2022-42322
MISC
CONFIRM
MLIST
DEBIAN
xen — xen Xenstore: Cooperating guests can create arbitrary numbers of nodes T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Since the fix of XSA-322 any Xenstore node owned by a removed domain will be modified to be owned by Dom0. This will allow two malicious guests working together to create an arbitrary number of Xenstore nodes. This is possible by domain A letting domain B write into domain A’s local Xenstore tree. Domain B can then create many nodes and reboot. The nodes created by domain B will now be owned by Dom0. By repeating this process over and over again an arbitrary number of nodes can be created, as Dom0’s number of nodes isn’t limited by Xenstore quota. 2022-11-01 5.5 CVE-2022-42323
MISC
CONFIRM
MLIST
DEBIAN
xen — xen Oxenstored 32->31 bit integer truncation issues Integers in Ocaml are 63 or 31 bits of signed precision. The Ocaml Xenbus library takes a C uint32_t out of the ring and casts it directly to an Ocaml integer. In 64-bit Ocaml builds this is fine, but in 32-bit builds, it truncates off the most significant bit, and then creates unsigned/signed confusion in the remainder. This in turn can feed a negative value into logic not expecting a negative value, resulting in unexpected exceptions being thrown. The unexpected exception is not handled suitably, creating a busy-loop trying (and failing) to take the bad packet out of the xenstore ring. 2022-11-01 5.5 CVE-2022-42324
MISC
CONFIRM
MLIST
DEBIAN
xen — xen Xenstore: Guests can create arbitrary number of nodes via transactions T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] In case a node has been created in a transaction and it is later deleted in the same transaction, the transaction will be terminated with an error. As this error is encountered only when handling the deleted node at transaction finalization, the transaction will have been performed partially and without updating the accounting information. This will enable a malicious guest to create arbitrary number of nodes. 2022-11-01 5.5 CVE-2022-42325
MISC
CONFIRM
MLIST
DEBIAN
xen — xen Xenstore: Guests can create arbitrary number of nodes via transactions T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] In case a node has been created in a transaction and it is later deleted in the same transaction, the transaction will be terminated with an error. As this error is encountered only when handling the deleted node at transaction finalization, the transaction will have been performed partially and without updating the accounting information. This will enable a malicious guest to create arbitrary number of nodes. 2022-11-01 5.5 CVE-2022-42326
MISC
CONFIRM
MLIST
DEBIAN
fortinet — fortisoar A missing authentication for a critical function vulnerability in Fortinet FortiSOAR 6.4.0 – 6.4.4 and 7.0.0 – 7.0.3 and 7.2.0 allows an attacker to disclose information via logging into the database using a privileged account without a password. 2022-11-02 5.5 CVE-2022-42473
CONFIRM
apple — macos A permissions issue existed. This issue was addressed with improved permission validation. This issue is fixed in macOS Ventura 13. A malicious application may be able to read sensitive location information. 2022-11-01 5.5 CVE-2022-42788
MISC
apple — macos An issue in code signature validation was addressed with improved checks. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, macOS Monterey 12.6. An app may be able to access user-sensitive data. 2022-11-01 5.5 CVE-2022-42789
MISC
MISC
MISC
apple — ipados A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, iOS 15.7 and iPadOS 15.7, macOS Monterey 12.6. A user may be able to view restricted content from the lock screen. 2022-11-01 5.5 CVE-2022-42790
MISC
MISC
MISC
MISC
MISC
apple — ipados An issue in code signature validation was addressed with improved checks. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, iOS 15.7 and iPadOS 15.7, macOS Monterey 12.6. An app may be able to bypass code signing checks. 2022-11-01 5.5 CVE-2022-42793
MISC
MISC
MISC
MISC
MISC
apple — macos The issue was addressed with improved memory handling. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. Parsing a maliciously crafted audio file may lead to disclosure of user information. 2022-11-01 5.5 CVE-2022-42798
MISC
MISC
MISC
MISC
MISC
MISC
MISC
apple — iphone_os The issue was addressed with improved memory handling. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, tvOS 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13. Processing a maliciously crafted USD file may disclose memory contents. 2022-11-01 5.5 CVE-2022-42810
MISC
MISC
MISC
MISC
apple — macos An access issue was addressed with additional sandbox restrictions. This issue is fixed in tvOS 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13, watchOS 9.1. An app may be able to access user-sensitive data. 2022-11-01 5.5 CVE-2022-42811
MISC
MISC
MISC
MISC
apple — macos A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13. An app may be able to access user-sensitive data. 2022-11-01 5.5 CVE-2022-42814
MISC
apple — macos This issue was addressed with improved data protection. This issue is fixed in macOS Ventura 13. An app may be able to access user-sensitive data. 2022-11-01 5.5 CVE-2022-42815
MISC
apple — macos An access issue was addressed with improved access restrictions. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, macOS Monterey 12.6. An app may be able to read sensitive location information. 2022-11-01 5.5 CVE-2022-42819
MISC
MISC
MISC
apple — macos A logic issue was addressed with improved state management. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing maliciously crafted web content may disclose sensitive user information. 2022-11-01 5.5 CVE-2022-42824
MISC
MISC
MISC
MISC
MISC
MLIST
apple — macos This issue was addressed by removing additional entitlements. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. An app may be able to modify protected parts of the file system. 2022-11-01 5.5 CVE-2022-42825
MISC
MISC
MISC
MISC
MISC
MISC
rtf2html_project — rtf2html rtf2html v0.2.0 was discovered to contain a heap overflow in the component /rtf2html/./rtf_tools.h. 2022-10-31 5.5 CVE-2022-43148
MISC
timg_project — timg timg v1.4.4 was discovered to contain a memory leak via the function timg::QueryBackgroundColor() at /timg/src/term-query.cc. 2022-10-31 5.5 CVE-2022-43151
MISC
tsmuxer_project — tsmuxer tsMuxer v2.6.16 was discovered to contain a heap overflow via the function BitStreamWriter::flushBits() at /tsMuxer/bitStream.h. 2022-10-31 5.5 CVE-2022-43152
MISC
gpac — gpac GPAC v2.1-DEV-rev368-gfd054169b-master was discovered to contain a memory leak via the component gf_list_new at utils/list.c. 2022-11-02 5.5 CVE-2022-43254
MISC
gpac — gpac GPAC v2.1-DEV-rev368-gfd054169b-master was discovered to contain a memory leak via the component gf_odf_new_iod at odf/odf_code.c. 2022-11-02 5.5 CVE-2022-43255
MISC
webassembly — wabt wasm2c v1.0.29 was discovered to contain an abort in CWriter::Write. 2022-10-28 5.5 CVE-2022-43283
MISC
openharmony — openharmony OpenHarmony-v3.1.2 and prior versions had an Arbitrary file read vulnerability via download_server. Local attackers can install an malicious application on the device and reveal any file from the filesystem that is accessible to download_server service which run with UID 1000. 2022-11-03 5.5 CVE-2022-43449
MISC
opendev — sushy-tools An issue was discovered in OpenStack Sushy-Tools through 0.21.0 and VirtualBMC through 2.2.2. Changing the boot device configuration with these packages removes password protection from the managed libvirt XML domain. NOTE: this only affects an “unsupported, production-like configuration.” 2022-10-30 5.5 CVE-2022-44020
MISC
MISC
MISC
pycdc_project — pycdc pycdc commit 44a730f3a889503014fec94ae6e62d8401cb75e5 was discovered to contain a stack overflow via the component __sanitizer::StackDepotBase<__sanitizer::StackDepotNode. 2022-10-31 5.5 CVE-2022-44079
MISC
lodev — lodepng Lodepng v20220717 was discovered to contain a segmentation fault via the function pngdetail. 2022-10-31 5.5 CVE-2022-44081
MISC
expresstech — quiz_and_survey_master Auth. (editor+) Reflected Cross-Site Scripting (XSS) vulnerability in ExpressTech Quiz And Survey Master plugin <= 7.3.4 on WordPress. 2022-10-28 5.4 CVE-2021-36864
CONFIRM
CONFIRM
hotelmanager_project — hotelmanager Saibamen HotelManager v1.2 is vulnerable to Cross Site Scripting (XSS) due to improper sanitization of comment and contact fields. 2022-11-04 5.4 CVE-2021-39473
MISC
MISC
palantir — foundry_blobster The Foundry Blobster service was found to have a cross-site scripting (XSS) vulnerability that could have allowed an attacker with access to Foundry to launch attacks against other users. This vulnerability is resolved in Blobster 3.228.0. 2022-11-04 5.4 CVE-2022-27894
MISC
gitlab — gitlab A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions starting from 15.2 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 It was possible to exploit a vulnerability in the external status checks feature which could lead to a stored XSS that allowed attackers to perform arbitrary actions on behalf of victims at client side. 2022-11-02 5.4 CVE-2022-2904
MISC
CONFIRM
MISC
ibm — infosphere_information_server “IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 227592. 2022-11-03 5.4 CVE-2022-30615
MISC
wp_total_hacks_project — wp_total_hacks The WP Total Hacks WordPress plugin through 4.7.2 does not prevent low privilege users from modifying the plugin’s settings. This could allow users such as subscribers to perform Stored Cross-Site Scripting attacks against other users, like administrators, due to the lack of sanitisation and escaping as well. 2022-10-31 5.4 CVE-2022-3096
CONFIRM
apache — spark A stored cross-site scripting (XSS) vulnerability in Apache Spark 3.2.1 and earlier, and 3.3.0, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the logs which would be returned in logs rendered in the UI. 2022-11-01 5.4 CVE-2022-31777
MISC
ibm — infosphere_information_server “IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 227592.” 2022-11-03 5.4 CVE-2022-35642
MISC
fortinet — fortiadc An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiADC management interface 7.1.0 may allow a remote and authenticated attacker to trigger a stored cross site scripting (XSS) attack via configuring a specially crafted IP Address. 2022-11-02 5.4 CVE-2022-35851
CONFIRM
coleds — simple_seo Auth. (subscriber+) Broken Access Control vulnerability in David Cole Simple SEO plugin <= 1.8.12 on WordPress allows attackers to create or delete sitemap. 2022-11-03 5.4 CVE-2022-36404
CONFIRM
CONFIRM
phpmyfaq — phpmyfaq Cross-site Scripting (XSS) – Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.8. 2022-10-31 5.4 CVE-2022-3765
CONFIRM
MISC
fortinet — fortideceptor An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiDeceptor management interface 4.2.0, 4.1.0 through 4.1.1, 4.0.2 may allow an authenticated user to perform a cross site scripting (XSS) attack via sending requests with specially crafted lure resource ID. 2022-11-02 5.4 CVE-2022-38373
CONFIRM
m-files — hubshare Improper input validation and output encoding in all comments fields, in M-Files Hubshare before 3.3.10.9 allows authenticated attackers to introduce cross-site scripting attacks via specially crafted comments. 2022-10-31 5.4 CVE-2022-39017
MISC
edetw — u-office_force U-Office Force UserDefault page has insufficient filtering for special characters in the HTTP header fields. A remote attacker with general user privilege can exploit this vulnerability to inject JavaScript and perform XSS (Stored Cross-Site Scripting) attack. 2022-10-31 5.4 CVE-2022-39026
MISC
edetw — u-office_force U-Office Force Forum function has insufficient filtering for special characters. A remote attacker with general user privilege can inject JavaScript and perform XSS (Stored Cross-Site Scripting) attack. 2022-10-31 5.4 CVE-2022-39027
MISC
glpi-project — glpi GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Script related HTML tags in assets inventory information are not properly neutralized. This issue has been patched, please upgrade to version 10.0.4. There are currently no known workarounds. 2022-11-03 5.4 CVE-2022-39371
CONFIRM
glpi-project — glpi GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Authenticated users may store malicious code in their account information. This issue has been patched, please upgrade to version 10.0.4. There are currently no known workarounds. 2022-11-03 5.4 CVE-2022-39372
CONFIRM
glpi-project — glpi GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Users may be able to create a public RSS feed to inject malicious code in dashboards of other users. This issue has been patched, please upgrade to version 10.0.4. There are currently no known workarounds. 2022-11-03 5.4 CVE-2022-39375
CONFIRM
fortinet — fortianalyzer An improper neutralization of input during web page generation vulnerability [CWE-79] exists in FortiManager and FortiAnalyzer 6.0.0 all versions, 6.2.0 all versions, 6.4.0 through 6.4.8, and 7.0.0 through 7.0.4. Report templates may allow a low privilege level attacker to perform an XSS attack via posting a crafted CKeditor “protected” comment as described in CVE-2020-9281. 2022-11-02 5.4 CVE-2022-39950
CONFIRM
ragic — ragic Ragic report generation page has insufficient filtering for special characters. A remote attacker with general user privilege can inject JavaScript to perform XSS (Reflected Cross-Site Scripting) attack. 2022-10-31 5.4 CVE-2022-40739
MISC
openwrt — luci OpenWRT LuCI version git-22.140.66206-02913be was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /system/sshkeys.js. This vulnerability allows attackers to execute arbitrary web scripts or HTML via crafted public key comments. 2022-11-03 5.4 CVE-2022-41435
MISC
MISC
rukovoditel — rukovoditel A stored cross-site scripting (XSS) vulnerability in the Users Alerts feature (/index.php?module=users_alerts/users_alerts) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter after clicking “Add”. 2022-10-28 5.4 CVE-2022-43167
MISC
rukovoditel — rukovoditel A stored cross-site scripting (XSS) vulnerability in the Users Access Groups feature (/index.php?module=users_groups/users_groups) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking “Add New Group”. 2022-10-28 5.4 CVE-2022-43169
MISC
rukovoditel — rukovoditel A stored cross-site scripting (XSS) vulnerability in the Dashboard Configuration feature (index.php?module=dashboard_configure/index) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter after clicking “Add info block”. 2022-10-28 5.4 CVE-2022-43170
MISC
apache — sling_cms An improper neutralization of input during web page generation (‘Cross-site Scripting’) [CWE-79] vulnerability in Sling App CMS version 1.1.0 and prior may allow an authenticated remote attacker to perform a reflected cross site scripting (XSS) attack in the taxonomy management feature. 2022-11-02 5.4 CVE-2022-43670
MISC
MLIST
coleds — simple_seo Cross-Site Request Forgery (CSRF) vulnerability in David Cole Simple SEO plugin <= 1.8.12 on WordPress allows attackers to create or delete sitemaps. 2022-11-03 5.4 CVE-2022-44627
CONFIRM
CONFIRM
apple — iphone_os A logic issue was addressed with improved state management. This issue is fixed in iOS 16. Deleted contacts may still appear in spotlight search results. 2022-11-01 5.3 CVE-2022-32859
MISC
apple — iphone_os A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16, macOS Ventura 13, watchOS 9. A user in a privileged network position may be able to intercept mail credentials. 2022-11-01 5.3 CVE-2022-32928
MISC
MISC
MISC
apple — macos A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. A shortcut may be able to check the existence of an arbitrary path on the file system. 2022-11-01 5.3 CVE-2022-32938
MISC
MISC
ibm — robotic_process_automation “IBM Robotic Process Automation 21.0.1 and 21.0.2 could disclose sensitive version information that could aid in further attacks against the system. IBM X-Force ID: 234292.” 2022-11-03 5.3 CVE-2022-38710
MISC
glpi-project — glpi GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Usage of RSS feeds or an external calendar in planning is subject to SSRF exploit. In case a remote script returns a redirect response, the redirect target URL is not checked against the URL allow list defined by administrator. This issue has been patched, please upgrade to 10.0.4. There are currently no known workarounds. 2022-11-03 5.3 CVE-2022-39276
MISC
CONFIRM
discourse — discourse Discourse is a platform for community discussion. Under certain conditions, a user badge may have been awarded based on a user’s activity in a topic with restricted access. Before this vulnerability was disclosed, the topic title of the topic associated with the user badge may be viewed by any user. If there are sensitive information in the topic title, it will therefore have been exposed. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. There are currently no known workarounds available. 2022-11-02 5.3 CVE-2022-39378
CONFIRM
phppointofsale — php_point_of_sale The application allowed for Unauthenticated User Enumeration by interacting with an unsecured endpoint to retrieve information on each account within the system. 2022-10-31 5.3 CVE-2022-40292
MISC
deep-object-diff_project — deep-object-diff deep-object-diff version 1.1.0 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the ‘__proto__’ property to be edited. 2022-11-03 5.3 CVE-2022-41713
MISC
MISC
fastest-json-copy_project — fastest-json-copy fastest-json-copy version 1.0.1 allows an external attacker to edit or add new properties to an object. This is possible because the application does not correctly validate the incoming JSON keys, thus allowing the ‘__proto__’ property to be edited. 2022-11-03 5.3 CVE-2022-41714
MISC
MISC
deep-parse-json_project — deep-parse-json deep-parse-json version 1.0.2 allows an external attacker to edit or add new properties to an object. This is possible because the application does not correctly validate the incoming JSON keys, thus allowing the ‘__proto__’ property to be edited. 2022-11-03 5.3 CVE-2022-42743
MISC
MISC
pwndoc_project — pwndoc PwnDoc through 0.5.3 might allow remote attackers to identify valid user account names by leveraging response timings for authentication attempts. 2022-10-30 5.3 CVE-2022-44022
MISC
pwndoc_project — pwndoc PwnDoc through 0.5.3 might allow remote attackers to identify disabled user account names by leveraging response messages for authentication attempts. 2022-10-30 5.3 CVE-2022-44023
MISC
jetbrains — teamcity In JetBrains TeamCity version between 2021.2 and 2022.10 access permissions for secure token health items were excessive 2022-11-03 5.3 CVE-2022-44622
MISC
jetbrains — teamcity In JetBrains TeamCity version before 2022.10, no audit items were added upon editing a user’s settings 2022-11-03 5.3 CVE-2022-44646
MISC
apple — iphone_os A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, watchOS 9, macOS Monterey 12.6. An app may be able to read sensitive location information. 2022-11-01 5 CVE-2022-32875
MISC
MISC
MISC
MISC
MISC
opencart — opencart OpenCart 3.0.3.7 allows users to obtain database information or read server files through SQL injection in the background. 2022-11-03 4.9 CVE-2021-37823
MISC
discourse — discourse Discourse is a platform for community discussion. A malicious admin could use this vulnerability to perform port enumeration on the local host or other hosts on the internal network, as well as against hosts on the Internet. Latest `stable`, `beta`, and `test-passed` versions are now patched. As a workaround, self-hosters can use `DISCOURSE_BLOCKED_IP_BLOCKS` env var (which overrides `blocked_ip_blocks` setting) to stop webhooks from accessing private IPs. 2022-11-02 4.9 CVE-2022-39241
CONFIRM
phppointofsale — php_point_of_sale The application was vulnerable to an authenticated information disclosure, allowing administrators to view unsalted user passwords, which could lead to the compromise of plaintext passwords via offline attacks. 2022-10-31 4.9 CVE-2022-40295
MISC
restaurant_pos_system_project — restaurant_pos_system Restaurant POS System v1.0 was discovered to contain a SQL injection vulnerability via update_customer.php. 2022-11-01 4.9 CVE-2022-43086
MISC
wpexperts — wp_contact_slider The WP Contact Slider WordPress plugin before 2.4.8 does not sanitize and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. 2022-10-31 4.8 CVE-2022-3237
CONFIRM
redlettuce — wp_word_count The WP Word Count WordPress plugin through 3.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. 2022-10-31 4.8 CVE-2022-3408
CONFIRM
official_integration_for_billingo_project — official_integration_for_billingo The Official Integration for Billingo WordPress plugin before 3.4.0 does not sanitise and escape some of its settings, which could allow high privilege users with a role as low as Shop Manager to perform Stored Cross-Site Scripting attacks. 2022-10-31 4.8 CVE-2022-3420
CONFIRM
rockcontent — rock_convert The Rock Convert WordPress plugin before 2.11.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) 2022-10-31 4.8 CVE-2022-3441
CONFIRM
rockcontent — rock_convert Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Stage Rock Convert plugin <= 2.11.0 on WordPress. 2022-11-03 4.8 CVE-2022-36428
CONFIRM
CONFIRM
webfactoryltd — under_construction A vulnerability classified as problematic has been found in WebFactory Under Construction Plugin. This affects an unknown part of the component Plugin Setting Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-212661 was assigned to this vulnerability. 2022-11-01 4.8 CVE-2022-3808
N/A
N/A
N/A
glpi-project — glpi GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package, GLPI administrator can define rich-text content to be displayed on login page. The displayed content is can contains malicious code that can be used to steal credentials. This issue has been patched, please upgrade to version 10.0.4. 2022-11-03 4.8 CVE-2022-39262
MISC
CONFIRM
glpi-project — glpi GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. External links are not properly sanitized and can therefore be used for a Cross-Site Scripting (XSS) attack. This issue has been patched, please upgrade to GLPI 10.0.4. There are currently no known workarounds. 2022-11-03 4.8 CVE-2022-39277
CONFIRM
MISC
glpi-project — glpi GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Administrator may store malicious code in entity name. This issue has been patched, please upgrade to version 10.0.4. 2022-11-03 4.8 CVE-2022-39373
CONFIRM
web-based_student_clearance_system_project — web-based_student_clearance_system A cross-site scripting (XSS) vulnerability in /admin/edit-admin.php of Web-Based Student Clearance System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtemail parameter. 2022-11-01 4.8 CVE-2022-43076
MISC
web-based_student_clearance_system_project — web-based_student_clearance_system A cross-site scripting (XSS) vulnerability in /admin/add-fee.php of Web-Based Student Clearance System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cmddept parameter. 2022-11-01 4.8 CVE-2022-43078
MISC
vehicle_booking_system_project — vehicle_booking_system A cross-site scripting (XSS) vulnerability in admin-add-vehicle.php of Vehicle Booking System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the v_name parameter. 2022-11-01 4.8 CVE-2022-43084
MISC
slims — senayan_library_management_system Senayan Library Management System v9.4.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the component pop_chart.php. 2022-11-01 4.8 CVE-2022-43361
MISC
emlog — emlog Emlog Pro v1.7.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability at /admin/store.php. 2022-11-03 4.8 CVE-2022-43372
MISC
agenteasy_properties_project — agenteasy_properties Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in AgentEasy Properties plugin <= 1.0.4 on WordPress. 2022-11-02 4.8 CVE-2022-44576
CONFIRM
CONFIRM
am-hili_project — am-hili Auth. (admin+) Stored Cross-Site Scripting (XSS) in Ayoub Media AM-HiLi plugin <= 1.0 on WordPress. 2022-11-02 4.8 CVE-2022-44586
CONFIRM
CONFIRM
jumpdemand — 4ecps_web_forms Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in JumpDEMAND Inc. 4ECPS Web Forms plugin <= 0.2.17 on WordPress. 2022-11-03 4.8 CVE-2022-44628
CONFIRM
CONFIRM
apple — macos A race condition was addressed with improved state handling. This issue is fixed in macOS Ventura 13. An app may be able to modify protected parts of the file system. 2022-11-01 4.7 CVE-2022-32895
MISC
apple — macos A lock screen issue was addressed with improved state management. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16, macOS Ventura 13. A user may be able to view restricted content from the lock screen. 2022-11-01 4.6 CVE-2022-32935
MISC
MISC
MISC
google — chrome Insufficient validation of untrusted input in VPN in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a local attacker to bypass managed device restrictions via physical access to the device. (Chrome security severity: Medium) 2022-11-01 4.6 CVE-2022-3312
MISC
MISC
froxlor — froxlor Code Injection in GitHub repository froxlor/froxlor prior to 0.10.39. 2022-11-04 4.6 CVE-2022-3721
MISC
CONFIRM
hitachi — infrastructure_analytics_advisor Incorrect Default Permissions vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Analytics probe component), Hitachi Ops Center Analyzer on Linux (Analyzer probe component), Hitachi Ops Center Viewpoint on Linux (Viewpoint RAID Agent component) allows local users to read and write specific files. 2022-11-01 4.4 CVE-2020-36605
MISC
ibm — security_guardium “IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, 11.3, and 11.4 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 215587.” 2022-11-03 4.4 CVE-2021-39077
MISC
apple — macos A logic issue in the handling of concurrent media was addressed with improved state handling. This issue is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. Video self-preview in a webRTC call may be interrupted if the user answers a phone call. 2022-11-01 4.3 CVE-2022-22677
MISC
MISC
google — chrome Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass security feature via a crafted HTML page. (Chrome security severity: Low) 2022-11-01 4.3 CVE-2022-3316
MISC
MISC
google — chrome Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 106.0.5249.62 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chrome security severity: Low) 2022-11-01 4.3 CVE-2022-3317
MISC
MISC
google — chrome Insufficient data validation in File System API in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass File System restrictions via a crafted HTML page. (Chrome security severity: Low) 2022-11-01 4.3 CVE-2022-3443
MISC
MISC
google — chrome Insufficient data validation in File System API in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass File System restrictions via a crafted HTML page and malicious file. (Chrome security severity: Low) 2022-11-01 4.3 CVE-2022-3444
MISC
MISC
google — chrome Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 107.0.5304.62 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page. (Chrome security severity: Medium) 2022-11-01 4.3 CVE-2022-3660
MISC
MISC
fortinet — fortios An improper access control [CWE-284] vulnerability in FortiOS version 7.2.0 and versions 7.0.0 through 7.0.7 may allow a remote authenticated read-only user to modify the interface settings via the API. 2022-11-02 4.3 CVE-2022-38380
CONFIRM
glpi-project — glpi GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Connected users may gain access to debug panel through the GLPI update script. This issue has been patched, please upgrade to 10.0.4. As a workaround, delete the `install/update.php` script. 2022-11-03 4.3 CVE-2022-39370
CONFIRM
a3rev — page_view_count Cross-Site Request Forgery (CSRF) vulnerability in a3rev Software Page View Count plugin <= 2.5.5 on WordPress allows an attacker to reset the plugin settings. 2022-11-03 4.3 CVE-2022-40131
CONFIRM
CONFIRM
Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apple — iphone_os This issue was addressed with improved entitlements. This issue is fixed in iOS 16, watchOS 9. An app may be able to read a persistent device identifier. 2022-11-01 3.3 CVE-2022-32835
MISC
MISC
apple — iphone_os The issue was addressed with additional restrictions on the observability of app states. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, watchOS 9, macOS Monterey 12.6, tvOS 16. A sandboxed app may be able to determine which app is currently using the camera. 2022-11-01 3.3 CVE-2022-32913
MISC
MISC
MISC
MISC
MISC
MISC
ibm — robotic_process_automation_for_cloud_pak “IBM Robotic Process Automation for Cloud Pak 21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5 is vulnerable to exposure of the first tenant owner e-mail address to users with access to the container platform. IBM X-Force ID: 238214.” 2022-11-03 3.3 CVE-2022-42442
MISC
apple — iphone_os This issue was addressed with improved data protection. This issue is fixed in iOS 16, macOS Ventura 13. A user with physical access to an iOS device may be able to read past diagnostic logs. 2022-11-01 2.4 CVE-2022-32867
MISC
MISC
apple — iphone_os A logic issue was addressed with improved state management. This issue is fixed in iOS 16, macOS Ventura 13, watchOS 9. A user with physical access to a device may be able to use Siri to obtain some call history information. 2022-11-01 2.4 CVE-2022-32870
MISC
MISC
MISC
apple — ipados A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13, iOS 16, iOS 15.7 and iPadOS 15.7, watchOS 9, tvOS 16. A user with physical access to a device may be able to access contacts from the lock screen. 2022-11-01 2.4 CVE-2022-32879
MISC
MISC
MISC
MISC
MISC
Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
cisco — multiple_products A vulnerability in Cisco Email Security Appliance (ESA) and Cisco Secure Email and Web Manager could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack. This vulnerability is due to the failure of the application or its environment to properly sanitize input values. An attacker could exploit this vulnerability by injecting malicious HTTP headers, controlling the response body, or splitting the response into multiple responses. 2022-11-04 not yet calculated CVE-2022-20772
MISC
cisco — multiple_products A vulnerability in web-based management interface of the of Cisco Email Security Appliance and Cisco Secure Email and Web Manager could allow an authenticated, remote attacker to conduct SQL injection attacks as root on an affected system. The attacker must have the credentials of a high-privileged user account. This vulnerability is due to improper validation of user-submitted parameters. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain data or modify data that is stored in the underlying database of the affected system. 2022-11-04 not yet calculated CVE-2022-20867
MISC
cisco — multiple_products A vulnerability in the web-based management interface of Cisco Email Security Appliance, Cisco Secure Email and Web Manager and Cisco Secure Web Appliance could allow an authenticated, remote attacker to elevate privileges on an affected system. The attacker needs valid credentials to exploit this vulnerability. This vulnerability is due to the use of a hardcoded value to encrypt a token used for certain APIs calls . An attacker could exploit this vulnerability by authenticating to the device and sending a crafted HTTP request. A successful exploit could allow the attacker to impersonate another valid user and execute commands with the privileges of that user account. 2022-11-04 not yet calculated CVE-2022-20868
MISC
cisco — identity_services_engine A vulnerability in a feature that monitors RADIUS requests on Cisco Identity Services Engine (ISE) Software could allow an unauthenticated, remote attacker to negatively affect the performance of an affected device. This vulnerability is due to insufficient management of system resources. An attacker could exploit this vulnerability by taking actions that cause Cisco ISE Software to receive specific RADIUS traffic. A successful and sustained exploit of this vulnerability could allow the attacker to cause reduced performance of the affected device, resulting in significant delays to RADIUS authentications. There are workarounds that address this vulnerability. 2022-11-04 not yet calculated CVE-2022-20937
MISC
cisco — multiple_products A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA), Cisco Secure Email and Web Manager, and Cisco Secure Web Appliance, formerly known as Cisco Web Security Appliance (WSA), could allow an authenticated, remote attacker to retrieve sensitive information from an affected device, including user credentials. This vulnerability is due to weak enforcement of back-end authorization checks. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain confidential data that is stored on the affected device. 2022-11-04 not yet calculated CVE-2022-20942
MISC
cisco — broadworks_commpilot A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot application could allow an authenticated, remote attacker to perform a server-side request forgery (SSRF) attack on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web interface. A successful exploit could allow the attacker to obtain confidential information from the BroadWorks server and other device on the network. {{value}} [“%7b%7bvalue%7d%7d”])}]] 2022-11-04 not yet calculated CVE-2022-20951
MISC
cisco — identity_services_engine A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to bypass authorization and access system files. This vulnerability is due to improper access control in the web-based management interface of an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to list, download, and delete certain files that they should not have access to. Cisco plans to release software updates that address this vulnerability. https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-access-contol-EeufSUCx [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-access-contol-EeufSUCx”] 2022-11-04 not yet calculated CVE-2022-20956
MISC
cisco — broadworks_commpilot A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot application could allow an unauthenticated, remote attacker to perform a server-side request forgery (SSRF) attack on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web interface. A successful exploit could allow the attacker to obtain confidential information from the BroadWorks server and other device on the network. {{value}} [“%7b%7bvalue%7d%7d”])}]] 2022-11-04 not yet calculated CVE-2022-20958
MISC
cisco — asyncos A vulnerability in Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of certain TLS connections that are processed by an affected device. An attacker could exploit this vulnerability by establishing a large number of concurrent TLS connections to an affected device. A successful exploit could allow the attacker to cause the device to drop new TLS email messages that come from the associated email servers. Exploitation of this vulnerability does not cause the affected device to unexpectedly reload. The device will recover autonomously within a few hours of when the attack is halted or mitigated. 2022-11-04 not yet calculated CVE-2022-20960
MISC
cisco — identity_services_engine A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device with the privileges of the target user. 2022-11-04 not yet calculated CVE-2022-20961
MISC
cisco — localdisk_management A vulnerability in the Localdisk Management feature of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to make unauthorized changes to the file system of an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted HTTP request with absolute path sequences. A successful exploit could allow the attacker to upload malicious files to arbitrary locations within the file system. Using this method, it is possible to access the underlying operating system and execute commands with system privileges. 2022-11-04 not yet calculated CVE-2022-20962
MISC
cisco — identity_services_engine A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker would need valid credentials to access the web-based management interface of an affected device. 2022-11-04 not yet calculated CVE-2022-20963
MISC
cisco — umbrella A vulnerability in multiple management dashboard pages of Cisco Umbrella could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the Cisco Umbrella dashboard. This vulnerability is due to unsanitized user input. An attacker could exploit this vulnerability by submitting custom JavaScript to the web application and persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information. 2022-11-04 not yet calculated CVE-2022-20969
MISC
foundry_magritte — osisoft-pi-web-connector The Foundry Magritte plugin osisoft-pi-web-connector versions 0.15.0 – 0.43.0 was found to be logging in a manner that captured authentication requests. This vulnerability is resolved in osisoft-pi-web-connector version 0.44.0. 2022-11-04 not yet calculated CVE-2022-27893
CONFIRM
vmware — multiple_products
 
Spring Tools 4 for Eclipse version 4.16.0 and below as well as VSCode extensions such as Spring Boot Tools, Concourse CI Pipeline Editor, Bosh Editor and Cloudfoundry Manifest YML Support version 1.39.0 and below all use Snakeyaml library for YAML editing support. This library allows for some special syntax in the YAML that under certain circumstances allows for potentially harmful remote code execution by the attacker. 2022-11-04 not yet calculated CVE-2022-31691
MISC
trellix — ips_manager
 
XML External Entity (XXE) vulnerability in Trellix IPS Manager prior to 10.1 M8 allows a remote authenticated administrator to perform XXE attack in the administrator interface part of the interface, which allows a saved XML configuration file to be imported. 2022-11-04 not yet calculated CVE-2022-3340
CONFIRM
apache — multiple_products The Apache Pulsar C++ Client does not verify peer TLS certificates when making HTTPS calls for the OAuth2.0 Client Credential Flow, even when tlsAllowInsecureConnection is disabled via configuration. This vulnerability allows an attacker to perform a man in the middle attack and intercept and/or modify the GET request that is sent to the ClientCredentialFlow ‘issuer url’. The intercepted credentials can be used to acquire authentication data from the OAuth2.0 server to then authenticate with an Apache Pulsar cluster. An attacker can only take advantage of this vulnerability by taking control of a machine ‘between’ the client and the server. The attacker must then actively manipulate traffic to perform the attack. The Apache Pulsar Python Client wraps the C++ client, so it is also vulnerable in the same way. This issue affects Apache Pulsar C++ Client and Python Client versions 2.7.0 to 2.7.4; 2.8.0 to 2.8.3; 2.9.0 to 2.9.2; 2.10.0 to 2.10.1; 2.6.4 and earlier. Any users running affected versions of the C++ Client or the Python Client should rotate vulnerable OAuth2.0 credentials, including client_id and client_secret. 2.7 C++ and Python Client users should upgrade to 2.7.5 and rotate vulnerable OAuth2.0 credentials. 2.8 C++ and Python Client users should upgrade to 2.8.4 and rotate vulnerable OAuth2.0 credentials. 2.9 C++ and Python Client users should upgrade to 2.9.3 and rotate vulnerable OAuth2.0 credentials. 2.10 C++ and Python Client users should upgrade to 2.10.2 and rotate vulnerable OAuth2.0 credentials. 3.0 C++ users are unaffected and 3.0 Python Client users will be unaffected when it is released. Any users running the C++ and Python Client for 2.6 or less should upgrade to one of the above patched versions. 2022-11-04 not yet calculated CVE-2022-33684
MISC
ibm — business_automation_workflow “IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3, and 22.0.1 could disclose sensitive version information to authenticated users which could be used in further attacks against the system. IBM X-Force ID: 230537.” 2022-11-03 not yet calculated CVE-2022-35279
MISC

watchdog — anti-virus

Incorrect access control in the anti-virus driver wsdkd.sys of Watchdog Antivirus v1.4.158 allows attackers to write arbitrary files. 2022-11-04 not yet calculated CVE-2022-38582
MISC
hcl — domino HCL Domino is susceptible to an information disclosure vulnerability. In some scenarios, local calls made on the server to search the Domino directory will ignore xACL read restrictions. An authenticated attacker could leverage this vulnerability to access attributes from a user’s person record. 2022-11-04 not yet calculated CVE-2022-38654
MISC

hcl — xpages

HCL XPages applications are susceptible to a Cross Site Request Forgery (CSRF) vulnerability. An unauthenticated attacker could exploit this vulnerability to perform actions in the application on behalf of the logged in user. 2022-11-04 not yet calculated CVE-2022-38660
MISC
sourcecodester — sanitization_management_system A vulnerability classified as critical has been found in SourceCodester Sanitization Management System. Affected is an unknown function of the file /php-sms/classes/Master.php?f=save_quote. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-213012. 2022-11-05 not yet calculated CVE-2022-3868
N/A
N/A
froxlor — froxlor Code Injection in GitHub repository froxlor/froxlor prior to 0.10.38.2. 2022-11-05 not yet calculated CVE-2022-3869
CONFIRM
MISC

microsoft — azure

Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. Prior to version 6.1.12, the USB DFU UPLOAD functionality may be utilized to introduce a buffer overflow resulting in overwrite of memory contents. In particular cases this may allow an attacker to bypass security features or execute arbitrary code. The implementation of `ux_device_class_dfu_control_request` function prevents buffer overflow during handling of DFU UPLOAD command when current state is `UX_SYSTEM_DFU_STATE_DFU_IDLE`. This issue has been patched, please upgrade to version 6.1.12. As a workaround, add the `UPLOAD_LENGTH` check in all possible states. 2022-11-04 not yet calculated CVE-2022-39344
CONFIRM
openzeppelin — contracts OpenZeppelin Contracts is a library for secure smart contract development. Before version 4.4.1 but after 3.2.0, initializer functions that are invoked separate from contract creation (the most prominent example being minimal proxies) may be reentered if they make an untrusted non-view external call. Once an initializer has finished running it can never be re-executed. However, an exception put in place to support multiple inheritance made reentrancy possible in the scenario described above, breaking the expectation that there is a single execution. Note that upgradeable proxies are commonly initialized together with contract creation, where reentrancy is not feasible, so the impact of this issue is believed to be minor. This issue has been patched, please upgrade to version 4.4.1. As a workaround, avoid untrusted external calls during initialization. 2022-11-04 not yet calculated CVE-2022-39384
MISC
CONFIRM
xwiki_contrib — oidc XWiki OIDC has various tools to manipulate OpenID Connect protocol in XWiki. Prior to version 1.29.1, even if a wiki has an OpenID provider configured through its xwiki.properties, it is possible to provide a third party provider its details through request parameters. One can then bypass the XWiki authentication altogether by specifying its own provider through the oidc.endpoint.* request parameters (or by using an XWiki-based OpenID provider with oidc.xwikiprovider. With the same approach, one could also provide a specific group mapping through oidc.groups.mapping that would make his user automatically part of the XWikiAdminGroup. This issue has been patched, please upgrade to 1.29.1. There is no workaround, an upgrade of the authenticator is required. 2022-11-04 not yet calculated CVE-2022-39387
MISC
CONFIRM
MISC
becton_dickson — totalys_multiprocessor BD Totalys MultiProcessor, versions 1.70 and earlier, contain hardcoded credentials. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information (ePHI), protected health information (PHI) and personally identifiable information (PII). Customers using BD Totalys MultiProcessor version 1.70 with Microsoft Windows 10 have additional operating system hardening configurations which increase the attack complexity required to exploit this vulnerability. 2022-11-04 not yet calculated CVE-2022-40263
CONFIRM
schneider_electric — multiple_products A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load a malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior). 2022-11-04 not yet calculated CVE-2022-41669
MISC
schneider_electric — multiple_products A CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior). 2022-11-04 not yet calculated CVE-2022-41670
MISC
schneider_electric — multiple_products A CWE-89: Improper Neutralization of Special Elements used in SQL Command (‘SQL Injection’) vulnerability exists that allows adversaries with local user privileges to craft a malicious SQL query and execute as part of project migration which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior). 2022-11-04 not yet calculated CVE-2022-41671
MISC
splunk — enterprise_security In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a remote user that holds the “power” Splunk role can store arbitrary scripts that can lead to persistent cross-site scripting (XSS). The vulnerability affects instances with Splunk Web enabled. 2022-11-03 not yet calculated CVE-2022-43561
MISC
MISC
splunk — enterprise_security In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, Splunk Enterprise fails to properly validate and escape the Host header, which could let a remote authenticated user conduct various attacks against the system, including cross-site scripting and cache poisoning. 2022-11-04 not yet calculated CVE-2022-43562
MISC
splunk — enterprise_security In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the rex search command handles field names lets an attacker bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards . The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The attacker cannot exploit the vulnerability at will. 2022-11-04 not yet calculated CVE-2022-43563
MISC
splunk — enterprise_security In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a remote user who can create search macros and schedule search reports can cause a denial of service through the use of specially crafted search macros. 2022-11-04 not yet calculated CVE-2022-43564
MISC
splunk — enterprise_security In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the ‘tstats command handles Javascript Object Notation (JSON) lets an attacker bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards . The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. 2022-11-04 not yet calculated CVE-2022-43565
MISC
splunk — enterprise_security In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run risky commands using a more privileged user’s permissions to bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards in the Analytics Workspace. The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The attacker cannot exploit the vulnerability at will. 2022-11-04 not yet calculated CVE-2022-43566
MISC
MISC
splunk — enterprise_security In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run arbitrary operating system commands remotely through the use of specially crafted requests to the mobile alerts feature in the Splunk Secure Gateway app. 2022-11-04 not yet calculated CVE-2022-43567
MISC
MISC
splunk — enterprise_security In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a View allows for a Reflected Cross Site Scripting via JavaScript Object Notation (JSON) in a query parameter when output_mode=radio. 2022-11-04 not yet calculated CVE-2022-43568
MISC
MISC
splunk — enterprise_security In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can inject and store arbitrary scripts that can lead to persistent cross-site scripting (XSS) in the object name of a Data Model. 2022-11-04 not yet calculated CVE-2022-43569
MISC
MISC
splunk — enterprise_security In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can perform an extensible markup language (XML) external entity (XXE) injection via a custom View. The XXE injection causes Splunk Web to embed incorrect documents into an error. 2022-11-04 not yet calculated CVE-2022-43570
MISC
splunk — enterprise_security In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can execute arbitrary code through the dashboard PDF generation component. 2022-11-03 not yet calculated CVE-2022-43571
MISC
MISC
splunk — enterprise_security In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, sending a malformed file through the Splunk-to-Splunk (S2S) or HTTP Event Collector (HEC) protocols to an indexer results in a blockage or denial-of-service preventing further indexing. 2022-11-04 not yet calculated CVE-2022-43572
MISC

linux — linux_kernel

The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC message with garbage data is still correctly formed according to the specification and is passed forward to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2022-11-04 not yet calculated CVE-2022-43945
MISC
stiltsoft_europe — handy_macros The Handy Tip macro in Stiltsoft Handy Macros for Confluence Server/Data Center 3.x before 3.5.5 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability. 2022-11-04 not yet calculated CVE-2022-44724
MISC
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Please share your thoughts.

CISA recently updated an anonymous product survey;they’d welcome your feedback.


A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on Patreon using the button below

Digital Patreon Wordmark FieryCoralv2

To keep up to date follow us on the below channels.

join
Click Above for Telegram
discord
Click Above for Discord
reddit
Click Above for Reddit
hd linkedin
Click Above For LinkedIn