US-CERT Bulletin (SB22-339):Vulnerability Summary for the Week of November 28, 2022
Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
acer — aspire_a315-22g_firmware | Vulnerability in the HQSwSmiDxe DXE driver on some consumer Acer Notebook devices may allow an attacker with elevated privileges to modify UEFI Secure Boot settings by modifying an NVRAM variable. | 2022-11-28 | 8.2 | CVE-2022-4020 MISC |
adrotate_banner_manager_project — adrotate_banner_manager | Cross-Site Request Forgery (CSRF) in AdRotate Banner Manager Plugin <= 5.9 on WordPress. | 2022-11-30 | 8.8 | CVE-2022-26366 MISC |
aerocms_project — aerocms | AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the Search parameter. This vulnerability allows attackers to access database information. | 2022-11-29 | 7.5 | CVE-2022-45329 MISC |
apache — fineract | Apache Fineract allowed an authenticated user to perform remote code execution due to a path traversal vulnerability in a file upload component of Apache Fineract, allowing an attacker to run remote code. This issue affects Apache Fineract version 1.8.0 and prior versions. We recommend users to upgrade to 1.8.1. | 2022-11-29 | 8.8 | CVE-2022-44635 MISC MLIST |
automotive_shop_management_system_project — automotive_shop_management_system | Automotive Shop Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /asms/products/view_product.php. | 2022-11-25 | 7.2 | CVE-2022-44858 MISC |
automotive_shop_management_system_project — automotive_shop_management_system | Automotive Shop Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /asms/admin/products/manage_product.php. | 2022-11-25 | 7.2 | CVE-2022-44859 MISC |
automotive_shop_management_system_project — automotive_shop_management_system | Automotive Shop Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/transactions/update_status.php. | 2022-11-25 | 7.2 | CVE-2022-44860 MISC |
avs4you — avs_audio_converter | AVS Audio Converter 10.3 is vulnerable to Buffer Overflow. | 2022-11-28 | 9.8 | CVE-2022-44283 MISC |
belden — hirschmann_bat-c2_firmware | The web server of Hirschmann BAT-C2 before 09.13.01.00R04 allows authenticated command injection. This allows an authenticated attacker to pass commands to the shell of the system because the dir parameter of the FsCreateDir Ajax function is not sufficiently sanitized. The vendor’s ID is BSECV-2022-21. | 2022-11-25 | 8.8 | CVE-2022-40282 MISC FULLDISC MISC |
book_store_management_system_project — book_store_management_system | A vulnerability classified as critical was found in SourceCodester Book Store Management System 1.0. This vulnerability affects unknown code of the file /bsms_ci/index.php. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214588. | 2022-11-30 | 9.8 | CVE-2022-4229 MISC MISC |
book_store_management_system_project — book_store_management_system | Book Store Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel. | 2022-11-30 | 9.8 | CVE-2022-44097 MISC |
book_store_management_system_project — book_store_management_system | A vulnerability classified as problematic has been found in SourceCodester Book Store Management System 1.0. This affects an unknown part of the file /bsms_ci/index.php/user/edit_user/. The manipulation of the argument password leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214587. | 2022-11-30 | 7.5 | CVE-2022-4228 MISC MISC |
botan_project — botan | In Botan before 2.19.3, it is possible to forge OCSP responses due to a certificate verification error. This issue was introduced in Botan 1.11.34 (November 2016). | 2022-11-27 | 9.1 | CVE-2022-43705 MISC CONFIRM |
canteen_management_system_project — canteen_management_system | A vulnerability was found in SourceCodester Canteen Management System. It has been rated as critical. This issue affects the function query of the file ajax_invoice.php of the component POST Request Handler. The manipulation of the argument search leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214523. | 2022-11-30 | 9.8 | CVE-2022-4222 MISC MISC |
church_management_system_project — church_management_system | Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edit_members.php. | 2022-11-30 | 7.2 | CVE-2022-45328 MISC |
contec — solarview_compact_firmware | SolarView Compact 4.0 and 5.0 is vulnerable to Unrestricted File Upload via a crafted php file. | 2022-11-29 | 9.8 | CVE-2022-44354 MISC |
decode-uri-component_project — decode-uri-component | decode-uri-component 0.2.0 is vulnerable to Improper Input Validation resulting in DoS. | 2022-11-28 | 7.5 | CVE-2022-38900 MISC MISC |
discourse — discourse_bbcode | discourse-bbcode is the official BBCode plugin for Discourse. Prior to commit 91478f5, CSS injection can occur when rendering content generated with the discourse-bccode plugin. This vulnerability only affects sites which have the discourse-bbcode plugin installed and enabled. This issue is patched in commit 91478f5. As a workaround, ensure that the Content Security Policy is enabled and monitor any posts that contain bbcode. | 2022-11-30 | 9.8 | CVE-2022-46162 MISC CONFIRM |
dlink — dnr-322l_firmware | Data Integrity Failure in ‘Backup Config’ in D-Link DNR-322L <= 2.60B15 allows an authenticated attacker to execute OS level commands on the device. | 2022-11-29 | 8.8 | CVE-2022-40799 MISC |
drachtio — drachtio-server | drachtio-server 0.8.18 has a heap-based buffer over-read via a long Request-URI in an INVITE request. | 2022-11-26 | 9.1 | CVE-2022-45909 MISC |
dwbooster — appointment_hour_booking | The Appointment Hour Booking Plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.3.72. This makes it possible for unauthenticated attackers to embed untrusted input into content during booking creation that may be exported as a CSV file when a site’s administrator exports booking details. This can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration. | 2022-11-29 | 7.8 | CVE-2022-4034 MISC MISC |
epson — tm-c3500_firmware | The WebConfig functionality of Epson TM-C3500 and TM-C7500 devices with firmware version WAM31500 allows authentication bypass. | 2022-11-25 | 9.1 | CVE-2022-36133 MISC MISC |
etm-s — ondiskplayeragent | Remote code execution vulnerability due to insufficient verification of URLs, etc. in OndiskPlayerAgent. A remote attacker could exploit the vulnerability to cause remote code execution by causing an arbitrary user to download and execute malicious code. | 2022-11-25 | 7.8 | CVE-2022-41156 MISC |
event_registration_system_project — event_registration_system | A vulnerability, which was classified as critical, was found in SourceCodester Event Registration System 1.0. Affected is an unknown function. The manipulation of the argument cmd leads to unrestricted upload. It is possible to launch the attack remotely. VDB-214590 is the identifier assigned to this vulnerability. | 2022-11-30 | 9.8 | CVE-2022-4232 MISC |
eyoom — eyoom_builder | Remote code execution vulnerability can be achieved by using cookie values as paths to a file by this builder program. A remote attacker could exploit the vulnerability to execute or inject malicious code. | 2022-11-25 | 9.8 | CVE-2022-41158 MISC |
f-secure — elements_endpoint_protection | In F-Secure Endpoint Protection for Windows and macOS before channel with Capricorn database 2022-11-22_07, the aerdl.dll unpacker handler crashes. This can lead to a scanning engine crash, triggerable remotely by an attacker for denial of service. | 2022-11-25 | 7.5 | CVE-2022-38166 MISC |
festo — multiple_products |
In multiple products by Festo a remote unauthenticated attacker could use functions of an undocumented protocol which could lead to a complete loss of confidentiality, integrity and availability. | 2022-12-01 | 9.8 | CVE-2022-3270 MISC |
ff4j — ff4j | ff4j 1.8.1 is vulnerable to Remote Code Execution (RCE). | 2022-12-01 | 9.8 | CVE-2022-44262 MISC |
freeamigos — manage_notification_e-mails | Cross-Site Request Forgery (CSRF) in Virgial Berveling’s Manage Notification E-mails plugin <= 1.8.2 on WordPress. | 2022-11-28 | 8.8 | CVE-2022-34654 MISC |
fusionauth — fusionauth | FusionAuth before 1.41.3 allows a file outside of the application root to be viewed or retrieved using an HTTP request. To be specific, an attacker may be able to view or retrieve any file readable by the user running the FusionAuth process. | 2022-11-28 | 7.5 | CVE-2022-45921 MISC MISC |
gnu — emacs | GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the “ctags *” command (suggested in the ctags documentation) in a situation where the current working directory has contents that depend on untrusted input. | 2022-11-28 | 7.8 | CVE-2022-45939 MISC |
gnu — libredwg | LibreDWG v0.12.4.4643 was discovered to contain a heap buffer overflow via the function decode_preR13_section_hdr at decode_r11.c. | 2022-11-30 | 7.8 | CVE-2022-45332 MISC |
google — chrome | Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | 2022-11-25 | 9.6 | CVE-2022-4135 MISC MISC |
google — chrome | Type confusion in V8 in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2022-11-30 | 8.8 | CVE-2022-4174 MISC MISC |
google — chrome | Use after free in Camera Capture in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2022-11-30 | 8.8 | CVE-2022-4175 MISC MISC |
google — chrome | Out of bounds write in Lacros Graphics in Google Chrome on Chrome OS and Lacros prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interactions. (Chromium security severity: High) | 2022-11-30 | 8.8 | CVE-2022-4176 MISC MISC |
google — chrome | Use after free in Extensions in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install an extension to potentially exploit heap corruption via a crafted Chrome Extension and UI interaction. (Chromium security severity: High) | 2022-11-30 | 8.8 | CVE-2022-4177 MISC MISC |
google — chrome | Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2022-11-30 | 8.8 | CVE-2022-4178 MISC MISC |
google — chrome | Use after free in Audio in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High) | 2022-11-30 | 8.8 | CVE-2022-4179 MISC MISC |
google — chrome | Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High) | 2022-11-30 | 8.8 | CVE-2022-4180 MISC MISC |
google — chrome | Use after free in Forms in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2022-11-30 | 8.8 | CVE-2022-4181 MISC MISC |
google — chrome | Insufficient data validation in Directory in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Medium) | 2022-11-30 | 8.8 | CVE-2022-4190 MISC MISC |
google — chrome | Use after free in Sign-In in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via profile destruction. (Chromium security severity: Medium) | 2022-11-30 | 8.8 | CVE-2022-4191 MISC MISC |
google — chrome | Use after free in Live Caption in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via UI interaction. (Chromium security severity: Medium) | 2022-11-30 | 8.8 | CVE-2022-4192 MISC MISC |
google — chrome | Insufficient policy enforcement in File System API in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Medium) | 2022-11-30 | 8.8 | CVE-2022-4193 MISC MISC |
google — chrome | Use after free in Accessibility in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | 2022-11-30 | 8.8 | CVE-2022-4194 MISC MISC |
gpac — gpac | A vulnerability, which was classified as problematic, was found in GPAC 2.1-DEV-rev490-g68064e101-master. Affected is the function lsr_translate_coords of the file laser/lsr_dec.c. The manipulation leads to integer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-214518 is the identifier assigned to this vulnerability. | 2022-11-29 | 8.8 | CVE-2022-4202 N/A N/A |
gpac — gpac | GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a stack overflow via the function dimC_box_read at isomedia/box_code_3gpp.c. | 2022-11-29 | 7.8 | CVE-2022-45202 MISC |
gpac — gpac | GPAC v2.1-DEV-rev478-g696e6f868-master was discovered to contain a heap use-after-free via the Q_IsTypeOn function at /gpac/src/bifs/unquantize.c. | 2022-11-29 | 7.8 | CVE-2022-45343 MISC |
ibericode — html_forms | The HTML Forms WordPress plugin before 1.3.25 does not properly properly escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users | 2022-11-28 | 7.2 | CVE-2022-3689 MISC |
jeecg — jeecg_boot | Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/duplicate/check. | 2022-11-25 | 9.8 | CVE-2022-45206 MISC MISC |
jeecg — jeecg_boot | Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component updateNullByEmptyString. | 2022-11-25 | 9.8 | CVE-2022-45207 MISC MISC |
kakaocorp — potplayer | A vulnerability classified as problematic has been found in Kakao PotPlayer. This affects an unknown part of the component MID File Handler. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214623. | 2022-12-01 | 7.5 | CVE-2022-4246 N/A N/A N/A |
kubeview_project — kubeview | KubeView through 0.1.31 allows attackers to obtain control of a Kubernetes cluster because api/scrape/kube-system does not require authentication, and retrieves certificate files that can be used for authentication as kube-admin. NOTE: the vendor’s position is that KubeView was a “fun side project and a learning exercise,” and not “very secure.” | 2022-11-27 | 9.8 | CVE-2022-45933 MISC |
linecorp — line | LINE client for iOS before 12.17.0 might be crashed by sharing an invalid shared key of e2ee in group chat. | 2022-11-29 | 7.5 | CVE-2022-41568 MISC |
linux — linux_kernel | An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets. | 2022-11-27 | 7.8 | CVE-2022-45934 MISC |
linux — linux_kernel | An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvb_register_device dynamically allocating fops. | 2022-11-25 | 7 | CVE-2022-45884 MISC MISC |
linux — linux_kernel | An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_frontend.c has a race condition that can cause a use-after-free when a device is disconnected. | 2022-11-25 | 7 | CVE-2022-45885 MISC MISC |
linux — linux_kernel | An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_net.c has a .disconnect versus dvb_device_open race condition that leads to a use-after-free. | 2022-11-25 | 7 | CVE-2022-45886 MISC MISC |
linux — linux_kernel | An issue was discovered in the Linux kernel through 6.0.10. In drivers/media/dvb-core/dvb_ca_en50221.c, a use-after-free can occur is there is a disconnect after an open, because of the lack of a wait_event. | 2022-11-27 | 7 | CVE-2022-45919 MISC |
linuxfoundation — opendaylight | A SQL injection issue was discovered in AAA in OpenDaylight (ODL) before 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/DomainStore.java deleteDomain function is affected for the /auth/v1/domains/ API interface. | 2022-11-27 | 7.5 | CVE-2022-45930 MISC MISC |
linuxfoundation — opendaylight | A SQL injection issue was discovered in AAA in OpenDaylight (ODL) before 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/UserStore.java deleteUser function is affected when the API interface /auth/v1/users/ is used. | 2022-11-27 | 7.5 | CVE-2022-45931 MISC MISC |
linuxfoundation — opendaylight | A SQL injection issue was discovered in AAA in OpenDaylight (ODL) before 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/RoleStore.java deleteRole function is affected when the API interface /auth/v1/roles/ is used. | 2022-11-27 | 7.5 | CVE-2022-45932 MISC MISC |
linuxfoundation — pytorch | In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line can cause arbitrary code execution because eval is used unsafely. | 2022-11-26 | 9.8 | CVE-2022-45907 MISC MISC |
mitsubishielectric — gx_works3 | Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 all versions allows a remote unauthenticated attacker to disclose or tamper with sensitive information. As a result, unauthorized users may obtain information about project files illegally. | 2022-11-25 | 9.1 | CVE-2022-29830 MISC MISC |
mitsubishielectric — gx_works3 | Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GX Works3 all versions and Mitsubishi Electric MX OPC UA Module Configurator-R all versions allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthorized users can gain unauthorized access to the CPU module and the OPC UA server module. | 2022-11-25 | 7.5 | CVE-2022-25164 MISC MISC |
mitsubishielectric — gx_works3 | Use of Hard-coded Password vulnerability in Mitsubishi Electric GX Works3 all versions allows an unauthenticated attacker to disclose sensitive information. As a result, unauthorized users may view or execute programs illegally. | 2022-11-25 | 7.5 | CVE-2022-29825 MISC MISC |
mitsubishielectric — gx_works3 | Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GX Works3 versions 1.086Q and prior allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthorized users may view or execute programs illegally. | 2022-11-25 | 7.5 | CVE-2022-29826 MISC MISC |
mitsubishielectric — gx_works3 | Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 all versions allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthorized users may view or execute programs illegally. | 2022-11-25 | 7.5 | CVE-2022-29827 MISC MISC |
mitsubishielectric — gx_works3 | Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 all versions allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthorized users may view or execute programs illegally. | 2022-11-25 | 7.5 | CVE-2022-29828 MISC MISC |
mitsubishielectric — gx_works3 | Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 all versions allows a remote unauthenticated attacker to disclose sensitive information . As a result, unauthorized users may view or execute programs illegally. | 2022-11-25 | 7.5 | CVE-2022-29829 MISC MISC |
mitsubishielectric — gx_works3 | Use of Hard-coded Password vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1.015R and later allows a remote unauthorized attacker to obtain information about the project file for MELSEC safety CPU modules. | 2022-11-25 | 7.5 | CVE-2022-29831 MISC MISC |
moodle — moodle | A blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle. This flaw exists due to insufficient validation of user-supplied input in LTI provider library. The library does not utilise Moodle’s inbuilt cURL helper, which resulted in a blind SSRF risk. An attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems. This vulnerability allows a remote attacker to perform SSRF attacks. | 2022-11-25 | 9.1 | CVE-2022-45152 MISC MISC MISC |
movie_ticket_booking_system_project — movie_ticket_booking_system | A vulnerability classified as critical was found in Movie Ticket Booking System. This vulnerability affects unknown code of the file booking.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214624. | 2022-12-01 | 9.8 | CVE-2022-4247 N/A N/A |
movie_ticket_booking_system_project — movie_ticket_booking_system | A vulnerability, which was classified as critical, has been found in Movie Ticket Booking System. This issue affects some unknown processing of the file editBooking.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-214625 was assigned to this vulnerability. | 2022-12-01 | 9.8 | CVE-2022-4248 N/A N/A |
moxa — uc-2101-lx_firmware | UC-8100A-ME-T System Image: Versions v1.0 to v1.6, UC-2100 System Image: Versions v1.0 to v1.12, UC-2100-W System Image: Versions v1.0 to v 1.12, UC-3100 System Image: Versions v1.0 to v1.6, UC-5100 System Image: Versions v1.0 to v1.4, UC-8100 System Image: Versions v3.0 to v3.5, UC-8100-ME-T System Image: Versions v3.0 and v3.1, UC-8100A-ME-T System Image: Versions v1.0 to v1.6, UC-8200 System Image: v1.0 to v1.5, AIG-300 System Image: v1.0 to v1.4, UC-8410A with Debian 9 System Image: Versions v4.0.2 and v4.1.2, UC-8580 with Debian 9 System Image: Versions v2.0 and v2.1, UC-8540 with Debian 9 System Image: Versions v2.0 and v2.1, and DA-662C-16-LX (GLB) System Image: Versions v1.0.2 to v1.1.2 of Moxa’s ARM-based computers have an execution with unnecessary privileges vulnerability, which could allow an attacker with user-level privileges to gain root privileges. | 2022-11-28 | 7.8 | CVE-2022-3088 MISC |
msi — center | An issue in the component MSI.TerminalServer.exe of MSI Center v1.0.41.0 allows attackers to escalate privileges via a crafted TCP packet. | 2022-11-28 | 8.8 | CVE-2022-31877 MISC MISC |
muhammara_project — muhammara | Muhammara is a node module with c/cpp bindings to modify PDF with JavaScript for node or electron. The package muhammara before 2.6.2 and from 3.0.0 and before 3.3.0, as well as all versions of muhammara’s predecessor package hummus, are vulnerable to Denial of Service (DoS) when supplied with a maliciously crafted PDF file to be parsed. The issue has been patched in muhammara version 3.4.0 and the fix has been backported to version 2.6.2. As a workaround, do not process files from untrusted sources. If using hummus, replace the package with muhammara. | 2022-11-28 | 7.5 | CVE-2022-41957 MISC CONFIRM MISC |
octopus — octopus_server | In affected versions of Octopus Server it is possible for target discovery to print certain values marked as sensitive to log files in plaint-text in when verbose logging is enabled. | 2022-11-25 | 7.5 | CVE-2022-2721 MISC |
online-shopping-system-advanced_project — online-shopping-system-advanced | Online-shopping-system-advanced 1.0 was discovered to contain a SQL injection vulnerability via the p parameter at /shopping/product.php. | 2022-11-29 | 9.8 | CVE-2022-42109 MISC MISC |
online_tours_\&_travels_management_system_project — online_tours_\&_travels_management_system | Online Tours & Travels Management System v1.0 contains an arbitrary file upload vulnerability via /tour/admin/file.php. | 2022-11-28 | 9.8 | CVE-2022-44401 MISC |
op-tee — op-tee_os | OP-TEE Trusted OS is the secure side implementation of OP-TEE project, a Trusted Execution Environment. Versions prior to 3.19.0, contain an Improper Validation of Array Index vulnerability. The function `cleanup_shm_refs()` is called by both `entry_invoke_command()` and `entry_open_session()`. The commands `OPTEE_MSG_CMD_OPEN_SESSION` and `OPTEE_MSG_CMD_INVOKE_COMMAND` can be executed from the normal world via an OP-TEE SMC. This function is not validating the `num_params` argument, which is only limited to `OPTEE_MSG_MAX_NUM_PARAMS` (127) in the function `get_cmd_buffer()`. Therefore, an attacker in the normal world can craft an SMC call that will cause out-of-bounds reading in `cleanup_shm_refs` and potentially freeing of fake-objects in the function `mobj_put()`. A normal-world attacker with permission to execute SMC instructions may exploit this flaw. Maintainers believe this problem permits local privilege escalation from the normal world to the secure world. Version 3.19.0 contains a fix for this issue. There are no known workarounds. | 2022-11-29 | 8.8 | CVE-2022-46152 MISC MISC MISC CONFIRM |
orchardcore — orchard_cms | Orchardproject Orchard CMS 1.10.3 is vulnerable to Cross Site Scripting (XSS). When a low privileged user such as an author or publisher, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation when the malicious blog post is loaded in the victim’s browser. | 2022-11-25 | 9 | CVE-2022-37720 MISC MISC MISC |
owncast_project — owncast | SQL Injection in GitHub repository owncast/owncast prior to 0.0.13. | 2022-11-29 | 9.8 | CVE-2022-3751 CONFIRM MISC |
paddlepaddle — paddlepaddle | In PaddlePaddle before 2.4, paddle.audio.functional.get_window is vulnerable to code injection because it calls eval on a user-supplied winstr. This may lead to arbitrary code execution. | 2022-11-26 | 9.8 | CVE-2022-45908 MISC MISC |
perfsonar — perfsonar | An issue in the graphData.cgi component of perfSONAR v4.4.5 and prior allows attackers to access sensitive data and execute Server-Side Request Forgery (SSRF) attacks. | 2022-11-30 | 8.6 | CVE-2022-41412 MISC MISC |
phpgurukul_blood_donor_management_system_project — phpgurukul_blood_donor_management_system | PHPGurukul Blood Donor Management System 1.0 does not properly restrict access to admin/dashboard.php, which allows attackers to access all data of users, delete the users, add and manage Blood Group, and Submit Report. | 2022-11-25 | 8.1 | CVE-2022-38813 MISC MISC MISC MISC |
piwebsolution — export_customers_list_csv_for_woocommerce | The Export customers list csv for WooCommerce, WordPress users csv, export Guest customer list WordPress plugin before 2.0.69 does not validate data when outputting it back in a CSV file, which could lead to CSV injection. | 2022-11-28 | 9.8 | CVE-2022-3603 MISC |
poultry_farm_management_system_project — poultry_farm_management_system | Poultry Farm Management System v1.0 contains a SQL injection vulnerability via the del parameter at /Redcock-Farm/farm/category.php. | 2022-11-28 | 9.8 | CVE-2022-44399 MISC |
prometheus — exporter_toolkit | Prometheus Exporter Toolkit is a utility package to build exporters. Prior to versions 0.7.2 and 0.8.2, i someone has access to a Prometheus web.yml file and users’ bcrypted passwords, they can bypass security by poisoning the built-in authentication cache. Versions 0.7.2 and 0.8.2 contain a fix for the issue. There is no workaround, but attacker must have access to the hashed password to use this functionality. | 2022-11-29 | 8.8 | CVE-2022-46146 CONFIRM MISC MLIST MLIST MLIST |
purchase_order_management_system_project — purchase_order_management_system | Purchase Order Management System v1.0 contains a file upload vulnerability via /purchase_order/admin/?page=system_info. | 2022-11-28 | 9.8 | CVE-2022-44400 MISC |
pyrocms — pyrocms | PyroCMS 3.9 is vulnerable to a stored Cross Site Scripting (XSS_ when a low privileged user such as an author, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation. | 2022-11-25 | 9 | CVE-2022-37721 MISC MISC |
qs_project — qs | qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an __ proto__ key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string of the URL that is used to visit the application, such as a[__proto__]=b&a[__proto__]&a[length]=100000000. The fix was backported to qs 6.9.7, 6.8.3, 6.7.3, 6.6.1, 6.5.3, 6.4.1, 6.3.3, and 6.2.4 (and therefore Express 4.17.3, which has “deps: [email protected]” in its release description, is not vulnerable). | 2022-11-26 | 7.5 | CVE-2022-24999 MISC CONFIRM CONFIRM |
raidenmaild — raidenmaild | A remote attacker with general user privilege can inject malicious code in the form content of Raiden MAILD Mail Server website. Other users export form content as CSV file can trigger arbitrary code execution and allow the attacker to perform arbitrary system operation or disrupt service on the user side. | 2022-11-29 | 8 | CVE-2022-41675 MISC |
russound — xsourceplayer_777d_firmware | Russound XSourcePlayer 777D v06.08.03 was discovered to contain a remote code execution vulnerability via the scriptRunner.cgi component. | 2022-11-29 | 9.8 | CVE-2022-44038 MISC |
saml_project — saml | The crewjam/saml go library prior to version 0.4.9 is vulnerable to an authentication bypass when processing SAML responses containing multiple Assertion elements. This issue has been corrected in version 0.4.9. There are no workarounds other than upgrading to a fixed version. | 2022-11-28 | 9.8 | CVE-2022-41912 MISC CONFIRM |
samtools — htsjdk | The package com.github.samtools:htsjdk before 3.0.1 are vulnerable to Creation of Temporary File in Directory with Insecure Permissions due to the createTempDir() function in util/IOUtil.java not checking for the existence of the temporary directory before attempting to create it. | 2022-11-29 | 7.8 | CVE-2022-21126 MISC MISC MISC |
sanitization_management_system_project — sanitization_management_system | Sanitization Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel. | 2022-11-30 | 9.8 | CVE-2022-44096 MISC |
sanitization_management_system_project — sanitization_management_system | Simple Inventory Management System v1.0 is vulnerable to SQL Injection via /ims/login.php. | 2022-11-30 | 9.8 | CVE-2022-44151 MISC |
sanitization_management_system_project — sanitization_management_system | Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/classes/Master.php?f=delete_product. | 2022-12-02 | 7.2 | CVE-2022-44277 MISC |
sanitization_management_system_project — sanitization_management_system | Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=services/manage_service&id=. | 2022-11-30 | 7.2 | CVE-2022-44294 MISC |
sanitization_management_system_project — sanitization_management_system | Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/orders/assign_team.php?id=. | 2022-11-30 | 7.2 | CVE-2022-44295 MISC |
sanitization_management_system_project — sanitization_management_system | Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/quotes/manage_remark.php?id=. | 2022-11-30 | 7.2 | CVE-2022-44296 MISC |
sanitization_management_system_project — sanitization_management_system | Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=quotes/view_quote&id=. | 2022-12-02 | 7.2 | CVE-2022-44345 MISC |
sanitization_management_system_project — sanitization_management_system | Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=inquiries/view_inquiry&id=. | 2022-12-02 | 7.2 | CVE-2022-44347 MISC |
sanitization_management_system_project — sanitization_management_system | Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/orders/update_status.php?id=. | 2022-12-02 | 7.2 | CVE-2022-44348 MISC |
sapido — br270n_firmware | A vulnerability was found in Sapido BR270n, BRC76n, GR297 and RB1732 and classified as critical. Affected by this issue is some unknown functionality of the file ip/syscmd.htm. The manipulation leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214592. | 2022-11-30 | 8.8 | CVE-2021-4242 MISC MISC MISC |
school_management_system_project — school_management_system | SQL injection in School Management System 1.0 allows remote attackers to modify or delete data, causing persistent changes to the application’s content or behavior by using malicious SQL queries. | 2022-11-28 | 9.8 | CVE-2022-36193 MISC MISC |
simple-press — simple\ | The Simple:Press plugin for WordPress is vulnerable to Path Traversal in versions up to, and including, 6.8 via the ‘file’ parameter which can be manipulated during user avatar deletion. This makes it possible with attackers, with minimal permissions such as a subscriber, to supply paths to arbitrary files on the server that will subsequently be deleted. This can be used to delete the wp-config.php file that can allow an attacker to configure the site and achieve remote code execution. | 2022-11-29 | 8.1 | CVE-2022-4030 MISC MISC |
sinatrarb — sinatra | Sinatra is a domain-specific language for creating web applications in Ruby. An issue was discovered in Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a response when the filename is derived from user-supplied input. Version 2.2.3 and 3.0.4 contain patches for this issue. | 2022-11-28 | 8.8 | CVE-2022-45442 MISC MISC CONFIRM MISC |
snyk — snyk_security | The package snyk before 1.1064.0 are vulnerable to Code Injection when analyzing a project. An attacker who can convince a user to scan a malicious project can include commands in a build file such as build.gradle or gradle-wrapper.jar, which will be executed with the privileges of the application. This vulnerability may be triggered when running the the CLI tool directly, or when running a scan with one of the IDE plugins that invoke the Snyk CLI. Successful exploitation of this issue would likely require some level of social engineering – to coerce an untrusted project to be downloaded and analyzed via the Snyk CLI or opened in an IDE where a Snyk IDE plugin is installed and enabled. Additionally, if the IDE has a Trust feature then the target folder must be marked as ‘trusted’ in order to be vulnerable. **NOTE:** This issue is independent of the one reported in [CVE-2022-40764](https://security.snyk.io/vuln/SNYK-JS-SNYK-3037342), and upgrading to a fixed version for this addresses that issue as well. The affected IDE plugins and versions are: – VS Code – Affected: <=1.8.0, Fixed: 1.9.0 – IntelliJ – Affected: <=2.4.47, Fixed: 2.4.48 – Visual Studio – Affected: <=1.1.30, Fixed: 1.1.31 – Eclipse – Affected: <=v20221115.132308, Fixed: All subsequent versions – Language Server – Affected: <=v20221109.114426, Fixed: All subsequent versions | 2022-11-30 | 8.8 | CVE-2022-24441 MISC MISC MISC MISC MISC MISC MISC |
solarwinds — orion_platform | SolarWinds Platform was susceptible to Improper Input Validation. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to escalate user privileges. | 2022-11-29 | 8.8 | CVE-2022-36960 MISC MISC |
solarwinds — orion_platform | SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to execute arbitrary commands. | 2022-11-29 | 8.8 | CVE-2022-36964 MISC MISC |
solarwinds — orion_platform | SolarWinds Platform was susceptible to Command Injection. This vulnerability allows a remote adversary with complete control over the SolarWinds database to execute arbitrary commands. | 2022-11-29 | 7.2 | CVE-2022-36962 MISC MISC |
sophos — xg_firewall_firmware | A stored XSS vulnerability allows admin to super-admin privilege escalation in the Webadmin import group wizard of Sophos Firewall older than version 19.5 GA. | 2022-12-01 | 8.4 | CVE-2022-3709 CONFIRM |
spatie — browsershot | Browsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the URL protocol passed to the Browsershot::url method. | 2022-11-25 | 8.2 | CVE-2022-41706 MISC MISC |
squirrly — seo_plugin_by_squirrly_seo | Auth. (contributor+) Arbitrary File Upload in SEO Plugin by Squirrly SEO plugin <= 12.1.10 on WordPress. | 2022-11-28 | 8.8 | CVE-2022-38140 MISC |
static-dev-server_project — static-dev-server | This affects all versions of package static-dev-server. This is because when paths from users to the root directory are joined, the assets for the path accessed are relative to that of the root directory. | 2022-11-29 | 7.5 | CVE-2022-25848 MISC MISC |
super_xray_project — super_xray | super-xray is a web vulnerability scanning tool. Versions prior to 0.7 assumed trusted input for the program config which is stored in a yaml file. An attacker with local access to the file could exploit this and compromise the program. This issue has been addressed in commit `4d0d5966` and will be included in future releases. Users are advised to upgrade. There are no known workarounds for this issue. | 2022-11-25 | 7.8 | CVE-2022-41958 MISC CONFIRM |
sz-fujia — ourphoto | The user_id and device_id on the Ourphoto App version 1.4.1 /device/* end-points both suffer from insecure direct object reference vulnerabilities. Other end-users user_id and device_id values can be enumerated by incrementing or decrementing id numbers. The impact of this vulnerability allows an attacker to discover sensitive information such as end-user email addresses, and their unique frame_token value of all other Ourphoto App end-users. | 2022-11-28 | 7.5 | CVE-2022-24187 MISC MISC |
sz-fujia — ourphoto | The /device/signin end-point for the Ourphoto App version 1.4.1 discloses clear-text password information for functionality within the picture frame devices. The deviceVideoCallPassword and mqttPassword are returned in clear-text. The lack of sessions management and presence of insecure direct object references allows to return password information for other end-users devices. Many of the picture frame devices offer video calling, and it is likely this information can be used to abuse that functionality. | 2022-11-28 | 7.5 | CVE-2022-24188 MISC |
sz-fujia — ourphoto | The /device/acceptBind end-point for Ourphoto App version 1.4.1 does not require authentication or authorization. The user_token header is not implemented or present on this end-point. An attacker can send a request to bind their account to any users picture frame, then send a POST request to accept their own bind request, without the end-users approval or interaction. | 2022-11-28 | 7.5 | CVE-2022-24190 MISC |
telos — alliance_omnia_mpx_node_firmware | An Insecure Direct Object Reference (IDOR) vulnerability in the password reset function of Telos Alliance Omnia MPX Node 1.0.0-1.4.[*] allows attackers to arbitrarily change user and Administrator account passwords. | 2022-11-29 | 7.5 | CVE-2022-43326 MISC |
tenda — tx9_pro_firmware | Tenda TX9 Pro v22.03.02.10 was discovered to contain a stack overflow via the list parameter at /goform/SetIpMacBind. | 2022-11-30 | 7.5 | CVE-2022-45337 MISC |
themehigh — checkout_field_editor_for_woocommerce | The Checkout Field Editor (Checkout Manager) for WooCommerce WordPress plugin before 1.8.0 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present | 2022-11-28 | 7.2 | CVE-2022-3490 MISC |
thinkcmf — thinkcmf | ThinkCMF version 6.0.7 is affected by a Cross Site Request Forgery (CSRF) vulnerability that allows a Super Administrator user to be injected into administrative users. | 2022-12-01 | 8.8 | CVE-2022-40489 MISC |
tiny_file_manager_project — tiny_file_manager | Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application is vulnerable to CSRF, processes uploaded files server-side (instead of just returning them for download), and allows unauthenticated users to access uploaded files. | 2022-11-25 | 8.8 | CVE-2022-23044 MISC MISC |
tiny_file_manager_project — tiny_file_manager | Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application is vulnerable to CSRF, processes uploaded files server-side (instead of just returning them for download), and allows unauthenticated users to access uploaded files. | 2022-11-25 | 8.8 | CVE-2022-45475 MISC MISC |
tiny_file_manager_project — tiny_file_manager | Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application is vulnerable to CSRF, processes uploaded files server-side (instead of just returning them for download), and allows unauthenticated users to access uploaded files. | 2022-11-25 | 8.8 | CVE-2022-45476 MISC MISC |
totolink — a7100ru_firmware | TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the port parameter in the setting/setOpenVpnClientCfg function. | 2022-11-25 | 9.8 | CVE-2022-44843 MISC |
totolink — a7100ru_firmware | TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the pass parameter in the setting/setOpenVpnCfg function. | 2022-11-25 | 9.8 | CVE-2022-44844 MISC |
tribalsystems — zenario | Zenario CMS 9.3.57186 is vulnerable to Remote Code Excution (RCE). | 2022-11-30 | 9.8 | CVE-2022-44136 MISC |
uatech — badaso | Badaso version 2.6.3 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users. | 2022-11-25 | 9.8 | CVE-2022-41705 MISC MISC |
ujsoftware — owm_weather | The OWM Weather WordPress plugin before 5.6.9 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as contributor | 2022-11-28 | 8.8 | CVE-2022-3769 MISC MISC |
ultimatemember — ultimate_member | The Ultimate Member plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.5.0 via the get_option_value_from_callback function that accepts user supplied input and passes it through call_user_func(). This makes it possible for authenticated attackers, with administrative capabilities, to execute code on the server. | 2022-11-29 | 7.2 | CVE-2022-3383 MISC MISC MISC MISC |
ultimatemember — ultimate_member | The Ultimate Member plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.5.0 via the populate_dropdown_options function that accepts user supplied input and passes it through call_user_func(). This is restricted to non-parameter PHP functions like phpinfo(); since user supplied parameters are not passed through the function. This makes it possible for authenticated attackers, with administrative privileges, to execute code on the server. | 2022-11-29 | 7.2 | CVE-2022-3384 MISC MISC MISC MISC |
velneo — vclient | Velneo vClient on its 28.1.3 version, could allow an attacker with knowledge of the victims’s username and hashed password to spoof the victim’s id against the server. | 2022-11-28 | 7.4 | CVE-2021-45036 CONFIRM MISC MISC MISC MISC MISC MISC |
vim — vim | Heap based buffer overflow in vim/vim 9.0.0946 and below by allowing an attacker to CTRL-W gf in the expression used in the RHS of the substitute command. | 2022-11-25 | 7.8 | CVE-2022-4141 CONFIRM MISC |
wavlink — wl-wn531g3_firmware | WAVLINK Quantum D4G (WL-WN531G3) running firmware versions M31G3.V5030.201204 and M31G3.V5030.200325 has an access control issue which allows unauthenticated attackers to download configuration data and log files. | 2022-11-29 | 7.5 | CVE-2022-44356 MISC |
wbce — wbce_cms | An arbitrary file upload vulnerability in the Server Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary code via a crafted PHP file. | 2022-11-25 | 7.2 | CVE-2022-45039 MISC |
web_based_quiz_system_project — web_based_quiz_system | Web Based Quiz System v1.0 transmits user passwords in plaintext during the authentication process, allowing attackers to obtain users’ passwords via a bruteforce attack. | 2022-11-25 | 7.5 | CVE-2022-44411 MISC |
webcash — serp_server_2.0 | A specific file on the sERP server if Kyungrinara(ERP solution) has a fixed password with the SYSTEM authority. This vulnerability could allow attackers to leak or steal sensitive information or execute malicious commands. | 2022-11-25 | 9.8 | CVE-2022-41157 MISC |
windriver — vxworks | An issue was discovered in Wind River VxWorks 6.9 and 7, that allows a specifically crafted packet sent by a Radius server, may cause Denial of Service during the IP Radius access procedure. | 2022-11-25 | 7.5 | CVE-2022-38767 MISC MISC |
wp_user_merger_project — wp_user_merger | The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin | 2022-11-28 | 8.8 | CVE-2022-3848 MISC MISC |
wp_user_merger_project — wp_user_merger | The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin | 2022-11-28 | 8.8 | CVE-2022-3849 MISC MISC |
wp_user_merger_project — wp_user_merger | The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin | 2022-11-28 | 8.8 | CVE-2022-3865 MISC MISC |
wpsmartcontracts — wpsmartcontracts | The WPSmartContracts WordPress plugin before 1.3.12 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as author | 2022-11-28 | 8.8 | CVE-2022-3768 MISC MISC |
Medium Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
airtable — airtable | Airtable.js is the JavaScript client for Airtable. Prior to version 0.11.6, Airtable.js had a misconfigured build script in its source package. When the build script is run, it would bundle environment variables into the build target of a transpiled bundle. Specifically, the AIRTABLE_API_KEY and AIRTABLE_ENDPOINT_URL environment variables are inserted during Browserify builds due to being referenced in Airtable.js code. This only affects copies of Airtable.js built from its source, not those installed via npm or yarn. Airtable API keys set in users’ environments via the AIRTABLE_API_KEY environment variable may be bundled into local copies of Airtable.js source code if all of the following conditions are met: 1) the user has cloned the Airtable.js source onto their machine, 2) the user runs the `npm prepare` script, and 3) the user’ has the AIRTABLE_API_KEY environment variable set. If these conditions are met, a user’s local build of Airtable.js would be modified to include the value of the AIRTABLE_API_KEY environment variable, which could then be accidentally shipped in the bundled code. Users who do not meet all three of these conditions are not impacted by this issue. Users should upgrade to Airtable.js version 0.11.6 or higher; or, as a workaround unset the AIRTABLE_API_KEY environment variable in their shell and/or remove it from your .bashrc, .zshrc, or other shell configuration files. Users should also regenerate any Airtable API keys they use, as the keysy may be present in bundled code. | 2022-11-29 | 6.4 | CVE-2022-46155 CONFIRM MISC MISC |
amasty — amasty_blog_pro | The blog-post creation functionality in the Amasty Blog Pro 2.10.3 plugin for Magento 2 allows injection of JavaScript code in the short_content and full_content fields, leading to XSS attacks against admin panel users via posts/preview or posts/save. | 2022-11-29 | 6.1 | CVE-2022-36433 MISC MISC |
analytics_for_wp_project — analytics_for_wp | The Analytics for WP WordPress plugin through 1.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2022-11-28 | 4.8 | CVE-2022-3839 MISC |
apereo — opencast | Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to Opencast 12.5, Opencast’s Paella authentication page could be used to redirect to an arbitrary URL for authenticated users. The vulnerability allows attackers to redirect users to sites outside of one’s Opencast install, potentially facilitating phishing attacks or other security issues. This issue is fixed in Opencast 12.5 and newer. | 2022-11-28 | 6.1 | CVE-2022-41965 CONFIRM MISC |
axiell — iguana | A reflected XSS vulnerability has been found in Axiell Iguana CMS, allowing an attacker to execute code in a victim’s browser. The title parameter on the twitter.php endpoint does not properly neutralise user input, resulting in the vulnerability. | 2022-12-01 | 6.1 | CVE-2022-45050 MISC |
basercms — basercms | BaserCMS is a content management system with a japanese language focus. In affected versions there is a cross-site scripting vulnerability on the management system of baserCMS. This is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users. Users of baserCMS are advised to upgrade as soon as possible. There are no known workarounds for this vulnerability. | 2022-11-25 | 6.1 | CVE-2022-39325 CONFIRM MISC MISC |
beautiful-cookie-banner — beautiful_cookie_consent_banner | The Beautiful Cookie Consent Banner WordPress plugin before 2.9.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2022-11-28 | 4.8 | CVE-2022-3823 MISC |
book_store_management_system_project — book_store_management_system | Book Store Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in /bsms_ci/index.php/book. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the book_title parameter. | 2022-11-25 | 6.1 | CVE-2022-45225 MISC |
bosscms — bosscms | Bosscms v2.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Add function under the Administrator List module. | 2022-11-28 | 6.5 | CVE-2022-44937 MISC |
callback — cbfs_filter | A null pointer dereference vulnerability exists in the handle_ioctl_83150 functionality of Callback technologies CBFS Filter 20.0.8317. A specially-crafted I/O request packet (IRP) can lead to denial of service. An attacker can issue an ioctl to trigger this vulnerability. | 2022-11-28 | 5.5 | CVE-2022-43588 MISC |
callback — cbfs_filter | A null pointer dereference vulnerability exists in the handle_ioctl_8314C functionality of Callback technologies CBFS Filter 20.0.8317. A specially-crafted I/O request packet (IRP) can lead to denial of service. An attacker can issue an ioctl to trigger this vulnerability. | 2022-11-28 | 5.5 | CVE-2022-43589 MISC |
callback — cbfs_filter | A null pointer dereference vulnerability exists in the handle_ioctl_0x830a0_systembuffer functionality of Callback technologies CBFS Filter 20.0.8317. A specially-crafted I/O request packet (IRP) can lead to denial of service. An attacker can issue an ioctl to trigger this vulnerability. | 2022-11-28 | 5.5 | CVE-2022-43590 MISC |
canteen_management_system_project — canteen_management_system | A vulnerability was found in SourceCodester Canteen Management System. It has been classified as problematic. This affects the function query of the file food.php. The manipulation of the argument product_name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214359. | 2022-11-25 | 6.1 | CVE-2022-4091 MISC MISC |
canteen_management_system_project — canteen_management_system | A vulnerability was found in SourceCodester Canteen Management System. It has been rated as problematic. This issue affects the function builtin_echo of the file youthappam/brand.php. The manipulation of the argument brand_name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214595. | 2022-11-30 | 6.1 | CVE-2022-4234 MISC MISC |
canteen_management_system_project — canteen_management_system | A vulnerability was found in SourceCodester Canteen Management System. It has been classified as problematic. This affects the function builtin_echo of the file categories.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-214629 was assigned to this vulnerability. | 2022-12-01 | 6.1 | CVE-2022-4252 N/A N/A |
canteen_management_system_project — canteen_management_system | A vulnerability was found in SourceCodester Canteen Management System. It has been declared as problematic. This vulnerability affects the function builtin_echo of the file customer.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-214630 is the identifier assigned to this vulnerability. | 2022-12-01 | 5.4 | CVE-2022-4253 N/A N/A |
chocolatey — chocolatey_azure-pipelines-agent | Insecure permissions in Chocolatey Azure-Pipelines-Agent package v2.211.1 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\agent and all files located in that folder. | 2022-11-29 | 4.3 | CVE-2022-45306 MISC |
chocolatey — chocolatey_cmder | Insecure permissions in Chocolatey Cmder package v1.3.20 and below grants all users in the Authenticated Users group write privileges for the path C:\tools\Cmder and all files located in that folder. | 2022-11-29 | 4.3 | CVE-2022-45304 MISC |
chocolatey — chocolatey_php | Insecure permissions in Chocolatey PHP package v8.1.12 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\tools\php81 and all files located in that folder. | 2022-11-29 | 4.3 | CVE-2022-45307 MISC |
chocolatey — chocolatey_python3 | Insecure permissions in Chocolatey Python3 package v3.11.0 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\Python311 and all files located in that folder. | 2022-11-29 | 4.3 | CVE-2022-45305 MISC |
chocolatey — chocolatey_ruby | Insecure permissions in Chocolatey Ruby package v3.1.2.1 and below grants all users in the Authenticated Users group write privileges for the path C:\tools\ruby31 and all files located in that folder. | 2022-11-29 | 4.3 | CVE-2022-45301 MISC |
churchcrm — churchcrm | ChurchCRM Version 4.4.5 has XSS vulnerabilities that allow attackers to store XSS via location input Deposit Comment. | 2022-11-29 | 4.8 | CVE-2022-36136 MISC MISC |
churchcrm — churchcrm | ChurchCRM Version 4.4.5 has XSS vulnerabilities that allow attackers to store XSS via location input sHeader. | 2022-11-29 | 4.8 | CVE-2022-36137 MISC MISC |
contect — solarview_compact_firmware | SolarView Compact 7.0 is vulnerable to Cross-site Scripting (XSS) via /network_test.php. | 2022-11-29 | 6.1 | CVE-2022-44355 MISC |
dinstar — dag2000-16o_firmware | Dinstar FXO Analog VoIP Gateway DAG2000-16O is vulnerable to Cross Site Scripting (XSS). | 2022-11-28 | 5.4 | CVE-2022-44284 MISC |
discourse — discourse | Discourse is an open-source messaging platform. In versions 2.8.10 and prior on the `stable` branch and versions 2.9.0.beta11 and prior on the `beta` and `tests-passed` branches, users composing malicious messages and navigating to drafts page could self-XSS. This vulnerability can lead to a full XSS on sites which have modified or disabled Discourse’s default Content Security Policy. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. | 2022-11-29 | 5.4 | CVE-2022-46148 CONFIRM |
discourse — discourse | Discourse is an open-source discussion platform. Prior to version 2.9.0.beta13, users can post chat messages of an unlimited length, which can cause a denial of service for other users when posting huge amounts of text. Users should upgrade to version 2.9.0.beta13, where a limit has been introduced. No known workarounds are available. | 2022-11-28 | 4.3 | CVE-2022-41921 CONFIRM MISC |
discourse — discourse | Discourse is an open-source discussion platform. In stable versions prior to 2.8.12 and beta or tests-passed versions prior to 2.9.0.beta.13, under certain conditions, a user can see notifications for topics they no longer have access to. If there is sensitive information in the topic title, it will therefore have been exposed. This issue is patched in stable version 2.8.12, beta version 2.9.0.beta13, and tests-passed version 2.9.0.beta13. There are no workarounds available. | 2022-11-28 | 4.3 | CVE-2022-41944 MISC CONFIRM |
discourse — discourse | Discourse is an open-source discussion platform. Prior to version 2.8.13 of the `stable` branch and version 2.9.0.beta14 of the `beta` and `tests-passed` branches, unauthorized users may learn of the existence of hidden tags and that they have been applied to topics that they have access to. This issue is patched in version 2.8.13 of the `stable` branch and version 2.9.0.beta14 of the `beta` and `tests-passed` branches. As a workaround, use the `disable_email` site setting to disable all emails to non-staff users. | 2022-11-29 | 4.3 | CVE-2022-46150 CONFIRM MISC |
dwbooster — appointment_hour_booking | The Appointment Hour Booking plugin for WordPress is vulnerable to iFrame Injection via the ‘email’ or general field parameters in versions up to, and including, 1.3.72 due to insufficient input sanitization and output escaping that makes injecting iFrame tags possible. This makes it possible for unauthenticated attackers to inject iFrames when submitting a booking that will execute whenever a user accesses the injected booking details page. | 2022-11-29 | 6.1 | CVE-2022-4035 MISC MISC |
dwbooster — appointment_hour_booking | The Appointment Hour Booking plugin for WordPress is vulnerable to CAPTCHA bypass in versions up to, and including, 1.3.72. This is due to the use of insufficiently strong hashing algorithm on the CAPTCHA secret that is also displayed to the user via a cookie. | 2022-11-29 | 5.3 | CVE-2022-4036 MISC MISC |
electronic_shelf_label_protocol_project — electronic_shelf_label_protocol | The ESL (Electronic Shelf Label) protocol, as implemented by (for example) the OV80e934802 RF transceiver on the ETAG-2130-V4.3 20190629 board, does not use authentication, which allows attackers to change label values via 433 MHz RF signals, as demonstrated by disrupting the organization of a hospital storage unit, or changing retail pricing. | 2022-11-27 | 5.3 | CVE-2022-45914 MISC |
event_registration_system_project — event_registration_system | A vulnerability has been found in SourceCodester Event Registration System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /event/admin/?page=user/list. The manipulation of the argument First Name/Last Name leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-214591. | 2022-11-30 | 6.1 | CVE-2022-4233 MISC |
expresstech — quiz_and_survey_master | The Quiz and Survey Master plugin for WordPress is vulnerable to iFrame Injection via the ‘question[id]’ parameter in versions up to, and including, 8.0.4 due to insufficient input sanitization and output escaping that allowed iframe tags to be injected. This makes it possible for unauthenticated attackers to inject iFrames in pages that will execute whenever a user accesses an injected page. | 2022-11-29 | 6.1 | CVE-2022-4032 MISC MISC |
expresstech — quiz_and_survey_master | The Quiz and Survey Master plugin for WordPress is vulnerable to input validation bypass via the ‘question[id]’ parameter in versions up to, and including, 8.0.4 due to insufficient input validation that allows attackers to inject content other than the specified value (i.e. a number, file path, etc..). This makes it possible attackers to submit values other than the intended input type. | 2022-11-29 | 5.3 | CVE-2022-4033 MISC MISC |
find_and_replace_all_project — find_and_replace_all | The Find and Replace All WordPress plugin before 1.3 does not sanitize and escape some parameters from its setting page before outputting them back to the user, leading to a Reflected Cross-Site Scripting issue. | 2022-11-28 | 6.1 | CVE-2022-2311 MISC |
find_and_replace_all_project — find_and_replace_all | The Find and Replace All WordPress plugin before 1.3 does not have CSRF check when replacing string, which could allow attackers to make a logged admin replace arbitrary string in database tables via a CSRF attack | 2022-11-28 | 4.3 | CVE-2022-3850 MISC |
frappe — frappe | Frappe version 14.10.0 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not correctly validate the information injected by the user in the import_file parameter. | 2022-11-25 | 6.5 | CVE-2022-41712 MISC MISC |
garage_management_system_project — garage_management_system | Garage Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via /garage/php_action/createBrand.php. | 2022-11-29 | 6.1 | CVE-2022-44279 MISC |
getawesomesupport — awesome_support | The Awesome Support WordPress plugin before 6.1.2 does not ensure that the exported tickets archive to be downloaded belongs to the user making the request, allowing a low privileged user, such as subscriber to download arbitrary exported tickets via an IDOR vector | 2022-11-28 | 6.5 | CVE-2022-3511 MISC |
google — chrome | Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 108.0.5359.71 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Medium) | 2022-11-30 | 6.5 | CVE-2022-4187 MISC MISC |
google — chrome | Inappropriate implementation in Fenced Frames in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass fenced frame restrictions via a crafted HTML page. (Chromium security severity: Medium) | 2022-11-30 | 4.3 | CVE-2022-4182 MISC MISC |
google — chrome | Insufficient policy enforcement in Popup Blocker in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) | 2022-11-30 | 4.3 | CVE-2022-4183 MISC MISC |
google — chrome | Insufficient policy enforcement in Autofill in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page. (Chromium security severity: Medium) | 2022-11-30 | 4.3 | CVE-2022-4184 MISC MISC |
google — chrome | Inappropriate implementation in Navigation in Google Chrome on iOS prior to 108.0.5359.71 allowed a remote attacker to spoof the contents of the modal dialogue via a crafted HTML page. (Chromium security severity: Medium) | 2022-11-30 | 4.3 | CVE-2022-4185 MISC MISC |
google — chrome | Insufficient validation of untrusted input in Downloads in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass Downloads restrictions via a crafted HTML page. (Chromium security severity: Medium) | 2022-11-30 | 4.3 | CVE-2022-4186 MISC MISC |
google — chrome | Insufficient validation of untrusted input in CORS in Google Chrome on Android prior to 108.0.5359.71 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium) | 2022-11-30 | 4.3 | CVE-2022-4188 MISC MISC |
google — chrome | Insufficient policy enforcement in DevTools in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium) | 2022-11-30 | 4.3 | CVE-2022-4189 MISC MISC |
google — chrome | Insufficient policy enforcement in Safe Browsing in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass Safe Browsing warnings via a malicious file. (Chromium security severity: Medium) | 2022-11-30 | 4.3 | CVE-2022-4195 MISC MISC |
google_forms_project — google_forms | The Google Forms WordPress plugin through 0.95 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2022-11-28 | 4.8 | CVE-2022-3834 MISC |
gpac — gpac | GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a memory leak via the function dimC_box_read at isomedia/box_code_3gpp.c. | 2022-11-29 | 5.5 | CVE-2022-45204 MISC |
human_resource_management_system_project — human_resource_management_system | Human Resource Management System v1.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability. This vulnerability is triggered via a crafted payload injected into an authentication error message. | 2022-11-25 | 6.1 | CVE-2022-45218 MISC MISC |
ibm — maximo_application_suite | IBM Maximo Mobile 8.7 and 8.8 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 237407. | 2022-11-28 | 5.5 | CVE-2022-41732 MISC MISC |
image_hover_effects_css3_project — image_hover_effects_css3 | The Image Hover Effects Css3 WordPress plugin through 4.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2022-11-28 | 4.8 | CVE-2022-3601 MISC |
jeecg — jeecg_boot | Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/dict/queryTableData. | 2022-11-25 | 5.3 | CVE-2022-45205 MISC MISC |
jeecg — jeecg_boot | Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/user/putRecycleBin. | 2022-11-25 | 4.3 | CVE-2022-45208 MISC MISC |
jeecg — jeecg_boot | Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/user/deleteRecycleBin. | 2022-11-25 | 4.3 | CVE-2022-45210 MISC MISC |
jeeng_push_notifications_project — jeeng_push_notifications | The Jeeng Push Notifications WordPress plugin before 2.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2022-11-28 | 4.8 | CVE-2022-3610 MISC |
klik_project — klik | KLiK SocialMediaWebsite Version 1.0.1 has XSS vulnerabilities that allow attackers to store XSS via location Forum Subject input. | 2022-11-29 | 5.4 | CVE-2022-42099 MISC MISC |
klik_project — klik | KLiK SocialMediaWebsite Version 1.0.1 has XSS vulnerabilities that allow attackers to store XSS via location input reply-form. | 2022-11-29 | 5.4 | CVE-2022-42100 MISC MISC |
lepton_project — lepton | A loop with an unreachable exit condition can be triggered by passing a crafted JPEG file to the Lepton image compression tool, resulting in a denial-of-service. | 2022-11-28 | 5.5 | CVE-2022-4104 MISC |
linux — layer_2_tunneling_protocol | A flaw was found in the Linux kernel’s Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service. | 2022-11-28 | 5.5 | CVE-2022-4129 MISC MISC FEDORA FEDORA FEDORA |
linux — linux_kernel | An issue was discovered in the Linux kernel through 6.0.9. drivers/char/xillybus/xillyusb.c has a race condition and use-after-free during physical removal of a USB device. | 2022-11-25 | 6.4 | CVE-2022-45888 MISC |
linux — linux_kernel | A NULL pointer dereference issue was discovered in the Linux kernel in io_files_update_with_index_alloc. A local user could use this flaw to potentially crash the system causing a denial of service. | 2022-11-28 | 5.5 | CVE-2022-4127 MISC MISC |
linux — linux_kernel | A race condition in the x86 KVM subsystem in the Linux kernel through 6.1-rc6 allows guest OS users to cause a denial of service (host OS crash or host OS memory corruption) when nested virtualisation and the TDP MMU are enabled. | 2022-11-30 | 4.7 | CVE-2022-45869 MISC |
linux — linux_kernel | An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call. | 2022-11-25 | 4.7 | CVE-2022-45887 MISC MISC |
linux — mptcp_protocol | A NULL pointer dereference issue was discovered in the Linux kernel in the MPTCP protocol when traversing the subflow list at disconnect time. A local user could use this flaw to potentially crash the system causing a denial of service. | 2022-11-28 | 5.5 | CVE-2022-4128 MISC MISC |
m-files — m-files_server | Error in parser function in M-Files Server versions before 22.6.11534.1 and before 22.6.11505.0 allowed unauthenticated access to some information of the underlying operating system. | 2022-11-30 | 5.3 | CVE-2022-1911 MISC |
m-files — m-files_server | Incorrect privilege assignment in M-Files Server versions before 22.3.11164.0 and before 22.3.11237.1 allows user to read unmanaged objects. | 2022-11-30 | 4.3 | CVE-2022-1606 MISC |
metagauss — download_plugin | The Download Plugin WordPress plugin before 2.0.0 does not properly validate a user has the required privileges to access a backup’s nonce identifier, which may allow any users with an account on the site (such as subscriber) to download a full copy of the website. | 2022-11-28 | 4.3 | CVE-2021-25059 MISC |
microfocus — netiq_advanced_authentication | This update resolves a multi-factor authentication bypass attack | 2022-11-28 | 6.3 | CVE-2022-38753 MISC |
microweber — microweber | Microweber version 1.3.1 allows an unauthenticated user to perform an account takeover via an XSS on the ‘select-file’ parameter. | 2022-11-25 | 6.1 | CVE-2022-0698 MISC MISC |
mitsubishielectric — gx_works3 | Cleartext Storage of Sensitive Information in Memory vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1.015R and later allows a remote unauthorized attacker to disclose sensitive information. As a result, unauthorized users could obtain information about the project file for MELSEC safety CPU modules. | 2022-11-25 | 6.5 | CVE-2022-29832 MISC MISC |
mitsubishielectric — gx_works3 | Insufficiently Protected Credentials vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1.015R and later allows a remote unauthorized attacker to disclose sensitive information. As a result, unauthorized users could access to MELSEC safety CPU modules illgally. | 2022-11-25 | 6.5 | CVE-2022-29833 MISC MISC |
movie_ticket_booking_system_project — movie_ticket_booking_system | A vulnerability, which was classified as problematic, was found in Movie Ticket Booking System. Affected is an unknown function of the component POST Request Handler. The manipulation of the argument ORDER_ID leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-214626 is the identifier assigned to this vulnerability. | 2022-12-01 | 6.1 | CVE-2022-4249 N/A N/A |
movie_ticket_booking_system_project — movie_ticket_booking_system | A vulnerability has been found in Movie Ticket Booking System and classified as problematic. Affected by this vulnerability is an unknown functionality of the file booking.php. The manipulation of the argument id leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214627. | 2022-12-01 | 6.1 | CVE-2022-4250 N/A N/A |
muffingroup — becustom | The Becustom plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.5.2. This is due to missing nonce validation when saving the plugin’s settings. This makes it possible for unauthenticated attackers to update the plugin’s settings like betheme_url_slug, replaced_theme_author, and betheme_label to name a few, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2022-11-29 | 6.5 | CVE-2022-3747 MISC MISC MISC |
nextcloud — desktop | Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for this issue. | 2022-11-25 | 6.1 | CVE-2022-39333 MISC CONFIRM MISC |
nextcloud — desktop | Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application in the notifications. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for this issue. | 2022-11-25 | 5.4 | CVE-2022-39331 MISC MISC CONFIRM |
nextcloud — desktop | Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application via user status and information. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for this issue. | 2022-11-25 | 5.4 | CVE-2022-39332 MISC MISC CONFIRM |
nextcloud — desktop | Nextcloud desktop is the desktop sync client for Nextcloud. Versions prior to 3.6.1 would incorrectly trust invalid TLS certificates. A Man-in-the-middle attack is possible in case a user can be made running a nextcloudcmd CLI command locally. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for this vulnerability. | 2022-11-25 | 4.7 | CVE-2022-39334 MISC CONFIRM MISC MISC |
nextcloud — nextcloud_enterprise_server | Nextcloud server is an open source personal cloud server. Affected versions of nextcloud server did not properly limit user display names which could allow a malicious users to overload the backing database and cause a denial of service. It is recommended that the Nextcloud Server is upgraded to 22.2.10, 23.0.7 or 24.0.3. There are no known workarounds for this issue. | 2022-11-25 | 6.5 | CVE-2022-39346 CONFIRM MISC MISC |
nextcloud — openid_connect_user_backend | user_oidc is an OpenID Connect user backend for Nextcloud. Versions prior to 1.2.1 did not properly validate discovery urls which may lead to a stored cross site scripting attack vector. The impact is limited due to the restrictive CSP that is applied on this endpoint. Additionally this vulnerability has only been shown to be exploitable in the Safari web browser. This issue has been addressed in version 1.2.1. Users are advised to upgrade. Users unable to upgrade should urge their users to avoid using the Safari web browser. | 2022-11-25 | 5.4 | CVE-2022-39338 CONFIRM MISC MISC |
nextcloud — openid_connect_user_backend | user_oidc is an OpenID Connect user backend for Nextcloud. In versions prior to 1.2.1 sensitive information such as the OIDC client credentials and tokens are sent in plain text of HTTP without TLS. Any malicious actor with access to monitor user traffic may have been able to compromise account security. This issue has been addressed in in user_oidc v1.2.1. Users are advised to upgrade. Users unable to upgrade may use https to access Nextcloud. Set an HTTPS discovery URL in the provider settings (in Nextcloud OIDC admin settings). | 2022-11-25 | 4.3 | CVE-2022-39339 MISC MISC CONFIRM |
nextcloud — talk | Nextcould talk android is the android OS implementation of the nextcloud talk chat system. In affected versions the receiver is not protected by broadcastPermission allowing malicious apps to monitor communication. It is recommended that the Nextcloud Talk Android is upgraded to 14.1.0. There are no known workarounds for this issue. | 2022-11-25 | 5.5 | CVE-2022-41926 MISC CONFIRM MISC |
openedx — xblock-drag-and-drop-v2 | Drag and Drop XBlock v2 implements a drag-and-drop style problem, where a learner has to drag items to zones on a target image. Versions prior to 3.0.0 are vulnerable to cross-site scripting in multiple XBlock Fields. Any platform that has deployed the XBlock may be impacted. Version 3.0.0 contains a patch for this issue. There are no known workarounds. | 2022-11-28 | 6.1 | CVE-2022-46147 CONFIRM MISC MISC MISC |
perfsonar — perfsonar | perfSONAR v4.x <= v4.4.5 was discovered to contain a Cross-Site Request Forgery (CSRF) which is triggered when an attacker injects crafted input into the Search function. | 2022-11-30 | 4.3 | CVE-2022-41413 MISC MISC |
photospace_gallery_project — photospace_gallery | The Photospace Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters saved via the update() function in versions up to, and including, 2.3.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2022-11-29 | 5.4 | CVE-2022-3991 MISC MISC |
qemu — qemu | An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of the structure pointed to by the guest physical address, potentially reading past the end of the bar space into adjacent pages. A malicious guest user could use this flaw to crash the QEMU process on the host causing a denial of service condition. | 2022-11-29 | 6.5 | CVE-2022-4144 MISC MISC |
qemu — qemu | An integer overflow and buffer overflow issues were found in the ACPI Error Record Serialization Table (ERST) device of QEMU in the read_erst_record() and write_erst_record() functions. Both issues may allow the guest to overrun the host buffer allocated for the ERST memory device. A malicious guest could use these flaws to crash the QEMU process on the host. | 2022-11-29 | 6.5 | CVE-2022-4172 MISC MISC MISC |
raidenmaild — raidenmaild | Raiden MAILD Mail Server website mail field has insufficient filtering for user input. A remote attacker with general user privilege can send email using the website with malicious JavaScript in the input field, which triggers XSS (Reflected Cross-Site Scripting) attack to the mail recipient. | 2022-11-29 | 5.4 | CVE-2022-41676 MISC |
realtek — rtl8111fp-cg_firmware | RTL8168FP-CG Dash remote management function has missing authorization. An unauthenticated attacker within the adjacent network can connect to DASH service port to disrupt service. | 2022-11-29 | 6.5 | CVE-2022-32966 MISC |
recaptcha_project — recaptcha | The reCAPTCHA WordPress plugin through 1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2022-11-28 | 4.8 | CVE-2022-3831 MISC |
salat_times_project — salat_times | The Salat Times WordPress plugin before 3.2.2 does not sanitize and escapes its settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | 2022-11-28 | 4.8 | CVE-2022-2983 MISC |
sanitization_management_system_project — sanitization_management_system | A cross-site scripting (XSS) vulnerability in Sanitization Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter at /php-sms/classes/Login.php. | 2022-11-28 | 6.1 | CVE-2022-45214 MISC |
seppmail — seppmail | SEPPMail’s web frontend, user input is not embedded correctly in the web page and therefore leads to cross-site scripting vulnerabilities (XSS). | 2022-11-30 | 6.1 | CVE-2021-31740 MISC |
showing_url_in_qr_code_project — showing_url_in_qr_code | The Showing URL in QR Code WordPress plugin through 0.0.1 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin or editor add Stored XSS payloads via a CSRF attack | 2022-11-28 | 6.1 | CVE-2022-3847 MISC MISC |
simple-press — simple\ | The Simple:Press plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘postitem’ parameter manipulated during a forum response in versions up to, and including, 6.8 due to insufficient input sanitization and output escaping that makes injecting object and embed tags possible. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages when responding to forum threads that will execute whenever a user accesses an injected page. | 2022-11-29 | 5.4 | CVE-2022-4027 MISC MISC |
simple-press — simple\ | The Simple:Press plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘postitem’ parameter manipulated during the profile-save action when modifying a profile signature in versions up to, and including, 6.8 due to insufficient input sanitization and output escaping that makes injecting object and embed tags possible. This makes it possible for authenticated attackers, with minimal permissions, such as a subscriber to inject arbitrary web scripts in pages when modifying a profile signature that will execute whenever a user accesses an injected page. | 2022-11-29 | 5.4 | CVE-2022-4028 MISC MISC |
simple-press — simple\ | The Simple:Press plugin for WordPress is vulnerable to arbitrary file modifications in versions up to, and including, 6.8 via the ‘file’ parameter which does not properly restrict files to be edited in the context of the plugin. This makes it possible with attackers, with high-level permissions such as an administrator, to supply paths to arbitrary files on the server that can be modified outside of the intended scope of the plugin. | 2022-11-29 | 4.9 | CVE-2022-4031 MISC MISC |
simple-press — simple\ | The Simple:Press plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘sforum_[md5 hash of the WordPress URL]’ cookie value in versions up to, and including, 6.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This would be highly complex to exploit as it would require the attacker to set the cookie a cookie for the targeted user. | 2022-11-29 | 4.7 | CVE-2022-4029 MISC MISC |
snyk — snyk_cli | The package snyk before 1.1064.0; the package snyk-mvn-plugin before 2.31.3; the package snyk-gradle-plugin before 3.24.5; the package @snyk/snyk-cocoapods-plugin before 2.5.3; the package snyk-sbt-plugin before 2.16.2; the package snyk-python-plugin before 1.24.2; the package snyk-docker-plugin before 5.6.5; the package @snyk/snyk-hex-plugin before 1.1.6 are vulnerable to Command Injection due to an incomplete fix for [CVE-2022-40764](https://security.snyk.io/vuln/SNYK-JS-SNYK-3037342). A successful exploit allows attackers to run arbitrary commands on the host system where the Snyk CLI is installed by passing in crafted command line flags. In order to exploit this vulnerability, a user would have to execute the snyk test command on untrusted files. In most cases, an attacker positioned to control the command line arguments to the Snyk CLI would already be positioned to execute arbitrary commands. However, this could be abused in specific scenarios, such as continuous integration pipelines, where developers can control the arguments passed to the Snyk CLI to leverage this component as part of a wider attack against an integration/build pipeline. This issue has been addressed in the latest Snyk Docker images available at https://hub.docker.com/r/snyk/snyk as of 2022-11-29. Images downloaded and built prior to that date should be updated. The issue has also been addressed in the Snyk TeamCity CI/CD plugin as of version v20221130.093605. | 2022-11-30 | 6.3 | CVE-2022-22984 MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC |
sophos — xg_firewall_firmware | A post-auth read-only SQL injection vulnerability allows users to read non-sensitive configuration database contents in the User Portal of Sophos Firewall older than version 19.5 GA. | 2022-12-01 | 4.3 | CVE-2022-3711 CONFIRM |
spatie — browsershot | Browsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate that the HTML content passed to the Browsershot::html method does not contain URL’s that use the file:// protocol. | 2022-11-25 | 6.1 | CVE-2022-43983 MISC MISC |
spatie — browsershot | Browsershot version 3.57.3 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate that the JS content imported from an external source passed to the Browsershot::html method does not contain URLs that use the file:// protocol. | 2022-11-25 | 6.1 | CVE-2022-43984 MISC MISC |
standalonetech — terawallet | The TeraWallet plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.4.3. This is due to insufficient validation of the user-controlled key on the lock_unlock_terawallet AJAX action. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to lock/unlock other users wallets. | 2022-11-29 | 4.3 | CVE-2022-3995 MISC MISC |
sz-fujia — ourphoto | The user_token authorization header on the Ourphoto App version 1.4.1 /apiv1/* end-points is not implemented properly. Removing the value causes all requests to succeed, bypassing authorization and session management. The impact of this vulnerability allows an attacker POST api calls with other users unique identifiers and enumerate information of all other end-users. | 2022-11-28 | 6.5 | CVE-2022-24189 MISC |
thematosoup — fancier_author_box | The Fancier Author Box by ThematoSoup WordPress plugin through 1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2022-11-28 | 4.8 | CVE-2022-3833 MISC |
theme_and_plugin_translation_for_polylang_project — theme_and_plugin_translation_for_polylang | The Theme and plugin translation for Polylang is vulnerable to authorization bypass in versions up to, and including, 3.2.16 due to missing capability checks in the process_polylang_theme_translation_wp_loaded() function. This makes it possible for unauthenticated attackers to update plugin and theme translation settings and to import translation strings. | 2022-11-28 | 5.3 | CVE-2022-4169 MISC MISC |
thinkcmf — thinkcmf | ThinkCMF version 6.0.7 is affected by Stored Cross-Site Scripting (XSS). An attacker who successfully exploited this vulnerability could inject a Persistent XSS payload in the Slideshow Management section that execute arbitrary JavaScript code on the client side, e.g., to steal the administrator’s PHP session token (PHPSESSID). | 2022-12-01 | 5.4 | CVE-2022-40849 MISC |
tipsandtricks-hq — donations_via_paypal | The Donations via PayPal WordPress plugin before 1.9.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2022-11-28 | 4.8 | CVE-2022-3822 MISC |
trellix — agent | An uncontrolled search path vulnerability exists in Trellix Agent (TA) for Windows in versions prior to 5.7.8. This allows an attacker with admin access, which is required to place the DLL in the restricted Windows System folder, to elevate their privileges to System by placing a malicious DLL there. | 2022-11-30 | 6.7 | CVE-2022-3859 MISC |
ultimatemember — ultimate_member | The Ultimate Member plugin for WordPress is vulnerable to directory traversal in versions up to, and including 2.5.0 due to insufficient input validation on the ‘template’ attribute used in shortcodes. This makes it possible for attackers with administrative privileges to supply arbitrary paths using traversal (../../) to access and include files outside of the intended directory. If an attacker can successfully upload a php file then remote code execution via inclusion may also be possible. Note: for users with less than administrative capabilities, /wp-admin access needs to be enabled for that user in order for this to be exploitable by those users. | 2022-11-29 | 4.3 | CVE-2022-3361 MISC MISC MISC MISC |
video_thumbnails_project — video_thumbnails | The Video Thumbnails WordPress plugin through 2.12.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2022-11-28 | 4.8 | CVE-2022-3828 MISC |
vmware — tools | VMware Tools for Windows (12.x.y prior to 12.1.5, 11.x.y and 10.x.y) contains a denial-of-service vulnerability in the VM3DMP driver. A malicious actor with local user privileges in the Windows guest OS, where VMware Tools is installed, can trigger a PANIC in the VM3DMP driver leading to a denial-of-service condition in the Windows guest OS. | 2022-11-29 | 6.5 | CVE-2021-31693 MISC |
wbce — wbce_cms | A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the No Results field. | 2022-11-25 | 5.4 | CVE-2022-45036 MISC |
wbce — wbce_cms | A cross-site scripting (XSS) vulnerability in /admin/users/index.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Display Name field. | 2022-11-25 | 5.4 | CVE-2022-45037 MISC |
wbce — wbce_cms | A cross-site scripting (XSS) vulnerability in /admin/settings/save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website Footer field. | 2022-11-25 | 5.4 | CVE-2022-45038 MISC |
wbce — wbce_cms | A cross-site scripting (XSS) vulnerability in /admin/pages/sections_save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name Section field. | 2022-11-25 | 5.4 | CVE-2022-45040 MISC |
web-based_student_clearance_system_project — web-based_student_clearance_system | Web-Based Student Clearance System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in changepassword.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtnew_password parameter. | 2022-11-28 | 4.8 | CVE-2022-45221 MISC |
web-based_student_clearance_system_project — web-based_student_clearance_system | Web-Based Student Clearance System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in /Admin/add-student.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtfullname parameter. | 2022-11-28 | 4.8 | CVE-2022-45223 MISC |
web-based_student_clearance_system_project — web-based_student_clearance_system | Web-Based Student Clearance System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in Admin/add-admin.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtfullname parameter. | 2022-11-28 | 4.8 | CVE-2022-45224 MISC |
wp_admin_ui_customize_project — wp_admin_ui_customize | The WP Admin UI Customize WordPress plugin before 1.5.13 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2022-11-28 | 4.8 | CVE-2022-3824 MISC |
wp_affiliate_platform_project — wp_affiliate_platform | The WP Affiliate Platform plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.3.9. This is due to missing or incorrect nonce validation on various functions including the affiliates_menu method. This makes it possible for unauthenticated attackers to delete affiliate records, via forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2022-11-29 | 6.5 | CVE-2022-3898 MISC MISC |
wp_affiliate_platform_project — wp_affiliate_platform | The WP Affiliate Platform plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via $_SERVER[“REQUEST_URI”] in versions up to, and including, 6.3.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This is unlikely to work in modern browsers. | 2022-11-29 | 6.1 | CVE-2022-3896 MISC MISC |
wp_affiliate_platform_project — wp_affiliate_platform | The WP Affiliate Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 6.3.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2022-11-29 | 4.8 | CVE-2022-3897 MISC MISC |
zkteco — biotime | Zkteco BioTime < 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via Leave, overtime, Manual log. An authenticated employee can read local files by exploiting XSS into a pdf generator when exporting data as a PDF | 2022-11-30 | 6.8 | CVE-2022-38803 MISC MISC |
zkteco — biotime | Zkteco BioTime < 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via resign, private message, manual log, time interval, attshift, and holiday. An authenticated administrator can read local files by exploiting XSS into a pdf generator when exporting data as a PDF | 2022-11-30 | 6.2 | CVE-2022-38802 MISC MISC |
zkteco — biotime | In Zkteco BioTime < 8.5.3 Build:20200816.447, an employee can hijack an administrator session and cookies using blind cross-site scripting. | 2022-11-30 | 5.4 | CVE-2022-38801 MISC MISC |
Low Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
fortinet — fortimanager | An improper access control vulnerability [CWE-284] in FortiManager 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11 and FortiAnalyzer 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.0 through 6.0.12 may allow a remote and authenticated admin user assigned to a specific ADOM to access other ADOMs information such as device information and dashboard information. | 2022-11-25 | 2.7 | CVE-2022-38377 MISC |
mpxj — mpxj | MPXJ is an open source library to read and write project plans from a variety of file formats and databases. On Unix-like operating systems (not Windows or macos), MPXJ’s use of `File.createTempFile(..)` results in temporary files being created with the permissions `-rw-r–r–`. This means that any other user on the system can read the contents of this file. When MPXJ is reading a schedule file which requires the creation of a temporary file or directory, a knowledgeable local user could locate these transient files while they are in use and would then be able to read the schedule being processed by MPXJ. The problem has been patched, MPXJ version 10.14.1 and later includes the necessary changes. Users unable to upgrade may set `java.io.tmpdir` to a directory to which only the user running the application has access will prevent other users from accessing these temporary files. | 2022-11-25 | 3.3 | CVE-2022-41954 CONFIRM MISC |
realtek — rtl8111ep-cg_firmware | RTL8111EP-CG/RTL8111FP-CG DASH function has hard-coded password. An unauthenticated physical attacker can use the hard-coded default password during system reboot triggered by other user, to acquire partial system information such as serial number and server information. | 2022-11-29 | 2.1 | CVE-2022-32967 MISC |
sophos — xg_firewall_firmware | A post-auth read-only SQL injection vulnerability allows API clients to read non-sensitive configuration database contents in the API controller of Sophos Firewall older than version 19.5 GA. | 2022-12-01 | 2.7 | CVE-2022-3710 CONFIRM |
wpulike — wp_ulike | Unauth. Race Condition vulnerability in WP ULike Plugin <= 4.6.4 on WordPress allows attackers to increase/decrease rating scores. | 2022-11-30 | 3.7 | CVE-2022-45842 MISC |
Severity Not Yet Assigned
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
Xiongmai — multiple_products | Multiple Xiongmai NVR devices, including MBD6304T V4.02.R11.00000117.10001.131900.00000 and NBD6808T-PL V4.02.R11.C7431119.12001.130000.00000, allow authenticated users to execute arbitrary commands as root, as exploited in the wild starting in approximately 2019. A remote and authenticated attacker, possibly using the default admin:tlJwpbo6 credentials, can connect to port 34567 and execute arbitrary operating system commands via a crafted JSON file during an upgrade request. Since at least 2021, Xiongmai has applied patches to prevent attackers from using this mechanism to execute telnetd. | 2022-12-01 | not yet calculated | CVE-2022-45045 MISC |
apache — commons_net |
Prior to Apache Commons Net 3.9.0, Net’s FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711. | 2022-12-03 | not yet calculated | CVE-2021-37533 CONFIRM MLIST |
apsystems — energy_communication_unit_power_control_software | An access control issue in APsystems ENERGY COMMUNICATION UNIT (ECU-C) Power Control Software V4.1NA, V3.11.4, W2.1NA, V4.1SAA, C1.2.2 allows attackers to access sensitive data and execute specific commands and functions with full admin rights without authenticating allows him to perform multiple attacks, such as attacking wireless network in the product’s range. | 2022-11-29 | not yet calculated | CVE-2022-44037 MISC |
asus — nas-m25 | Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability in Asus NAS-M25 allows an unauthenticated attacker to inject arbitrary OS commands via unsanitized cookie values.This issue affects NAS-M25: through 1.0.1.7. | 2022-12-01 | not yet calculated | CVE-2022-4221 MISC |
authentik — authentik | authentik is an open-source identity provider. Versions prior to 2022.11.2 and 2022.10.2 are vulnerable to unauthorized user creation and potential account takeover. With the default flows, unauthenticated users can create new accounts in authentik. If a flow exists that allows for email-verified password recovery, this can be used to overwrite the email address of admin accounts and take over their accounts. authentik 2022.11.2 and 2022.10.2 fix this issue. As a workaround, a policy can be created and bound to the `default-user-settings-flow flow` with the contents `return request.user.is_authenticated`. | 2022-12-02 | not yet calculated | CVE-2022-46145 MISC MISC MISC |
book_store_management_system — book_store_management_system | A cross-site scripting (XSS) vulnerability in Book Store Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the Add New System User module. | 2022-12-02 | not yet calculated | CVE-2022-45215 MISC MISC |
broadcom — symantec_endpoint_protection | Symantec Endpoint Protection (Windows) agent may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | 2022-12-01 | not yet calculated | CVE-2022-37016 MISC |
broadcom — symantec_endpoint_protection | Symantec Endpoint Protection (Windows) agent, prior to 14.3 RU6/14.3 RU5 Patch 1, may be susceptible to a Security Control Bypass vulnerability, which is a type of issue that can potentially allow a threat actor to circumvent existing security controls. This CVE applies narrowly to the Client User Interface Password protection and Policy Import/Export Password protection, if it has been enabled. | 2022-12-01 | not yet calculated | CVE-2022-37017 MISC |
c-data — web_management_system | A vulnerability was found in C-DATA Web Management System. It has been rated as critical. This issue affects some unknown processing of the file cgi-bin/jumpto.php of the component GET Parameter Handler. The manipulation of the argument hostname leads to argument injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214631. | 2022-12-01 | not yet calculated | CVE-2022-4257 MISC MISC |
capnproto — capnproto | Cap’n Proto is a data interchange format and remote procedure call (RPC) system. Cap’n Proro prior to versions 0.7.1, 0.8.1, 0.9.2, and 0.10.3, as well as versions of Cap’n Proto’s Rust implementation prior to 0.13.7, 0.14.11, and 0.15.2 are vulnerable to out-of-bounds read due to logic error handling list-of-list. This issue may lead someone to remotely segfault a peer by sending it a malicious message, if the victim performs certain actions on a list-of-pointer type. Exfiltration of memory is possible if the victim performs additional certain actions on a list-of-pointer type. To be vulnerable, an application must perform a specific sequence of actions, described in the GitHub Security Advisory. The bug is present in inlined code, therefore the fix will require rebuilding dependent applications. Cap’n Proto has C++ fixes available in versions 0.7.1, 0.8.1, 0.9.2, and 0.10.3. The `capnp` Rust crate has fixes available in versions 0.13.7, 0.14.11, and 0.15.2. | 2022-11-30 | not yet calculated | CVE-2022-46149 MISC CONFIRM FEDORA FEDORA |
clastix — capsule | Capsule is a multi-tenancy and policy-based framework for Kubernetes. Prior to version 0.1.3, a ServiceAccount deployed in a Tenant Namespace, when granted with `PATCH` capabilities on its own Namespace, is able to edit it and remove the Owner Reference, breaking the reconciliation of the Capsule Operator and removing all the enforcement like Pod Security annotations, Network Policies, Limit Range and Resource Quota items. An attacker could detach the Namespace from a Tenant that is forbidding starting privileged Pods using the Pod Security labels by removing the OwnerReference, removing the enforcement labels, and being able to start privileged containers that would be able to start a generic Kubernetes privilege escalation. Patches have been released for version 0.1.3. No known workarounds are available. | 2022-12-02 | not yet calculated | CVE-2022-46167 MISC MISC MISC MISC |
d-link — dhp-w310av | D-Link DHP-W310AV 3.10EU was discovered to contain a command injection vulnerability via the System Checks function. | 2022-12-02 | not yet calculated | CVE-2022-44930 MISC |
d-link — dvg-g5402sp | D-Link DVG-G5402SP GE_1.03 was discovered to contain a command injection vulnerability via the Maintenance function. | 2022-12-02 | not yet calculated | CVE-2022-44928 MISC |
d-link — dvg-g5402sp | An access control issue in D-Link DVG-G5402SP GE_1.03 allows unauthenticated attackers to escalate privileges via arbitrarily editing VoIP SIB profiles. | 2022-12-02 | not yet calculated | CVE-2022-44929 MISC |
dcmtk — dcmtk | DCMTK v3.6.7 was discovered to contain a memory leak via the T_ASC_Association object. | 2022-12-02 | not yet calculated | CVE-2022-43272 MISC MISC |
delta_industrial_automation — dialink |
Delta Industrial Automation DIALink versions prior to v1.5.0.0 Beta 4 uses an external input to construct a pathname intended to identify a file or directory located underneath a restricted parent directory. However, the software does not properly neutralize special elements within the pathname, which can cause the pathname to resolve to a location outside of the restricted directory. | 2022-12-01 | not yet calculated | CVE-2022-2969 MISC |
digital_alert_systems — dasdec | A cross-site scripting (XSS) vulnerability exists in all current versions of Digital Alert Systems DASDEC software via the Host Header in undisclosed pages after login. | 2022-12-01 | not yet calculated | CVE-2022-40204 MISC |
digital_alert_systems — dasdec |
Digital Alert Systems’ DASDEC software prior to version 4.1 contains a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web script or HTML via the SSH username, username field of the login page, or via the HTTP host header. The injected content is stored in logs and rendered when viewed in the web application. | 2022-11-30 | not yet calculated | CVE-2019-18265 MISC |
discourse — discourse | Discourse is an open-source discussion platform. In version 2.8.13 and prior on the `stable` branch and version 2.9.0.beta14 and prior on the `beta` and `tests-passed` branches, any authenticated user can create an unlisted topic. These topics, which are not readily available to other users, can take up unnecessary site resources. A patch for this issue is available in the `main` branch of Discourse. There are no known workarounds available. | 2022-12-02 | not yet calculated | CVE-2022-46159 MISC MISC |
dot_tech — smart_campus_system | A vulnerability, which was classified as problematic, has been found in Dot Tech Smart Campus System. Affected by this issue is some unknown functionality of the file /services/Card/findUser. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-214778 is the identifier assigned to this vulnerability. | 2022-12-03 | not yet calculated | CVE-2022-4280 N/A N/A |
feminer — wms | A vulnerability, which was classified as critical, has been found in FeMiner wms. Affected by this issue is some unknown functionality of the file /product/savenewproduct.php?flag=1. The manipulation of the argument upfile leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214760. | 2022-12-03 | not yet calculated | CVE-2022-4272 MISC MISC |
g810-led — g810-led | g810-led 0.4.2, a LED configuration tool for Logitech Gx10 keyboards, contained a udev rule to make supported device nodes world-readable and writable, allowing any process on the system to read traffic from keyboards, including sensitive data. | 2022-11-30 | not yet calculated | CVE-2022-46338 MISC MISC MLIST |
github — enterprise_server |
An improper privilege management vulnerability was identified in GitHub Enterprise Server that allowed users with improper privileges to create or delete pages via the API. To exploit this vulnerability, an attacker would need to be added to an organization’s repo with write permissions. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.7 and was fixed in versions 3.2.20, 3.3.15, 3.4.10, 3.5.7, and 3.6.3. This vulnerability was reported via the GitHub Bug Bounty program. | 2022-12-01 | not yet calculated | CVE-2022-23737 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
gl.inet — goodcloud | In GL.iNet Goodcloud 1.1 Incorrect access control allows a remote attacker to access/change devices’ settings. | 2022-12-01 | not yet calculated | CVE-2022-44211 MISC |
gl.inet — goodcloud | In GL.iNet Goodcloud 1.0, insecure design allows remote attacker to access devices’ admin panel. | 2022-12-01 | not yet calculated | CVE-2022-44212 MISC |
google — chrome | Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2022-12-02 | not yet calculated | CVE-2022-4262 MISC MISC |
grafana — synthetic_monitoring | The Synthetic Monitoring Agent for Grafana’s Synthetic Monitoring application provides probe functionality and executes network checks for monitoring remote targets. Users running the Synthetic Monitoring agent prior to version 0.12.0 in their local network are impacted. The authentication token used to communicate with the Synthetic Monitoring API is exposed through a debugging endpoint. This token can be used to retrieve the Synthetic Monitoring checks created by the user and assigned to the agent identified with that token. The Synthetic Monitoring API will reject connections from already-connected agents, so access to the token does not guarantee access to the checks. Version 0.12.0 contains a fix. Users are advised to rotate the agent tokens. After upgrading to version v0.12.0 or later, it’s recommended that users of distribution packages review the configuration stored in `/etc/synthetic-monitoring/synthetic-monitoring-agent.conf`, specifically the `API_TOKEN` variable which has been renamed to `SM_AGENT_API_TOKEN`. As a workaround for previous versions, it’s recommended that users review the agent settings and set the HTTP listening address in a manner that limits the exposure, for example, localhost or a non-routed network, by using the command line parameter `-listen-address`, e.g. `-listen-address localhost:4050`. | 2022-11-30 | not yet calculated | CVE-2022-46156 CONFIRM MISC MISC MISC MISC MISC |
horner_automation — remote_compact_controller_972 | The Config-files of Horner Automation’s RCC 972 with firmware version 15.40 are encrypted with weak XOR encryption vulnerable to reverse engineering. This could allow an attacker to obtain credentials to run services such as File Transfer Protocol (FTP) and Hypertext Transfer Protocol (HTTP). | 2022-12-02 | not yet calculated | CVE-2022-2640 MISC |
horner_automation — remote_compact_controller_972 | Horner Automation’s RCC 972 with firmware version 15.40 has a static encryption key on the device. This could allow an attacker to perform unauthorized changes to the device, remotely execute arbitrary code, or cause a denial-of-service condition. | 2022-12-02 | not yet calculated | CVE-2022-2641 MISC |
horner_automation — remote_compact_controller_972 | Horner Automation’s RCC 972 firmware version 15.40 contains global variables. This could allow an attacker to read out sensitive values and variable keys from the device. | 2022-12-02 | not yet calculated | CVE-2022-2642 MISC |
house_rental_system — house_rental_system | A vulnerability, which was classified as critical, was found in House Rental System. Affected is an unknown function of the file /view-property.php. The manipulation of the argument property_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-214770 is the identifier assigned to this vulnerability. | 2022-12-03 | not yet calculated | CVE-2022-4274 N/A N/A |
house_rental_system — house_rental_system | A vulnerability has been found in House Rental System and classified as critical. Affected by this vulnerability is an unknown functionality of the file search-property.php of the component POST Request Handler. The manipulation of the argument search_property leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214771. | 2022-12-03 | not yet calculated | CVE-2022-4275 N/A N/A |
house_rental_system — house_rental_system | A vulnerability was found in House Rental System and classified as critical. Affected by this issue is some unknown functionality of the file tenant-engine.php of the component POST Request Handler. The manipulation of the argument id_photo leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214772. | 2022-12-03 | not yet calculated | CVE-2022-4276 N/A N/A |
ibm — db2u |
IBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 237212. | 2022-12-01 | not yet calculated | CVE-2022-41297 MISC MISC |
ibm — watson_aiops | IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps 1.4.2 could provide a weaker than expected security. A local attacker can create an outbound network connection to another system. IBM X-Force ID: 240827. | 2022-12-01 | not yet calculated | CVE-2022-43900 MISC MISC |
ibm — watson_aiops | IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps 1.4.3 could disclose sensitive information. An authenticated local attacker could exploit this vulnerability to possibly gain information to other IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps components. IBM X-Force ID: 240829. | 2022-12-01 | not yet calculated | CVE-2022-43901 MISC MISC |
isic.lk — isik.lk |
An issue was discovered in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to gain sensitive information via the action parameter to /system/user/modules/mod_users/controller.php. | 2022-12-01 | not yet calculated | CVE-2022-28607 MISC |
isic.lk — isik.lk |
SQL Injection vulnerability in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to execute arbitrary commands via the username parameter to /system/user/modules/mod_users/controller.php. | 2022-12-01 | not yet calculated | CVE-2022-30528 MISC MISC |
ixp — easyinstall |
IXPdata EasyInstall 6.6.14725 contains an access control issue. | 2022-12-01 | not yet calculated | CVE-2022-35120 MISC |
m-files — m-files_web | Incorrect privilege assignment issue in M-Files Web in M-Files Web versions before 22.5.11436.1 could have changed permissions accidentally. | 2022-12-02 | not yet calculated | CVE-2022-4270 MISC |
mitsubishi_electric_corporation — melsec_iq-r_series_rj71en71 | Improper Input Validation vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series RJ71EN71 Firmware version “65” and prior and Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120ENCPU Network Part Firmware version “65” and prior allows a remote unauthenticated attacker to cause a Denial of Service condition by sending specially crafted packets. A system reset is required for recovery. | 2022-11-30 | not yet calculated | CVE-2022-40265 MISC MISC |
movie_ticket_booking_system — movie_ticket_booking_system | A vulnerability was found in Movie Ticket Booking System and classified as problematic. Affected by this issue is some unknown functionality of the file editBooking.php. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214628. | 2022-12-01 | not yet calculated | CVE-2022-4251 N/A N/A |
moxa — multiple_products |
An attacker with physical access to Moxa’s bootloader versions of UC-8580 Series V1.1, UC-8540 Series V1.0 to V1.2, UC-8410A Series V2.2, UC-8200 Series V1.0 to V2.4, UC-8100A-ME-T Series V1.0 to V1.1, UC-8100 Series V1.2 to V1.3, UC-5100 Series V1.2, UC-3100 Series V1.2 to V2.0, UC-2100 Series V1.3 to V1.5, and UC-2100-W Series V1.3 to V1.5 can initiate a restart of the device and gain access to its BIOS. Command line options can then be altered, allowing the attacker to access the terminal. From the terminal, the attacker can modify the device’s authentication files to create a new user and gain full access to the system. | 2022-12-02 | not yet calculated | CVE-2022-3086 MISC |
nextcloud — server | Nextcloud Server is an open source personal cloud server. Prior to versions 23.0.10 and 24.0.5, calendar name lengths are not validated before writing to a database. As a result, an attacker can send unnecessary amounts of data against the database. Version 23.0.10 and 24.0.5 contain patches for the issue. No known workarounds are available. | 2022-12-01 | not yet calculated | CVE-2022-41968 MISC MISC MISC |
nextcloud — server | Nextcloud Server is an open source personal cloud server. Prior to versions 23.0.11, 24.0.7, and 25.0.0, there is no password length limit when creating a user as an administrator. An administrator can cause a limited DoS attack against their own server. Versions 23.0.11, 24.0.7, and 25.0.0 contain a fix for the issue. As a workaround, don’t create user accounts with long passwords. | 2022-12-01 | not yet calculated | CVE-2022-41969 MISC MISC MISC |
nextcloud — server | Nextcloud Server is an open source personal cloud server. Prior to versions 24.0.7 and 25.0.1, disabled download shares still allow download through preview images. Images could be downloaded and previews of documents (first page) can be downloaded without being watermarked. Versions 24.0.7 and 25.0.1 contain a fix for this issue. No known workarounds are available. | 2022-12-01 | not yet calculated | CVE-2022-41970 MISC MISC MISC |
nextcloud — talk_android | Nextcould Talk android is a video and audio conferencing app for Nextcloud. Prior to versions 12.2.8, 13.0.10, 14.0.6, and 15.0.0, guests can continue to receive video streams from a call after being removed from a conversation. An attacker would be able to see videos on a call in a public conversation after being removed from that conversation, provided that they were removed while being in the call. Versions 12.2.8, 13.0.10, 14.0.6, and 15.0.0 contain patches for the issue. No known workarounds are available. | 2022-12-01 | not yet calculated | CVE-2022-41971 MISC MISC MISC |
ni — labview_command_line_interface | Incorrect default permissions in the installation folder for NI LabVIEW Command Line Interface (CLI) may allow an authenticated user to potentially enable escalation of privilege via local access. | 2022-12-01 | not yet calculated | CVE-2022-42718 MISC |
osticket — osticket | Cross-site Scripting (XSS) – Reflected in GitHub repository osticket/osticket prior to 1.16.4. | 2022-12-02 | not yet calculated | CVE-2022-4271 CONFIRM MISC |
rocket_software — trufusion_enterprise | An arbitrary file upload vulnerability in Rocket TRUfusion Enterprise before 7.9.6.1 allows unauthenticated attackers to execute arbitrary code via a crafted JSP file. Issue fixed in version 7.9.6.1. | 2022-12-01 | not yet calculated | CVE-2022-36431 MISC CONFIRM |
rukovoditel — rukovoditel | Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Announcement function at /index.php?module=help_pages/pages&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field. | 2022-12-02 | not yet calculated | CVE-2022-44944 MISC MISC |
rukovoditel — rukovoditel | Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the heading_field_id parameter. | 2022-12-02 | not yet calculated | CVE-2022-44945 MISC MISC |
rukovoditel — rukovoditel | Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Page function at /index.php?module=help_pages/pages&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field. | 2022-12-02 | not yet calculated | CVE-2022-44946 MISC MISC |
rukovoditel — rukovoditel | Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Highlight Row feature at /index.php?module=entities/listing_types&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Note field after clicking “Add”. | 2022-12-02 | not yet calculated | CVE-2022-44947 MISC MISC |
rukovoditel — rukovoditel | Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Entities Group feature at/index.php?module=entities/entities_groups. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field after clicking “Add”. | 2022-12-02 | not yet calculated | CVE-2022-44948 MISC MISC |
rukovoditel — rukovoditel | Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Field function at /index.php?module=entities/fields&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Short Name field. | 2022-12-02 | not yet calculated | CVE-2022-44949 MISC MISC |
rukovoditel — rukovoditel | Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Field function at /index.php?module=entities/fields&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | 2022-12-02 | not yet calculated | CVE-2022-44950 MISC MISC |
rukovoditel — rukovoditel | Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Form tab function at /index.php?module=entities/forms&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | 2022-12-02 | not yet calculated | CVE-2022-44951 MISC MISC |
rukovoditel — rukovoditel | Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in /index.php?module=configuration/application. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Copyright Text field after clicking “Add”. | 2022-12-02 | not yet calculated | CVE-2022-44952 MISC MISC |
shaoxing — background_management_system | A vulnerability was found in Shaoxing Background Management System. It has been declared as critical. This vulnerability affects unknown code of the file /Default/Bd. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-214774 is the identifier assigned to this vulnerability. | 2022-12-03 | not yet calculated | CVE-2022-4277 N/A N/A |
snakeyaml — snakeyaml |
SnakeYaml’s Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml’s SafeConsturctor when parsing untrusted content to restrict deserialization. | 2022-12-01 | not yet calculated | CVE-2022-1471 MISC |
sophos — firewall | An OS command injection vulnerability allows admins to execute code via SSL VPN configuration uploads in Sophos Firewall older than version 19.5 GA. | 2022-12-01 | not yet calculated | CVE-2022-3226 CONFIRM |
sophos — firewall | A post-auth code injection vulnerability allows admins to execute code in Webadmin of Sophos Firewall older than version 19.5 GA. | 2022-12-01 | not yet calculated | CVE-2022-3696 CONFIRM |
sophos — firewall | A code injection vulnerability allows adjacent attackers to execute code in the Wifi controller of Sophos Firewall older than version 19.5 GA. | 2022-12-01 | not yet calculated | CVE-2022-3713 CONFIRM |
sourcecodester — human_resource_management_system | A vulnerability, which was classified as critical, has been found in SourceCodester Human Resource Management System 1.0. This issue affects some unknown processing of the file /hrm/controller/employee.php of the component Content-Type Handler. The manipulation of the argument pfimg leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-214769 was assigned to this vulnerability. | 2022-12-03 | not yet calculated | CVE-2022-4273 MISC MISC |
sourcecodester — human_resource_management_system | A vulnerability was found in SourceCodester Human Resource Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /hrm/employeeadd.php. The manipulation of the argument empid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214775. | 2022-12-03 | not yet calculated | CVE-2022-4278 N/A N/A |
sourcecodester — human_resource_management_system | A vulnerability classified as problematic has been found in SourceCodester Human Resource Management System 1.0. Affected is an unknown function of the file /hrm/employeeview.php. The manipulation of the argument search leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214776. | 2022-12-03 | not yet calculated | CVE-2022-4279 N/A N/A |
ssl_network_extender — ssl_network_extender | The IPsec VPN blade has a dedicated portal for downloading and connecting through SSL Network Extender (SNX). If the portal is configured for username/password authentication, it is vulnerable to a brute-force attack on usernames and passwords. | 2022-11-30 | not yet calculated | CVE-2022-23746 MISC |
swiftterm — swiftterm |
SwiftTerm is a Xterm/VT100 Terminal emulator. Prior to commit a94e6b24d24ce9680ad79884992e1dff8e150a31, an attacker could modify the window title via a certain character escape sequence and then insert it back to the command line in the user’s terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands. Version a94e6b24d24ce9680ad79884992e1dff8e150a31 contains a patch for this issue. There are no known workarounds available. | 2022-12-02 | not yet calculated | CVE-2022-23465 MISC MISC |
telenia_software — tvox | Telenia Software s.r.l TVox before v22.0.17 was discovered to contain a remote code execution (RCE) vulnerability in the component action_export_control.php. | 2022-12-01 | not yet calculated | CVE-2022-43333 MISC |
telepad — pc_keyboard_wifi/bluetooth | PC Keyboard WiFi & Bluetooth allows an attacker (in a man-in-the-middle position between the server and a connected device) to see all data (including keypresses) in cleartext. CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N | 2022-12-02 | not yet calculated | CVE-2022-45480 MISC |
telos_alliance — omnia_mpx_node | An unauthenticated command injection vulnerability in the product license validation function of Telos Alliance Omnia MPX Node 1.3.* – 1.4.* allows attackers to execute arbitrary commands via a crafted payload injected into the license input. | 2022-12-02 | not yet calculated | CVE-2022-43325 MISC |
telos_alliance — omnia_mpx_node | Insecure permissions in Telos Alliance Omnia MPX Node v1.0.0 to v1.4.9 allow attackers to manipulate and access system settings with backdoor account low privilege, this can lead to change hardware settings and execute arbitrary commands in vulnerable system functions that is requires high privilege to access. | 2022-12-02 | not yet calculated | CVE-2022-45562 MISC |
tenda — ac6 | Tenda Tenda AC6V1.0 V15.03.05.19 is affected by buffer overflow. Causes a denial of service (local). | 2022-12-01 | not yet calculated | CVE-2022-45640 MISC MISC |
tenda — ac6 | Tenda AC6V1.0 V15.03.05.19 is vulnerable to Buffer Overflow via formSetMacFilterCfg. | 2022-12-02 | not yet calculated | CVE-2022-45641 MISC |
tenda — ac6 | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the deviceId parameter in the addWifiMacFilter function. | 2022-12-02 | not yet calculated | CVE-2022-45643 MISC |
tenda — ac6 | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the deviceId parameter in the formSetClientState function. | 2022-12-02 | not yet calculated | CVE-2022-45644 MISC |
tenda — ac6 | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the deviceMac parameter in the addWifiMacFilter function. | 2022-12-02 | not yet calculated | CVE-2022-45645 MISC |
tenda — ac6 | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the limitSpeedUp parameter in the formSetClientState function. | 2022-12-02 | not yet calculated | CVE-2022-45646 MISC |
tenda — ac6 | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the limitSpeed parameter in the formSetClientState function. | 2022-12-02 | not yet calculated | CVE-2022-45647 MISC |
tenda — ac6 | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the devName parameter in the formSetDeviceName function. | 2022-12-02 | not yet calculated | CVE-2022-45648 MISC |
tenda — ac6 | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the endIp parameter in the formSetPPTPServer function. | 2022-12-02 | not yet calculated | CVE-2022-45649 MISC |
tenda — ac6 | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the firewallEn parameter in the formSetFirewallCfg function. | 2022-12-02 | not yet calculated | CVE-2022-45650 MISC |
tenda — ac6 | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the list parameter in the formSetVirtualSer function. | 2022-12-02 | not yet calculated | CVE-2022-45651 MISC |
tenda — ac6 | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the startIp parameter in the formSetPPTPServer function. | 2022-12-02 | not yet calculated | CVE-2022-45652 MISC |
tenda — ac6 | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the page parameter in the fromNatStaticSetting function. | 2022-12-02 | not yet calculated | CVE-2022-45653 MISC |
tenda — ac6 | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the ssid parameter in the form_fast_setting_wifi_set function. | 2022-12-02 | not yet calculated | CVE-2022-45654 MISC |
tenda — ac6 | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the timeZone parameter in the form_fast_setting_wifi_set function. | 2022-12-02 | not yet calculated | CVE-2022-45655 MISC |
tenda — ac6 | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the time parameter in the fromSetSysTime function. | 2022-12-02 | not yet calculated | CVE-2022-45656 MISC |
tenda — ac6 | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the list parameter in the fromSetIpMacBind function. | 2022-12-02 | not yet calculated | CVE-2022-45657 MISC |
tenda — ac6 | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the schedEndTime parameter in the setSchedWifi function. | 2022-12-02 | not yet calculated | CVE-2022-45658 MISC |
tenda — ac6 | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the wpapsk_crypto parameter in the fromSetWirelessRepeat function. | 2022-12-02 | not yet calculated | CVE-2022-45659 MISC |
tenda — ac6 | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the schedStartTime parameter in the setSchedWifi function. | 2022-12-02 | not yet calculated | CVE-2022-45660 MISC |
tenda — ac6 | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the time parameter in the setSmartPowerManagement function. | 2022-12-02 | not yet calculated | CVE-2022-45661 MISC |
tenda — ac6 | Tenda AC6V1.0 V15.03.05.19 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet. | 2022-12-02 | not yet calculated | CVE-2022-45673 MISC |
tenda — ac6 | Tenda AC6V1.0 V15.03.05.19 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot. | 2022-12-02 | not yet calculated | CVE-2022-45674 MISC |
tenda — i21 | Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/AddSysLogRule. | 2022-12-02 | not yet calculated | CVE-2022-44362 MISC |
tenda — i21 | Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/setSnmpInfo. | 2022-12-02 | not yet calculated | CVE-2022-44363 MISC |
tenda — i21 | Tenda i21 V1.0.0.14(4656) has a stack overflow vulnerability via /goform/setSysPwd. | 2022-12-02 | not yet calculated | CVE-2022-44365 MISC |
tenda — i21 | Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/setDiagnoseInfo. | 2022-12-02 | not yet calculated | CVE-2022-44366 MISC |
tenda — i21 | Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/setUplinkInfo. | 2022-12-02 | not yet calculated | CVE-2022-44367 MISC |
tenda — i22 | Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the index parameter in the formWifiMacFilterSet function. | 2022-12-02 | not yet calculated | CVE-2022-45663 MISC |
tenda — i22 | Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the list parameter in the formwrlSSIDget function. | 2022-12-02 | not yet calculated | CVE-2022-45664 MISC |
tenda — i22 | Tenda i22 V1.0.0.3(4687) is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet. | 2022-12-02 | not yet calculated | CVE-2022-45667 MISC |
tenda — i22 | Tenda i22 V1.0.0.3(4687) is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot. | 2022-12-02 | not yet calculated | CVE-2022-45668 MISC |
tenda — i22 | Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the index parameter in the formWifiMacFilterGet function. | 2022-12-02 | not yet calculated | CVE-2022-45669 MISC |
tenda — i22 | Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the ping1 parameter in the formSetAutoPing function. | 2022-12-02 | not yet calculated | CVE-2022-45670 MISC |
tenda — i22 | Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the appData parameter in the formSetAppFilterRule function. | 2022-12-02 | not yet calculated | CVE-2022-45671 MISC |
tenda — i22 | Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the formWx3AuthorizeSet function. | 2022-12-02 | not yet calculated | CVE-2022-45672 MISC |
thisaay — lazy_mouse | Lazy Mouse server enforces weak password requirements and doesn’t implement rate limiting, allowing remote unauthenticated users to easily and quickly brute force the PIN and execute arbitrary commands. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 2022-12-02 | not yet calculated | CVE-2022-45482 MISC |
thisaay — lazy_mouse | Lazy Mouse allows an attacker (in a man in the middle position between the server and a connected device) to see all data (including keypresses) in cleartext. CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N | 2022-12-02 | not yet calculated | CVE-2022-45483 MISC |
tribal_systems — zenario_cms | A vulnerability, which was classified as problematic, has been found in Tribal Systems Zenario CMS 9.3.57595. This issue affects some unknown processing of the component Remember Me Handler. The manipulation leads to session fixiation. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-214589 was assigned to this vulnerability. | 2022-11-30 | not yet calculated | CVE-2022-4231 MISC MISC |
ulusal_siber_olaylara_müdahale_merkezi — prens_student_information_system | Algan Yazılım Prens Student Information System product has an unauthenticated SQL Injection vulnerability. | 2022-12-02 | not yet calculated | CVE-2022-2807 CONFIRM |
ulusal_siber_olaylara_müdahale_merkezi — prens_student_information_system | Algan Yaz?l?m Prens Student Information System product has an authenticated Insecure Direct Object Reference (IDOR) vulnerability. | 2022-12-02 | not yet calculated | CVE-2022-2808 CONFIRM |
vim — vim |
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0742. | 2022-12-03 | not yet calculated | CVE-2022-3491 CONFIRM MISC |
vim — vim |
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0765. | 2022-12-02 | not yet calculated | CVE-2022-3520 MISC CONFIRM |
vim — vim |
Use After Free in GitHub repository vim/vim prior to 9.0.0789. | 2022-12-02 | not yet calculated | CVE-2022-3591 MISC CONFIRM |
webtareas — webtareas | webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in deleteapprovalstages.php. | 2022-12-02 | not yet calculated | CVE-2022-44290 MISC MISC |
webtareas — webtareas | webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in phasesets.php. | 2022-12-02 | not yet calculated | CVE-2022-44291 MISC MISC |
webtareas — webtareas | webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /linkedcontent/listfiles.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field after clicking “Add”. | 2022-12-02 | not yet calculated | CVE-2022-44953 MISC MISC |
webtareas — webtareas | webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /contacts/listcontacts.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Last Name field after clicking “Add”. | 2022-12-02 | not yet calculated | CVE-2022-44954 MISC MISC |
webtareas — webtareas | webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the Chat function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Messages field. | 2022-12-02 | not yet calculated | CVE-2022-44955 MISC MISC |
webtareas — webtareas | webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /projects/listprojects.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | 2022-12-02 | not yet calculated | CVE-2022-44956 MISC MISC |
webtareas — webtareas | webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /clients/listclients.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | 2022-12-02 | not yet calculated | CVE-2022-44957 MISC MISC |
webtareas — webtareas | webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /meetings/listmeetings.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | 2022-12-02 | not yet calculated | CVE-2022-44959 MISC MISC |
webtareas — webtareas | webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /general/search.php?searchtype=simple. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search field. | 2022-12-02 | not yet calculated | CVE-2022-44960 MISC MISC |
webtareas — webtareas | webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /forums/editforum.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | 2022-12-02 | not yet calculated | CVE-2022-44961 MISC MISC |
webtareas — webtareas | webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /calendar/viewcalendar.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Subject field. | 2022-12-02 | not yet calculated | CVE-2022-44962 MISC MISC |
western_digital -multiple_products |
A path traversal vulnerability was addressed in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi which could allow an attacker to initiate installation of custom ZIP packages and overwrite system files. This could potentially lead to a code execution. | 2022-12-01 | not yet calculated | CVE-2022-29837 MISC |
wordpress — wordpress | The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘datef’ parameter on the ‘chainedquiz_list’ page in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2022-12-02 | not yet calculated | CVE-2022-4208 MISC MISC MISC |
wordpress — wordpress | The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘pointsf’ parameter on the ‘chainedquiz_list’ page in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2022-12-02 | not yet calculated | CVE-2022-4209 MISC MISC MISC |
wordpress — wordpress | The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘dnf’ parameter on the ‘chainedquiz_list’ page in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2022-12-02 | not yet calculated | CVE-2022-4210 MISC MISC MISC |
wordpress — wordpress | The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ’emailf’ parameter on the ‘chainedquiz_list’ page in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2022-12-02 | not yet calculated | CVE-2022-4211 MISC MISC MISC |
wordpress — wordpress | The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘ipf’ parameter on the ‘chainedquiz_list’ page in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2022-12-02 | not yet calculated | CVE-2022-4212 MISC MISC MISC |
wordpress — wordpress | The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘dn’ parameter on the ‘chainedquiz_list’ page in versions up to, and including, 1.3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2022-12-02 | not yet calculated | CVE-2022-4213 MISC MISC |
wordpress — wordpress | The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘ip’ parameter on the ‘chainedquiz_list’ page in versions up to, and including, 1.3.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2022-12-02 | not yet calculated | CVE-2022-4214 MISC MISC MISC |
wordpress — wordpress | The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘date’ parameter on the ‘chainedquiz_list’ page in versions up to, and including, 1.3.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2022-12-02 | not yet calculated | CVE-2022-4215 MISC MISC MISC |
wordpress — wordpress | The Chained Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘facebook_appid’ parameter in versions up to, and including, 1.3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2022-12-02 | not yet calculated | CVE-2022-4216 MISC MISC MISC MISC |
wordpress — wordpress | The Chained Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘api_key’ parameter in versions up to, and including, 1.3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2022-12-02 | not yet calculated | CVE-2022-4217 MISC MISC MISC MISC |
wordpress — wordpress | The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. This is due to missing nonce validation on the list_quizzes() function. This makes it possible for unauthenticated attackers to delete quizzes and copy quizzes via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2022-12-02 | not yet calculated | CVE-2022-4218 MISC MISC MISC |
wordpress — wordpress | The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. This is due to missing nonce validation on the manage() function. This makes it possible for unauthenticated attackers to delete submitted quiz responses via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2022-12-02 | not yet calculated | CVE-2022-4219 MISC MISC MISC |
wordpress — wordpress | The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. This is due to missing nonce validation on the list_questions() function. This makes it possible for unauthenticated attackers to delete questions from quizzes via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2022-12-02 | not yet calculated | CVE-2022-4220 MISC MISC MISC MISC |
This product is provided subject to this Notification and this Privacy & Use policy.
Please share your thoughts.
CISA recently updated an anonymous product survey;they’d welcome your feedback.
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on Patreon using the button below
To keep up to date follow us on the below channels.