US-CERT Bulletin (SB22-346):Vulnerability Summary for the Week of December 5, 2022
Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
activerecord_project — activerecord | A possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record < 7.0.3.1, <6.1.6.1, <6.0.5.1 and <5.2.8.1 which could allow an attacker, that can manipulate data in the database (via means like SQL injection), the ability to escalate to an RCE. | 2022-12-05 | 9.8 | CVE-2022-32224 MISC MISC |
algan — prens_student_information_system | Algan Yazılım Prens Student Information System product has an unauthenticated SQL Injection vulnerability. | 2022-12-02 | 9.8 | CVE-2022-2807 CONFIRM |
algan — prens_student_information_system | Algan Yaz?l?m Prens Student Information System product has an authenticated Insecure Direct Object Reference (IDOR) vulnerability. | 2022-12-02 | 8.8 | CVE-2022-2808 CONFIRM |
amentotech — workreap | The Workreap WordPress theme before 2.6.3 has a vulnerability with the notifications feature as it’s possible to read any user’s notification (employer or freelancer) as the notification ID is brute-forceable. | 2022-12-05 | 7.5 | CVE-2022-3846 MISC |
ami — megarac_sp-x | MegaRAC Default Credentials Vulnerability | 2022-12-05 | 9.8 | CVE-2022-40242 MISC |
ami — megarac_sp-x | AMI MegaRAC Redfish Arbitrary Code Execution | 2022-12-05 | 9.8 | CVE-2022-40259 MISC |
ami — megarac_sp-x | AMI MegaRAC User Enumeration Vulnerability | 2022-12-05 | 7.5 | CVE-2022-2827 MISC |
apache — camel | The camel-ldap component allows LDAP Injection when using the filter option. Users are recommended to either move to the Camel-Spring-Ldap component (which is not affected) or upgrade to 3.14.6 or 3.18.4. | 2022-12-05 | 9.8 | CVE-2022-45046 CONFIRM MLIST |
apache — tapestry | ** UNSUPPORTED WHEN ASSIGNED ** Apache Tapestry 3.x allows deserialization of untrusted data, leading to remote code execution. This issue is similar to but distinct from CVE-2020-17531, which applies the the (also unsupported) 4.x version line. NOTE: This vulnerability only affects Apache Tapestry version line 3.x, which is no longer supported by the maintainer. Users are recommended to upgrade to a supported version line of Apache Tapestry. | 2022-12-02 | 9.8 | CVE-2022-46366 CONFIRM MLIST MISC |
avast — avast | A vulnerability within the malware removal functionality of Avast and AVG Antivirus allowed an attacker with write access to the filesystem, to escalate his privileges in certain scenarios. The issue was fixed with Avast and AVG Antivirus version 22.10. | 2022-12-06 | 8.8 | CVE-2022-4173 MISC |
ayacms_project — ayacms | AyaCMS 3.1.2 is vulnerable to Remote Code Execution (RCE). | 2022-12-07 | 9.8 | CVE-2022-45550 MISC MISC |
ayacms_project — ayacms | AyaCMS v3.1.2 has an Arbitrary File Upload vulnerability. | 2022-12-06 | 8.8 | CVE-2022-45548 MISC |
background_management_system_project — background_management_system | A vulnerability was found in Shaoxing Background Management System. It has been declared as critical. This vulnerability affects unknown code of the file /Default/Bd. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-214774 is the identifier assigned to this vulnerability. | 2022-12-03 | 9.8 | CVE-2022-4277 N/A N/A |
beappsmobile — pc_keyboard_wifi\&bluetooth | PC Keyboard allows remote unauthenticated users to send instructions to the server to execute arbitrary code without any previous authorization or authentication. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 2022-12-05 | 9.8 | CVE-2022-45479 MISC |
cacti — cacti | Cacti is an open source platform which provides a robust and extensible operational monitoring and fault management framework for users. In affected versions a command injection vulnerability allows an unauthenticated user to execute arbitrary code on a server running Cacti, if a specific data source was selected for any monitored device. The vulnerability resides in the `remote_agent.php` file. This file can be accessed without authentication. This function retrieves the IP address of the client via `get_client_addr` and resolves this IP address to the corresponding hostname via `gethostbyaddr`. After this, it is verified that an entry within the `poller` table exists, where the hostname corresponds to the resolved hostname. If such an entry was found, the function returns `true` and the client is authorized. This authorization can be bypassed due to the implementation of the `get_client_addr` function. The function is defined in the file `lib/functions.php` and checks serval `$_SERVER` variables to determine the IP address of the client. The variables beginning with `HTTP_` can be arbitrarily set by an attacker. Since there is a default entry in the `poller` table with the hostname of the server running Cacti, an attacker can bypass the authentication e.g. by providing the header `Forwarded-For: <TARGETIP>`. This way the function `get_client_addr` returns the IP address of the server running Cacti. The following call to `gethostbyaddr` will resolve this IP address to the hostname of the server, which will pass the `poller` hostname check because of the default entry. After the authorization of the `remote_agent.php` file is bypassed, an attacker can trigger different actions. One of these actions is called `polldata`. The called function `poll_for_data` retrieves a few request parameters and loads the corresponding `poller_item` entries from the database. If the `action` of a `poller_item` equals `POLLER_ACTION_SCRIPT_PHP`, the function `proc_open` is used to execute a PHP script. The attacker-controlled parameter `$poller_id` is retrieved via the function `get_nfilter_request_var`, which allows arbitrary strings. This variable is later inserted into the string passed to `proc_open`, which leads to a command injection vulnerability. By e.g. providing the `poller_id=;id` the `id` command is executed. In order to reach the vulnerable call, the attacker must provide a `host_id` and `local_data_id`, where the `action` of the corresponding `poller_item` is set to `POLLER_ACTION_SCRIPT_PHP`. Both of these ids (`host_id` and `local_data_id`) can easily be bruteforced. The only requirement is that a `poller_item` with an `POLLER_ACTION_SCRIPT_PHP` action exists. This is very likely on a productive instance because this action is added by some predefined templates like `Device – Uptime` or `Device – Polling Time`. This command injection vulnerability allows an unauthenticated user to execute arbitrary commands if a `poller_item` with the `action` type `POLLER_ACTION_SCRIPT_PHP` (`2`) is configured. The authorization bypass should be prevented by not allowing an attacker to make `get_client_addr` (file `lib/functions.php`) return an arbitrary IP address. This could be done by not honoring the `HTTP_…` `$_SERVER` variables. If these should be kept for compatibility reasons it should at least be prevented to fake the IP address of the server running Cacti. This vulnerability has been addressed in both the 1.2.x and 1.3.x release branches with `1.2.23` being the first release containing the patch. | 2022-12-05 | 9.8 | CVE-2022-46169 MISC MISC MISC MISC |
casbin — casdoor | Casdoor before v1.126.1 was discovered to contain an arbitrary file deletion vulnerability via the uploadFile function. | 2022-12-07 | 8.1 | CVE-2022-44942 MISC |
clastix — capsule | Capsule is a multi-tenancy and policy-based framework for Kubernetes. Prior to version 0.1.3, a ServiceAccount deployed in a Tenant Namespace, when granted with `PATCH` capabilities on its own Namespace, is able to edit it and remove the Owner Reference, breaking the reconciliation of the Capsule Operator and removing all the enforcement like Pod Security annotations, Network Policies, Limit Range and Resource Quota items. An attacker could detach the Namespace from a Tenant that is forbidding starting privileged Pods using the Pod Security labels by removing the OwnerReference, removing the enforcement labels, and being able to start privileged containers that would be able to start a generic Kubernetes privilege escalation. Patches have been released for version 0.1.3. No known workarounds are available. | 2022-12-02 | 8.8 | CVE-2022-46167 MISC MISC MISC MISC |
clerk — clerk.io | The Clerk WordPress plugin before 4.0.0 is affected by time-based attacks in the validation function for all API requests due to the usage of comparison operators to verify API keys against the ones stored in the site options. | 2022-12-05 | 7.5 | CVE-2022-3907 MISC |
concretecms — concrete_cms | ConcreteCMS v9.1.3 was discovered to be vulnerable to Xpath injection attacks. This vulnerability allows attackers to access sensitive XML data via a crafted payload injected into the URL path folder “3”. | 2022-12-05 | 7.5 | CVE-2022-46464 MISC |
craftcms — craft_cms | All Craft CMS versions between 3.0.0 and 3.7.32 disclose password hashes of users who authenticate using their E-Mail address or username in Anti-CSRF-Tokens. Craft CMS uses a cookie called CRAFT_CSRF_TOKEN and a HTML hidden field called CRAFT_CSRF_TOKEN to avoid Cross Site Request Forgery attacks. The CRAFT_CSRF_TOKEN cookie discloses the password hash in without encoding it whereas the corresponding HTML hidden field discloses the users’ password hash in a masked manner, which can be decoded by using public functions of the YII framework. | 2022-12-05 | 7.5 | CVE-2022-37783 MISC |
cybozu — cybozu_remote_service | Uncontrolled resource consumption vulnerability in Cybozu Remote Service 4.0.0 to 4.0.3 allows a remote authenticated attacker to consume huge storage space, which may result in a denial-of-service (DoS) condition. | 2022-12-07 | 7.5 | CVE-2022-44608 MISC MISC |
d-link — dhp-w310av_firmware | D-Link DHP-W310AV 3.10EU was discovered to contain a command injection vulnerability via the System Checks function. | 2022-12-02 | 9.8 | CVE-2022-44930 MISC |
d-link — dvg-g5402sp_firmware | D-Link DVG-G5402SP GE_1.03 was discovered to contain a command injection vulnerability via the Maintenance function. | 2022-12-02 | 9.8 | CVE-2022-44928 MISC |
d-link — dvg-g5402sp_firmware | An access control issue in D-Link DVG-G5402SP GE_1.03 allows unauthenticated attackers to escalate privileges via arbitrarily editing VoIP SIB profiles. | 2022-12-02 | 9.8 | CVE-2022-44929 MISC |
dottech — smart_campus_system | A vulnerability, which was classified as problematic, has been found in Dot Tech Smart Campus System. Affected by this issue is some unknown functionality of the file /services/Card/findUser. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-214778 is the identifier assigned to this vulnerability. | 2022-12-03 | 7.5 | CVE-2022-4280 N/A N/A |
duxcms_project — duxcms | A vulnerability was found in annyshow DuxCMS 2.1. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-215116. | 2022-12-08 | 8 | CVE-2020-36610 MISC MISC |
elbtide — advanced_booking_calendar | Unauth. SQL Injection (SQLi) vulnerability in Advanced Booking Calendar plugin <= 1.7.1 on WordPress. | 2022-12-05 | 9.8 | CVE-2022-45822 MISC |
f5 — big-iq_centralized_management | In all versions, BIG-IP and BIG-IQ are vulnerable to cross-site request forgery (CSRF) attacks through iControl SOAP. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2022-12-07 | 8.8 | CVE-2022-41622 MISC |
facepay_project — facepay | A vulnerability has been found in Facepay 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /face-recognition-php/facepay-master/camera.php. The manipulation of the argument userId leads to authorization bypass. The attack can be launched remotely. The identifier VDB-214789 was assigned to this vulnerability. | 2022-12-05 | 8.8 | CVE-2022-4281 N/A |
force1rc — discovery_wifi_u818a_hd\+_fpv_firmware | Buffer overflow in firmware lewei_cam binary version 2.0.10 in Force 1 Discovery Wifi U818A HD+ FPV Drone allows attacker to gain remote code execution as root user via a specially crafted UDP packet. Please update the Reference section to these links > http://thiscomputer.com/ > https://www.bostoncyber.org/ > https://medium.com/@meekworth/exploiting-the-lw9621-drone-camera-module-773f00081368 | 2022-12-06 | 9.8 | CVE-2022-40918 MISC MISC |
fortinet — fortiadc | An improper neutralization of special elements used in an SQL Command (‘SQL Injection’) vulnerability in Fortinet FortiADC version 7.1.0, version 7.0.0 through 7.0.2 and version 6.2.4 and below allows an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests. | 2022-12-06 | 8.8 | CVE-2022-33875 MISC |
fortinet — fortideceptor | An insufficient logging [CWE-778] vulnerability in FortiSandbox versions 4.0.0 to 4.0.2, 3.2.0 to 3.2.3 and 3.1.0 to 3.1.5 and FortiDeceptor versions 4.2.0, 4.1.0 through 4.1.1, 4.0.0 through 4.0.2, 3.3.0 through 3.3.3, 3.2.0 through 3.2.2,3.1.0 through 3.1.1 and 3.0.0 through 3.0.2 may allow a remote attacker to repeatedly enter incorrect credentials without causing a log entry, and with no limit on the number of failed authentication attempts. | 2022-12-06 | 7.5 | CVE-2022-30305 MISC |
fortinet — fortiproxy | An authentication bypass by assumed-immutable data vulnerability [CWE-302] in the FortiOS SSH login component 7.2.0, 7.0.0 through 7.0.7, 6.4.0 through 6.4.9, 6.2 all versions, 6.0 all versions and FortiProxy SSH login component 7.0.0 through 7.0.5, 2.0.0 through 2.0.10, 1.2.0 all versions may allow a remote and unauthenticated attacker to login into the device via sending specially crafted Access-Challenge response from the Radius server. | 2022-12-06 | 9.8 | CVE-2022-35843 MISC |
franklinfueling — colibri_firmware | Franklin Fueling System FFS Colibri 1.9.22.8925 is affected by: File system overwrite. The impact is: File system rewrite (remote). ¶¶ An attacker can overwrite system files like [system.conf] and [passwd], this occurs because the insecure usage of “fopen” system function with the mode “wb” which allows overwriting file if exists. Overwriting files such as passwd, allows an attacker to escalate his privileges by planting backdoor user with root privilege or change root password. | 2022-12-05 | 9.8 | CVE-2022-44039 MISC |
fsi — fs040u_firmware | Cross-site request forgery (CSRF) vulnerability in +F FS040U software versions v2.3.4 and earlier, +F FS020W software versions v4.0.0 and earlier, +F FS030W software versions v3.3.5 and earlier, and +F FS040W software versions v1.4.1 and earlier allows an adjacent attacker to hijack the authentication of an administrator and user’s unintended operations such as to reboot the product and/or reset the configuration to the initial set-up may be performed. | 2022-12-05 | 7.3 | CVE-2022-43470 MISC MISC MISC MISC MISC |
galaxyproject — galaxy | Galaxy is an open-source platform for data analysis. An arbitrary file read exists in Galaxy 22.01 and Galaxy 22.05 due to the switch to Gunicorn, which can be used to read any file accessible to the operating system user under which Galaxy is running. This vulnerability affects Galaxy 22.01 and higher, after the switch to gunicorn, which serve static contents directly. Additionally, the vulnerability is mitigated when using Nginx or Apache to serve /static/* contents, instead of Galaxy’s internal middleware. This issue has been patched in commit `e5e6bda4f` and will be included in future releases. Users are advised to manually patch their installations. There are no known workarounds for this vulnerability. | 2022-12-06 | 7.5 | CVE-2022-23470 MISC MISC |
ge — cimplicity | GE CIMPICITY versions 2022 and prior is vulnerable when data from faulting address controls code flow starting at gmmiObj!CGmmiOptionContainer, which could allow an attacker to execute arbitrary code. | 2022-12-07 | 7.8 | CVE-2022-2002 MISC |
ge — cimplicity | GE CIMPICITY versions 2022 and prior is vulnerable to a heap-based buffer overflow, which could allow an attacker to execute arbitrary code. | 2022-12-07 | 7.8 | CVE-2022-2948 MISC |
ge — cimplicity | GE CIMPICITY versions 2022 and prior is vulnerable when data from a faulting address controls code flow starting at gmmiObj!CGmmiOptionContainer, which could allow an attacker to execute arbitrary code. | 2022-12-07 | 7.8 | CVE-2022-2952 MISC |
ge — cimplicity | GE CIMPICITY versions 2022 and prior is vulnerable when data from a faulting address controls code flow starting at gmmiObj!CGmmiRootOptionTable, which could allow an attacker to execute arbitrary code. | 2022-12-08 | 7.8 | CVE-2022-3084 MISC |
ge — cimplicity | GE CIMPICITY versions 2022 and prior is vulnerable to an out-of-bounds write, which could allow an attacker to execute arbitrary code. | 2022-12-08 | 7.8 | CVE-2022-3092 MISC |
gitpython_project — gitpython | All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments. | 2022-12-06 | 9.8 | CVE-2022-24439 CONFIRM CONFIRM |
goauthentik — authentik | authentik is an open-source identity provider. Versions prior to 2022.11.2 and 2022.10.2 are vulnerable to unauthorized user creation and potential account takeover. With the default flows, unauthenticated users can create new accounts in authentik. If a flow exists that allows for email-verified password recovery, this can be used to overwrite the email address of admin accounts and take over their accounts. authentik 2022.11.2 and 2022.10.2 fix this issue. As a workaround, a policy can be created and bound to the `default-user-settings-flow flow` with the contents `return request.user.is_authenticated`. | 2022-12-02 | 9.8 | CVE-2022-46145 MISC MISC MISC |
google — android | In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. | 2022-12-06 | 7.8 | CVE-2022-39090 MISC |
google — android | In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. | 2022-12-06 | 7.8 | CVE-2022-39091 MISC |
google — android | In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. | 2022-12-06 | 7.8 | CVE-2022-39092 MISC |
google — android | In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. | 2022-12-06 | 7.8 | CVE-2022-39093 MISC |
google — android | In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. | 2022-12-06 | 7.8 | CVE-2022-39094 MISC |
google — android | In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. | 2022-12-06 | 7.8 | CVE-2022-39095 MISC |
google — android | In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. | 2022-12-06 | 7.8 | CVE-2022-39096 MISC |
google — android | In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. | 2022-12-06 | 7.8 | CVE-2022-39097 MISC |
google — android | In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. | 2022-12-06 | 7.8 | CVE-2022-39098 MISC |
google — android | In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. | 2022-12-06 | 7.8 | CVE-2022-39099 MISC |
google — android | In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. | 2022-12-06 | 7.8 | CVE-2022-39100 MISC |
google — android | In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. | 2022-12-06 | 7.8 | CVE-2022-39101 MISC |
google — android | In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. | 2022-12-06 | 7.8 | CVE-2022-39102 MISC |
google — android | In UscAIEngine service, there is a missing permission check. This could lead to set up UscAIEngine service with no additional execution privileges needed. | 2022-12-06 | 7.8 | CVE-2022-42776 MISC |
google — android | In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. | 2022-12-06 | 7.8 | CVE-2022-42777 MISC |
google — android | In windows manager service, there is a missing permission check. This could lead to set up windows manager service with no additional execution privileges needed. | 2022-12-06 | 7.8 | CVE-2022-42778 MISC |
google — chrome | Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2022-12-02 | 8.8 | CVE-2022-4262 MISC MISC |
google — tensorflow | TensorFlow is an open source platform for machine learning. The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. We have patched the issue in GitHub commit a65411a1d69edfb16b25907ffb8f73556ce36bb7. The fix will be included in TensorFlow 2.11.0. We will also cherrypick this commit on TensorFlow 2.8.4, 2.9.3, and 2.10.1. | 2022-12-06 | 9.1 | CVE-2022-41902 MISC MISC CONFIRM |
google — tensorflow | TensorFlow is an open source platform for machine learning. The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. We have patched the issue in GitHub commit a65411a1d69edfb16b25907ffb8f73556ce36bb7. The fix will be included in TensorFlow 2.11.0. We will also cherrypick this commit on TensorFlow 2.8.4, 2.9.3, and 2.10.1. | 2022-12-06 | 9.1 | CVE-2022-41910 MISC CONFIRM MISC |
gpac — gpac | GPAC MP4box v2.0.0 was discovered to contain a stack overflow in the smil_parse_time_list parameter at /scenegraph/svg_attributes.c. | 2022-12-06 | 7.8 | CVE-2022-45283 MISC |
hasura — graphql_engine | Hasura GraphQL Engine before 2.15.2 mishandles row-level authorization in the Update Many API for Postgres backends. The fixed versions are 2.10.2, 2.11.3, 2.12.1, 2.13.2, 2.14.1, and 2.15.2. (Versions before 2.10.0 are unaffected.) | 2022-12-08 | 8.8 | CVE-2022-46792 MISC MISC MISC |
haxx — curl | When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST. | 2022-12-05 | 9.8 | CVE-2022-32221 MISC |
hope-boot_project — hope-boot | hope-boot 1.0.0 has a deserialization vulnerability that can cause Remote Code Execution (RCE). | 2022-12-07 | 9.8 | CVE-2022-44371 MISC |
hornerautomation — rcc972_firmware | Horner Automation’s RCC 972 with firmware version 15.40 has a static encryption key on the device. This could allow an attacker to perform unauthorized changes to the device, remotely execute arbitrary code, or cause a denial-of-service condition. | 2022-12-02 | 9.8 | CVE-2022-2641 MISC |
hornerautomation — rcc972_firmware | The Config-files of Horner Automation’s RCC 972 with firmware version 15.40 are encrypted with weak XOR encryption vulnerable to reverse engineering. This could allow an attacker to obtain credentials to run services such as File Transfer Protocol (FTP) and Hypertext Transfer Protocol (HTTP). | 2022-12-02 | 7.5 | CVE-2022-2640 MISC |
hornerautomation — rcc972_firmware | Horner Automation’s RCC 972 firmware version 15.40 contains global variables. This could allow an attacker to read out sensitive values and variable keys from the device. | 2022-12-02 | 7.5 | CVE-2022-2642 MISC |
house_rental_system_project — house_rental_system | A vulnerability, which was classified as critical, was found in House Rental System. Affected is an unknown function of the file /view-property.php. The manipulation of the argument property_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-214770 is the identifier assigned to this vulnerability. | 2022-12-03 | 9.8 | CVE-2022-4274 N/A N/A |
house_rental_system_project — house_rental_system | A vulnerability has been found in House Rental System and classified as critical. Affected by this vulnerability is an unknown functionality of the file search-property.php of the component POST Request Handler. The manipulation of the argument search_property leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214771. | 2022-12-03 | 9.8 | CVE-2022-4275 N/A N/A |
house_rental_system_project — house_rental_system | A vulnerability was found in House Rental System and classified as critical. Affected by this issue is some unknown functionality of the file tenant-engine.php of the component POST Request Handler. The manipulation of the argument id_photo leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214772. | 2022-12-03 | 9.8 | CVE-2022-4276 N/A N/A |
human_resource_management_system_project — human_resource_management_system | A vulnerability, which was classified as critical, has been found in SourceCodester Human Resource Management System 1.0. This issue affects some unknown processing of the file /hrm/controller/employee.php of the component Content-Type Handler. The manipulation of the argument pfimg leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-214769 was assigned to this vulnerability. | 2022-12-03 | 9.8 | CVE-2022-4273 MISC MISC |
human_resource_management_system_project — human_resource_management_system | A vulnerability was found in SourceCodester Human Resource Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /hrm/employeeadd.php. The manipulation of the argument empid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214775. | 2022-12-03 | 7.2 | CVE-2022-4278 N/A N/A |
ibm — content_navigator | IBM Content Navigator 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, and 3.0.12 is vulnerable to missing authorization and could allow an authenticated user to load external plugins and execute code. IBM X-Force ID: 238805. | 2022-12-07 | 8.8 | CVE-2022-43581 MISC MISC |
ibm — spectrum_scale_container_native_storage_access | IBM Spectrum Scale 5.1.0.1 through 5.1.4.1 could allow a local attacker to execute arbitrary commands in the container. IBM X-Force ID: 239437. | 2022-12-06 | 7.8 | CVE-2022-43867 MISC MISC |
ibm — sterling_secure_proxy | IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 230522. | 2022-12-06 | 7.5 | CVE-2022-34361 MISC MISC |
ilias — ilias | ILIAS before 7.16 allows OS Command Injection. | 2022-12-07 | 8.8 | CVE-2022-45915 MISC FULLDISC MISC |
inksplat — comic_book_management_system | The Comic Book Management System WordPress plugin before 2.2.0 does not sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin. | 2022-12-05 | 7.2 | CVE-2022-3856 MISC MISC |
ivanti — endpoint_manager | A privilege escalation vulnerability is identified in Ivanti EPM (LANDesk Management Suite) that allows a user to execute commands with elevated privileges. | 2022-12-05 | 9.8 | CVE-2022-27773 MISC |
ivanti — endpoint_manager | XML Injection with Endpoint Manager 2022. 3 and below causing a download of a malicious file to run and possibly execute to gain unauthorized privileges. | 2022-12-05 | 7.8 | CVE-2022-35259 MISC |
joinmastodon — mastodon | Mastodon through 4.0.2 allows attackers to cause a denial of service (large Sidekiq pull queue) by creating bot accounts that follow attacker-controlled accounts on certain other servers associated with a wildcard DNS A record, such that there is uncontrolled recursion of attacker-generated messages. | 2022-12-04 | 7.5 | CVE-2022-46405 MISC MISC |
jrecms — springbootcms | A vulnerability was found in SpringBootCMS and classified as critical. Affected by this issue is some unknown functionality of the component Template Management. The manipulation leads to injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-214790 is the identifier assigned to this vulnerability. | 2022-12-05 | 7.2 | CVE-2022-4282 MISC MISC |
kodcloud — kodexplorer | Kodexplorer is a chinese language web based file manager and browser based code editor. Versions prior to 4.50 did not prevent unauthenticated users from requesting arbitrary files from the host OS file system. As a result any files available to the host process may be accessed by arbitrary users. This issue has been addressed in version 4.50. Users are advised to upgrade. There are no known workarounds for this issue. | 2022-12-06 | 7.5 | CVE-2022-46154 MISC MISC |
kujirahand — nadesiko3 | OS command injection vulnerability in Nadesiko3 (PC Version) v3.3.61 and earlier allows a remote attacker to execute an arbitrary OS command when processing compression and decompression on the product. | 2022-12-05 | 9.8 | CVE-2022-41642 MISC MISC MISC |
lazy_mouse_project — lazy_mouse | Lazy Mouse server enforces weak password requirements and doesn’t implement rate limiting, allowing remote unauthenticated users to easily and quickly brute force the PIN and execute arbitrary commands. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 2022-12-02 | 9.8 | CVE-2022-45482 MISC |
lzmouse — lazy_mouse | The default configuration of Lazy Mouse does not require a password, allowing remote unauthenticated users to execute arbitrary code with no prior authorization or authentication. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 2022-12-05 | 9.8 | CVE-2022-45481 MISC |
maku — maku-boot | A vulnerability, which was classified as critical, was found in maku-boot up to 2.2.0. This affects the function doExecute of the file AbstractScheduleJob.java of the component Scheduled Task Handler. The manipulation leads to injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 446eb7294332efca2bfd791bc37281cedac0d0ff. It is recommended to apply a patch to fix this issue. The identifier VDB-215013 was assigned to this vulnerability. | 2022-12-07 | 7.2 | CVE-2022-4322 N/A N/A N/A |
markdown_preview_enhanced_project — markdown_preview_enhanced | Markdown Preview Enhanced v0.6.5 and v0.19.6 for VSCode and Atom was discovered to contain a command injection vulnerability via the PDF file import function. | 2022-12-07 | 9.8 | CVE-2022-45025 MISC |
markdown_preview_enhanced_project — markdown_preview_enhanced | An issue in Markdown Preview Enhanced v0.6.5 and v0.19.6 for VSCode and Atom allows attackers to execute arbitrary commands during the GFM export process. | 2022-12-07 | 9.8 | CVE-2022-45026 MISC |
mikrotik — routeros | Mikrotik RouterOs before stable v7.5 was discovered to contain an out-of-bounds read in the hotspot process. This vulnerability allows attackers to execute arbitrary code via a crafted nova message. | 2022-12-05 | 9.8 | CVE-2022-45313 MISC |
mikrotik — routeros | Mikrotik RouterOs before stable v7.6 was discovered to contain an out-of-bounds read in the snmp process. This vulnerability allows attackers to execute arbitrary code via a crafted packet. | 2022-12-05 | 9.8 | CVE-2022-45315 MISC |
mobatek — mobaxterm | When aborting a SFTP connection, MobaXterm before v22.1 sends a hardcoded password to the server. The server treats this as an invalid login attempt which can result in a Denial of Service (DoS) for the user if services like fail2ban are used. | 2022-12-06 | 9.1 | CVE-2022-38337 MISC MISC |
mobatek — mobaxterm | An access control issue in MobaXterm before v22.1 allows attackers to make connections to the server via the SSH or SFTP protocols without authentication. | 2022-12-06 | 8.1 | CVE-2022-38336 MISC |
moxa — uc-8580-t-lx_firmware | Cradlepoint IBR600 NCOS versions 6.5.0.160bc2e and prior are vulnerable to shell escape, which enables local attackers with non-superuser credentials to gain full, unrestrictive shell access which may allow an attacker to execute arbitrary code. | 2022-12-02 | 7.6 | CVE-2022-3086 MISC |
nadesiko3_project — nadesiko3 | OS command injection vulnerability in Nako3edit, editor component of nadesiko3 (PC Version) v3.3.74 and earlier allows a remote attacker to obtain appkey of the product and execute an arbitrary OS command on the product. | 2022-12-05 | 9.8 | CVE-2022-42496 MISC MISC MISC |
nadesiko3_project — nadesiko3 | Improper check or handling of exceptional conditions vulnerability in Nako3edit, editor component of nadesiko3 (PC Version) v3.3.74 and earlier allows a remote attacker to inject an invalid value to decodeURIComponent of nako3edit, which may lead the server to crash. | 2022-12-05 | 7.5 | CVE-2022-41777 MISC MISC MISC |
neutrinolabs — xrdp | xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in xrdp_login_wnd_create() function. There are no known workarounds for this issue. Users are advised to upgrade. | 2022-12-09 | 9.8 | CVE-2022-23468 MISC |
neutrinolabs — xrdp | xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in audin_send_open() function. There are no known workarounds for this issue. Users are advised to upgrade. | 2022-12-09 | 9.8 | CVE-2022-23477 MISC |
neutrinolabs — xrdp | xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Write in xrdp_mm_trans_process_drdynvc_channel_open() function. There are no known workarounds for this issue. Users are advised to upgrade. | 2022-12-09 | 9.8 | CVE-2022-23478 MISC |
neutrinolabs — xrdp | xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in xrdp_mm_chan_data_in() function. There are no known workarounds for this issue. Users are advised to upgrade. | 2022-12-09 | 9.8 | CVE-2022-23479 MISC |
neutrinolabs — xrdp | xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in devredir_proc_client_devlist_announce_req() function. There are no known workarounds for this issue. Users are advised to upgrade. | 2022-12-09 | 9.8 | CVE-2022-23480 MISC |
neutrinolabs — xrdp | xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Integer Overflow in xrdp_mm_process_rail_update_window_text() function. There are no known workarounds for this issue. Users are advised to upgrade. | 2022-12-09 | 9.8 | CVE-2022-23484 MISC |
neutrinolabs — xrdp | xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in xrdp_caps_process_confirm_active() function. There are no known workarounds for this issue. Users are advised to upgrade. | 2022-12-09 | 9.1 | CVE-2022-23481 MISC |
neutrinolabs — xrdp | xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in xrdp_sec_process_mcs_data_CS_CORE() function. There are no known workarounds for this issue. Users are advised to upgrade. | 2022-12-09 | 9.1 | CVE-2022-23482 MISC |
neutrinolabs — xrdp | xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in libxrdp_send_to_channel() function. There are no known workarounds for this issue. Users are advised to upgrade. | 2022-12-09 | 9.1 | CVE-2022-23483 MISC |
neutrinolabs — xrdp | xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in xrdp_mm_trans_process_drdynvc_channel_close() function. There are no known workarounds for this issue. Users are advised to upgrade. | 2022-12-09 | 9.1 | CVE-2022-23493 MISC |
nodebb — nodebb | NodeBB is an open source Node.js based forum software. Due to a plain object with a prototype being used in socket.io message handling a specially crafted payload can be used to impersonate other users and takeover accounts. This vulnerability has been patched in version 2.6.1. Users are advised to upgrade. Users unable to upgrade may cherry-pick commit `48d143921753914da45926cca6370a92ed0c46b8` into their codebase to patch the exploit. | 2022-12-05 | 9.8 | CVE-2022-46164 MISC MISC |
nodejs — node.js | The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling. | 2022-12-05 | 9.8 | CVE-2022-35256 MISC |
nodejs — node.js | A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource() in SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc. There are two problems with this: 1) It does not check the return value, it assumes EntropySource() always succeeds, but it can (and sometimes will) fail. 2) The random data returned byEntropySource() may not be cryptographically strong and therefore not suitable as keying material. | 2022-12-05 | 9.1 | CVE-2022-35255 MISC |
nodejs — node.js | A OS Command Injection vulnerability exists in Node.js versions <14.21.1, <16.18.1, <18.12.1, <19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.The fix for this issue in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212 was incomplete and this new CVE is to complete the fix. | 2022-12-05 | 8.1 | CVE-2022-43548 MISC |
nokogiri — nokogiri | Nokogiri is an open source XML and HTML library for the Ruby programming language. Nokogiri `1.13.8` and `1.13.9` fail to check the return value from `xmlTextReaderExpand` in the method `Nokogiri::XML::Reader#attribute_hash`. This can lead to a null pointer exception when invalid markup is being parsed. For applications using `XML::Reader` to parse untrusted inputs, this may potentially be a vector for a denial of service attack. Users are advised to upgrade to Nokogiri `>= 1.13.10`. Users may be able to search their code for calls to either `XML::Reader#attributes` or `XML::Reader#attribute_hash` to determine if they are affected. | 2022-12-08 | 7.5 | CVE-2022-23476 MISC MISC MISC |
nttdata — terasoluna_server_framework_for_java_\(rich\) | TERASOLUNA Global Framework 1.0.0 (Public review version) and TERASOLUNA Server Framework for Java (Rich) 2.0.0.2 to 2.0.5.1 are vulnerable to a ClassLoader manipulation vulnerability due to using the old version of Spring Framework which contains the vulnerability.The vulnerability is caused by an improper input validation issue in the binding mechanism of Spring MVC. By the application processing a specially crafted file, arbitrary code may be executed with the privileges of the application. | 2022-12-05 | 7.8 | CVE-2022-43484 MISC MISC MISC |
offis — dcmtk | DCMTK v3.6.7 was discovered to contain a memory leak via the T_ASC_Association object. | 2022-12-02 | 7.5 | CVE-2022-43272 MISC MISC |
omron — cx-programmer | Use-after free vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. | 2022-12-07 | 7.8 | CVE-2022-43508 MISC MISC |
omron — cx-programmer | Out-of-bounds write vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. | 2022-12-07 | 7.8 | CVE-2022-43509 MISC MISC |
omron — cx-programmer | Stack-based buffer overflow vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. | 2022-12-07 | 7.8 | CVE-2022-43667 MISC MISC |
online_leave_management_system_project — online_leave_management_system | Online Leave Management System v1.0 was discovered to contain an arbitrary file upload vulnerability at /leave_system/classes/SystemSettings.php?f=update_settings. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | 2022-12-07 | 7.2 | CVE-2022-45009 MISC |
paddlepaddle — paddlepaddle | Code injection in paddle.audio.functional.get_window in PaddlePaddle 2.4.0-rc0 allows arbitrary code execution. | 2022-12-07 | 9.8 | CVE-2022-46742 MISC |
paddlepaddle — paddlepaddle | Out-of-bounds read in gather_tree in PaddlePaddle before 2.4. | 2022-12-07 | 9.1 | CVE-2022-46741 MISC |
passeo_project — passeo | Passeo is an open source python password generator. Versions prior to 1.0.5 rely on the python `random` library for random value selection. The python `random` library warns that it should not be used for security purposes due to its reliance on a non-cryptographically secure random number generator. As a result a motivated attacker may be able to guess generated passwords. This issue has been addressed in version 1.0.5. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2022-12-06 | 7.5 | CVE-2022-23472 MISC MISC MISC |
pdfmake_project — pdfmake | pdfmake is an open source client/server side PDF printing in pure JavaScript. In versions up to and including 0.2.5 pdfmake contains an unsafe evaluation of user controlled input. Users of pdfmake are thus subject to arbitrary code execution in the context of the process running the pdfmake code. There are no known fixes for this issue. Users are advised to restrict access to trusted user input. | 2022-12-06 | 9.8 | CVE-2022-46161 MISC MISC |
postmagthemes — postmagthemes_demo_import | The PostmagThemes Demo Import WordPress plugin through 1.0.7 does not validate the imported file, allowing high-privilege users such as admin to upload arbitrary files (such as PHP) leading to RCE. | 2022-12-05 | 7.2 | CVE-2022-1540 MISC |
premio — chaty | The Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line, WeChat, Email, SMS, Call Button WordPress plugin before 3.0.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin. | 2022-12-05 | 7.2 | CVE-2022-3858 MISC |
proofpoint — enterprise_protection | The Admin Smart Search feature in Proofpoint Enterprise Protection (PPS/PoD) contains a stored cross-site scripting vulnerability that enables an anonymous email sender to gain admin privileges within the user interface. This affects all versions 8.19.0 and below. | 2022-12-06 | 9.6 | CVE-2022-46332 MISC |
proofpoint — enterprise_protection | The admin user interface in Proofpoint Enterprise Protection (PPS/PoD) contains a command injection vulnerability that enables an admin to execute commands beyond their allowed scope. This affects all versions 8.19.0 and below. | 2022-12-06 | 7.2 | CVE-2022-46333 MISC |
protocol — libp2p | libp2p-rust is the official rust language Implementation of the libp2p networking stack. In versions prior to 0.45.1 an attacker node can cause a victim node to allocate a large number of small memory chunks, which can ultimately lead to the victim’s process running out of memory and thus getting killed by its operating system. When executed continuously, this can lead to a denial of service attack, especially relevant on a larger scale when run against more than one node of a libp2p based network. Users are advised to upgrade to `libp2p` `v0.45.1` or above. Users unable to upgrade should reference the DoS Mitigation page for more information on how to incorporate mitigation strategies, monitor their application, and respond to attacks: https://docs.libp2p.io/reference/dos-mitigation/. | 2022-12-07 | 7.5 | CVE-2022-23486 MISC |
protocol — libp2p | js-libp2p is the official javascript Implementation of libp2p networking stack. Versions older than `v0.38.0` of js-libp2p are vulnerable to targeted resource exhaustion attacks. These attacks target libp2p’s connection, stream, peer, and memory management. An attacker can cause the allocation of large amounts of memory, ultimately leading to the process getting killed by the host’s operating system. While a connection manager tasked with keeping the number of connections within manageable limits has been part of js-libp2p, this component was designed to handle the regular churn of peers, not a targeted resource exhaustion attack. Users are advised to update their js-libp2p dependency to `v0.38.0` or greater. There are no known workarounds for this vulnerability. | 2022-12-07 | 7.5 | CVE-2022-23487 MISC |
protocol — libp2p | go-libp2p is the offical libp2p implementation in the Go programming language. Version `0.18.0` and older of go-libp2p are vulnerable to targeted resource exhaustion attacks. These attacks target libp2p’s connection, stream, peer, and memory management. An attacker can cause the allocation of large amounts of memory, ultimately leading to the process getting killed by the host’s operating system. While a connection manager tasked with keeping the number of connections within manageable limits has been part of go-libp2p, this component was designed to handle the regular churn of peers, not a targeted resource exhaustion attack. Users are advised to upgrade their version of go-libp2p to version `0.18.1` or newer. Users unable to upgrade may consult the denial of service (dos) mitigation page for more information on how to incorporate mitigation strategies, monitor your application, and respond to attacks. | 2022-12-08 | 7.5 | CVE-2022-23492 MISC MISC MISC |
proxmox — proxmox_mail_gateway | Proxmox Virtual Environment (PVE) and Proxmox Mail Gateway (PMG) are vulnerable to SSRF when proxying HTTP requests between pve(pmg)proxy and pve(pmg)daemon. An attacker with an unprivileged account can craft an HTTP request to achieve SSRF and file disclosure of any files on the server. Also, in Proxmox Mail Gateway, privilege escalation to the root@pam account is possible if the backup feature has ever been used, because backup files such as pmg-backup_YYYY_MM_DD_*.tgz have 0644 permissions and contain an authkey value. This is fixed in pve-http-server 4.1-3. | 2022-12-04 | 9.8 | CVE-2022-35508 MISC MISC MISC MISC |
proxmox — proxmox_mail_gateway | A response-header CRLF injection vulnerability in the Proxmox Virtual Environment (PVE) and Proxmox Mail Gateway (PMG) web interface allows a remote attacker to set cookies for a victim’s browser that are longer than the server expects, causing a client-side DoS. This affects Chromium-based browsers because they allow injection of response headers with %0d. This is fixed in pve-http-server 4.1-3. | 2022-12-04 | 7.1 | CVE-2022-35507 MISC MISC |
pulsesecure — pulse_connect_secure | An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions prior to 22.3R1. | 2022-12-05 | 7.5 | CVE-2022-35254 MISC |
pulsesecure — pulse_connect_secure | An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions prior to 22.3R1. | 2022-12-05 | 7.5 | CVE-2022-35258 MISC |
pwndoc_project — pwndoc | An issue in the /api/audits component of Pwndoc v0.5.3 allows attackers to escalate privileges and execute arbitrary code via uploading a crafted audit file. | 2022-12-05 | 8.8 | CVE-2022-45771 MISC MISC |
py7zr_project — py7zr | A directory traversal vulnerability in the SevenZipFile.extractall() function of the python library py7zr v0.20.0 and earlier allows attackers to write arbitrary files via extracting a crafted 7z file. | 2022-12-06 | 9.1 | CVE-2022-44900 MISC MISC MISC |
quarkus — quarkus | Quarkus CORS filter allows simple GET and POST requests with invalid Origin to proceed. Simple GET or POST requests made with XMLHttpRequest are the ones which have no event listeners registered on the object returned by the XMLHttpRequest upload property and have no ReadableStream object used in the request. | 2022-12-06 | 9.8 | CVE-2022-4147 MISC |
rack_project — rack | A sequence injection vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 which could allow is a possible shell escape in the Lint and CommonLogger components of Rack. | 2022-12-05 | 10 | CVE-2022-30123 MISC |
rack_project — rack | A possible denial of service vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 in the multipart parsing component of Rack. | 2022-12-05 | 7.5 | CVE-2022-30122 MISC |
rackn — digital_rebar | RackN Digital Rebar through 4.6.14, 4.7 through 4.7.22, 4.8 through 4.8.5, 4.9 through 4.9.12, and 4.10 through 4.10.8 has exposed a privileged token via a public API endpoint (Incorrect Access Control). The token can be used to escalate privileges within the Digital Rebar system and grant full administrative access. | 2022-12-06 | 9.8 | CVE-2022-46383 MISC MISC |
rackn — digital_rebar | RackN Digital Rebar through 4.6.14, 4.7 through 4.7.22, 4.8 through 4.8.5, 4.9 through 4.9.12, and 4.10 through 4.10.8 has Insecure Permissions. After signing into Digital Rebar, users are issued authentication tokens tied to their account to perform actions within Digital Rebar. During the validation process of these tokens, Digital Rebar did not check if the user account still exists. Deleted Digital Rebar users could still use their tokens to perform actions within Digital Rebar. | 2022-12-06 | 8.8 | CVE-2022-46382 MISC |
redmine — redmine | Redmine 5.x before 5.0.4 allows downloading of file attachments of any Issue or any Wiki page due to insufficient permission checks. Depending on the configuration, this may require login as a registered user. | 2022-12-06 | 7.5 | CVE-2022-44030 MISC MISC |
rukovoditel — rukovoditel | Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the heading_field_id parameter. | 2022-12-02 | 9.8 | CVE-2022-44945 MISC MISC |
rukovoditel — rukovoditel | Rukovoditel v3.2.1 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability in the component /rukovoditel/index.php?module=users/login. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request. | 2022-12-05 | 8.8 | CVE-2022-45020 MISC |
samsung — exynos_firmware | Improper authorization in Exynos baseband prior to SMR DEC-2022 Release 1 allows remote attacker to get sensitive information including IMEI via emergency call. | 2022-12-08 | 7.5 | CVE-2022-39902 MISC |
sangoma — asterisk | In Sangoma Asterisk through 16.28.0, 17.x and 18.x through 18.14.0, and 19.x through 19.6.0, an incoming Setup message to addons/ooh323c/src/ooq931.c with a malformed Calling or Called Party IE can cause a crash. | 2022-12-05 | 7.5 | CVE-2022-37325 MISC |
sanitization_management_system_project — sanitization_management_system | Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=services/view_service&id=. | 2022-12-07 | 7.2 | CVE-2022-44393 MISC |
seagate — stcg2000300_firmware | The web-management application on Seagate Central NAS STCG2000300, STCG3000300, and STCG4000300 devices allows OS command injection via mv_backend_launch in cirrus/application/helpers/mv_backend_helper.php by leveraging the “start” state and sending a check_device_name request. | 2022-12-06 | 9.8 | CVE-2020-6627 MISC MISC MISC |
secomea — gatemanager | Improper Input Validation of plugin files in Administrator Interface of Secomea GateManager allows a server administrator to inject code into the GateManager interface. This issue affects: Secomea GateManager versions prior to 10.0. | 2022-12-06 | 7.2 | CVE-2022-38123 MISC |
simple-git_project — simple-git | The package simple-git before 3.15.0 are vulnerable to Remote Code Execution (RCE) when enabling the ext transport protocol, which makes it exploitable via clone() method. This vulnerability exists due to an incomplete fix of [CVE-2022-24066](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-2434306). | 2022-12-06 | 9.8 | CVE-2022-25912 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
simple_phone_book\/directory_web_app_project — simple_phone_book\/directory_web_app | Simple Phone Book/Directory Web App v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter at /PhoneBook/edit.php. | 2022-12-07 | 9.8 | CVE-2022-45010 MISC |
skycaiji — skycaiji | Skycaiji v2.5.1 was discovered to contain a deserialization vulnerability via /SkycaijiApp/admin/controller/Mystore.php. | 2022-12-07 | 9.8 | CVE-2022-44351 MISC |
slims — senayan_library_management_system | SLiMS 9 Bulian v9.5.0 was discovered to contain a SQL injection vulnerability via the keywords parameter. | 2022-12-05 | 7.5 | CVE-2022-45019 MISC |
stackstorm — stackstorm | Improper access control in Key-Value RBAC in StackStorm version 3.7.0 didn’t check the permissions in Jinja filters, allowing attackers to access K/V pairs of other users, potentially leading to the exposure of sensitive Information. | 2022-12-06 | 7.5 | CVE-2022-44009 MISC |
swiftterm_project — swiftterm | SwiftTerm is a Xterm/VT100 Terminal emulator. Prior to commit a94e6b24d24ce9680ad79884992e1dff8e150a31, an attacker could modify the window title via a certain character escape sequence and then insert it back to the command line in the user’s terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands. Version a94e6b24d24ce9680ad79884992e1dff8e150a31 contains a patch for this issue. There are no known workarounds available. | 2022-12-02 | 7.8 | CVE-2022-23465 MISC MISC |
syncee — syncee_-_global_dropshipping | The Syncee WordPress plugin before 1.0.10 leaks the administrator token that can be used to take over the administrator’s account. | 2022-12-05 | 7.5 | CVE-2022-3694 MISC |
telepad-app — telepad | Telepad allows remote unauthenticated users to send instructions to the server to execute arbitrary code without any previous authorization or authentication. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 2022-12-05 | 9.8 | CVE-2022-45477 MISC |
telos — omnia_mpx_node_firmware | Insecure permissions in Telos Alliance Omnia MPX Node v1.0.0 to v1.4.9 allow attackers to manipulate and access system settings with backdoor account low privilege, this can lead to change hardware settings and execute arbitrary commands in vulnerable system functions that is requires high privilege to access. | 2022-12-02 | 8.8 | CVE-2022-45562 MISC |
telosalliance — omnia_mpx_node_firmware | An unauthenticated command injection vulnerability in the product license validation function of Telos Alliance Omnia MPX Node 1.3.* – 1.4.* allows attackers to execute arbitrary commands via a crafted payload injected into the license input. | 2022-12-02 | 9.8 | CVE-2022-43325 MISC |
tenda — a18_firmware | Tenda A18 v15.13.07.09 was discovered to contain a stack overflow via the security_5g parameter at /goform/WifiBasicSet. | 2022-12-08 | 7.5 | CVE-2022-44931 MISC |
tenda — a18_firmware | An access control issue in Tenda A18 v15.13.07.09 allows unauthenticated attackers to access the Telnet service. | 2022-12-08 | 7.5 | CVE-2022-44932 MISC |
tenda — ac6_firmware | Tenda AC6V1.0 V15.03.05.19 is vulnerable to Buffer Overflow via formSetMacFilterCfg. | 2022-12-02 | 7.5 | CVE-2022-45641 MISC |
tenda — i21_firmware | Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/AddSysLogRule. | 2022-12-02 | 9.8 | CVE-2022-44362 MISC |
tenda — i21_firmware | Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/setSnmpInfo. | 2022-12-02 | 9.8 | CVE-2022-44363 MISC |
tenda — i21_firmware | Tenda i21 V1.0.0.14(4656) has a stack overflow vulnerability via /goform/setSysPwd. | 2022-12-02 | 9.8 | CVE-2022-44365 MISC |
tenda — i21_firmware | Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/setDiagnoseInfo. | 2022-12-02 | 9.8 | CVE-2022-44366 MISC |
tenda — i21_firmware | Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/setUplinkInfo. | 2022-12-02 | 9.8 | CVE-2022-44367 MISC |
tenda — i22_firmware | Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the index parameter in the formWifiMacFilterSet function. | 2022-12-02 | 7.5 | CVE-2022-45663 MISC |
tenda — i22_firmware | Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the list parameter in the formwrlSSIDget function. | 2022-12-02 | 7.5 | CVE-2022-45664 MISC |
tenda — i22_firmware | Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the index parameter in the formWifiMacFilterGet function. | 2022-12-02 | 7.5 | CVE-2022-45669 MISC |
tenda — i22_firmware | Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the ping1 parameter in the formSetAutoPing function. | 2022-12-02 | 7.5 | CVE-2022-45670 MISC |
tenda — i22_firmware | Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the appData parameter in the formSetAppFilterRule function. | 2022-12-02 | 7.5 | CVE-2022-45671 MISC |
tenda — i22_firmware | Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the formWx3AuthorizeSet function. | 2022-12-02 | 7.5 | CVE-2022-45672 MISC |
tenda — w30e_firmware | Tenda W30E v1.0.1.25(633) was discovered to contain a command injection vulnerability via the fileNameMit parameter at /goform/delFileName. | 2022-12-08 | 9.8 | CVE-2022-45506 MISC |
tenda — w30e_firmware | Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the cmdinput parameter at /goform/exeCommand. | 2022-12-08 | 7.5 | CVE-2022-45505 MISC |
tenda — w30e_firmware | Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the editNameMit parameter at /goform/editFileName. | 2022-12-08 | 7.5 | CVE-2022-45507 MISC |
tenda — w30e_firmware | Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the new_account parameter at /goform/editUserName. | 2022-12-08 | 7.5 | CVE-2022-45508 MISC |
tenda — w30e_firmware | Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the account parameter at /goform/addUserName. | 2022-12-08 | 7.5 | CVE-2022-45509 MISC |
tenda — w30e_firmware | Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the mit_ssid_index parameter at /goform/AdvSetWrlsafeset. | 2022-12-08 | 7.5 | CVE-2022-45510 MISC |
tenda — w30e_firmware | Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the PPPOEPassword parameter at /goform/QuickIndex. | 2022-12-08 | 7.5 | CVE-2022-45511 MISC |
tenda — w30e_firmware | Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/SafeEmailFilter. | 2022-12-08 | 7.5 | CVE-2022-45512 MISC |
tenda — w30e_firmware | Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/P2pListFilter. | 2022-12-08 | 7.5 | CVE-2022-45513 MISC |
tenda — w30e_firmware | Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/webExcptypemanFilter. | 2022-12-08 | 7.5 | CVE-2022-45514 MISC |
tenda — w30e_firmware | Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the entries parameter at /goform/addressNat. | 2022-12-08 | 7.5 | CVE-2022-45515 MISC |
tenda — w30e_firmware | Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/NatStaticSetting. | 2022-12-08 | 7.5 | CVE-2022-45516 MISC |
tenda — w30e_firmware | Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/VirtualSer. | 2022-12-08 | 7.5 | CVE-2022-45517 MISC |
tenda — w30e_firmware | Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/SetIpBind. | 2022-12-08 | 7.5 | CVE-2022-45518 MISC |
tenda — w30e_firmware | Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the Go parameter at /goform/SafeMacFilter. | 2022-12-08 | 7.5 | CVE-2022-45519 MISC |
tenda — w30e_firmware | Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/qossetting. | 2022-12-08 | 7.5 | CVE-2022-45520 MISC |
tenda — w30e_firmware | Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/SafeUrlFilter. | 2022-12-08 | 7.5 | CVE-2022-45521 MISC |
tenda — w30e_firmware | Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/SafeClientFilter. | 2022-12-08 | 7.5 | CVE-2022-45522 MISC |
tenda — w30e_firmware | Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/L7Im. | 2022-12-08 | 7.5 | CVE-2022-45523 MISC |
tenda — w30e_firmware | Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the opttype parameter at /goform/IPSECsave. | 2022-12-08 | 7.5 | CVE-2022-45524 MISC |
tenda — w30e_firmware | Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the downaction parameter at /goform/CertListInfo. | 2022-12-08 | 7.5 | CVE-2022-45525 MISC |
tenda — w6-s_firmware | Tenda W6-S v1.0.0.4(510) was discovered to contain a command injection vulnerability in the tpi_get_ping_output function at /goform/exeCommand. | 2022-12-08 | 9.8 | CVE-2022-45497 MISC |
tenda — w6-s_firmware | An issue in the component tpi_systool_handle(0) (/goform/SysToolReboot) of Tenda W6-S v1.0.0.4(510) allows unauthenticated attackers to arbitrarily reboot the device. | 2022-12-08 | 7.5 | CVE-2022-45498 MISC |
tenda — w6-s_firmware | Tenda W6-S v1.0.0.4(510) was discovered to contain a stack overflow via the wl_radio parameter at /goform/WifiMacFilterGet. | 2022-12-08 | 7.5 | CVE-2022-45499 MISC |
tenda — w6-s_firmware | Tenda W6-S v1.0.0.4(510) was discovered to contain a stack overflow via the wl_radio parameter at /goform/wifiSSIDset. | 2022-12-08 | 7.5 | CVE-2022-45501 MISC |
tenda — w6-s_firmware | Tenda W6-S v1.0.0.4(510) was discovered to contain a stack overflow via the linkEn parameter at /goform/setAutoPing. | 2022-12-08 | 7.5 | CVE-2022-45503 MISC |
tenda — w6-s_firmware | An issue in the component tpi_systool_handle(0) (/goform/SysToolRestoreSet) of Tenda W6-S v1.0.0.4(510) allows unauthenticated attackers to arbitrarily reboot the device. | 2022-12-08 | 7.5 | CVE-2022-45504 MISC |
tendacn — ac6_firmware | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the deviceId parameter in the addWifiMacFilter function. | 2022-12-02 | 7.5 | CVE-2022-45643 MISC |
tendacn — ac6_firmware | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the deviceId parameter in the formSetClientState function. | 2022-12-02 | 7.5 | CVE-2022-45644 MISC |
tendacn — ac6_firmware | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the deviceMac parameter in the addWifiMacFilter function. | 2022-12-02 | 7.5 | CVE-2022-45645 MISC |
tendacn — ac6_firmware | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the limitSpeedUp parameter in the formSetClientState function. | 2022-12-02 | 7.5 | CVE-2022-45646 MISC |
tendacn — ac6_firmware | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the limitSpeed parameter in the formSetClientState function. | 2022-12-02 | 7.5 | CVE-2022-45647 MISC |
tendacn — ac6_firmware | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the devName parameter in the formSetDeviceName function. | 2022-12-02 | 7.5 | CVE-2022-45648 MISC |
tendacn — ac6_firmware | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the endIp parameter in the formSetPPTPServer function. | 2022-12-02 | 7.5 | CVE-2022-45649 MISC |
tendacn — ac6_firmware | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the firewallEn parameter in the formSetFirewallCfg function. | 2022-12-02 | 7.5 | CVE-2022-45650 MISC |
tendacn — ac6_firmware | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the list parameter in the formSetVirtualSer function. | 2022-12-02 | 7.5 | CVE-2022-45651 MISC |
tendacn — ac6_firmware | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the startIp parameter in the formSetPPTPServer function. | 2022-12-02 | 7.5 | CVE-2022-45652 MISC |
tendacn — ac6_firmware | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the page parameter in the fromNatStaticSetting function. | 2022-12-02 | 7.5 | CVE-2022-45653 MISC |
tendacn — ac6_firmware | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the ssid parameter in the form_fast_setting_wifi_set function. | 2022-12-02 | 7.5 | CVE-2022-45654 MISC |
tendacn — ac6_firmware | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the timeZone parameter in the form_fast_setting_wifi_set function. | 2022-12-02 | 7.5 | CVE-2022-45655 MISC |
tendacn — ac6_firmware | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the time parameter in the fromSetSysTime function. | 2022-12-02 | 7.5 | CVE-2022-45656 MISC |
tendacn — ac6_firmware | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the list parameter in the fromSetIpMacBind function. | 2022-12-02 | 7.5 | CVE-2022-45657 MISC |
tendacn — ac6_firmware | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the schedEndTime parameter in the setSchedWifi function. | 2022-12-02 | 7.5 | CVE-2022-45658 MISC |
tendacn — ac6_firmware | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the wpapsk_crypto parameter in the fromSetWirelessRepeat function. | 2022-12-02 | 7.5 | CVE-2022-45659 MISC |
tendacn — ac6_firmware | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the schedStartTime parameter in the setSchedWifi function. | 2022-12-02 | 7.5 | CVE-2022-45660 MISC |
tendacn — ac6_firmware | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the time parameter in the setSmartPowerManagement function. | 2022-12-02 | 7.5 | CVE-2022-45661 MISC |
thinkphp — thinkphp | Thinkphp 5.1.41 and 5.0.24 has a code logic error which causes file upload getshell. | 2022-12-06 | 8.8 | CVE-2022-44289 MISC |
tibco — nimbus | The Web Client component of TIBCO Software Inc.’s TIBCO Nimbus contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to exploit an open redirect on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.’s TIBCO Nimbus: version 10.5.0. | 2022-12-06 | 9.3 | CVE-2022-41559 CONFIRM |
ui — edgemax_edgerouter_firmware | A remote code execution vulnerability in EdgeRouters (Version 2.0.9-hotfix.4 and earlier) allows a malicious actor with an operator account to run arbitrary administrator commands.This vulnerability is fixed in Version 2.0.9-hotfix.5 and later. | 2022-12-05 | 8.8 | CVE-2022-43553 MISC |
unimo — udr-ja1604_firmware | Hidden functionality vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71×10.1.107112.43A and earlier allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings. | 2022-12-07 | 8.8 | CVE-2022-43464 MISC MISC |
unimo — udr-ja1604_firmware | OS command injection vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71×10.1.107112.43A and earlier allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings. | 2022-12-07 | 8.8 | CVE-2022-44606 MISC MISC |
unimo — udr-ja1604_firmware | Improper authentication vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71×10.1.107112.43A and earlier allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings. | 2022-12-07 | 8.8 | CVE-2022-44620 MISC MISC |
veeam — veeam_backup_for_google_cloud | Improper authentication in Veeam Backup for Google Cloud v1.0 and v3.0 allows attackers to bypass authentication mechanisms. | 2022-12-05 | 9.8 | CVE-2022-43549 MISC |
veritas — netbackup_flex_scale_appliance | An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. Unauthenticated remote command execution can occur via the management portal. | 2022-12-04 | 9.8 | CVE-2022-46414 MISC |
veritas — netbackup_flex_scale_appliance | An issue was discovered in Veritas NetBackup Flex Scale through 3.0. An attacker with non-root privileges may escalate privileges to root by using specific commands. | 2022-12-04 | 8.8 | CVE-2022-46410 MISC |
veritas — netbackup_flex_scale_appliance | An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. A default password is persisted after installation and may be discovered and used to escalate privileges. | 2022-12-04 | 8.8 | CVE-2022-46411 MISC |
veritas — netbackup_flex_scale_appliance | An issue was discovered in Veritas NetBackup Flex Scale through 3.0. A non-privileged user may escape a restricted shell and execute privileged commands. | 2022-12-04 | 8.8 | CVE-2022-46412 MISC |
veritas — netbackup_flex_scale_appliance | An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. Authenticated remote command execution can occur via the management portal. | 2022-12-04 | 8.8 | CVE-2022-46413 MISC |
videolan — vlc_media_player | An integer overflow in the VNC module in VideoLAN VLC Media Player through 3.0.17.4 allows attackers, by tricking a user into opening a crafted playlist or connecting to a rogue VNC server, to crash VLC or execute code under some conditions. | 2022-12-06 | 7.8 | CVE-2022-41325 MISC MISC MISC DEBIAN |
vim — vim | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0742. | 2022-12-03 | 9.8 | CVE-2022-3491 CONFIRM MISC |
vim — vim | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0765. | 2022-12-02 | 9.8 | CVE-2022-3520 MISC CONFIRM |
vim — vim | Use After Free in GitHub repository vim/vim prior to 9.0.0789. | 2022-12-02 | 7.8 | CVE-2022-3591 MISC CONFIRM |
vim — vim | Use After Free in GitHub repository vim/vim prior to 9.0.0882. | 2022-12-05 | 7.8 | CVE-2022-4292 CONFIRM MISC |
warehouse_management_system_project — warehouse_management_system | A vulnerability, which was classified as critical, has been found in FeMiner wms. Affected by this issue is some unknown functionality of the file /product/savenewproduct.php?flag=1. The manipulation of the argument upfile leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214760. | 2022-12-03 | 9.8 | CVE-2022-4272 MISC MISC |
webtareas_project — webtareas | webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in deleteapprovalstages.php. | 2022-12-02 | 9.8 | CVE-2022-44290 MISC MISC |
webtareas_project — webtareas | webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in phasesets.php. | 2022-12-02 | 9.8 | CVE-2022-44291 MISC MISC |
wordpress_popular_posts_project — wordpress_popular_posts | External initialization of trusted variables or data stores vulnerability exists in WordPress Popular Posts 6.0.5 and earlier, therefore the vulnerable product accepts untrusted external inputs to update certain internal variables. As a result, the number of views for an article may be manipulated through a crafted input. | 2022-12-07 | 7.5 | CVE-2022-43468 MISC MISC MISC |
wp-ecommerce — easy_wp_smtp | Auth. Remote Code Execution vulnerability in Easy WP SMTP plugin <= 1.5.1 on WordPress. | 2022-12-06 | 8.8 | CVE-2022-42699 MISC |
wp-ecommerce — easy_wp_smtp | Auth. Path Traversal vulnerability in Easy WP SMTP plugin <= 1.5.1 at WordPress. | 2022-12-06 | 8.1 | CVE-2022-45829 MISC |
wp_csv_exporter_project — wp_csv_exporter | The WP CSV Exporter WordPress plugin before 1.3.7 does not properly sanitise and escape some parameters before using them in a SQL statement, allowing high privilege users such as admin to perform SQL injection attacks | 2022-12-05 | 7.2 | CVE-2022-3249 MISC |
xjd2020 — fastcms | A vulnerability was found in FastCMS. It has been rated as critical. This issue affects some unknown processing of the file /template/edit of the component Template Handler. The manipulation leads to injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-214901 was assigned to this vulnerability. | 2022-12-06 | 8.8 | CVE-2022-4300 N/A N/A MISC |
yithemes — yith_woocommerce_gift_cards | Unauth. Arbitrary File Upload vulnerability in YITH WooCommerce Gift Cards premium plugin <= 3.19.0 on WordPress. | 2022-12-06 | 9.8 | CVE-2022-45359 MISC |
zabbix — frontend | Zabbix Frontend provides a feature that allows admins to maintain the installation and ensure that only certain IP addresses can access it. In this way, any user will not be able to access the Zabbix Frontend while it is being maintained and possible sensitive data will be prevented from being disclosed. An attacker can bypass this protection and access the instance using IP address not listed in the defined range. | 2022-12-05 | 9.8 | CVE-2022-43515 MISC |
zabbix — zabbix | A Firewall Rule which allows all incoming TCP connections to all programs from any source and to all ports is created in Windows Firewall after Zabbix agent installation (MSI) | 2022-12-05 | 9.8 | CVE-2022-43516 MISC |
zimbra — collaboration | An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. Remote code execution can occur through ClientUploader by an authenticated admin user. An authenticated admin user can upload files through the ClientUploader utility, and traverse to any other directory for remote code execution. | 2022-12-05 | 7.2 | CVE-2022-45912 MISC |
zkteco — zktime | A default username and password for an administrator account was discovered in ZKTeco ZKTime 10.0 through 11.1.0, builds 20180901, 20190510.1, 20200309.3, 20200930, 20201231, and 20210220. | 2022-12-06 | 7.5 | CVE-2021-39434 MISC |
Medium Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
2kblater — 2kb_amazon_affiliates_store | Reflected Cross-Site Scripting (XSS) vulnerability in 2kb Amazon Affiliates Store plugin <=2.1.5 on WordPress. | 2022-12-04 | 6.1 | CVE-2022-40968 MISC |
add_comments_project — add_comments | The Add Comments WordPress plugin through 1.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2022-12-05 | 4.8 | CVE-2022-3909 MISC |
addonspress — advanced_import | The Advanced Import WordPress plugin before 1.3.8 does not have CSRF check when installing and activating plugins, which could allow attackers to make a logged in admin install arbitrary plugins from WordPress.org, and activate arbitrary ones from the blog via CSRF attacks | 2022-12-05 | 6.5 | CVE-2022-3677 MISC |
advanced_wp_columns_project — advanced_wp_columns | The Advanced WP Columns WordPress plugin through 2.0.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2022-12-05 | 4.8 | CVE-2022-3426 MISC |
apache — commons_net | Prior to Apache Commons Net 3.9.0, Net’s FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711. | 2022-12-03 | 6.5 | CVE-2021-37533 CONFIRM MLIST |
auto\/taxi_stand_management_system_project — auto\/taxi_stand_management_system | AutoTaxi Stand Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component search.php. | 2022-12-06 | 6.1 | CVE-2022-43369 MISC MISC |
awstats — awstats | AWStats 7.x through 7.8 allows XSS in the hostinfo plugin due to printing a response from Net::XWhois without proper checks. | 2022-12-04 | 6.1 | CVE-2022-46391 MISC MLIST |
bd — bodyguard_999-603_firmware | The BD BodyGuard™ infusion pumps specified allow for access through the RS-232 (serial) port interface. If exploited, threat actors with physical access, specialized equipment and knowledge may be able to configure or disable the pump. No electronic protected health information (ePHI), protected health information (PHI) or personally identifiable information (PII) is stored in the pump. | 2022-12-05 | 5.3 | CVE-2022-43557 MISC |
beappsmobile — pc_keyboard_wifi_\&_bluetooth | PC Keyboard WiFi & Bluetooth allows an attacker (in a man-in-the-middle position between the server and a connected device) to see all data (including keypresses) in cleartext. CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N | 2022-12-02 | 5.9 | CVE-2022-45480 MISC |
beetl-bbs_project — beetl-bbs | A vulnerability was found in xiandafu beetl-bbs. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file WebUtils.java. The manipulation of the argument user leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-215107. | 2022-12-08 | 5.4 | CVE-2022-4347 N/A N/A |
book_store_management_system_project — book_store_management_system | A cross-site scripting (XSS) vulnerability in Book Store Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the Add New System User module. | 2022-12-02 | 5.4 | CVE-2022-45215 MISC MISC |
book_store_management_system_project — book_store_management_system | A cross-site scripting (XSS) vulnerability in Book Store Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Level parameter under the Add New System User module. | 2022-12-07 | 5.4 | CVE-2022-45217 MISC MISC |
clicshopping — clicshopping_v3 | A cross-site scripting (XSS) vulnerability in ClicShopping_V3 v3.402 allows attackers to execute arbitrary web scripts or HTML via a crafted URL parameter. | 2022-12-05 | 6.1 | CVE-2022-45769 MISC |
concretecms — concrete_cms | Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to XSS in the text input field since the result dashboard page output is not sanitized. The Concrete CMS security team has ranked this 4.2 with CVSS v3.1 vector AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N Thanks @_akbar_jafarli_ for reporting. Remediate by updating to Concrete CMS 8.5.10 and Concrete CMS 9.1.3. | 2022-12-05 | 6.1 | CVE-2022-43556 MISC MISC MISC |
contest-gallery — contest_gallery | Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Contest Gallery plugin <= 13.1.0.9 on WordPress. | 2022-12-06 | 6.1 | CVE-2022-45848 MISC |
crowdstrike — falcon | CrowdStrike Falcon 6.44.15806 allows an administrative attacker to uninstall Falcon Sensor, bypassing the intended protection mechanism in which uninstallation requires possessing a one-time token. (The sensor is managed at the kernel level.) | 2022-12-04 | 4.9 | CVE-2022-44721 MISC |
dev4press — gd_bbpress_attachments | Auth. Stored Cross-Site Scripting (XSS) vulnerability in GD bbPress Attachments plugin <= 4.3.1 on WordPress. | 2022-12-06 | 5.4 | CVE-2022-45816 MISC |
discourse — discourse | Discourse is an open-source discussion platform. In version 2.8.13 and prior on the `stable` branch and version 2.9.0.beta14 and prior on the `beta` and `tests-passed` branches, any authenticated user can create an unlisted topic. These topics, which are not readily available to other users, can take up unnecessary site resources. A patch for this issue is available in the `main` branch of Discourse. There are no known workarounds available. | 2022-12-02 | 4.3 | CVE-2022-46159 MISC MISC |
duxcms_project — duxcms | A vulnerability was found in annyshow DuxCMS 2.1. It has been classified as problematic. This affects an unknown part of the file admin.php&r=article/AdminContent/edit of the component Article Handler. The manipulation of the argument content leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-215115. | 2022-12-08 | 5.4 | CVE-2020-36609 MISC MISC |
ecommerce-website_project — ecommerce-website | A cross-site scripting (XSS) vulnerability in the component /signup_script.php of Ecommerce-Website v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the eMail parameter. | 2022-12-05 | 6.1 | CVE-2022-45990 MISC |
elbtide — advanced_booking_calendar | Cross-Site Request Forgery (CSRF) vulnerability in Advanced Booking Calendar plugin <= 1.7.1 on WordPress. | 2022-12-05 | 6.5 | CVE-2022-45824 MISC |
enhancesoft — osticket | Cross-site Scripting (XSS) – Reflected in GitHub repository osticket/osticket prior to 1.16.4. | 2022-12-02 | 5.4 | CVE-2022-4271 CONFIRM MISC |
fortinet — fortiadc | Multiple instances of improper input validation vulnerability in Fortinet FortiADC version 7.1.0, version 7.0.0 through 7.0.2 and version 6.2.4 and below allows an authenticated attacker to retrieve files with specific extension from the underlying Linux system via crafted HTTP requests. | 2022-12-06 | 6.5 | CVE-2022-33876 MISC |
fortinet — fortios | A improper neutralization of input during web page generation (‘cross-site scripting’) in Fortinet FortiOS 6.0.7 – 6.0.15, 6.2.2 – 6.2.12, 6.4.0 – 6.4.9 and 7.0.0 – 7.0.3 allows a privileged attacker to execute unauthorized code or commands via storing malicious payloads in replacement messages. | 2022-12-06 | 5.4 | CVE-2022-40680 MISC |
fortinet — fortisoar | Improper neutralization of input during web page generation [CWE-79] in FortiSOAR 7.0.0 through 7.0.3 and 7.2.0 may allow an authenticated attacker to inject HTML tags via input fields of various components within FortiSOAR. | 2022-12-06 | 5.4 | CVE-2022-38379 MISC |
fsi — fs040u_firmware | Plaintext storage of a password vulnerability exists in +F FS040U software versions v2.3.4 and earlier, which may allow an attacker to obtain the login password of +F FS040U and log in to the management console. | 2022-12-05 | 4.6 | CVE-2022-43442 MISC MISC MISC MISC MISC |
google — android | In widevine, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07446207; Issue ID: ALPS07446207. | 2022-12-05 | 6.7 | CVE-2022-32594 MISC |
google — android | In widevine, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07446213; Issue ID: ALPS07446213. | 2022-12-05 | 6.7 | CVE-2022-32596 MISC |
google — android | In widevine, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07446228; Issue ID: ALPS07446228. | 2022-12-05 | 6.7 | CVE-2022-32597 MISC |
google — android | In widevine, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07446228; Issue ID: ALPS07446228. | 2022-12-05 | 6.7 | CVE-2022-32598 MISC |
google — android | In keyinstall, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07439659; Issue ID: ALPS07439659. | 2022-12-05 | 6.7 | CVE-2022-32619 MISC |
google — android | In mpu, there is a possible memory corruption due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07541753; Issue ID: ALPS07541753. | 2022-12-05 | 6.7 | CVE-2022-32620 MISC |
google — android | In gz, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07363786; Issue ID: ALPS07363786. | 2022-12-05 | 6.7 | CVE-2022-32622 MISC |
google — android | In throttling, there is a possible out of bounds write due to an incorrect calculation of buffer size. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07405923; Issue ID: ALPS07405923. | 2022-12-05 | 6.7 | CVE-2022-32624 MISC |
google — android | In display, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07326216; Issue ID: ALPS07326216. | 2022-12-05 | 6.7 | CVE-2022-32625 MISC |
google — android | In display, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07326239; Issue ID: ALPS07326239. | 2022-12-05 | 6.7 | CVE-2022-32626 MISC |
google — android | In isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310780; Issue ID: ALPS07310780. | 2022-12-05 | 6.7 | CVE-2022-32628 MISC |
google — android | In isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310774; Issue ID: ALPS07310774. | 2022-12-05 | 6.7 | CVE-2022-32629 MISC |
google — android | In throttling, there is a possible out of bounds write due to an incorrect calculation of buffer size. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07405966; Issue ID: ALPS07405966. | 2022-12-05 | 6.7 | CVE-2022-32630 MISC |
google — android | In Wi-Fi, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07453613; Issue ID: ALPS07453613. | 2022-12-05 | 6.7 | CVE-2022-32631 MISC |
google — android | In Wi-Fi, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07441630; Issue ID: ALPS07441630. | 2022-12-05 | 6.7 | CVE-2022-32632 MISC |
google — android | In Wi-Fi, there is a possible memory access violation due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07441637; Issue ID: ALPS07441637. | 2022-12-05 | 6.7 | CVE-2022-32633 MISC |
google — android | In ccci, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07138646; Issue ID: ALPS07138646. | 2022-12-05 | 6.7 | CVE-2022-32634 MISC |
google — android | In isp, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310829; Issue ID: ALPS07310829. | 2022-12-05 | 6.4 | CVE-2022-32621 MISC |
google — android | In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel. | 2022-12-06 | 5.5 | CVE-2022-39106 MISC |
google — android | In face detect driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel. | 2022-12-06 | 5.5 | CVE-2022-39129 MISC |
google — android | In face detect driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel. | 2022-12-06 | 5.5 | CVE-2022-39130 MISC |
google — android | In camera driver, there is a possible memory corruption due to improper locking. This could lead to local denial of service in kernel. | 2022-12-06 | 5.5 | CVE-2022-39131 MISC |
google — android | In camera driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel. | 2022-12-06 | 5.5 | CVE-2022-39132 MISC |
google — android | In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. | 2022-12-06 | 5.5 | CVE-2022-39133 MISC |
google — android | Exposure of Sensitive Information vulnerability in kernel prior to SMR Dec-2022 Release 1 allows attackers to access the kernel address information via log. | 2022-12-08 | 5.5 | CVE-2022-39897 MISC |
google — android | Implicit intent hijacking vulnerability in Telecom application prior to SMR Dec-2022 Release 1 allows attacker to access sensitive information via implicit intent. | 2022-12-08 | 5.5 | CVE-2022-39905 MISC |
google — android | In npu driver, there is a memory corruption due to a use after free. This could lead to local denial of service in kernel. | 2022-12-06 | 5.5 | CVE-2022-42754 MISC |
google — android | In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. | 2022-12-06 | 5.5 | CVE-2022-42755 MISC |
google — android | In sensor driver, there is a possible buffer overflow due to a missing bounds check. This could lead to local denial of service in kernel. | 2022-12-06 | 5.5 | CVE-2022-42756 MISC |
google — android | In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. | 2022-12-06 | 5.5 | CVE-2022-42759 MISC |
google — android | In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. | 2022-12-06 | 5.5 | CVE-2022-42760 MISC |
google — android | In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. | 2022-12-06 | 5.5 | CVE-2022-42761 MISC |
google — android | In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. | 2022-12-06 | 5.5 | CVE-2022-42762 MISC |
google — android | In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. | 2022-12-06 | 5.5 | CVE-2022-42763 MISC |
google — android | In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. | 2022-12-06 | 5.5 | CVE-2022-42764 MISC |
google — android | In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. | 2022-12-06 | 5.5 | CVE-2022-42765 MISC |
google — android | In wlan driver, there is a possible missing permission check, This could lead to local information disclosure. | 2022-12-06 | 5.5 | CVE-2022-42766 MISC |
google — android | In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. | 2022-12-06 | 5.5 | CVE-2022-42772 MISC |
google — android | In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. | 2022-12-06 | 5.5 | CVE-2022-42773 MISC |
google — android | In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. | 2022-12-06 | 5.5 | CVE-2022-42774 MISC |
google — android | In camera driver, there is a possible memory corruption due to improper locking. This could lead to local denial of service in kernel. | 2022-12-06 | 5.5 | CVE-2022-42775 MISC |
google — android | In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. | 2022-12-06 | 5.5 | CVE-2022-42779 MISC |
google — android | In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. | 2022-12-06 | 5.5 | CVE-2022-42780 MISC |
google — android | In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. | 2022-12-06 | 5.5 | CVE-2022-42781 MISC |
google — android | In wlan driver, there is a possible missing permission check, This could lead to local information disclosure. | 2022-12-06 | 5.5 | CVE-2022-42782 MISC |
google — android | In audio driver, there is a use after free due to a race condition. This could lead to local denial of service in kernel. | 2022-12-06 | 4.7 | CVE-2022-39134 MISC |
google — android | In wlan driver, there is a race condition, This could lead to local denial of service in wlan services. | 2022-12-06 | 4.7 | CVE-2022-42770 MISC |
google — android | In wlan driver, there is a race condition, This could lead to local denial of service in wlan services. | 2022-12-06 | 4.7 | CVE-2022-42771 MISC |
google — android | In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. | 2022-12-06 | 4.3 | CVE-2022-42768 MISC |
haxx — curl | curl can be told to parse a `.netrc` file for credentials. If that file endsin a line with 4095 consecutive non-white space letters and no newline, curlwould first read past the end of the stack-based buffer, and if the readworks, write a zero byte beyond its boundary.This will in most cases cause a segfault or similar, but circumstances might also cause different outcomes.If a malicious user can provide a custom netrc file to an application or otherwise affect its contents, this flaw could be used as denial-of-service. | 2022-12-05 | 6.5 | CVE-2022-35260 MISC |
human_resource_management_system_project — human_resource_management_system | A vulnerability classified as problematic has been found in SourceCodester Human Resource Management System 1.0. Affected is an unknown function of the file /hrm/employeeview.php. The manipulation of the argument search leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214776. | 2022-12-03 | 6.1 | CVE-2022-4279 N/A N/A |
ibm — business_automation_workflow | IBM Business Process Manager 21.0.1 through 21.0.3.1, 20.0.0.1 through 20.0.0.2 19.0.0.1 through 19.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 65687. | 2022-12-07 | 6.1 | CVE-2022-41735 MISC MISC |
ilias — ilias | ILIAS before 7.16 allows External Control of File Name or Path. | 2022-12-07 | 6.5 | CVE-2022-45918 MISC FULLDISC MISC |
ilias — ilias | ILIAS before 7.16 has an Open Redirect. | 2022-12-07 | 6.1 | CVE-2022-45917 MISC FULLDISC MISC |
ilias — ilias | ILIAS before 7.16 allows XSS. | 2022-12-07 | 5.4 | CVE-2022-45916 MISC FULLDISC MISC |
ivanti — endpoint_manager | ZTE OTCP product is impacted by a permission and access control vulnerability. Due to improper permission settings, an attacker with high permissions could use this vulnerability to maliciously delete and modify files. | 2022-12-05 | 6.5 | CVE-2022-23143 MISC |
kibokolabs — chained_quiz | The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘datef’ parameter on the ‘chainedquiz_list’ page in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2022-12-02 | 6.1 | CVE-2022-4208 MISC MISC MISC |
kibokolabs — chained_quiz | The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘pointsf’ parameter on the ‘chainedquiz_list’ page in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2022-12-02 | 6.1 | CVE-2022-4209 MISC MISC MISC |
kibokolabs — chained_quiz | The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘dnf’ parameter on the ‘chainedquiz_list’ page in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2022-12-02 | 6.1 | CVE-2022-4210 MISC MISC MISC |
kibokolabs — chained_quiz | The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ’emailf’ parameter on the ‘chainedquiz_list’ page in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2022-12-02 | 6.1 | CVE-2022-4211 MISC MISC MISC |
kibokolabs — chained_quiz | The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘ipf’ parameter on the ‘chainedquiz_list’ page in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2022-12-02 | 6.1 | CVE-2022-4212 MISC MISC MISC |
kibokolabs — chained_quiz | The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘dn’ parameter on the ‘chainedquiz_list’ page in versions up to, and including, 1.3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2022-12-02 | 6.1 | CVE-2022-4213 MISC MISC |
kibokolabs — chained_quiz | The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘ip’ parameter on the ‘chainedquiz_list’ page in versions up to, and including, 1.3.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2022-12-02 | 6.1 | CVE-2022-4214 MISC MISC MISC |
kibokolabs — chained_quiz | The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘date’ parameter on the ‘chainedquiz_list’ page in versions up to, and including, 1.3.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2022-12-02 | 6.1 | CVE-2022-4215 MISC MISC MISC |
kibokolabs — chained_quiz | The Chained Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘facebook_appid’ parameter in versions up to, and including, 1.3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2022-12-02 | 4.8 | CVE-2022-4216 MISC MISC MISC MISC |
kibokolabs — chained_quiz | The Chained Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘api_key’ parameter in versions up to, and including, 1.3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2022-12-02 | 4.8 | CVE-2022-4217 MISC MISC MISC MISC |
kibokolabs — chained_quiz | The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. This is due to missing nonce validation on the list_quizzes() function. This makes it possible for unauthenticated attackers to delete quizzes and copy quizzes via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2022-12-02 | 4.3 | CVE-2022-4218 MISC MISC MISC |
kibokolabs — chained_quiz | The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. This is due to missing nonce validation on the manage() function. This makes it possible for unauthenticated attackers to delete submitted quiz responses via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2022-12-02 | 4.3 | CVE-2022-4219 MISC MISC MISC |
kibokolabs — chained_quiz | The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. This is due to missing nonce validation on the list_questions() function. This makes it possible for unauthenticated attackers to delete questions from quizzes via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2022-12-02 | 4.3 | CVE-2022-4220 MISC MISC MISC MISC |
kwoksys — information_server | An XML external entity (XXE) injection vulnerability in Kwoksys Kwok Information Server before v2.9.5.SP31 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks. | 2022-12-06 | 4.9 | CVE-2022-45326 MISC MISC |
kyocera — taskalfa_7550ci_firmware | Session information easily guessable vulnerability exists in Kyocera Document Solutions MFPs and printers, which may allow a network-adjacent attacker to log in to the product by spoofing a user with guessed session information. Affected products/versions are as follows: TASKalfa 7550ci/6550ci, TASKalfa 5550ci/4550ci/3550ci/3050ci, TASKalfa 255c/205c, TASKalfa 256ci/206ci, ECOSYS M6526cdn/M6526cidn, FS-C2126MFP/C2126MFP+/C2026MFP/C2026MFP+, TASKalfa 8000i/6500i, TASKalfa 5500i/4500i/3500i, TASKalfa 305/255, TASKalfa 306i/256i, LS-3140MFP/3140MFP+/3640MFP, ECOSYS M2535dn, LS-1135MFP/1035MFP, LS-C8650DN/C8600DN, ECOSYS P6026cdn, FS-C5250DN, LS-4300DN/4200DN/2100DN, ECOSYS P4040dn, ECOSYS P2135dn, and FS-1370DN. | 2022-12-05 | 6.5 | CVE-2022-41798 MISC MISC MISC |
kyocera — taskalfa_7550ci_firmware | Missing authorization vulnerability exists in Kyocera Document Solutions MFPs and printers, which may allow a network-adjacent attacker to alter the product settings without authentication by sending a specially crafted request. Affected products/versions are as follows: TASKalfa 7550ci/6550ci, TASKalfa 5550ci/4550ci/3550ci/3050ci, TASKalfa 255c/205c, TASKalfa 256ci/206ci, ECOSYS M6526cdn/M6526cidn, FS-C2126MFP/C2126MFP+/C2026MFP/C2026MFP+, TASKalfa 8000i/6500i, TASKalfa 5500i/4500i/3500i, TASKalfa 305/255, TASKalfa 306i/256i, LS-3140MFP/3140MFP+/3640MFP, ECOSYS M2535dn, LS-1135MFP/1035MFP, LS-C8650DN/C8600DN, ECOSYS P6026cdn, FS-C5250DN, LS-4300DN/4200DN/2100DN, ECOSYS P4040dn, ECOSYS P2135dn, and FS-1370DN. | 2022-12-05 | 6.5 | CVE-2022-41807 MISC MISC MISC |
kyocera — taskalfa_7550ci_firmware | Stored cross-site scripting vulnerability in Kyocera Document Solutions MFPs and printers allows a remote authenticated attacker with an administrative privilege to inject arbitrary script. Affected products/versions are as follows: TASKalfa 7550ci/6550ci, TASKalfa 5550ci/4550ci/3550ci/3050ci, TASKalfa 255c/205c, TASKalfa 256ci/206ci, ECOSYS M6526cdn/M6526cidn, FS-C2126MFP/C2126MFP+/C2026MFP/C2026MFP+, TASKalfa 8000i/6500i, TASKalfa 5500i/4500i/3500i, TASKalfa 305/255, TASKalfa 306i/256i, LS-3140MFP/3140MFP+/3640MFP, ECOSYS M2535dn, LS-1135MFP/1035MFP, LS-C8650DN/C8600DN, ECOSYS P6026cdn, FS-C5250DN, LS-4300DN/4200DN/2100DN, ECOSYS P4040dn, ECOSYS P2135dn, and FS-1370DN. | 2022-12-05 | 4.8 | CVE-2022-41830 MISC MISC MISC |
lazy_mouse_project — lazy_mouse | Lazy Mouse allows an attacker (in a man in the middle position between the server and a connected device) to see all data (including keypresses) in cleartext. CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N | 2022-12-02 | 5.9 | CVE-2022-45483 MISC |
linux — linux_kernel | A flaw was found in the Linux kernel Traffic Control (TC) subsystem. Using a specific networking configuration (redirecting egress packets to ingress using TC action “mirred”) a local unprivileged user could trigger a CPU soft lockup (ABBA deadlock) when the transport protocol in use (TCP or SCTP) does a retransmission, resulting in a denial of service condition. | 2022-12-05 | 5.5 | CVE-2022-4269 MISC |
mingsoft — mcms | A vulnerability, which was classified as problematic, was found in Mingsoft MCMS 5.2.8. Affected is an unknown function of the file search.do. The manipulation of the argument content_title leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-215112. | 2022-12-08 | 6.1 | CVE-2022-4350 MISC MISC |
oceanwp — sticky_header | Cross-Site Request Forgery (CSRF) vulnerability in Oceanwp sticky header plugin <= 1.0.8 on WordPress. | 2022-12-04 | 6.5 | CVE-2022-35730 MISC |
online_leave_management_system_project — online_leave_management_system | Online Leave Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /leave_system/admin/?page=maintenance/department. This vulnerability allows attackers to execute arbitrary web scripts or HTML via crafted payload injected into the Name field under the Create New module. | 2022-12-07 | 4.8 | CVE-2022-45008 MISC |
openrazer_project — openrazer | OpenRazer is an open source driver and user-space daemon to control Razer device lighting and other features on GNU/Linux. Using a modified USB device an attacker can leak stack addresses of the `razer_attr_read_dpi_stages`, potentially bypassing KASLR. To exploit this vulnerability an attacker would need to access to a users keyboard or mouse or would need to convince a user to use a modified device. The issue has been patched in v3.5.1. Users are advised to upgrade and should be reminded not to plug in unknown USB devices. | 2022-12-05 | 4.6 | CVE-2022-23467 MISC MISC |
pinterest — querybook | Querybook is an open source data querying UI. In affected versions user provided data is not escaped in the error field of the auth callback url in `querybook/server/app/auth/oauth_auth.py` and `querybook/server/app/auth/okta_auth.py`. This may allow attackers to perform reflected cross site scripting (XSS) if Content Security Policy (CSP) is not enabled or `unsafe-inline` is allowed. Users are advised to upgrade to the latest, patched version of querybook (version 3.14.2 or greater). Users unable to upgrade may enable CSP and not allow unsafe-inline or manually escape query parameters in a reverse proxy. | 2022-12-06 | 6.1 | CVE-2022-46151 MISC MISC |
pwn_project — pwn | A vulnerability classified as problematic has been found in CTF-hacker pwn. This affects an unknown part of the file delete.html. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-215109 was assigned to this vulnerability. | 2022-12-08 | 6.8 | CVE-2022-4349 N/A N/A |
rapidscada — rapid_scada | Rapid Software LLC Rapid SCADA 5.8.4 is vulnerable to Cross Site Scripting (XSS). | 2022-12-07 | 6.1 | CVE-2022-44153 MISC |
ricoh — aficio_sp_4210n_firmware | Cross-site scripting vulnerability in Aficio SP 4210N firmware versions prior to Web Support 1.05 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script. | 2022-12-07 | 4.8 | CVE-2022-37406 MISC MISC MISC |
rukovoditel — rukovoditel | Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Announcement function at /index.php?module=help_pages/pages&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field. | 2022-12-02 | 5.4 | CVE-2022-44944 MISC MISC |
rukovoditel — rukovoditel | Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Page function at /index.php?module=help_pages/pages&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field. | 2022-12-02 | 5.4 | CVE-2022-44946 MISC MISC |
rukovoditel — rukovoditel | Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Highlight Row feature at /index.php?module=entities/listing_types&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Note field after clicking “Add”. | 2022-12-02 | 5.4 | CVE-2022-44947 MISC MISC |
rukovoditel — rukovoditel | Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Entities Group feature at/index.php?module=entities/entities_groups. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field after clicking “Add”. | 2022-12-02 | 5.4 | CVE-2022-44948 MISC MISC |
rukovoditel — rukovoditel | Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Field function at /index.php?module=entities/fields&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Short Name field. | 2022-12-02 | 5.4 | CVE-2022-44949 MISC MISC |
rukovoditel — rukovoditel | Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Field function at /index.php?module=entities/fields&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | 2022-12-02 | 5.4 | CVE-2022-44950 MISC MISC |
rukovoditel — rukovoditel | Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Form tab function at /index.php?module=entities/forms&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | 2022-12-02 | 5.4 | CVE-2022-44951 MISC MISC |
rukovoditel — rukovoditel | Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in /index.php?module=configuration/application. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Copyright Text field after clicking “Add”. | 2022-12-02 | 5.4 | CVE-2022-44952 MISC MISC |
ruoyi — ruoyi-cloud | A vulnerability was found in y_project RuoYi-Cloud. It has been rated as problematic. Affected by this issue is some unknown functionality of the component JSON Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-215108. | 2022-12-08 | 6.1 | CVE-2022-4348 N/A N/A |
salonbookingsystem — salon_booking_system | Cross-site scripting vulnerability in Salon booking system versions prior to 7.9 allows a remote unauthenticated attacker to inject an arbitrary script. | 2022-12-05 | 6.1 | CVE-2022-43487 MISC MISC MISC |
sangoma — asterisk | An issue was discovered in Sangoma Asterisk through 16.28, 17 and 18 through 18.14, 19 through 19.6, and certified through 18.9-cert1. GetConfig, via Asterisk Manager Interface, allows a connected application to access files outside of the asterisk configuration directory, aka Directory Traversal. | 2022-12-05 | 4.9 | CVE-2022-42706 MISC |
sangoma — certified_asterisk | A use-after-free in res_pjsip_pubsub.c in Sangoma Asterisk 16.28, 18.14, 19.6, and certified/18.9-cert2 may allow a remote authenticated attacker to crash Asterisk (denial of service) by performing activity on a subscription via a reliable transport at the same time that Asterisk is also performing activity on that subscription. | 2022-12-05 | 6.5 | CVE-2022-42705 MISC |
ss-proj — shirasagi | Open redirect vulnerability in SHIRASAGI v1.14.4 to v1.15.0 allows a remote unauthenticated attacker to redirect users to an arbitrary web site and conduct a phishing attack. | 2022-12-05 | 6.1 | CVE-2022-43479 MISC MISC MISC MISC |
ss-proj — shirasagi | Stored cross-site scripting vulnerability in SHIRASAGI versions prior to v1.16.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script. | 2022-12-05 | 5.4 | CVE-2022-43499 MISC MISC MISC MISC |
stackstorm — stackstorm | Cross-site scripting (XSS) vulnerability in the Web UI of StackStorm versions prior to 3.8.0 allowed logged in users with write access to pack rules to inject arbitrary script or HTML that may be executed in Web UI for other logged in users. | 2022-12-05 | 5.4 | CVE-2022-43706 MISC |
telegram — telegram | ** DISPUTED ** Telegram Web 15.3.1 allows XSS via a certain payload derived from a Target Corporation website. NOTE: some third parties have been unable to discern any relationship between the Pastebin information and a possible XSS finding. | 2022-12-06 | 6.1 | CVE-2022-43363 MISC MISC |
telepad-app — telepad | Telepad allows an attacker (in a man-in-the-middle position between the server and a connected device) to see all data (including keypresses) in cleartext. CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N | 2022-12-05 | 5.9 | CVE-2022-45478 MISC |
teler_project — teler | teler is an real-time intrusion detection and threat alert dashboard. teler prior to version 2.0.0-rc.4 is vulnerable to DOM-based cross-site scripting (XSS) in the teler dashboard. When teler requests messages from the event stream on the `/events` endpoint, the log data displayed on the dashboard are not sanitized. This only affects authenticated users and can only be exploited based on detected threats if the log contains a DOM scripting payload. This vulnerability has been fixed on version `v2.0.0-rc.4`. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2022-12-06 | 5.4 | CVE-2022-23466 MISC MISC |
tenda — ac6_firmware | Tenda AC6V1.0 V15.03.05.19 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet. | 2022-12-02 | 6.5 | CVE-2022-45673 MISC |
tenda — ac6_firmware | Tenda AC6V1.0 V15.03.05.19 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot. | 2022-12-02 | 6.5 | CVE-2022-45674 MISC |
tenda — i22_firmware | Tenda i22 V1.0.0.3(4687) is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet. | 2022-12-02 | 6.5 | CVE-2022-45667 MISC |
tenda — i22_firmware | Tenda i22 V1.0.0.3(4687) is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot. | 2022-12-02 | 6.5 | CVE-2022-45668 MISC |
themeum — wp_page_builder | The WP Page Builder WordPress plugin through 1.2.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2022-12-05 | 4.8 | CVE-2022-3830 MISC |
tibco — nimbus | The Statement Set Upload via the Web Client component of TIBCO Software Inc.’s TIBCO Nimbus contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a Denial of Service Attack on the affected system. Affected releases are TIBCO Software Inc.’s TIBCO Nimbus: version 10.5.0. | 2022-12-06 | 6.5 | CVE-2022-41560 CONFIRM |
tomexam — tomexam | Cross Site Scripting (XSS) vulnerability in TomExam 3.0 via p_name parameter to list.thtml. | 2022-12-05 | 5.4 | CVE-2021-34181 MISC |
tp-link — re3000_firmware | tdpServer of TP-Link RE300 V1 improperly processes its input, which may allow an attacker to cause a denial-of-service (DoS) condition of the product’s OneMesh function. | 2022-12-07 | 5.5 | CVE-2022-41783 MISC MISC |
tp-link — tl-wr740n_firmware | A vulnerability classified as problematic has been found in TP-Link TL-WR740N. Affected is an unknown function of the component ARP Handler. The manipulation leads to resource consumption. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214812. | 2022-12-06 | 5.5 | CVE-2022-4296 MISC MISC |
user_registration_\&_user_management_system_project — user_registration_\&_user_management_system | Phpgurukul User Registration & User Management System v3.0 was discovered to contain multiple stored cross-site scripting (XSS) vulnerabilities via the firstname and lastname parameters of the registration form & login pages. | 2022-12-05 | 5.4 | CVE-2022-43097 MISC |
vim — vim | Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804. | 2022-12-05 | 5.5 | CVE-2022-4293 CONFIRM MISC |
webtareas_project — webtareas | webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /linkedcontent/listfiles.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field after clicking “Add”. | 2022-12-02 | 5.4 | CVE-2022-44953 MISC MISC |
webtareas_project — webtareas | webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /contacts/listcontacts.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Last Name field after clicking “Add”. | 2022-12-02 | 5.4 | CVE-2022-44954 MISC MISC |
webtareas_project — webtareas | webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the Chat function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Messages field. | 2022-12-02 | 5.4 | CVE-2022-44955 MISC MISC |
webtareas_project — webtareas | webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /projects/listprojects.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | 2022-12-02 | 5.4 | CVE-2022-44956 MISC MISC |
webtareas_project — webtareas | webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /clients/listclients.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | 2022-12-02 | 5.4 | CVE-2022-44957 MISC MISC |
webtareas_project — webtareas | webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /meetings/listmeetings.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | 2022-12-02 | 5.4 | CVE-2022-44959 MISC MISC |
webtareas_project — webtareas | webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /general/search.php?searchtype=simple. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search field. | 2022-12-02 | 5.4 | CVE-2022-44960 MISC MISC |
webtareas_project — webtareas | webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /forums/editforum.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | 2022-12-02 | 5.4 | CVE-2022-44961 MISC MISC |
webtareas_project — webtareas | webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /calendar/viewcalendar.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Subject field. | 2022-12-02 | 5.4 | CVE-2022-44962 MISC MISC |
wordpress — wordpress | Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to inject an arbitrary script . | 2022-12-05 | 6.1 | CVE-2022-43497 MISC MISC MISC |
wordpress — wordpress | Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to inject an arbitrary script . | 2022-12-05 | 6.1 | CVE-2022-43500 MISC MISC MISC |
wordpress — wordpress | Improper authentication vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to obtain the email address of the user who posted a blog using the WordPress Post by Email Feature. | 2022-12-05 | 5.3 | CVE-2022-43504 MISC MISC MISC |
wp-ecommerce — easy_wp_smtp | Auth. Path Traversal vulnerability in Easy WP SMTP plugin <= 1.5.1 on WordPress. | 2022-12-06 | 6.5 | CVE-2022-45833 MISC |
wp-oauth — wp_oauth_server | The WP OAuth Server (OAuth Authentication) WordPress plugin before 3.4.2 does not have CSRF check when regenerating secrets, which could allow attackers to make logged in admins regenerate the secret of an arbitrary client given they know the client ID | 2022-12-05 | 6.5 | CVE-2022-3926 MISC |
wp-oauth — wp_oauth_server | The WP OAuth Server (OAuth Authentication) WordPress plugin before 4.2.2 does not sanitize and escape Client IDs, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2022-12-05 | 4.8 | CVE-2022-3892 MISC |
wpmanage — uji_countdown | The Uji Countdown WordPress plugin through 2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2022-12-05 | 4.8 | CVE-2022-3837 MISC |
wpupper_share_buttons_project — wpupper_share_buttons | The WPUpper Share Buttons WordPress plugin through 3.42 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2022-12-05 | 4.8 | CVE-2022-3838 MISC |
xylusthemes — wp_smart_import | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Xylus Themes WP Smart Import plugin <= 1.0.2 on WordPress. | 2022-12-06 | 6.1 | CVE-2022-40209 MISC |
zyxel — atp800_firmware | A cross-site scripting (XSS) vulnerability in the CGI program of Zyxel ZyWALL/USG series firmware versions 4.30 through 4.72, VPN series firmware versions 4.30 through 5.31, USG FLEX series firmware versions 4.50 through 5.31, and ATP series firmware versions 4.32 through 5.31, which could allow an attacker to trick a user into visiting a crafted URL with the XSS payload. Then, the attacker could gain access to some browser-based information if the malicious script is executed on the victim’s browser. | 2022-12-06 | 6.1 | CVE-2022-40603 CONFIRM |
zzcms — zzcms | An issue was discovered in ZZCMS 2022. There is a cross-site scripting (XSS) vulnerability in admin/ad_list.php. | 2022-12-07 | 5.4 | CVE-2022-44361 MISC |
Low Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
google — android | Improper access control vulnerability in ContactListStartActivityHelper in Phone prior to SMR Dec-2022 Release 1 allows to access sensitive information via implicit intent. | 2022-12-08 | 3.3 | CVE-2022-39894 MISC |
google — android | Improper access control vulnerability in ContactListUtils in Phone prior to SMR Dec-2022 Release 1 allows to access contact group information via implicit intent. | 2022-12-08 | 3.3 | CVE-2022-39895 MISC |
google — android | Improper access control vulnerabilities in Contacts prior to SMR Dec-2022 Release 1 allows to access sensitive information via implicit intent. | 2022-12-08 | 3.3 | CVE-2022-39896 MISC |
google — android | In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. | 2022-12-06 | 3.3 | CVE-2022-42757 MISC |
google — android | In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. | 2022-12-06 | 3.3 | CVE-2022-42758 MISC |
google — android | In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. | 2022-12-06 | 3.3 | CVE-2022-42767 MISC |
google — android | In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. | 2022-12-06 | 3.3 | CVE-2022-42769 MISC |
hitachi — jp1\/automatic_operation | Generation of Error Message Containing Sensitive Information vulnerability in Hitachi JP1/Automatic Operation allows local users to gain sensitive information. This issue affects JP1/Automatic Operation: from 10-00 through 10-54-03, from 11-00 before 11-51-09, from 12-00 before 12-60-01. | 2022-12-06 | 3.3 | CVE-2022-34881 MISC |
m-files — m-files_server | Incorrect privilege assignment issue in M-Files Web in M-Files Web versions before 22.5.11436.1 could have changed permissions accidentally. | 2022-12-02 | 2.6 | CVE-2022-4270 MISC |
Severity Not Yet Assigned
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
akeneo_pim — akeneo_pim | Akeneo PIM is an open source Product Information Management (PIM). Akeneo PIM Community Edition versions before v5.0.119 and v6.0.53 allows remote authenticated users to execute arbitrary PHP code on the server by uploading a crafted image. Akeneo PIM Community Edition after the versions aforementioned provides patched Apache HTTP server configuration file, for docker setup and in documentation sample, to fix this vulnerability. Community Edition users must change their Apache HTTP server configuration accordingly to be protected. The patch for Cloud Based Akeneo PIM Services customers has been applied since 30th October 2022. Users are advised to upgrade. Users unable to upgrade may Replace any reference to `<FilesMatch \.php$>` in their apache httpd configurations with: `<Location “/index.php”>`. | 2022-12-09 | not yet calculated | CVE-2022-46157 MISC MISC |
apache — manifoldcf | Improper neutralization of special elements used in an LDAP query (‘LDAP Injection’) vulnerability in ActiveDirectory and Sharepoint ActiveDirectory authority connectors of Apache ManifoldCF allows an attacker to manipulate the LDAP search queries (DoS, additional queries, filter manipulation) during user lookup, if the username or the domain string are passed to the UserACLs servlet without validation. This issue affects Apache ManifoldCF version 2.23 and prior versions. | 2022-12-07 | not yet calculated | CVE-2022-45910 MISC |
aruba — airwave_management_platform | Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack of proper access controls. These vulnerabilities could allow a remote attacker with limited privileges to gain access to sensitive information and/or change network configurations with privileges at a higher effective level in Aruba AirWave Management Platform version(s): 8.2.15.0 and below. | 2022-12-08 | not yet calculated | CVE-2022-37916 MISC |
aruba — airwave_management_platform | Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack of proper access controls. These vulnerabilities could allow a remote attacker with limited privileges to gain access to sensitive information and/or change network configurations with privileges at a higher effective level in Aruba AirWave Management Platform version(s): 8.2.15.0 and below. | 2022-12-08 | not yet calculated | CVE-2022-37917 MISC |
aruba — airwave_management_platform | Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack of proper access controls. These vulnerabilities could allow a remote attacker with limited privileges to gain access to sensitive information and/or change network configurations with privileges at a higher effective level in Aruba AirWave Management Platform version(s): 8.2.15.0 and below. | 2022-12-08 | not yet calculated | CVE-2022-37918 MISC |
automotive_shop_management_system — automotive_shop_management_system | Automotive Shop Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /services/view_service.php. | 2022-12-09 | not yet calculated | CVE-2022-44838 MISC |
baota — baota | In BAOTA linux panel there exists a stored xss vulnerability attackers can use to obtain sensitive information via the log analysis feature. | 2022-12-09 | not yet calculated | CVE-2022-4336 MISC |
basercms — basercms | Stored cross-site scripting vulnerability in Permission Settings of baserCMS versions prior to 4.7.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script. | 2022-12-07 | not yet calculated | CVE-2022-41994 MISC MISC |
basercms — basercms | Stored cross-site scripting vulnerability in User group management of baserCMS versions prior to 4.7.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script. | 2022-12-07 | not yet calculated | CVE-2022-42486 MISC MISC |
broadcom — brocade_fabric_os | A vulnerability in Brocade Fabric OS software v9.1.1, v9.0.1e, v8.2.3c, v7.4.2j, and earlier versions could allow a remote unauthenticated attacker to execute on a Brocade Fabric OS switch commands capable of modifying zoning, disabling the switch, disabling ports, and modifying the switch IP address. | 2022-12-08 | not yet calculated | CVE-2022-33186 MISC |
broadcom — brocade_sannav | Brocade SANnav before v2.2.1 logs usernames and encoded passwords in debug-enabled logs. The vulnerability could allow an attacker with admin privilege to read sensitive information. | 2022-12-09 | not yet calculated | CVE-2022-33187 MISC |
broadcom — symantec_messaging_gateway | An authenticated user who has the privilege to add/edit annotations on the Content tab, can craft a malicious annotation that can be executed on the annotations page (Annotation Text Column) | 2022-12-09 | not yet calculated | CVE-2022-25629 MISC |
broadcom — symantec_messaging_gateway | An authenticated user can embed malicious content with XSS into the admin group policy page. | 2022-12-09 | not yet calculated | CVE-2022-25630 MISC |
buffalo_inc — multiple_products | Hidden functionality vulnerability in multiple Buffalo network devices allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command. The affected products/versions are as follows: WCR-300 firmware Ver. 1.87 and earlier, WHR-HP-G300N firmware Ver. 2.00 and earlier, WHR-HP-GN firmware Ver. 1.87 and earlier, WPL-05G300 firmware Ver. 1.88 and earlier, WZR-300HP firmware Ver. 2.00 and earlier, WZR-450HP firmware Ver. 2.00 and earlier, WZR-600DHP firmware Ver. 2.00 and earlier, WZR-900DHP firmware Ver. 1.15 and earlier, WZR-HP-AG300H firmware Ver. 1.76 and earlier, WZR-HP-G302H firmware Ver. 1.86 and earlier, WLAE-AG300N firmware Ver. 1.86 and earlier, FS-600DHP firmware Ver. 3.40 and earlier, FS-G300N firmware Ver. 3.14 and earlier, FS-HP-G300N firmware Ver. 3.33 and earlier, FS-R600DHP firmware Ver. 3.40 and earlier, BHR-4GRV firmware Ver. 2.00 and earlier, DWR-HP-G300NH firmware Ver. 1.84 and earlier, DWR-PG firmware Ver. 1.83 and earlier, HW-450HP-ZWE firmware Ver. 2.00 and earlier, WER-A54G54 firmware Ver. 1.43 and earlier, WER-AG54 firmware Ver. 1.43 and earlier, WER-AM54G54 firmware Ver. 1.43 and earlier, WER-AMG54 firmware Ver. 1.43 and earlier, WHR-300 firmware Ver. 2.00 and earlier, WHR-300HP firmware Ver. 2.00 and earlier, WHR-AM54G54 firmware Ver. 1.43 and earlier, WHR-AMG54 firmware Ver. 1.43 and earlier, WHR-AMPG firmware Ver. 1.52 and earlier, WHR-G firmware Ver. 1.49 and earlier, WHR-G300N firmware Ver. 1.65 and earlier, WHR-G301N firmware Ver. 1.87 and earlier, WHR-G54S firmware Ver. 1.43 and earlier, WHR-G54S-NI firmware Ver. 1.24 and earlier, WHR-HP-AMPG firmware Ver. 1.43 and earlier, WHR-HP-G firmware Ver. 1.49 and earlier, WHR-HP-G54 firmware Ver. 1.43 and earlier, WLI-H4-D600 firmware Ver. 1.88 and earlier, WLI-TX4-AG300N firmware Ver. 1.53 and earlier, WS024BF firmware Ver. 1.60 and earlier, WS024BF-NW firmware Ver. 1.60 and earlier, WZR2-G108 firmware Ver. 1.33 and earlier, WZR2-G300N firmware Ver. 1.55 and earlier, WZR-450HP-CWT firmware Ver. 2.00 and earlier, WZR-450HP-UB firmware Ver. 2.00 and earlier, WZR-600DHP2 firmware Ver. 1.15 and earlier, WZR-AGL300NH firmware Ver. 1.55 and earlier, WZR-AMPG144NH firmware Ver. 1.49 and earlier, WZR-AMPG300NH firmware Ver. 1.51 and earlier, WZR-D1100H firmware Ver. 2.00 and earlier, WZR-G144N firmware Ver. 1.48 and earlier, WZR-G144NH firmware Ver. 1.48 and earlier, WZR-HP-G300NH firmware Ver. 1.84 and earlier, WZR-HP-G301NH firmware Ver. 1.84 and earlier, and WZR-HP-G450H firmware Ver. 1.90 and earlier. | 2022-12-07 | not yet calculated | CVE-2022-39044 MISC MISC |
buffalo_inc — multiple_products | Authentication bypass vulnerability in multiple Buffalo network devices allows a network-adjacent attacker to bypass authentication and access the device. The affected products/versions are as follows: WCR-300 firmware Ver. 1.87 and earlier, WHR-HP-G300N firmware Ver. 2.00 and earlier, WHR-HP-GN firmware Ver. 1.87 and earlier, WPL-05G300 firmware Ver. 1.88 and earlier, WRM-D2133HP firmware Ver. 2.85 and earlier, WRM-D2133HS firmware Ver. 2.96 and earlier, WTR-M2133HP firmware Ver. 2.85 and earlier, WTR-M2133HS firmware Ver. 2.96 and earlier, WXR-1900DHP firmware Ver. 2.50 and earlier, WXR-1900DHP2 firmware Ver. 2.59 and earlier, WXR-1900DHP3 firmware Ver. 2.63 and earlier, WXR-5950AX12 firmware Ver. 3.40 and earlier, WXR-6000AX12B firmware Ver. 3.40 and earlier, WXR-6000AX12S firmware Ver. 3.40 and earlier, WZR-300HP firmware Ver. 2.00 and earlier, WZR-450HP firmware Ver. 2.00 and earlier, WZR-600DHP firmware Ver. 2.00 and earlier, WZR-900DHP firmware Ver. 1.15 and earlier, WZR-1750DHP2 firmware Ver. 2.31 and earlier, WZR-HP-AG300H firmware Ver. 1.76 and earlier, WZR-HP-G302H firmware Ver. 1.86 and earlier, WEM-1266 firmware Ver. 2.85 and earlier, WEM-1266WP firmware Ver. 2.85 and earlier, WLAE-AG300N firmware Ver. 1.86 and earlier, FS-600DHP firmware Ver. 3.40 and earlier, FS-G300N firmware Ver. 3.14 and earlier, FS-HP-G300N firmware Ver. 3.33 and earlier, FS-R600DHP firmware Ver. 3.40 and earlier, BHR-4GRV firmware Ver. 2.00 and earlier, DWR-HP-G300NH firmware Ver. 1.84 and earlier, DWR-PG firmware Ver. 1.83 and earlier, HW-450HP-ZWE firmware Ver. 2.00 and earlier, WER-A54G54 firmware Ver. 1.43 and earlier, WER-AG54 firmware Ver. 1.43 and earlier, WER-AM54G54 firmware Ver. 1.43 and earlier, WER-AMG54 firmware Ver. 1.43 and earlier, WHR-300 firmware Ver. 2.00 and earlier, WHR-300HP firmware Ver. 2.00 and earlier, WHR-AM54G54 firmware Ver. 1.43 and earlier, WHR-AMG54 firmware Ver. 1.43 and earlier, WHR-AMPG firmware Ver. 1.52 and earlier, WHR-G firmware Ver. 1.49 and earlier, WHR-G300N firmware Ver. 1.65 and earlier, WHR-G301N firmware Ver. 1.87 and earlier, WHR-G54S firmware Ver. 1.43 and earlier, WHR-G54S-NI firmware Ver. 1.24 and earlier, WHR-HP-AMPG firmware Ver. 1.43 and earlier, WHR-HP-G firmware Ver. 1.49 and earlier, WHR-HP-G54 firmware Ver. 1.43 and earlier, WLI-H4-D600 firmware Ver. 1.88 and earlier, WS024BF firmware Ver. 1.60 and earlier, WS024BF-NW firmware Ver. 1.60 and earlier, WXR-1750DHP firmware Ver. 2.60 and earlier, WXR-1750DHP2 firmware Ver. 2.60 and earlier, WZR-1166DHP firmware Ver. 2.18 and earlier, WZR-1166DHP2 firmware Ver. 2.18 and earlier, WZR-1750DHP firmware Ver. 2.30 and earlier, WZR2-G300N firmware Ver. 1.55 and earlier, WZR-450HP-CWT firmware Ver. 2.00 and earlier, WZR-450HP-UB firmware Ver. 2.00 and earlier, WZR-600DHP2 firmware Ver. 1.15 and earlier, WZR-600DHP3 firmware Ver. 2.19 and earlier, WZR-900DHP2 firmware Ver. 2.19 and earlier, WZR-AGL300NH firmware Ver. 1.55 and earlier, WZR-AMPG144NH firmware Ver. 1.49 and earlier, WZR-AMPG300NH firmware Ver. 1.51 and earlier, WZR-D1100H firmware Ver. 2.00 and earlier, WZR-G144N firmware Ver. 1.48 and earlier, WZR-G144NH firmware Ver. 1.48 and earlier, WZR-HP-G300NH firmware Ver. 1.84 and earlier, WZR-HP-G301NH firmware Ver. 1.84 and earlier, WZR-HP-G450H firmware Ver. 1.90 and earlier, WZR-S1750DHP firmware Ver. 2.32 and earlier, WZR-S600DHP firmware Ver. 2.19 and earlier, and WZR-S900DHP firmware Ver. 2.19 and earlier. | 2022-12-07 | not yet calculated | CVE-2022-40966 MISC MISC |
buffalo_inc — multiple_products | Use of hard-coded credentials vulnerability in multiple Buffalo network devices allows a network-adjacent attacker to alter?configuration settings of the device. The affected products/versions are as follows: WZR-300HP firmware Ver. 2.00 and earlier, WZR-450HP firmware Ver. 2.00 and earlier, WZR-600DHP firmware Ver. 2.00 and earlier, WZR-900DHP firmware Ver. 1.15 and earlier, HW-450HP-ZWE firmware Ver. 2.00 and earlier, WZR-450HP-CWT firmware Ver. 2.00 and earlier, WZR-450HP-UB firmware Ver. 2.00 and earlier, WZR-600DHP2 firmware Ver. 1.15 and earlier, and WZR-D1100H firmware Ver. 2.00 and earlier. | 2022-12-07 | not yet calculated | CVE-2022-34840 MISC MISC |
buildah — buildah | A vulnerability was found in buildah. Incorrect following of symlinks while reading .containerignore and .dockerignore results in information disclosure. | 2022-12-08 | not yet calculated | CVE-2022-4122 MISC MISC |
buildah — buildah | A flaw was found in Buildah. The local path and the lowest subdirectory may be disclosed due to incorrect absolute path traversal, resulting in an impact to confidentiality. | 2022-12-08 | not yet calculated | CVE-2022-4123 MISC |
canon_medical_informatics — vitrea_vision | Canon Medical Informatics Vitrea Vision 7.7.76.1 does not adequately enforce access controls. An authenticated user is able to gain unauthorized access to imaging records by tampering with the vitrea-view/studies/search patientId parameter. | 2022-12-09 | not yet calculated | CVE-2022-38765 MISC |
certifi — certifi | Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi 2022.12.07 removes root certificates from “TrustCor” from the root store. These are in the process of being removed from Mozilla’s trust store. TrustCor’s root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor’s ownership also operated a business that produced spyware. Conclusions of Mozilla’s investigation can be found in the linked google group discussion. | 2022-12-07 | not yet calculated | CVE-2022-23491 MISC MISC |
chicken — chicken | egg-compile.scm in CHICKEN 5.x before 5.3.1 allows arbitrary OS command execution during package installation via escape characters in a .egg file. | 2022-12-10 | not yet calculated | CVE-2022-45145 MISC MISC MISC |
codecentric– spring-boot-admin | Spring boot admins is an open source administrative user interface for management of spring boot applications. All users who run Spring Boot Admin Server, having enabled Notifiers (e.g. Teams-Notifier) and write access to environment variables via UI are affected. Users are advised to upgrade to the most recent releases of Spring Boot Admin 2.6.10 and 2.7.8 to resolve this issue. Users unable to upgrade may disable any notifier or disable write access (POST request) on `/env` actuator endpoint. | 2022-12-09 | not yet calculated | CVE-2022-46166 MISC MISC |
containerd — containerd | containerd is an open source container runtime. A bug was found in containerd’s CRI implementation where a user can exhaust memory on the host. In the CRI stream server, a goroutine is launched to handle terminal resize events if a TTY is requested. If the user’s process fails to launch due to, for example, a faulty command, the goroutine will be stuck waiting to send without a receiver, resulting in a memory leak. Kubernetes and crictl can both be configured to use containerd’s CRI implementation and the stream server is used for handling container IO. This bug has been fixed in containerd 1.6.12 and 1.5.16. Users should update to these versions to resolve the issue. Users unable to upgrade should ensure that only trusted images and commands are used and that only trusted users have permissions to execute commands in running containers. | 2022-12-07 | not yet calculated | CVE-2022-23471 MISC MISC |
csliuwy — coder-chain_gdut | A vulnerability has been found in csliuwy coder-chain_gdut and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /back/index.php/user/User/?1. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-215095. | 2022-12-07 | not yet calculated | CVE-2022-4341 N/A N/A |
cube-js — cube-js |
cube-js is a headless business intelligence platform. In version 0.31.23 all authenticated Cube clients could bypass SQL row-level security and run arbitrary SQL via the newly introduced /v1/sql-runner endpoint. This issue has been resolved in version 0.31.24. Users are advised to either upgrade to 0.31.24 or to downgrade to 0.31.22. There are no known workarounds for this vulnerability. | 2022-12-09 | not yet calculated | CVE-2022-23510 MISC MISC MISC |
daloradius — daloradius |
daloRADIUS is an open source RADIUS web management application. daloRadius 1.3 and prior are vulnerable to a combination cross site scripting (XSS) and cross site request forgery (CSRF) vulnerability which leads to account takeover in the mng-del.php file because of an unescaped variable reflected in the DOM on line 116. This issue has been addressed in commit `ec3b4a419e`. Users are advised to manually apply the commit in order to mitigate this issue. Users may also mitigate this issue with in two parts 1) The CSRF vulnerability can be mitigated by making the daloRadius session cookie to samesite=Lax or by the implimentation of a CSRF token in all forms. 2) The XSS vulnerability may be mitigated by escaping it or by introducing a Content-Security policy. | 2022-12-06 | not yet calculated | CVE-2022-23475 MISC MISC |
dhis2 — dhis2-core | DHIS 2 is an open source information system for data capture, management, validation, analytics and visualization. Through various features of DHIS2, an authenticated user may be able to upload a file which includes embedded javascript. The user could then potentially trick another authenticated user to open the malicious file in a browser which would trigger the javascript code, resulting in a cross-site scripting (XSS) attack. DHIS2 administrators should upgrade to the following hotfix releases: 2.36.12.1, 2.37.8.1, 2.38.2.1, 2.39.0.1. Users unable to upgrade may add the following simple CSP rule in your web proxy to the vulnerable endpoints: `script-src ‘none’`. This workaround will prevent all javascript from running on those endpoints. | 2022-12-08 | not yet calculated | CVE-2022-41947 MISC MISC |
dhis2 — dhis2-core | DHIS 2 is an open source information system for data capture, management, validation, analytics and visualization. Affected versions are subject to a privilege escalation vulnerability. A DHIS2 user with authority to manage users can assign superuser privileges to themself by manually crafting an HTTP PUT request. Only users with the following DHIS2 user role authorities can exploit this vulnerability. Note that in many systems the only users with user admin privileges are also superusers. In these cases, the escalation vulnerability does not exist. The vulnerability is only exploitable by attackers who can authenticate as users with the user admin authority. As this is usually a small and relatively trusted set of users, exploit vectors will often be limited. DHIS2 administrators should upgrade to the following hotfix releases: 2.36.12.1, 2.37.8.1, 2.38.2.1, 2.39.0.1. The only known workaround to this issue is to avoid the assignment of the user management authority to any users until the patch has been applied. | 2022-12-08 | not yet calculated | CVE-2022-41948 MISC |
dhis2 — dhis2-core | DHIS 2 is an open source information system for data capture, management, validation, analytics and visualization. In affected versions an authenticated DHIS2 user can craft a request to DHIS2 to instruct the server to make requests to external resources (like third party servers). This could allow an attacker, for example, to identify vulnerable services which might not be otherwise exposed to the public internet or to determine whether a specific file is present on the DHIS2 server. DHIS2 administrators should upgrade to the following hotfix releases: 2.36.12.1, 2.37.8.1, 2.38.2.1, 2.39.0.1. At this time, there is no known workaround or mitigation for this vulnerability. | 2022-12-08 | not yet calculated | CVE-2022-41949 MISC MISC |
f5 — big-ip | In all versions of BIG-IP, when running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2022-12-07 | not yet calculated | CVE-2022-41800 MISC |
freshrss — freshrss | FreshRSS is a free, self-hostable RSS aggregator. User configuration files can be accessed by a remote user. In addition to user preferences, such configurations contain hashed passwords (brypt with cost 9, salted) of FreshRSS Web interface. If the API is used, the configuration might contain a hashed password (brypt with cost 9, salted) of the GReader API, and a hashed password (MD5 salted) of the Fever API. Users should update to version 1.20.2 or edge. Users unable to upgrade can apply the patch manually or delete the file `./FreshRSS/p/ext.php`. | 2022-12-09 | not yet calculated | CVE-2022-23497 MISC MISC MISC |
funkwhale — funkwhale | User invites for Funkwhale v1.2.8 do not permanently expire after being used for signup and can be used again after an account has been deleted. | 2022-12-09 | not yet calculated | CVE-2022-45292 MISC |
go-merkledag — go-merkledag | go-merkledag implements the ‘DAGService’ interface and adds two ipld node types, Protobuf and Raw for the ipfs project. A `ProtoNode` may be modified in such a way as to cause various encode errors which will trigger a panic on common method calls that don’t allow for error returns. A `ProtoNode` should only be able to encode to valid DAG-PB, attempting to encode invalid DAG-PB forms will result in an error from the codec. Manipulation of an existing (newly created or decoded) `ProtoNode` using the modifier methods did not account for certain states that would place the `ProtoNode` into an unencodeable form. Due to conformance with the [`github.com/ipfs/go-block-format#Block`](https://pkg.go.dev/github.com/ipfs/go-block-format#Block) and [`github.com/ipfs/go-ipld-format#Node`](https://pkg.go.dev/github.com/ipfs/go-ipld-format#Node) interfaces, certain methods, which internally require a re-encode if state has changed, will panic due to the inability to return an error. This issue has been addressed across a number of pull requests. Users are advised to upgrade to version 0.8.1 for a complete set of fixes. Users unable to upgrade may attempt to mitigate this issue by sanitising inputs when allowing user-input to set a new `CidBuilder` on a `ProtoNode` and by sanitising `Tsize` (`Link#Size`) values such that they are a reasonable byte-size for sub-DAGs where derived from user-input. | 2022-12-08 | not yet calculated | CVE-2022-23495 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
go-standard_library — os/net/http |
On Windows, restricted files can be accessed via os.DirFS and http.Dir. The os.DirFS function and http.Dir type provide access to a tree of files rooted at a given directory. These functions permit access to Windows device files under that root. For example, os.DirFS(“C:/tmp”).Open(“COM1”) opens the COM1 device. Both os.DirFS and http.Dir only provide read-only filesystem access. In addition, on Windows, an os.DirFS for the directory (the root of the current drive) can permit a maliciously crafted path to escape from the drive and access any path on the system. With fix applied, the behavior of os.DirFS(“”) has changed. Previously, an empty root was treated equivalently to “/”, so os.DirFS(“”).Open(“tmp”) would open the path “/tmp”. This now returns an error. | 2022-12-07 | not yet calculated | CVE-2022-41720 MISC MISC MISC MISC |
go-standard_library/golang — multiple_producst | An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection. | 2022-12-08 | not yet calculated | CVE-2022-41717 MISC MISC MISC MISC MISC |
ibm — cloud_transformation_advisor | IBM Cloud Transformation Advisor 2.0.1 through 3.3.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 237214. | 2022-12-09 | not yet calculated | CVE-2022-41299 MISC MISC |
interspire — email_marketer | Interspire Email Marketer through 6.5.1 allows SQL Injection via the surveys module. An unauthenticated attacker could successfully perform an attack to extract potentially sensitive information from the database if the survey id exists. | 2022-12-09 | not yet calculated | CVE-2022-44790 MISC |
jetbrains — gateway | In JetBrains JetBrains Gateway before 2022.3 a client could connect without a valid token if the host consented. | 2022-12-08 | not yet calculated | CVE-2022-46829 MISC |
jetbrains — intellij_idea | In JetBrains IntelliJ IDEA before 2022.2.4 a buffer overflow in the fsnotifier daemon on macOS was possible. | 2022-12-08 | not yet calculated | CVE-2022-46824 MISC |
jetbrains — intellij_idea | In JetBrains IntelliJ IDEA before 2022.3 the built-in web server leaked information about open projects. | 2022-12-08 | not yet calculated | CVE-2022-46825 MISC |
jetbrains — intellij_idea | In JetBrains IntelliJ IDEA before 2022.3 the built-in web server allowed an arbitrary file to be read by exploiting a path traversal vulnerability. | 2022-12-08 | not yet calculated | CVE-2022-46826 MISC |
jetbrains — intellij_idea | In JetBrains IntelliJ IDEA before 2022.3 an XXE attack leading to SSRF via requests to custom plugin repositories was possible. | 2022-12-08 | not yet calculated | CVE-2022-46827 MISC |
jetbrains — intellij_idea | In JetBrains IntelliJ IDEA before 2022.3 a DYLIB injection on macOS was possible. | 2022-12-08 | not yet calculated | CVE-2022-46828 MISC |
jetbrains — teamcity | In JetBrains TeamCity between 2022.10 and 2022.10.1 a custom STS endpoint allowed internal port scanning. | 2022-12-08 | not yet calculated | CVE-2022-46830 MISC |
jetbrains — teamcity | In JetBrains TeamCity between 2022.10 and 2022.10.1 connecting to AWS using the “Default Credential Provider Chain” allowed TeamCity project administrators to access AWS resources normally limited to TeamCity system administrators. | 2022-12-08 | not yet calculated | CVE-2022-46831 MISC |
kbase_doc — kbase_doc | Kbase Doc v1.0 was discovered to contain an arbitrary file deletion vulnerability via the component /web/IndexController.java. | 2022-12-09 | not yet calculated | CVE-2022-45290 MISC |
labstack — labstack | Due to improper sanitization of user input on Windows, the static file handler allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read. | 2022-12-07 | not yet calculated | CVE-2020-36565 MISC MISC MISC |
linux — linux | Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock could occur in case of netpoll being active for the interface the xen-netback driver is connected to (CVE-2022-42329). | 2022-12-07 | not yet calculated | CVE-2022-42328 MISC MLIST MLIST MLIST |
linux — linux | Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock could occur in case of netpoll being active for the interface the xen-netback driver is connected to (CVE-2022-42329). | 2022-12-07 | not yet calculated | CVE-2022-42329 MISC MLIST MLIST MLIST |
lirantal — daloradius | Exposure of Sensitive System Information to an Unauthorized Control Sphere in GitHub repository lirantal/daloradius prior to master branch. | 2022-12-08 | not yet calculated | CVE-2022-4366 CONFIRM MISC |
m-files — web | Incorrect Privilege Assignment in M-Files Web (Classic) in M-Files before 22.8.11691.0 allows low privilege user to change some configuration. | 2022-12-09 | not yet calculated | CVE-2022-4264 MISC |
metinfo — metinfo | A Cross-Site Request Forgery (CSRF) in the Administrator List of MetInfo v7.7 allows attackers to arbitrarily add Super Administrator account. | 2022-12-07 | not yet calculated | CVE-2022-44849 MISC |
micro_focus — operations_bridge_containerized |
A potential vulnerability has been identified in Micro Focus Operations Bridge – Containerized. The vulnerability could be exploited by a malicious authenticated OBM (Operations Bridge Manager) user to run Java Scripts in the browser context of another OBM user. Please note: The vulnerability is only applicable if the Operations Bridge Manager capability is deployed. A potential vulnerability has been identified in Micro Focus Operations Bridge Manager (OBM). The vulnerability could be exploited by a malicious authenticated OBM user to run Java Scripts in the browser context of another OBM user. This issue affects: Micro Focus Micro Focus Operations Bridge Manager versions prior to 2022.11. Micro Focus Micro Focus Operations Bridge- Containerized versions prior to 2022.11. | 2022-12-08 | not yet calculated | CVE-2022-38754 MISC MISC MISC |
mingsoft — mcms | A vulnerability was found in Mingsoft MCMS up to 5.2.9. It has been classified as critical. Affected is an unknown function of the file /cms/category/list. The manipulation of the argument sqlWhere leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 5.2.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-215196. | 2022-12-09 | not yet calculated | CVE-2022-4375 MISC MISC |
morontt — zend-blog-number-2 | A vulnerability was found in morontt zend-blog-number-2. It has been classified as problematic. Affected is an unknown function of the file application/forms/Comment.php of the component Comment Handler. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The name of the patch is 36b2d4abe20a6245e4f8df7a4b14e130b24d429d. It is recommended to apply a patch to fix this issue. VDB-215250 is the identifier assigned to this vulnerability. | 2022-12-10 | not yet calculated | CVE-2022-4397 N/A N/A |
netgear — nighthawk_rax30 | A network misconfiguration is present in versions prior to 1.0.9.90 of the NETGEAR RAX30 AX2400 series of routers. IPv6 is enabled for the WAN interface by default on these devices. While there are firewall restrictions in place that define access restrictions for IPv4 traffic, these restrictions do not appear to be applied to the WAN interface for IPv6. This allows arbitrary access to any services running on the device that may be inadvertently listening via IPv6, such as the SSH and Telnet servers spawned on ports 22 and 23 by default. This misconfiguration could allow an attacker to interact with services only intended to be accessible by clients on the local network. | 2022-12-09 | not yet calculated | CVE-2022-4390 MISC MISC |
nortonlifelock — avast_antivirus | The aswjsflt.dll library from Avast Antivirus windows contained a potentially exploitable heap corruption vulnerability that could enable an attacker to bypass the sandbox of the application it was loaded into, if applicable. This issue was fixed in version 18.0.1478 of the Script Shield Component. | 2022-12-08 | not yet calculated | CVE-2022-4291 MISC |
openharmony — openharmony | Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGetres. 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked. | 2022-12-08 | not yet calculated | CVE-2022-41802 MISC |
openharmony — openharmony | The appspawn and nwebspawn services within OpenHarmony-v3.1.2 and prior versions were found to be vulnerable to buffer overflow vulnerability due to insufficient input validation. An unprivileged malicious application would be able to gain code execution within any application installed on the device or cause application crash. | 2022-12-08 | not yet calculated | CVE-2022-44455 MISC |
openharmony — openharmony | OpenHarmony-v3.1.2 and prior versions had a vulnerability that telephony in communication subsystem sends public events with personal data, but the permission is not set. Malicious apps could listen to public events and obtain information such as mobile numbers and SMS data without permissions. | 2022-12-08 | not yet calculated | CVE-2022-45118 MISC |
openharmony — openharmony | OpenHarmony-v3.1.4 and prior versions had an vulnerability. PIN code is transmitted to the peer device in plain text during cross-device authentication, which reduces the difficulty of man-in-the-middle attacks. | 2022-12-08 | not yet calculated | CVE-2022-45877 MISC |
pb-cms — pb-cms | A vulnerability was found in LinZhaoguan pb-cms 2.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /blog/comment of the component Message Board. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-215114 is the identifier assigned to this vulnerability. | 2022-12-08 | not yet calculated | CVE-2022-4354 MISC MISC |
pb-cms — pb-cms |
A vulnerability has been found in LinZhaoguan pb-cms 2.0 and classified as problematic. Affected by this vulnerability is the function IpUtil.getIpAddr. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-215113 was assigned to this vulnerability. | 2022-12-08 | not yet calculated | CVE-2022-4353 MISC MISC |
perl — perl | The rxvt-unicode package is vulnerable to a remote code execution, in the Perl background extension, when an attacker can control the data written to the user’s terminal and certain options are set. | 2022-12-09 | not yet calculated | CVE-2022-4170 MISC MISC |
prestashop — prestashop | PrestaShop is an open-source e-commerce solution. Versions prior to 1.7.8.8 did not properly restrict host filesystem access for users. Users may have been able to view the contents of the upload directory without appropriate permissions. This issue has been addressed and users are advised to upgrade to version 1.7.8.8. There are no known workarounds for this issue. | 2022-12-08 | not yet calculated | CVE-2022-46158 MISC MISC |
qubes-mirage-firewall — qubes-mirage-firewall | qubes-mirage-firewall (aka Mirage firewall for QubesOS) 0.8.x through 0.8.3 allows guest OS users to cause a denial of service (CPU consumption and loss of forwarding) via a crafted multicast UDP packet (IP address range of 224.0.0.0 through 239.255.255.255). | 2022-12-07 | not yet calculated | CVE-2022-46770 MISC |
radareorg — radareorg/radare2 | Integer Overflow or Wraparound in GitHub repository radareorg/radare2 prior to 5.8.0. | 2022-12-10 | not yet calculated | CVE-2022-4398 MISC CONFIRM |
rapid7 — nexpose_and_insightvm | Rapid7 Nexpose and InsightVM versions prior to 6.6.172 failed to reliably validate the authenticity of update contents. This failure could allow an attacker to provide a malicious update and alter the functionality of Rapid7 Nexpose. The attacker would need some pre-existing mechanism to provide a malicious update, either through a social engineering effort, privileged access to replace downloaded updates in transit, or by performing an Attacker-in-the-Middle attack on the update service itself. | 2022-12-08 | not yet calculated | CVE-2022-4261 CONFIRM CONFIRM CONFIRM |
red_hat — openshift | Openshift 4.9 does not use HTTP Strict Transport Security (HSTS) which may allow man-in-the-middle (MITM) attacks. | 2022-12-09 | not yet calculated | CVE-2022-3259 MISC |
red_hat — openshift | The response header has not enabled X-FRAME-OPTIONS, Which helps prevents against Clickjacking attack.. Some browsers would interpret these results incorrectly, allowing clickjacking attacks. | 2022-12-08 | not yet calculated | CVE-2022-3260 MISC |
red_hat — openshift | A flaw was found in Openshift. A pod with a DNSPolicy of “ClusterFirst” may incorrectly resolve the hostname based on a service provided. This flaw allows an attacker to supply an incorrect name with the DNS search policy, affecting confidentiality and availability. | 2022-12-08 | not yet calculated | CVE-2022-3262 MISC |
reputeinfosystems — armember | Unauth. Privilege Escalation vulnerability in ARMember premium plugin <= 5.5.1 on WordPress. | 2022-12-06 | not yet calculated | CVE-2022-42888 MISC |
s-cms — s-cms | A vulnerability was found in S-CMS 5.0 Build 20220328. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Contact Information Page. The manipulation of the argument Make a Call leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-215197 was assigned to this vulnerability. | 2022-12-09 | not yet calculated | CVE-2022-4377 N/A N/A |
samsung — calendar | Improper access control vulnerability in Calendar prior to versions 11.6.08.0 in Android Q(10), 12.2.11.3000 in Android R(11), 12.3.07.2000 in Android S(12), and 12.4.02.0 in Android T(13) allows attackers to access sensitive information via implicit intent. | 2022-12-08 | not yet calculated | CVE-2022-39915 MISC |
samsung — decoding_library | Integer overflow vulnerability in Samsung decoding library for video thumbnails prior to SMR Dec-2022 Release 1 allows local attacker to perform Out-Of-Bounds Write. | 2022-12-08 | not yet calculated | CVE-2022-39907 MISC |
samsung — decoding_library | TOCTOU vulnerability in Samsung decoding library for video thumbnails prior to SMR Dec-2022 Release 1 allows local attacker to perform Out-Of-Bounds Write. | 2022-12-08 | not yet calculated | CVE-2022-39908 MISC |
samsung — displaymanagerservice | Exposure of Sensitive Information from an Unauthorized Actor vulnerability in Samsung DisplayManagerService prior to Android T(13) allows local attacker to access connected DLNA device information. | 2022-12-08 | not yet calculated | CVE-2022-39914 MISC |
samsung — exynos_baseband | Improper authentication in Exynos baseband prior to SMR DEC-2022 Release 1 allows remote attacker to disable the network traffic encryption between UE and gNodeB. | 2022-12-08 | not yet calculated | CVE-2022-39901 MISC |
samsung — gear_iconx_pc_manager |
Insufficient verification of data authenticity vulnerability in Samsung Gear IconX PC Manager prior to version 2.1.221019.51 allows local attackers to create arbitrary file using symbolic link. | 2022-12-08 | not yet calculated | CVE-2022-39909 MISC |
samsung — iiccphonebook | Improper access control vulnerability in IIccPhoneBook prior to SMR Dec-2022 Release 1 allows attackers to access some information of usim. | 2022-12-08 | not yet calculated | CVE-2022-39898 MISC |
samsung — nice_catch | Improper access control vulnerability in Nice Catch prior to SMR Dec-2022 Release 1 allows physical attackers to access contents of all toast generated in the application installed in Secure Folder through Nice Catch. | 2022-12-08 | not yet calculated | CVE-2022-39900 MISC |
samsung — pass | Improper access control vulnerability in Samsung Pass prior to version 4.0.06.7 allow physical attackers to access data of Samsung Pass on a certain state of an unlocked device using pop-up view. | 2022-12-08 | not yet calculated | CVE-2022-39910 MISC |
samsung — pass | Improper check or handling of exceptional conditions vulnerability in Samsung Pass prior to version 4.0.06.1 allows attacker to access Samsung Pass. | 2022-12-08 | not yet calculated | CVE-2022-39911 MISC |
samsung — persona_manager | Exposure of Sensitive Information to an Unauthorized Actor in Persona Manager prior to Android T(13) allows local attacker to access user profiles information. | 2022-12-08 | not yet calculated | CVE-2022-39913 MISC |
samsung — personamanagerservice | Improper handling of insufficient permissions vulnerability in setSecureFolderPolicy in PersonaManagerService prior to Android T(13) allows local attackers to set some setting value in Secure folder. | 2022-12-08 | not yet calculated | CVE-2022-39912 MISC |
samsung — rcs_call | Improper access control vulnerability in RCS call prior to SMR Dec-2022 Release 1 allows local attackers to access RCS incoming call number. | 2022-12-08 | not yet calculated | CVE-2022-39903 MISC |
samsung — sectelephonyprovider | Improper access control vulnerability in SecTelephonyProvider prior to SMR Dec-2022 Release 1 allows attackers to access message information. | 2022-12-08 | not yet calculated | CVE-2022-39906 MISC |
samsung — settings |
Exposure of Sensitive Information vulnerability in Samsung Settings prior to SMR Dec-2022 Release 1 allows local attackers to access the Network Access Identifier via log. | 2022-12-08 | not yet calculated | CVE-2022-39904 MISC |
samsung — windowmanagerservice | Improper authentication vulnerability in Samsung WindowManagerService prior to SMR Dec-2022 Release 1 allows attacker to send the input event using S Pen gesture. | 2022-12-08 | not yet calculated | CVE-2022-39899 MISC |
secomea — gatemanager | A vulnerability in the web server of Secomea GateManager allows a local user to impersonate as the previous user under some failed login conditions. This issue affects: Secomea GateManager versions from 9.4 through 9.7. | 2022-12-09 | not yet calculated | CVE-2022-2752 MISC |
secustation — multiple_products | In certain Secustation products the administrator account password can be read. This affects V2.5.5.3116-S50-SMA-B20171107A, V2.3.4.1301-M20-TSA-B20150617A, V2.5.5.3116-S50-RXA-B20180502A, V2.5.5.3116-S50-SMA-B20190723A, V2.5.5.3116-S50-SMB-B20161012A, V2.3.4.2103-S50-NTD-B20170508B, V2.5.5.3116-S50-SMB-B20160601A, V2.5.5.2601-S50-TSA-B20151229A, and V2.5.5.3116-S50-SMA-B20170217. | 2022-12-08 | not yet calculated | CVE-2022-40939 MISC MISC |
seeddms — seeddms | Weak reset token generation in SeedDMS v6.0.20 and v5.1.7 allows attackers to execute a full account takeover via a brute force attack. | 2022-12-08 | not yet calculated | CVE-2022-44938 MISC |
sentry — sentry |
Sentry is an error tracking and performance monitoring platform. In versions of the sentry python library prior to 22.11.0 an attacker with a known valid invite link could manipulate a cookie to allow the same invite link to be reused on multiple accounts when joining an organization. As a result an attacker with a valid invite link can create multiple users and join an organization they may not have been originally invited to. This issue was patched in version 22.11.0. Sentry SaaS customers do not need to take action. Self-hosted Sentry installs on systems which can not upgrade can disable the invite functionality until they are ready to deploy the patched version by editing their `sentry.conf.py` file (usually located at `~/.sentry/`). | 2022-12-10 | not yet calculated | CVE-2022-23485 MISC |
shift_tech_inc — bingo!cms | Authentication bypass using an alternate path or channel vulnerability in bingo!CMS version1.7.4.1 and earlier allows a remote unauthenticated attacker to upload an arbitrary file. As a result, an arbitrary script may be executed and/or a file may be altered. | 2022-12-07 | not yet calculated | CVE-2022-42458 MISC MISC |
six_apart_ltd — movable_type | Improper neutralization of Server-Side Includes (SSW) within a web page in Movable Type series allows a remote authenticated attacker with Privilege of ‘Manage of Content Types’ may execute an arbitrary Perl script and/or an arbitrary OS command. Affected products/versions are as follows: Movable Type 7 r.5301 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5301 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.53 and earlier, and Movable Type Premium Advanced 1.53 and earlier. | 2022-12-07 | not yet calculated | CVE-2022-43660 MISC MISC |
six_apart_ltd — movable_type | Improper validation of syntactic correctness of input vulnerability exist in Movable Type series. Having a user to access a specially crafted URL may allow a remote unauthenticated attacker to set a specially crafted URL to the Reset Password page and conduct a phishing attack. Affected products/versions are as follows: Movable Type 7 r.5301 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5301 and earlier (Movable Type Advanced 7 Series), Movable Type 6.8.7 and earlier (Movable Type 6 Series), Movable Type Advanced 6.8.7 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.53 and earlier, and Movable Type Premium Advanced 1.53 and earlier. | 2022-12-07 | not yet calculated | CVE-2022-45113 MISC MISC |
six_apart_ltd — movable_type | Cross-site scripting vulnerability in Movable Type Movable Type 7 r.5301 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5301 and earlier (Movable Type Advanced 7 Series), Movable Type 6.8.7 and earlier (Movable Type 6 Series), Movable Type Advanced 6.8.7 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.53 and earlier, and Movable Type Premium Advanced 1.53 and earlier allows a remote unauthenticated attacker to inject an arbitrary script. | 2022-12-07 | not yet calculated | CVE-2022-45122 MISC MISC |
teledyne flir — ax8 | A vulnerability classified as critical has been found in Teledyne FLIR AX8 up to 1.46.16. Affected is an unknown function of the file palette.php of the component Web Service Handler. The manipulation of the argument palette leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-215118 is the identifier assigned to this vulnerability. | 2022-12-08 | not yet calculated | CVE-2022-4364 N/A N/A |
teleport — teleport | Teleport v3.2.2, Teleport v3.5.6-rc6, and Teleport v3.6.3-b2 was discovered to contain an information leak via the /user/get-role-list web interface. | 2022-12-08 | not yet calculated | CVE-2022-38599 MISC MISC |
ticklishhoneybee — nodau | A vulnerability was found in TicklishHoneyBee nodau. It has been rated as critical. Affected by this issue is some unknown functionality of the file src/db.c. The manipulation of the argument value/name leads to sql injection. The name of the patch is 7a7d737a3929f335b9717ddbd31db91151b69ad2. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-215252. | 2022-12-10 | not yet calculated | CVE-2022-4399 MISC MISC MISC |
tinymce — tinymce | tinymce is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in the alert and confirm dialogs when these dialogs were provided with malicious HTML content. This can occur in plugins that use the alert or confirm dialogs, such as in the `image` plugin, which presents these dialogs when certain errors occur. The vulnerability allowed arbitrary JavaScript execution when an alert presented in the TinyMCE UI for the current user. This vulnerability has been patched in TinyMCE 5.10.7 and TinyMCE 6.3.1 by ensuring HTML sanitization was still performed after unwrapping invalid elements. Users are advised to upgrade to either 5.10.7 or 6.3.1. Users unable to upgrade may ensure the the `images_upload_handler` returns a valid value as per the images_upload_handler documentation. | 2022-12-08 | not yet calculated | CVE-2022-23494 MISC MISC MISC MISC MISC MISC |
traefik — traefik | Traefik is an open source HTTP reverse proxy and load balancer. Versions prior to 2.9.6 are subject to a potential vulnerability in Traefik displaying the Authorization header in its debug logs. In certain cases, if the log level is set to DEBUG, credentials provided using the Authorization header are displayed in the debug logs. Attackers must have access to a users logging system in order for credentials to be stolen. This issue has been addressed in version 2.9.6. Users are advised to upgrade. Users unable to upgrade may set the log level to `INFO`, `WARN`, or `ERROR`. | 2022-12-08 | not yet calculated | CVE-2022-23469 MISC MISC MISC |
traefik — traefik | Traefik is an open source HTTP reverse proxy and load balancer. In affected versions there is a potential vulnerability in Traefik managing TLS connections. A router configured with a not well-formatted TLSOption is exposed with an empty TLSOption. For instance, a route secured using an mTLS connection set with a wrong CA file is exposed without verifying the client certificates. Users are advised to upgrade to version 2.9.6. Users unable to upgrade should check their logs to detect the error messages and fix your TLS options. | 2022-12-08 | not yet calculated | CVE-2022-46153 MISC MISC MISC MISC |
trendnet — wireless_ac_easy-upgrader_tew-820ap | A stack overflow vulnerability exists in TrendNet Wireless AC Easy-Upgrader TEW-820AP (Version v1.0R, firmware version 1.01.B01) which may result in remote code execution. | 2022-12-07 | not yet calculated | CVE-2022-44373 MISC |
typora — typora | Typora versions prior to 1.4.4 fails to properly neutralize JavaScript code, which may result in executing JavaScript code contained in the file when opening a file with the affected product. | 2022-12-07 | not yet calculated | CVE-2022-43668 MISC MISC |
western_digital — my_cloud |
Improper Authentication vulnerability in the encrypted volumes and auto mount features of Western Digital My Cloud devices allows insecure direct access to the drive information in the case of a device reset. This issue affects: Western Digital My Cloud My Cloud versions prior to 5.25.124 on Linux. | 2022-12-09 | not yet calculated | CVE-2022-29838 MISC |
western_digital — my_cloud |
Insufficiently Protected Credentials vulnerability in the remote backups application on Western Digital My Cloud devices that could allow an attacker who has gained access to a relevant endpoint to use that information to access protected data. This issue affects: Western Digital My Cloud My Cloud versions prior to 5.25.124 on Linux. | 2022-12-09 | not yet calculated | CVE-2022-29839 MISC |
wireshark — wireshark | Crash in the USB HID protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file on Windows | 2022-12-09 | not yet calculated | CVE-2022-3724 MISC MISC CONFIRM |
xen_project — xen |
Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It appears to be an (unwritten?) assumption in the rest of the Linux network stack that packet protocol headers are all contained within the linear section of the SKB and some NICs behave badly if this is not the case. This has been reported to occur with Cisco (enic) and Broadcom NetXtrem II BCM5780 (bnx2x) though it may be an issue with other NICs/drivers as well. In case the frontend is sending requests with split headers, netback will forward those violating above mentioned assumption to the networking core, resulting in said misbehavior. | 2022-12-07 | not yet calculated | CVE-2022-3643 MISC MLIST |
yauaa — yauaa | Yet Another UserAgent Analyzer (Yauaa) is a java library that tries to parse and analyze the useragent string and extract as many relevant attributes as possible. Applications using the Client Hints analysis feature introduced with 7.0.0 can crash because the Yauaa library throws an ArrayIndexOutOfBoundsException. If uncaught the exception will result in a program crash. Applications that do not use this feature are not affected. Users are advised to upgrade to version 7.9.0. Users unable to upgrade may catch and discard any ArrayIndexOutOfBoundsException thrown by the Yauaa library. | 2022-12-08 | not yet calculated | CVE-2022-23496 MISC MISC |
yii — gii | Yii Yii2 Gii through 2.2.4 allows stored XSS by injecting a payload into any field. | 2022-12-09 | not yet calculated | CVE-2022-34297 MISC |
zephyr — zephyr | There is an error in the condition of the last if-statement in the function smp_check_keys. It was rejecting current keys if all requirements were unmet. | 2022-12-09 | not yet calculated | CVE-2022-2993 MISC |
zkteco — xiamen_information_technology_zkbio_eco_adms | ZKTeco Xiamen Information Technology ZKBio ECO ADMS <=3.1-164 is vulnerable to Cross Site Scripting (XSS). | 2022-12-09 | not yet calculated | CVE-2022-44213 MISC |
This product is provided subject to this Notification and this Privacy & Use policy.
Please share your thoughts.
CISA recently updated an anonymous product survey;they’d welcome your feedback.
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on Patreon using the button below
To keep up to date follow us on the below channels.